Costa Limited respects your data and your privacy is important to us. For more information about how we use and protect data please see our Privacy Notice.

Costa Limited is a controller of personal information. Our address is Costa Limited, Costa House, 6 Porz Avenue, Houghton Hall Business Park, Houghton Regis, Dunstable, Beds, LU5 5YG. You can also contact us by email at 
costafeedback@whitbread.com.

If you have any queries in relation to data protection, please email us at privacyofficer@whitbread.com.
 

Why do we use cookies and similar technologies?

To make our websites (including our mobile site) and app work better and to distinguish you from other users, we use cookies and similar technologies, such as tagging. Cookies and similar technologies can perform functions and personalise content.


What is a cookie and what do they do?

A cookie is a small text file which sits on your device or browser and assists with information flow and functionality. We use cookies to support the main and mobile websites and our app.  For instance, some cookies help with site security or provide information to help us improve the site. Certain cookies can personalise content. Each cookie performs a specific action.

For instance, cookies can send general information about how the site or app is used, which can be used for maintenance and improvement. These cookies don’t capture your personal data and we wouldn’t be able to identify people from the information. They simply log numbers and provide grouped information about site or app navigation – this tells us if people can find what they want.

Other cookies remember information from one page to another, so you don’t have to keep entering it. These are called “session” cookies. For example ASP.Net is a session cookie which remembers your data from one page.

Cookies which remember things for longer, from one visit to the next, are called “persistent” cookies. Persistent cookies can do things like remember preferences and adjust content to suit you (personalisation).


What are first and third party cookies?

Cookies can be sent by different parties.

If the cookie comes from our site it is a first party cookie. If it comes from another site, such as our suppliers or business partners, it is a third-party cookie, specifically chosen by us to provide a service, such as a more personalised visit.


Do I Have to Accept Cookies?

You may reject cookies, however, site and app functions will be affected. Cookies help our sites and app to work properly and personalise your experience. You’ll be able to browse the sites and app without cookies but some standard functionality, preferences and certain features will not work.

By accepting cookies, you allow us to improve your experience and remember information about you, which can personalise your experience.

To withdraw consent, you can reject or delete cookies. Please see the Managing Your Cookies section below on how you can adjust your browser settings.


Consent

By browsing or using our site or app you agree that we and the selected third parties in this notice can use (as described in this notice) data collected by the cookies you allow. If you do not agree, you can withdraw your consent by setting your browser to reject cookies, see below.
 

Managing Your Cookies

There are several ways to manage cookies. You can:

  1. set your browser to prevent cookies from being accepted. More information should be in your browser’s “help” menu. How to adjust your browser will depend on which browser you’re using.
  2. set some browsers to send you an alert when a website is trying to place a cookie on your browser.
  3. block cookies by activating the setting on your browser to refuse all or some cookies. However, if you use your browser settings to block all cookies including strictly necessary cookies, site access and features can be limited or not available.
  4. delete cookies stored in your browser by “clearing cookies”. This will only delete cookies already stored. It won’t prevent new ones being accepted unless you change the acceptance settings. Also, clearing your cookies on one browser of one device does not automatically clear them on another. You need to clear all browsers on all devices, independently.
  5. refuse specific cookies, by using that cookie’s opt-out process, in the table at the end of this notice.

More information about cookies is available on external websites such as www.aboutcookies.org. For help with how to manage and delete cookies, visit www.aboutcookies.org. Further information about advertising cookies, and how to manage them, can be found at youronlinechoices.eu (EU based), or aboutads.info (US based).

We are not responsible for the content or cookies from external websites. If you follow a link from our site to a third party site, they will have their own privacy and cookie notices.

Please bear in mind that if you restrict or disable cookies it can limit functionality and prevent sites from working properly at all.
 

How long do cookies last?

Different cookies can last for different lengths of time.

Session cookies last for that website visit. Information is kept from one page to another, so you don’t have to keep entering it.

Persistent cookies are on your browser and may last for a year or until you delete them. They can personalise the site and remember information each time you visit. We use them to see how people engage with our site. It helps us change and develop the site and improve your experience of it.
 

What different types of cookies does the site use and what are they each for?

Different types of cookies do different things. We use the following cookies on our sites and apps.

Strictly Necessary Cookies support our websites and app operation. They are essential when you move around our website or app and use its features. For example, they remember your details when you login. This allows you to access your account. Without such cookies such services cannot be provided.

Analytical/Performance Cookies collect anonymous information on how people use the website or app, which helps us develop these. We can see if people find things easily and improve site navigation.

Functionality Cookies remember you when you return to the site or app and choices you have made on previous visits, such as searches and which country you’re from. This allows us to personalise our content for you, such as enabling us to remember your preferences.
 

What are similar technologies?

Tagging works in a similar way to cookies. We use a tag called a pixel. A pixel is an image that once imbedded in an email connects to a file stored on our web server and allows us to determine customer interest in our marketing emails. Tags can also be known as beacons.

These allow us to see which promotions seem of interest to our customers, and if a particular offer seems to interest you. We may use this information to send offers which appear to be more relevant to you.

Cookies and similar technology used by us are listed below.

Cookie Purpose

Adestra email broadcaster tool

adestra_ctrk

This third party cookie monitors the actions you take when you receive an email from us, such as the links or web pages you visit. This helps us to improve the emails you receive from us.

To opt out you would need to unsubscribe from our marketing emails.

ASP.Net session cookie

ASP.NET_SessionId

This first party cookie identifies you for the duration of your visit. Information is remembered from page to page. This enables the site to function properly and means you don’t have to keep entering the same information. It assists with a smooth site experience.

More info is available at:

https://msdn.microsoft.com/en-us/library/ms178194.aspx

This is a strictly necessary cookie. It only lasts for your visit.

AWS Elastic Load Balancer Cookie

AWSELB

This third party cookie set by AWS, helps the site run smoothly and more quickly by remembering context, such as how you used the site before. It enables content to load more rapidly and expires after 24 hours. It is also known as a load balancer and it does not collect any personal information.

More information is available at:       

http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-sticky-sessions.html

This is a strictly necessary cookie. It expires after 24 hours.

Cloudflare cfduid Cookie

__cfduid

Cloudflare is a third party cookie web security service. This cookie is strictly necessary and lasts for one year. It remembers which users are considered safe and helps to protect the site from hackers. It does not collect any personal information.

More info is available at:

https://www.cloudflare.com/security-policy/

and: 

https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do- 

This is a strictly necessary cookie.It expires after 1 year.

Google Analytics Cookies and general description

_ga,gat

_UA-5637011-1

Google third party cookies collect anonymous information about how visitors use our site and app. This grouped data helps us improve the site and app. It may provide benchmarked data and broader market information as well.

The cookie also sends certain information to Google. This includes, for example, the web address of the page you're visiting and your IP address, which will be assigned a code, to make it anonymous but distinguished by the code. Google may also set cookies on your browser or read cookies that are already there. Google may use the information to maintain and protect the Analytics service.

More info is available at:

https://policies.google.com/privacy/partners?hl=en-GB&gl=uk

You may opt-out of Google analytics directly by using a plug-in from

Google:

https://tools.google.com/dlpage/gaoptout

Using this plug in will opt you out of all of the Google cookies below.

_utma

This cookie stores the amount of visits (for each visitor) and the time of the visit. The cookie is updated every time data is sent to Google Analytics. 

Expires 2 years from when it is set or updated.

_utmt

This improves the user experience by making the session more efficient.

Expires in 10 minutes.

_utmb

_utmb and _utmc work together to check approximately how fast people leave: when a visit starts, and approximately ends.

Expires 30 minutes after it is set or updated.

_utmc

_utmb and _utmc work together to check approximately how fast people leave: when a visit starts, and approximately ends.

Only lasts for the browser session.

_utmz

Explains how the visitor came to the site. Records whether the visitor came from a search engine, if so the search term used, a link, or from no previous page, for instance by using a bookmark. It also records if the visit is in response to any campaign, which explains how the user reached our site. It is updated every time data is sent to Google Analytics.

Expires 6 months after it is set or updated.

_utmv

It stores visitor-level data, according to the custom variables set. The cookie is updated every time data is sent to Google Analytics.

Expires 2 years after it is set or updated.

Pixel

We use a pixel in our marketing emails (which you may receive if you’re a Costa Coffee Club member and your preference settings allow) to tell us if you download images from an email, or open an email, that you receive from us. A pixel is a tag. Tags work in similar way to cookies.

It identifies if you have opened and read an email before making a qualifying purchase. We can then link your purchase to a qualifying offer and award you the points.

You would need to unsubscribe from our marketing emails if you do not want this.

Cookie Consent Status

cookieconsent_status

This cookie remembers that the customer has accepted the cookie consent banner. It’s stored in the user's browser for one year and means you don’t see the banner again. We don’t receive any information from it.

This strictly necessary cookie lasts for 1 year.

NewRelic

JSESSIONID

We use New Relic to provide us with information about the performance of this site. With this information we can make changes to make the site perform more efficiently. This cookie monitors our web servers and sends alerts if issues are detected.

https://newrelic.com/privacy

This cookie is strictly Necessary and expires at the end of the session.

YouTube

GPS

We use YouTube’s privacy-enhanced mode to embed videos on our site from YouTube. User viewing is not tracked and videos playing in privacy-enchaned mode won't influence the viewer's browsing experience on YouTube. YouTube will not store personally-identifiable information and the cookies are only installed when you press play.

This cookie registers a unique ID on mobile devices to enable tracking based on geographical GPS location.

https://support.google.com/youtube/answer/171780?hl=en-GB

This is an analytical cookie and expires after 30 minutes.

YouTube

YSC

We use YouTube’s privacy-enhanced mode to embed videos on our site from YouTube. User viewing is not tracked and videos playing in privacy-enchaned mode won't influence the viewer's browsing experience on YouTube. YouTube will not store personally-identifiable information and the cookies are only installed when you press play.

This cookie registers a unique ID on mobile devices to enable tracking based on geographical GPS location.

https://support.google.com/youtube/answer/171780?hl=en-GB

This is an analytical cookie and expires at the end of your session.

YouTube

VISITOR_INFO1_LIVE

We use YouTube’s privacy-enhanced mode to embed videos on our site from YouTube. User viewing is not tracked and videos playing in privacy-enchaned mode won't influence the viewer's browsing experience on YouTube. YouTube will not store personally-identifiable information and the cookies are only installed when you press play.

This cookie registers a unique ID on mobile devices to enable tracking based on geographical GPS location.

https://support.google.com/youtube/answer/171780?hl=en-GB

This is used to optimise performance and lasts for 6 months.

YouTube

PREF

We use YouTube’s privacy-enhanced mode to embed videos on our site from YouTube. User viewing is not tracked and videos playing in privacy-enchaned mode won't influence the viewer's browsing experience on YouTube. YouTube will not store personally-identifiable information and the cookies are only installed when you press play.

This cookie registers a unique ID on mobile devices to enable tracking based on geographical GPS location.

https://support.google.com/youtube/answer/171780?hl=en-GB

This is an analytical cookie and expires after 2 years.

Adobe

Typekit

Typekit is a tag which permits fonts to display correctly on the website.

https://www.adobe.com/uk/privacy/policies/typekit.html

This tag is necessary for fonts and copy to appear correctly on our site.

Adobe

s_cc

This cookie is used by Adobe Analytics to determine if cookies are enabled.

https://marketing.adobe.com/resources/help/en_US/whitepapers/cookies/cookies_analytics.html

This is a strictly necessary cookie and lasts until the end of the session.

Adobe

s_fid

This cookie is used by Adobe Analytics to identify a unique visitor.

https://marketing.adobe.com/resources/help/en_US/whitepapers/cookies/cookies_analytics.html

This is an analytical cookie and expires after 5 years.

Adobe

s_sq

This Adobe analytics contains information about the previous link on this site that was clicked on by the user, so the page shows relevant content.

https://marketing.adobe.com/resources/help/en_US/whitepapers/cookies/cookies_analytics.html

This cookie expires at the end of the session.

Adobe

akacd_AEM_Prod

This is a third party cookie that manages site traffic and load balancing across browser sessions.

This strictly necessary cookie expires at the end of the session.

username This first party cookie allows you to stay logged in to your Coffee Club Account for the duration of your visit. It is a session cookie containing your email address only while you are logged in. This cookie is strictly necessary and expires at the end of the session.