Café Sol Website Privacy Notice

This Privacy Statement explains how we collect, store, use and protect personal data about you when you access cafesol.ie (the "Website"), shop with us in store, use our vending machines or otherwise provide your personal data to us including via our social media platforms.

WHO ARE WE?

When we talk about “Café Sol”, or “we,” “us,” or “our,” in this privacy statement, we are referring to the Cafe Sol Unlimited Company trading as Café Sol and our parent company Dunnes Stores Group.

HOW WE USE YOUR INFORMATION

The sections below outline what we use your information for, why we use it and what allows us to do so legally:

When you visit our website

When you use our website, we collect your personal information such as your name, address contact details, website account details, payment details, the time and date you access the website and the time and date of a purchase. We may also store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the website work as you expect it to (please see our Cookie Policy for more information).

What we do

Deliver orders to you this includes delivery or collection of food
Process your payment information
Allow you to register an account with us
Manage cookies on our website

Why we do it

Ensure that you receive the items you have paid for.
To ensure we get paid for the items you buy; to be able to give you a refund when you return something.
To save your preferences and make it easier for you to shop with us.
We use cookies to improve the experience of visitors toour website, analyse site usage, and assist in our marketing efforts.

Why we can do it (legally)

When you buy something from us you enter into a contract of sale. We need your personal details to fulfil this contract.
We need this information to fulfil our sales contract with you.
It’s important for us as a business to make your shopping experience as easy as possible.
We ask for your consent to use cookies.

When you visit us in-store, use our vending machines or contact us directly

When you visit us in stores we might collect or use information such as your payment information, your image (in CCTV), details of accidents and incidents that unfortunately may occur, the time, date and location of purchases and any other information you give such as your address, name or contact details for home delivery services or other reasons. When you use our vending machines, we might collect or use information such as your payment information, the time, date, and location of purchases. When you contact us directly, for example through our Customer Service team or message us on social media, we collect basic personal information (name, contact details etc.) and we’ll record what you say to us if you contact us by email, phone, or our website.

What we do

Process your payment information
Record and download CCTV footage
Collect delivery information
Collect your name and contact details for other reasons
Receive and respond to queries or complaints
Collect delivery information
Collect your name and contact details for other reasons
Receive and respond to queries or complaints
Log incident and accident reports
Send you information about promotions you might like
Review your previous orders
Respond to Data Subject Rights Requests
Record your details when you contact us on social media

Why we do it

So you can pay for your items and receive refunds when needed.
For your safety, security, and to improve customer experience.
To provide a home delivery service.
This might be for lost and found, or other ad hoc reasons.
To respond to your queries and resolve your complaints or pass them on to our Customer Service team.
To ensure we have a record of all incidents if a claim is made.
If you’ve opted in to receive promotions, we’ll tell you about in-store to improve your experience.
To help us respond to queries and complaints.
Your data protection rights are important to us and we want to help you execute them.
To help provide assistance in securing an item or service or when you are unhappy with our products / services

Why we can do it (legally)

This is part of our sales contract commitment to you when you purchase something.
It’s important for us as a business that we do this.
This is part of our sales contract commitment to you when you purchase something.
This might be as part of our sales contract commitment to you or because it is important for us as a business to be able to provide these services to you.
It’s important for us as a business to respond to your queries and resolve your complaints.
It is important for us a business to be able to do this.
We only do this if you’ve given your consent to receive information about promotions.
It is important to us as a business that you get the best experience.
We have a legal obligation to do this.
It is important for us as a business to do this.

For marketing and customer insight purposes

We use your information for customer insight and marketing purposes. However, we will not use your personal data for marketing purposes without your prior consent.

What we do

Customer Consent Management
Email Marketing
Analyse website browsing behaviour and ad effectiveness, including on 3rd Party websites

Why we do it

To ensure our records are up to date with your consent preferences
To inform our subscribers about Café Sol, our promotions and new services.
To show you more relevant ads and to measure how well our advertising campaigns are working.

Why we can do it (legally)

It is important for us as a business to do this.
We get your consent to send you marketing information.
It is important for us as a business to do this.

Other information collected

On occasion we may process personal data such as your name and contact details to address complaints or, in the unfortunate event that an accident occurs, details of accident and incidents, including CCTV footage and where applicable, health related information.

What we do

Investigate complaints and handle legal and insurance claims

Why we do it

To resolve your complaint, ensure the same complaint doesn’t arise again, to provide legal advice and to protect ourselves against fraudulent claims.

Why we can do it (legally)

We have a legal obligation to do this and it is important to us as a business to do it.

Where we process information on the basis that it is important for us as a business to do it, we will consider your interests also. We will weigh up our business interests with your interests to ensure they are fairly balanced. You can contact us for further information on this.

How we secure your information We take great care to ensure the security of our websites and your personal information. To ensure that we keep your information secure we use technical security measures such as encryption, access controls, firewalls and logging. To take full advantage of all security features you should use an up-to-date browser. To further ensure your personal information is safe, please note, we will never ask a customer to confirm any debit or credit card details via email.

WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?

We may share your information internally within Café Sol, and with our parent company, Dunnes Stores Group, on a need to know basis when required for our business to function.
We and Flipdish, our online ordering partner, are joint controllers of your personal data processed in connection with food orders placed through the Flipdish Platform on the Website. If you have queries regarding how your personal data is processed by Flipdish or wish to address your rights, please contact Flipdish.
Flipdish acts as a processor in assisting us with managing users’ consent to our marketing communications. Flipdish also acts as a processor when it assists us to manage our analytics.
We may share your information externally with our core service providers when required for our business to function, for example our vending machine provider.
We may need to share personal data in order to protect ourselves against fraudulent claims and to manage insurance and legal claims.
We may need to share personal data to support our IT system providers to keep our systems secure. Each of the external companies we work with has been selected by us for their ability to provide what we need to our required specification, including their ability to handle sensitive data (like your personal information) securely and appropriately.
We may need to share personal data when we receive requests for information from government departments, the police and other enforcement agencies. If this happens, and there is a proper legal basis for providing your personal information, we will provide it to the organisation asking for it.
We may share your information with other partners when we have your consent to do so.

TRANSFERS OF YOUR INFORMATION

Our third party service providers who process your information on our behalf may transfer your information outside the European Economic Area (EEA). Where such transfers occur, it is our policy that: a) they do not occur without our prior written authority; and b) that an appropriate transfer agreement and safeguards are put in place to protect your information. If you would like to find out more about any such transfers, please contact [email protected].

HOW LONG DO WE KEEP YOUR INFORMATION FOR?

We keep personal data for a variety of purposes and for a variety of time periods. The general guidelines for how long we keep personal data are based on what is necessary and proportionate in our business, taking into consideration how and why we collected it and with particular reference to legal obligations that apply to our business.
Where there is no legally defined time period for keeping data, we will keep your information for a time period based on relevant industry standards.
Where there is no relevant industry standard, we will use a time limit that allows us to serve you as customers but also ensures we don’t keep your personal information for longer than we need to.

WHAT RIGHTS DO YOU HAVE?

You can ask us for a copy of the personal information we hold about you.
You can ask us about how we collect, share and use your personal information.
You can ask us to update and correct your personal details.
You can request that we restrict processing of your personal data in certain circumstances.
You can object to processing that is carried out where we have decided that it is important for us as a business (legitimate interests).
In certain circumstances, you may ask us to delete your personal information.
You have a right to move your information (your right to Portability). Where you have provided information in a structured, commonly used and machine readable format we can share a digital copy of your information directly with you or another organisation.
You can object to any automated decision making, including profiling, where the decision has a legal or significant impact on you.
You have a right to request access to your personal information.
You can change your mind wherever you give us your consent and withdraw that consent, such as for direct marketing.

You can exercise any of these rights by filling out a request in our Privacy Portal or by contacting our Privacy Manager in writing by email or post using the details outlined below. When you contact us to ask about your information, we may ask you to identify yourself. This is to help protect your information.

Our email is [email protected]

Our registered address is: Privacy Manager Dunnes Stores (Head Office) 46-50 South Great George's Street Dublin 2

If you wish to stop receiving marketing communications from us, you can opt out at any time by clicking the "opt-out" link at the bottom of any marketing communication from us or by contacting us by the email at: [email protected].

You also have a right to lodge a complaint with a supervisory authority. In Ireland this is the Data Protection Commission (DPC).

You can contact the DPC via their website: https://www.dataprotection.ie/en/contact/how-contact-us

If you are not a resident of Ireland you can find contact details for relevant supervisory authority for your country of residence here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

LINKS TO THIRD PARTY SITES

From time to time we may provide links to other sites. This privacy statement only covers our Website and any website that we own and control. It does not cover links to other sites nor information collected by parties that own and control those sites or their use of cookies when you visit another site.

Updates to this Notice

We will make changes to this notice from time to time, particularly when we change how we use your information, and change our technology.

You can always find an up to date version of this notice displayed in Store, or ask us for a copy. This notice was updated as of October 2023.