How to contact us.
Understanding rights of your Personal Data
Your rights retained on your Personal Data
Under certain circumstances, by law you have the right to:
● Request access to your Personal Data. Acquiring a copy of our Personal Data to determine that we are lawfully processing it.
● Request correction of the Personal Data that we hold about you. Inform us of any incomplete or inaccurate information we hold.
● Request erasure of your Personal Data. Request the removal of Personal Data where there is no good reason to retain and to process it. You may also request us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
● Object to processing of your Personal Data. The right to object to processing your Personal Data for direct marketing purposes.
● Request the restriction of processing of your Personal Data. Request to suspend the use of Personal Data, for example to determine its accuracy or the reason for processing it.
● Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
● Withdraw consent. Consent withdrawal may result in us, not able to provide you with access to the certain specific functionalities of our Services. We will notify you this is applicable at the time you withdraw your consent.
How to exercise your rights
To exercise your rights described above, please contact us using the contact details under How to Contact Us.
Typically, there is no charge to access your Personal Data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply under these circumstances.
We may as a security precaution require specific information from you to assist in confirming your identity and ensure your right to access the Personal Data (or to exercise your rights). We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month. Your request may take longer if particularly complex or you have made a number of requests. In such a case, we will notify you and keep you updated.
If your request has not been adequately resolved to your liking, please note that the GDPR gives you the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office.
Marketing communications preferences
You may occasionally receive push notifications from our Apps containing marketing materials. If you prefer not to receive push notifications, you may disable it at any time in your device’s app settings.
When opting out of push notifications, you may still receive support and administrative emails from time to time regarding your use of the Services including, for example, changes to our terms and conditions and policies, updates to our Services and security alerts.
What Personal Data we collect
All the Personal Data we collect, both from you and from third parties about you, is outlined in the table below.
GDPR’s definition of Personal Data can be found here. Essentially, it boils down to: information about an individual, from which that individual is either directly identified or can be identified.
Anonymous data is not included (i.e., information where the identity of the individual has been permanently removed).
However, it does include ‘indirect identifiers’ or ‘pseudonymous data’ (i.e., information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular person).
Category of Personal Data collected
What this means
Identity First name, surname, date of birth.
Contact Email address, telephone numbers and address.
Financial No financial or payment credentials are stored, only selected payment methods are stored.
Transaction Any details about payments to and from you and other details of services you have purchased from us. Data in respect of your transactions with third parties.
Service Your data that you provide to us when you report a problem or ask a question in respect of our Services or when you request further services from us. If you
contact us, we may keep a record of that correspondence.
Technical This includes:
● Device information: We may collect information about the device you
use to access the Services, including time zone setting and location,
operating system and platform, mobile network information,
telephone number and other technology on the devices you use to
access our Services.
● Location information: When you use one of our location-enabled Apps
or Services, we may collect and process data about your actual
● Video footage: When you use the kiosk all video footage will only be
used to identify purchased items, and will not be used for any other
processes, identification, shared with a third party, retained for
extended periods or leave our system.
● Log information: We may automatically collect and store certain
information about your use of the Services in server logs, including but
not limited to internet protocol (IP) addresses, internet service
provider, clickstream data.
● Unique application numbers: When you install or uninstall an App
containing a unique application number or when such an App
searches for automatic updates, that number and information about
your installation, for example the type of operating system, may be
sent to us.
No Special Categories of Personal Data
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How we use your Personal Data and why
We will only use your Personal Data for the purposes for which we collected it as listed below, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
What is our legal basis for processing your Personal Data?
In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a legal basis for that use. Most commonly, we will rely on one of the following legal bases:
● Where we need to perform a contract we are about to enter into or have entered into with you (Contractual Necessity).
● Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (Legitimate Interests). More detail about the specific legitimate interests pursued in respect of each Purpose we use your Personal Data for is set out in the table below.
● Where we need to comply with a legal or regulatory obligation (Compliance with Law). ● Where we have your specific consent to carry out the processing for the Purpose in question (Consent).
Generally we do not rely on your Consent as a legal basis for using your Personal Data.
We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your Personal Data.
Purpose Category(ies) of Personal Data
Why do we do this Our legal basis for this use of data
Account Creation ● Identity ● Contact
To register you as a new customer. Contractual Necessity.
To process transaction
● Financial ● Transaction
To prevent theft items purchased, purchase history, selected payment method.
Troubleshooting ● Identity ● Contact
To track issues that might be occurring on our or partner systems and to notify you of updates and
Legitimate Interests. It is in our legitimate
● Technical ● Transaction
security alerts. interests that we are able to monitor and ensure the
proper operation of our
Services and associated
systems and services.
Data analysis, and improvements to our Services
● Contact ● Service
● Behavioural ● Technical
To carry out audits and data analysis to identify usage trends, improve the Services and improve the effectiveness of our
It is in our legitimate interests that we are able to use audit and data analysis to improve the Services and improve the effectiveness of ourcommunications.
Customer Services ● Identity ● Contact
Personalisation ● Identity ● Service
To provide customer service, including to respond to your enquiries and fulfil any of your requests for information in respect of the Services.
To personalise your experience on our Apps by presenting information tailored to you and your geographic location.
It is in our legitimate interests that we are able to provide a more
personalised service to you to improve your experience of the
Compliance with law and regulation
● All relevant data
We may use data as we believe to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process and our
regulators; (c) to respond to requests from public and
Depending on the
circumstances, our legal basis may be:
● Compliance with a legal
which we are
● Necessity to
protect your vital
those of another
Personal Data from Third Party Sources
Who we share your Personal Data with.
The table below describes who we share your Personal Data with, what we share and why we share it.
Recipients Category(ies) of Personal Data we
Why we share it Location(s)
Our Affiliates ● Identity ● Contact
Service Providers ● Identity ● Contact
Our affiliates help us provide our service
and help manage our customer
relationships (including providing
customer support, customer liaison etc).
Our service providers provide us with IT
and system administration services.
Regulators and other authorities
● Behavioural ● Technical ● Transactional
Our lawyers, bankers, auditors and
insurers provide consultancy, banking, legal, insurance and accounting services.
Authorities may require reporting of
processing activities in certain
Our analytics providers will use this
information for the purpose of evaluating your use of our Services, compiling reports on Service activity and providing other services relating to Service activity and internet usage. Our analytics
providers may also transfer this
information to third parties where
required to do so by law, or where such third parties process the information on our analytics providers’ behalf. Improving our classifications and analysis with respect to all aspects of the system.
To be completed after above table, depending where we host our services and where data will be transferred across borders
How we store your Personal Data securely.
We store all your Personal Data under appropriate security measures to it from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
We limit access to your Personal Data (as shown in the table above) to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality.
We have put in place procedures to deal with any actual or suspected Personal Data breach. In the event of any such breach, we have systems in place to work with applicable regulators. In addition, in certain circumstances (e.g., where we are legally required to do so) we may notify you of breaches affecting your Personal Data.
How long we store your Personal Data.
We will only retain your Personal Data for so long as we reasonably need to use it for the purposes set out above How we use your Personal Data and why, or until you execute your rights to remove it, unless a longer retention period is required by law (for example for regulatory purposes).
The table below shows our standard retention practices:
Category of Personal Data
Identity For so long as retention is necessary to fulfil the Purposes/Use for which it is used (see How we use your Personal Data and why)
Contact For so long as you remain a customer of ours.
Transaction For so long as retention is necessary to fulfil the Purposes/Use for which it is used (see How we use your Personal Data and why)
Service For so long as you remain a customer of ours.
Technical For so long as retention is necessary to fulfil the Purposes/Use for which it is used (see How we use your Personal Data and why)
Third party links.