Privacy Policy
V1.0 - 12 March 2024
Introduction
Data protection is the fair and proper use of information about people. At Shuffle we want you to trust us and that starts with you trusting us to look after your data responsibly. We take your data seriously and as a minimum will comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
This data privacy notice applies to data collection on the Shuffle app, the www.shuffle.finance website or collected through a link to the website (e.g. Facebook, Google Ads, LinkedIn). This notice also sets out who we are, the information we collect, how we use it, our legal basis for doing so, sharing, storage, processing and security of your data, how long we keep data, your rights, automation and profiling, contacting Shuffle, cookies, links and other technologies. If you have any questions, we're happy to chat, so please ask.
Who are we?
The Data Controller is Shuffle Finance Limited trading as Shuffle, registered in England at Mainyard Studios, 90-94 Wallis Road, London, England, E9 5LN with company number 14928295. When we refer to the Shuffle app, this is a reference to the Shuffle Rewards app, which is available on the Apple Store and associated website with the home page at www.shuffle.finance.
The law does not require Shuffle to appoint a Data Protection Officer, but you can contact us at the above address or via email help@shuffle.finance
What information do we collect and how do we use it?
You will be asked to provide us with your information when you:
- fill in forms on our Website or App, or correspond with us by phone, email or otherwise;
- register to use our Services, subscribe to our newsletter, promotional emails or other marketing materials;
- use the Shuffle Services;
- report a problem with our Services; or
- complete any surveys we ask you to fill in that we use for research purposes (although you do not have to respond to these if you do not want to).
The information you will be asked to provide to us for these purposes will include your name, date of birth, e-mail address, phone number, payment details and banking and open banking information, or further information required to verify your identity.
Information we collect about you.
With regard to each of your visits to our Website or our App, we may automatically collect the following information; however, this information cannot be used to identify you:
- device-specific information, such as your hardware model, operating system version, unique device identifiers, and mobile network information;
- technical information about your computer or phone, including where available, your IP address, operating system and browser type, for system administration and analytical purposes;
- details of your visits to our Website and App, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website and App (including date and time), length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs);
- and information showing us from which app store you downloaded our App.
4.1 Information we receive from other sources.
When using our Services, we will be in contact with third parties who may provide us with certain information about you in order to enable your use of the Services.
If when using our Services you input any personal data of a third party, you must have obtained clear permission from the individuals whose data you provide us with before sharing that data with us.
For the avoidance of any doubt, any reference in this privacy policy to your data shall include data about other individuals that you have provided us with.
What legal basis do we have for processing your personal data?
Use of personal information under EU and UK data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the ground in respect of each use of your personal data in this policy. These are the principal grounds that justify our use of your information:
Our lawful basis for processing this personal data
Purpose/Activity
Our lawful basis for processing this personal data
To send you updates about our app and services if you have signed-up on our website
Consent
Name, Email
To send communications to you to help you finish your registration with Shuffle
Legitimate interests – to help us grow and develop our business and help our customers with the account opening process (which can be a reasonably time-consuming)
Registration Information
To register you as a customer so you can use Shuffle
Fulfilling our contract with you
Registration Information
To identify you as a customer and create your Shuffle account
Fulfilling our contract with you
Unique Customer Identifier
To communicate with you about your account and the features and benefits of Shuffle
Fulfilling our contract with you
Name, Email Address, Mobile Number
To provide the Shuffle service as explained in our Terms
Fulfilling our contract with you
Registration Information, Account Information, Transactional Information, Additional Personal Information, Technical Information
To understand our customer base
Legitimate interests - to understand our user demographic, preferences and behaviours so we can improve the relevance of Shuffle to individual customers
Transactional Information, Additional Personal Information
To provide customer support and maintain your account
Fulfilling our contract with you
Registration Information, Unique Customer Identifier, Account Information, Transactional Information, Technical Information, Support Information
To monitor and improve the Shuffle Service
Legitimate interests - to track the use of Shuffle and identify areas where we can improve performance or functionality (business and technical)
Technical Information, Additional Personal Information
To create aggregated market research, from which all personal data is removed
Legitimate interests – so we can keep going as a business and continue to provide a free service, we may provide aggregated market research services, from which all personal data is removed, to other businesses in return for revenue
Account Information, Transactional Information, Additional Personal Information
To comply with regulatory and audit requirements
Legal obligation
Mandatory Information
As part of your Account Information, when we process your banking transactions we may process 'special categories of personal data'. For example, if you have a payment for a membership to a particular political party, this could reveal your political beliefs. Other banking transactions you have made could contain data about your racial or ethnic origin, political opinions, philosophical beliefs or trade union membership, as well as health data or data concerning your sex life or sexual orientation. We will only use this data in strict accordance with the law and where you have made such data available to us and we will never use it for any other purpose (for example profiling or tailoring of our service).
Our legal basis for using your personal data
We consider the legal bases for using your personal data as set out in this Privacy Policy are as follows:
6.1. Contractual performance
If you download our app and want us to deliver you our services as outlined in our Terms, we can only perform these services if we can process your personal data for this purpose. Therefore, most of our processing of your personal data is necessary to perform the contract we have in place with you.
Please be aware that if you do not want us to process your personal data for most of the purposes set out above, then we cannot deliver our services to you through the Shuffle app. Without the use of your data there is no benefit to the Shuffle app and so if you don’t wish your personal data to be processed in this way, then you shouldn’t use the Shuffle app.
6.2. Legal obligations
We will also process your personal data where we are under a legal obligation to do so to. For example, to:
- Prevent and detect fraud, money laundering, other crime, and security issues.
- Comply with laws and regulations, as well as any sector-specific mandatory guidelines and regulations.
6.3. Legitimate interest
Where neither 1. nor 2. apply, we use your personal data on the basis of our legitimate interest, or the legitimate interests of others. Our legitimate interests are to:
- understand our user demographic, preferences and behaviours so we can improve the relevance of Shuffle to individual customers;
- track the use of the Shuffle app and website and identify areas where we can improve performance or functionality (business and technical);
- keep going as a business and continue to provide a service, which means we may provide aggregated market research services, from which all personal data is removed, to other businesses in return for revenue;
- to help us grow and develop our business and help our customers with the account opening process;
- operate our website and app generally;
- carry out marketing, market research and business development;
- provide services to our customers;
- invest in and roll out new services to benefit our existing customers and to attract new customers;
- and for business purposes.
6.4. Consent
If we rely on your consent for us to use your personal data in a particular way, but you later change your mind, you may withdraw your consent by contacting us at help@shuffle.finance and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be able to provide our app and associated services to you.
When do we share personal data?
We will always treat personal data confidentially but sometimes we need to share it to deliver our service to you. We might disclose or share it with third parties which supply services to us or which process information on our behalf, for example, to provide the Shuffle email updates or when we personalise our market research questionnaires.
We manage our email content and lists using third-party processors called Customer.io, Intercom and Airtable and we use Tally for market research surveys. We reserve the right to change suppliers and not seek new consent. We only work with third parties that take their data protection obligations seriously and satisfy our requirements and promise to you. For example, third parties that are regulated by UK or EU data protection law or meet international data standards. We will not sell your data. When we share data with third parties it is only to provide the service that you have consented to. Except in the situations required by law or other regulation, Shuffle will not pass, disclose, rent or sell your personal information (other than any personal information which is already publicly available) to any third party without your prior written consent.
How does Shuffle work with partners and advisors?
Shuffle may give you the opportunity to obtain rewards from a third party such as a restaurant or bar. This may be an existing partner or one that has recently partnered with Shuffle. Shuffle will be explicit what information will be shared, and you will be invited to give permission for that third party to have the access that you are comfortable with.
Where do we store and process personal data?
When we share your information with third parties located outside of the UK which process information on our behalf (for example, email update services) we ensure that they adhere to minimum standards. This is supported by contractual clauses or data transfer agreements. For example, if we transfer data outside the UK or the European Economic Area, we use data processor suppliers that have subscribed to the EU-US Privacy Shield Framework and ensure that data governance is controlled by contractual clauses or data transfer agreements. These third parties may have incidental access to your information, but we will ensure that they keep your information secure and do not use it for their own purposes. We have ensured and will continue to ensure that all the services we use are compliant with applicable laws.
How do we secure personal data?
Your data is stored using trusted third-party specialist providers. Your data is protected by a password login that is only shared with those that need the data to provide our service and the data is backed up using secure servers.
How long do we keep your personal data for?
We will keep your personal data for as long as you subscribe to the Shuffle app or the Shuffle newsletter. We will clean the list at least twice a year to permanently remove all email addresses that have unsubscribed over the last six months. We will keep anonymised market research and usage data for as long as it is useful to inform the product design and features and marketing of the Shuffle app and always subject to the requirements of UK law or contractual obligations.
Your rights in relation to personal data
Under the General Data Protection Regulation (EU) 2017/676, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at help@shuffle.finance.
You have the following rights in relation to your personal data:
12.1. Right to Rectification:
We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by sending us a request to rectify your personal data where you believe the personal data we have is inaccurate or incomplete.
12.2. Right to erasure / ‘Right to be forgotten’
Asking us to delete all of your personal data will result in Shuffle deleting your personal data without undue delay (unless there is a legitimate and legal reason why Shuffle is unable to delete certain of your personal data, in which case we will inform you of this in writing).
12.3. Right to restriction of processing
You have the right to ask us to stop processing your personal data at any time.
12.4. Right to data portability
You have the right to request that Shuffle provides you with a copy of all of your personal data and to transmit your personal data to another data controller in a structured, commonly used and machine-readable format, where it is technically feasible for us to do so.
12.5. Right to complain
You have the right to lodge a complaint to a supervisory authority such as the Information Commissioner’s Office in the UK (see www.ico.org.uk). Although we encourage our customers to engage with us in the event they have any concerns or complaints.
12.6. Right to object to discussions based solely on automated processing
You have the right to not be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significant effects and to obtain human intervention, to express your point of view or contest the decision.
Shuffle will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above; however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.
Asking us to stop processing your personal data or deleting your personal data will likely mean that you are no longer able to use Shuffle Services, or at least those aspects of the Services which require the processing of the types of personal data you have asked us to delete, which may result in you no longer being able to use the Services.
Aggregation of personal data
Shuffle also makes use of anonymised data for the purposes of improving the Shuffle app and ensuring that it is relevant to users. This includes the use of aggregated personal data from a user cannot be identified
Where we store or send your data
We may store the data we collect from you outside the UK, or transfer it to organisations outside the UK. When we do this, we make sure that your data is protected and that:
- The Information Commissioner (ICO) has deemed the country or organisation to provide an adequate level of protection for personal data; or
- We've agreed specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
How to contact us
If you have questions or concerns about our privacy practices, your personal information, or if you wish to file a complaint you can contact us at the above address or by email at help@shuffle.finance
Linking to other websites / third-party content
Where we link to external sites and resources from our website this does not constitute endorsement and Shuffle takes no responsibility for any linked website
Change to this policy