This privacy and cookie policy (the “Policy”) describes the personal data collected or generated (“processed”) when you use www.CertifiedRewards.com (the “Site”).

This Policy describes the types of personal data collected and how your personal data is used, shared and protected. It also explains the choices you have relating to your personal data and how you can contact us.

It is important that you read this Policy together with any other privacy notice or fair processing notice that we may provide at or around the time that we collect or process personal data about you so that you are fully aware of how and why we are using that data. This Policy supplements the other notices and is not intended to override or replace them.

Please note that the Site is not intended for children (those aged 13 and under) and we do not knowingly collect data relating to children.

For ease of reading, we have divided this Policy into several sections:

  1. Who we are
  2. What information will Certified Rewards collect about me and how is it collected
  3. How will Certified Rewards use the information it collects about me?
  4. Why is Certified Rewards allowed to use my information in this way?
  5. How long will you keep my personal data?
  6. Do you share my data with any other organisations?
  7. Your rights
  8. When will Certified Rewards contact me?
  9. Web browser cookies
  10. Apps and Devices
  11. Contact Details
  12. How to complain

This Policy was last updated on April 25th 2018

Who we are

Certified Rewards and the Site are operated by Certified Rewards Limited, operating from Unit 19.1, Highnam Business Centre, Gloucester, England.

We are a verification discount platform. We offer exclusive discounts online.

Certified Rewards discounts are available on the Site.

The controller responsible for your personal data is Certified Rewards Limited.

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this Policy, or if you think it has not been followed, please contact the data privacy manager using the details set out below.

What information will Certified Rewards collect about me and how is it collected?

When you sign up to Certified Rewards we collect personal data about you so that we can provide you with the services offered on the Site, such as:

You provide some data yourself and this may include, for instance, when registering for a Certified Rewards account:

  1. Your email address;
  2. Your date and year of birth;
  3. What gender you identify as; and
  4. For example, Information relating to your student status such as your school, college or university. (When you verify your student status to receive your Certified Rewards ID you can chose a number of methods to verify and some of these may require extra data. You can choose how you verify and which personal data to provide as long as it meets our verification requirements.)

If you’re signed in we’ll also know how you use Certified Rewards. This helps us give you a better, more personalised service, such as:

Information You Give Us: we receive and store any information you provide in relation to Certified Rewards Services. You can choose not to provide certain information but then you might not be able to take advantage of many of our Services.

  • You provide information to us when you:
    • Search for products or services;
    • Create a discount code;
    • Compile your favourites
    • Communicate with us by phone, social media, e-mail, or otherwise;
    • Complete a questionnaire, a support ticket, or a contest entry form;
    • Upload images, videos or other files to your account,
    • Compile Playlists, Watchlists, Wish Lists or gift registries;

Automatic Information: we automatically receive and store certain types of information when you use our Services, such as information about your use, including your interaction with content and services available through our Services. Like many websites, we use cookies and other unique identifiers and we obtain certain types of information when your web browser or device accesses Certified Rewards and other content served by or on behalf of Certified Rewards on other websites.

Examples of the information we collect and analyse include:

  • the Internet protocol (IP) address used to connect your computer to the Internet;
  • login; e-mail address; password;
  • Our emails have a tracking pixel. When you download images or interact with the email by clicking this pixel will track that you have opened an email. Our email service provider will also track what you have clicked on.
  • the location of your device or computer; Through our app we may also find out your location, however you can turn this feature off through your device’s settings.
  • device metrics such as when a device is in use, application usage, connectivity data, and any errors or event failures;
  • purchase and content use history, which we sometimes aggregate with similar information from other customers to create features such as Top 20 Discounts;
  • the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); cookie number; products and/ or content you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs),
  • phone numbers used to call our customer service number. *We may also use device identifiers, cookies, and other technologies on devices, applications and our web pages to collect browsing, usage or other technical information for fraud prevention purposes.

Information From Other Sources: we might receive information about you from other sources. Such as

  • account information, purchase or redemption information and page-view information from Brands with which we operate co-branded businesses or for which we provide technical, fulfillment, advertising or other services;; *search results and links, including paid listings (such as Sponsored Links)

How will Certified Rewards use the information it collects about me?

Information about your gender, age and location helps us see how different people are using the Site and Certified Rewards and to check we’re ensuring verified access only to exclusive student discounts.

Based on what we know about you, we may also show you adverts about Certified Rewards discounts and services on other websites, such as Facebook, Google, Instagram, Snapchat and Twitter. For instance, to let you know about an increased discount for a brand you love.

We use your data to make the Site and Certified Rewards better for you and everyone. Your data helps us to operate, improve and maintain our business whilst at the same time enhances your user experience. This allows us to do things like:

  1. Recommend things we think you’ll like;
  2. Notify you about things you’ve shown us you like, for example, a brand you like getting discounts from; and
  3. Personalising parts of the Certified Rewards service to your tastes, including, for example, emails.

We also use your data for business, regulatory and legal purposes, like:

  1. Verifying your student status;
  2. Getting in touch if we need to tell you about something, like a change to our policies or issues with a service; and
  3. Contacting you to re-verify your student status so you can keep receiving discounts.

Why is Certified Rewards allowed to use my information in this way?

Certified Rewards will only use your personal data in the following circumstances:

  • Where you have asked us to do so, or consented to us doing so.
  • Where we need to do so in order to perform a contract we have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

How long will you keep my personal data?

Except if required otherwise by law, we retain your personal data for as long as necessary to fulfil the purposes for which we collect it and also where we have a legitimate interest in doing so, such as:

  • To enable us to respond effectively to grievances that may arise after you cease to engage with us; or
  • Where you sign up to receive e-mail marketing from us we will retain your e-mail address after you ‘opt-out’ of receiving e-mails in order to ensure that we continue to honour and respect that request.

You can ask us to access, rectify or, in some circumstances, delete your personal data: see ‘Your Rights’ below for further information.

We may also anonymise your data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

If you have not used your Certified Rewards account in the last year then your account may be classed as dormant or may be deleted in line with this Policy. Please check your inbox to see if we've sent you any emails about this recently.

Do you share my data with any other organisations?

We use your data to improve your experience. Our service means that we keep your personal data inside Certified Rewards unless we are required by law to disclose your data or you ask us or give us your permission to share it, for example:

  1. You ask us to or give us your permission to;
  2. To provide you with a discount or access to a partner’s platform; or
  3. If you agree to marketing emails and personalisation, to show you relevant messaging on your social media platforms, to let you know about Certified Rewards discounts we think you’ll enjoy.
  4. Affiliate networks to track sales originating from our service.

We may share your personal data with third party service providers who provide us with a variety of administrative, statistical, and technical services. For example to manage and service our data, distribute emails, research and analysis, manage brand and product promotions as well as administering certain services and features.

We will only provide service providers with the minimum amount of personal data they need to fulfil the services we request, and we stipulate that they protect this information and do not use it for any other purpose. We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights, and their commitments to assisting us to help you exercise your rights as a data subject.

Please note that some of our service providers may be based outside of the European Economic Area (the “EEA”). Where we transfer your data to a service provider that is outside of the EEA we seek to ensure that appropriate safeguards are in place to make sure that your personal data is held securely and that your rights as a data subject are upheld.

Please contact us if you want further information in relation to the transfer of your personal data out of the EEA.

When we share your personal data outside Certified Rewards we will:

  1. Always share it in a secure way;
  2. Make sure it’s treated consistently with this Policy; and
  3. Not allow other companies to use it to contact you with their own marketing unless you give your permission.

If you have registered for a Certified Rewards account this will also allow you to login to third party partner websites and apps. To provide you with a seamless experience, it may be necessary to share your personal data with third party partner websites you choose to use your Certified Rewards login to access. We will only share what we need to in order to provide the service you are using and we will never routinely share all of the data we hold about you.

Your Certified Rewards account will always be covered by the policies of the Site.

Where you opt in for marketing from brands you chose to take codes from, we will share your profile information with the third party including name, email address, university and date of birth. The third party will become a Data Controller, distributing the marketing as governed by their privacy notice. Consent in relation to the third party data controller must be withdrawn directly with said third party. Erasure must also be sought direct with the third party.

Links to third party websites

Please note that where we provide links to third party websites, plug-ins and applications that are not affiliated with Certified Rewards such websites are out of our control and are not covered by this Policy. If you access third party websites using the links provided, the operators of these websites may collect information from you that could be used by them, in accordance with their own privacy policies. Please check these policies before you submit any personal data to these websites.

Your rights

As a data subject you have a number of rights in relation to your personal data. Below, we have described the various rights that you have, as well as how you can exercise them.

Right of Access

You may, at any time, request access to the personal data that we hold which relates to you (you may have heard of this right being described as a "subject access request").

Please note that this right entitles you to receive a copy of the personal data that we hold about you in order to enable you to check that it is correct and to ensure that we are processing that personal data lawfully. It is not a right that allows you to request personal data about other people, or a right to request specific documents from us that do not relate to your personal data.

You can exercise this right at any time by writing to us using contact details set out here and telling us that you are making a subject access request. You do not have to fill in a specific form to make this kind of request.

Your Right to Rectification and Erasure

You may, at any time, request that we correct personal data that we hold about you which you believe is incorrect or inaccurate. You may also ask us to erase personal data if you do not believe that we need to continue retaining it (you may have heard of this right described as the “right to be forgotten”).

Please note that we may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is right. Further, we are not always obliged to erase personal data when asked to do so; if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to erase we will tell you what that reason is at the time we respond to your request.

You can exercise this right at any time by writing to us using the contact details set out here and telling us that you are making a request to have your personal data rectified or erased and on what basis you are making that request. If you want us to replace inaccurate data with new data, you should tell us what that new data is. You do not have to fill in a specific form to make this kind of request.

Your Right to Restrict Processing

Where we process your personal data on the basis of a legitimate interest (see the section of this Policy which explains why we use your personal data) you are entitled to ask us to stop processing it in that way if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid.

You may also ask us to stop processing your personal data (a) if you dispute the accuracy of that personal data and want us verify that data's accuracy; (b) where it has been established that our use of the data is unlawful but you do not want us to erase it; (c) where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend legal claims.

Please note that if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to stop processing, we will tell you what that reason is, either at the time we first respond to your request or after we have had the opportunity to consider and investigate it.

You can exercise this right at any time by writing to us using the contact details set out here and telling us that you are making a request to have us stop processing the relevant aspect of your personal data and describing which of the above conditions you believe is relevant to that request. You do not have to fill in a specific form to make this kind of request.

Your Right to Portability

Where you wish to transfer certain personal data that we hold about you, which is processed by automated means, to a third party you may write to us and ask us to provide it to you in a commonly used machine-readable format.

Because of the kind of work that we do and the systems that we use, we do not envisage this right being particularly relevant to the majority of individuals with whom we interact. However, if you wish to transfer your data from us to a third party we are happy to consider such requests.

Your Right to stop receiving communications

For details on your rights to ask us to stop sending you various kinds of communications, please contact us.

Your Right to object to automated decision making and profiling

You have the right to be informed about the existence of any automated decision making and profiling of your personal data, and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you.

We do not use your personal data for making any automated decisions that would have a significant impact on you.

Exercising your rights

When you write to us making a request to exercise your rights we are entitled to ask you to prove that you are who you say you are. We will require you to provide copies of two of the following ID documents to help us to verify your identity:

  • Passport.
  • Driving licence.
  • Student photo ID card.

It will help us to process your request if you clearly state which right you wish to exercise and, where relevant, why it is that you are exercising it. The clearer and more specific you can be the faster and more efficiently we can deal with your request. If you do not provide us with sufficient information then we may delay actioning your request until you have provided us with additional information (and where this is the case we will tell you).

When will Certified Rewards contact me?

  • in relation to any service, activity or online content you have signed up for, in order to ensure that we can deliver the services, e.g. to verify your email when you sign up for a Certified Rewards account, or to help you reset your password or we need to verify your student status.
  • in relation to any correspondence we receive from you or any comment or complaint you make about Certified Rewards products or services;
  • in relation to any personalised services you are using;
  • in relation to any contribution you have submitted to Certified Rewards, e.g. on the Certified Rewards social message boards or via text or voicemail message;
  • to invite you to participate in surveys about Certified Rewards services (participation is always voluntary);
  • to update you on any material changes to Certified Rewards' policies and practices; and
  • for marketing purposes, as set out below.

We will never contact you to ask for your Certified Rewards account password, or other login information. Please be cautious if you receive any emails or calls from people asking for this information and claiming to be from Certified Rewards.

Will I be contacted for marketing purposes?

Certified Rewards will only send you marketing emails or contact you on Certified Rewards platforms where you have agreed to this.

We offer regular emails, including a weekly update, to let you know about new discounts and services. From time to time we may also contact you to ask your views on issues affecting Certified Rewards.

We may personalise the message content based upon any information you have provided to us and your use of the Site and apps.

We may use information which we hold about you to show you relevant advertising on third party websites (e.g. Facebook, Google, Instagram, Snapchat and Twitter). This could involve showing you an advertising message where we know you have a Certified Rewards account and have used Certified Rewards discounts. If you don’t want to be shown targeted advertising messages from Certified Rewards, some third party websites allow you to request not to see messages from specific advertisers on that website in future.

Web browser cookies

1) What is a Cookie?

A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer, tablet or mobile phone (all referred to here as a "device") web browser from a website's computer and is stored on your device's hard drive. Each website can send its own cookie to your web browser if your browser's preferences allow it. Many websites do this whenever a user visits their website in order to track online traffic flows. Similar technologies are also often used within emails to understand whether the email has been read or if any links have been clicked. If you continue without changing your settings, we’ll assume that you are happy to receive all cookies on the Site. However, you can change your cookie settings at any time.

On the Site, cookies record information about your online preferences and allow us to tailor our websites to your interests.

2) How does Certified Rewards use cookies?

Information supplied by cookies can help us to understand the profile of our visitors and help us to provide you with a better user experience. It also helps us recognise when you are signed in to your Certified Rewards account and to provide a more personalised experience. Certified Rewards uses this type of information to help improve the services it provides to its users.

3) Certified Rewards cookies and how to reject cookies

Full information about how Certified Rewards uses cookies, and how to control what cookies are set on your device through the Site, can be found on Using Certified Rewards.com.

It is important to note that if you change your settings and block certain cookies, you will not be able to take full advantage of some features of Certified Rewards services, and we might not be able to provide some features you have previously chosen to receive.

4) Other information collected from web browsers

Your web browser may also provide Certified Rewards with information about your device, such as an IP address and details about the browser that you are using. Where requesting local discounts, it may be possible for you to choose to provide Certified Rewards with access to your device’s location through the web-browser. We use information provided by your browser or by the link that you have clicked to understand the webpage that directed you to Certified Rewards and this may be captured by performance cookies.

If you have any concerns about the way that we use cookies or in respect of your settings, then please contact us.

Apps and Devices

When you download or use the Certified Rewards app on your mobile device, information may be accessed from or stored to your device. Most often this is used in a similar way to a web browser cookie, such as by enabling the app to ‘remember’ you or provide you with the content you have requested.

Your web browser or device may also provide Certified Rewards with information about your device, such as a device identifier or IP address. Device identifiers may be collected automatically, such as the device ID, IP address, MAC address, IMEI number and app ID (a unique identifier relating to the particular copy of the app you are running).

When you sign in to the Certified Rewards app, your sign-in details may be stored securely on the device you are using, so you can access on the same device without needing to enter your sign-in details again.

Contact Details

If you any questions or comments about this Policy please contact The Data Privacy Manager by email, info@Certified Rewards.com.

How to complain

We hope that we can resolve any query or concern you raise about our use of your data so please in the first instance get in touch via the contact details above.

You do however have the right to make a complaint under the General Data Protection Regulation to a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or via telephone on 0303 123 1113.