Stored Value Solutions UK Limited Privacy Policy
This version in effect since [May 22, 2020].
Stored Value Solutions UK Limited (“SVS”, “we”, or “us”) is committed to protecting and respecting your privacy. We partner with merchants and other partners to sell and distribute gift cards on their behalf and to support their loyalty programmes and promotions. When you purchase or redeem gift cards through our service (Buyatab), you will be entering into an agreement with us in respect of that purchase.
This policy sets out the basis on which SVS will use and disclose any personal information that you provide to us, or we collect from you, as a user of our services and our website (collectively, our “Services”).
Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.
This Policy covers the following areas:
- HOW DOES SVS WORK?
- THE INFORMATION WE COLLECT ABOUT YOU
- COOKIES
- WHY DOES SVS PROCESS MY PERSONAL INFORMATION AND WHAT ARE SVS’S LEGAL BASIS FOR DOING SO?
- DISCLOSURE OF YOUR INFORMATION
- HOW DOES SVS SEND INFORMATION OUTSIDE OF MY COUNTRY?
- WHAT ARE MY PRIVACY RIGHTS?
- EUROPEAN VISITORS
- CALIFORNIAN VISITORS
- YOUR RESPONSIBILITY FOR PRIVACY
- SECURITY OF YOUR PERSONAL INFORMATION IS IMPORTANT TO US
- OPTING OUT
- HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
- LINKED SITES
- CHANGES TO OUR PRIVACY POLICY
- CONTACT
1. HOW DOES SVS WORK?
Our Service enables users like you to place orders for gift cards from the merchants, companies, and organizations with whom we do business (“Merchants”) for delivery to yourself, other people, or entities (“Recipients”).
Our Services can be embedded on the websites, mobile apps, and social media sites of our Merchants. They are powered by Buyatab, our affiliate company. When you use our Services on those sites, your personal information will also be collected by the Merchants responsible for that site, which they can then use for their independent purposes. Where this is the case the Merchant will be responsible for their processing of your personal information as an independent data controller. Their collection, use, and disclosure of your personal information will be governed by their own privacy policy which will be available to you on the Merchant’s site. Please see section 5 (Disclosure of your information) for more information.
This Policy will continue to apply in respect of our handling of your personal information.
2. THE INFORMATION WE COLLECT ABOUT YOU
Information you give us
You choose to give us certain information when using our Services, or by corresponding with us by phone, e-mail, or otherwise.
This includes:
- Your name and contact details: you provide us some basic details necessary for the Service to work, such as your name, address, e-mail address, and phone number.
- The Recipient’s name and contact details: If you purchase a gift card on behalf of another, we will ask you to provide their name, address, e-mail address, and phone number.
- Your content: such as personal message(s); photograph(s), images, or any other content that you chose to provide when completing your purchase.
- Payment/transaction details: When you complete a purchase you provide us or our payment service provider with information, such as your order transaction details, and the payment method and information you prove at the time of purchase, such as your debit or credit card number and any other applicable financial information.
- Customer service: If you contact our customer service team, we collect the information you give us during the interaction. Sometimes, we monitor or record these interactions for training purposes and to ensure a high quality of service.
Before submitting personal information in respect of another, please consider whether you would have authority to do so, or may be prevented from doing so, for example by restrictions in your country on providing information relating to minors or vulnerable persons.
Information we receive from others
In addition to the information you provide us directly, we receive information about you from others, including:
- Our customers: may choose to provide us with information about you, when you are the intended recipient of the gift card being purchased. If this is the case, we will receive your name, address, e-mail address, and phone number.
- Our Merchants: we do not routinely receive information about you from Merchants when you use our Services. We will receive personal information:
- directly from you when our Services are embedded on the websites, mobile apps, and social media sites of our Merchants. See section 1 (How does SVS work) for additional information;
- from Merchants who use our gift card services and systems in connection with their promotions or competitions. When an order is placed on your behalf, or made available to you in these circumstances, we will receive your name and contact details as listed above, for distribution purposes.
- Information we receive from other sources: We may also receive information about you if you use or visit any internet sites or services that use our Services. For example, we have partnered with a number of Merchants and third parties (“Channel Partners”), to make our gift cards available for purchase, or exchange for loyalty points. When you interact with those products or services to purchase a gift card we will receive yours and the recipient’s name and contact details, content, payment and transaction details, and interactions with customer service.
Information collected when you use our services
- Device information: we collect information from and about the device(s) you use to access our services, including:
hardware and software information such as IP address, device type and identity, login information, browser type, version and language, time zone setting, browser plug-in types and versions, operating system and platform; and identifiers associated with cookies or other technologies that may uniquely identify your device or browser (e.g., IMEI/UDID and MAC address);
- Usage information: we collect information about your visit including the full URL (Uniform Resource Locators) clickstream to, through, and from our Services (including date and time); products you viewed or searched for; page response times, download errors, and length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page; and any phone number or email address used to contact our customer service specialists.
3. COOKIES
We use and may allow others to use cookies and similar technologies (e.g., web beacons, pixels) to recognize you and/or your device(s). We only use these technologies to store basic information and never to store any password or credit card information.
Some of these cookies are essential to our service, for example by allowing you to complete the checkout process, or preventing fraud. Others are functional/performance related (to improve the operation of our website) or analytical nature allowing us to better understand how you use our Services.
You can find more information about the individual cookies we use, the purposes for which we use them, and how you can better control their use in our Cookie Notice.
You can set your browser to accept or reject all specific cookies. You can also set your browser to alert you each time a cookie is presented to your device or opt out of Google Analytics by installing Google’s opt-out browser add-on. You can delete cookies that have been stored on your device, but if you prevent us from placing cookies on your device, or if you subsequently delete a cookie, it may not be possible for you to use our Services effectively.
4. WHY DOES SVS PROCESS MY PERSONAL INFORMATION AND WHAT ARE SVS’S LEGAL BASIS FOR DOING SO?
We will only use your personal data if we have a proper reason to process it and the law allows us to do so. When we process your personal information this will usually be:
- To provide our service/perform our contract
The main reason we process your personal information is to perform the contract that you have with us, i.e. the provision of gift card services.
- Legitimate interests
We may use your personal information where we have legitimate interests to do so. For example: (i.) to comply with non-statutory payment network and chargeback rules; (ii.) to analyse users’ behaviour to improve our content and services; (iii.) and for administrative, fraud detection and other legal purposes.
- Legal obligation
In some cases, applicable laws may require us to process certain information about you.
- Consent
We may ask for your consent to use your personal information for certain specific reasons, or if you are a non-EEA or UK user we may rely on your consent to process your personal data when you choose to use our services. You may withdraw your consent at any time by contacting us at the address provided at the end of this Policy.
The table below sets out all the ways in which we plan to use your personal data, which of the legal bases we rely on to do so and, where relevant, what the legitimate business interests are. There may be more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us at privacy@SVS.com if you want to know which specific legal basis we are relying on where more than one is set out in the table below.
What we use your information for? | What information we actually use | The reason we use your information |
1. To provide the service | ||
This includes: | As more particularly described in section 2 of the Policy: | • To provide our service/platform our contract with the customer; |
2. To share information with our Merchant and third party partners | ||
When Merchant or Third Party branded gift cards are purchased, or made available to you through our Services, we will share your personal information with that party. This is because our service is considered to be a continuation of your customer journey with them – in particular their customer loyalty, gift card and promotional offerings. | As more particularly described in section 2 of the Policy: | • To provide our service/platform our contract with the customer; |
3. To improve our services | ||
• To ensure that content from our Services are presented in the most effective manner for you and your device | As more particularly described in section 2 of the Policy: | • Consent for the use of purley functional or analytical cookies and similar technologies to improve your user experience and our Services |
4. To suggest products/services which may be of interest to you | ||
• to provide you with information about other goods or services that are similar to those that you have already purchased or enquired about | As more particularly described in section 2 of the Policy: | • Subject to national marketing rules, our legitimate interests (developing our products/services, growing our business) when you haven’t opted out of receiving marketing |
5. To comply with payment network rules and regulations | ||
• We retain payment and transaction details in order to comply with statutory and industry payment and credit card rules. These allow us to handle chargeback requests, for example if you were to dispute a transaction. | As more particularly described in section 2 of the Policy: | • Where required by applicable laws, and as necessary to ensure legal compliance, or to assist law enforcement; or |
6. To prevent, detect and fight fraud or other illegal or unauthorized activities; and to keep our services secure | ||
• To perform analysis to better understand and design countermeasures against these activities and retain personal information related to fraudulent activities to prevent against recurrences | As more particularly described in section 2 of the Policy: | • Where required by applicable laws, and as necessary to ensure legal compliance, or to assist law enforcement; or |
7. To ensure legal compliance | ||
To comply with legal requirements, assist law enforcement and enforce or exercise our rights, for example our terms and conditions. | As more particularly described in section 2 of the Policy: | • Processing is necessary for compliance with a legal obligation to which we are subject; |
5.DISCLOSURE OF YOUR INFORMATION
With Merchants and Recipients
To which the gift card relate to fulfil your order.
Branded gift cards
Our services commonly involve partnering with merchants and other third parties, to support their gift card, loyalty programme and promotional offerings. When you purchase or redeem a branded gift card through our services, our partners see this as a continuation of your customer journey with them. As such, we will share your personal information with the Merchant or other third party brand in question, as if they were the party providing the gift card services. In these instances, your information is shared for a variety of reasons, including:
- to report on the performance of our gift card services;
- as part of your customer relationship with the Merchant or third party partner in question;
- to assist the Merchant or third party with the coordination of or your membership in their loyalty programmes, and promotions;
- for customer service and marketing communications.
Please see the Merchant’s (or other third party’s) privacy notice for additional information.
With our service providers and partners
We use third parties, as service providers on our behalf, to help us operate and improve our services. These third parties assist us with various tasks, including customer care, security operations, data storage, technical, infrastructure, platform, or applications services, payment processing or order fulfilment services, analytics and service optimization.
A list of these third parties is available on request.
With other businesses in our Group
We may share your personal information with members of our group, which means our subsidiaries and related companies. We do this so they can assist us in processing your personal information, as service providers on our behalf. This includes technical processing operations, such as personal information hosting and maintenance, customer care, marketing, finance and accounting assistance, better understanding how our service is used and users’ behaviour to improve our service, securing our personal information and systems and fighting against spam, abuse, fraud, infringement and other wrongdoings.
We may also share information with our other group entities for legitimate business purposes such as audit, analysis and consolidated reporting as well as compliance with applicable laws. A list of these group entities is available on request.
We may also disclose your information to third parties in the following circumstances:
- In the event that we decide to sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets.
- If substantially all of our assets are acquired by a third party, in which case personal information held will be one of the transferred assets.
- As required or permitted by law or in order to comply with legitimate governmental requests, subpoenas, court orders, or legal obligations; or in order to enforce or apply the terms and conditions of our Services or other agreements; or to protect the rights, property, or safety of SVS, our customers, or other parties. This includes exchanging information with other companies and organizations for the purposes of fraud detection and prevention and risk control.
With your consent or at your request
We may ask for your consent to share your personal information with third parties. In any such case, we will make it clear why we want to share the information.
Anonymised information
We may also provide aggregated (anonymised) information to third parties to provide them with aggregate level information about our users, for example we may share such data with other group companies, and with market researchers, advertisers or other third parties.
6. HOW DOES SVS SEND INFORMATION OUTSIDE MY COUNTRY
Stored Value Solutions UK Limited is part of the wider SVS Group. The SVS Group is Vancouver, British Columbia, Canada-based and our Merchants, suppliers, and subcontractors may be located worldwide.
In the event that we share your personal information with our Merchants, suppliers, or subcontractors as described in this policy, your information will be processed and stored in the country where they are located. When we send your personal information outside of your country we have in place adequate safeguards which allow us to do so. This includes EU standard contract clauses approved by the UK or European Commission or other suitable safeguard to permit personal information transfers from the UK or European Economic Area (“EEA”) to other countries.
By way of example, all personal information processed as part of the services, will be held securely by our US based and privacy shield certified cloud storage provider, and accessed by SVS in Canada, a country satisfying data adequacy requirements.
Personal information may be subject to disclosure under the laws of jurisdictions where the personal information is stored or handled and it may be accessible to law enforcement and national security authorities of those jurisdictions.
For information about SVS’s use of suppliers and subcontractors, please contact us at the address provided below.
7. WHAT ARE MY PRIVACY RIGHTS
In certain circumstances, for example if you are a UK or EEA resident, you may exercise the rights available to you (with some exceptions and restrictions) under applicable data protection laws as follows:
- If you wish to access, correct, update or request deletion of your personal information.
- You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
- If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. This may mean your access to certain services is restricted or denied as a result. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
You can exercise your rights at any time by contacting us using the contact details below.
We respond to all requests we receive from users in accordance with applicable data protection laws. We may ask you to provide proof of identity before we can answer the above requests.
8. EUROPEAN VISITORS
The data controller is SVS Online Inc., B1 – 788 Beatty Street, Vancouver, BC, V6B 2M1 Canada.
Our Privacy Officer can be reached by e-mail at privacy@SVS.com.
The data that we collect from you, including your personal data, will be transferred to, and stored, in countries outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or subcontractors. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details, and the provision of support services. By submitting your personal data, you acknowledge that your personal information will be transferred, stored, and processed outside the EEA, as required to provide you with the Services. We will take steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. For more information please see section 6 (How does SVS send information outside of my country?)
9. CALIFORNIA VISITORS
SVS does not sell or share personal information with third parties for their marketing purposes. Pursuant to the California Consumer Protection Act, under certain circumstances, California consumers have the right to request that SVS disclose or delete the specific pieces of personal information SVS collected about that consumer.
If you are a California consumer, you may submit a request for this information or for deletion of this information by e-mail at privacy@SVS.com. If required to do so, SVS will respond to your request in the manner and time provided for in the California Consumer Protection Act.
California Sensitive Information Disclosure: The table below describes the categories of sensitive personal information (as defined under California law) we collect and why. It also indicates whether we “sell” or “share” such information (as those terms are defined under California law). We do not “sell” sensitive personal information for purposes of cross-context behavioral advertising. We may share information as described below.
Category of Sensitive Personal Information | Purposes for which Information is Collected | Is information sold or shared for the purpose of cross-context behavioral advertising? |
Social security, driver’s license, state identification card, or passport number. | · Determining eligibility for employment · General human resources administration · Facilitating business travel · Providing products or services requested by customers · Detecting and preventing fraud · Complying with legal obligations and regulations · Conducting recordkeeping | No |
Racial or ethnic origin | · Reporting certain demographic workforce data to federal, state and/or local government agencies as required or permitted by applicable law · Promoting diversity, equity, and inclusion within the company | No |
Contents of a consumer’s email, and text messages unless the business is the intended recipient of the communication | · Managing network and IT systems security · Monitoring use of IT and communication systems · Ensuring compliance with internal policies and procedures · Protecting confidential information, intellectual property and other business interests · Investigating unlawful or improper acts | No |
Health | · Administering and maintaining employee benefits · Ascertaining employee fitness to perform job duties with or without reasonable accommodation · Managing absences from work · Complying with legal obligations related to health and safety | No |
10. YOUR RESPONSIBILITY FOR PRIVACY
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Subject to our responsibility as data controller, you are ultimately responsible for maintaining the secrecy of your password and/or any personal information in your possession. Always be careful and responsible regarding your personal information.
11. SECURITY OF YOUR PERSONAL INFORMATION IS IMPORTANT TO US
SVS takes commercially reasonable steps to ensure that personal information is kept safe from loss, unauthorized access, modification, or disclosure. Among the steps we take in order to protect your information are:
- premises security;
- restricted data access to personal information;
- deploying technological safeguards like security software and firewalls to prevent hacking or unauthorized computer access; and
- internal password and security policies.
Except where we are required by law to disclose personal information, we will use contractual arrangements to protect personal information disclosed to third parties.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information during transmission to our services, or the internet sites & services that use our Services;. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
12. OPTING OUT
You may wish to opt out of receiving certain information and marketing or promotional materials from us. You may do so by using the unsubscribe mechanism provided in the message or by contacting us at the address set out below.
13. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
Personal information will be retained in accordance with this policy for as long as may be necessary or relevant for the purpose of collection, or as may be required or permitted by law. Where we retain information for a longer period (we may keep your personal information for of up to 7 years (or longer where the law says we have to)) we will only do so as necessary to:
- respond to any questions or complaints in connection with an order. For example, we retain payment information to facilitate credit card sales disputes and chargeback requests (see section 4 for additional information); or
- comply with the rules on accounting, reporting or any other law.
14. LINKED SITES
Our Services may, from time to time, contain links to and from the internet sites & services of other parties. If you follow a link to any of these internet sites & services, please note that these parties may have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to other internet sites & services.
15. CHANGES TO OUR PRIVACY POLICY
Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you via e-mail.. The effective date of changes to this policy will be noted above so that you can be fully informed about our privacy policies and practices. Please check back frequently to see any updates or changes to our Privacy Policy.
16. CONTACT
Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to our Privacy Officer at privacy@SVS.com.