Privacy Policy

Last updated: November 23, 2025

Introduction

Tumbuka Coffee ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website or purchase our products.

We are based in Grand Baie, Mauritius, and comply with the Mauritius Data Protection Act 2017 and the General Data Protection Regulation (GDPR).

If you have any questions about this policy, please contact us at info@tumbukacoffee.com

What Data We Collect

Analytics & Performance Data

We use Vercel Analytics and Speed Insights to collect anonymous information about how visitors use our website:

  • Page views and navigation patterns
  • Device type and browser information
  • Referral sources
  • Performance metrics (page load times, Core Web Vitals)

This data is anonymized and does not identify you personally. We use it solely to improve our website's performance and user experience.

E-commerce Data (via Shopify)

When you place an order, we collect:

  • Name and email address
  • Shipping address
  • Order history
  • Payment information (processed securely by Shopify, not stored by us)

This information is necessary to fulfill your order and provide customer support.

Cookies

We use two types of cookies:

Essential Cookies: Store your cookie consent preference. These are necessary for the website to function.

Analytics Cookies (optional): Enable Vercel Analytics to track anonymous usage data. You can reject these.

Legal Basis for Processing

  • Consent: Analytics cookies and marketing communications (if any)
  • Performance of Contract: Processing orders and providing customer service
  • Legitimate Interest: Website improvement and security (with opt-out option)

How We Use Your Data

  • Process and fulfill your orders
  • Provide customer support
  • Improve website performance and user experience
  • Comply with legal obligations
  • Detect and prevent fraud

We do not use your data for marketing purposes without your explicit consent.

Data Sharing & Third Parties

We share your data only with trusted service providers:

Vercel (USA)

Purpose: Website hosting and analytics

Compliance: GDPR compliant, Standard Contractual Clauses in place

Shopify (Canada)

Purpose: E-commerce platform for order processing

Compliance: GDPR compliant, certified data processor

We do NOT sell your data to third parties. We do NOT share data with advertisers.

Data Retention

  • Analytics: Raw data retained for 90 days, aggregated data indefinitely
  • Order Data: Retained for 7 years (legal requirement for tax purposes)
  • Cookie Consent: Until withdrawn or 12 months (whichever comes first)

You can request deletion of your data at any time by emailing info@tumbukacoffee.com

Your Rights

Under the Mauritius Data Protection Act 2017 and GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to data processing based on legitimate interest
  • Right to Withdraw Consent: Withdraw consent for analytics or marketing

To exercise any of these rights, email us at info@tumbukacoffee.com. We will respond within 30 days.

Data Security

We take data security seriously and implement appropriate measures:

  • HTTPS encryption for all data transmission
  • Secure hosting infrastructure with Vercel
  • Regular security updates and monitoring
  • Limited access to personal data (need-to-know basis)
  • Secure payment processing via Shopify

While we strive to protect your data, no internet transmission is 100% secure. We cannot guarantee absolute security.

International Data Transfers

Your data may be processed outside Mauritius:

  • Vercel (USA): Standard Contractual Clauses approved by the EU Commission
  • Shopify (Canada): GDPR adequacy decision, certified data processor

All international transfers include appropriate safeguards to protect your data.

Cookies Policy

Types of cookies we use:

  • Essential: Cookie consent preference (required)
  • Analytics: Vercel Analytics (optional, can be rejected)

You can manage cookies through your browser settings or by clicking 'Cookie Settings' in the footer.

Deleting cookies may affect website functionality, particularly for e-commerce features.

Children's Privacy

Our website and services are not intended for children under 13 years of age.

We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Modified" date.

For significant changes, we will notify you via email (if you have an account) or through a notice on our website.

Contact & Complaints

For questions, concerns, or to exercise your rights, contact us:

Email: info@tumbukacoffee.com

We aim to respond to all inquiries within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with:

Data Protection Office, Mauritius

Email: dataprotection@govmu.org

Website: https://dataprotection.govmu.org

← Back to Home