Welcome to InboxPounds® Limited’s Privacy and Cookie Policy
I. IMPORTANT INFORMATION AND WHO WE ARE
-
Purpose of this Privacy and Cookie Policy
This Privacy and Cookie Policy aims to give you information on how InboxPounds® Limited
collects and processes your personal data through your use of this website, including any data
you may provide through this website when you sign up and create an account with us or take part
in any of our great prizes, games, offers, surveys and competitions (Offers).
This website is not intended for children and we do not knowingly allow children to create a
members account or profile on the website.
It is important that you read this Privacy and Cookie Policy together with any other privacy
notice or fair processing notice we may provide on specific occasions when we are collecting or
processing personal data about you so that you are fully aware of how and why we are using your
data. This Privacy and Cookie Policy supplements the other notices and is not intended to
override them.
-
Who is InboxPounds® Limited?
InboxPounds® Limited is a company registered in England and Wales which owns and
operates this UK website and collects your data through and in relation to it.
The operation of this website and the associated activities of InboxPounds® Limited in
relation to its UK members are governed by the UK data protection authority, the Information
Commissioner’s Office (ICO). InboxPounds® Limited is registered with and
pays all applicable fees to the ICO. Our registration number is Z2994933. You have the right to
make a complaint at any time to the ICO, the UK supervisory authority for data protection
issues, whose website and contact information can be found at www.ico.org.uk. The phone number to contact the ICO is 0303 123 1113. We
would, however, appreciate the chance to deal with your concerns before you approach the ICO so
please contact us in the first instance.
We have appointed a data protection officer (DPO) who is responsible for overseeing
questions in relation to this Privacy and Cookie Policy. If you have any questions about this
Privacy and Cookie Policy, including any requests to exercise your legal rights, please contact
the DPO using the contact details set out below.
-
InboxPounds® Limited’s contact details are:
Full name of legal entity: InboxPounds® Limited
Name or title of DPO: Chief Technical Officer, Tom Healy
Email address: dpo@inboxpounds.co.uk
Telephone number: 651 289 0720
-
Who is CotterWeb Enterprises Inc. and why is InboxPounds® Limited sharing data with
them?
Many of InboxPounds® Limited’s operations are supported by website servers located
in the United States under the control of its US parent company, CotterWeb Enterprises Inc.,
details of which can be found here. As a result, InboxPounds® Limited will transfer your data
outside the European Economic Area (EEA) to its parent company, CotterWeb Enterprises Inc. in
the United States and these two companies together are regarded as joint controllers in relation
to the personal data received through and in relation to this UK website. This Privacy and
Cookie Policy is issued on behalf of both companies and so when we mention
“InboxPounds®”, “we”, “us” or
“our” in this Privacy and Cookie Policy, we are referring to both
InboxPounds® Limited and CotterWeb Enterprises Inc. as joint controllers responsible for
processing your data, unless we clearly indicate otherwise by using either company’s full
registered name.
See the section on Privacy Shield certification at section 12 below to see how
CotterWeb Enterprises Inc. is also protecting your data protection rights.
-
Changes to the Privacy and Cookie Policy and your duty to inform us of changes
This version was last updated on June 13, 2018 and historic versions can be obtained by
contacting us. We may make changes to this Privacy and Cookie Policy at any time. You can always
access the most up to date version here or by clicking on a link to
the Privacy and Cookie Policy on our website.
It is important that the personal data we hold about you is accurate and current. Please keep us
informed if your personal data changes during your relationship with us.
-
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on
those links or enabling those connections may allow third parties to collect or share data about
you. We do not control these third-party websites and are not responsible for their privacy
statements. When you leave our website, we encourage you to read the privacy notice of every
website you visit.
II. THE DATA WE COLLECT ABOUT YOU
-
About Personal Data
Personal data, or personal information, means any information about an individual from which
that person can be identified.
We may collect, use, store and transfer different kinds of personal data about you which we have
grouped together follows:
-
Member Identity Data includes [first name, last name, username or similar identifier
and login password].
-
Member Contact Data includes [residential address, email address and telephone
numbers].
-
Member Reward Payment Data includes [name, residential address and amount of
member’s reward if receiving payment by cheque or by pre-paid master card or name and
associated Paypal account email if receiving payment by Paypal].
-
Transaction Data includes [details about reward payments made to you and other
details of your interactions with us including Offers completed by you or referrals of other
members that you have introduced to InboxPounds®].
-
Technical Data includes [internet protocol (IP) address, your login data, browser
type and version, time zone setting and location, browser plug-in types and versions,
operating system and platform and other technology on the devices you use to access this
website].
-
Profile Data includes [post code, your interests, preferences, feedback and survey
responses including phone number, date of birth, gender, education level, household income,
job title, work industry, organisation annual revenue, children’s ages,
children’s genders, employment status, work decision making role, departmental
influence, organization primary industry, number of employees, relationship status, work
department, own or rent home, mobile phone type, type of pet, play video games and/or use of
gaming consoles].
-
Usage Data includes [information about how you use our website, product and
services].
-
Marketing and Communications Data includes [your preferences in receiving marketing
from us and third parties and your communication preferences].
Personal data can be anonymised or pseudonymised, which means ensuring that when it is processed
it either no longer includes any identifying elements or has those elements replaced with a
value like a number from which an individual cannot be identified (Anonymous Data).
Personal data can be considered to be Anonymous Data either on a temporary basis, because we
still hold the means to re-associate it with your information from which you are personally
identifiable, or on an irreversible basis by us destroying or irretrievably removing the
identifying elements entirely so they cannot be re-associated in future. We will sometimes use
your data in a form which is Anonymous Data as part of our security measures to minimise the
risk of it being used to in an unauthorised way whilst being processed.
We also collect, use and share Aggregated Data such as statistical or demographic data
for any purpose. Aggregated Data may be derived from your personal data, but is not considered
personal data in law as this data does not directly or indirectly reveal your identity. For
example, we may aggregate your Usage Data to calculate the percentage of users accessing a
specific website feature. However, if we combine or connect Aggregated Data with your personal
data so that it can directly or indirectly identify you, we treat the combined data as personal
data which will be used in accordance with this Privacy and Cookie Policy.
We do not collect any Special Categories of Personal Data about you (this includes
details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual
orientation, political opinions, trade union membership, information about your health and
genetic and biometric data). Nor do we collect any information about criminal convictions and
offences.
-
Member Referrals
You may also give us the personal data of a name and email address for someone else who you want
to refer to our website and services (a Member Referral) because by making a Member
Referral you can earn additional rewards to your Member account. If you do provide us with a
Member Referral it is important, firstly that you get that person’s permission to give
their personal data to us and make sure they understand this means we will be sending them email
communications to provide them with a link to our website and Offers. Secondly, you should point
them to this Privacy Policy so they can understand how we might use their personal data if they
do choose to become a member and have their own account with us. If a person creates a
membership account with us following a Member Referral by you, we will use the Member Identity
Data and our cookies (see Cookies section below) in order to
verify their registration matches the data you provided for the Member Referral so that you get
correctly credited for that Member Referral resulting in a new member registration on our
website.
-
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you
and you fail to provide that data when requested, we may not be able to perform the contract we
have or are trying to enter into with you (for example, to provide you with goods or services).
In this case, we may have to cancel a product or service you have with us but we will notify you
if this is the case at the time. By way of example, we cannot establish a member account for you
if we do not have your Member Identity Data and we cannot pay out your rewards if we do not have
your Member Reward Payment Data.
Of the types of personal data identified above, Profile Data is personal data you provide to us
entirely at your option, but it will make a significant difference to your experience whilst
using our website and services. In particular, the quality and appropriateness of the Offers
that we send to you are considerably enhanced the more Profile Data we hold about you. You will
still receive Offers even if you choose not to provide us with Profile Data, but you should be
aware these Offers will not have been tailored to suit your personal preferences if we do not
hold sufficient Profile Data and so you may not find them appropriate or be able to qualify for
the same sort of rewards for everything we send to you. You are always in control of how much or
how little Profile Data we hold about you as this is an area of your member’s account
which you can alter at any time, correcting, updating or removing your Profile Data as you
choose.
III. HOW IS YOUR PERSONAL DATA COLLECTED?
-
Data Collection
We use different methods to collect data from and about you including through:
-
Direct interactions. You may give us your Member Identity, Member Contact and Member
Reward Payment Data by filling in forms or by corresponding with us via our website or by
phone, email or otherwise. This includes personal data you provide when you:
- create a membership account on our website;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us some feedback.
-
Automated technologies or interactions. As you interact with our website, we may
automatically collect Technical Data about your equipment, browsing actions and patterns. We
collect this personal data by using cookies, server logs and other similar technologies. We
may also receive Technical Data about you if you visit other websites employing our cookies.
Please see the section below on our use of cookies for
further details.
-
Membership checks from other advertisers. We may receive parts of your Member
Identity Data such as your email address from third party advertisers wishing us to check
whether you are already a member of our website. This is only used to ensure you do not
receive repeat Offers from us because you are already a member with an account on our
website.
IV. HOW WE USE YOUR PERSONAL DATA
-
Data Usage
We will only use your personal data when the law allows us to. Most commonly, we will use your
personal data in the following circumstances:
-
Performance of Contract - Where we need to perform the contract we are about to enter
into or have entered into with you.
-
Legitimate Interest - Where it is necessary for our legitimate interests (or those of
a third party) and your interests and fundamental rights do not override those interests. We
make sure we consider and balance any potential impact on you (both positive and negative)
and your rights before we process your personal data for our legitimate interests. We do not
use your personal data for activities where our interests are overridden by the impact on
you (unless we have your consent or are otherwise required or permitted to by law).
-
Comply with a legal or regulatory obligation - Where we need to comply with a legal
or regulatory obligation that we are subject to.
-
Consent - Where you have explicitly consented to us doing so in the way we will
explain below. Consent is only used as a legal basis for our processing in relation to how
we use your Profile Data. Profile Data is information which we don’t have to have in order
to run your member account, but it makes a very big difference to your experience of our
services if you do choose to provide us with it and in doing so give your consent to how we
use it. We’ll explain more here.
-
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your
personal data, and which of the legal bases we rely on to do so. We have also identified what
our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the
specific purpose for which we are using your data. Please
contacts us if you need details about the specific
legal ground we are relying on to process your personal data where more than one ground has been
set out in the table below.
Purpose/Activity
To register you as a new member
Type of data
- (a) Member Identity Data
- (b) Member Contact Data
Lawful basis for processing including basis of legitimate interest
Performance of a contract with you
Purpose/Activity
To process and deliver your request for membership reward services including to manage
payments of your member rewards
Type of data
- (a) Member Identity Data
- (b) Member Contact Data
- (c) Member Reward Payment Data
- (d) Transaction Data
Lawful basis for processing including basis of legitimate interest
- (a) Performance of a contract with you
- (b) Necessary for our legitimate interests
Purpose/Activity
To manage our relationship with you which will include notifying you about changes to
our terms or Privacy and Cookie Policy in the event of a fundamental change
Type of data
- (a) Member Identity Data
- (b) Member Contact Data
Lawful basis for processing including basis of legitimate interest
- (a) Performance of a contract with you
- (b) Necessary to comply with a legal obligation
-
(c) Necessary for our legitimate interests (to keep our records updated and to
study how members use our services)
Purpose/Activity
To enable you to partake in Offers
Type of data
- (a) Member Identity Data
- (b) Member Contact Data
Lawful basis for processing including basis of legitimate interest
- (a) Performance of a contract with you
-
(b) Necessary for our legitimate interests (to study how customers use our
services, to develop them and grow our business)
Purpose/Activity
To email potential new members that you identify as part of our Member Referral scheme
Type of data
Data you provide to us as a Member Referral
Lawful basis for processing including basis of legitimate interest
Necessary for our legitimate interests (to provide you with correct credit for making a
referral as a means of growing our membership)
Purpose/Activity
To administer and protect our business and this website (including troubleshooting, data
analysis, testing, system maintenance, support, reporting and hosting of data) and to
provide you with access to support through our Live Chat facility
Type of data
- (a) Member Identity Data
- (b) Member Contact Data
- (c) Technical Data
Lawful basis for processing including basis of legitimate interest
-
(a) Necessary for our legitimate interests (for running our business, provision
of administration and IT services, network security, to prevent fraud and in the
context of a business reorganisation or group restructuring exercise and for
identifying concerns or issues raised by a member during use of our Live Chat
facility)
- (b) Necessary to comply with a legal obligation
Purpose/Activity
To use data analytics to improve our website, Offers/services, marketing, member
relationships and experiences
Type of data
- (a) Technical Data
- (b) Usage Data
Lawful basis for processing including basis of legitimate interest
Necessary for our legitimate interests (to define types of member for our Offers and
services, to keep our website updated and relevant, to develop our business and to
inform our marketing strategy)
Purpose/Activity
To deliver relevant website content and targeted member Offers or advertisements to you
and measure or understand the effectiveness of the member Offers or advertisements we
provide to you
Type of data
- (a) Member Identity Data
- (b) Member Contact Data
- (c) Usage Data
- (d) Marketing and Communications Data
- (e) Technical Data
Lawful basis for processing including basis of legitimate interest
Necessary for our legitimate interests (to study how members use our products/services,
to develop them, to grow our business and to inform our marketing strategy)
Purpose/Activity
To make suggestions and recommendations to you about Offers or services that may be of
interest to you
Type of data
- (a) Member Identity Data
- (b) Member Contact Data
- (c) Technical Data
- (d) Usage Data
Lawful basis for processing including basis of legitimate interest
Necessary for our legitimate interests (to develop our Offers and services and grow our
business)
Purpose/Activity
The purpose of profiling your preferences from your Profile Data in order for us to
provide a more tailored service to you for each of the purposes:
-
(a) To deliver relevant website content and targeted Offers or advertisements to
you and measure or understand the effectiveness of the Offers or advertisements
we provide to you
-
(b) To make suggestions and recommendations to you about Offers or services that
may be of interest to you
Type of data
Profile Data
Lawful basis for processing including basis of legitimate interest
-
(a) Necessary for our legitimate interests (to tailor our Offers and services
and grow our business) – only when used in a depersonalised or pseudonymised
form, that means we only use it under this condition if your Profile Data can be
separated from any information from which you are personally identifiable and so
can be processed as Anonymous Data
-
(b) Consent – your Profile Data which is personally identifiable or when used
together with other data which is personally identifiable will only be used for
these purposes with your specific consent. You may choose to update, amend or
remove your Profile Data at any time using our Profile Dashboard which will give
you control over the consent you give us to use this specific Profile Data at
all times.
Purpose/Activity
To share your Profile Data with Named Market Research Partners (see definition of who
this is listed below) for them to
identify suitable targeted Offers to send to you
Type of data
Profile Data
Lawful basis for processing including basis of legitimate interest
Consent – your Profile Data which is personally identifiable or when used together with
other data which is personally identifiable will only be shared with third parties for
these purposes with your specific consent. You may choose to update, amend or remove
your Profile Data at any time using our Profile Dashboard which will give you control
over the consent you give us to use this specific Profile Data at all times.
-
Profiling and Consent
Being an InboxPounds® member is all about you receiving great opportunities to earn
rewards through our membership service. We will still send you Offers, even if you don’t
provide us with any Profile Data, so if you don’t want to fill in those details you still get
the chance to earn cash rewards with InboxPounds®.
However, the best way to get the most out of your membership with InboxPounds® and to
earn more cash rewards, is if we can use the Profile Data that you provide to us in order to
make sure we only send you the particular Offers that we think will suit you the best. We use
Profile Data to learn about your personal preferences and interests and this will determine
which Offers we send to you – this is a largely automated process known as profiling. The only
decisions that our profiling methods make about you and your personal information is to
determine what type of Offers you are most likely to want to see from us given your personal
preferences and demographic information. Our profiling methods do not get used for any other
purpose than to give you great Offers and improve our service to you.
We strive to provide you with choices regarding certain personal data uses, particularly around
the type of Offers, marketing and advertising that you see when you visit our website or receive
opportunities to earn cash rewards with us. With this in mind, we have established our Profile
Dashboard where you can view and make certain decisions about your personal data use.
You are always in control of the amount of personal information which you give to us on your
Profile Dashboard. By completing information in the Profile Dashboard you are giving us your
consent to the use we’re describing in this section of the Privacy and Cookie Policy. You can
remove information you previously provided in the Profile Dashboard at any time to withdraw your
consent (opt out) to your Profile Data being used in this way.
You can also make specific choices about whether you consent to your Profile Data being shared
with third parties for the purposes of matching their Offers to your personal preferences. On
the Profile Dashboard you’ll find a clear box which you can tick if you are happy for us
to share your Profile Data only with those Named Market Research Partners which are specifically
listed below. You can untick this box at any
time to withdraw your consent (opt out) to your Profile Data being shared with the Named Market
Research Partners.
V. COOKIES
-
About Cookies and Third Party Technology.
A “cookie” is a small data file that may be saved to and stored on your computer
when you visit a website or open an email. Cookies are widely used in order to make websites
work, or work more efficiently, as well as to provide information to the owners of the site.
Cookies permit a website to “remember” whether your computer has visited the website
before and helps the website create a more personalised experience for you and records
activities taken by you, such as Offers completed. In this way cookies also allow us to verify
the identity of a new member registration to ensure it matches the details of a Member Referral
and so allow us to credit you with additional rewards for making that Member Referral.
For a full list of all cookies used on our website, please follow this link to
cookie information.
In addition to cookie technology, InboxPounds® use additional third party technology and
tracking tools to record Offers and activities completed by you, friends referred by you, and to
communicate information about you, such as anonymised demographic information (e.g., age,
gender), in order to target Offers and advertisements to specific groups as requested by
advertisers. Cookies and other tracking technology are collectively referred to as
“Cookies and Recording Tools”.
Your computer permits you to change the settings on your web browser to not accept and/or
disable Cookies and Recording Tools. However, if you do not accept Cookies and Recording Tools
used by InboxPounds®, you may not be able to use certain functions on the website or on
certain links to external websites. More importantly, if you do not accept Cookies and Recording
Tools you will not receive credit for Offers or other actions completed by you because we are
unable to track and record your activity. If you do not want to accept Cookies and Recording
Tools, you must stop using this website.
Also remember that any time you leave our website using a link to a third party’s website,
such as one of the advertisers or partners who have links and adverts on our website, they may
also use cookies. So make sure you visit their cookie policy to ensure you are comfortable with
how they do things once you have left our website.
Except for essential cookies, all cookies will expire after the period of time provided
here.
-
Referral and Affiliate Tracking
InboxPounds® uses cookies in order to collect Transaction Data which allows us to track
new Member registrations. This ensures Members are properly credited for referring other
Members, as well as to track the rewards you’ve earned by completing Offers which have
connected you to our advertisers and partners.
-
Member Recognition
After you have logged on as a Member into the InboxPounds® Member’s Section,
cookies are used to remember your Member name and password so they do not need to be entered
during every visit to our website. You can logout of the Member’s Section if you do not
wish to have this information saved.
-
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we
reasonably consider that we need to use it for another reason and that reason is compatible with
the original purpose. If you wish to get an explanation as to how the processing for the new
purpose is compatible with the original purpose, please
contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will
explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in
compliance with the above rules, where this is required or permitted by law.
VI. DISCLOSURES OF YOUR PERSONAL DATA
-
About Disclosure
We may have to share your personal data with the parties set out below for the purposes set out
in the table in paragraph 4 above.
-
Internal Third Parties being other companies in the CotterWeb Group – As explained
above, InboxPounds® Limited and CotterWeb Enterprises Inc. are the two companies in
the CotterWeb Group and each of these companies is a joint controllers, together being
responsible for processing your data.
-
External Third Parties could be any of the following:
-
Professional advisers including lawyers, bankers, auditors and insurers based either
in the UK or the US who provide consultancy, banking, legal, insurance and
accounting services to the CotterWeb Group.
-
HM Revenue & Customs, regulators and other authorities based in the UK who
require reporting of processing activities in certain circumstances.
-
Our third party service providers and business partners who assist with the running
of the website and our Offers, services and products including hosting providers,
payment processing partners, software service providers and backup and support
services providers. Our third party service providers and business partners are
subject to security and confidentiality obligations and are only permitted to
process your personal information for specified purposes and in accordance with our
instructions.
-
Named Market Research Partners – those market research partners with which
CotterWeb Group has an existing relationship and which are named on the Profile
Dashboard so you can specifically choose whether or not you consent to your Profile
Data being shared with these Named Market Research Partners and whether you wish to
remove your consent at any time (which, if you do, we will ensure means your Profile
Data is removed from our records within a reasonable time from your request and that
this withdrawal of consent is also passed on to the Named Market Research Partners
so that they stop using the Profile Data that we have shared with them previously).
The Named Market Research Partners are shown below together with links to their own
privacy policies:
-
Critical Mix Inc.
-
Toluna Inc.
-
Survey Sampling International LLC
-
Third parties to whom we may choose to sell, transfer, or merge parts of our
business or our assets. Alternatively, we may seek to acquire other businesses or
merge with them. If a change happens to our business, then the new owners may use
your personal data in the same way as set out in this Privacy and Cookie Policy.
We require all third parties to respect the security of your personal data and to treat it in
accordance with the law. We do not allow our third-party service providers to use your personal
data for their own purposes and only permit them to process your personal data for specified
purposes and in accordance with our instructions.
VII. SOCIAL MEDIA AND ONLINE ENGAGEMENT
-
Social Media
We occasionally use a variety of new technologies and social media options to communicate and
interact with our members. These sites and applications include popular social networking and
media sites. To better engage the public in ongoing dialog, we use certain third-party platforms
including, but not limited to, Facebook and Twitter. These third-party websites and applications
are web-based technologies that are not exclusively operated or controlled by us. When
interacting on those websites, you may reveal certain personal information to us or to third
parties. Other than when used by our employees for the purpose of responding to a specific
message or request, we will not use, share, or retain your personal information.
The Facebook privacy policy is available
here.
The Twitter privacy policy is available
here.
VIII. INTERNATIONAL TRANSFERS
-
International Transfer of Data
We share your personal data within the CotterWeb Group. This will involve transferring your data
outside the EEA.
Many of our External Third Parties are based outside the EEA so their processing of your
personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection
is afforded to it by ensuring at least one of the following safeguards is implemented:
-
We will only transfer your personal data to countries that have been deemed to provide an
adequate level of protection for personal data by the European Commission.
-
Where we use certain service providers, we may use specific contracts approved by the
European Commission which give personal data the same protection it has in Europe.
-
Where we use providers based in the US, we may transfer data to them if they are part of the
Privacy Shield which requires them to provide similar protection to personal data shared
between the Europe and the US.
Please contact us if you want further information on
the specific mechanism used by us when transferring your personal data out of the EEA.
IX. DATA SECURITY
-
About Data Security
We have put in place appropriate security measures to prevent your personal data from being
accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition,
we limit access to your personal data to those employees, agents, contractors and other third
parties who have a business need to know. They will only process your personal data on our
instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify
you and any applicable regulator of a breach where we are legally required to do so.
X. DATA RETENTION
-
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we
collected it for, including for the purposes of satisfying any legal, accounting, or reporting
requirements.
By law and in order to answer any member payment queries or respond to any claims regarding
payments made, we have to retain a record of some of the basic information about our customers
(including Member Identity Data, Member Contact Data and Member Reward Payment Data) for seven
years after they cease being members for these accounting and tax purposes. This record of
historic payments we have made to you and the account to which those payments relate are kept
separately from details of all other elements of your member account once your account is no
longer active. This information is secured and access is further restricted to ensure these
records are not used for any other purposes than to respond to such legal, accounting, tax and
any other related payment queries or claims if necessary.
In all other respects, the personal data that you provide to us will only be retained for the
life of your member account being active. If your member account is inactive for 6 months, the
Member Identity Data, Member Contact Data and Member Reward Payment Data will be deleted from
our member records databases and replaced with a string of numbers which means all other
information such as any Transaction Data, Technical Data or Profile Data can no longer be
re-associated with your personal information. Following a further period of 7 days, after which
our back up facilities are overwritten, the only information retained relating to your member
account will then permanently be Anonymous Data. Once it has become Anonymous Data (so that it
can no longer be associated with you) your information will be retained indefinitely for
research and statistical purposes without further notice to you.
In some circumstances you can ask us to delete your data: see
Request erasure below for further information.
XI. YOUR LEGAL RIGHTS UNDER GDPR (For EU Individuals)
-
About your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your
personal data. You have the right to:
Request access to your personal data (commonly known as a “data subject access
request”). This enables you to receive a copy of the personal data we hold about you and
to check that we are lawfully processing it.
You will not have to pay a fee to access your personal data (or to exercise any of the other
rights). However, we may charge a reasonable fee if your request is clearly unfounded,
repetitive or excessive. Alternatively, we may refuse to comply with your request in these
circumstances.
We may need to request specific information from you to help us confirm your identity and ensure
your right to access your personal data (or to exercise any of your other rights). This is a
security measure to ensure that personal data is not disclosed to any person who has no right to
receive it. We may also contact you to ask you for further information in relation to your
request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us
longer than a month if your request is particularly complex or you have made a number of
requests. In this case, we will notify you and keep you updated.
Request correction of the personal data that we hold about you. This enables you to have
any incomplete or inaccurate data we hold about you corrected, though we may need to verify the
accuracy of the new data you provide to us. With InboxPounds® and our My Account page
you are always in control of the information we hold about you and so can ensure it is correct
and accurate yourself at any time.
Object to processing of your personal data where we are relying on a legitimate interest
(or those of a third party) and there is something about your particular situation which makes
you want to object to processing on this ground as you feel it impacts on your fundamental
rights and freedoms. You also have the right to object where we are processing your personal
data for direct marketing purposes. In some cases, we may demonstrate that we have compelling
legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to
suspend the processing of your personal data in the following scenarios: (a) if you want us to
establish the data’s accuracy; (b) where our use of the data is unlawful but you do not
want us to erase it; (c) where you need us to hold the data even if we no longer require it as
you need it to establish, exercise or defend legal claims; or (d) you have objected to our use
of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to
you, or a third party you have chosen, your personal data in a structured, commonly used,
machine-readable format. Note that this right only applies to automated information which you
initially provided consent for us to use or where we used the information to perform a contract
with you.
Withdraw consent (opt out) at any time where we are relying on consent to process your
personal data. However, this will not affect the lawfulness of any processing carried out before
you withdraw your consent. If you withdraw your consent, we may not be able to provide certain
products or services to you and neither will the Named Market Research Partners who have also
relied on your consent to process the Profile Data we have shared with them. We will advise you
if this is the case at the time you withdraw your consent.
The right to file a complaint with your regional Data Protection Authority regarding the
handling of your personal data by us. Please go to this list of Data Protection Authorities to locate contact information for your DPA.
If you wish to exercise any of the rights set out above, please
contact us.
XII. PRIVACY SHIELD CERTIFICATION OF COTTERWEB ENTERPRISES INC. (For EU Individuals Whose Data Is Transferred to the US)
-
Privacy Shield
The EU has established strict protections regarding the handling of personally identifiable
information that is received in the US from the EU (“EU Personal Data”) and
this includes requirements to provide adequate protection for that EU Personal Data.
CotterWeb Enterprises, Inc. is subject to the regulatory and enforcement authority of the US
Federal Trade Commission.
CotterWeb Enterprises, Inc. complies with the EU-US Privacy Shield Framework as set forth by the
US Department of Commerce regarding the collection, use, and retention of personal information
from European Union member countries transferred to the United States pursuant to Privacy
Shield. CotterWeb Enterpries Inc. has certified that it adheres to the Privacy Shield Principles
with respect to such data. If there is any conflict between the policies in this privacy policy
and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall
govern. To learn more about the Privacy Shield program, and to view our certification page,
please visit https://www.privacyshield.gov/
Pursuant to the Privacy Shield we are required to notify those members from the EU that we may
be compelled to release their EU Personal Data in response to lawful requests by public
authorities including to meet national security and law enforcement requirements.
We acknowledge the right of those members from the EU about whom we process EU Personal Data to
access their personal data pursuant to the Privacy Shield. Individuals wishing to exercise this
right may do so by contacting CotterWeb Enterprises Inc. at the contact details provided below.
As an organization which is compliant with the Privacy Shield Principles, CotterWeb Enterprises
Inc. remains liable for the processing of the EU Personal Data by a third party acting on our
behalf, unless we can prove we were not a party to the actions giving rise to the damage.
EU individuals can, under the Privacy Shield, control whether their personal information is to
be disclosed to a third party or to be used for a purpose that is materially different from the
purpose for which it was originally collected or subsequently authorized by that individual.
Prior to filling out the Profile Survey, consent is requested to authorize the disclosing your
information. If we need to use your personal data for a purpose that is materially different
from the purpose(s) for which you have previously provided consent, we will notify you and we
will explain the legal basis which allows us to do so. If you wish to opt out of our use of your
data in this way, you may withdraw consent (opt out) at any time by visiting the
My Account page.
In compliance with the Privacy Shield Principles, CotterWeb Enterprises Inc. commits to resolve
complaints about your privacy and our collection or use of your personal information transferred
to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield
inquiries or complaints should first contact CotterWeb Enterprises Inc. at:
Name or title of DPO: Chief Technical Officer, Tom Healy
Email address: dpo@cotterweb.net
Telephone number: 651 289 0720
CotterWeb Enterprises Inc. has further committed to refer unresolved privacy complaints under
the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY
SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely
acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please
visit here
for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain
conditions, you may invoke binding arbitration for some residual claims not resolved by other
redress mechanisms. See Privacy Shield Annex 1
|