GDPR – MC

Last updated

12 October 2025

Company Information

Maracaibo Coffee Ltd.

The Regent, Chapel Street, Penzance, Cornwall, United Kingdom, TR18 4AE

Company Registration Number: 16776399

Email: aromas@maracaibo-coffee.com

1. Purpose

This GDPR Compliance Policy outlines how Maracaibo Coffee Ltd. ensures compliance with the UK General Data

Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). We are committed

to protecting the privacy, rights, and freedoms of all individuals whose personal data we process.

2. Scope

This policy applies to all personal data processed by Maracaibo Coffee Ltd., including data of customers, suppliers,

partners, and website visitors.

3. Data Protection Principles

We adhere to the seven GDPR principles: lawfulness, fairness and transparency; purpose limitation; data

minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability.

4. Legal Basis for Processing

Data is processed under the following legal bases: contractual necessity, legal obligation, legitimate interests, and

consent (for marketing).

5. Types of Data We Process

We collect: contact details, payment and order data, website analytics, and communications. Payment details are

handled securely by third-party processors.

6. Data Subject Rights

Individuals have rights to access, rectify, erase, restrict, or object to processing; data portability; and withdraw

consent. Requests are processed within 30 days via aromas@maracaibo-coffee.com.7. Data Security

We use SSL encryption, secure payment partners, limited staff access, and regular backups to safeguard data.

8. Data Retention

Order and transaction data is retained for seven years (for legal compliance). Marketing data is held until consent is

withdrawn.

9. Third-Party Processors

We only share data with GDPR-compliant partners, such as Stripe, PayPal, shipping companies, and web hosting

providers, under strict data processing agreements.

10. Data Transfers

If data is transferred outside the UK or EEA, we ensure appropriate safeguards such as Standard Contractual

Clauses or adequacy decisions are in place.

11. Data Breach Notification

In the event of a data breach, we will notify the ICO within 72 hours where required and affected individuals if there

is a high risk to their rights.

12. Accountability and Training

All staff handling personal data receive GDPR training. We maintain data processing records and review

compliance regularly.

13. Contact and Complaints

Penzance, Cornwall, United Kingdom, TR18 4AE. Complaints may be lodged with the UK Information

Commissioner’s Office (ICO) at http://www.ico.org.uk.