Cookie policy

July 2021

Costa Limited respects your data and your privacy is important to us. For more information about how we use and protect data please see our Privacy Notice.

What is a cookie and what do they do?

A cookie is a small text file which sits on your device or browser and assists with information flow and functionality. We use cookies to support the main and mobile websites and our app. For instance, some cookies help with site security or provide information to help us improve the site, but each cookie performs a specific action. These cookies don’t usually capture your personal data and we wouldn’t be able to identify people from the information. They simply provide grouped information about site or app navigation which can give you a more personalised experience and tells us if people can find what they want.

Session and persistent cookies and how long they last

All cookies are either session cookies or persistent cookies.

Session cookies last for the length of your visit to a website and remember information from one page to another, so you don’t have to keep entering it .

They delete themselves when you close your browser.

Persistent cookies remember things for longer, from one visit to the next. They can personalise the site and remember information each time you visit. We use them to see how people engage with our site to help us change and develop the site and improve your experience of it.

These stay on your device when you close your browser and vary by cookie – please see the cookie table at the end for specific expiration times .

What are first and third party cookies?

Whether a cookie is first or third party depends on where it comes from and can be sent by different parties.

If the cookie comes from our site it is a first party cookie set by us.

If it comes from another site or organisation, such as our suppliers or business partners, it is a third-party cookie, specifically chosen by us to provide a service, such as a more personalised visit. For example, instance, you may be on a website that has ‘Like’ and ‘Share’ buttons for social network sites. If you click one, the social network site will put a ‘third party’ cookie on your device. That cookie may then collect data about you and send it to them too. You will need to set your privacy choices on their site, to tell them how they can use your data.

What different types of cookies does the site use and what are they each for?

Different types of cookies do different things. We use the following cookies on our sites and apps.

Strictly Necessary Cookies - these are required for the operation, security and integrity of our website and app and are essential when you move around them and use their features. For example, they remember your details when you login and allow you to access your account. Without such cookies such services cannot be provided.

Functional Cookies remember you when you return to the site or app and choices you have made on previous visits, such as searches and which country you’re from. This allows us to improve your experience by remembering your preferences when you log into our loyalty club. These Cookies will remain on your device until you choose to clear them, however, if you choose to do this, you will need to log in again into your loyalty account each time you visit the site as an example, but they do eventually expire.

Analytical/Performance Cookies – these allow us to anonymously count the number of visitors to our website or app and see how they move around and use them. This helps us improve how they work, to find things easily and improve site navigation. The data is aggregated and anonymised, which means we cannot identify you as an individual. Some of the Analytical Cookies we use include (but not limited to) Google Analytics and Adobe Digital Analytics.

Marketing / Targeting cookies

These Cookies will collect information about your browsing habits and help website owners to understand the performance of their marketing activities and improve the relevance of the adverts that you see. They are set by the website owner or by carefully selected third parties who may use that information to show you adverts that they think you will be most interested in when you visit other websites They may also use that information to see how well their adverts are performing and that information may also be shared with other parties such as advertisers. If you do not allow these cookies, you may see more content and adverts that do not match your interests.

Costa do not currently use these type of cookies.

What are similar technologies?

Tagging works in a similar way to cookies. We use a tag called a pixel. A pixel is an image that once imbedded in an email connects to a file stored on our web server and allows us to determine customer interest in our marketing emails. Tags can also be known as beacons.

These allow us to see which promotions seem of interest to our customers, and if a particular offer seems to interest you. We may use this information to send offers which appear to be more relevant to you.

Do I Have to Accept Cookies?

You may reject cookies, however, site and app functions will be affected. Cookies help our sites and app to work properly and personalise your experience. You’ll be able to browse the sites and app without cookies but some standard functionality, preferences and certain features will not work.

By accepting cookies, you allow us to improve your experience and remember information about you, which can personalise your experience.

To withdraw consent, you can reject or delete cookies. Please see the Managing Your Cookies section below on how you can adjust your browser settings.

Consent

By browsing or using our site or app you agree that we and the selected third parties in this notice can use (as described in this notice) data collected by the cookies you allow. If you do not agree, you can withdraw your consent by setting your browser to reject cookies, see below.

Managing Your Cookies

There are several ways to manage cookies. You can:

  1. Set your browser to prevent cookies from being accepted. More information should be in your browser’s “help” menu. How to adjust your browser will depend on which browser you’re using.

  2. Set some browsers to send you an alert when a website is trying to place a cookie on your browser.

  3. Block cookies by activating the setting on your browser to refuse all or some cookies. However, if you use your browser settings to block all cookies including strictly necessary cookies, site access and features can be limited or not available.

  4. Delete cookies stored in your browser by “clearing cookies”. This will only delete cookies already stored. It won’t prevent new ones being accepted unless you change the acceptance settings. Also, clearing your cookies on one browser of one device does not automatically clear them on another. You need to clear all browsers on all devices, independently.

  5. By declining cookies in the banner that appears when you visit our site.

More information about cookies is available on external websites such as www.aboutcookies.org. For help with how to manage and delete cookies, visit www.aboutcookies.org. Further information about advertising cookies, and how to manage them, can be found at youronlinechoices.eu (EU based), or aboutads.info (US based).

We are not responsible for the content or cookies from external websites. If you follow a link from our site to a third-party site, they will have their own privacy and cookie notices.

Please bear in mind that if you restrict or disable cookies it can limit functionality and prevent sites from working properly at all.

Keep in mind

Multiple users

If more than one person uses your device, the choices set up by other people will apply to you as well unless you change them. For example, if you share a computer with your family, you may see ads based on sites they have visited as well as sites you have visited.

Cookies that are already on your device

Turning off one or more types of cookies will not delete any that have been downloaded in the past.

Contact us

Our address is Costa Limited, Costa House, 6 Porz Avenue, Houghton Hall Business Park, Houghton Regis, Dunstable, Beds, LU5 5YG. You can also contact us by email at costafeedback@costacoffee.com. If you have any queries in relation to data privacy, please email us at costadpo@costacoffee.com.

Cookies and similar technology used by us are listed below.

CookiePurpose

Cloudflare cfduid

Type: Strictly necessary - Third party cookie

Expires: After 1 month.

Purpose: Cloudflare is a web security service. It remembers which users are considered safe and helps to protect the site from hackers. It does not collect any personal information. More info is available at: https://www.cloudflare.com/security-policy/ and https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do-

Google Analytics - gat / gatgtagUA1044804416

Type: Analytical – Third party cookie

Expires: Within 1 minute

Purpose: This cookie is used to throttle request rate.

Google third party cookies collect anonymous information about how visitors use our site, app and Gift Cards site. This grouped data helps us improve the site and app. It may provide benchmarked data and broader market information as well.

The cookie also sends certain information to Google. This includes, for example, the web address of the page you're visiting and your IP address, which will be assigned a code, to make it anonymous but distinguished by the code. Google may also set cookies on your browser or read cookies that are already there. Google may use the information to maintain and protect the Analytics service.

More info is available at: https://policies.google.com/privacy/partners?hl=en-GB&gl=uk

You may opt-out of Google analytics directly by using a plug-in from Google: https://tools.google.com/dlpage/gaoptout. Using this plug in will opt you out of all of the Google cookies below:

Cookie: Google Analytics - gid
Type: Analytical – Third party cookie
Expires: 1 day
Purpose: This cookie is used to distinguish users.

Cookie: Google Analytics - ga
Type: Analytical – Third party cookie
Expires: 2 years
Purpose: This cookie is used to distinguish users.

costacookieconsent

Type: Strictly necessary - First party cookie

Expires: After 1 year

Purpose: Remembers that the customer has accepted the cookie consent banner. It’s stored in the user's browser for one year and means you don’t see the banner again. We don’t receive any information from it.

Adobe scc

Type: Strictly necessary - First party cookie

Expires: At the end of the session

Purpose: This cookie is used by Adobe Analytics to determine if cookies are enabled.

https://marketing.adobe.com/resources/help/enUS/whitepapers/cookies/cookiesanalytics.html

Adobe sfid

Type: Analytical - Third party cookie

Expiry: After 2 years

Purpose: This cookie is used by Adobe Analytics to identify a unique visitor.

https://marketing.adobe.com/resources/help/enUS/whitepapers/cookies/cookiesanalytics.html

Adobe ssq

Type: Analytical - Third party cookie

Expiry: At the end of the session

Purpose: This Adobe analytics contains information about the previous link on this site that was clicked on by the user, so the page shows relevant content.

https://marketing.adobe.com/resources/help/enUS/whitepapers/cookies/cookiesanalytics.html

Adobe AMCVS

Type: Analytical - Third party cookie

Expiry: At the end of the session

Purpose: This Adobe analytics cookie serves as a flag indicating that the session has been initialised.

https://marketing.adobe.com/resources/help/enUS/whitepapers/cookies/cookiesanalytics.html

Adobe Experience Cloud Identity Service

Type: Analytical – Third party cookie

Expiry: 24 months

Purpose: This Adobe cookie allows site visitors to be linked (anonymously) across different Adobe Experience Cloud solutions.

https://experienceleague.adobe.com/docs/core-services/interface/administration/ec-cookies/cookies-privacy.html?lang=en

Akamai Bot Manager – akbmsc / bmsv / bmm / akwfSession / bmmi

Type: Strictly necessary – Third party cookie

Expiry: After 2 hours

Purpose: Collects information about your activity on the site and Gift Cards site to help protect against malicious website attacks.

Akamai Bot Manager – bmsz

Type: Strictly necessary – Third party cookie

Expiry: After 4 hours

Purpose: Collects information about your activity on the site to help protect against malicious website attacks.

Akamai Bot Manager – abck

Type: Strictly necessary – Third party cookie

Expiry: After 12 months

Purpose: Collects information about your activity on the site to help protect against malicious website attacks.

Coffee Club loyalty scheme

CookiePurpose

username

Type: Strictly necessary – Third party cookie

Expiry: After 1 month

Purpose: Allows you to stay logged in to your Coffee Club Account for the duration of your visit. It is a session cookie containing your email address only while you are logged in.

ASP.NETSessionId

Type: Functional - First party session cookie

Expiry: 1 month after it is set or updated

Purpose: For our Coffee Club members and Gift card site users, this identifies you for the duration of your visit and your information is remembered from page to page. This enables the sites to function properly which means you don’t have to keep entering the same information every time you log in and assists with a smooth site experience.

More info is available at: https://msdn.microsoft.com/en-us/library/ms178194.aspx

This is a strictly necessary cookie.

Pixel image

Type: Analytical – First party pixel image

Expiry: Only triggered, nothing is stored on the local device

Purpose: We use a one pixel image in our marketing emails which you may receive if you’re a Costa Coffee Club member and your preference settings allow.

It is only triggered when an email from us is opened and you choose to display images, though this is done anonymously, so we cannot identify you. It allows us to see which promotions are of interest to our customers.

You can reject this pixel by choosing not to display images when you open an email from us (usually a message appears at the top of the email asking you if you want to display images) or through your email client settings.

E-Gifting site

CookiePurpose

ASP.NETSessionId

Type: Functional - First party session cookie

Expiry: 1 month after it is set or updated

Purpose: For our Coffee Club members and Gift card site users, this identifies you for the duration of your visit and your information is remembered from page to page. This enables the sites to function properly which means you don’t have to keep entering the same information every time you log in and assists with a smooth site experience.

More info is available at: https://msdn.microsoft.com/en-us/library/ms178194.aspx

This is a strictly necessary cookie.

Google reCAPTCHA - Secure-3PAPISID / Secure-3PSID / Secure-3PSIDCC / Secure-APISID / Secure-HSID / Secure-SSID / 1PJAR / APISID / CONSENT / HSID / NID / SAPISID / SID / SIDCC / SSID

Type: Strictly necessary – Third party cookie

Expiry: After 1 minute – gifting site

Purpose: Collect information about your activity on our Gift Cards site to help protect against malicious website attacks. More info is available at: https://www.google.com/recaptcha/intro/v3.html

Stripe payments – stripemid / stripeorigprops / zlcmid / fbp / ga / country / expanded-topics / locale / machineidentifier / merchant privatemachineidentifier / scfc / session / user / stripemid / stripesid

Type: Strictly necessary – Third party cookie

Expiry: After 1 year

Purpose: These cookies are used by our chosen Gift Cards site payment solutions provider Stripe for user authentication, fraud detection and fraud prevention.

More info is available at: https://stripe.com/cookies-policy/legal

Cp / cpd

Type: Strictly necessary – First party cookie

Expiry: After 1 year

Purpose: Remembers that the consumer has accepted the Gift Card cookie consent banner. It’s stored in the user's browser for one year and means you don’t see the banner again. We don’t receive any information from it.

Costa Careers site

CookiePurpose

YouTube YSC

Type: Analytical - Third party cookie

Expiry: At the end of the session

Purpose: We use YouTube’s privacy-enhanced mode to embed videos on our site from YouTube. User viewing is not tracked and videos playing in privacy-enhanced mode won't influence the viewer's browsing experience on YouTube. YouTube will not store personally-identifiable information and the cookies are only installed when you press play.

This cookie registers a unique ID on mobile devices to enable tracking based on geographical GPS location.

https://support.google.com/youtube/answer/171780?hl=en-GB

Adobe

scc

Type: Performance - Third party cookie

Expiry: After 6 months

Purpose: We use YouTube’s privacy-enhanced mode to embed videos on our site from YouTube. User viewing is not tracked and videos playing in privacy-enhanced mode won't influence the viewer's browsing experience on YouTube. YouTube will not store personally-identifiable information and the cookies are only installed when you press play.

This cookie registers a unique ID on mobile devices to enable tracking based on geographical GPS location.

Used to optimise performance

https://support.google.com/youtube/answer/171780?hl=en-GB

Linkedin - lang

Type: Strictly necessary – Third party cookie

Expiry: Session

Purpose: Remembers users language preference .

Track & Trace app in the stores

CookiePurpose

Airship Services Ltd - CookieConsent/ PHPSESSID

Type: Strictly necessary – Third party cookie

Expiry: After 12 months

Purpose: Used for Covid 19 Track and Trace and allows you to optionally choose to store your details in an encrypted cookie on your device to allow a faster check-in experience the next time you visit https://trck.to