1. IMPORTANT INFORMATION AND WHO WE ARE
PURPOSE OF THIS PRIVACY NOTICE This privacy notice provides you with information on how Cashblack collects and processes your personal data through your use of this platform. This includes any data you may provide when you sign up for our platform, browse or make purchases, enter contests, or engage with us through our platform or email communications. Please read this notice alongside any other privacy or fair processing notices we may provide on specific occasions to fully understand how and why we use your data. This privacy notice complements those notices and does not supersede them.
CONTROLLER Cashblack is the controller and responsible for your personal data. Throughout this privacy notice, "Cashblack," "we," "us," or "our" refer to Cashblack Ltd. For inquiries unrelated to this privacy notice, please contact us at firstname.lastname@example.org. Our postal address is 71-75 Shelton Street, Covent Garden, London, WC2H 9QJ.
CONTACT DETAILS You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK data protection authority (www.ico.org.uk), at any time. However, we appreciate the opportunity to address your concerns before contacting the ICO. Please reach out to our data privacy manager for inquiries related to this privacy notice at the following address:
Full name of legal entity: Cashblack Ltd (For queries unrelated to this privacy notice, please use email@example.com) Postal address: 71-75 Shelton Street, Covent Garden, London, WC2H 9QJ
CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES This policy may change and be updated periodically, so please check it regularly. To ensure the accuracy of the personal data we hold, please inform us promptly of any changes to your personal information during your engagement with us.
THIRD-PARTY LINKS Our platform may contain links to third-party platforms, plug-ins, and applications. Clicking on these links or enabling connections may allow third parties to collect or share data about you. We do not control these third-party platforms and are not responsible for their privacy policies. When leaving our platform, we recommend reviewing the privacy notice of every website you visit.
2. THE DATA WE COLLECT ABOUT YOU
Personal Data Categories We collect various types of personal data about you, which we have grouped as follows:
Identity Data: Includes first name, last name, username, marital status, title, date of birth, and gender.
Contact Data: Comprises billing address, delivery address, and email address.
Financial Data: Encompasses bank account and payment card details.
Transaction Data: Includes details about payments to retailers featured on our platform and information about products and services you purchase through our platform.
Technical Data: Comprises internet protocol (IP) address, login data, browser type, version, time zone, location, browser plug-ins, operating system, and other technology information related to your device usage on our platform.
Profile Data: Encompasses your username, password, purchase history, preferences, feedback, and survey responses.
Usage Data: Provides insights into how you use our platform, products, and services.
Marketing and Communications Data: Includes your preferences regarding marketing communications from us and third parties, as well as your communication preferences.
Aggregated Data We may use Aggregated Data for various purposes. Aggregated Data is data that has been anonymized and does not directly or indirectly identify you. While we may aggregate your Usage Data, combining it with your personal data to identify you, we treat the merged data as personal data, subject to this privacy notice. We do not collect Special Categories of Personal Data about you, such as race, religion, sexual orientation, or health information, unless explicitly stated.
IF YOU FAIL TO PROVIDE PERSONAL DATA If you fail to provide personal data we require by law or under a contract with you, we may be unable to perform the contract's obligations, such as providing our cashback service. In such cases, you won't be able to join Cashblack.
3. HOW IS YOUR PERSONAL DATA COLLECTED? We employ various methods to collect data from and about you, including:
Direct Interactions: You provide your Identity, Contact, Transaction, or Financial Data when completing forms, corresponding with us via post, email, or other means. This includes data you provide when you create an account, subscribe to our On Card service, submit transaction claims or inquiries, enter contests or provide feedback.
Essential Third Parties: To facilitate the cashback service, we receive personal data from various third parties. These include Affiliate Networks, retailers featured on our platform, and On Card data matching providers (for subscribers). To enhance our service, we may also receive Technical Data from analytics providers, Profile Data from mosaic profile providers, Contact and Technical Data through third-party marketing activities, and Contact Data from third parties.
4. HOW WE USE YOUR PERSONAL DATA
Legal Bases for Processing We only process your personal data when legally permitted. Commonly, we use your data under the following circumstances:
To fulfill a contract we are about to enter into or have entered into with you.
For our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Purposes for Using Your Personal Data We have outlined in a table format how we plan to use your personal data, along with the legal basis for each use. We've also identified our legitimate interests where applicable.
MARKETING We aim to provide you with choices regarding certain personal data uses, especially marketing and advertising. Within your account, you can manage your personal data preferences related to marketing emails.
PROMOTIONAL OFFERS FROM US We may use your personal data to tailor our marketing efforts and offer products or services that may interest you. You will receive marketing communications from us unless you opt out.
THIRD-PARTY MARKETING Cashblack may share your Contact or Identity Data with select third parties (e.g., email providers and social media publishers) to target our marketing effectively and make it relevant to Cashblack members.
OPTING OUT You can stop receiving marketing emails at any time by adjusting your marketing preferences in your platform account or by following opt-out links in marketing emails.
CHANGE OF PURPOSE We will only use your personal data for the purposes we collected it for, except where we reasonably believe another purpose is compatible with the original one. If we need to use your personal data for an unrelated purpose, we will inform you and explain the legal basis for it.
5. DISCLOSURES OF YOUR PERSONAL DATA
External Third Parties We may share your personal data with various external third parties for the purposes outlined in section 4 of this policy. We ensure that third-party service providers respect your personal data's security and process it in compliance with the law.
6. INTERNATIONAL TRANSFERS
International Transfers Outside the EEA Certain external third parties, such as payout providers, may be based outside the European Economic Area (EEA), resulting in data transfers outside the EEA. We ensure adequate protection for your data during these transfers by:
Transferring data only to countries approved by the European Commission.
Using specific contracts approved by the European Commission.
Ensuring third-party providers in the US adhere to the Privacy Shield framework.
7. DATA SECURITY
Data Security Measures We implement security measures to prevent unauthorized access, use, disclosure, alteration, or loss of your personal data. We restrict access to your data to employees, agents, contractors, and third parties who require it for legitimate purposes. They process your data per our instructions and maintain confidentiality.
Data Breach Procedures In the event of a suspected data breach, we have established procedures to promptly address and report the breach to you and relevant regulators, as required by law.
8. DATA RETENTION: HOW LONG WILL YOU USE MY PERSONAL DATA FOR? We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including legal, accounting, or reporting requirements. The retention period depends on factors such as the data's nature, sensitivity, and legal requirements.
Requesting Data Deletion You may request deletion of your data. In some cases, we may anonymize your personal data for research or statistical purposes without notifying you.
9. YOUR LEGAL RIGHTS
Access to Your Data You have the right to request access to your personal data, often referred to as a "data subject access request."
Data Correction You can request correction of your inaccurate or incomplete personal data.
Data Erasure You have the right to request erasure of your personal data, often referred to as the "right to be forgotten."
Object to Processing You can object to processing of your personal data, including processing based on legitimate interests and for direct marketing.
Data Restriction You can request the restriction of processing of your personal data in specific situations.
Data Portability You can request the transfer of your personal data to you or to a third party.
Withdraw Consent If we process your data based on your consent, you can withdraw your consent at any time.
No Fee Usually Required We typically do not charge a fee for exercising your rights. However, we may charge a reasonable fee or refuse your request if it is unfounded or excessive.
Information Required We may need specific information from you to verify your identity and respond to your requests. We may contact you for additional information to expedite our response.
Response Time We aim to respond to all legitimate requests within one month. Complex or multiple requests may require more time, in which case we will notify you.
External Third Parties Third-party service providers who offer IT and system administration services, Affiliate Networks, retailers featured on our platform, regulators, third-party providers to Cashblack, payout providers, and third-party email providers.
Affiliate Networks Intermediaries between our platform and retailers, responsible for tracking cashback, processing payments, and assisting with untracked sales.