Privacy policy

Last updated: 18/9/2025

Heartland (“we,” “our,” “us”) is committed to protecting your privacy and handling your data fairly, transparently, and securely. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit or make a purchase from our website.

1. Information We Collect

When you use our site, we may collect the following information:

  • Personal details – name, email address, billing and shipping address, phone number.

  • Order details – items purchased, payment information (processed securely by payment providers; we do not store card details).

  • Account and subscription data – details you provide to manage recurring coffee subscriptions.

  • Marketing preferences – if you sign up for our newsletter.

  • Technical data – IP address, browser type, device, and usage data.

2. How We Use Your Information

We use your information to:

  • Process and deliver your orders.

  • Manage coffee subscriptions.

  • Communicate with you about your orders, subscriptions, or enquiries.

  • Send marketing emails (if you’ve opted in).

  • Improve our website, products, and services.

  • Comply with legal and tax obligations.

We do not sell or share your data with third parties for marketing purposes.

3. Legal Basis for Processing (GDPR)

We process your personal data under the following lawful bases:

  • Contractual necessity – to fulfil orders and subscriptions.

  • Consent – when you sign up for marketing emails.

  • Legal obligation – to meet tax, accounting, or regulatory requirements.

  • Legitimate interests – to improve services and prevent fraud.

4. Third-Party Services

We use trusted providers to operate our business:

  • Shopify – our e-commerce platform, which hosts our website and processes orders.

  • Omnisend – to manage and send marketing emails (only if you have opted in).

  • Seal Subscriptions – to manage recurring coffee subscriptions.

  • DPD and delivery partners – to ship your orders.

  • Payment providers – to securely process your payments.

Each provider is GDPR-compliant and only processes your data as necessary to provide their service.

5. Data Retention

We keep your personal data only as long as necessary to fulfil the purposes described in this policy, including legal, accounting, or reporting requirements.

6. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.

  • Request correction or deletion of your data.

  • Restrict or object to certain processing.

  • Withdraw consent for marketing at any time.

  • Request transfer of your data (data portability).

To exercise these rights, contact us at roastery@heartland.coffee.

7. Cookies

We use cookies to make our website work smoothly, improve performance, and analyse usage. You can control cookies through your browser settings.

8. Security

We take appropriate security measures to protect your personal data from unauthorised access, alteration, or disclosure.

9. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at roastery@heartland.coffee.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.