top of page
On a Roll Sandwich Co.

Privacy Policy and Cookie Usage

Last updated: April 2026

On A Roll Sandwich Company Ltd (“we”, “us”, “our”) values your privacy and is committed to protecting your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains:

  • What personal data we collect

  • How and why we use it

  • Who we share it with

  • Your rights under UK data protection law

Please read this policy carefully before using our website or services.

 

Who We Are

Data Controller

On A Roll Sandwich Company Ltd

Registered Address: The Pantry, Barton Road, Middlesbrough, UK, TS2 1RY

Email: hr@onarollsandwich.co.uk 

We are responsible for deciding how and why your personal data is processed.  The HR department acts as our primary point of contact for data protection matters.

Lawful Bases for Processing

Under UK GDPR, we must have a lawful basis to process personal data. Depending on the circumstances, we rely on:

  • Consent – where you have actively opted in (for example, newsletters or non‑essential cookies)

  • Contract – where processing is necessary to provide a product, service, or respond to a request

  • Legitimate Interests – for website analytics, security, service improvement, and communications (balanced against your rights)

  • Legal Obligation – where processing is required by law

 

Website Visitors

When you visit our website, we collect limited technical information to ensure security, functionality, and performance.

 

Data may include:

  • IP address

  • Device type and browser information

  • Pages visited and actions taken

  • Date and time of access

How we use this data:

  • Website security and fraud prevention

  • Performance monitoring and troubleshooting

  • Understanding how visitors use our site

Third‑party services may include:

  • Google Analytics (used with IP anonymisation where possible)

  • Website hosting and infrastructure providers

Analytics cookies are only used where you have provided consent via our cookie banner.

This information does not normally identify you directly and is retained for up to 24 months, unless required for security or legal purposes.

Cookies and Similar Technologies

Our website uses cookies to:

  • Ensure the website functions correctly

  • Analyse how users interact with our content

  • Improve usability and performance

Types of cookies used:

Strictly necessary cookies – always active

Analytics cookies – only used with your consent

Functional cookies – improve user experience

You can:

  • Accept or reject non‑essential cookies via our cookie banner

  • Change or withdraw consent at any time

  • Manage cookies through your browser settings

Full details are available via the Cookie Settings panel on our website.

Email Subscriptions and Newsletters

If you subscribe to our emails or newsletters, we collect:

  • Name

  • Email address

  • Technical subscription data (such as IP address and device information)

Purpose:

  • Sending newsletters and updates

  • Improving the relevance and performance of our communications

Processing:

We use Mailchimp, which acts as a data processor on our behalf and may process data outside the UK. Appropriate safeguards, including UK‑approved standard contractual clauses, are in place.

We do not sell subscriber data.

Data is only shared with a named partner where you have explicitly consented to a specific campaign.

You can unsubscribe at any time using the link in our emails.

Contact Forms

When you contact us via our website, we collect information necessary to respond to your enquiry, which may include:

  • Name

  • Email address

  • Telephone number (if provided)

  • Enquiry details

  • Technical and device information

Purpose:

  • Responding to enquiries

  • Customer support

  • Preventing misuse or fraud

We use secure systems and trusted third‑party providers (such as Wix and analytics tools) to process this information.

Social Media Interactions

We operate social media accounts on platforms such as Facebook, Instagram, LinkedIn, X, and YouTube.

If you interact with us through these platforms, your data is also subject to the platform’s own privacy policies and may be processed outside the UK. We use the information you provide solely to respond or engage with you.

Sharing of Data

We may share personal data with trusted third parties such as:

  • IT and website hosting providers

  • Email and analytics service providers

  • Professional advisers where legally required

We do not sell personal data.

Data is only shared where necessary, proportionate, and lawfully permitted.

International Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

  • UK adequacy regulations

  • UK‑approved standard contractual clauses

Data Retention

We retain personal data only for as long as necessary to:

  • Fulfil the purpose for which it was collected

  • Comply with legal or regulatory obligations

  • Resolve disputes or enforce agreements

Your Rights Under UK GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data

  • Restrict or object to processing

  • Withdraw consent at any time (where applicable)

  • Data portability (where applicable)

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

ICO website: https://www.ico.org.uk 

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page, with the “Last updated” date revised accordingly.

bottom of page