Privacy Notice

Important Notice. In connection with the acquisition of Reward Gateway (UK) Ltd by Edenred SE, the assets of Edenred (UK Group) Limited were in January 2024,  transferred to Reward Gateway (UK) Ltd. As a consequence, Reward Gateway (UK) Ltd became the Data Controller of the personal data of Edenred (UK Group) Limited from the date of transfer. To ensure data subject rights remain fully respected in a consistent way, a single DPO has been appointed across both organisations, who can be contacted at dpo.uk@edenred.com or privacy-requests@rewardgateway.com. 

If Clients and Data Subjects who are being migrated over from the Edenred (UK Group) Ltd platform from March 11, 2024 have questions concerning the privacy and security aspects of the Reward Gateway (UK) Ltd platform please also visit http://trust.rewardgateway.com which provides comprehensive and detailed information concerning the compliance and assurance status of the platform. 

--
Reward Gateway UK Limited (“Reward Gateway”, “we”, “us” or “our”) knows that you care how information about you is used and shared and we are careful to ensure that any such information that comes into our possession is properly looked after. This Privacy Policy sets out the basis on which any personal data we collect from or about you on our website, www.rewardgateway.co.uk, will be processed by us. It also sets out the steps that we take to ensure that any information provided to us is kept secure and is used only for the purposes for which it is provided.

We will be the data controller of your personal data which you provide to us or which is collected by us via our website. This means that we are responsible for deciding how we hold and use personal information about you and that we are required to notify you of the information contained in this Privacy Policy. It is important that you read this Privacy Policy so that you are aware of how and why we use your personal information and how we will treat it.

Reward Gateway has appointed a Data Protection Team, who can be contacted using the details at the end of this Notice should you have any questions, complaints or feedback about your privacy.

You can also contact us using the details provided at the end of this Privacy Policy in the “Contacting Us” section.

Personal Information

When you communicate with us via our website, for example, by submitting a query, requesting a demo, subscribing to our blog, commenting on a blog post or using the chat function, we will collect the personal information that you provide to us for that purpose. You don’t have to give us any of this personal information but, if you don’t provide us with certain information, we may not be able to provide you with the information or service you have requested from us. The forms you fill in on our website will make it clear what information we need in order to provide the information or service you are requesting and what information you can choose to provide if you wish.

We will also collect technical information about your equipment, browsing actions and patterns to serve more relevant content to you on the site. We collect this personal data by using cookies, server logs and other technologies and full details as to how we use cookies can be found in our Cookie Policy.

We will only use your personal data to send you our newsletter and blog updates where you have consented to us doing so. Otherwise, we will collect and process the information set out above about you on the basis that it is in our legitimate interests to use your data for the purposes set out below, and those interests are not overridden by your interests and fundamental rights. 

Much of the information we hold will have been provided by you, but some may come from other internal sources, such as a Sales representative, or in some cases, external sources, such as marketing or event management agencies. We will combine information we receive from other sources (as set out in this Notice) with information you give to us. We will only use this information and the combined information for the purposes set out in this Notice.

Purposes for which Personal Information may be used

The personal information that you provide to us or which we collect about you via our website will be used only for the following purposes:

  1. To provide information or services to you as requested by you.
  2. To the extent permitted by law, to let you know about information and services from Reward Gateway in which you may be interested including via our newsletter.
  3. To review and understand the content on our website which users are most interested in.
  4. To improve the content of our website.
  5. To customise the content and /or layout of the website for each individual user.
  6. To notify you about updates to the website.

Automated Decision Making

We do not carry out any solely automated decision-making using your personal information. 

Change of Purpose

We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose and permitted under data protection laws. If we need to use your personal information for an unrelated purpose, in most cases we will notify you and we will explain the legal basis which allows us to do so.

Disclosure

As of the date of this Privacy Policy, we share your personal data with the following trusted third parties for the purposes of managing our business and providing the information and services you request from us:

  1. Member of the Edenred SE group of companies including RG Engagement Group Ltd, Reward Gateway (Australia) Pty Ltd, Reward Gateway (USA) Inc, International Benefits Holdings Ltd., Asperity Employee Benefits Group Ltd, our group companies;
  2. Google Analytics, our web analytics provider;
  3. CrazyEgg, an analytics service provider;
  4. Hubsoft, our lead generation provider;
  5. Drift, our chat provider;
  6. Bizzabo, our event management platform provider; 
  7. WorkCast, our webinar software; and
  8. Salesforce, our customer and prospect record management system provider.

When we do share your data with these third parties we only provide the information they need to perform the service. We have written contracts in place with them to ensure they only use your data for the purpose we specify to them and that your privacy is secure and respected.

We will also disclose your personal information to third parties:

  • -in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
  • -if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; and/or
  • -if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use and other agreements; or to protect the rights, property, or safety of us, our users, customers and providers. This will include sharing your information as part of a legal or official investigation if legally required to do so.

International Transfers

Reward Gateway's commitment to data security and privacy is paramount. We host all our personal data in Ireland and Germany in a highly secure environment, ensuring it remains within the European Economic Area (EEA). Adhering to strict data protection regulations, we do not allow any technical access to personal data concerning citizens of the EEA from outside the EEA. 

However, we engage with a select few US based technology providers as part of our workflow. These providers have undergone rigorous assessments and are carefully chosen to ensure they meet or exceed our high standards for data security and full compliance with our privacy and data protection commitments.

We can supply a copy of the EU Standard Contractual Clauses to you on request.

Retention of Information

Unless we need to keep your data for legal purposes (such as to defend against a legal claim), we will only retain your personal information for 24 months from your last interaction with us, for example, when you opted in or when you submitted a query on our website.

Protection of Information

We have implemented appropriate technology safeguards, security policies and other measures to protect data under our control from unauthorised access, improper use, alteration, unlawful or accidental destruction or accidental loss. These include being ISO 27001 certified, implementing suitable access controls, and ensuring that encryption and hashing are used and robust physical security controls are in place. We also protect your information by requiring that all our employees and others who have access to or are associated with the processing of your data respect your confidentiality.

Your Rights

Data protection laws provide you with the following rights to:

  • request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
  • request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
  • request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
  • request the restriction of processing of your personal information, for example if you want to establish its accuracy or the reason for processing it; and
  • obtain a copy of the personal information you’ve provided us with and to reuse it elsewhere or to ask us to transfer it to a third party of your choice.

You also have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object to where we are processing your personal information for direct marketing purposes.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Where we rely on your consent to process your personal data, for example in relation to any direct marketing we provide to you, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent in relation to direct marketing, please contact us using any of the details set out below in the “Contacting Us” section.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance.

Changes to our Privacy Policy

If we decide to change our Privacy Policy we will post the changes here and, where appropriate, notify you by email. Please check back frequently to see any updates or changes to our Privacy Policy.

Contacting Us

If you have any queries, comments or requests regarding this Privacy Policy or you would like to exercise any of your rights set out above, you can contact us in the following ways:

  • by email at privacy-requests@rewardgateway.com or;
  • by post at Reward Gateway (UK) Ltd, 265 Tottenham Court Road, London, W1T 7RQ.
  • 28/02/2024