Privacy Policy

Our values and commitment to your privacy are at the heart of everything we do at Gonzalez Brothers Coffee.

Privacy & Data Protection Policy

Last updated: March 1, 2026

At Gonzalez Brothers Coffee Ltd, we value the trust you place in us when sharing your personal information. This policy outlines how we gather, utilize, and safeguard your data. By interacting with our website, you agree to the terms described below.

1. Information Collection and Use

When you engage with our platform, we collect data in two primary ways:

  • Direct Information: During a purchase or account registration, we collect details you provide such as your name, physical address, email address, and company details to fulfill your order.
  • Automated Data: As you navigate our site, we automatically receive your computer's IP address. This helps us understand your browser and operating system to optimize your experience.
  • Marketing: With your explicit permission, we may send updates regarding our latest offerings, seasonal products, and company news via email.

2. Your Consent

How do we obtain it?

When you provide details to complete a transaction, verify a payment method, or arrange a delivery, we imply consent for that specific purpose only. For secondary goals (like marketing), we will always ask for your "opt-in" or provide a clear way to decline.

How do you withdraw it?

If you change your mind, you can revoke your consent for us to contact or store your data at any time.

3. Why We Process Your Data

We use your information to ensure a seamless service, specifically for:

  • Order fulfillment and delivery.
  • Website administration and performance monitoring.
  • Personalizing content and advertisements.
  • Direct marketing (only where you have opted in).

Note: We may share data with authorities if legally required for investigations into unlawful activity.

4. Our Platform

Our wholesale platform is a custom-built web application. Your data is stored securely using industry-standard encryption and access controls, hosted within AWS infrastructure in the EU.

  • Payments: Payment details are handled by our payment processors, who encrypt your data in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).
  • Retention: Transaction data is only kept as long as necessary to complete your purchase and meet our legal obligations, after which it is securely deleted.

5. Third-Party Interactions

We only allow third-party providers to access your information to the extent required to perform their services (e.g., payment processors, email delivery).

  • External Policies: These providers have their own privacy rules. We recommend reviewing them, especially if the provider is located in a different jurisdiction than yours.
  • Outbound Links: Once you leave our site via a link, our privacy policy no longer applies.

6. Security Measures

We follow rigorous industry best practices to prevent the loss, theft, or misuse of your data. Sensitive information is encrypted using SSL/TLS in transit and AES-256 at rest. While no digital storage is 100% foolproof, we adhere to all PCI-DSS requirements and conduct regular security reviews.

7. Cookies & Local Storage

We use a small number of cookies to operate the platform:

  • Authentication cookies (wholesale_access_token, wholesale_refresh_token): HttpOnly, Secure cookies that maintain your authenticated session. These are strictly necessary and cannot be disabled.

We also use your browser's localStorage to store your shopping cart, enquiry list, and basic UI state. This data never leaves your browser.

We do not use any third-party analytics, advertising, or tracking cookies. All cookies on this site are strictly necessary for the platform to function.

8. Your Responsibilities

By using this site, you confirm that:

  • You are legally capable of entering into contracts.
  • The information you provide is accurate and current.
  • You will update your account details promptly if they change.

9. Legal Framework (UK GDPR)

This policy and our operations are governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Any legal disputes will be handled within the jurisdiction of the courts of England and Wales.

10. Policy Updates

We may update this policy periodically to reflect changes in our practices. Significant changes will be highlighted here. In the event of a merger or acquisition, your data may be transferred to new ownership so we can continue serving you.

Questions & Contact

To access, correct, or delete your data, or to file a formal complaint, please reach out to our Privacy Officer: