Introduction

Benefits Cloud is provided by Petaurum Solutions Ltd.  This privacy policy sets out the privacy practices for Benefits Cloud, as provided by Petaurum Solutions Ltd, a company incorporated in England & Wales with company number 08079274 and having its registered office at 9 De Montfort St, Leicester, LE1 7GE, United Kingdom ("we", "us", "our"). Our website is https://www.benefitscloud.co.uk (the "Website") and all associated sub-domains.

This Privacy Policy applies only to your use of Our Sites. It does not extend to any websites that are linked to from Our Sites (whether We provide those links or whether they are shared by other users). We have no control over how your data is collected, stored or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.

In order to provide our services to you and to promote our business, we will need to collect and process certain personal information about you.

We are committed to protecting the privacy and security of your personal information, in accordance with the applicable data protection laws, including the General Data Protection Regulation, together the “Data Protection Laws”. This privacy policy describes how we collect and use personal information about you during and after our relationship with you and your employer or the Club / Association (as defined in paragraph 1 below), as appropriate.

If you have any questions at all about this policy or the Website, or about how we use and process your personal information, please do not hesitate to contact us by e-mail at [email protected] or, alternatively, in writing to Petaurum Solutions Ltd, Kemp House, 152 – 160 City Road, London EC1V 2NX, United Kingdom.

If we change our privacy policy we will post the changes on this page and may place notices on other pages of the Website, so that you may be aware of the information we collect and how we use it at all times. Continued use of the Website will constitute your agreement to any such changes.

 

Sections

  1. Our role
  2. What information we collect
  3. Lawful basis and purposes of processing of your personal information
  4. Uses made of the information
  5. Disclosures of the information
  6. Links
  7. Direct mailings
  8. Keeping your data secure
  9. Transfers of your information out of the EEA
  10. Retention Periods
  11. Your Right to Withhold Information and Your Right to Withdraw Information After You Have Given it
  12. Summary of Your Rights under GDPR
  13. Contact us or the ICO
  14. What Happens If Our Business Changes Hands?

 

1. Our role

In order to enable us to set up your account on our Website and provide our services to you via our Website, we have been provided with certain personal data by either your employer (if you are part of an employee benefit scheme) or the organisation which has offered you the rewards and benefits (the “Club / Association”) has provided us with certain personal data about you, including your name and email address. We also collect certain other personal information about you, as described further in this privacy policy. 

If you do not already have a relationship with us, we may hold limited personal information about you so that we may contact you to promote our products and/or services.

For the purposes of the applicable Data Protection Laws, Petaurum Solutions Ltd is the data controller of your personal data collected in connection with your use of our Website.

Back to top

 

2. What information we collect

In addition to the information provided to us by your employer or the Club / Association, we will collect certain personal information about you when you activate your account or fill in forms on our Website, or when you contact us by phone, e-mail, online chat or otherwise.

We will, therefore, hold the information provided by your employer or the Club / Association to create your user profile and further information you provide to us.

We may also require certain information from you when you make a purchase on our Website, or redeem a benefit, enter a promotion, competition or survey and/or when you report a problem with our Website.

When you submit personal information in connection with making a payment via the Website, such personal information is encrypted and protected with encryption software that lets your browser automatically encrypt data before you send it to us. While on a secure page the padlock icon on the address bar of Web browsers such as Google Chrome or Microsoft Edge becomes locked.

With regard to each of your visits to our Website we will automatically collect the following information:

  • if you are using our Website as a registered user, we will collect information about your log-on credentials.
  • technical information, including the internet protocol (IP) address used to connect your computer or mobile device to the internet, type of mobile device you use, a unique device identifier, mobile network information, your login information, browser type and version you use, browser plug-in types and versions, operating system and platform;
  • information about your visit to our Website, including the full uniform resource locators (URL) clickstream to, through and from our Website (including date and time); pages you viewed or information you searched for; page response times, download errors, length of visits to certain pages; and
  • details of your visits to other websites via our Website.

We also work with third parties (including, for example, electronic analytics, business partners, sub-contractors in technical and payment services, advertising networks, analytics providers, search information providers) and may receive certain information about you from them.

When we wish to send you information about our services, and you do not currently use our services, we may collect your contact details, for example, your name, email address and job title.   This information may be provided directly by you, when you express interest in our website, or may be obtained through third parties.

We use cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you use the Website and also allows us to improve our Website. For detailed information on the cookies we use and the purposes for which we use them, see our cookie policy.

Back to top

 

3. Lawful basis and purposes of processing of your personal information

All personal data is stored securely and processed in accordance with the Data Protection, Privacy and Electronic Communications Regulation 2019 (UK GDPR) and where applicable, the EU GDPR. We collect information about you so that we can:

  • identify you and manage your account on our Website;
  • process your transactions;
  • liaise with your employer, Club / Association, our suppliers and group companies;
  • administer our contract with you and with your employer or the Club / Association;
  • improve our services;
  • promote our business and market our services;
  • manage our business, including for accounting and auditing purposes;
  • conduct our regular reporting activities on the performance of our company, in the context of a business reorganisation or group restructure;
  • maintain our IT systems and manage hosting of our data;
  • deal with legal disputes involving  you, your employer, the Club / Association or our suppliers;
  • prevent fraud; and
  • comply with our regulatory obligations.

We will only use your personal information when the law allows us to, i.e. when it is necessary to:

  • perform our obligations towards you and/or your employer or the Club / Association, as set out in this policy
  • comply with our legal and regulatory obligations;
  • pursue our legitimate interests (e.g. conducting our business in an efficient, compliant and profitable manner and the overall promotion of the business), and where your interests and fundamental rights do not override these interests. It may also become necessary to process your personal data for a legitimate interest of a third party, such as your employer or the Club / Association. We will also rely on our legitimate interests for the proper administration of our Website, and to manage our operations (for example, maintaining appropriate records and databases).

If you have provided us with your individual contact details (for example, your personal email address), we will rely on your consent to send you electronic communications such as our newsletters and emails with information about our products and/or services.  If we hold your business contact details (for example, your work email address), we will rely on legitimate interests of the business to send you electronic communications, but we will always provide you with an option to opt out from future communications of this kind. See the “Direct mailings” section below for more details.

Some of the above grounds and purposes for processing will overlap and there may be several grounds which justify our use of your personal information.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Back to top

 

4. Uses made of the information

We use your data to provide the best possible services to you. This includes:

  • communicate with you in response to a specific action performed by you on our Website, for example when you experience an issue when buying or redeeming a benefit;
  • to provide you with support in using our Website;
  • to provide you, or enable selected third parties to provide you, with information about goods or services we or they offer. For more details see “Direct Mailings” section;
  • to notify you about changes to our services, our terms and conditions of use of the Website or this privacy policy; and
  • to ensure that content from our Website is presented in the most effective manner for you and for your computer and/or your mobile device.

We will use the information we collect about your use of our Website:

  • to administer our Website for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our Website to ensure that content is presented in the most effective manner for you and for your computer and/or your mobile device;
  • to help us improve and personalise our services;
  • to allow you to participate in interactive features of our Website when you choose to do so;
  • as part of our efforts to keep our Website safe and secure;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
  • to make suggestions and recommendations to you and other users of our Website about goods or services that may interest you or them.

In some cases, the collection of data may be a statutory or contractual requirement, and We will be limited in the products and services We can provide you without your consent for Us to be able to use such data.

With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email with information, news and offers on Our services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015.

Under UK GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following lawful grounds may applies:

  • you have given consent to the processing of your personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which we are subject;
  • processing is necessary to protect the vital interests of you or of another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
  • processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Where this may be the condition used to process data, we may conduct a Legitimate Interest balancing test.

Back to top

 

5. Disclosures of your Information

We do not sell or share your personal data with third parties for them to use for marketing purposes.

We may allow our staff, consultants and/or external service providers acting on our behalf, and our provider of payment services, to access and use your personal data for the activities we have described above.  We only permit them to use it to deliver the relevant service, and if they apply an appropriate level of security protection.

We will share your personal information with the following third parties:

  • other companies within our group;
  • our agents and service providers;
  • your employer or the relevant Club / Association (where applicable)
  • our regulators;
  • law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
  • in the context of the possible sale or restructuring of our business.

We require third parties to respect the security of your data and to treat it in accordance with the law. All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We also reserve the right to disclose the information collected about you to our professional advisors and/or if we, in good faith, believe it necessary to protect the personal safety of users or the public.

We may share aggregated demographic information with our partners, clients and advertisers. This is not linked to any personal information that can identify any individual person.

We may partner with another party to provide specific services. When you sign up for these services, we will share names or other contact information that is necessary for the third party to provide these services.

These parties are not allowed to use any personally identifiable information except for the purpose of providing these services. We may also use such aggregated information and statistics for monitoring the Website usage in order to help us develop the Website and our services and may provide such aggregate anonymous information to third parties.

Back to top

 

6. Links

The Website contains links to other websites. Please be aware that we are not responsible or liable for the privacy practices of other websites. We encourage you to be aware when you leave the Website and to read the privacy policies of each and every website that collects personally identifiable information. This privacy policy applies solely to information collected by us on the Website.

Back to top

 

7. Direct mailings

We may occasionally send out newsletters, offers or alerts to our members and to other business contacts. We may also wish to provide you with information about special features of our Website or any other service or products we think may be of interest to you. 

Where required by the Data Protection Laws (for example, if you have provided your personal contact information) we will send you such information only if you have specifically elected to receive it. You can opt-out from receiving such communications at any time – please see “Your rights” section below.  From time to time the Website may request information from you via surveys or contests. Participation in these surveys or contests is completely voluntary and you, therefore, have a choice whether or not to disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as postcode or age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use of and satisfaction with this Website.

Back to top

 

8. Keeping your data secure

We only keep your data for as long as We need to in order to use it as described below in section 10, and/or for as long as We have your permission to keep it. In any event, We will conduct an annual review to ascertain whether we need to keep your data. Your data will be deleted if we no longer need it in accordance with the terms of our Data Retention Policy.

Your data will only be stored in the UK or within the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein).

Data security is of great importance to Us, and to protect your data We have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through Our Site.

Steps We take to secure and protect your data include:

  • Firewall to all external facing service.
  • Encryption of Data

Notwithstanding the security measures that We take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to Us data via the internet.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Back to top

 

9. Transfers of your information out of the EEA

We may need to transfer your personal data outside the European Economic Area (EEA), for example, if one of our suppliers or group companies is located outside the EEA. We will ensure that any supplier or groups provide full assurance that any transfer of your data will be subject to appropriate safeguards, such as a European Commission approved contract (if appropriate) that will ensure you have appropriate remedies in the unlikely event of a security breach.

Back to top

 

10. Retention periods

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer our customer, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.

When you submit information via Our Sites, you may be given options to restrict Our use of your data. We aim to give you strong controls on Our use of your data (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails.

You may also wish to sign up to one or more of the preference services operating in the UK The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

Back to top

 

11. Your Right to Withhold Information and Your Right to Withdraw Information After You Have Given it

You may access certain areas of Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.

You may restrict your internet browser’s use of Cookies.

You also have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at: [email protected] You can always unsubscribe from our email communications at any time by following the unsubscribe link in our email communications, or by updating your email preferences on your profile on our Website.

You may withdraw your consent, if consent is the condition replied upon, for Us to use your personal data as set out in section in 4 at any time by contacting us using the details set out in this section, and We will delete Your data from our systems. However, please note that we may not be able to provide our services and we may need to deactivate your account on our Website. 

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please let your employer or the Club / Association and/or us know if your personal information changes during your relationship with us.

Back to top

 

12. Summary of Your Rights under GDPR

Under the GDPR, you have:

  • the right to request access to, deletion of or correction of, your personal data held by Us;
  • the right to complain to a supervisory authority;
  • be informed of what data processing is taking place;
  • the right to restrict processing;
  • the right to data portability;
  • object to processing of your personal data;
  • rights with respect to automated decision-making and profiling (see section 14 below).

To enforce any of the foregoing rights or if you have any other questions about Our Site or this Privacy Policy, please contact Us using the details set out in section 15 below.

Back to top

 

13. Contact us or the ICO

If you have any concerns or complaints about our privacy activities, you can contact us on [email protected] You can also contact the Information Commissioner’s Office on 0303 123 1113.Our ICO reference number is ZA771373

For more details about your rights under the Act, the rules we have to adhere to in collecting and storing your information, and how you can check your data records, please visit https://www.gov.uk/data-protection/the-data-protection-act.

Back to top

 

14. What Happens If Our Business Changes Hands?

We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Data provided by users will, where it is relevant to any part of Our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use the data for the purposes for which it was originally collected by Us.

In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your data deleted or withheld from the new owner or controller.

Back to top

 

Date of last update: 15th October 2020