This policy was last updated on: 12th August 2020
We are HyperJar Limited (“we, “us” or “our”) and we are committed to protecting your personal data.
We recommend you print a copy of this policy for future reference.
1. IMPORTANT INFORMATION AND WHO WE ARE
PURPOSE OF THIS PRIVACY NOTICE
For the purpose of the relevant data protection regulations, HyperJar Limited is the “data controller” of your personal data. This means that we decide on the purpose for which your personal data is processed.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this policy. If you have any questions, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.
CONTACT DETAILS AND COMPLAINTS
Email address: firstname.lastname@example.org
Postal address: 55 Baker Street, London, W1U 8EW
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). Our registration number with the ICO is ZA286245. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES
We may update this policy from time to time. If we do so, the changes will be made available on our Site and in the HyperJar App and, where appropriate, we will notify you of the changes and where you can access the latest version. The new policy may be displayed on-screen and you may be required to accept the changes to continue using the App or the Services.
Please check back regularly to see any updates or changes.
Our Site and the App may include links to third-party sites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy policies or any data that may be collected or used through those sites. Please check their policies before you or submit any information to them.
NOTICE TO PARENTS THAT OPEN A SUB-ACCOUNT
As a parent or guardian who opens a Sub-account you are giving us permission to collect, use, store, share and transfer your child’s personal data in the ways specified in this policy. We encourage you to explain to your child how their information will be used, as set out in this policy.
2. THE DATA WE COLLECT
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store, share and transfer different kinds of personal data about you (and your child if you open a Sub-account for them) which we have grouped together as follows:
- Identity Data: includes:
- Your first name, last name, username or similar identifier, marital status, title, date of birth, photo ID, video selfie, mobile number and gender.
- Your child’s first name, last name, date of birth and gender.
- Contact Data: includes your home address, delivery address and your email address.
- Financial Data: includes your bank account and payment card details, your HyperJar electronic money account and your (and your child’s) HyperJar card details.
- Transaction Data: includes your Account ID and the Account ID of any Sub-account, details about loading your account, rewards, payments and transfers to and from you or your child (including advance payments and redemptions by you or your child to merchants featured on our App or Site, and other purchase information regarding products and services you have accepted from such merchants, or other merchants, using our Services.
- Account ID: your (and your child’s Sub-account) unique HyperJar customer account identifier.
- Technical Data: includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access the Services.
- Profile Data: includes your employment status, occupation, monthly income range, username, in-App purchase and redemption history, interests, App jar limits, permissions, goals and objectives, preferences, feedback and survey responses.
- Usage Data: includes information about how our Services are used including communications between us and you.
- Content Data: includes friends lists stored on the devices you use to access the Services or in social media accounts you choose to link to your App account.
- Marketing Data: includes your preferences in receiving personalised marketing from us, our partners and third parties and your communication preferences for your account and any Sub-account.
We also collect, use and share “Aggregated Data" such as statistical or demographic data. Aggregated Data may be derived from your (or your child’s) personal data but is not considered personal data in law as this data does not directly or indirectly reveal your (or your child’s) identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific App feature.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you (and your child), including through:
Direct interactions. You may give us Identity, Contact, Transaction or Financial Data by filling in forms or by corresponding with us by using our Services. This includes personal data you provide when you register to use the App, create an account, you or your child enter into any transaction using our Services (such as making an advance payment to a merchant featured on the App), complete a survey or enter a promotion, report a problem with the Services or if you sign-up to receive marketing communications from us.
You may allow us to access your Content Data to identify contacts that are App accountholders or to send them a gift or a referral link. The Services may periodically re-collect this information to stay up to date. You may also provide us with personal data about others when you use parts of our Services, such as when you add other Accountholders to share a jar, make a payment to a third party’s UK bank account, authorise us to receive details of your contacts or refer friends. In doing so, you confirm that you have obtained consent from such person to the disclosure of the information to us, and to our collection, use and disclosure of the information in accordance with this policy.
As you navigate our Services, we may also collect Usage Data, Profile Data and Marketing Data as specified by you from time to time.
Third parties. In order to provide our Services to you, we may receive personal data about you from various third parties as set out below:
- The banks you use to transfer money to us will provide us with Identity and Financial Data, such as your name and bank account details.
- Business and service providers that we work with to enable us to deliver our Services: they may provide us with Financial Data such as your payment card details, Transaction Data such as store location and till ID.
- Identify verification and fraud prevention agencies: they may provide us with information to help corroborate the information you have provided to us about yourself or to verify your identity or information about your or your child’s transactions. As we will only do a soft search with credit reference agencies it should not impact your credit score, although it may leave a footprint on your credit file that you will be able to see.
- Merchants: where you choose to link your HyperJar account to your account with a merchant featured on our App we may, with your consent, receive your merchant account ID and balances from them and display them in your HyperJar account and provide your Account ID and HyperJar merchant related balances to them.
- Your social media accounts: where you choose to link your or their App account to these we may, with your consent, receive Identity Data and Content Data. The Services may periodically re-collect this information to stay up to date.
4. PURPOSES FOR WHICH WE WILL USE PERSONAL DATA
The table below describes the ways we plan to use your (and your child’s) personal data, and which of the legal bases we rely on to do so. You may obtain further information on the legal ground relied on, or how we assess our legitimate interests against any potential impact on you, by contacting us at email@example.com.
What is a legitimate interest?
This means our interest in conducting our business to enable us to provide the best Services in an efficient and secure way. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
What is Performance of a Contract?
This means processing your and your child’s data where it is necessary for us to be able to contract with you so that you can use our Services.
|Activity / Purpose||Lawful Basis for Processing|
|1.||Provide our Services to you including:
· Setting up and maintaining your account and any Sub-account(s), issuing your (and your child’s) HyperJar card, enabling you to browse the Explore section of the App and create merchant and storage jars, enabling you to accept offers or awards, enabling you and your child to make or receive (as applicable) payments or redemptions and to use the App features and Services (such as participating in competitions or prize draws).
· Understanding your usage of the Service so we can provide a safe and reliable experience and present content in an effective manner.
· Providing general Service information, updates and support, including contacting you about your account (e.g. to notify you about suspicious activity, changes to our terms or to send you usage alerts) communications about offers you and your child are participating in and responding to communications from you.
· Administering, protecting and improving our Services, including troubleshooting, data analysis, testing, system maintenance, cyber security and reporting and hosting of data.
|Performance of a contract with you.
|2.||Verifying your identity and utilising fraud prevention measures in order to comply with financial crime laws, confirming your eligibility to use our Services and to protect our business, accountholders and merchants featured on the App or Site.||Complying with applicable legal and regulatory obligations.|
|3.||Marketing products and services generally in-App, measuring or analysing the effectiveness of the advertising we serve, monitoring trends to develop our Services and studying how you use our Services.||Necessary for our legitimate interests.|
|4.||Marketing and communicating products and services we think will be of interest to you by email to you or by creating In-App personalised promotions based on your preferences and behaviour.||Your consent.|
We will never sell your personal data to any third-party company for marketing purposes.
You will receive in-App marketing communications from us if you have signed up to use our App.
You can ask us to stop using your personal data to construct more relevant marketing messages for you at any time in the App and adjusting your marketing preferences in the “profile” tab or by following the unsubscribe links on any marketing messages sent to you.
6. DISCLOSURES OF PERSONAL DATA
We may share your (and your child’s) personal data with selected third parties to perform our Services and do the things outlined in the table above including:
- Third Party Service Providers who provide us with support services to enable us to provide the Services, such as payment and card processing, electronic money account provision and issuing of electronic money, card issuing, identity verification, website hosting, customer service, email delivery, cloud storage, IT and system administration, cyber security, card manufacturing/personalisation and delivery services.
- Regulators, fraud prevention and other third parties: to verify your identity, protect against fraud, comply with anti-money laundering laws, or confirm your eligibility to use our Services. We may also be under a duty to disclose or report processing activities to these third parties in order to comply with: law, a subpoena or other legal process, our agreements or policies, or to protect the rights, property or safety of HyperJar, its customers or others.
- Professional advisors, including lawyers, bankers, auditors and insurers who provide consulting, legal, insurance and accounting services.
- Analytics and search engine providers that assist us in the improvement and optimisation of our Services.
- Depending on your marketing preferences, we may engage third party service providers to send communications.
- Third parties you consent to us sharing your information with, such as with social media networks or when you add other Account holders to share a jar.
- Merchants as featured on the App or Site from time to time for support purposes and, with your consent, to share your Account ID with the merchant to use for the purpose of linking your HyperJar account with your merchant account and displaying the merchant related account balances.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this policy.
We require all third parties who use personal data in delivering services to us to respect the confidentiality and security of your personal data and to treat it in accordance with the law.
If you would like further information about who we have shared your or your child’s personal data with, and whether they will be acting as a controller or processor of that data, please contact us at firstname.lastname@example.org.
7. INTERNATIONAL TRANSFERS
The personal data that we collect may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside of the EEA who work for us or one of our suppliers. Whenever we transfer your or your child’s personal data out of the EEA, we ensure a similar degree of protection is afforded to it by transferring to countries and organisations that the European Commission say have adequate data protection or that we have agreed standard data protection clauses with.
Please contact us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
8. DATA SECURITY
All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be sent in encrypted form.
Transmission of information via the internet is not completely secure. Although we do our best to protect your and your child’s personal data, we cannot guarantee its security during transmission. Once we have received your information, we will use strict procedures and security features to try to prevent your and your child’s personal data from being accidentally lost, used or accessed in an unauthorised way.
We limit access to your (and your child’s) personal data to those employees, agents, contractors and other third parties who have a business need to know the information and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. DATA RETENTION
We only retain your (and your child’s) personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us at firstname.lastname@example.org.
10. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your (and your child’s) personal data.
You have the right:
- to ask us not to contact you for marketing purposes before you have signed up for the Services, or after you have withdrawn from the Services, by contacting us at email@example.com , or by clicking on the unsubscribe link in the relevant communication.
- to ask us not to use your personal data to construct more relevant marketing information by adjusting your notification preferences within the “profile” tab of your account.
- to withdraw any consent you have previously given to us.
- subject to applicable laws, to ask for access to the personal data we hold about you or your child.
- to ask us to correct any personal data we hold on you or your child that is inaccurate, incorrect or out of date.
- to ask us to delete your (or your child’s) personal data when it is no longer necessary, or no longer subject to a legal obligation which we are subject to. If your or your child’s data is impossible to permanently delete, we will put it beyond reasonable use.
- to request the transfer of your or your child’s personal data to you or to a third party. We will provide your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- to object to our use of your or your child’s information where we are relying on a legitimate interest (or those of a third party) and we cannot demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- to request restriction of processing of your or your child’s personal data. You may ask us to suspend the processing of your personal data : (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.