Last updated on: 20th July 2022
We are HyperJar Limited (“we, “us” or “our”) and we are committed to protecting your personal data.
We recommend you print a copy of this policy for future reference.
For the purpose of the relevant data protection regulations, HyperJar Limited is the “data controller” of your personal data. This means that we decide on the purpose for which your personal data is processed.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this policy. If you have any questions, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.
Email address: firstname.lastname@example.org
Postal address: HyperJar, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). Our registration number with the ICO is ZA286245. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
We may update this policy from time to time. If we do so, the changes will be made available on our Site and in the HyperJar App and, where appropriate, we will notify you of the changes and where you can access the latest version. The new policy may be displayed on-screen and you may be required to accept the changes to continue using the App or the Services.
Please check back regularly to see any updates or changes.
Our Site and the App may include links to third-party sites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy policies or any data that may be collected or used through those sites. Please check their policies before you or submit any information to them.
As a parent or guardian who opens a Sub-account you are giving us permission to collect, use, store, share and transfer your child’s personal data in the ways specified in this policy. We encourage you to explain to your child how their information will be used, as set out in this policy.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store, share and transfer different kinds of personal data about you (and your child if you open a Sub-account for them) which we have grouped together as follows:
We also collect, use and share “Aggregated Data” such as statistical or demographic data. Aggregated Data may be derived from your (or your child’s) personal data but is not considered personal data in law as this data does not directly or indirectly reveal your (or your child’s) identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific App feature.
We use different methods to collect data from and about you (and your child), including through:
Direct interactions. You may give us Identity, Contact, Transaction or Financial Data by filling in forms or by corresponding with us by using our Services. This includes personal data you provide when you register to use the App, create an account, you or your child enter into any transaction using our Services (such as making an advance payment to a merchant featured on the App), complete a survey or enter a promotion, report a problem with the Services or if you sign-up to receive marketing communications from us.
You may allow us to access your Content Data to identify contacts that are App accountholders or to send them a gift or a referral link. The Services may periodically re-collect this information to stay up to date. You may also provide us with personal data about others when you use parts of our Services, such as when you add other Accountholders to share a jar, make a payment to a third party’s UK bank account, authorise us to receive details of your contacts or refer friends. In doing so, you confirm that you have obtained consent from such person to the disclosure of the information to us, and to our collection, use and disclosure of the information in accordance with this policy.
As you navigate our Services, we may also collect Usage Data, Profile Data and Marketing Data as specified by you from time to time.
Third parties. In order to provide our Services to you, we may receive personal data about you from various third parties as set out below:
The table below describes the ways we plan to use your (and your child’s) personal data, and which of the legal bases we rely on to do so. You may obtain further information on the legal ground relied on, or how we assess our legitimate interests against any potential impact on you, by contacting us at email@example.com.
What is a legitimate interest?
This means our interest in conducting our business to enable us to provide the best Services in an efficient and secure way. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
What is Performance of a Contract?
This means processing your and your child’s data where it is necessary for us to be able to contract with you so that you can use our Services.
Activity / PurposeLawful Basis for Processing1.Provide our Services to you including:
· Setting up and maintaining your account and any Sub-account(s), issuing your (and your child’s) HyperJar card, enabling you to browse the Explore section of the App and create merchant and storage jars, enabling you to accept offers or awards, enabling you and your child to make or receive (as applicable) payments or redemptions and to use the App features and Services (such as participating in competitions or prize draws).
· Understanding your usage of the Service so we can provide a safe and reliable experience and present content in an effective manner.
· Providing general Service information, updates and support, including contacting you about your account (e.g. to notify you about suspicious activity, changes to our terms or to send you usage alerts) communications about offers you and your child are participating in and responding to communications from you.
· Administering, protecting and improving our Services, including troubleshooting, data analysis, testing, system maintenance, cyber security and reporting and hosting of data.
Performance of a contract with you.2.Verifying your identity and utilising fraud prevention measures in order to comply with financial crime laws, confirming your eligibility to use our Services and to protect our business, accountholders and merchants featured on the App or Site.Complying with applicable legal and regulatory obligations.3.Marketing products and services generally in-App, measuring or analysing the effectiveness of the advertising we serve, monitoring trends to develop our Services and studying how you use our Services.Necessary for our legitimate interests.4.Marketing and communicating products and services we think will be of interest to you by email to you or by creating In-App personalised promotions based on your preferences and behaviour.Your consent.
We will never sell your personal data to any third-party company for marketing purposes.
You will receive in-App marketing communications from us if you have signed up to use our App.
You can ask us to stop using your personal data to construct more relevant marketing messages for you at any time in the App and adjusting your marketing preferences in the “profile” tab or by following the unsubscribe links on any marketing messages sent to you.
We may share your (and your child’s) personal data with selected third parties to perform our Services and do the things outlined in the table above including:
We require all third parties who use personal data in delivering services to us to respect the confidentiality and security of your personal data and to treat it in accordance with the law.
If you would like further information about who we have shared your or your child’s personal data with, and whether they will be acting as a controller or processor of that data, please contact us at firstname.lastname@example.org.
The personal data that we collect may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside of the EEA who work for us or one of our suppliers. Whenever we transfer your or your child’s personal data out of the EEA, we ensure a similar degree of protection is afforded to it by transferring to countries and organisations that the European Commission say have adequate data protection or that we have agreed standard data protection clauses with.
Please contact us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be sent in encrypted form.
Transmission of information via the internet is not completely secure. Although we do our best to protect your and your child’s personal data, we cannot guarantee its security during transmission. Once we have received your information, we will use strict procedures and security features to try to prevent your and your child’s personal data from being accidentally lost, used or accessed in an unauthorised way.
We limit access to your (and your child’s) personal data to those employees, agents, contractors and other third parties who have a business need to know the information and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We only retain your (and your child’s) personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us at firstname.lastname@example.org.
Under certain circumstances, you have rights under data protection laws in relation to your (and your child’s) personal data.
You have the right: