This privacy statement explains what personal information we collect and why, when you visit our RedCards app or website or when you use RedCards as either a business user or student in relation to a business or educational institution account (a “business user”), or as a consumer user. Where there is a difference between how this privacy policy applies to business users and consumer users, we have made this clear.

Business users

In relation to business users, in some limited circumstances we are the processor of your personal information, as outlined in the Collection and Use of your personal data section below. In most circumstances however we are acting as a controller of your personal data.

Where you access the app, website or one of our products in your capacity as an employee or student pursuant to your employer’s or educational institution’s business account, you should also refer to your employer’s or educational institution’s privacy policy.

Consumer users

In relation to consumer users, we are always the data controller in respect of your personal data.

Who are we?

RedCards Ltd (“We”, “RedCards”) are a company incorporated in England and Wales (number 12139130) and have our registered office at Brunel House Cook Way, Bindon Road, Taunton, England, TA2 6BJ.

Our chief technical officer is responsible for our data protection compliance.

1. Collection and Use of your personal data

Consumer Users

• Information you provide in connection with your RedCards account. We use this information to control access to our apps and your materials, provide you with support, administer your account, collect any payments which may be due and address any complaints you may submit - this is necessary for the performance of the contract we have with you. If you don’t provide this information, we may not be able to provide our services to you and/or handle any complaints.
• Information we collect through our apps and website. The time you open your account; when and how you use our apps and website; information about the device you use (including its type, its software, the network you use, and the unique IP address associated with your connection to the internet).
  
  We use this information:
  1. To control access to our apps and your materials, make our apps work the way they should, provide you with support, identify and fix problems, administer your account and collect any payments which may be due - this is all necessary for the performance of the contract we have with you. If you don’t provide this information, we may not be able to provide our services to you.
  2. To help us understand how you use our apps and website, test and improve our apps and website, and develop new features and new apps - we have a legitimate interest in ensuring the proper running and operation of our apps and website and in developing new products and services.
  3. To prompt you to visit our website and/or use our apps - we have a legitimate interest in promoting our business this way.
  4. To monitor your compliance with our licence and user terms - we have a legitimate interest in ensuring that our apps and services are used properly and are paid for when they should be.
  5. Where you are when you use our apps and website. We add this information to your content as part of the app’s functionality - this is necessary for the performance of the contract we have with you. If you don’t provide this information, we may not be able to provide our services to you. We also record the search terms you use within our apps and your response to the search results, but this information is not stored in a form that associates it with you: it is combined with similar information collected from other users and we use the combined information to provide a richer user experience to all users, with features such as: “Other users who liked this also liked…”.
     1. Book information. When you upload material to our site or the app, it may contain personal data of those featured in the content, and we will process this to the extent necessary to provide you with our services. We do this on the basis of the performance of the contract we have with you.
     2. Marketing. Our approach to marketing is set out in section 4 below.

Business Users

Where you use RedCards products as a business user, we will process your personal data as follows and will be the data controller.

• Information you provide in connection with your RedCards account. We use this information to control access to our apps and your materials, provide you with support, administer your account, collect any payments which may be due and address any complaints you may submit. We do this on the basis of our legitimate interests in order to perform the contract we have with your employer or educational institution.
• Information we collect through our apps and website. The time you open your account; when and how you use our apps and website; information about the device you use (including its type, its software, the network you use, and the unique IP address associated with your connection to the internet).
  
  We use this information:
  1. To control access to our apps and your materials, make our apps work the way they should, provide you with support, identify and fix problems, administer your account and collect any payments which may be due - we do this on the basis of our legitimate interests in order to perform the contract we have with your employer or educational institution.
  2. To help us understand how you use our apps and website, test and improve our apps and website, and develop new features and new apps - we have a legitimate interest in ensuring the proper running and operation of our apps and website and in developing new products and services.
  3. To prompt you to visit our website and/or use our apps - we have a legitimate interest in promoting our business this way.
  4. To monitor your compliance with our licence and user terms - we have a legitimate interest in ensuring that our apps and services are used properly and are paid for when they should be.
  5. Where you are when you use our apps and website. We add this information to your content as part of the app’s functionality - We do this on the basis of our legitimate interests in order to perform the contract we have with your employer or educational institution. We also record the search terms you use within our apps and your response to the search results, but this information is not stored in a form that associates it with you: it is combined with similar information collected from other users and we use the combined information to provide a richer user experience to all users, with features such as: “Other users who liked this also liked…”.
     1. Book information. When you upload material to our site or the app, it may contain personal data of those featured in the content, and we will process this to the extent necessary to provide you with our services. We will also share the data with various third parties as outlined below. We do this on the basis of our legitimate interests in order to perform the contract we have with your employer or educational institution.
     2. Marketing. Our approach to marketing is set out in section 4 below.
     In relation to processing book information, we will do this on the basis of a data processor, processing on behalf of your employer or educational institution. Please contact your employer or educational institution in the first instance to enforce your rights in relation to this data.

2. Who we share your personal information with

Our staff will have access to your personal information. We have a legitimate interest in having our IT services provided and supported by third parties and all these people will have signed confidentiality agreements which only permit them to use your personal information for the purpose of performing their duties for us or as required by law.

We will share personal information with law enforcement or other authorities if required by applicable law.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

3. Cookies

Our apps and website store very small amounts of information - known as ‘cookies’ - on your device.

We use two types:

1. First-party cookies; only we can read these. We use them to recognise you when you return to our apps and website and to record your actions and preferences in them, so that you see text in your preferred language and generally have a more personalised experience. We also share this information with Google: they use it to provide us with a statistical view of user behaviour on our apps and website, which we use to improve our apps and website.
2. Third-party cookies; by using Our Site, you may also receive certain third party cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than us.

Further information regarding this can be found in our Cookie Policy.

You can prevent cookies from being stored on your device by changing your device settings, although blocking first-party cookies will prevent our apps and website from working properly. We suggest you open the ‘help’ function on your device and search for “cookie settings” to see how to do this. You can use the same procedure to allow cookies to be stored again if you change your mind.

4. Marketing

We would like to send you information about our products which may be of interest to you. We will send email marketing to you where:

1. we have your consent to do so; or
2. it is in our legitimate interest to do so - which is when you have bought a product from us already and we offered you the opportunity to unsubscribe at the time.

In all circumstances you will have the option to unsubscribe from direct marketing and can do this by clicking the “unsubscribe” link in our emails.

5. International Transfers

We use global cloud services and your personal information is processed in the EU and the USA in order to provide the services to you.

Where personal data is transferred outside of the EEA to the USA we ensure a similar degree of protection is afforded to it by ensuring the transfer is subject to one of the following safeguards:

1. The company the personal data is transferred to is part of the EU-US Privacy Shield; or
2. We will have an enforceable agreement with the service provider containing data protection clauses approved by the EU Commission. The relevant terms are available on request.

6. Your rights

You can change your privacy settings and preferences in relation to direct marketing on your RedCards account.

You have a right to:

1. Ask us for a copy of your personal information;
2. Ask us to provide some of it in a structured, commonly used and machine-readable form;
3. Ask us to correct it if it is wrong and to complete it if it is incomplete;
4. Ask us for details of how and why we process it, the legal basis for that processing, and who we have shared it with or will share it with;
5. Object to how we process it;
6. Ask us to restrict our processing - while we consider your request to have it corrected, for example.

We will deal with requests and objections in accordance with the General Data Protection Regulation as it applies in the UK, which means that we are required to respond within one month. Our contact details are set out below.

You have the right to complain to the Information Commissioner’s Office about our processing of your personal information or our response to your requests and objections. The Information Commissioner’s Office may be contacted at https://ico.org.uk/concerns/

7. Payment Gateway

When you pay for a subscription to one of our apps, or for a purchase you make through our apps or website, you will be taken to a secure website operated by a reputable and regulated payment processor. Your payment card details will be collected and processed by that company. The only payment card information we will receive is the last four digits of your 16-digit card number.

8. Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

9. How long your personal information will be kept

We will keep your personal information while you have an account with us or we are providing services to you. Thereafter, we will keep your personal information for as long as is necessary:

1. to respond to any questions, complaints or claims made by you or on your behalf;
2. to show that we treated you fairly;
3. to keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy and will retain data in accordance with our retention policy. Different retention periods apply for different types of personal information. Please get in touch for further information. When it is no longer necessary to retain your personal information, we will delete or anonymise it.

10. Changes to this privacy policy

This privacy notice was published on 18th March 2022 and last updated on the data stated at the top of the page. We keep our polices under regular review to make sure they are kept accurate and up to date.

If we change our policies from time to time, we will post the details of any changes here. We may also take reasonable steps to notify you if such changes affects how your personal data is processed.

11. How to contact us

If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR), or have any queries in relation to your rights or general privacy matters, please email us at hello@redcards.com.

For questions from non-EU countries please contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.

Our contact details are shown below: RedCards Ltd, 3rd Floor, Old Stock Exchange, St Nicholas Street, Bristol, England, BS1 1TG. legal@redcards.com +44 (0) 788 829 9112