Privacy policy
Just Crisps Limited
Privacy & Cookie Policy
Last updated: 08 July 2026. This policy replaces our privacy policy dated 15 August 2022.
1. Who we are
1.1 This policy explains how Just Crisps Limited (“we”, “us”, “our”) collects, uses and shares your personal information when you visit or buy from our website, and your rights in relation to that information. We are the “controller” of your personal information for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1.2 Just Crisps Limited is registered in England and Wales under company number 07197212, with its registered office at Wade Lane Farm, Wade Lane, Hill Ridware, Staffordshire WS15 3RE. We are registered with the Information Commissioner's Office (ICO) under registration number ZB071631. You can contact us about this policy or your personal information by email at Hello@justcrisps.co.uk, by telephone on 01543 493081, or by post at the address above.
2. The personal information we collect
2.1 We collect and use the following categories of personal information:
- Identity and contact information — your name, billing address, delivery address, email address and phone number, which you provide when you place an order, create an account or contact us.
- Order and payment information — details of the products you order and information needed to take payment. Card payments are processed by Shopify and its payment processors; we do not see or store your full card number.
- Customer support information — the contents of emails, calls, complaints and other correspondence you send us, which you provide when you contact us, and which we use to respond to you and to improve our products and service.
- Technical and usage information — your IP address, browser type and version, time zone, device information, and information about how you navigate and use our website (pages and products viewed, search terms). This is collected automatically using cookies and similar technologies when you visit our website — see section 10.
- Marketing preferences — your preferences for receiving marketing from us, and records of your consents and opt-outs.
2.2 We do not knowingly collect information about children — see section 9. We do not collect special category (sensitive) personal information, and we ask that you do not send it to us.
3. How and why we use your personal information
3.1 Data protection law requires us to have a lawful basis for each use of your personal information. The table below sets out our purposes and the corresponding lawful bases.
| Purpose | Information used | Lawful basis (UK GDPR Art. 6) |
|---|---|---|
| Processing and delivering your order, taking payment, and sending order and delivery confirmations | Identity, contact, order and payment information | Performance of a contract with you |
| Providing customer support and handling complaints, returns and refunds | Identity, contact, order and customer support information | Performance of a contract; legitimate interests (resolving issues and improving our service) |
| Keeping accounting, tax and transaction records | Identity, contact and order information | Legal obligation |
| Fraud screening and site security | Order, payment and technical information | Legitimate interests (preventing fraud and protecting our business and customers) |
| Operating, analysing and improving our website | Technical and usage information | Legitimate interests (running and improving our website); consent where required for cookies — see section 10 |
| Sending you marketing emails about our products and offers | Identity, contact and marketing preference information | Consent, or legitimate interests where the “soft opt-in” applies — see section 4 |
| Showing you targeted advertising | Technical and usage information | Consent (via our cookie banner) — see section 10 |
| Establishing, exercising or defending legal claims, and complying with lawful requests from regulators or law enforcement | Any of the above, as relevant | Legal obligation; legitimate interests |
3.2 Where we rely on legitimate interests, we have considered the balance between those interests and your rights and freedoms, and concluded that your rights do not override them. You can ask us for more information about these assessments, and you have the right to object — see section 8.
4. Marketing
4.1 We will only send you marketing by email if you have consented, or if you are an existing customer, the marketing relates to our similar products, and you were given a clear opportunity to opt out when we collected your details and in every message since (the “soft opt-in” under the Privacy and Electronic Communications Regulations 2003).
4.2 You can opt out of marketing at any time, free of charge, by clicking the unsubscribe link in any marketing email or by contacting us using the details in section 1. Opting out of marketing will not affect service messages about your orders.
4.3 We do not sell your personal information.
5. Who we share your personal information with
5.1 We share your personal information with service providers who process it on our behalf under written contracts, and with certain other recipients, as follows:
- Shopify Inc. and its group companies, who host our online store and process orders and payments on our behalf. Shopify's own privacy practices are described at www.shopify.com/legal/privacy.
- Payment processors used at checkout, to take your payment securely.
- Delivery companies, who receive your name, delivery address and contact details to deliver your order.
- Email and marketing platform providers, where you receive marketing from us.
- Professional advisers (such as accountants, auditors, lawyers and insurers) where necessary.
- HMRC, the ICO, courts, law enforcement and other authorities, where we are required to do so by law or to protect our legal rights.
5.2 If we sell or reorganise our business, personal information may be transferred to the buyer or successor, who must use it only in the ways described in this policy.
6. International transfers
6.1 Some of our service providers, including Shopify, process personal information outside the UK, including in Ireland, Canada and the United States. Where personal information is transferred outside the UK, we ensure a similar degree of protection by using one or more of the following safeguards: transfers to countries covered by UK “adequacy” regulations (which include the EEA, Canada for data protected by its PIPEDA law, and US organisations certified under the UK Extension to the EU-US Data Privacy Framework); or contracts incorporating the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses. You can contact us for more information about the safeguards used for specific transfers.
7. How long we keep your personal information
7.1 We keep personal information only for as long as we need it for the purposes described in this policy, including to satisfy legal, accounting and reporting requirements, and to establish or defend legal claims. Our standard retention periods are:
| Information | Retention period |
|---|---|
| Order, payment and transaction records | 6 years from the end of the financial year of the transaction (tax and limitation purposes) |
| Customer support correspondence and complaints | 2 years from resolution, or longer where needed for a legal claim |
| Marketing lists and preferences | Until you unsubscribe or your details have been inactive for 2 years; we keep a minimal suppression record of opt-outs so we do not contact you again |
| Website technical and analytics data | Up to 26 months, in aggregated form where possible; cookie lifetimes are set out in our cookie banner/notice |
7.2 When retention periods expire, we securely delete or anonymise the information.
8. Your rights
8.1 Under the UK GDPR you have the right, in certain circumstances, to: access a copy of your personal information; have inaccurate information corrected; have your information erased; restrict our processing; object to processing based on legitimate interests, and object at any time to direct marketing; receive the information you provided to us in a portable format; withdraw any consent you have given, at any time, without affecting processing carried out before withdrawal; and not be subject to solely automated decisions with legal or similarly significant effects (we do not make such decisions; Shopify uses limited automated fraud-prevention checks that do not have such effects).
8.2 To exercise any of these rights, contact us using the details in section 1. We will not charge a fee unless the law allows, and we will respond within one month (which may be extended for complex or numerous requests, in which case we will tell you). We may need to verify your identity before acting on a request. If you would like an authorised agent to make a request on your behalf, they should contact us with evidence of your authority.
8.3 If you have a concern or complaint about how we handle your personal information, please contact us first and we will acknowledge your complaint within 30 days and do our best to resolve it. You also have the right to complain at any time to the Information Commissioner's Office (ICO), the UK supervisory authority: www.ico.org.uk or 0303 123 1113.
9. Children
9.1 Our website is not intended for use by children, and we do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it.
10. Cookies and similar technologies
10.1 Cookies are small files placed on your device when you visit our website. We use cookies and similar technologies (such as pixels and tags) in the categories below. UK law (the Privacy and Electronic Communications Regulations 2003, as amended by the Data (Use and Access) Act 2025) governs how we may use them.
| Category | What they do | Legal footing |
|---|---|---|
| Strictly necessary | Enable core functions such as the shopping basket, checkout, secure log-in and privacy settings. These are mostly set by Shopify and the site cannot operate without them. | No consent required |
| Analytics (statistics) | Help us understand how visitors use the site (pages viewed, navigation paths) so we can improve it. Used only for our own aggregate statistics. | No consent required, but you can opt out free of charge at any time via the ‘Cookie preferences’ link in our website footer |
| Functionality / appearance | Remember your preferences (such as region or display settings) to improve your experience. | No consent required, but you can opt out free of charge at any time via the ‘Cookie preferences’ link in our website footer |
| Advertising | Used by us and third parties (such as Meta and Google) to show you relevant advertising on other sites and measure ad performance. | Set only with your consent, given via our cookie banner; you can withdraw consent at any time |
10.2 A full list of the individual cookies we use, who sets them and how long they last is available in our cookie banner settings. When you first visit our website, our cookie banner lets you accept or reject non-essential cookies; advertising cookies are not set unless you choose to accept them. You can change your choices at any time through the cookie settings link on our website, and you can also control cookies through your browser settings or, for browsers that support them, automated consent-management signals. Blocking some cookies may affect how the website works.
10.3 Where you have consented to advertising cookies, you can additionally opt out of interest-based advertising by the third parties involved through their own settings (for example Meta and Google ad settings) or via www.youronlinechoices.com. We do not respond to “Do Not Track” browser signals as there is no consistent industry standard, but our cookie banner and settings give you equivalent control.
11. Security
11.1 We use appropriate technical and organisational measures to protect your personal information, including encryption of payment pages, access controls and the security measures provided by our platform provider, Shopify. No transmission over the internet is completely secure, but we take reasonable steps to protect your information and will notify you and the ICO of any breach where the law requires.
12. Changes to this policy
12.1 We may update this policy from time to time to reflect changes in our practices or in the law. We will post the updated version on our website with a new “last updated” date and, where changes are significant, we will bring them to your attention (for example by email or a website notice).