Loyalbe Ltd is the controller and is responsible for your personal data (referred to as "Loyalbe", "we", "us" or "our" in this policy).
At Loyalbe we take your privacy seriously and are committed to protecting your personal data. This policy sets out how we collect and process personal data about you as a user of our mobile application (App).
Loyalbe uses transactional data associated with purchases made using your credit and debit card(s) which are linked to our App, to allow you to collect loyalty points from various retailers without having to present your phone or loyalty card at the point of sale. Our frictionless technology allows you to seamlessly receive rewards without the need for paper loyalty cards or numerous apps.
1 INFORMATION THAT WE COLLECT
1.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
1.2 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
1.2.1 Identity Data includes first name, last name, date of birth, email address, and payment identifier(s) you wish to associate with your account.
1.2.2 Financial Data includes details you have linked with your open banking account, including payment card details and your transaction history.
1.2.3 Transaction Data includes details about payments to and from you using the credit or debit card(s) associated with your account, to include time, date and location of a particular transaction. As well as, other details of products and services you have purchased.
1.2.4 Technical Data may include internet protocol (IP) address, browser type and version, operating system and other technology on the devices you use to access this App. This allows us to optimise the performance of our App by providing technical information to our partners.
1.2.5 Profile Data includes your username and password, your interests, preferences, feedback and survey responses. We may also keep a record of any correspondence we receive from you when you contact us for administrative and/or legal purposes.
1.2.6 Usage Data includes information about how you use our App.
1.2.7 Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties. For the avoidance of doubt, you will always be asked to opt-in to receive any emails or communications from trusted third parties.
2 HOW IS YOUR DATA COLLECTED
2.1 We use different methods to collect data from and about you, including through:
2.1.1 Direct Interactions: When signing up to our App, you approve access to any personal data associated with your respective bank account. This also includes personal data you provide when requesting marketing information to be sent to you, providing feedback to us or contacting us.
2.1.2 Automated technologies or interactions: As you interact with our App, we will automatically collect Usage Data about your use of the App for analytics and debugging. We collect this personal data by using cookies and other similar technologies.
2.1.3 Third parties or publicly available sources: such as data shared by your bank when you have authorised them to do so.
3 HOW WE USE PERSONAL DATA
3.1 The purposes for which we use personal data and the legal basis for why that processing is necessary or permitted are:
|Purpose(s) for Processing||Legal Basis||Comment|
|To allow us to provide our service to you||Fulfilment of a contract||When signing up to our App you specifically grant us permission to process your data in order for us to provide you with our service.|
|To provide you with customised content from participating retailers when you have opted in to receive this.||Consent||This is to allow us to provide you with the most relevant content based on your spending preferences.|
|For statistical analysis||Legitimate Interest||This is to help both us and participating retailers, to improve our service to you based on your transaction data.|
|For technological improvement||Legitimate Interest||This is to help us continually improve the performance of our App.|
|For marketing purposes||Consent||When signing up to our App you can specifically grant us permission to process your data for marketing purposes.|
3.2 We will retain personal data only for as long as necessary and for the purposes for which it was collected; as required by law or regulatory guidance to which we are subject; and for the exercise or defence of legal claims that may be brought by or against us. If you notify us that you no longer wish to use our service, we aim to delete your personal data within 30 days of receipt of this request.
4 DISCLOSURE OF YOUR INFORMATION
4.1 We may disclose your personal data to the parties set out below for the purposes set out in the table above:
4.1.1 third parties who provide a professional service to us, such as retailers and banks;
4.1.2 a public authority in the event that we are required to do so by law;
4.1.3 third parties to whom we may choose to sell, transfer or merge parts of our business or assets with; and/or
4.1.4 third parties where it is necessary to protect the vital interests of the data subject or another natural person.
4.2 Aside from user authentication, we do not currently transfer or store your personal data outside of the European Economic Area (EEA). Your data is currently stored in servers within the EEA. For user authentication we use Firebase (please note that Firebase will only store your email and encrypted password. Please see https://www.firebase.com/terms/privacy-policy.html.)
5 LINKS TO OTHER SITES
5.1 Our App may from time to time contain links to and from other websites/apps. If you follow a link to any of those websites/apps, please note that those websites/apps have their own privacy policies and we do not accept any responsibility or liability for those policies. Please review those policies before you submit any personal data.
6 DATA SUBJECT RIGHTS
6.1 To the extent that we are a controller of your personal data you may request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law. The following is a summary of your rights:
6.1.1 The right of access enables you to receive a copy of your personal data;
6.1.2 The right to rectification enables you to correct any inaccurate or incomplete personal data we hold about you;
6.1.3 The right to erasure enables you to ask us to delete your personal data in certain circumstances;
6.1.4 The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances;
6.1.5 The right to object enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party); and
6.1.6 The right to data portability enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.
6.2 You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk) (Address: Information Commissioner's Office 3rd Floor, 14 Cromac Place, Belfast, BT7 2JB Tel: 028 9027 8757, Email: firstname.lastname@example.org) if you consider there has been an alleged infringement under the GDPR in the processing of your personal data.
6.3 We would however, appreciate the chance to deal with your concerns before you approach the ICO.
6.4 If you wish to exercise any of these rights, please contact us (see Data Controller Details below). We will respond to your request as soon as possible and in any event within two months. We may request proof of identification to verify your request and have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.
7.1 We use a variety of security technologies and procedures to help protect your personal data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure.
7.2 We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. Any transmission of personal data is at your own risk. We have implemented strict internal guidelines to ensure your privacy is safeguarded at every level of our organisation and we will continue to revise policies and implement additional security features as new technologies become available.
8 CHANGES TO THIS PRIVACY STATEMENT
8.1 We reserve the right to change this policy from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this policy. However, if we make material changes to this policy, we will notify you by means of a prominent notice on the App and our website prior to the change becoming effective. Please review this policy periodically for updates.
9 DATA CONTROLLER DETAILS
9.1 The company responsible for your personal data is Loyalbe Ltd (a company incorporated in Northern Ireland with Company Number NI650618). Questions, comments, requests and complaints regarding this policy and the personal data we hold are welcome and should be addressed to email@example.com or by writing to Loyalbe Ltd, 18 Ormeau Avenue, Belfast, United Kingdom, BT2 8HS.
Last Updated: 12 December 2018