Milanto Coffee

Legal

Privacy Policy

Last updated: April 2026

Milanto Coffee (“we”, “us”, “our”) takes your privacy seriously. This policy explains what personal data we collect when you use our website or engage with us, how we use it, and what rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Milanto Coffee is a UK-based commercial coffee machine supplier operating as a partnership. We can be contacted at sales@milantocoffee.com or by calling 07738 153035.

2. What data we collect and why

Enquiries and quote requests

When you submit a contact or quote request form on our website, your name, email address, phone number, company name, and the content of your message are sent to us via Formspree (our contact form processor). We use this data solely to respond to your enquiry and, if applicable, to progress a sale. We do not add you to any mailing list as a result of submitting a form.

Account registration

If you create an account on our website, we collect your name, email address, and a hashed (encrypted) password via Shopify, our e-commerce platform. Your account allows you to view order history, save delivery addresses, and manage consumables orders. We do not have access to your plain-text password at any point.

Orders

When you place an order, Shopify collects and processes your name, delivery address, contact details, and payment information. We receive order details (items, address, contact) to fulfil your order and arrange delivery and installation. Payment card data is handled entirely by Shopify's payment systems — we do not see or store your full card details.

Website analytics

We use Vercel Analytics and Vercel Speed Insights to understand how our website is used. These tools collect anonymised data such as pages visited, referral source, and page load performance. No personally identifiable information is collected or stored by these tools. This data is used only to improve our website.

3. Legal basis for processing

  • Contract performance — processing your order, arranging delivery and installation, and managing your account.
  • Legitimate interests — responding to enquiries and improving our services. We have assessed that this does not override your rights or interests.
  • Legal obligation — retaining financial records as required by HMRC.

We do not send marketing emails or newsletters. You will only hear from us in connection with an active enquiry or order.

4. Who we share your data with

We do not sell your personal data. We share it only with the following third-party services that help us operate our website and business:

  • Shopify — e-commerce platform handling accounts, orders, and payments. Data is processed in accordance with Shopify's Privacy Policy.
  • Formspree — contact form processor. Enquiry data submitted via our contact form is transmitted through Formspree's servers. Data is processed in accordance with Formspree's Privacy Policy.
  • Vercel — website hosting and analytics. Vercel processes anonymised usage data. Data is processed in accordance with Vercel's Privacy Policy.

All third-party processors are contractually required to handle your data in accordance with UK GDPR.

5. Data retention

  • Enquiry data — retained for up to 2 years from the date of your enquiry, after which it is deleted from our systems.
  • Order and account data — retained for 7 years from the date of the transaction to comply with HMRC record-keeping requirements.
  • Analytics data — anonymised and retained by Vercel in accordance with their data retention policies. No personally identifiable data is stored.

6. Your rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your data, subject to any legal retention obligations.
  • Restriction — request that we limit how we use your data in certain circumstances.
  • Objection — object to processing based on legitimate interests.
  • Portability — request your data in a structured, machine-readable format.

To exercise any of these rights, contact us at sales@milantocoffee.com. We will respond within 30 days. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

7. Security

Our website is served over HTTPS. Passwords are stored using industry-standard cryptographic hashing via Shopify. We take reasonable precautions to protect the data we hold, but no transmission over the internet is completely secure and we cannot guarantee absolute security.

8. Changes to this policy

We may update this policy when our practices change. The “Last updated” date at the top of this page will reflect any revisions. We encourage you to review this policy periodically.

9. Contact

For any privacy-related questions or to exercise your rights, contact us at sales@milantocoffee.com or call 07738 153035.