It is important to us that you know that your personal information (data) is protected and that you have a choice about how it is used. This notice explains your rights, how we use your personal data and comply with legal obligations. Our policy does not apply to any third parties, including social media platforms and our partners from whom you access discounts and offers, so we advise you to read those individual privacy policies.
Please regularly check this policy because we update it, and it is your responsibility as a Member and/or website user to check it. However, if we make a significant change then we will actively let you know, for example, by emailing you, i.e., if we change the way data is processed in a way which Members would not expect.
The last change to this notice was on the 14 September 2021.
We (the data controller) are: Network Digital Marketing Ltd, a company registered in England and Wales Company number 04009390, whose registered office is at Unit 3 First Floor Glass House Business Park, Glass House Road, Wigan, Lancashire, England, WN3 6GL.
We own and operate the website https://healthservicediscounts.com.
We have a data protection officer who can be contacted at [email protected]
You can contact us about any aspect of personal data by using the details provided above. You can also make any complaints about data protection to the Information Commissioner’s Office (ICO) – visit www.ico.org.uk for more information, including accessing their helpline.
Unless detailed otherwise within this policy or lists of those with whom we share data, where we are Joint Controllers of personal data, we will be the main contact for any individual data subject.
You can contact us using the details above in order to exercise your data protection individual rights under GDPR and UK data protection legislation regarding any data shared.
However, you may also still contact either us or the other Joint Controller (the organisation we are working with) about any personal data which we share.
What personal data do we collect?
We collect personal data (any information that could identify you) but on the basis that we collect the minimum amount of data that we need. You can find out more below.
We collect the following personal data:
- Identification information – such as your name and contact details (home address and/or post code, email, telephone number), date of birth, gender, your occupation and employment sector/type when you register to become a Member or update your profile
- Optional Information which enables us to provide you with more relevant discounts and offers – such as your interests and hobbies, and contract end dates for your utilities
- Information you give to us when you ask us for any help and support through our contact form – see https://healthservicediscounts.zendesk.com/hc/en-gb/requests/new
- Communication preferences – such whether you want to receive emails or not
- Accounting data – relating to the running of our business and paying taxes (partners may tell us what services and/or products you have purchased although this is often anonymised)
- Technical and website use data – such as IP address, browser information, location and time-zone settings, operating system and platform data, as well as data on how you use our website and access partner websites, products, and services
- Application status, card status, and how you use your ‘Ode card’, if you have decided to become a cardholder - see the information below under the heading ‘The Ode Card’).
- Communications data - how you respond to our email communications about partner offers or deals, when you respond and the approximate geo-location of your device.
We want your personal data to be accurate and up to date and may periodically contact you about this. However, if there are any changes to your personal data (such as a change of name) please let us know as soon as possible by updating your profile (log into your account and access the My Profile section at https://healthservicediscounts.com/my-profile or by emailing or writing to us, using our contact information in the Contacting us section to do so.
How we collect your personal data
We collect your personal data in various ways, and you can find out more about this below:
We may collect your personal data in the following ways:
- Information that you give to us when you register, complete or update your My Profile section in your account
- Information that you give to us when you ask us to help or provide support
- Information that you provide when using our website or social media (for example, you may comment on one of our Facebook posts)
- Information that you provide when you enter the lottery (https://healthservicediscounts.com/lottery), competitions or complete any surveys
- Information from third parties, including our partners when you buy their products or services – we never have your secure financial/payment data (i.e. credit or debit card details) - and information from any existing Member who may provide your contact details to us via our ‘refer a friend’ scheme
- Information from our card partner, Sodexo Motivation UK Limited (‘Sodexo’), about your application status, card status, and how you use your ‘Ode Card’, if you have decided to become a cardholder, in order to manage the communications we send you about the Ode card (unless you have asked us not to by unsubscribing) and to help us improve the membership deals and discounts we can offer you (unless you have opted out of profiling – see the sections Opting out of profiling and The Ode Card below)
- Information we receive when you visit our website from another website or from social media (such as LinkedIn or Twitter)
- We use cookie-type technologies with our email communications to collect communications data to fulfil our commitment to communicate relevant offers and deals to you and to avoid sending emails which are not relevant. NB. you can unsubscribe from our email communications at any time if you do not want us to send you emails with details of relevant offers and deals any more. This will not affect your membership
If you decide not to give us personal data, we may not be able to provide some services to you. For example, without your email address, we cannot email you about any discounts or offers.
Using your personal data (purposes)
We use personal data so that we can:
- Process your application to become a Member
- Maintain our Membership records
- Provide you with the discounts, offers, and information you have asked for, provide you with any help or support, and contact you in response to your communications with us
- Give you the best Member experience - including when you use our website - which can involve using any of your personal data for profiling activities so that we can send you tailored discounts and offers (to meet your own interests) but we also use anonymised data. However, you can opt out of profiling – see the Opting out of profiling section for this
- Help our partners to offer discounts and offers which our Members want
- Invite you to take part in a survey, competition, or prize draw or our ‘refer a friend’ scheme, as well as market research activities
- Contact you about any competitions or prize draws we may run, including letting you know if you have won a prize
- Analyse and monitor how secure and effective our website and business are on an ongoing basis
- Check your eligibility to participate in our ‘refer a friend’ scheme or any prize draw or competition
- Decide what deals or offers are most relevant to you and improve the relevance of our email communications to you.
- Flag unusual account activity to protect our members from fraud or spam bot attacks (e.g. incorrect or suspicious geo-location data).
As a responsible organisation, we have additional checks in place (for example with profiling) to protect any vulnerable groups (particularly children).
The lawful basis for using your personal data
We must have a lawful basis before we can process your personal data. You can find out more about which lawful basis we rely on below:
The lawful basis enabling us to use your personal data is one or more of the following:
- when processing is necessary for our legitimate interests or those of a third party, (provided those interests don’t override your interests, freedoms, or rights) so that we can deliver your membership benefits, namely sourcing and providing you with the best deals, discounts and offers we can find. You have a right to object to us using your personal information for these legitimate interests. This includes a right to object to profiling – see Opting out of profiling and Your personal data rights sections below
- to comply with a legal obligation (such as when we need to comply with the law, or you exercise your data protection rights)
- where you have consented to the processing of your personal data, such as for marketing purposes or if required in relation to a prize draw or competition.
- We use cookie-type technologies only on a ‘strictly necessary’ legal basis e.g. to ensure we know what partner offers or deals are relevant to you, so we can fulfil our commitment to email you those which are relevant and stop sending those which are not. In this way we ensure our member communications are not excessive or irrelevant (and are not mis-identified as spam by your ISP/email provider).
We need all the categories of personal data in the table below to allow us to deliver your membership benefits and to enable us to comply with legal obligations. We have indicated in the table below the purpose or purposes for which we are processing or will process your personal information, as well as providing a description of which categories of data are involved.
Where a legitimate interest is involved, we state what the legitimate interest is.
Generally, we do not rely on consent as a legal basis for processing your personal data (such as for sending you Membership service communications, referred to in the table below). Remember you can change your mind at any time about the emails you want to receive by updating your e-mail preferences (log into your account and access the “E-Mail Preferences” section at https://healthservicediscounts.com/email-preferences or by emailing or writing to us, using our contact information in the Contacting us section) but this may mean we can’t keep you up-to-date with the latest offers and discounts.
Type of data
Lawful basis for processing (including basis of legitimate interests)
|Register you as a member||Identification data||Necessary for our legitimate interests (our business model is to provide you as an individual in one of our membership groups access to discounts and offers from retail and brand partners who wish to support workers in public service)|
|Sending you Membership service communications (including emails unless you ask us not to)||Contact details (provided by you with your Identification data), communication preferences, and data derived from profiling your interests (see ‘Profiling’ below in this table) and optional information provided by you||Necessary for our legitimate interests (you have become a Member to obtain discounts and offers which are relevant to you and will help you save money. We need to identify those most likely to be of interest and benefit to you then provide you with easy access to them)|
|Manage our relationship with you||Contact details (provided by you with your identification data), communication preferences, data derived from profiling your interests (see ‘Profiling’ below in this table), and optional information provided by you||Necessary for our legitimate interests (you have become a Member to obtain discounts and offers which are relevant to you and will help you save money. We need to identify those most likely to be of interest and benefit to you then provide you with easy access to them)|
|Manage our relationship with you||Identification data||Necessary for our legitimate interests (to keep our records updated / deal with your enquiries or any problems you may have efficiently)|
|Manage our Ode card relationship with you||Contact details (provided by you with your identification data), communication preferences, application status, and card status||
Necessary for our legitimate interests (in order to manage the communications we send to cardholders and prospective cardholders, unless you have asked us not to by unsubscribing)
|Surveys and other market research activities||Data you agree to provide us by taking part (e.g. about products and services or your membership experiences or you and your lifestyle) and any and optional information provided by you||Necessary for our legitimate interests (our aim is to provide our Members with discounts and offers which are relevant to them, will help them save money and to identify any additional membership services which may benefit our Members)|
|Enabling you to partake in a prize draw or competition and our ‘refer a friend scheme’||Contact details (provided by you with your identification data) and any optional Information provided by you and technical and website use data||Necessary for our legitimate interests (to provide additional membership benefits) and to establish eligibility to partake in the prize draw or competition or ‘refer a friend’ scheme)|
|Profiling (to help us know what interests you and how we may help you save money)||
Technical and website use data, your responses to our communications of partner offers or deals, and analysis of your spending data (see Data Shared with us and Opting out of profiling below), as well as optional information provided by you
|Necessary for our legitimate interests (our aim is to provide you as a Member with discounts and offers which are relevant to you and will help you save money which you can access easily)|
|Accounting/Management||Purchase data (partners may tell us what services and/or products you (or all our members together) have purchased, when and at what cost)||Necessary for our legitimate interests (we need to monitor how our partners perform under their contracts with us (including when they charge our Members for goods or services though usually this information is anonymised and aggregated)|
|Research and analysis (to help us and our partners provide discounts, offers and other membership benefits which our Members want)||Data showing how you use our website (when you visit, your IP address and which web pages you view), your responses to our communications of partner offers or deals, and analysis of your spending data (see Data Shared with us and Opting out of profiling below)||Necessary for our legitimate interests (our aim is to provide our Members with discounts and offers which are relevant to them, will help them save money and to identify any additional membership services which may benefit our Members)|
|IT Administration and protection (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Identification data, Technical & Website use data||(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
|Deliver relevant website content (including advertisements to you and measure or understand the effectiveness of the advertising we serve to you)||Identification data, Technical & Website use data & Profile data||Necessary for our legitimate interests (to study how member use our member services, to develop them, to grow our business and to inform our communication strategy)|
|Use data analytics (to improve our website, membership services, marketing, membership relationships and experiences)||Technical & Website use data||Necessary for our legitimate interests (to identify types of members and membership groups for our member services, to keep our website updated and relevant, to develop our business and to inform our communication strategy)|
|Comply with a legal obligation (including complying with a subject access request, monitoring the security of your account, and preventing, detecting, and reporting criminal activity)||All or any data of the categories of data provided by you or received by us – see ‘What data do we collect’ above.||Legal obligation.|
Opting out of profiling
You can opt out of profiling which we use, for example, so that we can send you tailored discounts and offers which meet your own interests, by emailing or writing to us, using our contact information in the Contacting us section.
To protect your personal data, we have put the following technical and security measures in place:
- security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, as well as altered or disclosed (including encryption and restricted access)
- we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality
- internal policies and procedures (including a data protection policy) to deal with any issues, including notifying you where applicable
- undertaking a Data Protection Impact Assessment and similar safeguards to both consider and address the risks when appropriate, for example, before we start any new profiling
- putting in place procedures to deal with any suspected personal data breach and to notify you and any applicable regulator of a breach, where we are legally required to do so.
Sharing and disclosing your personal data
Subject to data protection law, we may share or disclose your personal data with:
- those who are providing products and services to us (such as subcontractors and suppliers) if they have appropriate processes in place to protect it
- government agencies and where the law requires us to share or disclose your information
- authorised third parties who track and store information about visitors to our website (including IP addresses)
- third parties who improve fraud protection and protect the security or integrity of our business operations
- any person or organisation to whom the business is sold or transferred
Otherwise, we will only share your personal information if you have consented to this.
Aside from the third parties who may receive anonymised data (see the Non-personal Information section) we share data with
- Our partners and suppliers - lists of the types of third parties with whom we share data can be found below.
- We are always concerned about equality and accessibility, so we have separate lists to make it easier to view.
- We anonymise data in so far as is possible and limit data sharing to the minimum needed for you to access offers
Lists of third parties with whom we share data and who share data with us
1. Our Partners
We share data with our Partners – organisations we “partner” with.
Why do we share it? To bring you the best discounts and offers and to run our website and business effectively.
A list of the third parties (our partners) with whom we share data can be found here https://healthservicediscounts.com/retailers-a-z
We share data with the Health Service Discounts Lottery if you enter the lottery - https://healthservicediscounts.com/lottery
2. Our usual Suppliers
These are some of the organisations which supply us with services and products. We share data with:
To create and send our email communications to members.
To show targeted ads to people who have visited our website https://www.facebook.com/about/privacy/update.
To show targeted ads to people who have visited our website.
Providing information which help us understand how individuals are using our website.
HM Revenue and Customs
Financial records as required by law https://www.gov.uk/government/organisations/hm-revenue-customs/about/personal-information-charter.
To facilitate member surveys.
3. Suppliers who keep data secure
Data security is important to us, so we list the types of organisations that we use, but we don’t display their details on our website to avoid exposure to hackers and anyone who may misuse the information (so that your personal data is not vulnerable). Any data subject can find out more by emailing our Data Protection Officer at [email protected].
We share data with:
Organisations who host our websites, so they stay online and are secure.
Organisations who help us develop and maintain our websites so that we can develop our websites, offer more functions, and make sure they run securely, effectively, and efficiently.
Organisations who provide us with email services so that we can send and receive emails.
Organisations who provide us with financial services and products including accounting, banking, and payment providers, so that we can run our business, do our accounts, and pay our taxes and the lovely people who work here.
Marketing organisations to help market and promote our website and to track preferences so we can offer you the best deals based on your choices.
We require all these third parties to respect your personal data, to process it on our instructions (where we are the data controller) and comply with the law in relation to data protection.
4. Data Shared with us
The Ode Card – We partner with Sodexo Motivation UK Limited (‘Sodexo’) to offer our members a card to earn cashback from participating retail partners when they spend with those partners - see: https://www.spree-card.com/HSDSPR/Home/Info
Sodexo share the following information: application status, card status, and how you use your Ode card (spending data) with us, if you have decided to become an Ode cardholder, based on our ‘legitimate interests’ and Sodexo’s in using this data in the way described above to benefit our cardholder members. This includes sending card related communications to cardholders and prospective cardholder members (unless you have asked us not to by unsubscribing), as well as to improve the quality and efficiency of our membership services, which is in our commercial interests.
In addition to this, by sharing with us the spending data Sodexo receive, we can analyse where, when and how our cardholder members spend their money, and on an individual member level look for the most relevant and beneficial membership deals, discounts and rewards from our retail partners for each cardholder member. Based on the aggregated spending data of all cardholders which Sodexo share with us we can also look for deals, discounts and rewards which will also benefit our wider membership, including our different member groups.
Ode cardholder members can choose to opt out of all individual profiling – see Opting out of profiling above.
Your personal data rights
The law gives you certain rights in relation to your personal data and to exercise these rights contact our Data Protection Officer at [email protected]. The following rights may apply to personal data we collect and process it (these can vary according to the lawful basis we rely on to process personal data) so that you can:
- Access personal data that we hold about you (Right to access your personal data - commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Make changes to your personal data if it is incomplete or inaccurate (Right to rectification). You can do this by logging into your account and accessing the “My Profile” section at https://healthservicediscounts.com/my-profile and making the changes, or by emailing or writing to us, using our contact information in the Contacting us section to do so, though we may need to verify the accuracy of the new data you provide to us.
- Restrict the processing of your personal data in certain circumstances, including where we are relying on legitimate interest as a lawful basis to process your personal data and you need us to check this basis. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful, but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
- Ask us to erase your personal data (Right to be forgotten) and prevent processing in specific circumstances, particularly when your consent is the lawful basis for us processing your data.
- Object to us processing your personal data in certain circumstances, including profiling and profiling for communication purposes, and where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You can also obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- Obtain and reuse your personal data for your own purposes across different platforms (data portability) where the processing is based on your consent or for the performance of a contract. If so, we will be able to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain membership services to you. We will advise you if this is the case at the time you withdraw your consent.
Exercising your rights
When you choose to exercise any of your data protection rights: -
- We will ask you for some information (primarily identification and clarification) and we can supply an optional form for you to complete if you would like to use it.
- We will deal with your request as soon as we are able to; usually, that is within one month of receiving it.
- If there is going to be a delay in dealing with your request (for example, because it’s complex or you have made a number of requests) or there is a reason why we can’t comply with your request, we will let you know and explain why within one month of receiving your request.
- There is usually no charge unless your request is manifestly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Retaining personal data
We only retain personal data for as long as it is reasonably required before it is deleted or anonymised.
We use the following criteria for data retention:
- Retention to deal with queries:
- Retention to meet legal and regulatory requirements: For example, we keep personal data after you cease to be a Member because we have legal and regulatory requirements to meet.
Our data retention details are below:
Potential members - We will retain personal data for 12 months from the date of our last contact.
Members - We will retain personal data for 7 years from the date that you ceased to be a member.
Competition/giveaway entries – We will retain all entries for no longer than 90 days after the winner(s) have been announced and winning entries for 3 years.
Transferring personal data
Your data may be transferred or stored outside the UK to non-EU countries who may not have the same data protection as the UK and the EU but, if we do this, we will have an agreement with the third party who will be using an approved mechanism to keep the personal data secure. This means transferring data to providers who:
- sign a specific contract approved by the UK Information Commissioners Office (ICO) which give your personal data the same protection it has in the UK or Europe.
- adhere to certain agreed codes of conduct or certification approved by the UK Information Commissioners Office (ICO)
If one of these safeguards is not in place, we will ask for your explicit consent, which can be withdrawn at any time.
To help us effectively run our website and business, our website collects non-personal information or aggregated information (which does not identify an individual) from those who use it. For example, Google Analytics collects information about our website visitors, but the information is processed so that an individual cannot be identified from it because we work in accordance with their guidelines. Website searches may be powered by third parties but are anonymised.