In order to provide our services to you and to promote our business, we will need to collect and process certain personal information about you.
If you have any questions at all about this policy or the Website, or about how we use and process your personal information, please do not hesitate to contact us by e-mail at firstname.lastname@example.org or, alternatively, in writing to Perkbox Limited at 50 Finsbury Square, London, EC2A 1HD, United Kingdom.
1. Our role
If you do not already have a relationship with us, we may hold limited personal information about you so that we may contact you to promote our products and/or services.
For the purposes of the applicable Data Protection Laws, Perkbox Limited is the data controller of your personal data collected in connection with your use of our Website.
2. What information we collect
In addition to the information provided to us by your employer or the Rewards Partner, we will collect certain personal information about you when you activate your account or fill in forms on our Website, or when you contact us by phone, e-mail, online chat or otherwise. We will, therefore, hold the information provided by your employer or the Rewards Partner to create your user profile and further information you provide to us.
We may also require certain information from you when you make a purchase on our Website, or redeem a benefit, enter a promotion, competition or survey and/or when you report a problem with our Website.
When you submit personal information in connection with making a payment via the Website, such personal information is encrypted and protected with encryption software that lets your browser automatically encrypt data before you send it to us. While on a secure page the lock icon on the bottom of Web browsers such as Netscape Navigator and Microsoft Internet Explorer becomes locked, as opposed to un-locked, or open, when you are just ‘surfing’.
With regard to each of your visits to our Website we will automatically collect the following information:
1. if you are using our Website as a registered user, we will collect information about your points, rewards and the benefits redeemed by you;
2. technical information, including the internet protocol (IP) address used to connect your computer or mobile device to the internet, type of mobile device you use, a unique device identifier, mobile network information, your login information, browser type and version you use, browser plug-in types and versions, operating system and platform;
3. information about your visit to our Website, including the full uniform resource locators (URL) clickstream to, through and from our Website (including date and time); pages you viewed or information you searched for; page response times, download errors, length of visits to certain pages; and
4. details of your visits to other websites via our Website.
We also work with third parties (including, for example, electronic analytics, business partners, sub-contractors in technical and payment services, advertising networks, analytics providers, search information providers) and may receive certain information about you from them.
When we wish to send you information about our services, and you do not currently use our services, we may collect your contact details, for example, your name, email address and job title. This information may be provided directly by you, when you express interest in our website, or may be obtained through third parties.
3. Lawful basis and purposes of processing of your personal information
We collect information about you so that we can:
· identify you and manage your account on our Website;
· process your voucher transactions;
· liaise with your employer, our Rewards Partners, our suppliers and group companies;
· administer our contract with you and with your employer or the Rewards Partner;
· improve our services;
· promote our business and market our services;
· manage our business, including for accounting and auditing purposes;
· conduct our regular group reporting activities on the performance of our company, in the context of a business reorganisation or group restructure;
· maintain our IT systems and manage hosting of our data;
· deal with legal disputes involving you, your employer, the Rewards Partner or our suppliers;
· prevent fraud; and
· comply with our regulatory obligations.
We will only use your personal information when the law allows us to, i.e. when it is necessary to:
· perform our contractual obligations towards you and/or your employer or the Rewards Partner, as set out in our End User terms and conditions and our contract with your employer or the Rewards Partner;
· comply with our legal and regulatory obligations;
· pursue our legitimate interests (e.g. conducting our business in an efficient, compliant and profitable manner and the overall promotion of the business), and where your interests and fundamental rights do not override these interests. It may also become necessary to process your personal data for a legitimate interest of a third party, such as your employer or the Rewards Partner. We will also rely on our legitimate interests for the proper administration of our Website, and to manage our operations (for example, maintaining appropriate records and databases).
If you have provided us with your individual contact details (for example, your personal email address), we will rely on your consent to send you electronic communications such as our newsletters and emails with information about our products and/or services. If we hold your business contact details (for example, your work email address), we will rely on legitimate interests of the business to send you electronic communications, but we will always provide you with an option to opt out from future communications of this kind. See the “Direct mailings” section below for more details.
Some of the above grounds and purposes for processing will overlap and there may be several grounds which justify our use of your personal information.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. Uses made of the information
We will use the information we receive from you to:
1. communicate with you in response to a specific action performed by you on our Website, for example when you buy or redeem a benefit;
2. to provide you with support in using our Website;
3. to provide you, or enable selected third parties to provide you, with information about goods or services we or they offer. For more details see “Direct Mailings” section;
5. to ensure that content from our Website is presented in the most effective manner for you and for your computer and/or your mobile device.
We will use the information we collect about your use of our Website:
1. to administer our Website for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
2. to improve our Website to ensure that content is presented in the most effective manner for you and for your computer and/or your mobile device;
3. to help us improve and personalise our services;
4. to allow you to participate in interactive features of our Website when you choose to do so;
5. as part of our efforts to keep our Website safe and secure;
6. to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
7. to make suggestions and recommendations to you and other users of our Website about goods or services that may interest you or them.
5. Disclosures of your Information
We do not sell or share your personal data with third parties for them to use for marketing purposes.
We may allow our staff, consultants and/or external service providers acting on our behalf, and our provider of payment services, to access and use your personal data for the activities we have described above. We only permit them to use it to deliver the relevant service, and if they apply an appropriate level of security protection.
We will share your personal information with the following third parties:
· other companies within our group;
· our agents and service providers;
· your employer or the relevant Rewards Partner (where applicable)
· our regulators, including the Financial Conduct Authority;
· law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
· in the context of the possible sale or restructuring of our business.
We require third parties to respect the security of your data and to treat it in accordance with the law. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We also reserve the right to disclose the information collected about you to our professional advisors and/or if we, in good faith, believe it necessary to protect the personal safety of users or the public.
We may share aggregated demographic information with our partners, clients and advertisers. This is not linked to any personal information that can identify any individual person.
We may partner with another party to provide specific services. When you sign up for these services, we will share names or other contact information that is necessary for the third party to provide these services.
These parties are not allowed to use any personally identifiable information except for the purpose of providing these services. We may also use such aggregated information and statistics for monitoring the Website usage in order to help us develop the Website and our services and may provide such aggregate anonymous information to third parties.
7. Direct mailings
We may occasionally send out newsletters, offers or alerts to our members and to other business contacts. We may also wish to provide you with information about special features of our Website or any other service or products we think may be of interest to you.
Where required by the Data Protection Laws (for example, if you have provided your personal contact information) we will send you such information only if you have specifically elected to receive it. You can opt-out from receiving such communications at any time – please see “Your rights” section below. From time to time the Website may request information from you via surveys or contests. Participation in these surveys or contests is completely voluntary and you, therefore, have a choice whether or not to disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as postcode or age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use of and satisfaction with this Website.
8. Keeping your data secure
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us (see our contact details below).
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
9. Transfers of your information out of the EEA
We may need to transfer your personal data outside the European Economic Area (EEA), for example, if one of our suppliers or group companies is located outside the EEA. We will ensure that any transfer of your data will be subject to appropriate safeguards, such as a European Commission approved contract (if appropriate) that will ensure you have appropriate remedies in the unlikely event of a security breach.
10. Retention periods
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer our customer, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
11. Your rights
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please let your employer or the Rewards Partner and/or us know if your personal information changes during your relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law, you have the right to:
1. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it.
2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
3. Request erasure of your personal information (often referred to as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
4. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
5. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interests but we need to hold some of it for the purpose of legal proceedings.
6. Request the transfer of your personal information to another party.
If you would like to exercise any of the above rights, please:
· email, call or write to us (see our contact details below);
· let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill). This is to allow us to verify your identity and prevent disclosure to unauthorised third parties; and
· let us know the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.
Please note that if you request erasure, object to our processing of your personal data or request the restriction of our processing of your personal data we may not be able to provide our services and we may need to deactivate your account on our Website.
You also have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at: email@example.com. You can always unsubscribe from our email communications at any time by following the unsubscribe link in our email communications, or by updating your email preferences on your profile on our Website.
12. Contact us or the ICO
If you have any concerns or complaints about our privacy activities, you can contact us on firstname.lastname@example.org. You can also contact the
Office of the Australian Information Commissioner
Phone 1300 363 992
Post GPO Box 5218, Sydney NSW 2001
Online Form: www.oaic.gov.au (Privacy Complaint Form).
Version: 8 May 2018