Who we are?
RELOYALTY Limited (we, us and our), trading as Reloyalty, is a private limited company, registered in the UK as a subsidiary of Reloyalty LLC (Bulgaria) with Public Register Number: 11553096, registered seat in London, United Kingdom, W1H 6EF, 3 Fitzhardinge street, 3rd floor and email for correspondence: firstname.lastname@example.org. For the purposes of the General Data Protection Regulation (GDPR) and the Data Protection Act (referred to as “Data Protection Laws”), we act as a “Data controller” when we process your personal data.
How do we collect data about you?
We collect data directly from you, through our interactions with you and through your usage of our Reloyalty services. We may also obtain data about you from third parties, including:
- The bank you use and payment service providers (for example, your transaction and payment data if you have connected your bank card to your Reloyalty account);
- service providers that help us determine your location such as your phone operating system, for example iOS or Android (if you have given us access to send you notifications near your location);
- social networks (if you have given us access to integrate your Reloyalty and your social network account);
- publicly-available sources.
You have the right to revoke at any time our access to your bank card and the social networks integrated to your Reloyalty account by managing your account with the respective social network and bank(s).
What data we may collect about you?
We may collect and process the following data about you:
- Identifying and contact information: such as your name, email address, date of birth, phone number, that you provide by completing registration form on the App/website;
- Credentials. Your password and log-in details;
- Details of transactions. With your explicit consent and authorization when you connect your payment card to your Reloyalty account, we will obtain automatically and securely from your bank provider information about the transactions you make via your connected card (e.g. value, time, place of transaction and specific merchant). We cannot alter this information under any circumstances and we do not receive any information about your credit/debit card number or security code.
- Loyalty profile. We analyze your transaction data to build a loyalty profile of you with information about your preferences such as merchants and places you frequent, where you spend most, etc. which allow you to receive more personalized loyalty campaigns and offers from merchants from our network based on your individual behavior and preferences. This includes also data about your past participation in loyalty campaigns and other activities promoted via our App.
- Communications: This include the content of messages you send to us, for example to report a problem or to submit queries, concerns or comments regarding the App/website or our services;
- Interactions. This includes data about your usage of the App, which offers you click on the App/website, the resources you access and any data you download; troubleshooting and help data;
- Feedback and ratings. This includes ratings you provide to us for the Reloyalty services and the merchants from our network, information from surveys that we may, from time to time, run on the App for research purposes, if you choose to respond to them;
- Location. If you have allowed us, we can have access to the exact or approximate location of your mobile device, while you are using the App (e.g. your latitude, longitude, cell tower ID, etc).
- Social data. If you log-in via a social networking application, you may authorize us to obtain information from your social networking profile, where possible about interactions between you and merchants such as check ins, likes of organizations or places, or other types of engagement, specified in case you provide such an authorization.
- IP address and other IT data: When you download the App, we may automatically collect IT information, such as the type of phone or operating system you use, internet browser and the website from which you have come to the site, your IP address (the unique address which identifies your home computer on the internet) or the unique identifier (which is linked to your mobile device).
What if you do not provide us with your data?
You are under no obligation to provide any such information, but if you decide to do so, we may not be able to to provide you with the sufficient experience and full benefit of our services (e.g. matching tailored offers to individual spending patterns we obtain when you connect your bank card, or match to your approximate location or offering you the best and most advantageous loyalty campaigns that take into account all your preferences and input for upgrading your loyalty profile).
How do we use your data?
We use your personal data for various legitimate purposes in order to:
- Manage your account. We use your data to register you as a user and administer your account, e.g. verify the authenticity of users who want to have access to it, send you system messages related to the operation of your account, audit your downloading and usage of the App.
- Provide you our Reloyalty services. We analyze your transactional data to create a loyalty profile for you, so you can benefit from the most advantageous offers and benefits from the merchants you are visiting from our network. Reloyalty provides you cashback and other loyalty perks based on your transactions. We do that in cooperation with your bank/payment service provider with whom we share common infrastructure to be able to read only your transactional data and for which you require your authorization. You will be notified about the loyalty benefits, cashback and other perks you get from the merchants who are part of our network.
- Communicate with you: we use your contact details to communicate with you about our services, to reply to your inquiries or provide support when you need it.
- Legal compliance. We may use your data to verify your identity in order to meet our obligation to prevent fraud or other illegal activity, or to help you exercise your data protection rights in case you decide to do so (see more about your rights in point 12 below).
- Improve our Reloyalty Services. We use your feedback and anonymized data about the usage of the App/website and the services provided though it to continuously improve our services, including adding new features or capabilities, improve the layout and/or content of the pages of the App/website and customize them for users, improve security features or determine what new features to prioritize.
- Statistics and Research. After your personal data which identifies you has been removed and anonymized, we collect aggregate statistics and carry out research on our users’ demographics and tracking of sales data in order to redeem with merchants your participation in the loyalty campaigns and help merchants design for you the most advantageous and tailored offers.
- Marketing: we may also use your contact data to send you information or offers for participation in loyalty campaigns that may be of interest to you or news regarding upcoming events or services from us. In case you have allowed us access to your mobile device’s location, we will use this information only to inform you about the nearby Loyalty campaigns and merchants you can benefit from, which will be usually send via push notification on your phone. You can always change your preference for such communication within the settings of your application and turn them off or on whenever you wish.
What is the legal basis for data processing?
When we process your data for marketing purposes, we rely on your consent which you have given us throughout the registration process or afterwards by changing your preferred notification settings.
You can always withdraw your consent to use your contact data for marketing purposes by changing your preferred notification settings from the App or following the unsubscribe function to any notification or e-mail sent to you. You can also revoke our access to your mobile device’s location by changing the preferred settings of your mobile device.
Disclosure of your data
Reloyalty keeps your data confidential and we do not sell or share your personal data with professional advertisers, data brokers or any third parties.
We also do not share any of your identifying details with merchants who receive only anonymized aggregate statistical information about users’ participation in loyalty campaigns and usage of our Reloyalty services so that we can redeem with Cashback your participation in the loyalty campaigns.
We may disclose your personal data when permitted by the Data Protection Laws, in particular:
- With your consent (e.g. with your social networking sites, so that you can share your preferences or past activity from the App/website with your friends and your social network);
- To any company from the Reloyalty group or to service providers acting on Reloyalty’s behalf (e.g. Amazon cloud for securely storing your data, marketing mailing services for sending you notifications). This disclosure will be only to the extent needed for the performance of the specific service and with appropriate safeguards that your data will be kept confidential and secure by the data processors;
- To a third party in the event that Reloyalty, our business, or substantially all of its assets are acquired by a third party or we undergo reorganisation (in which case personal data about customers will be one of the transferred assets); or
- When required by law to do so (e.g. to share data with public authorities), or
Reloyalty may also share anonymized aggregated data and analysis (from which you cannot be identified and which does not constitute personal data) about the visitors and usage of the App/website and our services with merchants from the Reloyalty’s network, banks, prospective partners, potential merchants, website analytic providers and other reputable parties.
Currently, personal data is transferred out of the UK and the European Economic Area only to the USA to our mailing service provider (Mailchimp) and website analytic providers (Google Analytics and Mix Panel) which are all registered with the EU-US Privacy shield and ensure adequate protection of your personal data.
Profiling and automated decision-making
Reloyalty uses new technologies which based on your transaction data allow us to provide you personalized services tailored to your consumer’s behavior and preferences and to process your data through automated means. The loyalty profiling and the automated decision-making is an essential feature of our Reloyalty service without which the loyalty perks and the cashback from the loyalty campaigns could not function.
As a general rule, the more you visit your favorite merchants, the more upgraded your loyalty profile will be, hence the greater the loyalty benefits, cashback and other perks you will be entitled to.
When we perform the profiling and the automated decision-making, we provide special safeguards for your rights and freedoms by regularly testing our algorithms to ensure they remain fair, effective and unbiased. Your personal loyalty profile is furthermore pseudonymized in our system (without personal data which directly identifies you) and it is not directly disclosed to the merchants who may receive only anonymized statistical information about the aggregated use of the App and the service by all users who have entered into the campaigns of a particular merchant.
How long do we keep your data?
We keep your data for as long as it is needed for the purpose of the specific data processing, including for the purposes of satisfying any legal, accounting or reporting requirements.
In principle, Reloyalty keeps your personal data for a period of 5 years post-end of customer relationship. Unless we are required to retain your personal data by law, we will delete your data in 1 month if you have requested us to do so (see more about your rights in point 9 below). This does not apply to the statistical data about the research and aggregated usage of our services which does not include any information which personally identifies you.
The data related to any complaint/claims or legal proceedings is kept for a period of 3 years after the resolution of the compliant/claim or 5 years after the end of the legal proceedings.
Your location data will not store it on our servers and will be deleted immediately, once we have informed you about the nearby loyalty campaigns and merchants.
The contact details for marketing purposes are kept until you have requested us to unsubscribe you from the notifications/newsletter.
Security and Storage
Reloyalty places great importance on the security of all the data directly or indirectly associated with our users. We store all the information we receive through the App on secure servers located in the European Economic Area countries which always fall under European laws and do not pose legal risks about your data protection rights. The computer systems where the data is stored are placed in controlled facilities with limited access and strong controls for security and authentication. We use also advanced technical measures such as encryption or pseudonymization which aim to ensure the confidentiality of all your data when it is stored by us or transmitted through the App. Payment details provided by you or third parties we partner with (banks or other payment service providers) will be encrypted using industry standard bank level encryption before they are submitted to us or our payment partners over the internet.
We have also information security policy in place to prevent and manage information security risks. Our security and privacy policies furthermore guarantee that only authorized and trained personnel has access to personal information and keep your data confidential. All policies and procedures are periodically reviewed and amended, as necessary.
It is your responsibility, nevertheless, to keep your password and the access to your Reloyalty account safe and share them with no one.
Links to other websites
The App/website may, from time to time, contain links to external sites, such as review of sites/apps of merchants, map or other sites relevant for our services. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for how they process personal data. Please check these privacy policies before you submit any personal information to these websites.
The App/website may, from time to time, make also public forums available to our users. Any information that is disclosed in these areas becomes public information and you should exercise caution when using these and never disclose your personal details.
You have the following rights in relation to your personal data:
- Right to Access: you can request access to a copy of your personal data that we hold, along with information about what personal data we use, why we use it, with whom we share it, how long we keep it for and whether it has been used for any automated decision-making.
- Right to withdraw consent: where you have given us your consent to process and gain access to your personal data, you can withdraw it at any time e.g. by disconnecting your bank card or social network profile or by changing your preferred notification settings for receiving marketing communications from us or by following the “unsubscribe” link in any marketing e-mail or notification which you receive.
- Correction: you can change any inaccurate or incomplete personal data we hold about you. You have direct access to your personal contact information which you can easily correct through your website/app profile at any time.
- Erasure: you can ask us to delete your personal data in certain circumstances, for example where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it. If you decide to do that, you have to know that you will lose all past analysis which helps us tailor your loyalty profile to the merchants, so they give you personalized offers. This may result in you losing your loyalty score and/or access to offers as we will be no longer able to associate them with your data. You can always start a new account, however, your past information will not be incorporated in it and it will not include your previous benefits.
- Portability: you can ask us to send you or a third party the personal data you have provided to us in a structured, commonly used, electronic form. To exercise this right, you can activate the data portability function from your privacy control settings (download your data) and we will generate a security and time limited link which will allow you to obtain data in a structured, commonly used, electronic form.
- Restriction: you can ask us to restrict the personal data we process about you in certain circumstances, for example, where you have asked for it to be erased.
- Complaint: you can make a complaint about how we have used your personal data by contacting us as noted below, or file a complaint with the Data Protection Supervisory Authority – the ICO (Information Commissioner’s Office) at www.ico.org.uk. We would appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office.
To help you exercise your data protection rights, we have embedded ‘privacy by design in our App’ and developed special privacy control settings of your account which allow you to manage easily your preferred privacy settings and exercise some of your data protection rights.
Updating our Privacy Notice
We may update this Privacy Notice from time to time. When we do so, we will post the new version on our website and will ask you to accept the new version when you next use our app.