Privacy policy

Privacy Policy

Last updated: June 2026

This privacy policy explains how Hey Joe Music & Coffee uses personal information when you use our website, place an order, contact us, sign up to our mailing list, visit the shop, attend an event, or otherwise interact with us.

We’ve tried to keep this clear and straightforward. We are a small independent business, not a large company with a legal department, but we take customer privacy seriously and only use personal information where we have a proper reason to do so.

Who we are

Hey Joe Music & Coffee is operated by Marc Sardinha, sole trader, trading as Hey Joe Music & Coffee.

Business address:
Hey Joe Music & Coffee
10 Ropers Yard
Brentwood
Essex
CM14 4FU

Contact email: orders@heyjoemusic.co.uk

For the purposes of UK data protection law, Marc Sardinha trading as Hey Joe Music & Coffee is the data controller for the personal information we collect and use.

What personal information we collect

Depending on how you interact with us, we may collect and use the following information:

When you place an order

We may collect your name, email address, billing address, delivery address, phone number if provided, order details, payment status, delivery information, refund information and any messages connected to your order.

We do not store full card details ourselves. Card payments are handled securely through Shopify and its payment processing services.

When you create a customer account

If you create an account on our website, we may process your name, email address, order history, account login details and saved address information.

When you contact us

If you email us, message us through social media, reply to an order confirmation, or otherwise contact us, we may keep your contact details and the contents of the message so we can deal with your enquiry.

This may include information relating to orders, preorders, returns, damaged items, lost parcels, chargebacks, event bookings, accessibility requests, or general customer service.

When you sign up to our mailing list

If you sign up to our mailing list, we collect your email address and any other information you choose to provide. We use Sender to manage our email newsletters.

When you buy or reserve tickets

Event tickets on our website are treated like normal website products. If you buy or reserve a ticket, we collect the same kind of information as we would for any other order, such as your name, email address, order details and payment status.

We may use this information to manage entry, capacity, event updates, cancellations, refunds or changes to event details.

When you visit the shop

If you visit the shop, we may process limited information in practical ways, for example if you ask us to order something in, join a preorder list, use a loyalty card, reserve an item, report a problem, or ask us to contact you about something.

Some of these systems may be analogue, such as handwritten notes, order lists, preorder sheets or loyalty cards.

CCTV and live camera feed

We use CCTV or a live camera feed in the shop for safety, security, loss prevention and to help protect staff, customers and the business.

The live feed may be accessible through an app on Marc’s phone.

[CHECK BEFORE PUBLISHING: If your system records footage, add: “Where footage is recorded, it is normally kept for [X days] unless it is needed for security, legal, insurance or police purposes.” If it is live-view only and does not record, add: “The system is used as a live feed only and footage is not normally recorded or stored.”]

How we use your personal information

We use personal information for the following reasons:

To process and fulfil orders

We use your information to accept orders, take payment, confirm orders, dispatch goods, arrange local delivery, deal with preorders, process refunds, respond to order issues and keep you updated about your purchase.

Our lawful basis for this is usually contract, because we need to use this information to provide the goods or services you have ordered.

To deliver orders

We may share delivery information with Royal Mail where needed to send your order. If your order is delivered locally by us, your delivery details will be used by staff only for the purpose of completing that delivery.

Our lawful basis for this is usually contract.

To provide customer service

We use your information to respond to questions, deal with returns, damage claims, delivery issues, missing parcels, product queries, event questions and other customer service matters.

Our lawful basis may be contract, legal obligation or legitimate interests, depending on the situation.

To manage preorders, reservations and loyalty systems

We may use your name, contact details and order preferences to manage preorders, customer requests, loyalty cards or item reservations.

Our lawful basis is usually legitimate interests, because this helps us provide the kind of personal, practical service expected from a small independent shop.

To send newsletters and marketing emails

If you sign up to our mailing list, we use your email address to send updates about new releases, preorders, events, offers, shop news and other Hey Joe updates.

We may also email existing customers about similar products or services where the law allows this, but only where you have been given a way to opt out.

You can unsubscribe from marketing emails at any time by using the unsubscribe link in the email or by contacting us at orders@heyjoemusic.co.uk.

Our lawful basis is usually consent or, in limited cases, legitimate interests under the soft opt-in rules for existing customers.

To keep proper business records

We keep certain order, payment, refund, tax and accounting records because we are required to do so by law.

Our lawful basis is legal obligation.

To protect the business from fraud, disputes and chargebacks

We may use order records, delivery information, customer messages, photographs, payment records and related evidence where needed to prevent fraud, respond to disputes, deal with chargebacks, protect our legal position or recover money owed to us.

Our lawful basis is legitimate interests and, where relevant, legal obligation.

To improve our website and services

Our website is hosted by Shopify. Shopify may provide us with basic analytics and performance information about website visits, sales, products and customer behaviour on the site.

We use this to understand what is working, improve the website and run the business properly.

Our lawful basis is usually legitimate interests, unless consent is required for a particular type of cookie or tracking technology.

Who we share your information with

We only share personal information where needed to run the business, provide our services, comply with the law, or protect our rights.

This may include:

  • Shopify, which hosts our website and provides ecommerce and payment services

  • Shopify Payments or related card payment providers

  • Royal Mail, for posted orders

  • Staff involved in order fulfilment, customer service or local delivery

  • Sender, for email newsletters

  • Accountants, bookkeepers or professional advisers

  • HMRC, regulators or authorities where legally required

  • Banks, card networks, payment processors or dispute handlers where needed for refunds, chargebacks, fraud prevention or payment disputes

  • IT, website or security providers where needed to operate and protect our systems

  • Social media platforms, if you contact us through those platforms

We do not sell customer personal information.

Payments

Online payments are processed through Shopify and its payment services. We do not receive or store your full card number.

We may be able to see payment status, transaction references, partial card details such as the last four digits, fraud indicators, refund status and chargeback information where this is needed to manage orders and payments.

Cookies and website tracking

Our website runs on Shopify and uses cookies and similar technologies.

Some cookies are necessary for the website to work properly, for example to remember what is in your basket, allow checkout, keep the site secure and support customer accounts.

Shopify may also use cookies or similar technologies for analytics, performance and service improvement.

We do not knowingly use advertising pixels such as Meta Pixel or TikTok Pixel, and we do not currently place paid online ads.

You can control cookies through your browser settings. If our website shows a cookie banner or cookie preference tool, you can also use that to manage your choices.

We will update this policy if we add any new advertising, tracking or analytics tools.

How long we keep personal information

We only keep personal information for as long as we reasonably need it.

As a guide:

  • order, payment, refund and accounting records may be kept for up to 7 years for tax, accounting, legal and business record purposes;

  • customer service emails may be kept for as long as needed to deal with the enquiry, and for a reasonable period afterwards in case the issue comes back;

  • preorder, reservation and loyalty information is kept only for as long as needed to manage the request or scheme;

  • newsletter information is kept until you unsubscribe or we remove inactive contacts;

  • chargeback, fraud, complaint or legal records may be kept for as long as needed to protect our position;

  • CCTV or live camera footage is handled as described in the CCTV section above.

We may keep some information for longer if we are required to do so by law, or if it is needed for a legal claim, dispute, fraud prevention, accounting issue or regulatory reason.

International transfers

Some of the services we use, including Shopify and Sender, may process personal information outside the UK.

Where personal information is transferred outside the UK, we expect those providers to use appropriate safeguards required by data protection law.

Your rights

Under UK data protection law, you have rights over your personal information.

Depending on the situation, you may have the right to:

  • ask for a copy of the personal information we hold about you;

  • ask us to correct information that is wrong or incomplete;

  • ask us to delete information where there is no good reason for us to keep it;

  • ask us to restrict how we use your information;

  • object to us using your information in certain circumstances;

  • withdraw consent where we rely on consent, such as for marketing emails;

  • ask for certain information in a portable format.

These rights are not absolute and may depend on the reason we hold the information. For example, we may need to keep certain order or tax records even if you ask us to delete them.

To make a request, email orders@heyjoemusic.co.uk.

We may need to ask for information to confirm your identity before responding.

Marketing choices

You can unsubscribe from our marketing emails at any time by clicking the unsubscribe link in the email or by contacting us at orders@heyjoemusic.co.uk.

Unsubscribing from marketing emails will not stop necessary service emails, such as order confirmations, dispatch updates, event changes, refund information or replies to customer service enquiries.

Security

We take reasonable steps to protect personal information and limit access to people who need it.

Because we use Shopify and other trusted service providers, some information is protected through their systems as well as our own business practices.

No online system is completely risk-free, but we try to use services and processes that are appropriate for a small retail business.

Links to other websites

Our website or emails may include links to other websites, social media platforms, ticketing pages, artist pages, product pages or third-party services.

We are not responsible for the privacy practices of other websites. You should check their privacy policies if you give them personal information.

Complaints

If you have any questions or concerns about how we use your personal information, please contact us first at orders@heyjoemusic.co.uk and we’ll do our best to help.

You also have the right to complain to the Information Commissioner’s Office, the UK regulator for data protection.

Changes to this policy

We may update this privacy policy from time to time, for example if our website, systems, suppliers or legal obligations change.

The latest version will be posted on our website.