Privacy Policy

Introduction: CoffeeLovas.store (“CoffeeLovas,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and protect your personal information when you visit or make a purchase from CoffeeLovas.store (the “Site”) or otherwise use our services. It also explains your rights under applicable privacy laws (including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)). By using our Site, you agree to the collection and use of information in accordance with this policy.


Information We Collect

We collect several types of information from you to fulfill orders and improve your experience:

  • Personal Identifiers: When you place an order or create an account, we collect information such as your name, billing and shipping address, phone number, email address, and payment details. This information is necessary to process transactions and deliver products.
  • Payment Information: Payment card details (credit/debit card numbers) are processed securely by our payment processors (e.g., Stripe and PayPal) and are not stored on our servers. We may retain basic transaction details (e.g., the last four digits of your card or PayPal username) for order verification and record-keeping.
  • Order Details: We maintain records of your purchases, order history, product selections, and any communications or inquiries you have with us (such as emails to customer support) to help provide customer service and handle returns or issues.
  • Device and Usage Information: When you visit our Site, we automatically receive certain data about your device and browsing actions. This includes your IP address, browser type, device identifiers, pages you visited, and how you interact with our Site (e.g., time spent on pages, links clicked). We collect this through cookies and similar tracking technologies (explained below) for analytics and to personalize your experience.
  • Cookies and Tracking Data: We use cookies, pixel tags, and similar technologies to remember your preferences and analyze site traffic. For example, Google Analytics helps us understand how customers use our Site, and Facebook Pixel and TikTok Pixel help us with advertising and measuring campaign effectiveness. These tools may collect information about your interactions with our Site and your browsing behavior.
  • Marketing Data: If you subscribe to our newsletter or SMS alerts, or opt in to receive promotional communications, we will collect your email address and/or phone number for marketing purposes. We record your consent for such communications as required by law. You can unsubscribe or opt out at any time (see Your Rights and Choices below).
  • Third-Party Sources: We may receive additional information about you from third parties. For example, our Shopify platform might provide fraud screening information, or if you log in via a social media account or interact with our social media pages, that platform may share certain information with us according to their privacy policies.

 

How We Use Your Information

We use your personal information for the following purposes:

  • To Process Orders and Provide Services: We use your personal and payment information to process transactions, fulfill your orders, send order confirmations and updates, and deliver merchandise to you. This includes facilitating payments through Stripe or PayPal and arranging shipping through our carriers.
  • To Communicate with You: We use your contact information to send service-related communications. This includes emailing order receipts, shipping notifications with tracking numbers, and alerts for any issues with your order. We may also respond to your inquiries, support requests, or complaints.
  • For Marketing (With Consent): If you have opted in, we use your email or phone number to send you marketing communications such as newsletters, promotions, new product announcements, or special offers. We may also use information about your past purchases or browsing to tailor these offers (for example, showcasing new coffee-themed merchandise if you’ve shown interest in similar items). You can opt out of marketing at any time.
  • Personalization: We analyze your interactions with our Site to personalize your experience. This could include remembering your cart contents, showing you product recommendations, or customizing content and ads on our Site or third-party platforms (e.g., displaying a CoffeeLovas ad on Facebook for a product you viewed on our Site).
  • Analytics and Improvement: We use analytics data (from cookies and pixels) to understand Site traffic and usage. This helps us troubleshoot issues, test improvements, and enhance the functionality and user-friendliness of our Site and services. For example, understanding which pages are most popular or where users encounter errors allows us to improve our website design and product offerings.
  • Security and Fraud Prevention: We may use personal information (like device/IP data or order history) to protect our Site and customers from fraud, abuse, or other illegal activities. This includes verifying orders for potential fraud (using tools provided by Shopify or payment processors), debugging to identify and fix security vulnerabilities, and enforcing our Terms & Conditions.
  • Legal Obligations: In some cases we need to process personal data to comply with laws and regulations. For instance, we keep transaction records for accounting, tax filings, and to satisfy legal requirements (such as maintaining records of purchases for a certain period). We may also use or disclose information as required to respond to lawful requests by public authorities or to meet national security or law enforcement requirements.

We will only use your personal information for the purposes above, or for compatible purposes in line with your expectations. If we need to use your information for a new, unrelated purpose, we will notify you and, if legally required, request your consent.


Cookies and Tracking Technologies

Cookies are small data files stored on your browser or device that enable site features and preferences. We use the following types of cookies and similar technologies on our Site:

  • Essential Cookies: These are necessary for the Site to function properly. For example, they enable you to add items to your cart and checkout securely. Without these cookies, basic e-commerce features would not work.
  • Analytics Cookies: These cookies allow us to collect information about how visitors use our Site (pages visited, time spent, links clicked, etc.). We use this data in aggregate form to improve our website’s performance and design. For instance, we use Google Analytics, which places cookies to gather usage statistics. Google may set and access its own cookies on your device to provide these services; however, they are used only for our analytics purposes.
  • Advertising Cookies: We partner with advertising networks (such as Facebook and TikTok) that use cookies and pixels to deliver ads and track ad performance. Facebook Pixel and TikTok Pixel on our Site track when you take certain actions (like clicking an ad or making a purchase) so we can measure the effectiveness of our ads and show you relevant CoffeeLovas promotions on those platforms. These third-party pixels may also enable those platforms to use information about your visit to serve you targeted ads beyond our Site.
  • Preference Cookies: These cookies remember your preferences (like language or region) and past interactions to provide a more personalized experience. For example, they might remember your login so you don’t have to re-enter credentials each time, or keep track of your wishlist items.

Your Choices: When you first visit our Site from the EU/UK, you will see a cookie consent banner allowing you to accept or reject non-essential cookies (in line with GDPR/ePrivacy requirements). Regardless of location, you can also control or delete cookies through your browser settings. You may set your browser to refuse certain cookies or to alert you when cookies are being set. Note that if you disable cookies, some features of our Site (like the shopping cart) might not function correctly.

For advertising cookies, many of our partners are part of industry associations that offer opt-out mechanisms. For example, you can opt out of targeted ads from certain networks via the NAI Opt-Out (Network Advertising Initiative) or DAA (Digital Advertising Alliance) consumer choice pages. To opt out of Google Analytics specifically, Google provides a browser add-on: Google Analytics Opt-out Browser Add-on.

 

How We Share Your Information

We value your privacy and handle your personal information with care. We do not sell your personal information to third parties for monetary compensation. However, we do share information with certain trusted third parties in order to operate our business, as described below:

  • Shopify (Website Host): Our online store is hosted on the Shopify platform, which acts as our e-commerce provider. Shopify processes personal data on our behalf as a “data processor” or “service provider.” This means information you provide (like your name, address, and order details) is stored in Shopify’s systems. Shopify assists with services such as web hosting, order management, payment processing (via Shopify Payments, which uses Stripe), and other technical support. We encourage you to review Shopify’s Privacy Policy (available on Shopify’s website) to learn how they protect user data.
  • Payment Processors: We share relevant personal data with payment providers to process your payments securely. For example, when you pay with a credit card, your card information is transmitted directly to Stripe; if you choose PayPal, you are redirected to PayPal to complete payment. These payment processors handle your payment data subject to their own security and privacy practices. We only receive confirmation of payment and basic details to confirm the transaction (we do not see your full credit card number or PayPal login credentials).
  • Shipping Partners: In order to deliver your orders, we provide your name and shipping address (and in some cases phone/email for delivery updates) to our shipping carriers or fulfillment partners. This could include postal services (like USPS) or courier companies (like UPS, FedEx, DHL) depending on your location. These third parties use your information solely to transport and track your purchased goods.
  • Email & SMS Service Providers: If we send email newsletters, order updates, or SMS messages, we may use third-party platforms to facilitate these communications (for example, an email marketing service or SMS gateway). These providers will process your contact information on our behalf to send out the messages you agreed to receive. They are not allowed to use your information for their own purposes and will only use it under our instructions.
  • Analytics and Advertising Partners: As noted under Cookies, third-party analytics and advertising partners (such as Google, Facebook, TikTok) collect usage data through our Site via cookies/pixels. We may share or allow them to collect limited identifiers (like a cookie ID or device ID tied to your browsing) so that we can obtain analytics reports and run targeted advertising campaigns. For instance, we might upload a list of customer emails (in hashed form) to Facebook or Google to create advertising audiences, or use Google Analytics data to understand user demographics. These partners are restricted from using personal data for purposes other than providing services to us (although if you are separately a user of those platforms, their own terms and privacy policies apply).
  • Marketing and Advertising Partners: In addition to online advertisers, if we collaborate with marketing agencies or platforms (for example, an SMS marketing platform or an influencer marketing agency), we may share only the information necessary (such as your email or phone for sending messages, or an order number for tracking a referral) to carry out those campaigns. Such partners are bound by contracts to protect your data.
  • Business Transfers: In the event that our business expands, undergoes a reorganization, or is involved in a merger, acquisition, or sale of assets, your personal information may be transferred to the new owners or business entity as part of that transaction. If such a transfer occurs, the use of your personal data will still be subject to this Privacy Policy (unless you’re notified of changes).
  • Legal Requirements and Protection: We may disclose personal information if required to do so by law or in response to valid legal requests (for example, a subpoena, court order, or government demand). We may also share information when we believe it is necessary to investigate or enforce our policies, respond to claims, or protect the rights, property, or safety of CoffeeLovas, our customers, or others. This includes exchanging information with other companies and organizations for fraud prevention and credit risk reduction.

Again, we do not sell your personal information to third parties for profit. If in the future we anticipate sharing data in a way that California law considers a “sale” (such as certain types of targeted advertising sharing without proper opt-outs), we will provide required notices and opt-out mechanisms. (See below for California residents’ rights to opt out of any potential “sale” of their data.)


Your Rights and Choices

Depending on your location and applicable privacy laws, you have certain rights regarding your personal information. We are committed to honoring these rights for all of our customers:

Rights Under GDPR (EU/UK): If you are in the European Union, United Kingdom, or a similar jurisdiction, you have the following rights with respect to your personal data:

  • Right of Access: You can request confirmation of whether we have personal information about you, and request a copy of that information.
  • Right of Rectification: You can ask us to correct or update any inaccurate or incomplete personal information we hold about you.
  • Right to Erasure: You can request that we delete your personal data. We will honor this to the extent we are not required to keep the data for legal reasons or legitimate business purposes (for example, we may need to retain certain purchase records for tax and accounting purposes, or to honor a warranty/return obligation).
  • Right to Restrict Processing: You can ask us to limit how we use your data in certain circumstances, such as while a complaint about data accuracy or usage is being resolved.
  • Right to Object: You have the right to object to our processing of your personal information for certain purposes. For example, you can object to receiving direct marketing, and we will stop sending you marketing communications. You can also object to any processing based on our legitimate interests (as opposed to your consent), and we will consider your objection and whether we must accommodate it.
  • Right to Data Portability: You can request a copy of the personal data you provided to us in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another controller where technically feasible. This typically applies to data processed by automated means on the basis of your consent or a contract.
  • Right to Withdraw Consent: If we are processing your personal information based on your consent (such as for optional marketing emails or SMS), you have the right to withdraw that consent at any time. For example, you can unsubscribe from our newsletter by clicking the “unsubscribe” link in any marketing email, and you can opt out of SMS by following the provided instructions (such as replying “STOP” to a marketing text). Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.

Rights Under CCPA (California Residents): If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) provides you with specific rights regarding your personal information:

  • Right to Know: You have the right to request that we disclose what personal information we have collected about you in the past 12 months, including the categories of information, the sources of that information, the business purpose for collecting it, and the categories of third parties with whom we shared it. (This Privacy Policy is intended to provide much of that information openly.) You may also request the specific pieces of personal information we hold about you.
  • Right to Delete: You can request that we delete personal information we have collected from you (with similar exceptions as under GDPR – e.g., if we must keep certain data for legal or internal business purposes, we will let you know).
  • Right to Correct: You may request correction of inaccurate personal information we hold about you.
  • Right to Opt-Out of Sale/Sharing: The CCPA gives you the right to opt out of the sale or sharing of your personal information. As noted, CoffeeLovas.store does not sell customer data for money. We do share some data for advertising as described (which CCPA may define as “sharing” or a form of “sale” of data). California residents can request to opt out of such data sharing for targeted advertising. To exercise this right, you may use the “Do Not Sell or Share My Personal Information” link on our website (if available) or contact us at our email below with your request. If we have a cookie management tool, you can also adjust your preferences there to disable advertising cookies.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. That means we won’t deny you goods or services, charge you different prices, or provide a different level of service because you exercised your privacy rights. (However, please note that if you ask us to delete or restrict information, it may affect our ability to serve you – for example, we cannot complete an order without certain data.)

Canadian and Other Regions: If you are in Canada, your personal information is protected under laws like PIPEDA. You generally have similar rights to access and correct your data. If you are in other jurisdictions, we will also strive to honor your requests to the extent required by applicable law. For instance, many countries have data protection laws that grant individuals the right to access and delete their data, and we extend those core principles globally.

Exercising Your Rights: To exercise any of the rights above or ask a question about your data, please contact us at support@coffeelovas.store. Please specify your request and provide sufficient information for us to verify your identity (for example, we may ask you to confirm certain account details or order information we have on file). Verification is required to protect your privacy by ensuring we don’t disclose or delete information to the wrong person. We will respond to valid requests within the timeframes required by law (such as within 30 days for GDPR requests, and within 45 days for CCPA requests, with the possibility of a 45-day extension if needed).

If you have an account with us, you may also access, correct, or update some of your information by logging into your account dashboard on our Site. For marketing emails, you can quickly unsubscribe by clicking the link in the footer of any promotional email.

Cookies & Advertising Choices: As detailed in the Cookies section, you can manage cookie preferences via your browser or through any cookie consent tool we provide. To opt out of targeted advertising, you can use industry opt-out sites (NAI, DAA) or adjust settings on platforms like Google, Facebook, or TikTok where you see our ads. California residents may also use the “Do Not Sell/Share” link if provided.

Complaints: If you have concerns about our privacy practices, you have the right to lodge a complaint with a supervisory authority. For example, EU residents can contact their national Data Protection Authority; UK residents can contact the ICO; Canadian residents can contact the Office of the Privacy Commissioner; California residents can contact the California Attorney General’s office. Of course, we would appreciate the chance to address your concerns directly first, so we encourage you to contact us with any issues and we will do our best to resolve them.


Data Security

We take the security of your personal information seriously. Our Site uses industry-standard security measures to protect your data during transmission – for instance, we employ Secure Sockets Layer (SSL) encryption for any payment transactions and for sensitive information entered on our Site. Shopify, our website host, maintains the platform with robust security practices and is PCI DSS (Payment Card Industry Data Security Standard) compliant for processing payment data, helping to safeguard your payment and order information.

Internally, we restrict access to personal information to only those employees, contractors, and service providers who need it to perform their duties (for example, fulfilling orders or providing support). They are subject to contractual confidentiality obligations and are trained on data protection. We also employ technical safeguards like firewalls, secure data storage, and routine security audits to prevent unauthorized access.

Despite our best efforts, no method of transmission over the internet or electronic storage is 100% secure. Therefore, while we strive to protect your personal data, we cannot guarantee absolute security. In the unlikely event of a data breach that affects your personal information, we will notify you and any applicable regulators as required by law.

You also play a role in protecting your information. Please use a strong, unique password for any account on our Site and keep it confidential. If you suspect any unauthorized access to your account or information, contact us immediately.


International Data Transfers

CoffeeLovas.store is based in the United States, and the personal information we collect is generally processed and stored in the U.S. (and possibly in other countries where our service providers, like Shopify or cloud storage providers, maintain facilities). This means that if you are visiting our Site from outside the U.S. (such as the EU, UK, or Canada), your personal data will be transferred across international borders to the United States.

We recognize that the EU, UK, and some other regions have strict laws regarding data transfers to non-domestic jurisdictions. To ensure lawful transfers of personal data from the European Economic Area (EEA), UK, or Switzerland to the U.S., we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms, as implemented by Shopify and our other processors. For example, Shopify’s Data Processing Addendum includes SCCs to cover European data transferred to its servers in the U.S. or elsewhere.

By using our services and providing information to us, you acknowledge that your information may be transferred to and processed in the United States and other countries. These countries may have data protection laws that are different (and potentially less stringent) than those in your country of residence. However, we will take steps to ensure that your data is treated securely and in accordance with this Privacy Policy wherever it is processed.

If you are an EU/UK resident and require more information about the international transfer of your data or the safeguards in place, you can contact us using the information below. We understand the importance of data security in cross-border transfers and continuously monitor legal developments in privacy regulations to remain compliant.

Children’s Privacy

Our Site and services are intended for a general audience and are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 years old. If you are under 13, please do not provide any personal information to us or use our services without parental supervision.

If we learn that we have inadvertently collected personal data from a child under 13, we will take steps to delete that information promptly from our records. If you are a parent or guardian and believe that a child under your care has provided personal information to us without your consent, please contact us so that we can investigate and delete the child’s information as necessary.

For teenagers above 13 but under the age of majority (18 in most places), we recommend using our Site with the involvement of a parent or guardian. In certain jurisdictions (like the EU/UK), if you are under 16, you may need parental consent for some data processing activities (such as signing up for newsletters). We comply with applicable age-related consent requirements.

 

Updates to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will post the updated policy on this page and update the “Last updated” date at the top. If the changes are significant, we may also notify you by email (if we have your email from an account or recent order) or by placing a prominent notice on our Site.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Site after any modifications to the Privacy Policy will signify your acceptance of the updated terms. If you do not agree with the changes, you should discontinue use of the Site and services, and you may request that we delete your personal data as per the rights mentioned above.

Contact Us

If you have any questions or concerns about this Privacy Policy or how your personal information is handled, please contact us:

CoffeeLovas.store (Privacy Team)

✉️ Email: support@coffeelovas.store

We will be happy to answer your questions or address any issues you have about your privacy. Your trust is important to us, and we are committed to ensuring your personal information is safe and used appropriately. Thank you for choosing CoffeeLovas.store!

 

Last updated: April 5, 2025