What is Covered by This Policy?
Personal Information We Collect
Chargifi collects information, including Personal Information that you provide us when you visit our
website. “Personal Information” that will be collected or processed by Chargifi includes:
• first and last names;
• email address;
• postal address;
• credit card information;
• payment details;
• product preference;
• purchasing history;
• IP address;
• financial information, such as that which could be used to process invoices and payments; and
• Some web browsers may transmit “do not track” signals. Web browsers may incorporate or activate these features differently, making it unclear if users have consciously activated them. As a result, at this time we do not take steps to respond to such signals. Chargifi may collect Personal Information in a variety of ways including directly from customers while online when you use any of our online tools or features, applications, when you enter one of our promotions.
How We Use Your Personal Information
Chargifi collects and uses your Personal Information to:
• Conduct business with you
• Improve your experience with us
• Improve our products
• Direct you to an online platform of a retailer to make a purchase
• Create and maintain accounts for partners and users
• Help you receive email and direct mail from us and our partners
• Help you register for promotions, lotteries, loyalty programs and competitions through social media channels
• Help you send us reviews, enquiries and complaints
• Permit you to apply for a job
We process Personal Information submitted by customers for the purpose of providing the above-referenced services (collectively, the “Services”) to customers. To fulfill these purposes, we may access Personal Information to provide the Services, to prevent or address service or technical problems, to respond to customer support matters, to follow the instructions of a customer who submitted the Personal Information, or in response to contractual requirements with our customers and service providers.
Where you have entered into a contract with Chargifi, we will process your Personal Information in order to meet our obligations and exercise our rights in terms of that contract. In other cases, Chargifi has a legitimate interest in processing Personal Information which allows us to provide you with a better customer service; and to send marketing emails to you where you have purchased goods from us and where you have not opted out from receiving those messages.
There may be some occasions where we seek your consent to process Personal Information but in those cases we will provide full details of what Chargifi is seeking consent for, so that you will be able to carefully consider whether to provide that consent.
How we Process Your Personal Information
When processing Personal Information Chargifi ensures that:
• it is processed lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’);
• it is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’)
• it is all adequate, relevant and limited to what is necessary in relation to the purposes for which the Personal Information is processed; (‘data minimization’)
• it is all accurate and, where necessary, kept up to date and that reasonable steps will be taken to ensure that Personal Information that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
• it is kept in a form which permits identification of you for no longer than is necessary for the purposes for which the Personal Information is processed; (‘storage limitation’)
• it is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’). Chargifi will facilitate any request from you to exercise you rights under data protection law and the General Data Protection Regulation as appropriate, always communicating in a concise, transparent, intelligible and easily accessible form and without undue delay.
Chargifi will also:
• ensure that the legal basis for processing Personal Information is identified in advance and that all processing complies with the law.
• not do anything with your Personal Information that you would not expect given the content of this policy.
• ensure that appropriate information is provided advising how and why Personal Data is being processed, and in particular advising data subjects of their rights.
• only collect and process the Personal Information that we need for the purposes we have identified in advance.
• ensure that as far as possible the Personal Information we hold is accurate, or a system is in place for ensuring that it is kept up to date as far as possible.
• only hold onto your Personal Information for as long as it is needed after which time we will securely erase or delete the personal data. Chargifi’s Data Retention Policy sets out the appropriate period of time.
• ensure that appropriate security measures are in place to ensure that Personal Information can only be accessed by those who need to access it and that it is held and transferred securely.
Your Choices and Access to Your Personal Information
Our email, website, and other interactive programs allow you to choose to receive or to stop receiving communications from us. You can choose to receive email and/or postal mail from a Chargifi brand or to receive offers from other Chargifi brands. Chargifi honors a “once out – always out” policy. Once you opt out, you are opted out of that type of communication and that brand until we are explicitly told in writing to opt you back in. You may opt out of email programs at any time by following the opt-out instructions provided in the email you receive. You also have the following rights:
Subject access: the right to request information about how Personal Information is being processed including whether Personal Information is being processed and the right to be allowed access to that data and to be provided with a copy of that data along with the right to obtain the following information:
• the purpose of the processing
• the categories of personal data
• the recipients to whom data has been disclosed or which will be disclosed
• the retention period
• the right to lodge a complaint with the ICO in the United Kingdom
• the source of the information if not collected direct from the subject
• the existence of any automated decision making.
Rectification: the right to allows a data subject to rectify inaccurate Personal Information concerning them. Erasure: the right to have data erased and to have confirmation of erasure, but only where:
• the data is no longer necessary in relation to the purpose for which it was collected; or
• where consent is withdrawn; or
• where there is no legal basis for the processing; or
• there is a legal obligation to delete data.
Restriction of processing: the right to ask for certain processing to be restricted in the following circumstances:
• if the accuracy of the personal data is being contested; or
• if our processing is unlawful but the data subject does not want it erased; or
• if the data is no longer needed the data for the purpose of the processing but it is required by the data subject for the establishment, exercise or defense of legal claims; or
• if the data subject has objected to the processing, pending verification of that objection. Data portability: the right to receive a copy of Personal Information which has been provided by the data subject and which is processed by automated means in a format which will allow the individual to transfer the data to another data controller. Object to processing: the right to object to the processing of Personal Information relying on the legitimate interests processing condition unless Chargifi can demonstrate compelling legitimate grounds for the processing which override the interests of the data subject or for the establishment, exercise or defense of legal claims.
Personal Information is to be used for a purpose other than those for which it was originally collected or subsequently authorized by such user. We will treat as sensitive any Personal Information received from a third party where the third party identifies and treats it as sensitive.
Chargifi is committed to protecting children’s privacy on the Internet. No one under age 16 may provide any Personal Information to or on the websites. Chargifi does not knowingly collect Personal Information from children under 16. If you are under 16, do not use or provide any information on our websites, make any purchases through our websites, use any of the interactive or public comment features of our websites or provide any information about yourself or others to us, including your/others name, address, telephone number, email address, or any screen name or user name you/others may use.
If we learn we have collected or received Personal Information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from a child under 16, please contact the Data Controller at email@example.com. What Personal Information is collected online from children under 16 and how is it used?
Chargifi does not knowingly collect, use, or disclose Personal Information (including online contact information) of children under the age of 16. We may collect information about visits to our websites without a user actively submitting such information. For information about such passive data collection, contact us at firstname.lastname@example.org.
Sharing Personal Information with Third Parties
We employ other companies (“Agents”) and people to perform tasks on our behalf and need to share, and may transfer within the EEA, your information with them to provide products or services to you. Other types of Agents with which we may share Personal Information include organizations providing services to support Chargifi functions, such as distributors, supply chain, social media and our Public Relations agency.
When Chargifi transfers Personal Information to countries other than the country where it was provided, we do so in compliance with applicable data protection laws. Copies of the Personal Information at the point of origin are deleted on a regular basis. Any transfers of Personal Information from customers outside the European Economic Area (the “EEA”), will comply with GDPR requirements, as appropriate, in all respects.
For personal information we receive from the EEA and Switzerland, Chargifi complies with the EEA-US and Swiss-UK Privacy Shield Framework as set forth by the US Department of Commerce. You can find out more about our commitment to the Privacy Shield Principles in Our Notice of Privacy Shield Certification.
Personal Information Security
Chargifi maintains reasonable and appropriate security measures designed to help protect against loss, misuse, and alteration of Personal Information collected by Chargifi, which include:
• physical and logical access controls, including firewall, limited access, and SSL encryption technology, that limit who can access personal data based on business/processing need;
• privacy policies for personal data and for employee personal data (a copy of which may be requested at email@example.com);
• annual employee training on our privacy policies;
• employees who are bound by confidentiality obligations;
• the appointment of a Privacy Officer to handle all personal data incidences or issues, including, without limitation, the handling of individual requests related to his/her personal data processed by Chargifi; and
• Chargifi’s General Information Security Policy and Incident Response Policy that contain incident response plans for escalation and resolution of data breach incidents
Passive Data Collection – Cookies and Web Beacons
Your Personal Information is protected in the United Kingdom by the Data Protection Act 2018 (the “Act”), the General Data Protection Regulation 2016/679; and all relevant EU and UK data protection legislation. Under the Act we will only process your Personal Information in a lawful and fair manner. We will secure your Personal Information to prevent unauthorized access by third parties.
If you have questions or concerns regarding your privacy, please contact Chargifi directly at:
St Brides House, 10 Salisbury Square, London, EC4Y 8EH, UK.
If you believe that Chargifi has not complied with your rights in relation to your personal data in relation to processing in or related to the United Kingdom, you can complain to the Information Commissioner’s Office. Their contact details are available at www.ico.org.uk