webpage header_1440✕240_HYBRID option1.png

privacy policy

Last updated: March 2023


Look alive. We know these things can sometimes be a little… well, boring – but we really care about you and are committed to protecting your privacy and personal information. We have written this policy to make sure you know how we collect, store, and use any personal info we receive from you, and how we keep it safe.

We are committed to making sure that your information is safe, so your information will be held in a secure environment, and access to it will be on a“need to know” basis. To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to protect the information we collect from you.

Please do not provide data to us if you do not want your personal data to be used in the ways set out here.

Any personal information we collect will only be used in line with all the applicable data protection regulations, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.


itsu is made of two companies, itsu ltd and itsu [grocery] ltd. We are each registered with the UK Information Commissioner’s Office as a Data Controller.

Company: itsu [grocery] ltd

Incorporated and registered in England and Wales with Company number 06598773 whose registered office is at 53 Victoria Street, London, England, SW1H 0EU. itsu [grocery] ltd is registered as a Data Controller with the UK Information Commissioner’s Office under Registration Number ZA154963 

Company: itsu Limited Incorporated and registered in England and Wales with Company number 03286342 whose registered office is at Ground And First Floors Partnership House, Carlisle Place, London, England, SW1P 1BX. Itsu Limited is registered as a Data Controller with the UK Information Commissioner’s Office under Registration Number ZA154956


We process the personal information of customers, trade customers and enquirers, suppliers and workers.

We will collect and use the following personal data you give us when visiting the site, ordering from us, asking for information, subscribing to our e-newsletter or applying for jobs.

The data we collect includes:

  • for orders, name, email address, company name, order details;
  • for enquiries, postal address mobile phone number, twitter handle, Facebook address, Instagram handle;
  • for complaints, postal address, email address or phone number.
  • Contact details, work experience and interview notes when you apply to work for us
  • Any other personal information that you choose to send us. 

We also collect information about you from other sources, including demographic information such as postcode, preferences and interests.

We collect information from your computer and about your visits to and use of this website. This includes collecting unique online identifies such as IP addresses, which are numbers that uniquely identify a specific computer or other device on the internet. Please see our Cookies section for more details.

We may collect and process additional information with your permission.

We will hold and use the personal data we collect via our applicant tracking system, our itsu app, social media, our transactional data, from your emails on our website, from surveys and forms and other ways you communicate with us.

Legal reasons for processing

We promise that we shall only use your data in the way you wish, and we shall always respect your privacy. We must have one or more legal reasons to process your personal information. They are:

  • To fulfil a contract we have with you, if you are a customer, supplier or worker.
  • For our legitimate interests in providing you with news and information about our products and services. You are in complete control of your data and can choose not to receive these messages, either when you first provide your data, or in every communication we send you afterwards. A legitimate interest is when itsu has a business or commercial reason to process your information and it will always be fair and in your best interests.
  • We have conducted legitimate interest assessments in which our interests and those of our clients, suppliers, business contacts and prospects are balanced.
  • When you give us consent to process your data
  • When it is our legal duty, for example to disclose your details to government bodies such as HMRC or law enforcements agencies. 


We use your personal information to reply to you or to keep you updated about any of our wonderful new products, our beautiful shops, services, internal record keeping, analysis, profiling, market research, customer service and to improve our products (we are always striving to make things even better!). Of course, you may tell us to stop contacting you at any time. If you have applied for an itsu vacancy on our jobs page, your data may be used for HR administration, Finance or payroll purposes depending on the outcome of your application. We do not sell, rent or exchange your personal information with any third party for commercial reasons. We may exchange your personal information with other itsu companies. We may pass your personal information onto a third party (a ‘data processor’) working on our behalf to process your data. They will safeguard your information for us under data protection regulations.

Disclosing your personal data

Your information will be used by the following parties under our control: 

  • To workers who deliver our services 
  • Third parties who provide a service to us, for example:
    • our website hosting company
    • our technical support company
    • our email distribution platform
    • our customer database company
    • our delivery teams
    • our office and email systems
    • our accounting, payroll and HR platforms

We shall keep your personal data within itsu and our trusted third parties except where disclosure is required by law, for example to government bodies and law enforcement agencies

How long we keep your personal information

We only keep your personal information for as long as we need to, so that we can use it for the reasons described above. Where your information is no longer required or is no longer relevant, we will ensure it is disposed of securely.

The actual period for which we store your personal information will vary depending on the type of personal information and how it is used.


We follow strict security procedures in the storage and disclosure of information you have given us, to prevent unauthorised access in accordance with the UK (DPA 2018) and EU data protection legislation (GDPR). We may transfer your personal data outside the European Economic Area. Where this happens, the correct steps are taken to protect your information to keep it confidential and secure. We will use standard data protection clauses approved by the European Commission into our contracts with those third parties, the EU US Privacy Shield for transfers to the USA where necessary, or ensure that the country has been deemed ‘adequate’ by the European Commission.

We do not collect sensitive information about you except when you knowingly provide it to us. We use a technology called “cookies” – it’s not the kind you eat – it’s used as part of a normal business procedure to track patterns of behaviour of visitors to our site. We use Google Analytics Demographics and interest reporting. If you’re really interested, see [how cookies work here]. For further information about how we use cookies, please see our [Cookie policy here]


We would love to send you information about our eat beautiful menu, any special offers, promotions, services, shops and restaurants of ours which may be of interest to you. You will be offered the option to opt in or opt out before completing your purchase. If you consent to receive marketing you may opt out at any time. We aim to understand our customers and offer relevant information and offers, this processing involves analysis, and profiling personal information and is a legitimate business interest which will benefit you. You will able to opt out at any time. You can set own your preferences via our preferences platform which you can find [here]. 


At times we find really interesting articles and websites that you may be interested in – we may include links to these third parties on this website and social media channels. Where we provide a link it does not mean that we endorse or approve that site’s policy towards visitor privacy and we cannot be responsible for the protection or privacy of data you provide while visiting such sites. You should review their privacy policy before sending them any personal data.


Access your personal data by making a subject access request

You have the right at any time to ask us what personal information we hold about you, and to ask us to update, amend or delete any data that is incorrect or out of date. As data controller, we will be as clear and transparent as possible and uphold any requests for data disclosure or amendment as soon as possible.

To protect your privacy and security we may need to verify your identity before disclosing or deleting your data. Due to the nature of our business, it may take up to 30 days for an amendment to become effective but we will do all we can to ensure the delay is kept to a minimum.

Rectification, erasure or restriction of your information where this is justified

We want to make sure that your personal information is accurate and up to date. As most of the data we hold has been provided by you, please could you be sure to contact us at any time and ask us to correct or delete information you think is inaccurate, and we will do so promptly at your request. Please contact us if you have any questions about our privacy policy or information we hold about you.

Object to the processing of your information where this is justified

You have the right to ‘block’ or suppress processing of your personal data. However, we will retain just enough of your personal data to ensure that the restriction is respected in the future. You have the right to object to your personal data being processed, for marketing and for research purposes. From the very first communication from us and every marketing communication we send after you will have the right to object to marketing. You can change your preferences [here]

The right to make a compliant to the data protection regulator

If you wish to lodge a complaint or seek advice from a supervisory authority please contact the Information Commissioner’s Office (ICO). The ICO is the UK’s independent body set up to uphold your rights to data privacy. The ICO can be contacted at The Office of the Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel: +44 (0) 01625 545 745 Website: www.ico.org.uk To exercise any of these rights, please contact our customer service team by [clicking this link] or by writing to us at the following address:

Data Access Request, itsu Limited, Ground And First Floors Partnership House, Carlisle Place, London, England, SW1P 1BX


Any changes we may make to our privacy policy in the future will be posted on this page. We encourage you to review this privacy policy whenever you visit the site.