GDPR And Privacy Policy

Espresso Service Limited – UK GDPR and Data Act Privacy Policy

Last Updated: 29th August 2025.

Introduction

Espresso Service Limited (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025 (“the UK Data Act”).

This policy applies to all individuals whose personal data we process, including customers, suppliers, website visitors, and other individuals who interact with us.

Who We Are

Espresso Service Limited is a business providing planned and reactive commercial coffee equipment maintenance. Our registered address is: Espresso Service Limited, 65 Peach Street, Wokingham, Berkshire, United Kingdom RG40 1XP.

We are the data controller responsible for your personal data.

What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity Data: Name, title, company name.
  • Contact Data: Address, email address, telephone number.
  • Financial Data: Bank account details, payment card details (processed securely by our payment processors).
  • Transaction Data: Details about payments to and from you, and details of products and services you have purchased from us.
  • Technical Data: Internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Usage Data: Information about how you use our website, products, and services, including through cookies that may not require your explicit consent under the UK Data Act (see section 4).
  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Customer Service Data: Records of communications with you, including enquiries and complaints.
  • Equipment Data: Serial numbers, service history, and other data relating to the espresso machines we service.

How We Collect Your Personal Data

We collect personal data from you in the following ways:

  • Direct Interactions: You may give us your personal data by filling in forms, corresponding with us by post, phone, email, or otherwise.
  • Automated Technologies or Interactions: As you interact with our website, we may automatically collect Technical Data and Usage Data about your equipment, browsing actions, and patterns. The UK Data Act clarifies that for certain “low-risk” purposes, such as collecting statistical data for website improvement or for functional purposes, we may use cookies without your explicit consent, provided we give you clear information and a simple way to opt out.
  • Third Parties: We may receive personal data about you from various third parties, such as payment processors, credit reference agencies, and public databases.

How We Use Your Personal Data and Legal Bases

We will only use your personal data when the law allows us to. The UK Data Act introduces a number of changes to the legal bases and purposes for which we can process your data. Most commonly, we will use your personal data in the following circumstances:

  • Performance of a Contract: Where we need to perform the contract we are about to enter into or have entered into with you.
  • Legitimate Interest: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. The UK Data Act provides a new lawful basis for “recognised legitimate interests,” which may remove the need for a balancing test in specific circumstances, such as for the prevention of crime or to ensure network and information security.
  • Legal Obligation: Where we need to comply with a legal or regulatory obligation.
  • Consent: Where you have given us clear consent to process your personal data for a specific purpose. The UK Data Act also clarifies that we can seek “broad consent” for processing data for scientific research, where the precise purpose may not be known at the time of collection.

We use your personal data for the following purposes:

  • To process and fulfil your orders.
  • To provide and maintain our services.
  • To manage our relationship with you.
  • To process payments.
  • To respond to your enquiries and requests.
  • To send you marketing communications (where you have consented or where there is a legitimate interest and you have not opted out).
  • To improve our website and services, including through the use of analytics cookies.
  • To comply with legal and regulatory requirements.
  • To maintain service records.
  • To support secure and efficient data use and access, including through any relevant “Smart Data” schemes or digital verification services as enabled by the UK Data Act.

Sharing Your Personal Data

We may share your personal data with the following third parties:

  • Service providers who provide IT and system administration services.
  • Payment processors.
  • Professional advisers, including lawyers, bankers, auditors, and insurers.
  • Government bodies and regulators.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers

We may transfer your personal data outside the UK or the European Economic Area (EEA). Where we do so, we will ensure that appropriate safeguards are in place to protect your personal data, in line with the UK Data Act’s updated international transfer framework. This may include using UK-specific international data transfer agreements.

Data Security

We have implemented appropriate technical and organisational measures to protect your personal data from unauthorised access, use, alteration, and disclosure.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Your Legal Rights and Complaints

Under the UK GDPR and the UK Data Act, you have the following rights:

  • Right to Access: You have the right to request access to your personal data. We will only be required to conduct a “reasonable and proportionate” search to fulfil your request, as clarified by the UK Data Act.
  • Right to Rectification: You have the right to request correction of inaccurate personal data.
  • Right to Erasure: You have the right to request erasure of your personal data.
  • Right to Restriction of Processing: You have the right to request restriction of processing of your personal data.
  • Right to Data Portability: You have the right to request the transfer of your personal data to another organisation.
  • Right to Object: You have the right to object to the processing of your personal data.
  • Right to Withdraw Consent: If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time.
  • Right to Complain: You have the right to complain to us in the first instance if you believe your data protection rights have been breached. We are required to facilitate this by providing an accessible complaints process, such as an electronic form. We will acknowledge your complaint within 30 days and respond “without undue delay.” If you are not satisfied with our response, you can escalate your complaint to the Information Commissioner’s Office (ICO).

Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact us:

  • Email: dpo@esl1987.co.uk
  • Complaints: Please email dpo@esl1987.co.uk

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements, including those introduced by the UK Data Act. We will notify you of any significant changes.

Information Commissioner’s Office (ICO)

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you have any concerns about how we are handling your personal data. You are encouraged to contact us first. You can contact the ICO at:

  • Website: www.ico.org.uk
  • Telephone: 0303 123 1113

Entrust us to keep your coffee
machines in top condition

  • Tailored Solutions
  • Practical Expert Advice
  • Fast & Reliable Service
Contact us