Heart & Graft Coffee Ltd (trading as Heart & Graft) is committed to respecting your privacy and the privacy of every visitor to our website. The information we collect about you will be used to fulfil the required services and enable us to improve how, as a company, we deal with you.

This privacy notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by Heart & Graft.

Should you have a question about the data we store, our contact details are:

Unit 1 Droylsden Street
30 Holyoak Street
Newton Heath
Greater Manchester
M40 1HB

Information we collect about you:

The information that we collect about you will only be used lawfully (in accordance with the Data Protection Act 2018 and the General Data Protection Regulation). All data is retained within the United Kingdom or the European Economic Area (EEA) and transferred only to countries outside the EEA where that country has an adequate level of legal protection for personal data or where we use an appropriate safeguard (as provided for by data protection laws) for protecting your personal data when it is transferred. You have the right to ask us for the details of any such safeguard that we use to transfer your personal data to a destination outside the EEA.

Our legal basis for processing your personal data depends on our reasons for processing your data in a particular situation. We use information held about you (and information about others) in the following ways:

  • To provide you with our services and to carry out our obligations arising from any contracts entered into between you and us (i.e. for the performance of a contract between us);
  • To provide you with information about products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes or otherwise where you are an existing customer and you have not opted out of receiving marketing messages about similar products to those you have purchased. Unless you ask us not to, we will provide you with direct marketing by way of email or social media message (i.e. on the basis that you have provided your consent or because it is in our legitimate interests).
  • To ensure the content on our website is presented in the most effective manner for you and your computer or mobile device (legitimate interests); and
  • To notify you about changes to our service (performance of a contact and/or legitimate interests).

We may collect and process the following data about you:

  • Information that you provide by filling in forms on our website. This includes information you provide at the time of registering or at any subsequent point. As part of the sign-up process, we’ll ask for you to fill in a form that will tell us your name and email address. We’ll also ask for your coffee preferences, delivery/billing address and debit/credit card details.
  • Once you’ve signed up, we keep a record of all billings and shipments made to you including the types and grinds of coffee you’ve received. This helps us troubleshoot if, for example, the coffee gets lost in the post and also helps us recommend new ways for you to enjoy coffee.
  • We process your personal data for these purposes on the basis that it is necessary for the performance of our contract (information about your order, billing and shipping) with you and also on the basis of legitimate interests i.e. because it is in our legitimate interests as a business to ensure that you receive your order and to let you know about similar products that we think you might be interested in (direct marketing) unless you tell us that you don’t want to receive any marketing messages.
  • Information about Orders, purchases, subscriptions, product queries, complaints (about products, our website, and marketing), career opportunities and partnership opportunities. If you contact us, we may keep a record of that correspondence. We process this data on the basis that it is necessary for performance of our contract with you and/or because it is within our legitimate interests to consider and respond to communications from our customers, website visitors and prospective employees/partners.
  • Customer Satisfaction Surveys – We sometimes send Customer Satisfaction Surveys. We use these for our own research purposes although you do not have to respond to them. We process the data from Customer Satsifaction Surveys because it is within the legitimate interests of our business to monitor our performance, improve our products and services and help to further improve our customer service etc.
  • Device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information) and details of your visits to our website. We use Google Analytics to collect data about how many people visit our site, how long they look at certain pages, where they exit the site, whether they make a purchase and where our visitors originate from. This is statistical information about our users’ browsing actions and patterns, and does not identify any individual. We use this data to monitor the performance of our website and gather information to improve it or our advertising campaigns. We use Cookies to obtain this information. The personal data collected are IP address and order ID. This type of process is common and fundamental to most online businesses. It helps us understand how our website is being used and areas of the site that we could improve in the future. We process this particular data on the basis that it is within our legitimate interests as a business to analyse the performance of our website and improve the online experience for our customers and those who visit our website.
  • Cookies – We use cookies to distinguish you from other website users. This helps us provide you with a good experience when you use our website and also allows us to improve our services. Please note that it is possible to disable cookies being stored on your computer by changing your browser settings. However, our website may not perform properly or some features may not be available to you if you disable cookies. For detailed information on the cookies we use and the purposes for which we use them see our Cookies Policy below. We process some of this personal data on the basis that it is within our legitimate interests to do so and some of the data on the basis that you have provided your consent when using our website.

Who we share your personal data with:

We may disclose your personal information to any partner of Heart & Graft and/or a member of our group, which means our subsidiaries.

We may disclose your personal information to third parties:

  • in the event that we sell or buy any business or assets;
  • if Heart & Graft or substantially all of its assets are acquired by a third party; or
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of Heart & Graft, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

Who we share your data with: 

  • Facebook, other social media websites & Google – Our website uses retargeting services from advertising networks such as Facebook. These networks collect certain information via cookies to determine which web pages are visited. This data is then used to associate your browser with interest and demographic categories, and serve social media and internet ads based on your past visits to this website. Please note that any information collected by Facebook, other social media and advertising networks via cookies is not linked to any personal information that we collect about our customers. We process personal data in this way for the purposes of improving and optimising our advertising campaigns. We upload lists of email addresses to Facebook and Google which are then used by them to find “look-alike” audiences or remove current customers from our advertising campaigns. Legitimate interests and/or consent
  • Royal Mail/parcel delivery partners/operational companies – We use these companies to deliver our orders.
  • MailChimp – this company enable us to send email communications.

How long do we hold your information for?

We will hold the above information for as long as is necessary in order to provide you with our services, deal with any specific issues that may raise or otherwise as is required by law or any relevant regulatory body. Unless otherwise required by law, your data will be stored for a period of 7 years after our last contact with you at which point it will be deleted. Personal data that we process on the basis of your consent will be deleted upon your request unless there is an alternative lawful basis upon which we rely to continue processing the data.

Where we store your personal information:

The data we collect from you is stored in the EEA.We will only transfer personal data to a destination outside the EEA if we have a lawful basis for doing so and where we have implemented an appropriate safeguard recognised by the General Data Protection Regulation (GDPR). Your passwords are stored on servers in encrypted form. We do not disclose your account details, postal or email addresses to anyone except when legally required to do so.

Protection of Personal Information:

When placing an order, information (such as your name, address and payment card details) that is exchanged between your browser and our website is transferred in encrypted form using Secure Socket Layer (“SSL”) to our payment providers.

It is your responsibility to keep your password secure. Once we have received your information, we will use strict procedures and security features to try and prevent any unauthorised access.

We use industry-standard efforts to safeguard the confidentiality of data, including encryption, firewalls and SSL. We have implemented reasonable administrative, technical, and physical security controls to protect against the loss, misuse, or alteration of your data.

Your rights:

We expect the information we hold to be accurate and up to date. You have the right as an individual to find out what information we hold about you and make changes if necessary; you also have the right, assuming we are not obligated or entitled by law to refuse, to ask us to stop using the information. To have your information erased or rectified, please contact us.

You have the right to object to our processing of your data at any time either via the unsubscribe link included on all emails we send or by contacting us and requesting that processing of your details be restricted or your personal data be erased. Please note however that there may be circumstances where we are unable to agree to such a request because the law prevents us from doing so.

You also have the right to request the transfer of your information to another party in certain circumstances.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe that Heart & Graft have not complied with the requirements of the GDPR with regard to your personal data. If you have a concern about how we handle your data or you would like to lodge a complaint, you can contact the ICO by the following methods:



Tel: 0303 123 1113

Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Changes to this policy:

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email.


Questions, comments and requests regarding this privacy policy are welcome and should be addressed to


We use cookies and similar tools on our website (our “Website”) to improve its performance and enhance your user experience. This policy explains how we do that.

What are cookies?

Cookies are small text files which a website may put on your computer or mobile device when you visit a site or page. The cookie will help the website, or another website, to recognise your device the next time you visit as well as other functions set out below. We use the term “cookies” in this policy to refer to all files that collect information in this way.

Cookies used on this site will not collect information that identifies you personally, but may instead collect more general information such as how users arrive at and use our Website. Where a specific user needs to be identified and tracked, for example when logging in, they are identified using an anonymous token or ID.

What sort of cookies does our Website use?

The following cookies are created by our Website to enable functionality. Personal details are never stored.

Necessary Cookies

Cookie Purpose Duration
token To enable a user to login to their account by authenticating their details. 1 day
voucher code To remember the offer code a user applied when creating a plan, if they haven’t completed checkout. 5 days
plan-cache To remember the plan details a user selected when creating a plan, if they haven’t completed checkout. 5 days
cookie_banner_consent To remember if the user has consented to cookies. 1 year
site wide banner seen To remember if the user has seen the notification banner. 15 days
out of date browser banner seen For Internet Explorer users, to remember if the user has seen the notification banner. 2 days

Ad hoc cookies

Occasionally we need to use cookies to enable a feature that records user preferences, for example to remember that a user has seen a message or performed an action so that we don’t need to remind them again.

Does anyone else use cookies on our Website?

We do use or allow third parties to set cookies on our Website. For example, like many companies, we use analytics to help us monitor our traffic, to get a sense of how many visitors the Website receives every day and which sections of the site users typically look at. It’s a key way of knowing how well we’re doing and what we can do better.

We may also use third party cookies to help us with market research, revenue tracking, improving site functionality and monitoring compliance with our terms and conditions.

Please note we do not allow advertising on our Website so there will be no cookies for this purpose.

The following covers third-party cookies used on our Website. Again, personal details are never stored.

Cookies Purpose
Analytics cookies Cookies are sometimes used to monitor volume of user activity and behaviour across the site (pages visited, time spent on pages and so on).
Conversion/Tracking pixels We sometimes pay for advertising from marketing partners on other sites, for example; Facebook. These third parties sometimes require that we put a tiny image (“pixel”) from their site on any landing pages that users might arrive at. These pixels can create cookies for the third party so we can work with them to understand how successful marketing campaigns were. We also need to understand where a user came from, so that, if the user goes on to sign up on our Website, we can pay the correct marketing partner for their service.
This website uses retargeting services from the social network Facebook. Facebook collects certain information via cookies to determine which web pages are visited. This data is then used to associate your browser with interest and demographic categories, and serve Facebook ads based on your past visits to this website. Please note that any information collected by Facebook via cookies is not linked to any customer’s personal information collected by us

Can you block cookies?

Cookies help you to get the most out of our Website. It is certainly possible to delete and / or block cookies, however, this may cause the functionality described above to fail. For example, deleting our proprietary cookies might mean that you cannot log in and view your account pages, or purchase items from the store. Deleting third party cookies is less likely to cause a buggy experience, but it does mean that we might be unable to generate accurate data about how our site and services are performing.

How do I disable and prevent the use of cookies?

You may restrict, block or delete the cookies from this website at any time by changing the configuration of your browser. While settings are different in each browser, cookies are normally configured in the “Preferences” or “Tools” menu. For further details on configuring cookies in your browser, see the “Help” menu in the browser itself.

You may restrict, block or delete the cookies from this website at any time by changing the configuration of your browser. While settings are different in each browser, cookies are normally configured in the “Preferences” or “Tools” menu. For further details on configuring cookies in your browser, see the “Help” menu in the browser itself.

For more information on cookies for the most common browsers, please refer to the pages below:

Google Chrome:

If using Google Chrome, you can opt-out of Google Analytics cookies by using a browser add-on.

Microsoft Internet Explorer:

Microsoft Edge:

Safari (OSX):

Safari (iOS):

Mozilla Firefox:

Android: (Please refer to your device’s documentation for manufacturers’ own browsers)


If you have any questions about the way we use cookies, you can contact us at