At Scrumbles, we treat your online privacy and security very importantly. Scrumbles.co.uk is committed to protecting your privacy and maintaining the security of any personal information received from you. We strictly adhere to the requirements of the data protection legislation in the UK. Below explains what personal information we collect and how we may use it.
Why we use personal data
When you use our website, we may collect information to enable us to do the following:
- better understand the needs of our customers and how we can improve products or services
- provide information that may be of interest to you about services Scrumbles offers
- to notify you of any changes to our goods or services
- to identify and target you in social networks and search providers when consent is given
- answer requests from customers (existing and potential customers)
- respond to those that might be interested in working with Scrumbles
- perform the activities required to run compliant business
- to ensure our website is presented in the most effective manner for you and your device
Information we collect
The information we collect about you will only be used lawfully, in accordance with the Data Protection Act 2018 and General Data Protection Regulation. When you shop on our website, we may collect:
Information you give us such as the personal information you input when you are placing your order. This information may consist of your name, address, phone number, delivery address, email address, card details, and details of the items you have ordered. Or if you’ve taken part in a Customer Satisfaction Survey.
Communication and Marketing
If you have subscribed to our newsletter or elected to receive marketing text messages, entered any of our competitions or advised us of your email address, postal address and telephone number, you consent to receive communication from us about our latest news and special offers. Our emails and sms messages refer to the products and services we offer, which we think may be of interest to you. Message frequency may vary. Everyone has the option to opt-out of receiving marketing communications from us. If you do not wish to receive email marketing from us, then we recommend that you unsubscribe from our newsletters. This option is displayed at the bottom of all newsletters. You can opt out of receiving any further Text Messages from us at any time by replying “STOP” to any Text Message you receive from us.
How long will we keep your data?
We take steps to ensure that your personal information is retained for only as long as it is necessary for the purpose for which it was collected. After this period it will be deleted or in some cases anonymised. Where we have collected the personal information based on your consent and we have no other lawful basis to continue with that processing, if you subsequently withdraw your consent then we will delete your personal information.
We will typically keep your personal data for seven (7) years from (a) the closure of your account with us or (b) to enable us to deal with any issues or concerns you may have about how we handled your account/ order, and also to allow us to bring or defend legal or regulatory proceedings.
Who has access to your data and your rights
You have a number of rights under data protection law in relation to the way we process your personal data, although these are not absolute and in some instances we may be unable to accept your request, in which case we will respond to you to explain why. Your rights include:
- You can ask to see what data we hold on you (right of access)
- You can ask for information to be corrected
- You can ask to receive a copy of the data we hold on you (right to portability)
- You can ask us to delete any information we have about you (right to be forgotten)
- You can object to the way in which we use your information
- You can complain to the supervisory authority (See ICO Site)
We will not sell, rent, exchange or divulge your personal information to any third party, for any reason, beyond the essential requirement for credit/debit card validation during purchase and unless requested to do so by a law enforcement or government agency for reasons of fraud. We follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access in accordance with the UK data protection legislation.
With new GDPR rules in place, we only send emails to people who’ve opted-in to receive messages. While this was already the case, we have further specified the nature of consent that’s required for commercial communication, from 25th May 2018 consent has to be “freely given, specific, informed and unambiguous”. This means that within the signup process we will always inform subscribers detailed description of what they are signing up for and provide an easy opt-out option. All of our employees and data processors, who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of our visitor’s personal data.
We do not collect sensitive information about you except when you specifically knowingly provide it. In order to maintain the accuracy of our database, you can check, update or remove your personal details by contacting us at
In order to process credit/debit card transactions, the bank or card processing agency may require verifying your personal details for authorisation outside the EEA (European Economic Area). Your information will not be transferred outside the EEA for any other purpose.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We may disclose your personal information to third parties:
- in the event that we sell or buy any business or assets;
- if Scrumbles or the majority of its assets are acquired by a third party
- if we are under a duty to disclose or share your personal data to comply with legal obligations or to protect the rights, property, or safety of Scrumbles or its customers. Including for the purposes of fraud protection.
Other third parties who we may share your data with include:
- Facebook, other social media websites and, Google. This information is collected via cookies, and can be used for retargeting services across advertising networks like Facebook. This data is then used to categorise your browser based on attributes like interests and demographics. The data Facebook collects is not linked to any of the data we collect. Although we may upload lists of email addresses to Facebook to create audiences to optimise our campaigns. Including Google Analytics for aggregated, anonymised website traffic analysis. We may collect basic information about your computer, including where available your IP address, operating system, and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
- Paper Planes. We use this company to send direct mail communications
- DPD. We use this company to deliver our orders.
- Klaviyo. We use this company to send our email communications.
- Zendesk. This company allows us to receive and respond to customer inquiries.
- Stripe. Online payment processor.
Where we store your personal data
Where you have chosen a password to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will put in place appropriate measures in accordance with prevailing technology and the risks to protect your personal data, where it is in our possession or control, we cannot guarantee the security of your data transmitted to or from our site. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or loss.