Cocobeanz Loader
Facebook
Instagram
LinkedIn
TikTok
Cocobeanz Logo

Shopping Cart

0

Your cart is empty

Add items to get started

COCOBEANZ

Privacy Policy

MSNA TRADERS LTD  |  Company No. 14702852  |  UK Registered

Effective Date: April 2026  |  Last Updated: April 2026

Contact: info@cocobeanz.co.uk

1. Who We Are

Cocobeanz is the trading name of MSNA TRADERS LTD, a company registered in England and Wales under Company Number 14702852. Our registered address is 38 Brigstock Road, Thornton Heath, CR7 8RX.

We operate a cafe and retail business from multiple UK locations and provide this Website and mobile App (together, the "Service") to allow customers to browse our menu, place orders, manage their accounts, and arrange delivery.

MSNA TRADERS LTD is the Data Controller for all personal data collected through the Service, as defined under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact us about any privacy matter at: info@cocobeanz.co.uk

2. Scope of This Policy

This Privacy Policy applies to all personal data collected by MSNA TRADERS LTD when you:

  • Use the Cocobeanz mobile app (iOS or Android)
  • Visit and use the Cocobeanz website at www.cocobeanz.com
  • Create an account, place an order, or contact us
  • Subscribe to marketing communications

This policy is designed to meet the requirements of:

  • UK GDPR and the Data Protection Act 2018
  • Apple App Store Privacy Nutrition Label requirements
  • Google Play Data Safety Section requirements
  • COPPA (US Children's Online Privacy Protection Act)

3. Data We Collect

We collect the following categories of personal data. The table below also maps each category to Apple App Privacy Label and Google Play Data Safety terminology.

3a. Data You Provide Directly

  • Name and date of birth
  • Email address and phone number
  • Delivery and billing address
  • Order history and preferences
  • Payment information — we do not store your full card number; payment data is processed directly by our payment processor (see Section 6)
  • Account credentials (username/password)
  • Messages and enquiries sent to us

3b. Data Collected Automatically

  • Device identifiers — device model, operating system version
  • IP address
  • App usage data — screens visited, features used, session duration
  • Browser type and version (website)
  • Crash and diagnostic reports
  • Cookie and session data (see Section 11)

3c. Location Data

  • Approximate location (derived from IP address or postcode) — used to suggest your nearest Cocobeanz branch
  • Precise GPS location — only if you explicitly grant location permission on your device. We use this solely to: (1) autofill your delivery address and (2) calculate the distance to your nearest cafe. We do not store your precise GPS coordinates beyond your active session.

You can withdraw location permission at any time in your device Settings > Privacy > Location Services.

3d. Data Safety Label Mapping

Data TypeApple Label / Google Data Safety Category
Name & EmailPersonal Info — Apple: Name, Email Address | Google: Personal info
Phone NumberPersonal Info — Apple: Phone Number | Google: Personal info
Delivery AddressPersonal Info — Apple: Physical Address | Google: Personal info
Date of BirthPersonal Info — Apple: Other | Google: Personal info
Order HistoryApp Activity — Apple: Other User-Generated Content | Google: App activity
Payment InfoFinancial Info — Apple: Payment Info | Google: Financial info (processed by payment provider — not stored by us)
Precise LocationLocation — Apple: Precise Location | Google: Location (approximate or precise)
Approx. LocationLocation — Apple: Coarse Location | Google: Approximate location
Device IdentifiersIdentifiers — Apple: Device ID | Google: Device or other IDs
IP AddressIdentifiers — Apple: User ID | Google: Device or other IDs
Usage / AnalyticsUsage Data — Apple: Other Usage Data | Google: App activity
Crash ReportsDiagnostics — Apple: Crash Data | Google: App info and performance
CookiesIdentifiers — Apple: Other Diagnostic Data | Google: Device or other IDs

All data listed above is linked to your user account. We do not sell any of this data to third parties for their own marketing purposes.

4. Advertising IDs & App Tracking

MSNA TRADERS LTD does not currently use Apple's Identifier for Advertisers (IDFA) or Google's Advertising ID (GAID) for advertising or cross-app tracking purposes.

We therefore do not trigger Apple's App Tracking Transparency (ATT) prompt and do not request permission to track you across other companies' apps and websites.

If this changes in the future, we will update this policy and — where required — request your explicit consent via the ATT prompt (iOS) before any tracking begins.

5. Legal Basis for Processing (UK GDPR)

MSNA TRADERS LTD relies on the following legal bases to process your personal data:

  • Contract — processing your orders, managing your account, and providing the Service you have signed up for
  • Legal Obligation — retaining financial transaction records as required by UK tax law (HMRC) and applicable regulations
  • Legitimate Interests — improving our Service, detecting fraud, ensuring platform security, sending service-related notifications
  • Consent — sending you marketing emails or push notifications. You may withdraw consent at any time by unsubscribing or adjusting your notification preferences in the app

6. Third-Party Service Providers

MSNA TRADERS LTD uses the following categories of third-party service providers. Each operates under its own privacy policy and data processing terms. We share your data with these providers only to the extent necessary to deliver our Service.

Payment processing

  • Stripe — processes card payments on our behalf.
  • Data shared: payment card details, billing address, transaction amount.
  • Stripe is PCI-DSS compliant. We do not store your full card number on our systems.
  • Privacy policy: https://stripe.com/privacy

Push notifications (Firebase / Google)

  • We use Firebase Cloud Messaging (FCM), part of Google's Firebase platform, to deliver push notifications to the mobile app. Configuration and credentials are managed in the Firebase console (linked to our Google Cloud project).
  • Data shared may include device push tokens, notification payloads, and related technical metadata as required to deliver messages you have opted into.
  • Google / Firebase: https://firebase.google.com/support/privacy · https://policies.google.com/privacy

Sign-in with Google (website / app)

Website usage analytics (first-party)

  • The website sends page-view and related events to our own API, where we store path, user agent, referrer, IP address, and (if you are logged in) a user identifier — for example to understand how the site is used. This is not Google Analytics; data is processed on our infrastructure.

Crash and diagnostics

  • We may collect crash and diagnostic information via app and server logs to fix faults. If we enable a dedicated reporting product (for example Firebase Crashlytics) in a future release, we will update this section and the in-store data disclosures to match.

Email

  • Transactional and service emails may be sent using our configured email infrastructure (for example SMTP / business email). Provider terms apply to messages in transit.

Delivery and logistics

  • Where applicable, we may share your name, phone number, and delivery address with Uber (including Uber Direct / courier services) to fulfil delivery orders.
  • Data is used for delivery fulfilment and handled under Uber's policies for those services.
  • Uber privacy: https://www.uber.com/legal/en/document/?name=privacy-notice

All third-party providers are contractually required to use your data only to provide services to us, and to process data in accordance with UK GDPR where applicable.

7. Data Deletion — Your Right to Be Forgotten

Request account and data deletion

  • Email: info@cocobeanz.co.uk
  • Subject line: "Data Deletion Request – [Your Name/Email]"
  • In-app: Account > Settings > Delete My Account
  • We will action your request within 30 days of identity verification.

Under the UK GDPR (Article 17), you have the right to request erasure of your personal data — often called the 'Right to be Forgotten'. This right applies when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and no other legal basis applies
  • You object to processing and there is no overriding legitimate interest
  • The data has been unlawfully processed

What happens when you submit a deletion request?

  • We will verify your identity before processing the request
  • Your account, profile, order preferences, and marketing records will be deleted within 30 days
  • Some data may be retained where required by law — for example, transaction records required by HMRC for up to 6 years, or data needed to resolve an open dispute
  • You will receive a confirmation email once deletion is complete

Note: Deleting your account will not automatically withdraw outstanding orders. Please contact us to cancel any pending orders before submitting a deletion request.

8. How We Use Your Data

  • To process and fulfil your orders, including delivery
  • To manage your Cocobeanz account
  • To send order confirmation and service notifications
  • To send marketing communications — only with your consent, and you can opt out at any time
  • To improve the app and website based on usage analytics
  • To detect and prevent fraud and unauthorised access
  • To comply with legal obligations (tax records, regulatory requirements)
  • To respond to your support enquiries

9. Data Retention

We retain your personal data for no longer than necessary for the purpose it was collected. Specific retention periods by category:

  • Account & profile data: retained for the duration of your account, then deleted within 30 days of account closure
  • Order history: 6 years from the order date (required for UK tax/VAT compliance)
  • Payment transaction records: 6 years (HMRC legal requirement)
  • Marketing preferences & communication logs: until you withdraw consent or for 2 years of inactivity
  • Analytics and crash data: 13 months rolling
  • Customer support communications: 3 years from the date of last contact
  • Precise GPS location: not stored beyond your active session

10. Data Security

MSNA TRADERS LTD takes data security seriously. We implement the following measures:

  • Encryption in transit — data transferred between your device and our servers uses TLS 1.2 or higher
  • Encryption at rest — sensitive account and payment-related data is protected on our systems
  • Access controls — only authorised personnel with a need-to-know can access personal data
  • Payment isolation — card payment data is handled by our PCI-DSS certified payment processor (Stripe); we do not store full card numbers
  • Vulnerability management — security reviews and patching as appropriate

Despite our best efforts, no system is 100% secure. If you believe your account has been compromised, please contact us immediately at info@cocobeanz.co.uk.

11. Cookies

The Cocobeanz website uses cookies — small text files stored on your device — to operate and improve the Service.

Types of cookies we use:

  • Strictly necessary cookies — required for the website to function (e.g. maintaining your shopping cart and session login). These cannot be disabled.
  • Preference cookies — remember your settings and delivery address between visits
  • Analytics cookies — help us understand how users navigate the site (e.g. which pages are visited most)
  • Marketing cookies — used only with your consent to deliver relevant promotional content

You can manage or disable non-essential cookies via your browser settings, or via our cookie preference tool on the website where available. Disabling cookies may limit some functionality.

12. Children's Privacy

The Cocobeanz Service is not directed at children under the age of 13. MSNA TRADERS LTD does not knowingly collect personal data from anyone under 13 years of age.

If you are under 13, please do not use our Service or provide any personal information. If you are a parent or guardian and believe your child under 13 has provided us with personal data, please contact us immediately at info@cocobeanz.co.uk and we will delete the information as quickly as possible.

If you are between 13 and 17 years of age, please ensure a parent or guardian reviews this policy and consents to your use of the Service where required by applicable law.

Compliance note: These provisions are designed to comply with the US Children's Online Privacy Protection Act (COPPA), the UK Age Appropriate Design Code, and applicable GDPR requirements for child data subjects.

13. Your Rights Under UK GDPR

As a UK data subject, you have the following rights regarding your personal data:

  • Right of Access — request a copy of the personal data we hold about you
  • Right to Rectification — ask us to correct inaccurate or incomplete data
  • Right to Erasure ('Right to be Forgotten') — request deletion of your data (see Section 7)
  • Right to Restriction — ask us to limit processing of your data in certain circumstances
  • Right to Data Portability — receive your data in a commonly used, machine-readable format
  • Right to Object — object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing

To exercise any of these rights, contact us at: info@cocobeanz.co.uk

We will respond within one calendar month. We may ask you to verify your identity.

Right to lodge a complaint

You have the right to lodge a complaint with the UK's data protection authority:

  • Information Commissioner's Office (ICO)
  • Website: www.ico.org.uk
  • Helpline: 0303 123 1113

14. International Data Transfers

Some third-party service providers (for example Google / Firebase, Stripe, or Uber) may process data outside the UK or EEA. Where this occurs, MSNA TRADERS LTD seeks to ensure appropriate safeguards, such as:

  • UK International Data Transfer Agreements (IDTAs)
  • EU Standard Contractual Clauses (SCCs) where applicable
  • Adequacy decisions recognised by the UK ICO

15. Business Changes

If MSNA TRADERS LTD undergoes a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will:

  • Notify you prior to any such transfer where required under UK GDPR
  • Ensure the new controller is bound by equivalent data protection obligations
  • Provide you the option to request deletion of your data before the transfer takes effect, where legally permissible

16. Changes to This Policy

MSNA TRADERS LTD may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the 'Last Updated' date at the top of this policy
  • Notify you via email or an in-app notification for significant changes
  • Where required by UK GDPR, seek your renewed consent

We encourage you to review this policy periodically. Continued use of the Service after notification of changes constitutes your acceptance of the revised policy.

17. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or your personal data:

MSNA TRADERS LTD (trading as Cocobeanz)
Company No. 14702852  |  Registered in England & Wales
Email: info@cocobeanz.co.uk
Registered address: 38 Brigstock Road, Thornton Heath, CR7 8RX
Website: www.cocobeanz.com

This policy was last reviewed in April 2026. MSNA TRADERS LTD is registered as a Data Controller with the Information Commissioner's Office (ICO).

Contact page

Buy Now