1. Who we are and who this Privacy Statement applies to
1.1 This Privacy Statement is provided by NOUMI Digital Limited & B P Digital LTD (“we“, “our” or “us“). We are a ‘controller’ for the purposes of the UK General Data Protection Regulation (EU) 2016/679 and the UK’s Data Protection Act 2018 (collectively referred to as the “Data Protection Laws“). We take your privacy very seriously. We ask that you read this Privacy Statement carefully, as it contains important information about our processing and your rights.
1.2 This Privacy Statement applies to the individuals (“you” and “your“) that have created an account to use the ‘NOUMI’ mobile application software (“App“) developed by us. This Privacy Statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us in connection with your use of the App. Please read the following carefully to understand our practices regarding your personal data and how we will treat it. Please also read our End User Licence Agreement (available here[1]) which describes the basis on which we permit you to use the App.
1.3 The App Storefrom which you download a copy of the App will implement its own privacy policy relating to personal data processed by the App Storein connection with your use of the App Storesite, including the download of the App from the appstore.
1.4 You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues. Information about how to do this is available on its website at ico.org.uk.
1.5 You can manage your preferences for push notifications at any time through your device’s notifications permissions settings, which is determined by your device’s operating system (either iOS or Android).
2. How to contact us
2.1 If you have any questions about this Privacy Statement, how we handle your personal data or would like to exercise any of your legal rights (as set out at paragraph 10), please contact:
(a) Addressee: Data Protection Director.
(b) Registered address/principal place of business: Dalton House, 9 Dalton Square, Lancaster, England, LA1 1WD.
(c) Email:[email protected].
3. Changes to this Privacy Statement
3.1 The latest version of this Privacy Statement can be found in the ‘my account section of the App.
3.2 We may change this Privacy Statement from time to time. We will alert you when any changes are made by email or via the App.
4. What personal data we collect, how we collect your personal data and why we process your personal data
4.1 We process the following types of personal data:
(a) Identity data: (i) full name (ii) email address (iii) year of birth and (iv) geographical location.
(b) Special categories of data: none.
4.2 Purpose of processing: Account registration.
Why do we need to process your personal data?: To identify you as a user of the App, create your account and grant you access to the App’s various functionalities. However, if you log in to the App using your Apple account email address and you select the option to anonymise your Apple account email address, we will not be provided with your Apple account email address, but instead will be provided a random email address generated by Apple which Apple assigns to you.
Your data helps NOUMI & NOUMI Partners personalise offers, loyalties and promotions based on gender, age and demographics. We may use your historical receipt data to help further personalise your offers, loyalties and promotions.
Types of personal data processed: E-mail address. Logs of when you registered. Year of birth.
4.3 Purpose of processing: To contact you and manage the App.
Why do we need to process your personal data?: To identify you as a user of the App, create your account and grant you access to the App’s various functionalities. To provide updates or informative notices, as set out in our end-user licence agreement (“EULA“). To activate the mechanisms necessary to detect and prevent unauthorised uses of the App. If we detect unauthorised uses of the App (as set out in our EULA), we may disable your access to or use of your account.
Types of personal data processed: E-mail address, logs of when you downloaded the App, , when you used it, how long you used it for, how many times you scanned receipts and the features of the App that you use or do not use. Device brand and model.
4.4 Purpose of processing: To manage or resolve your query or request.
Why do we need to process your personal data?: To manage and administer your use of the App, including responding to queries or complaints.
Types of personal data processed: E-mail address.
4.5 Purpose of processing: To send you direct marketing communications.
Why do we need to process your personal data?: To send you directing marketing to the extent you have opted in to receive direct marketing from us concerning products, services, and offers available from our retailer partners. You can withdraw your consent to receiving direct marketing at any time e-mailing [email protected].
Types of personal data processed: E-mail address.
4.6 Purpose of processing: your accurate use of the App.
Why do we need to process your personal data?: When you register for the App you are sent a prompt by your mobile phone’s operating system asking whether you would like to consent to the App using your location data in order for us to provide you with details of where you can use the App’s services and offers in your location that may be relevant to you. This enables the App to collect information about your geographic location and exact positioning without which we cannot provide these particular services to you. We will only collect data about your location while you are using the App or when the App is running in the foreground or background. You can disable location services using the settings in your phone’s operating system but this may prevent or limit your use of Our services.
Types of personal data processed: Location.
4.7 Purpose of processing: Optimisation of the App.
Why do we need to process your personal data?: We monitor the way in which you use and interact with the App. We use this information to develop and optimise the App.
Types of personal data processed: E-mail address.
5. How we are legally permitted to process your personal data
5.1 We are allowed to process your personal data for the purposes set out at paragraph 4 (what personal data we collect and why we process your personal data) based on the legal bases explained below.
5.2 You can object to processing that we carry out on the grounds of legitimate interests. See paragraph 10 (Your rights) to find out how.
5.3 Purpose of processing: Account registration.
Legal basis for processing: In order for you to be able to create an account and register as a user of the App, we process your personal data as it is necessary for the performance of a contract, i.e. we would otherwise be unable to manage your registration, set up an account for you and provide you with access to the App.
5.4 Purpose of processing: To contact you and manage the App.
Legal basis for processing: We have a legitimate interest to contact you to provide updates or informative notices. We have a legitimate interest to carry out the necessary verifications to detect and prevent unauthorised uses of the App. This purpose of processing is required and beneficial for all parties. For example, it allows us to put in place measures to protect you against unauthorised use of your account by a third party and as it allows us to avoid unauthorised uses of the App.
5.5 Purpose of processing: To allow you to use the App.
Legal basis for processing: In order for you to be able to use the features of the App, we process your personal data as it is necessary for the performance of a contract, i.e. we would otherwise be unable to provide you with access to the App. As part of this, you will share receipt data with us which may include the any of the following data: total spend, total number of items, individual product descriptions, product prices, offers, name and address of store, date and time of the receipt and any loyalty card or membership numbers printed on the receipt. Where we process your location data, we rely on your consent as the basis for collecting and using such data.
5.6 Purpose of processing: to create insights into users’ preferences.
Legal basis for processing: we rely on our legitimate interests to create aggregated insights, segmentations and models about App users’ preferences and shopping behaviour and to measure the effectiveness of advertising campaigns (see below 8.3 below for details). This involves (i) combining the information we have collected about you (including from any receipts you have collected via the App and data surveys you have taken part in) to enrich our profile about you; (ii) combining the data about all App users; and (iii) analysing this data so that we can identify trends and patterns of behaviour. When we do this, we may analyse the data of all App users or just segments of App users. From this analysis we create reports with aggregated insights, segmentations and models and we provide these aggregated reports to our partners. These reports only ever include aggregated insights about App users, not individuals, so these reports cannot identify you.
5.7 Purpose of processing: To manage or resolve your query or request.
Legal basis for processing: We have a legitimate interest in responding to your queries. When your request is related to the exercise of your rights as set out at paragraph 10 (your legal rights), we are legally permitted to process your data for compliance with our legal obligations.
5.8 Purpose of processing: To send you direct marketing.
Legal basis for processing: We will only send you direct marketing communications if we have your consent and you have not opted out of receiving that marketing. You have the right to withdraw your consent at any time by e-mailing [email protected]. This will include details of the services we provide, special offers, promotions, prize draws and competitions we operate and other marketing information.
5.9 Purpose of processing: Optimisation of the App.
Legal basis for processing: We have a legitimate interest to optimise and improve the App. By processing this information we are able to create an App that is more efficient and easier to use. This is beneficial for all parties.
6. How we keep your personal data secure
6.1 All personal data you provide to us is stored on our secure servers. Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.
7. How long we keep your personal data
We shall retain your personal data until you instruct us to delete your account.
8. Organisations we may share your personal data with
8.1 We use processors to support our App, for example, hosting providers and developers. Some of these service providers will process your personal data as part of the services they offer to us. We take steps to ensure that our service providers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure. If you would like to know the names of our service providers, please contact us (see paragraph 2 (how to contact us)).
8.2 Our App will feature offers from our partner organisations. You can choose to redeem partner offers via the App. The list of partners is available [here] and will be updated from time to time. Our App may, from time to time, contain links to and from the websites of our partners, advertisers and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.
8.3 Where you have agreed to receive our marketing communications, such messages will contain offers relating to our partners’ products and services which you can benefit from under the scheme, as well as our own offers and promotions. You can opt out of receiving these direct marketing communications at any time by following the instructions set out in each marketing communication or by changing your preferences within your account settings on the App or by contacting [email protected]. To measure the effectiveness of advertising campaigns for our partners we analyse changes in shopping behaviour of App users who have been shown a particular advertisement by a partner and those who have not. We do this by comparing anonymous, aggregated data on which users were shown the advert and which were not. We provide these aggregated reports, which don’t identify individual App users, to the relevant partners.
8.4 If you opt-out of receiving direct marketing communications, you will still receive essential service-related communications related to your account and the operation of the App.
8.5 Data we share with our customers / retailers and partners will always be anonymised, we may share your personal data such as gender, age and approximate location with our group companies, our customers / retailers and partners who offer the NOUMI Solution but we will never share your email address with our customers / retailers and partners.
8.6 We collect generic information about the way customers use the App to improve its functionality and user experience. This information is aggregated with that of other users of the App and cannot be used to identify you personally. You may also be able to adjust and save certain settings in the App manually via the ‘Settings’ section of the App. This allows us to improve your experience while using the App (for example we may aggregate usage data to calculate the percentage of users accessing a specific feature). In some cases we do this through the use of cookies, pixel tags, or similar technologies that create and maintain unique identifiers.
8.7 We may share your data with:
(a) any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
(b) to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Statement;
(c) to any other person with your consent to the disclosure.
(d) We may share your personal data with our group companies, our customers / retailers who offer the NOUMI Solution.
9. Transfer of personal data
9.1 Your personal information may be transferred to, and stored and processed in, one or more countries outside of the United Kingdom, including countries which do not provide equivalent protection for personal information. In these circumstances, we will take reasonable steps and implement appropriate measures to ensure that your personal information is adequately protected in accordance with the law.
9.2 Please contact us (see paragraph 2 (how to contact us)) if you want further information on the specific safeguards used by us when transferring your personal information out of the United Kingdom.
10. Your legal rights
10.1 As a data subject, you have the following legal rights under the Data Protection Laws (set out below) in relation to your personal data. You can exercise these rights free of charge, by contacting us (please see paragraph 2 (how to contact us). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex (in which case, we will respond within three months).
10.2 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
10.3 Please be aware that there are exceptions and exemptions that apply to some of these rights, which we will apply in accordance with the Data Protection Laws.
10.4 Your data protection right: Right to be informed.
What does this mean? You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data (and what your rights are). This is why we are providing you with this Privacy Statement.
10.5 Your data protection right: Right of access
What does this mean? You have the right to obtain access to your personal data processed by us, and certain other information (similar to that provided in this Privacy Statement).This is so you are aware and can check that we are using your information in accordance with Data Protection Laws.You may ask for:
(a) a copy of your information;
(b) details of the purpose for which it is being processed;
(c) details of the recipients or classes of recipients to whom it is or could be disclosed (including if they are overseas and what protections they have in place);
(d) the period for which it is held (or the criteria which determine the period for which it is held);
(e) any information available about the source of the personal data; and
(f) whether we carry out any automated decision-making or profiling, and where we do, information about the logic involved and the outcome or consequences of that decision or profiling.
To help us find the information, please give us as much information as possible about the type of personal data you would like to see.
10.6 Your data protection right: Right to rectification.
What does this mean? You are entitled to have your information corrected if it is inaccurate or incomplete. If you would like us to do this, please contact us (see paragraph 2 (how to contact us)). It is your responsibility to let us know if there are inaccuracies or changes to your personal data.
10.7 Your data protection right: Right to erasure.
What does this mean? This is also known as the ‘right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where:
(a) you do not believe that we need your personal data in order to process it for the purposes set out in this Privacy Statement;
(b) if you gave us consent to process your personal data, you have withdrawn that consent and we cannot otherwise legally process your personal data;
(c) you object to our processing and we do not have any legitimate interests that mean we can continue to process your personal data; or
(d) your personal data has been processed unlawfully or have not been erased when it should have been.
10.8 Your data protection right: Right to restrict processing.
What does this mean? You have right to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information (but cannot use it further). You may request that we stop processing your personal data temporarily if:
(a) you do not think your personal data is accurate. We will start processing again once we have checked whether or not the personal data is accurate;
(b) the processing is unlawful but you do not want to erase your personal data;
(c) we no longer need the personal data for our processing, but you need the personal data to establish, exercise or defend legal claims; or
(d) you have objected to the processing because you believe that your interests should override our legitimate interests.
10.9 Your data protection right: Right to data portability.
What does this mean? You have rights in certain circumstances to obtain and reuse your personal data for your own purposes across different services.
10.10 Your data protection right: Right to object to processing.
What does this mean? You have the right to object to certain types of processing (including processing based on our legitimate interests and processing for direct marketing).
10.11 Your data protection right: Right to withdraw consent.
What does this mean? If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do withdraw consent, it does not mean anything we have done with your personal data with your consent up to that point is unlawful.) We make this withdrawal easy for you. Please e-mail [email protected] if you wish to withdraw your consent at any time. We will also contact you via email to allow you to assess the consent which you have given us.
10.12 You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.
11. Changes
11.1 We will review this Privacy Statement regularly and modify it from time to time. This Privacy Statement was last updated on 23rd December 2023.