Privacy policy

Last updated: December 2023 🔏

i 3 Contents

INTRODUCTION AND SCOPE

This privacy policy (this “Policy”) describes how Kingsbridge Risk Solutions Ltd t/a rewardsme business Insurance (“rewardsme”) collects, handles, secures, shares and uses the personal data of users (“Users”) visiting our website or providing information to us through other channels, such as by phone or e-mail.

To receive this notice in another format (for example, audio, large print, braille) please contact rewardsme using the contact details in the section how to contact rewardsme.

 

WHAT PERSONAL DATA DOES REWARDSME PROCESS & HOW IS IT COLLECTED?

Personal Data Collected by rewardsme as a Processor and Controller

Users may provide the following types of personal data to rewardsme which may then be collected, used, stored and transferred in accordance with this Policy for the provision of insurance policy quotes, fulfillment of purchases and mid-term adjustments, and claims notifications:

Type of personal data

Personal data includes:

Type of personal data

Contact data

Personal data includes:

  • Physical address
  • Email address
  • Telephone numbers

Type of personal data

Identity data

Personal data includes:

  • First name
  • Last name
  • Title
  • Date of birth

Type of personal data

Marketing and Communications Data

Personal data includes:

  • Preferences in receiving marketing from rewardsme and its third parties
  • Communication preferences.

See our full cookie policy for more information.

The following types of personal data may be automatically logged when Users access and use the website, which rewardsme may then collect, use, store and transfer in accordance with this Policy:

Types of personal data

Personal data includes:

Types of personal data

Technical Data

Personal data includes:

  • Internet protocol (IP) address
  • Login data
  • Browser type and version
  • Time zone setting and location
  • Browser plug-in types and versions
  • Operating system and platform
  • Other technology on the devices used to access the website

Types of personal data

Usage Data

Personal data includes:

Information about how the website is used

Types of personal data

Personal data includes:

Types of personal data

Technical Data

Personal data includes:

  • Internet protocol (IP) address
  • Login data
  • Browser type and version
  • Time zone setting and location
  • Browser plug-in types and versions
  • Operating system and platform
  • Other technology on the devices used to access the website

Types of personal data

Usage Data

Personal data includes:

Information about how the website is used

rewardsme may also obtain Users’ personal contact data from other third parties including recruiters, accountancy firms or other partners.

 

HOW DOES REWARDSME USE PERSONAL DATA?

Personal Data Collected by REWARDSME as Controller

Purpose

Type of personal data

Lawful basis for processing

Details

Purpose

To monitor the use of our website.

Type of personal data

  • Technical Data

Lawful basis for processing

  • Legitimate interest
  • Consent

Details

To improve the functionality and content of our website.

Purpose

To create an account on the Website.

Type of personal data

  • Identity Data
  • Contact Data

Lawful basis for processing

  • Legitimate interest
  • Performance of a contract

Details

To enable Users to use the Website.

Purpose

To manage and protect rewardme’s business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

Type of personal data

  • Identity Data
  • Contact Data
  • Technical Data
  • Biometric Data

Lawful basis for processing

  • Legitimate interests
  • Necessary to comply with a legal obligation

Details

To manage rewardsme’s business and ensure the effective operation of our website.

To prevent fraud.

rewardsme may process Users’ personal data under more than one lawful basis depending on the specific purpose for which rewardsme is using the personal data. If a User has provided consent to processing and subsequently withdraws that consent, rewardsme may still process that User’s personal data where rewardsme has another lawful basis for doing so. Where more than one lawful basis has been set out in the table above, Users should contact rewardsme if they need details about the specific lawful basis that rewardsme is relying on to process their personal data.

Where rewardsme needs to collect personal data by law or under the terms of a contract that rewardsme has with a User and the User fails to provide that personal data when requested, rewardsme may not be able to perform the contract it has with the User.

 

Personal Data Obtained by rewardsme from Partners

Where rewardsme acts as a data processor on behalf of a partner, rewardsme will only process personal data in accordance with the agreement that rewardsme has with the partner.

Users should review the privacy policy provided to them by the partner or contact the partner for details about how the partner will collect and use the User’s personal data.

 

SHARING OF PERSONAL DATA

Personal Data Collected by rewardsme as Controller

rewardsme may share Users’ information with the following categories of third parties:

Third Party

Description

Third Party

Service Providers

Description

rewardsme’s service providers include third parties that provide rewardsme with services such as IT services, hosting services, administration services and other business process services. Such third parties will act as rewardsme’s processors.

Third Party

Professional advisors

Description

rewardsme may need to provide Users’ personal data to its professional advisers that provide services to rewardsme. rewardsme’s professional advisors include lawyers, accountants, bankers, auditors and insurers. Such third parties may act as rewardsme’s processors or independent controllers.

Third Party

Authorities

Description

rewardsme may be required to disclose personal data to regulatory authorities such as the Financial Conduct Authority.

Third Party

Group Companies

Other Third Parties

Description

rewardsme may share Users’ personal data with its group companies, and in such circumstances will ensure that all necessary protections are put in place as required by applicable law.

rewardsme may share Users’ personal data with third parties to whom it may choose to sell, transfer or merge parts of its business or its assets (including in relation to restructuring/insolvency situations). Alternatively, rewardsme may seek to acquire other businesses or merge with them. If a change happens to rewardsme’s business, then the new owners may use Users’ personal data in the same way as set out in this Policy.

Users’ personal data may be a transferred asset in any sale of all or part of rewardsme business.

rewardsme requires all its data processors and any other third party that rewardsme provides Users’ personal data to respect the security of Users’ personal data and to treat it in accordance with applicable law.

rewardsme does not allow its data processors to use Users’ personal data for their own purposes and only permits them to process Users’ personal data for specified purposes and in accordance with rewardsmes instructions.

 

MARKETING 

Users may receive marketing communications from rewardsme if they have requested such communications from rewardsme or if they have purchased goods or services from rewardsme and they have not opted out of receiving future marketing communications.

rewardsme will obtain Users’ explicit consent before it shares their personal data with any company outside of rewardsme’s group of companies for marketing purposes.

If a User does not wish to receive marketing information from rewardsme, the User can opt-out by contacting rewardsme using the contact details at section 11 below or by clicking the opt-out link in rewardsme’s electronic marketing communications.

 

INTERNATIONAL TRANSFERS

Users’ personal data will not be transferred outside of the United Kingdom or the European Economic Area without additional contractual or other measures that have been adopted or approved by the United Kingdom or the European Commission being taken.

 

SECURITY OF PERSONAL DATA

rewardsme maintains appropriate physical, technical, administrative, and organisational security measures to protect personal data from loss, misuse, and unauthorised access, disclosure, alteration, and destruction, including (where appropriate):

  • the pseudonymisation and encryption of personal data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

All of rewardsme’s employees, contractors and data processors who have access to, and are associated with, the processing of personal data are obligated to keep the personal data confidential and not use it for any other purpose than to carry out the services they are performing for rewardsme.

While rewardsme will use all reasonable efforts to safeguard Users’ personal data, use of the internet is not entirely secure and for this reason rewardsme cannot guarantee the security or integrity of any personal data that are transferred from Users or to Users via the internet.

 

RETENTION OF PERSONAL DATA

Personal Data Collected by rewardsme as Controller

rewardsme will only retain Users’ personal data for as long as necessary to fulfil the purposes rewardsme collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, rewardsme considers the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which rewardsme processes the personal data and whether rewardsme can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for personal data are available from rewardsme on request using the contact details in the section how to contact rewardsme.

 

Personal Data Collected by rewardsme as Controller

Users have the following rights, as data subjects, under applicable data protection laws in relation to their personal data:

User’s right

Description

User’s right

Request access to the User’s personal data.

Description

This enables the User to receive a copy of its personal data that rewardsme holds and to check that rewardsme is lawfully processing it.

User’s right

Request correction of the personal data that rewardsme hold about the User.

Description

The User can require rewardsme to correct any mistakes in the User’s personal data free of charge.

The User must provide rewardsme with enough information to identify the User (e.g. account number, username, registration details) and let rewardsme know the information that is incorrect and what it should be replaced with.

User’s right

Request erasure of the User’s personal data.

Description

This enables the User to ask rewardsme to delete or remove the User’s personal data where there is no permitted reason for rewardsme continuing to process it.

The User can ask rewardsme to erase the User’s personal data where:

  • the User does not believe that rewardsme needs the User’s personal data in order to process it for the purposes set out in this Policy;
  • if the User has given rewardsme consent to process the User’s personal data, the User withdraws that consent and rewardsme cannot otherwise legally process the User’s personal data;
  • the User objects to rewardsme processing and rewardsme does not have any legitimate interests that mean it can continue to process the User’s personal data; or
  • the User’s personal data has been processed unlawfully or has not been erased when it should have been.

User’s right

Object to processing of the User’s personal data.

Description

The User has the right to object where rewardsme is relying on a legitimate interest (or those of a third party) and the User feels the processing of its personal data impacts on its fundamental rights and freedoms.

The User also has the right to object where rewardsme is processing the User’s personal data for direct marketing purposes.

In some cases, rewardsme may demonstrate that rewardsme has compelling legitimate grounds to process the User’s personal data which override the User’s rights and freedoms.

User’s right

Request restriction of processing of the User’s personal data.

Description

This enables the User to ask rewardsme to suspend the processing of the User’s personal data in the following scenarios:

  • if the User wants rewardsmeto establish the accuracy of the personal data;
  • where rewardsme’s use of the personal data is unlawful but the User does not want rewardsmeto erase it;
  • where the User needs rewardsme to hold the personal data even if rewardsme no longer requires it as the User needs it to establish, exercise or defend legal claims; or
  • the User has objected to rewardsme’s use of the personal data but rewardsme needs to verify whether rewardsme has overriding legitimate grounds to use it.

User’s right

Request the transfer of the User’s personal data to the User or to a third party.

Description

The User can require rewardsmeto provide to the User, or a third party the User has chosen, the User’s personal data in a structured, commonly used, machine-readable format.

This right only applies to automated personal data that the User initially provided consent for rewardsme to use or where rewardsme used the personal data to perform a contract with the User.

User’s right

Withdraw consent at any time where rewardsme is relying on consent to process the User’s personal data.

Description

This will not affect the lawfulness of any processing carried out before the User withdraws its consent.

If the User withdraws its consent, rewardsme may not be able to provide the User with access to the Platform or certain functionalities. rewardsme will advise the User if this is the case at the time that the User withdraws consent.

To exercise any of the rights set out above, please contact rewardsme using the contact details provided in how to contact rewardsme below.  rewardsme will respond to any rights that a User wants to exercise within one month of receiving the request, unless the request is complex, in which case it may take longer.

rewardsme may need to request specific information from a User to help it confirm that User’s identity and that User’s right to access its personal data (or to exercise any of its other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. rewardsme may also contact the User to ask it for further information in relation to its request to speed up rewardsme’s response.

Please be aware that there are exceptions and exemptions that apply to some of the rights, which rewardsme will apply in accordance with the applicable data protection laws.

 

Personal Data Obtained by rewardsme from Third Parties and Other Partners

Users should review the privacy policy provided by the applicable third party or contact that third party for details about what rights the User has in respect of the personal data processed by that third party and how to exercise them.

 

FINANCIAL CONDUCT AUTHORITY

rewardsme is a trading name of Kingsbridge Risk Solutions Limited who are authorised and regulated by the Financial Conduct Authority. FCA firm reference number: 309149.

 

HOW TO CONTACT REWARDSME

To ask any questions regarding this Policy or to exercise any rights, please contact the rewardsme Data Privacy Officer using the following contact details:

Address: 9 Miller Court, Tewkesbury, Gloucestershire, GL20 8DN

Telephone: 01684 217141

Email: gethelp@rewardsme.co.uk

 

AMENDMENTS TO THIS POLICY

rewardsme reserves the right to change, modify, add or remove portions of this Policy from time to time and in its sole discretion but will update Users that changes have been made by indicating on this Policy the date it was last updated.