It’s important to us that you know that your personal information (data) is protected and that you have a choice about how it is used. This notice explains your rights, how we use your personal data and comply with legal obligations. Our policy won’t apply to any third parties, including our partners and social media platforms, to which our website links, so we advise you to read those individual privacy policies.
Please regularly check this policy because we update it and it is your responsibility as a Member and/or website user to check it. However, if we make a significant change then we will actively let you know, for example, by emailing you i.e. change the way data is processed in a way which Members wouldn’t expect.
The last change to this notice was the 4th October 2018.
We (the data controller) are: We Are Discounts Ltd, a company registered in England and Wales Company number 04009390, whose registered office is at Unit 3 First Floor Glass House Business Park, Glass House Road, Wigan, Lancashire, England, WN3 6GL.
We own and operate the website https://healthservicediscounts.com
We have a data protection officer who can be contacted at email@example.com
You can contact us about any aspect of personal data by using the details provided above. You can also make any complaints about data protection to the Information Commissioner’s Office (ICO) – visit www.ico.org.uk for more information, including accessing their helpline.
Unless detailed otherwise within this policy or lists of those with whom we share data, where we are Joint Controllers of Personal Data we will be the main contact for any individual data subject.
You can contact us using the details above in order to exercise your data protection individual rights under GDPR and UK data protection legislation regarding any data shared.
However, you may also still contact either us or the other Joint Controller (the organisation we are working with) about any personal data which we share.
What personal data do we collect?
We collect personal data (any information that could identify you) but on the basis that we collect the minimum amount of data that we need. You can find out more below.
We collect the following personal data:
- Identification information – such as your name and contact details (home address and/or post code, email, telephone number), date of birth, gender, your occupation, employment sector/type when you register to become a Member or update your profile
- Optional Information which enables us to provide you with more relevant discounts and offers – such as your interests and hobbies, and contract end dates for your utilities
- Information you give to us when you ask us for any help and support (for example, when you submit a request on our website – see (https://healthservicediscounts.zendesk.com/hc/en-gb/requests/new )
- Marketing preferences – such as which discounts and offers you want to receive information about
- Accounting data – relating to the running of our business and paying taxes (partners may tell us what services and/or products you have purchased although this is often anonymised)
- Technical and website use data – such as IP address, browser information, location and time-zone settings, operating system and platform data, as well as data on how you use our website and access partner websites, products, and services
- Statistical information – such as information that forms part of the aggregate information
- Publicly available data – such as information you share on social media
We want your personal data to be accurate and up to date and may periodically contact you about this. However, if there are any changes to your personal data (such as a change of name) please let us know as soon as possible by updating your profile (log into your account and access the “My Profile” section at https://healthservicediscounts.com/my-profile or by emailing or writing to us, using our contact information in the Contacting us section to do so.
How we collect your personal data
We collect your personal data in various ways and you can find out more about this below:
We may collect your personal data in the following ways:
- Information that you give to us when you register, complete and update your “My Profile” section in your account.
- Information that you give to us when you ask us to help or provide support
- Information that you provide when using our website or social media (for example, you may comment on one of our Facebook posts)
- Information that you provide when you enter the lottery (www.healthservicediscountslottery.com, competitions or complete any surveys
- Information about you that is publicly available, such as on online content on social media
- Information from third parties, including our partners when you buy their products or services – we never have your secure financial/payment data (ie credit or debit card details)
- Information we receive when you visit our website from another website or from social media (such as LinkedIn or Twitter)
If you decide not to give us personal data, we may not be able to provide some services to you. For example, without your email address, we can’t email you about any discounts or offers.
Using your personal data (purposes)
We use personal data so that we can:
- Provide you with the discounts, offers, and information you’ve asked for
- Provide you with any help or support and contact you in response to your communications with us
- Give you the best website user experience which can involve using any of your personal data for profiling activities so that we can send you tailored discounts and offers (to meet your own interests) but we also use anonymised data. However, you can opt out of profiling – see the Opting out of profiling section for this
- Help our partners to offer discounts and offers which our Members want
- Invite you to take part in a survey or other market research activities
- Contact you about any competitions we may run, including letting you know if you have won a prize
- Analyse and monitor how secure and effective our website and business is on an ongoing basis
As a responsible organisation, we have additional checks in place (for example with profiling) to protect any vulnerable groups (particularly children).
The lawful basis for using your personal data
We must have a lawful basis before we can process your personal data. You can find out more about which lawful basis we rely on below:
The lawful basis enabling us to use your personal data is one or more of the following:
- when processing is necessary for our legitimate interests or those of a third party, (provided those interests don’t override your interests, freedoms or rights) so that we can source and provide you with the best discounts and offers. As from the 25th of May 2018 you have a right to object to us using your personal information for these legitimate interests. This includes a right to object to profiling – see Your personal data rights section following.
- to comply with a legal obligation (such as when we need to comply with the law or you exercise your data protection rights)
- where you have consented to the processing of your personal data, such as for marketing purposes. Remember you can change your mind at any time by updating your e-mail preferences (log into your account and access the “E-Mail Preferences” section at https://healthservicediscounts.com/email-preferences or by emailing or writing to us, using our contact information in the Contacting us section) but this may mean we can’t keep you up-to-date with the latest offers and discounts
Opting out of profiling
You can opt out of profiling which we use, for example, so that we can send you tailored discounts and offers which meet your own interests by
- emailing or writing to us, using our contact information in the Contacting us section
We have put appropriate technical and security measures in place to protect your personal data. You can find out more below:
To protect your personal data, we have put the following measures in place:
- security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, as well as altered or disclosed (including encryption and restricted access)
- internal policies and procedures (including a data protection policy) to deal with any issues, including notifying you where applicable
- undertaking a Data Protection Impact Assessment and similar safeguards to both consider and address the risks when appropriate, for example, before we start any new profiling
Sharing and disclosing your personal data
Subject to data protection law, we may share or disclose your personal data with:
- our partners, so that we can ensure you get the best discounts and offers
- those who are providing products and services to us (such as subcontractors and suppliers) if they have appropriate processes in place to protect it
- government agencies and where the law requires us to share or disclose your information
- authorised third parties who track and store information about visitors to our website (including IP addresses)
- third parties who improve fraud protection and protect the security or integrity of our business operations
- any person or organisation to whom the business is sold or transferred
Otherwise, we will only share your personal information if you have consented to this.
Aside from the third parties who may receive anonymised data (see the Non-personal Information section) we share data with
- Our partners - lists of the types of third parties with whom we share data is can be found below. We’re always concerned about equality and accessibility so we’ve got separate lists to make it easier to view. However, we anonymise this data in so far as is possible and limit data sharing to the minimum needed for you to access offers
- A list of the third parties with whom we share data is can be found here:
Lists of third parties with whom we share data
1. Our Partners
We share data with our Partners – organisations we “partner” with
Why do we share it? To bring you the best discounts and offers and to run our website and business effectively
A list of the third parties (our partners) with whom we share data can be found here https://healthservicediscounts.com/retailers-a-z
We share data with the Health Service Discounts Lottery - www.healthservicediscountslottery.com
2. Our usual Suppliers
These are some of the great organisations which supply us with services and products. Please also look at our section about Suppliers who keep data secure.
We share data with:
For retargeting marketing – To show targeted ads to people who have visited our website https://www.facebook.com/about/privacy/update
For retargeting marketing – To show targeted ads to people who have visited our website https://policies.google.com/privacy?hl=en&gl=uk
Web analytics https://policies.google.com/privacy?hl=en-GB
File sharing and document management https://policies.google.com/privacy?hl=en-GB
To track preferences so we can offer you the best deals based on your choices http://www.jetlore.com/privacy
HM Revenue and Customs
Financial records as required by law https://www.gov.uk/government/organisations/hm-revenue-customs/about/personal-information-charter
2. Suppliers who keep data secure
Data security is important to us, so we list the types of organisations which we use but we don’t display their details on our website to avoid exposure to hackers and anyone who may misuse the information (so your personal data is not vulnerable). Any data subject can find out more by emailing our Data Protection Officer at firstname.lastname@example.org
We share data with:
Organisations who host our websites, so they stay on line and are secure.
Organisations who help us develop and maintain our websites this is so that we can develop our websites, offer more functions and make sure they run securely, effectively and efficiently.
Organisations who provide us with email services so that we can send and receive emails.
Organisations who provide us with financial services and products including accounting, banking and payment providers, this is so we can run our business, do our accounts and pay our taxes and the lovely people who work here.
Marketing organisations to help market and promote our website and to track preferences so we can offer you the best deals based on your choices.
We require all these third parties to respect your personal data, to process it on our instructions (where we are the data controller) and comply with the law in relation to data protection.
Your personal data rights
The law gives you certain rights in relation to your personal data and to exercise these rights contact our Data Protection Officer at email@example.com. The following rights may apply to personal data we collect and process it (these can vary according to the lawful basis we rely on to process personal data) so that you can:
- Access personal data that we hold about you (Right to access your personal data)
- Make changes to your personal data if it is incomplete or inaccurate (Right to rectification). You can do this by logging into your account and accessing the “My Profile” section at https://healthservicediscounts.com/my-profile and making the changes, or by emailing or writing to us, using our contact information in the Contacting us section to do so.
- Restrict the processing of your personal data in certain circumstances, including where we are relying on legitimate interest as a lawful basis to process your personal data and you need us to check this basis.
- Ask us to erase your personal data (Right to be forgotten) and prevent processing in specific circumstances, particularly when your consent is the lawful basis for us processing your data.
- Object to us processing your personal data in certain circumstances, including profiling and profiling for marketing purposes, and where we rely on legitimate interest as a lawful basis to process your personal data.
- Obtain and reuse your personal data for your own purposes across different platforms (data portability) where the processing is based on your consent or for the performance of a contract.
Exercising your rights
When you choose to exercise any of your data protection rights: -
- We will ask you for some information (primarily identification and clarification) and we can supply an optional form for you to complete if you would like to use it.
- We will deal with your request as soon as we are able to; usually, that’s within one month of receiving it.
- If there is going to be a delay in dealing with your request (for example, because it’s complex) or there is a reason why we can’t comply with your request, we will let you know and explain why within one month of receiving your request.
- There is usually no charge unless your request is manifestly unfounded or excessive.
Retaining personal data
We only retain personal data for as long as it is reasonably required before it is deleted, destroyed, or anonymised. Information about data retention, including the criteria we use, can be found here.
We use the following criteria for data retention:
- Retention to deal with queries:
- Retention to meet legal and regulatory requirements: For example, we keep personal data after you cease to be a Member because we have legal and regulatory requirements to meet.
Our data retention details are below:
Potential Members - We will retain personal data for 12 months from the date of our last contact.
Members - We will retain personal data for 7 years from the date that you ceased to be a member
Potential Partners - We will retain personal data for 12 months from the date of our last contact.
Partners - We will retain personal data for 7 years from the date that you ceased to be a partner.
Potential Suppliers - We will retain personal data for 6 months from the date of the last time you contacted us.
Suppliers - We will retain personal data for 7 years from the date that you ceased to be a supplier.
Employees - We will retain personal data for 7 years from the date that you ceased to be an employee.
Potential employees - We will retain personal data for 12 months from the date of the last time you contacted us.
Transferring personal data
Your data may be transferred or stored outside the EU to countries who may not have the same data protection as the EU but, if we do this, we will have an agreement with the third party who will be using an approved mechanism to keep the personal data secure. This means transferring data to providers who:
- adhere to certain agreed codes of conduct or certification approved by the European Commission, or
- the European Commission deems to have an adequate level of protection for personal data, or
- are based in the USA and are part of the EU-US Privacy Shield.
If one of these safeguards isn’t in place, we’ll ask for your explicit consent, which can be withdrawn at any time.
To help us effectively run our website and business, our website collects non-personal information or aggregated information (which doesn’t identify an individual) from those who use it. For example, Google Analytics collects information about our website visitors, but the information is processed so that an individual cannot be identified from it because we work in accordance with their guidelines, so personal data should not be used or shared with them. Website searches may be powered by third parties but are anonymised.