The Rewards Factory Pty Ltd (“us”, “we”, or “our”) provides the The Rewards Factory mobile application through which services and products may be provided (the “Programme”).
We understand that when you use the The Rewards Factory Programme you are placing your trust in us to handle your data appropriately and that is why we take a no-nonsense approach to data protection. We are committed to strong and transparent privacy practices.
Part of this no-nonsense approach is you provide with as much information about how we process your personal information in connection with your use of our service and to enable you to make informed decisions about your personal information when using The Rewards Factory.
i) What Personal Data we collect and why we collect it
ii) How we use Personal Data
iii) Who we share Personal Data with
iv) The choices we offer, including how to access, update, and remove Personal Data
1. INFORMATION COLLECTION AND USE
The Rewards Factory collects Personal Data about you when you provide it directly to us, when we feel it necessary to capture key information to help our agents in future service requests, or when Personal Data about you is automatically collected in connection with your use of the Programme.
We use this Personal Data to:
2. HOW WE USE YOUR INFORMATION
We use information held about you (and information about others that you have provided us with) in the following ways:
2.1 Contact Information:
This is information we collect to identify or contact you, we collect typical “business card information” such as your first and last name, physical address, email address, telephone number. This is the basic information that we collect when you register for our service on the Programme.
2.2 Task Information
This is information related to any Tasks that you generate and the fulfilment therein by any party including any Service Provider/s, whereby behavioural or preference analytics can be determined. This information is solely used to efficiently serve you and or to provide alternative options while using the Programme.
2.3 Transaction Information:
This is information related to transactions you conduct on the Programme.
2.4 User Account Information:
This is information that identifies you as a Member of the Programme, such as your user name, email address, password, and IP address. For example, we use this information to authenticate you when you log in to the Programme, and use the IP address to help agents efficiently locate you while using the Programme and to provide a better, more efficient service.
2.5 User Content:
From time to time we will collect Personal Data as part of such content, images, comments, and other content, information such as important addresses and basic family information and user preferences such as “Client likes independent coffee shops”. This information is solely used to efficiently serve you and or to provide alternative options while using the Programme.
2.6 Technical Information:
We collect information about your mobile device, including where available, your IP address, operating system and browser type, for system administration and analytical purposes; information showing us from which App Store you downloaded our App.
2.7 Information we receive from other sources:
When using the Programme, we may be in contact with third parties who may, subject to the provisions of clause 3, provide us with certain information about you in order to enable your use of the Programme.
2.8 Cookies or similar technologies to analyse trends:
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioural advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our products do not support Do Not Track requests at this time, which means that we collect information about your online activity, both while you are using the products and after you leave our site.
2.9 Crash data:
This will include your device information, details of the incident experienced, your screen resolution and any comments that you add to the incident. This information is processed by a third party that is GDPR compliant.
3. JUSTIFICATION OF USE
We will only use your Personal Data if we have a lawful basis for doing so. Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the ground in respect of each use of your personal data in this policy. These are the principal grounds that justify our use of your information:
3.1 Consent: where you have consented to our use of your information (you provide explicit, informed, freely given consent, in relation to any such use and you may withdraw your consent in the circumstance detailed below by notifying us);
3.2 Contract performance: where your information is necessary to enter into or perform our contract with you;
3.3 Legal obligation: where we need to use your information to comply with our legal obligations;
3.4 Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights; and
3.5 Legal claims: where your information if necessary for us to defend, prosecute or make a claim against you or a third party.
4. WHERE WE STORE YOUR PERSONAL INFORMATION
The personal data that we collect from is processed in the European Economic Area (“EEA”) and stored on Amazon Web Services (Ireland) Cloud Servers This data may however be processed by staff operating outside of the EEA who work for us.
Your passwords are stored on our servers in encrypted form. We do not disclose your account details. It is your responsibility to keep your password secure. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our mobile app, and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent any unauthorised access.
5. HOW LONG WE STORE YOUR CUSTOMER ACCOUNT DATA
We will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask us to delete specific personal information from your Customer Account, we will honour this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.
Customer Account Data stored in our system(s) is generally stored up to 7 years following closure of your account unless there is a specific need or obligation to retain your information longer (like in the case of an open investigation, audit or other legal matter).
Invoice records, including their digital equivalent, may be retained in identifying form by us for longer periods for accounting, tax, and audit purposes depending on and in accordance with applicable tax law.
6. DISCLOSURE OF YOUR INFORMATION
We do not share, sell, or otherwise publicise our users’ personal information.
We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy:
We do not accept responsibility for email correspondence, or any other interaction resulting from email correspondence, sent in error due to incorrect contact information provided by a client or participant.
Please be aware that some organisations monitor employees’ internet traffic, including encrypted web traffic. We cannot conceal your responses or identity from such monitoring systems. We recommend that you familiarise yourself with the network monitoring policy of your organisation.
We believe the security of your information is a serious issue and we are committed to protecting the information we receive from you. We use commercially reasonable security measures to protect against the loss, misuse, and alteration of your information under our control based on the type of Personal Data and applicable processing activity, such as data encryption in transit, and enforcement of least privilege and need-to-know principles. To the extent the Programme requires you to provide any Financial Account Information, such as when you purchase subscriptions to the Programme, that information will be collected and processed by third-party PCI-compliant service providers. We do not store Financial Account Information transmitted through the Programme, provided that we do store (or our payment processor on our behalf will store) just the last four digits of your credit card number, if you provide this to us, to comply with credit card processing requirements of authorizations, charges and chargebacks.
8. INTERACTIONS WITH OTHERS
9. WHAT RIGHTS AND CHOICES DO YOU HAVE REGARDING YOUR PERSONAL DATA?
Under the General Data Protection Regulation (EU) 2017/676, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at firstname.lastname@example.org
You have certain rights with respect to your Personal Data, and we want to help you review and update your information to ensure it is accurate and up-to-date. We may limit or reject your request in certain cases, such as if it is frivolous or extremely impractical, if it jeopardises the rights of others, if it is not required by law, or if the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question. In some cases, we may also need you to provide us with additional information, which may include Personal Data, to verify your identity and the nature of your request. We will take reasonable steps to respond to all requests within 30 days (or less!). You can also contact us directly at email@example.com if you have any additional requests or questions:
9.1 Right to rectification:
If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
9.2 Right to erasure / ‘Right to be forgotten’:
You can request that we erase some or all of your Personal Data from our systems. Please note that if you request the deletion of information required to provide the Programme to you, your User Account will be deactivated and you will lose access to the Programme.
9.3 Right to data portability:
You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible. For the following, please email us at firstname.lastname@example.org
9.4 Right to restriction of processing / Withdrawal of consent:
If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilise some or all of the Programme. You can ask us to restrict further processing of your Personal Data. You also have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
9.5 Right to complain:
You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for marketing purposes.
9.6 Closing Your Account:
You may close an account, and upon termination of your User Account, we will take reasonable steps to provide, modify, or delete your Personal Data as soon as is practicable. However, we may nevertheless retain your Personal Data to protect our business interests, our affiliates, vendors, and other users, and some information may remain in archived/backup copies for our records or as otherwise required by law. Those interests include without limitation the completion of transactions, maintaining records for financial reporting purposes, complying with our legal obligations, resolving disputes, and enforcing agreements.
We will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above; however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.
Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use the Programme, or at least those aspects of the Programme which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use the Programme.
10. ENFORCEMENT AND RECOURSE
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
12. WHAT IF YOU HAVE QUESTIONS REGARDING YOUR PERSONAL DATA?
The Rewards Factory Pty Ltd
Attention: Privacy Officer