Dated: 21 January 2019
We are HyperJar Limited (“we, “us” or “our”) and we are committed to protecting your personal data.
This policy applies to your use of our website at HyperJar.com (“Site”), the HyperJar digital wallet application (“App”) and any of our services that are accessible through the Site or the App (collectively referred to as our “Services”); and it sets out the basis on which any personal data we collect about you, or you provide to us, will be processed and used by us.
We recommend you print a copy of this policy for future reference.
IMPORTANT INFORMATION AND WHO WE ARE
PURPOSE OF THIS PRIVACY NOTICE
For the purpose of the relevant data protection regulations, HyperJar Limited is the “data controller” of your personal data.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this policy. If you have any questions, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.
CONTACT DETAILS AND COMPLAINTS
Email address: firstname.lastname@example.org
Postal address: 55 Baker Street, London, W1U 8EW
You the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK have supervisory authority for data protection issues (www.ico.org.uk). Our registration number with the ICO is ZA286245. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES
We may update this policy from time to time. If we do so, the changes will be posted on this page and, where appropriate, we will notify you of the changes and where you can access the latest version. The new policy may be displayed on-screen and you may be required to accept the changes to continue your use of the App or the Services.
Please check back regularly to see any updates or changes.
Our Site and the App may include links to third-party sites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy policies or any data that may be collected or used through those sites. Please check their policies before you submit any of your information to them.
2. THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data: includes first name, last name, username or similar identifier, marital status, title, date of birth, photo ID, video selfie, mobile number and gender.
- Contact Data: includes home address, delivery address and email address.
- Financial Data: includes bank account and payment card details and your HyperJar electronic money account and HyperJar card details.
- Transaction Data: includes your Account ID and details about your awards and payments to and from you including about advance payments and redemptions by you to merchants featured on our App or Site and other details of products and services you have accepted from such merchants using our Services.
- Account ID: your unique HyperJar customer account identifier.
- Technical Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Services.
- Profile Data: includes your username and passcode, in-App purchase and redemption history, your interests, App jar limits, permissions, goals and objectives, preferences, feedback and survey responses.
- Usage Data: includes information about how you use our Services.
- Content Data: includes friends lists stored on the devices you use to access the Services or in social media accounts you choose to link to your App account.
- Marketing and Communications Data: includes your preferences in receiving personalised marketing from us and our third parties and your communication preferences.
We also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific App feature.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you, including through:
Direct interactions. You may give us your Identity, Contact, Transaction or Financial Data by filling in forms or by corresponding with us by using our Services. This includes personal data you provide when you register to use the App, create an account, enter into any transaction using our Services (such as making an advance payment to a merchant featured on the App), complete a survey or enter a promotion, report a problem with the Services or sign-up to receive marketing communications from us.
You may allow us to access Content Data to identify contacts that are App accountholders or to send them a gift or a referral link. The Services may periodically re-collect this information to stay up to date. You may also provide us with personal data about others when you use parts of our Services, such as when you add other Accountholders to share a jar (jar linking), make a payment to a third party’s UK bank account, authorise us to receive details of your contacts or refer friends. In doing so, you confirm that you have obtained consent from such person to the disclosure of the information to us, and our collection, use and disclosure of the information in accordance with this policy.
As you navigate our Services, we may also collect Usage Data, Profile Data and Marketing and Communications Data as specified by you from time to time.
Third parties. In order to provide our Services to you, we may receive personal data about you from various third parties as set out below:
- The banks you use to transfer money to us will provide us with Identity and Financial Data, such as your name and bank account details.
- Business and service providers’ we work with to enable us to deliver our Services: they may provide us with Financial Data such as your payment card details, Transaction Data such as store or ATM location and till ID.
- Credit reference and fraud prevention agencies: they may provide us with information to help corroborate the information you have provided to us or to verify your identity or information about your transactions.
- Merchants: where you choose to link your HyperJar account to your account with a merchant featured on our App we may, with your consent, receive your merchant account ID and balances from them and display them in your HyperJar account and provide your Account ID and HyperJar merchant related balances to them.
- Your social media accounts: where you choose to link your App account to these we may, with your consent, receive Identity Data and Content Data. The Services may periodically re-collect this information to stay up to date.
4. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
The table below describes the ways we plan to use your personal data, and which of the legal bases we rely on to do so. You may obtain further information on the legal ground relied on or how we assess our legitimate interests against any potential impact on you by contacting us at email@example.com.
What is a legitimate interest?
This means our interest in conducting our business to enable us to provide the best Services in an efficient and secure way. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
What is Performance of a Contract?
This means processing your data where it is necessary for us to be able to contract with you so that you can use our Services.
|Activity / Purpose||Lawful Basis for Processing|
|1.||Provide our Services to you including:|
· Setting up and maintaining your account, issuing your HyperJar card, enabling you to follow a merchant, accept offers or awards, make or receive (as applicable) payments or redemptions and to use the App features and Services (such as participating in competitions or prize draws).
· Providing you with Service information, updates and support, including responding to communications about offers you are participating in.
· Administering, protecting and improving our Services, including troubleshooting, data analysis, testing, system maintenance, cyber security and reporting and hosting of data.
|Performance of a contract with you.|
|2.||Verifying your identity and utilising fraud prevention measures in order to comply with financial crime laws, confirm your eligibility to use our Services and to protect the business, accountholders and merchants featured on the App or Site.||Complying with applicable legal and regulatory obligations.|
|3.||Marketing products and services generally in-App, measuring or analysing the effectiveness of the advertising we serve, monitoring trends to develop our Services and studying how you use our Services.||Necessary for our legitimate interests.|
|4.||Marketing and communicating products and services we think will be of interest to you by email or by creating In-App personalised promotions based on your preferences and behaviour.||Your consent.|
We will never sell your personal data to any third-party company for marketing purposes.
You will receive in-App marketing communications from us if you have signed up to use our App. You can ask us to stop using your personal data to construct more relevant marketing messages at any time by logging into your account and adjusting your marketing preferences in the “profile” tab or by following the unsubscribe links on any marketing message sent to you.
6. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with selected third parties to perform our Services and do the things outlined in the table above including:
- Third Party Service Providers who provide us with support services to enable us to provide the Services, such as payment and card processing, electronic money account provision and issuing of electronic money, card issuing, identity verification, website hosting, email delivery, cloud storage, IT and system administration, cyber security, card manufacturing/personalisation and delivery services.
- Regulators, fraud prevention and credit reference agencies and other third parties: to verify your identity, protect against fraud, comply with anti-money laundering laws, to confirm your eligibility to use our services or to whom we are under a duty to disclose to or report processing activities to in order to comply with law, a subpoena or other legal process, our agreements or policies or to protect the rights, property or safety of HyperJar, its customers or others.
- Professional advisors, including lawyers, bankers, auditors and insurers who provide consulting, legal, insurance and accounting services.
- Analytics and search engine providers that assist us in the improvement and optimisation of our Services.
- Depending on your marketing preferences, we may engage third party service providers to send communications.
- Third parties you consent to us sharing with, such as with social media networks or when you add other Accountholders to share a jar.
- Merchants as featured on the App or Site from time to time for support purposes and, with your consent, to share your Account ID with the merchant to use for the purpose of linking your HyperJar account with your merchant account and displaying the merchant related account balances.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this policy.
We require all third parties who use personal data in delivering services to us to respect the confidentiality and security of your personal data and to treat it in accordance with the law.
If you would like further information about who we have shared your personal data with, and whether they will be acting as a controller or processor of that data, please contact us at firstname.lastname@example.org.
7. INTERNATIONAL TRANSFERS
The personal data that we collect about you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside of the EEA who work for us or one of our suppliers. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by transferring to countries and organisations that the European Commission say have adequate data protection or that we have agreed standard data protection clauses with.
Please contact us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
8. DATA SECURITY
All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be sent in encrypted form.
Transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee its security during transmission. Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. DATA RETENTION
We only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us at firstname.lastname@example.org.
10. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
You have the right:
- To ask us not to contact you for marketing purposes before you have signed up for the Services or after you have withdrawn from the Services by contacting us at email@example.com , or by clicking on the unsubscribe link in the relevant communication.
- To ask us not to use your personal data to construct more relevant marketing information by adjusting your notification preferences within the “profile” tab of your account.
- To withdraw any consent you have previously given to us.
- Subject to applicable laws, to ask for access to the personal data we hold about you.
- To ask us to correct any personal data we hold on you that is inaccurate, incorrect or out of date.
- To ask us to delete your personal data when it is no longer necessary, or no longer subject to a legal obligation which we are subject to. If your data is impossible to permanently delete we will put it beyond reasonable use.
- To request the transfer of your personal data to you or to a third party. We will provide your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- To object to our use of your information where we are relying on a legitimate interest (or those of a third party) and we cannot demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- To request restriction of processing of your personal data. You may ask us to suspend the processing of your personal data : (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.