Platform & End-Customer Privacy Notice

Last updated: 2 March 2026

1. Introduction

This Platform & End-Customer Privacy Notice explains how Slerp Limited (“Slerp”, “we”, “us”, “our”) processes personal data when you place an order with a restaurant or hospitality business (a “Merchant”) using ordering technology powered by Slerp (the “Platform”).

Slerp provides technology that helps Merchants take orders and, where applicable, enable delivery through courier partners. We do not sell food ourselves and we do not decide a Merchant’s menu, pricing, or marketing.

2. Who controls your personal data?

A. The Merchant is the primary controller

The Merchant you order from is typically the data controller of your personal data. This means the Merchant decides why and how your personal data is used (for example: fulfilling your order, maintaining customer accounts, loyalty, and marketing).

You should review the Merchant’s own privacy policy for details of how they use your personal data, including marketing and retention.

B. Slerp’s role

Slerp typically acts as a data processor for the Merchant, meaning we process personal data on the Merchant’s instructions to provide the Platform services (ordering, operational messaging, delivery enablement, and support tooling).

In limited circumstances, Slerp may act as an independent data controller for specific processing we determine ourselves (for example: platform security and fraud prevention, service integrity monitoring, and certain Dispatch operational processes). See section 6.

3. Personal data processed via the Platform

Depending on what the Merchant offers and what you choose, the Platform may process:

• Identity & contact details: name, email address, phone number.
• Order information: items ordered, quantities, customisations, order notes, order value, timestamps, order reference/ID.
• Fulfilment information: delivery address (or collection location), preferred fulfilment time, and delivery instructions.
• Device/technical information: IP address, device identifiers, browser type, and usage data (see section 7).
• Support communications: messages or calls with Slerp and/or the Merchant relating to your order.

Payment information

Payments are processed by third-party payment providers integrated into the Merchant’s checkout experience. Slerp does not store full payment card details (such as full card number, CVV). Payment providers act as independent controllers for payment processing.

4. How the Platform is used (purposes)

The Platform processes personal data for the following typical purposes (the Merchant determines the main purposes as controller):

• Order processing: taking and transmitting your order to the Merchant for preparation and fulfilment.
• Operational communications: sending order confirmations, status updates, and fulfilment notifications.
• Delivery enablement: where delivery is selected, enabling delivery through courier partners (see section 5).
• Customer support: investigating and resolving order issues and responding to customer enquiries (see section 8).
• Platform operations: improving reliability, monitoring performance, preventing fraud and abuse, and maintaining security (see sections 6 and 7).

5. Delivery enabled through Slerp Dispatch (where applicable)

If the Merchant offers delivery using Slerp Dispatch and you choose delivery, Slerp may share the information needed to complete the delivery with one or more courier partners (for example: name, phone number, delivery address, and order reference).

Courier partners typically act as independent data controllers for the delivery service. They use your personal data to perform delivery, provide tracking, and comply with legal obligations.

Slerp may monitor courier performance and delivery outcomes, and may liaise with the Merchant and/or courier partner to resolve delivery-related issues, including via customer support interactions.

6. When Slerp acts as a controller (limited purposes)

In limited circumstances, Slerp acts as an independent controller for processing that we determine. This may include:

• Security and fraud prevention: detecting suspicious activity, preventing abuse, and protecting the Platform.
• Service integrity and troubleshooting: investigating incidents, debugging, and ensuring the Platform performs reliably.
• Aggregated analytics: producing aggregated reporting and insights (where possible, using anonymised or de-identified data).
• Compliance: meeting legal obligations and responding to lawful requests.

Where Slerp acts as controller, our legal bases under UK GDPR may include legitimate interests (platform security and integrity) and legal obligation (compliance).

7. Cookies, analytics, and technical data

We may use cookies and similar technologies within the Platform experience to help operate and secure the Platform, understand usage, and improve performance. Where required, cookie choices are managed through the Merchant’s cookie controls or banner (as the Merchant controls the customer-facing experience).

Technical data (such as IP address and device identifiers) may be used for security, fraud prevention, troubleshooting, and performance analytics.

8. Customer support and communications

If you contact support about an order, Slerp may access relevant order and delivery information to investigate and respond. We may communicate with you and coordinate with the Merchant and/or courier partner to resolve the issue.

Support communications may be retained for quality assurance, dispute resolution, and service integrity purposes.

9. Sharing of personal data

In connection with the Platform, personal data may be shared with:

• The Merchant you ordered from (as controller).
• Courier partners to complete delivery (where applicable).
• Payment providers for payment processing (where applicable).
• Service providers that support the Platform (hosting, monitoring, customer support tooling), subject to contractual confidentiality and security obligations.
• Authorities where required by law or to protect rights, safety, and security.

10. International transfers

Personal data may be processed outside the United Kingdom. Where this happens, Slerp uses appropriate safeguards recognised under UK data protection law, such as the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to EU Standard Contractual Clauses, or adequacy regulations where applicable.

11. Data retention

Slerp retains personal data processed via the Platform only for as long as necessary for the purposes described in this notice and to meet legal, contractual, and operational requirements (for example: dispute resolution, security investigations, and service integrity). Retention periods may also be influenced by our agreements with Merchants.

12. Your rights and how to exercise them

Under UK data protection law, you may have rights including access, correction, deletion, restriction, objection, and data portability in certain circumstances.

Because the Merchant is typically the controller of your order data, you should usually direct requests to the Merchant. If you contact Slerp, we may ask for details to identify the relevant Merchant and will forward or support your request where appropriate.

13. Changes to this notice

We may update this notice from time to time. We will post the latest version on the relevant page and update the “Last updated” date above.

14. Contact

If you have questions about this notice or how Slerp processes personal data in connection with the Platform, contact us at: [email protected].

If you have concerns about how your personal data is handled, you can also contact the Merchant you ordered from. You may also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).