Privacy Policy

rijo42 Ingredients Limited
rijo42 Machines Limited
CF Vending Limited
Wholesale Coffee Company and Machines Limited
The Real Spirit of Coffee Limited

Together “the Group”

Version: 1/24


Our privacy policy applies to members of the rijo42 group, specifically:

For the purpose of the Data Protection Act the Data Controller (i.e. the company who is responsible for, and controls the processing of, your personal data) is one or more of the above entities. The relevant corporate entity is hereinafter referred to as “we”, “our” or “us”) or collectively as the “Group”.

We respect your privacy and feel it is important for you to know how we collect and process the information we receive from you via our website at, via Social Media Platforms (known collectively as the “Service”). This Privacy Policy explains our information practices, the kinds of information we may collect, how we use and share that information, and how you can opt-out of a use or correct or change that information.

This Policy was updated in line with the General Data Protection Regulation (GDPR) reform that came into effect in May 2018. The reform sets out more rights for individuals and greater transparency in how personal data is processed by Data Controllers, such as consent, distribution, marketing and deletion. As rijo42 Machines Limited is a credit intermediary, it undertakes a number of financial tasks that relate to consumer credit.

Our lawful basis for processing your personal data is done so under a Legitimate Interest – Article 6(1)(f) – “the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.”


As used in this Privacy Policy, the term “Personal Information” shall mean any information relating to an identified or identifiable natural person, including, but not limited to: person’s first and last name, email address, date of birth, contact information, passport, driving licence and financial information. This Privacy Policy applies to Personal Information that we collect and process in the course of our business.

By using the Service, you acknowledge you have read and understood the terms of this Notice. Please fully review this Notice before you use the Service or submit information to us.

Information we may collect from you and other sources

We may obtain personal data about you (including your name, address, date of birth, contact information, interests, payment details, financial information and opinions) and those whose personal data you have with express authority disclosed to us (‘others’) whenever you complete an online or paper form, make a telephone enquiry with us, or visit our showroom to receive our services. If you submit an online enquiry you will be required to agree to the terms of this Policy which include permitting us to contact you for the purposes of the finance related enquiry via the contact means of which you provide us with the details of. I.e. email address, telephone number, etc.

For example, we will obtain personal data when you (e.g. contact us for any reason, or purchase services). In certain circumstances, we may hold sensitive personal data if you provide us with such information if you feel that it is relevant for the purpose of your enquiry, but we will not ask for such information. Any sensitive personal data obtained and recorded will only be done so with your explicit consent.

Although the precise details of the personal information collected by us will vary according to the specific purpose for which we are collecting the information, we may collect and process the following data about you:

  1. Information that you provide us by filling in forms on our social media pages or on our Websites. This includes information provided at the time of registering to use our Websites, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our Websites.
  2. if you contact us by phone, email or otherwise and is provided voluntarily, we may keep a record of that correspondence;
  3. please note that we may record and monitor telephone conversations that we have with you. The sole purpose of any recording is for training and quality control purposes.
  4. we may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
  5. details of your visits to our Websites including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access;
  6. we also collect browsing, transactional and behavioural data from you to improve the service/experience we offer and for the purposes of offering you a tailored or personalised online shopping experience; and
  7. we may collect information about your browsing device, including where available your IP address, operating system and browser type, for system administration and to understand user behaviour for marketing purposes. This is anonymous statistical data about our users’ browsing actions and patterns and does not identify any individual. We collect some of this information using Cookies. We may also collect any personal information which you allow to be shared that is part of your public profile on a third-party social network.

We may obtain and/or collect certain personal information about you from sources outside our business. We may also receive your personal information from other sources, such as: public databases, our supplier partners, joint marketing partners; social media platforms; as well as from other third parties. This other personal data helps us to:

  1. provide the relevant services in an accurate manner;
  2. review and improve the accuracy of the data we hold; and
  3. improve and measure the effectiveness of our marketing communications, including online advertising.

Uses made of the information

We use information held about you in the following ways:

  1. To ensure that content from our Websites is presented in the most effective manner for you and for your browsing device.
  2. to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  3. to carry out our obligations arising from any contracts entered into between you and us or relevant finance providers;
  4. to remember your preferences e.g. if you ask not to receive marketing material, we will keep a record of this;
  5. to process payments for products and services;
  6. for our own (or a third party’s) lawful interests (such as marketing, internal record keeping, market research or to improve our products) provided your rights don’t override these.
  7. to help us identify you and any accounts that you hold with us;
  8. to notify you about changes to our service;
  9. to handle queries from regulators;
  10. to handle complaints;
  11. administration;
  12. undertaking credit checks;
  13. research, statistical analysis and behavioural analysis;
  14. customer profiling and analysing your preferences;
  15. marketing (providing you have opted-in);
  16. fraud prevention and detection;
  17. invoicing; and
  18. improving our services.

Legal basis for processing your personal data

The personal data that you provide to us in order to purchase our services or other personal data generated for transactional agreements is processed as it is necessary for the performance of a contract with you.

All other personal data is processed for our legitimate interests (as set out below) and to comply with our legal obligations.

In general, we only rely on opt-in consent as a legal basis to contact new customers by electronic means and/or send direct marketing communications via email to new customers.

You have the right to withdraw your consent at any time.

The following table describes our processing purposes, and on what legal basis we rely on:

Processing Purposes: Legal basis
Providing access to the Website
  • Legitimate interests
Maintaining or restoring the security of the Website
Detecting technical faults and / or errors in the transmission of electronic communications
Account administration
  • Contract
Providing products or services
Carrying out the contractual relationship
Providing customer care services
  • Contract
  • Legitimate interests
Compliance with legal obligations
  • Legal obligation
Defending, establishing and exercising legal / insurance claims
  • Legitimate interests
preventing, investigating and detecting crime, fraud and prosecuting offenders, including working with law enforcement agencies
  • Legal obligation
promoting, marketing and advertising our products and services tailored to individual customers
  • Legitimate interests
Understanding our customers’ behaviour, activities, preferences, and needs
  • Legitimate interests
Reporting to our Principal in connection with rijo42 Machines Limited acting as Authorised Representative.
  • Legitimate interests
Other activities
  • Legitimate interests

The use of automated decision making

Your personal data is not used in any automated decision making (a decision made solely by automated means without any human involvement) or profiling (automated processing of personal data to evaluate certain conditions about an individual).

Change of purpose

We will process your personal data for the purpose for which we collected it. If we process your personal data for another purpose that we reasonably consider to be compatible with the original purpose, we will notify you and explain the legal basis which allows us to do so.

Disclosure of your information

In order to make certain services available to you, we may need to share your personal data with third parties. We only share the personal data provided if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do. We never share personal data outside our organisation for marketing purposes.
We may disclose your personal information to:

  1. Our trusted service providers acting on our behalf who provide services such as: web hosting, web analytics and integration, IT system providers, customer service web chat, payment processors, data analysis (including data personalisation), infrastructure provision, email marketing data, review sites of our services, and other services to enable them to provide services;
  2. our business partners, suppliers of financial products and services and sub-contractors for the delivery of any service to them or you. This information will not be used for marketing purposes;
  3. third party suppliers who manage our financial accounting or audit process;
  4. Law enforcement agencies in connection with any investigation to help prevent unlawful activity, suspicion of fraud or a security threat;
  5. Our group companies (as defined in the Companies Act 2006);
  6. in the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets;
  7. Our Principal in connection with our obligations to them;
  8. if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of sale and supply and other agreements; or to protect our rights, property, or safety, including of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
  9. Other third parties with whom we deal with in the course of providing our services to you; and
  10. Any other Regulatory Body who can demonstrate that there is a legitimate purpose for the processing of your personal data.

We may also disclose personal information on a discretionary basis for the purpose of, and in connection with, any legal proceedings or for obtaining legal advice.

We only share the personal data provided if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do.

We never share personal data outside our organisation for marketing purposes.

International Transfers

We will not share your data outside of the European Economic Area (EEA).

How do we protect your data

We are committed to keeping your personal data safe and secure and employ a number of security measures such as:

  1. Monitoring our service providers to ensure they have an adequate level of protection as required;
  2. All information you provide to us is stored on our secure servers. For registered users, where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone;
  3. We use reasonable, organisational, technical and administrative measures to protect personal information under our control. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access;
  4. Any information provided to our Principal is stored on a Customer Relationship Management system, which is secure;
  5. Our Website may, from time to time, contain links to and from the websites of our third-party partner networks, social media platforms, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites should have their own privacy notices/policies and that we do not accept any responsibility or liability for these third-party websites and the notices/policies. Please check these notices/policies before you submit any personal data to these websites.

Information about other individuals

If you give us information about others, you confirm that the other third party person has appointed you to act on their behalf. This is also relevant where others are concerned if you indeed ask another person to act on your behalf as a third party.

Under the third party authorisation, the other person can:

Such authorisation will remain in place until this has been revoked, either by verbal or written communication.

Use of Google Analytics Advertising

We use Google Analytics Advertising Features (‘GAAF’) through our website, which means that certain information about the traffic on our website is collected. In light of using GAAF, We will not facilitate the merging of personally-identifiable information with non-personally identifiable information collected through GAAF unless we receive your express consent to that merger.

Furthermore, We are hereby notifying You that:

Your rights

We want to ensure that you remain in control of your personal data. Part of this is making sure that you understand your legal rights, which (for individuals) are as follows:

you understand your legal rights, which (for individuals) are as follows:

  1. the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of it (this is known as a subject access request)
  2. the right to have inaccurate data rectified
  3. the right to object to your data being used for marketing or profiling
  4. the right to “be forgotten”, this means you can ask for the information which we hold to be deleted from our records but this will mean that we will be unable to continue to handle your arrangements

If you wish to exercise your right to make a Subject Access Request, you should;

If you wish to exercise your right to correct any inaccuracies, you should:

If you wish to exercise your right to ask us to stop processing your personal data for direct marketing purposes you should:

Where you request access to your personal data (“Access Request”) and we are unable to deal with or fulfil such Access Request, we will provide you with a reason as to why.

Consequences of not providing information

We need your information in order to:

  1. provide products and services to you
  2. perform our contract with you
  3. comply with our legal obligations
  4. protect our legitimate interests and manage our business.

If you chose not to provide information, we will not be able to:

  1. provide requested products or services to you
  2. continue to provide/renew existing products or services.
  3. Provide ongoing services under any service agreement.

We will tell you when we ask for information which is not a contractual requirement or
needed to comply with our legal obligations.

Children’s privacy

Our Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

How long do we keep your data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The legitimate interest relates to a legal requirement for the firm to hold your personal data and financial information on record for up to a total of six years. This six year period satisfies the requirement of our regulator, The Financial Conduct Authority and is also in and is also in line with other financial industry retention periods.

Changes to our privacy notice

We will occasionally update this Notice, in our sole discretion. When we post changes to this Notice, we will revise the “Issue Date” at the bottom of this Notice in order to notify you of changes. We recommend that you check the Service from time to time to inform yourself of any changes in this Notice or any of our other policies. If you do not agree to any update, please do not use the Service; by continuing to access or use the Service after a change to this Notice becomes effective, you agree to and accept the revised Notice as of the Notice Issue Date.

Privacy Questions

  1. If you have any questions about how we use your personal data that are not answered here, email: [email protected].
  2. if you want to exercise your rights of Access Rights regarding your personal data, please contact us by email at: [email protected] or write to us at: Rijo42, c/o UHY St James Building 79 Oxford Street Manchester M1 6HT.
  3. You have the right to make a complaint at any time to the local data protection supervisory authority which, for the UK, is the Information Commissioner’s Office (ICO) ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. A complaint can be made to the ICO via their website: or through their helpline: 0303 123 1113.

If you have a received an email or other communication sent by us that you believe is spam or in violation of our acceptable use policies, please contact us via one of the methods above.

Notice Issue Date: January 2024