1. Who we are and who this Privacy Statement applies to

1.1  This Privacy Statement is provided by NOUMI Digital Limited ("we", "our" or "us"). We are a 'controller' for the purposes of the UK General Data Protection Regulation (EU) 2016/679 and the UK's Data Protection Act 2018 (collectively referred to as the "Data Protection Laws"). We take your privacy very seriously. We ask that you read this Privacy Statement carefully, as it contains important information about our processing and your rights.

1.2  This Privacy Statement applies to the individuals ("you" and "your") that have created an account to use the 'NOUMI' mobile application software ("App") developed by us. This Privacy Statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us in connection with your use of the App. Please read the following carefully to understand our practices regarding your personal data and how we will treat it. Please also read our End User Licence Agreement (available here) which describes the basis on which we permit you to use the App.

1.3 The AppStore from which you download a copy of the App will implement its own privacy policy relating to personal data processed by the AppStore in connection with your use of the AppStore site, including the download of the App from the AppStore.

1.4 You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues. Information about how to do this is available on its website at www.ico.org.uk.

2. How to contact us

2.1  If you have any questions about this Privacy Statement, how we handle your personal data or would like to exercise any of your legal rights (as set out at paragraph 10), please contact:

(a) Addressee: Data Protection Director.

(b) Registered address/principal place of business: Dalton House, 9 Dalton Square, Lancaster, England, LA1 1WD.

(c) Email:hello@NOUMI.app.

3. Changes to this Privacy Statement

3.1 The latest version of this Privacy Statement can be found in the 'my account section of the App.

3.2 We may change this Privacy Statement from time to time. We will alert you when any changes are made by email or via the App.

4. What personal data we collect, how we collect your personal data and why we process your personal data

4.1 We process the following types of personal data:

(a)  Identity data: (i) full name (ii) email address (iii) year of birth and (iv) geographical location

(b)  Special categories of data: none.

4.2 Purpose of processing: Account registration.

Why do we need to process your personal data?: To identify you as a user of the App, create your account and grant you access to the App's various functionalities. However, if you log in to the App using your Apple account email address and you select the option to anonymise your Apple account email address, we will not be provided with your Apple account email address, but instead will be provided a random email address generated by Apple which Apple assigns to you. If you anonymise your Apple account email address, you will not be able to receive direct marketing from us.

Types of personal data processed: E-mail address

4.3 Purpose of processing: To contact you and manage the App.

Why do we need to process your personal data?: To identify you as a user of the App, create your account and grant you access to the App's various functionalities. To provide updates or informative notices, as set out in our end-user license agreement ("EULA"). To activate the mechanisms necessary to detect and prevent unauthorized uses of the App. If we detect unauthorized uses of the App (as set out in our EULA), we may disable your access to or use of your account.

Types of personal data processed: E-mail address.

4.4 Purpose of processing: To manage or resolve your query or request.

Why do we need to process your personal data?: To manage and administer your use of the App, including responding to queries or complaints.

Types of personal data processed: E-mail address.

4.5 Purpose of processing: To send you direct marketing communications.

Why do we need to process your personal data?: To send you directing marketing to the extent you have opted in to receive direct marketing from us concerning products, services, and offers available from our retailer partners. You can withdraw your consent to receiving direct marketing at any time e-mailing hello@NOUMI.app.

Types of personal data processed: E-mail address.

4.6 Purpose of processing: Optimisation of the App.

Why do we need to process your personal data?: We monitor the way in which you use and interact with the App. We use this information to develop and optimise the App.

Types of personal data processed: E-mail address

5. How we are legally permitted to process your personal data

5.1 We are allowed to process your personal data for the purposes set out at paragraph 4 (what personal data we collect and why we process your personal data)based on the legal bases explained below.

5.2 You can object to processing that we carry out on the grounds of legitimate interests. See paragraph 10 (Your rights) to find out how.

5.3 Purpose of processing: Account registration

Legal basis for processing: In order for you to be able to create an account and register as a user of the App, we process your personal data as it is necessary for the performance of a contract, i.e. we would otherwise be unable to manage your registration, set up an account for you and provide you with access to the App.

5.4 Purpose of processing: To contact you and manage the App.

Legal basis for processing: We have a legitimate interest to contact you to provide updates or informative notices. We have a legitimate interest to carry out the necessary verifications to detect and prevent unauthorized uses of the App. This purpose of processing is required and beneficial for all parties. For example, it allows us to put in place measures to protect you against unauthorized use of your account by a third party and as it allows us to avoid unauthorized uses of the App.

5.5 Purpose of processing: To manage or resolve your query or request.

Legal basis for processing: We have a legitimate interest in responding to your queries. When your request is related to the exercise of your rights as set out at paragraph 10 (your legal rights), we are legally permitted to process your data for compliance with our legal obligations.

5.6 Purpose of processing: To send you direct marketing

Legal basis for processing: We will only send you direct marketing communications if we have your consent and you have not opted out of receiving that marketing. You have the right to withdraw your consent at any time by emailing hello@NOUMI.app. This will include details of the services we provide, special offers, promotions, prize draws and competitions we operate, and other marketing information.

5.7 Purpose of processing: Optimisation of the App.

Legal basis for processing: We have a legitimate interest to optimise and improve the App. By processing this information we are able to create an App that is more efficient and easier to use. This is beneficial for all parties.

6. How we keep your personal data secure

6.1 All personal data you provide to us is stored on our secure servers. Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.

7. How long we keep your personal data

We shall retain your personal data until you instruct us to delete your account.

8. Organisations we may share your personal data with

8.1 We use processors to support our App, for example, hosting providers and developers. Some of these service providers will process your personal data as part of the services they offer to us. We take steps to ensure that our service providers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure. If you would like to know the names of our service providers, please contact us (see paragraph 2 (how to contact us)).

8.2 Our App will feature offers from our partner organizations. You can choose to redeem partner offers via the App. The list of partners is available [here] and will be updated from time to time.

8.3 Where you have agreed to receive our marketing communications, such messages will contain offers relating to our partners’ products and services which you can benefit from under the scheme, as well as our own offers and promotions. You can opt-out of receiving these direct marketing communications at any time by following the instructions set out in each marketing communication or by changing your preferences within your account settings on the App or by contacting hello@NOUMI.app

8.4 If you opt out of receiving direct marketing communications, you will still receive essential service-related communications related to your account and the operation of the App.

8.5 We may share your personal data with our group companies.

8.6 We collect generic information about the way customers use the App to improve its functionality and user experience. This information is aggregated with that of other users of the App and cannot be used to identify you personally. You may also be able to save certain settings in the App manually. This allows us to improve your experience while using the App (for example we may aggregate usage data to calculate the percentage of users accessing a specific feature).  In some cases we do this through the use of cookies, pixel tags, or similar technologies that create and maintain unique identifiers.

8.7 We may share your data to

(a) any competent law enforcement body, regulatory, government agency, court or other third parties where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;

(b) to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Statement;

(c) to any other person with your consent to the disclosure.

9. Transfer of personal data

9.1 Your personal information may be transferred to and stored and processed in, one or more countries outside of the United Kingdom, including countries which do not provide equivalent protection for personal information. In these circumstances, we will take reasonable steps and implement appropriate measures to ensure that your personal information is adequately protected in accordance with the law.

9.2 Please contact us (see paragraph 2 (how to contact us)) if you want further information on the specific safeguards used by us when transferring your personal information out of the United Kingdom.

10. Your legal rights

10.1 As a data subject, you have the following legal rights under the Data Protection Laws (set out below) in relation to your personal data. You can exercise these rights free of charge, by contacting us (please see paragraph 2 (how to contact us). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex (in which case, we will respond within three months).

10.2 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

10.3 Please be aware that there are exceptions and exemptions that apply to some of these rights, which we will apply in accordance with the Data Protection Laws.

10.4 Your data protection right: Right to be informed.

What does this mean? You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data (and what your rights are). This is why we are providing you with this Privacy Statement.

10.5 Your data protection right: Right of access

What does this mean? You have the right to obtain access to your personal data processed by us, and certain other information (similar to that provided in this Privacy Statement). This is so you are aware and can check that we are using your information in accordance with Data Protection Laws. You may ask for:

(a) a copy of your information;

(b) details of the purpose for which it is being processed;

(c) details of the recipients or classes of recipients to whom it is or could be disclosed (including if they are overseas and what protections they have in place);

(d) the period for which it is held (or the criteria which determine the period for which it is held);

(e) any information available about the source of the personal data; and

(f) whether we carry out any automated decision-making or profiling, and where we do, information about the logic involved and the outcome or consequences of that decision or profiling.

To help us find the information, please give us as much information as possible about the type of personal data you would like to see.

10.6 Your data protection right: Right to rectification.

What does this mean? You are entitled to have your information corrected if it is inaccurate or incomplete. If you would like us to do this, please contact us (see paragraph 2 (how to contact us)).  It is your responsibility to let us know if there are inaccuracies or changes to your personal data.

10.7 Your data protection right: Right to erasure.

What does this mean? This is also known as the 'right to be forgotten' and, in simple terms, enables you to request the deletion or removal of your information where:

(a)  you do not believe that we need your personal data in order to process it for the purposes set out in this Privacy Statement;

(b) if you gave us consent to process your personal data, you have withdrawn that consent and we cannot otherwise legally process your personal data;

(c) you object to our processing and we do not have any legitimate interests that mean we can continue to process your personal data; or

(d) your personal data has been processed unlawfully or have not been erased when it should have been.

10.8 Your data protection right: Right to restrict processing.

What does this mean? You have right to 'block' or suppress further use of your information. When processing is restricted, we can still store your information (but cannot use it further). You may request that we stop processing your personal data temporarily if:

(a) you do not think your personal data is accurate. We will start processing again once we have checked whether or not the personal data is accurate;

(b) the processing is unlawful but you do not want to erase your personal data;

(c) we no longer need the personal data for our processing, but you need the personal data to establish, exercise or defend legal claims; or

(d) you have objected to the processing because you believe that your interests should override our legitimate interests.

10.9 Your data protection right: Right to data portability.

What does this mean? You have rights in certain circumstances to obtain and reuse your personal data for your own purposes across different services.

10.10 Your data protection right: Right to object to processing.

What does this mean? You have the right to object to certain types of processing (including processing based on our legitimate interests and processing for direct marketing).

10.11 Your data protection right: Right to withdraw consent.

What does this mean? If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do withdraw consent, it does not mean anything we have done with your personal data with your consent up to that point is unlawful.) We make this withdrawal easy for you. Please e-mail hello@NOUMI.app if you wish to withdraw your consent at any time. We will also contact you via email to allow you to assess the consent which you have given us.

10.12 You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

11. Changes

11.1 We will review this Privacy Statement regularly and modify it from time to time. This Privacy Statement was last updated on 13 September 2022.