Privacy Policy and Cookie Notice
Your right to Privacy
Your privacy is important to us. We take the security of your personal information seriously and have appropriate policies, controls, and processes in place to protect it.
This notice explains what personal information we collect, how we use it, how long we keep it, and the rights you have under data protection law.
Who we are
We are Scrannery Ltd, a company registered in England and Wales under registration number 15838305.
Registered office: Pennine Five Campus, Hawley Street, Sheffiel. S1 2EA.
We trade as "Scrannery", "Scrannery To Go", "Discovery", "Nook and Scran", and "Scrannery Meeting and Event Catering".
Website: www.scrannery.uk
Data Protection Contact
Scrannery has appointed a Data Protection Officer who is responsible for overseeing data protection compliance.
Kieran Morgan-McGeehan MICA CDPO
Telephone: 0330 117 0224
Email: dpo@scrannery.uk
How we comply with Data Protection Laws
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We only collect and use personal information where we have a lawful basis to do so and where it is necessary for running our coffee shop, catering services, and related activities.
Information We Collect About You
We may collect and hold the following types of personal information:
- Name
- Email address
- Telephone number
- Billing and payment information (processed securely via payment providers)
- Details of orders, bookings, or catering enquiries
- Records of communications with you (emails, messages, or system notes)
- Job application information if you apply to work with us
- Website usage information (via cookies – see Cookie Notice below)
How we get and use your information
Most of the information we process is provided directly by you when you:
- Place an order
- Make a booking or enquiry
- Sign up to receive updates
- Apply for a job
- Visit our website
We use your information to:
- Provide food, drink, catering, and event services
- Communicate with you about orders, bookings, or enquiries
- Process payments
- Keep accurate business and accounting records
- Manage feedback and customer service
- Improve our services and operations
- Meet legal and regulatory obligations
- Send marketing communications where you have consented
Lawful basis for processing
We rely on the following lawful bases under UK GDPR:
- Contract – where processing is necessary to provide you with our products or services
- Legal obligation – where we are required to keep records or share information by law
- Legitimate interests – for running and improving our business, preventing fraud, and ensuring security (balanced against your rights)
- Consent – for marketing communications and non-essential cookies, which you can withdraw at any time
- We do not rely on “public task” or “vital interests” for our routine business activities.
Marketing
We will only send you marketing communications where:
- You have actively consented, or
- You are an existing customer and the communication relates to similar products or services, and you have not opted out
You can unsubscribe at any time using the link in our emails or by contacting us.
How long we keep your information
We keep personal information only for as long as necessary for the purposes it was collected and to meet legal and accounting requirements.
For example:
- Order and payment records are retained in line with HMRC requirements
- Enquiry and customer contact records are retained for a limited period
- Marketing records are retained until you withdraw consent
We operate a retention schedule and will securely delete or anonymise data when it is no longer needed.
How we protect your information
We use appropriate technical and organisational measures to protect personal data, including:
- Secure systems and access controls
- Reputable third-party service providers
- Staff awareness of data protection responsibilities
While no online system can be guaranteed to be 100% secure, we take reasonable steps to protect your information from unauthorised access, loss, or misuse.
Where your information is processed
Your information is primarily processed within the United Kingdom.
Some of our trusted service providers (for example, website analytics or email systems) may process data outside the UK or EEA. Where this happens, we ensure appropriate safeguards are in place, such as standard contractual clauses.
How we share your information
We may share your information with:
- Payment processors and IT service providers
- Partners or suppliers who support delivery of our services
- Professional advisers (accountants, legal advisers)
- Regulators, courts, or public authorities where required by law
- Emergency services in the event of an emergency
We only share personal data where necessary and under appropriate contractual protections.
If Scrannery is sold or restructured, personal data may be transferred as part of that process, subject to the same protections.
Your rights
Under UK GDPR, you have the right to:
- Access your personal data
- Rectification – have inaccurate or incomplete data corrected
- Erasure – request deletion of your data in certain circumstances
- Restriction – request limited use of your data in certain circumstances
- Object – to processing based on legitimate interests or direct marketing
- Data portability – receive certain data in a commonly used electronic format
- Withdraw consent at any time where processing is based on consent
You do not have to pay a fee to exercise your rights. We will normally respond within one month.
To exercise your rights, contact us at:
hey@scrannery.uk
Scrannery Ltd, Pennine Five Campus, Hawley Street, Sheffield. S1 2EA
0330 117 0224
Please do not include sensitive information in emails.
Complaints
If you are unhappy with how we handle your data, you can complain to the UK data protection regulator:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
www.ico.org.uk
Cookie notice
What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They help websites function properly, improve user experience, and provide information about how the site is used.
Cookies do not usually identify you personally.
How We Use Cookies
We use cookies to:
- Ensure the website functions correctly
- Understand how visitors use our website
- Improve performance and user experience
- Measure the effectiveness of marketing campaigns
- Show relevant advertising where you have consented
Types of Cookies We Use
Essential Cookies
These are required for the website to work and cannot be switched off.
Analytics Cookies
Used to understand how visitors use our website so we can improve it (for example, Google Analytics). These are only used with your consent.
Marketing Cookies
Used to track visits and show relevant advertising or measure campaign effectiveness. These are only used with your consent.
Cookie Consent
When you first visit our website, you will be shown a cookie banner allowing you to accept or manage non-essential cookies. You can change or withdraw your consent at any time via the cookie settings on our website.
Google Analytics
We use Google Analytics to understand how our website is used. Google may process this data on servers outside the UK. Appropriate safeguards are in place.
You can opt out of Google Analytics by visiting:
https://tools.google.com/dlpage/gaoptout
Managing Cookies
You can manage or delete cookies through your browser settings. Information on how to do this can be found at:
www.aboutcookies.org
www.allaboutcookies.org
Blocking some cookies may affect how the website functions.
Changes to this notice
We may update this Privacy and Cookie Notice from time to time. The most recent version will always be available on our website.
Last updated: 1st February 2026