Privacy Policy

Last Updated: 01 November 2024

Regulatory Compliance

Perkstar Ltd is committed to protecting your privacy and handling your data responsibly. This Privacy Policy is designed to comply with:

GDPR: The UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR)

CCPA/CPRA: The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

If you have questions about our compliance or wish to exercise your data protection rights, contact us at legal@perkstar.co.uk.

1. Introduction

This Privacy Policy explains how Perkstar Ltd ("Perkstar", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use our website at www.perkstar.co.uk and our digital loyalty card platform (together, the "Services").

We take your privacy seriously. This policy is written in plain language so you can understand exactly what happens to your data. If anything is unclear, please contact us.

Perkstar Ltd is the data controller responsible for your personal information. We are registered in England and Wales.

2. Who This Policy Applies To

This policy applies to: business owners who use our platform to create and manage loyalty cards; customers who receive and use digital loyalty cards through our platform; visitors to our website; and anyone who contacts us for support or information.

3. Information We Collect

3.1 Information You Give Us

When you create an account or use our Services, you may provide: your name and email address; business name and address; phone number; payment information (processed securely by Stripe — we never see your full card details); and any other information you choose to share with us.

3.2 Information We Collect Automatically

When you use our Services, we automatically collect: device information such as browser type, operating system, and device identifiers; usage data including pages visited, features used, and time spent on our platform; IP address and approximate location based on it; and referral source showing how you found us.

3.3 Information from Third Parties

We may receive information from: Google if you sign in using your Google account; payment processors when you complete transactions; and analytics providers that help us understand how people use our Services.

4. How We Use Your Information

We use your information to: provide, maintain, and improve our Services; process your payments and send transaction confirmations; respond to your questions and provide customer support; send you updates about your account and our Services; detect and prevent fraud or abuse; comply with legal obligations; and analyse how our Services are used so we can make them better.

We will never sell your personal information to third parties.

5. Legal Basis for Processing

Under UK and EU data protection law, we need a lawful basis to process your personal information. Here's how each basis applies to our processing:

Contract: Processing necessary to provide our Services to you, including managing your account, processing payments, and delivering loyalty card functionality.

Legitimate Interests: Processing for our legitimate business interests, such as improving our Services, preventing fraud, and understanding how customers use our platform. We always balance our interests against your rights.

Consent: Where you have given us permission, such as receiving marketing emails. You can withdraw consent at any time.

Legal Obligation: Processing required to comply with laws, such as tax and accounting requirements.

6. How We Share Your Information

We share your information only in these circumstances:

Service Providers: Companies that help us run our business, including Stripe for payment processing, hosting providers, and analytics services. These providers only access information needed to perform their services and must protect it.

Legal Requirements: When required by law, court order, or government request, or to protect our rights, property, or safety.

Business Transfers: If Perkstar is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any change in ownership or use of your information.

With Your Permission: In any other situation, we will ask for your consent before sharing your information.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to: keep you logged in; remember your preferences; understand how you use our Services; and improve your experience.

You can control cookies through your browser settings. Blocking certain cookies may affect how our Services work. For full details, see our Cookie Policy.

8. How Long We Keep Your Information

We keep your information only as long as necessary for the purposes described in this policy. Specifically:

Account information is kept while your account is active and for 2 years after you close it, in case you want to return or we need to resolve any issues.

Transaction records are kept for 7 years to meet UK tax and accounting requirements.

Analytics data is kept for 26 months in anonymised form.

When information is no longer needed, we securely delete or anonymise it.

9. How We Protect Your Information

We use industry-standard security measures to protect your information, including: encryption of data in transit and at rest; secure payment processing through Stripe (PCI-DSS compliant); regular security assessments; access controls limiting who can see your data; and secure hosting infrastructure.

While we take every reasonable precaution, no system is completely secure. If a data breach affects your information, we will notify you and the relevant authorities as required by law.

10. International Data Transfers

Some of our service providers are based outside the UK and European Economic Area (EEA). When we transfer your information internationally, we ensure it remains protected using: Standard Contractual Clauses approved by the European Commission; transfers to countries with adequate data protection recognised by the UK or EU; and other legally approved transfer mechanisms.

11. Your Rights Under UK and EU Law (GDPR)

If you are in the UK, EU, or EEA, you have the following rights regarding your personal information:

Right of Access: You can request a copy of all personal information we hold about you. We will provide this within one month, free of charge.

Right to Rectification: If any information we hold is inaccurate or incomplete, you can ask us to correct it.

Right to Erasure: You can ask us to delete your personal information in certain circumstances, such as when it's no longer needed or you withdraw consent.

Right to Restrict Processing: You can ask us to limit how we use your information while we resolve a complaint or verify accuracy.

Right to Data Portability: You can request your information in a structured, commonly used format to transfer to another service.

Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time. This won't affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint: You have the right to complain to a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, contact us at legal@perkstar.co.uk. We will respond within one month. We may ask for verification of your identity before processing your request.

12. Your Rights Under California Law (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you specific rights regarding your personal information.

12.1 Categories of Personal Information We Collect

In the past 12 months, we have collected these categories of personal information: identifiers such as name, email address, IP address, and account name; commercial information including transaction history and products purchased; internet or network activity such as browsing history and interactions with our Services; and professional or employment information such as business name and job title.

12.2 How We Use This Information

We use this information for the business purposes described in Section 4 of this policy, including providing our Services, processing payments, improving our platform, and communicating with you.

12.3 Sale and Sharing of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising.

12.4 Your California Privacy Rights

Right to Know: You can request details about what personal information we have collected, used, disclosed, and sold in the past 12 months, including the specific pieces of personal information we hold.

Right to Delete: You can request that we delete personal information we collected from you, subject to certain legal exceptions.

Right to Correct: You can request that we correct inaccurate personal information we hold about you.

Right to Opt-Out of Sale: Although we do not sell personal information, you can submit an opt-out request at any time.

Right to Limit Use of Sensitive Information: We do not collect sensitive personal information beyond what is necessary to provide our Services.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. You will not receive different prices, quality of service, or be denied service for making a privacy request.

12.5 How to Make a Request

To exercise your California privacy rights, you may: email us at legal@perkstar.co.uk with the subject line "California Privacy Request"; or submit a request through our website contact form.

We will verify your identity before processing your request using the email address associated with your account. You may designate an authorised agent to make a request on your behalf by providing written permission. We will respond to verifiable requests within 45 days. If we need more time, we will inform you of the reason and extension period in writing.

12.6 California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing. As stated above, we do not share your information for third-party marketing.

13. Children's Privacy

Our Services are designed for businesses and are not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16, we will delete it promptly. If you believe we have collected information from a child, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will: update the "Last Updated" date at the top of this policy; notify you by email if we have your email address; and post a notice on our website.

We encourage you to review this policy periodically. Your continued use of our Services after changes are posted means you accept the updated policy.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your information, please contact us:

Perkstar Ltd 86-90 Paul Street 3rd Floor London EC2A 4NE United Kingdom

Email: legal@perkstar.co.uk

For general support: support@perkstar.co.uk

We aim to respond to all enquiries within 5 business days.