It’s important to us that you know that your personal information (data) is protected and that you have a choice about how it is used. This notice explains your rights, how we use your personal data and comply with legal obligations. Our policy doesn’t apply to any third parties, including social media platforms and our partners from whom you access discounts and offers, so we advise you to read those individual privacy policies.
Please regularly check this policy because we update it and it is your responsibility as a Member and/or website user to check it. However, if we make a significant change then we will actively let you know, for example, by emailing you i.e. change the way data is processed in a way which Members wouldn’t expect.
The last change to this notice was on the 25th November 2019.
We (the data controller) are: We Are Discounts Ltd, a company registered in England and Wales Company number 04009390, whose registered office is at Unit 3 First Floor Glass House Business Park, Glass House Road, Wigan, Lancashire, England, WN3 6GL.
We own and operate the website https://www.charityworkerdiscounts.com/.
We have a data protection officer who can be contacted at email@example.com.
You can contact us about any aspect of personal data by using the details provided above. You can also make any complaints about data protection to the Information Commissioner’s Office (ICO) – visit www.ico.org.uk for more information, including accessing their helpline.
Unless detailed otherwise within this policy or lists of those with whom we share data, where we are Joint Controllers of personal data, we will be the main contact for any individual data subject.
You can contact us using the details above in order to exercise your data protection individual rights under GDPR and UK data protection legislation regarding any data shared.
However, you may also still contact either us or the other Joint Controller (the organisation we are working with) about any personal data which we share.
What personal data do we collect?
We collect personal data (any information that could identify you) but on the basis that we collect the minimum amount of data that we need. You can find out more below.
We collect the following personal data:
- Identification information – such as your name and contact details (home address and/or post code, email, telephone number), date of birth, gender, your occupation, employment sector/type when you register to become a Member or update your profile
- Optional Information which enables us to provide you with more relevant discounts and offers – such as your interests and hobbies, and contract end dates for your utilities
- Information you give to us when you ask us for any help and support (for example, when you submit a request on our website) – see https://charityworkerdiscounts.zendesk.com/hc/en-gb
- Communication preferences – such as which discounts and offers you want to receive information about
- Accounting data – relating to the running of our business and paying taxes (partners may tell us what services and/or products you have purchased although this is often anonymised)
- Technical and website use data – such as IP address, browser information, location and time-zone settings, operating system and platform data, as well as data on how you use our website and access partner websites, products, and services
- Spending Data – if you use our ‘Cashback Card’ - see the information below under the heading ‘Our Cashback Card’).
We want your personal data to be accurate and up to date and may periodically contact you about this. However, if there are any changes to your personal data (such as a change of name) please let us know as soon as possible by updating your profile (log into your account and access the My Profile section at https://www.charityworkerdiscounts.com/my-profile or by emailing or writing to us, using our contact information in the Contacting us section to do so.
How we collect your personal data
We collect your personal data in various ways, and you can find out more about this below:
We may collect your personal data in the following ways:
- Information that you give to us when you register, complete and update your My Profile section in your account.
- Information that you give to us when you ask us to help or provide support
- Information that you provide when using our website or social media (for example, you may comment on one of our Facebook posts)
- Information that you provide when you enter competitions or complete any surveys
- Information from third parties, including our partners when you buy their products or services – we never have your secure financial/payment data (i.e. credit or debit card details) - and information from any existing Member who may provide your contact details to us via our ‘refer a friend’ scheme
- Information from our card partner, Sodexo, about how you use your ‘Cashback Card’, if you have decided to become a cardholder, in order to help us improve the membership deals and discounts we can offer you (unless you decide you do not want us to have this information and/or do not want them to share this information – see the sections Opting out of profiling and Our Cashback Card below)
- Information we receive when you visit our website from another website or from social media (such as LinkedIn or Twitter)
If you decide not to give us personal data, we may not be able to provide some services to you. For example, without your email address, we can’t email you about any discounts or offers.
Using your personal data (purposes)
We use personal data so that we can:
- Process your application to become a Member
- Maintain our Membership records
- Provide you with the discounts, offers, and information you’ve asked for, to provide you with any help or support, and contact you in response to your communications with us
- Give you the best Member experience - including when you use our website - which can involve using any of your personal data for profiling activities so that we can send you tailored discounts and offers (to meet your own interests) but we also use anonymised data. However, you can opt out of profiling – see the Opting out of profiling section for this
- Help our partners to offer discounts and offers which our Members want
- Invite you to take part in a survey, competition or prize draw or our ‘refer a friend’ scheme, as well as market research activities
- Contact you about any competitions or prize draws we may run, including letting you know if you have won a prize
- Analyse and monitor how secure and effective our website and business are on an ongoing basis
- Check your eligibility to participate in our ‘refer a friend’ scheme or any prize draw or competition
As a responsible organisation, we have additional checks in place (for example with profiling) to protect any vulnerable groups (particularly children).
The lawful basis for using your personal data
We must have a lawful basis before we can process your personal data. You can find out more about which lawful basis we rely on below:
The lawful basis enabling us to use your personal data is one or more of the following:
- when processing is necessary for our legitimate interests or those of a third party, (provided those interests don’t override your interests, freedoms or rights) so that we can deliver your membership benefits, namely sourcing and providing you with the best deals, discounts and offers we can find. You have a right to object to us using your personal information for these legitimate interests. This includes a right to object to profiling – see Opting out of profiling and Your personal data rights sections below
- to comply with a legal obligation (such as when we need to comply with the law, or you exercise your data protection rights)
- where you have consented to the processing of your personal data, such as for marketing purposes or if required in relation to a prize draw or competition.
We need all the categories of personal data in the table below to allow us to deliver your membership benefits and to enable us to comply with legal obligations. We have indicated in the table below the purpose or purposes for which we are processing or will process your personal information, as well as providing a description of which categories of data are involved.
Where a legitimate interest is involved, we state what the legitimate interest is.
Generally, we do not rely on consent as a legal basis for processing your personal data (such as for sending you Membership service communications, referred to in the table below). Remember you can change your mind at any time about the emails you want to receive by updating your e-mail preferences (log into your account and access the “E-Mail Preferences” section at https://www.charityworkerdiscounts.com/email-preferences or by emailing or writing to us, using our contact information in the Contacting us section) but this may mean we can’t keep you up-to-date with the latest offers and discounts.
|Purpose/Activity||Type of data||Lawful basis for processing (including basis of legitimate interests)|
|Register you as a member||Identification data||Necessary for our legitimate interests (our business model is to provide you as an individual in one of our membership groups access to discounts and offers from retail and brand partners who wish to support workers in public service)|
|Sending you Membership service communications (including emails unless you ask us not to)||Contact details (provided by you with your Identification data) and data derived from profiling your interests (see ‘Profiling’ below in this table) and optional information provided by you||Necessary for our legitimate interests (you have become a Member to obtain discounts and offers which are relevant to you and will help you save money. We need to identify those most likely to be of interest and benefit to you then provide you with easy access to them)|
|Manage our relationship with you||Identification data||Necessary for our legitimate interests (to keep our records updated / deal with your enquiries or any problems you may have efficiently)|
|Surveys and other market research activities||Data you agree to provide us by taking part (e.g. about products and services or your membership experiences or you and your lifestyle) and any and optional information provided by you||Necessary for our legitimate interests (our aim is to provide our Members with discounts and offers which are relevant to them, will help them save money and to identify any additional membership services which may benefit our Members)|
|Enabling you to partake in a prize draw or competition and our ‘refer a friend scheme’||Contact details (provided by you with your identification data) and any optional Information provided by you and technical and website use data||Necessary for our legitimate interests (to provide additional membership benefits) and to establish eligibility to partake in the prize draw or competition or ‘refer a friend’ scheme)|
|Profiling (to help us know what interests you and how we may help you save money)||Technical and website use data, your responses to our communications of partner offers or deals (which offers you view using any hyperlinks emailed to you) and analysis of your Spending data if you use our Cashback Card (see Data Shared with us and Opting out of profiling below), as well as optional information provided by you||Necessary for our legitimate interests (our aim is to provide you as a Member with discounts and offers which are relevant to you and will help you save money which you can access easily)|
|Accounting/Management||Purchase data (partners may tell us what services and/or products you (or all our members together) have purchased, when and at what cost)||Necessary for our legitimate interests (we need to monitor how our partners perform under their contracts with us (including when they charge our Members for goods or services though usually this information is anonymised and aggregated)|
|Research and analysis (to help us and our partners provide discounts, offers and other membership benefits which our Members want)||Data showing how you use our website (when you visit, your IP address and which web pages you view), your responses to our communications of partner offers or deals (which offers you view using any hyperlinks emailed to you) and analysis of your spending data if you use our Cashback Card (see Data Shared with us and Opting out of profiling below)||Necessary for our legitimate interests (our aim is to provide our Members with discounts and offers which are relevant to them, will help them save money and to identify any additional membership services which may benefit our Members)|
|IT Administration and protection (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Identification data, Technical & Website use data||(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
|Deliver relevant website content (including advertisements to you and measure or understand the effectiveness of the advertising we serve to you)||Identification data, Technical & Website use data & Profile data||Necessary for our legitimate interests (to study how member use our member services, to develop them, to grow our business and to inform our communication strategy)|
|Use data analytics (to improve our website, membership services, marketing, membership relationships and experiences)||Technical & Website use data||Necessary for our legitimate interests (to identify types of members and membership groups for our member services, to keep our website updated and relevant, to develop our business and to inform our communication strategy)|
|Comply with a legal obligation (including complying with a subject access request, monitoring the security of your account and preventing, detecting and reporting criminal activity)||All or any data of the categories of data provided by you or received by us – see ‘What data do we collect’ above.||Legal obligation.|
Opting out of profiling
You can opt out of profiling which we use, for example, so that we can send you tailored discounts and offers which meet your own interests by emailing or writing to us, using our contact information in the Contacting us section. For more information on opting out of profiling see https://www.charityworkerdiscounts.com/profiling.
To protect your personal data, we have put the following technical and security measures in place:
- security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, as well as altered or disclosed (including encryption and restricted access)
- we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality
- internal policies and procedures (including a data protection policy) to deal with any issues, including notifying you where applicable
- undertaking a Data Protection Impact Assessment and similar safeguards to both consider and address the risks when appropriate, for example, before we start any new profiling
- putting in place procedures to deal with any suspected personal data breach and to notify you and any applicable regulator of a breach, where we are legally required to do so.
Sharing and disclosing your personal data
Subject to data protection law, we may share or disclose your personal data with:
- those who are providing products and services to us (such as subcontractors and suppliers) if they have appropriate processes in place to protect it
- government agencies and where the law requires us to share or disclose your information
- authorised third parties who track and store information about visitors to our website (including IP addresses)
- third parties who improve fraud protection and protect the security or integrity of our business operations
- any person or organisation to whom the business is sold or transferred
Otherwise, we will only share your personal information if you have consented to this.
Aside from the third parties who may receive anonymised data (see the Non-personal Information section) we share data with
- Our partners - lists of the types of third parties with whom we share data is can be found below. We’re always concerned about equality and accessibility, so we’ve got separate lists to make it easier to view. However, we anonymise this data in so far as is possible and limit data sharing to the minimum needed for you to access offers
Lists of third parties with whom we share data and who share data with us
1. Our Partners
We share data with our Partners – organisations we “partner” with.
Why do we share it? To bring you the best discounts and offers and to run our website and business effectively.
A list of the third parties (our partners) with whom we share data can be found here https://www.charityworkerdiscounts.com/retailers-a-z.
2. Our usual Suppliers
These are some of the great organisations which supply us with services and products. We share data with:
To send our email communications.
To create our email communications to members.
To create and send our email communications to members (we are in the process of migrating this service to Exponea from Silverpop and Jetlore but at the date of this privacy notice all three parties are engaged by us).
To show targeted ads to people who have visited our website https://www.facebook.com/about/privacy/update.
To show targeted ads to people who have visited our website.
Providing information which help us understand how individuals are using our website.
HM Revenue and Customs
Financial records as required by law https://www.gov.uk/government/organisations/hm-revenue-customs/about/personal-information-charter.
Mention Me Ltd
To administer our ‘refer a friend’ scheme and related promotions.
3. Suppliers who keep data secure
Data security is important to us, so we list the types of organisations which we use but we don’t display their details on our website to avoid exposure to hackers and anyone who may misuse the information (so your personal data is not vulnerable). Any data subject can find out more by emailing our Data Protection Officer at firstname.lastname@example.org.
We share data with:
Organisations who host our websites, so they stay online and are secure.
Organisations who help us develop and maintain our websites this is so that we can develop our websites, offer more functions and make sure they run securely, effectively and efficiently.
Organisations who provide us with email services so that we can send and receive emails.
Organisations who provide us with financial services and products including accounting, banking and payment providers, this is so we can run our business, do our accounts and pay our taxes and the lovely people who work here.
Marketing organisations to help market and promote our website and to track preferences so we can offer you the best deals based on your choices.
We require all these third parties to respect your personal data, to process it on our instructions (where we are the data controller) and comply with the law in relation to data protection.
4. Data Shared with us
Our Cashback Card – We partner with Sodexo Motivation UK Limited (‘Sodexo’) to offer our Members a cashback card to earn cashbacks from participating retail partners when they spend with those partners - see: (https://www.spree-card.com/HSDSPR/Home/Info).
In addition to this, by sharing with us the Spending data Sodexo receive, we can analyse where, when and how our cardholder members spend their money, and on an individual Member level look for the most relevant and beneficial Membership deals, discounts and rewards from our retail partners for each cardholder Member. Based on the aggregated spending data of all cardholders which Sodexo share with us we can also look for deals, discounts and rewards which will also benefit our wider membership, including our different Member Groups.
Cardholder Members can choose to opt out of all individual profiling based on their card spending – see Opting out of profiling above.
Sodexo share Spending data based on our ‘legitimate interests’ in using this data in the way described to benefit our members as well as to improve the quality and efficiency of our membership services, which is in our commercial interests.
Your personal data rights
The law gives you certain rights in relation to your personal data and to exercise these rights contact our Data Protection Officer at email@example.com. The following rights may apply to personal data we collect and process it (these can vary according to the lawful basis we rely on to process personal data) so that you can:
- Access personal data that we hold about you (Right to access your personal data - commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Make changes to your personal data if it is incomplete or inaccurate (Right to rectification). You can do this by logging into your account and accessing the “My Profile” section at https://www.charityworkerdiscounts.com/my-profile and making the changes, or by emailing or writing to us, using our contact information in the Contacting us section to do so, though we may need to verify the accuracy of the new data you provide to us.
- Restrict the processing of your personal data in certain circumstances, including where we are relying on legitimate interest as a lawful basis to process your personal data and you need us to check this basis. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful, but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
- Ask us to erase your personal data (Right to be forgotten) and prevent processing in specific circumstances, particularly when your consent is the lawful basis for us processing your data.
- Object to us processing your personal data in certain circumstances, including profiling and profiling for communication purposes, and where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You can also obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- Obtain and reuse your personal data for your own purposes across different platforms (data portability) where the processing is based on your consent or for the performance of a contract. If so, we will be able to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain membership services to you. We will advise you if this is the case at the time you withdraw your consent.
Exercising your rights
When you choose to exercise any of your data protection rights: -
- We will ask you for some information (primarily identification and clarification) and we can supply an optional form for you to complete if you would like to use it.
- We will deal with your request as soon as we are able to; usually, that’s within one month of receiving it.
- If there is going to be a delay in dealing with your request (for example, because it’s complex or you have made a number of requests) or there is a reason why we can’t comply with your request, we will let you know and explain why within one month of receiving your request.
- There is usually no charge unless your request is manifestly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Retaining personal data
We only retain personal data for as long as it is reasonably required before it is deleted, destroyed, or anonymised.
We use the following criteria for data retention:
- Retention to deal with queries:
- Retention to meet legal and regulatory requirements: For example, we keep personal data after you cease to be a Member because we have legal and regulatory requirements to meet.
Our data retention details are below:
Potential Members - We will retain personal data for 12 months from the date of our last contact.
Members - We will retain personal data for 7 years from the date that you ceased to be a member
Transferring personal data
Your data may be transferred or stored outside the UK to non-EU countries who may not have the same data protection as the UK and the EU but, if we do this, we will have an agreement with the third party who will be using an approved mechanism to keep the personal data secure. This means transferring data to providers who:
- sign a specific contract approved by the UK Information Commissioners Office (ICO) or the European Commission which give your personal data the same protection it has in the UK or Europe.
- adhere to certain agreed codes of conduct or certification approved by the UK Information Commissioners Office (ICO) or the European Commission, or
- UK Information Commissioners Office (ICO) or the European Commission deems to have an adequate level of protection for personal data, or
- are based in the USA and are part of the EU-US Privacy Shield.
If one of these safeguards isn’t in place, we’ll ask for your explicit consent, which can be withdrawn at any time.
To help us effectively run our website and business, our website collects non-personal information or aggregated information (which doesn’t identify an individual) from those who use it. For example, Google Analytics collects information about our website visitors, but the information is processed so that an individual cannot be identified from it because we work in accordance with their guidelines, so personal data should not be used or shared with them. Website searches may be powered by third parties but are anonymised.