What we do
We provide services to the owners of websites selling goods and services online, also known as e-commerce platforms and described in this policy as “merchants”.
Our services are intended to personalise your shopping experience and to present items that may of interest to you. We achieve this by comparing your browsing history with behavioural studies that match your profile.
To achieve this, we use a single unique identifier called the “ShopperID” that is stored in a Cookie placed in your browser and which is used to identify the outcome of your visit or session on the merchant’s website.
Our ShopperID does not retain any personally identifiable information about you.
We do not collect any personally identifiable information about you when you visit our website, other than information that you choose to submit to us, such as your contact details.
However, we may collect and aggregate information about the use of our site, including which pages are most frequently visited, how many visitors we receive daily, and how long visitors stay on each page.
We act as the processor of information that is collected by or on behalf of the merchants to whom we provide our services. Each merchant is required to ask your permission to collect and process any personal data about you and our processing is covered by this consent.
If you have provided us with your personal data, then we will be the controller of that information and we will process it to respond to your request.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We may collect the following kinds of personal data about you while a merchant is using our services:
However, we do not retain this information at the end of the relevant shopping session and the ShopperID is anonymised at the end of the session so that we do not retain personally identifiable information relating to you. We may use anonymised information product development.
We may collect the following kinds of personal data about you when you visit our website;
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We use different methods to collect data from and about you including through:
We will only use your personal data when the law allows us to. Note that we may process your personal data on more than one lawful basis depending on the specific purpose for which we are using your data.
We will use the following types of data:
We will not use the personal data that you provide directly to us for marketing or provide it to third parties for their marketing. If in the future, we wish to use your data for marketing activities, we will notify you and obtain your consent.
Change of purpose
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may share your personal data with the merchants to whom we provide our services, though we will only do so in respect of the specific merchants that you use.
We require merchants to respect the security of your personal data and to treat it in accordance with the law and the terms of our contract with them.
[do you need to make a statement regarding analytics providers, eg Google Analytics?]
We will not transfer your personal data outside the UK. However, merchants may do so and you should check their privacy policies to understand when this may happen.
Where we have a contract with a merchant, we may be required to transfer personal data outside the UK. In these circumstances, the transfer will be to a country that provides adequate protection for personal data and/or is subject to the terms of a written contract, such as the Standard Contractual Clauses approved by the EU Commission (see here).
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed.
In addition, the ShopperID provides us with a unique identifier and we do not receive personally identifiable information from merchants. Consequently, we do not store or retain your personal data when we provide our services to merchants.
We will only retain your personal data collected via our website for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
We will retain your ShopperID for 180 days or longer if we need to confirm payment for our services from a merchant.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These circumstances are:
If you wish to exercise any of the rights set out above, please contact us at [email@example.com].
No fee is usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.