Privacy Policy

Last updated: [INSERT DATE]

Change Brew Co (“we”, “our”, or “us”) is committed to protecting and respecting your privacy.

This policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully to understand our practices regarding your personal data. By using our website [INSERT WEBSITE URL], you agree to the terms of this Privacy Policy.

1. Who We Are

Change Brew Co is the data controller responsible for your personal data.
If you have any questions about this Privacy Policy or our data handling practices, please contact us at:

Change Brew Co
Address: [INSERT BUSINESS ADDRESS]
Email: [INSERT CONTACT EMAIL]
Phone: [INSERT CONTACT PHONE NUMBER]

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can find details at www.ico.org.uk.

2. What Information We Collect

We may collect and process the following personal data about you:

Personal Identification Information

Name, email address, postal address, phone number, date of birth (if provided).

Transaction Information

Details about payments and purchases made through our website.

Technical Data

IP address, browser type and version, time zone setting, operating system, and platform.

Usage Data

Information about how you use our website, products, and services.

Marketing and Communications Data

Your preferences in receiving marketing communications from us.

3. How We Collect Your Data

We collect data in the following ways:

Directly from you – when you complete forms on our website, make a purchase, or contact us.
Automatically – through cookies and analytics tools when you use our website.
From third parties – such as payment processors, delivery partners, or advertising platforms.

4. Lawful Bases for Processing

Under UK GDPR, we must have a lawful basis for processing your data. We rely on the following:

Contractual necessity – when we need to process your data to perform a contract with you (e.g. fulfilling an order).
Legal obligation – when we must comply with the law (e.g. tax or accounting requirements).
Legitimate interests – when it is necessary for our legitimate business interests (e.g. improving services, preventing fraud).
Consent – when you have given clear consent (e.g. to receive marketing emails).

You can withdraw your consent for marketing at any time by contacting [INSERT CONTACT EMAIL] or by using the unsubscribe link in our emails.

5. How We Use Your Data

We use your data to:

Process orders and deliver products.
Communicate with you about your purchases or enquiries.
Improve our website, products, and customer service.
Send you marketing communications (if you’ve opted in).
Comply with legal or regulatory requirements.

6. Data Sharing and Disclosure

We only share your data where necessary and in accordance with the law:

With service providers who perform services for us, such as payment processors or couriers.
With regulators or law enforcement when required by law.
In business transfers, such as mergers or acquisitions.

We ensure that all third parties respect the security of your personal data and treat it in accordance with the law.

7. International Data Transfers

Some of our service providers may transfer your data outside the UK.
Where this occurs, we ensure that appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses (SCCs) or adequacy decisions issued by the UK government.

8. Data Retention

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting obligations.
When data is no longer required, it will be securely deleted or anonymised.

9. Your Data Protection Rights

Under the UK GDPR, you have the following rights:

Right of access – request copies of your personal data.
Right to rectification – request correction of inaccurate data.
Right to erasure – request deletion of your data in certain circumstances.
Right to restrict processing – request limitation of how we use your data.
Right to data portability – request transfer of your data to another organisation.
Right to object – object to our processing of your data based on legitimate interests.

You can exercise any of these rights by contacting us at [INSERT CONTACT EMAIL].

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience, analyse website traffic, and deliver targeted advertisements.
You can manage or disable cookies in your browser settings. For more details, please see our [INSERT LINK TO COOKIE POLICY].

11. Data Security

We have implemented appropriate technical and organisational measures to protect your data from loss, misuse, unauthorised access, or disclosure.
However, please note that no method of transmission over the internet is 100% secure.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last updated” date.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us: