Version: 1
Date: 7 Januaury 2021
1. Introduction
- 1.1 dunnhumby’s Key Performance Report service (the “Service”) is provided by dunnhumby Limited (“dunnhumby”, “we”, “us” or “our”).
- 1.2 This Privacy Notice:
- applies to personal data that is collected and used in our capacity as controller in relation to the Service; and
- explains how we collect, use, share and retain personal data (information about you, as an end user of the Service in relation to the Service, from which you can be directly or indirectly identified, "you").
2. Quick links
This Privacy Notice is broken down into a few sections. Please click on the links below if you want to navigate to a section:
3. Personal data we collect about you
We collect the following personal data about you:
| Source of personal data |
Category of personal data |
Personal data included in this category |
| You |
Identity and Contact |
- your full name and email address
- the name of your employer
The provision of your identity and contact information is
necessary for the purposes of entering into a contract with
you or your employer for the provision of the Service
and/or managing our relationship with you/your
employer. The consequences of not providing it is that we
will be unable to effectively provide the Service.
|
| Communication data |
- your communications with us in relation to the
Service (including notes, e-mails and other
messages between you and us relating to Service
support or otherwise); information about your (or
your employer’s) sales history with us; or other
information that you choose to provide to us.
|
| Payment Information |
- transaction information (subscription amount, date
of subscription and payment method) and payment
card information (card number, card verification
code (CVC) and card expiry date).
|
| Access Logs |
- the time you access or attempt to access the
Service
|
| Location data |
- broad geographic location (e.g. country or city level location)
|
4. Who controls my data, how we use it and our legal basis for processing it
We rely on the following legal bases to use your personal data for the purposes listed below:
| Source of personal data |
Legal basis |
Purposes |
| You or Your Employer |
Necessary for the performance of our contract with you |
- register you as a user of the Service on behalf of your employer
- allow you to connect to the Service
- provide you with help and support in relation to the Service
- to email you with notifications about your use of the Service (for example, notifications about down-time, or in relation to email verification)
- to process payments in respect of your subscription
- for the purposes described in the dunnhumby Key Performance Report Cookie Notice
|
| Legitimate Interests |
- manage your access to the Service
- provide you or your employer with user guides and education
- respond and deal with your queries, comments or requests for support in relation to the Service
- for the purposes of our general business management in relation to the Service
|
| Consent |
- to send marketing messages to you in which we think you (in your business or professional capacity) or your employer may be interested
|
| Compliance with law |
- to comply with the law
- to exercise, establish or defend our legal rights
- to protect the rights, property, or safety of dunnhumby or others
|
| Collected automatically |
Legitimate Interests |
- to operate and maintain the Service
- to enhance the user experience, provide support, and improve the performance and security of the Service
- for network and information security purposes to enable us to verify your identity and access rights to the Service
|
5. Marketing
- 5.1 Where we have your consent to do so, we may contact you with information about dunnhumby’s global products and services.
- 5.2 If you would like to opt-out of marketing emails, you can do this by:
- clicking on the unsubscribe link in any marketing email you receive; or
- updating your preferences in your account settings within the Service.
6. Who we share personal data with
- 6.1 We will only share personal data with the following categories of third parties:
- our group companies that help us to provide the Service to you or your employer and will only use the personal data for the purposes described in this Privacy Notice;
- third party service providers who help us to provide the Service, for example by hosting it, enabling certain features or functionality, or by providing other services such as support and maintenance, payment processing or security technology. The main third party service providers that we use for the Service are as follows:
| Third party |
Reason for disclosure & personal data disclosed |
| Google Firebase |
Google hosts and maintains the data collected by the Service. It is also used to provide user authentication and analysis regarding your use of the Service. User information such as login, language/email preferences, usage data and logging data, will be disclosed to Google in the course of providing its element of the Service. |
| Eloqua |
Where you have consented to be contacted with information about dunnhumby’s global products and services, Eloqua stores your email address and the name of your employer for marketing purposes. |
| Stripe |
Stripe provides payment processing services. In the course of providing such services, Stripe will receive transaction information (subscription amount, date of subscription and payment method) and payment card information (card number, card verification code (CVC), card expiry date) and billing address). |
| ServiceNow |
ServniceNow provides the support and customer relationship management platform used to support the Service. In the course of providing such services to us, ServiceNow will receive your email address and any information provided to us in the course of your support request. |
- any competent law enforcement body, regulator, government agency, court or other third party to (i) comply with the law; (ii) exercise, establish or defend our legal rights, or (iii) protect the rights, property, or safety of dunnhumby or others; and
- third parties in the context of the possible sale or restructuring of our business or when you have provided your consent and the third parties will only use your personal data for the purposes described in this Privacy Notice.
- 6.2 If the Californian Consumer Privacy Act (CCPA) applies to the processing of your information, we confirm that we do not sell your personal information.
7. How we protect your personal data
- 7.1 We use appropriate security measures to protect the personal data that we collect about you and process to help ensure it remains secure against accidental or unlawful destruction, loss, alteration or unauthorised access.
- 7.2 These security measures include:
- utilising access and on-site controls for example, restricting access by our employees on a "need to know" basis who are committed to dealing with personal data in accordance with our internal policies and training;
- employing technical measures to protect personal data;
- committing third parties to contractual obligations to protect your personal data; and
- maintaining and testing disaster recovery and business continuity plans.
8. Where we store and transfer your personal data
- 8.1 Your personal data is primarily stored in the following locations:
- authentication, identity and contact information is stored in Google’s data centres located in
the European Union; and
- payment information you submit on our website is submitted directly to Stripe and is
processed by them and stored in their data centres located in the United States.
- 8.2 If we otherwise share personal data as described in section 6 (Who we share personal data with)
above, these third parties may store or access the personal data at locations outside of the country or
region in which you are resident. If we do this or undertake any other international transfers of personal
data, we will take appropriate measures to ensure your personal data remains protected to the standards
described in this Privacy Notice and required by law. For example, where applicable, by entering into
contractual agreements based on the EU Commission’s standard contractual clauses.
- 8.3 If you have any questions or need more information regarding international transfers of your personal
data, please contact us using the details in section 13.
9. Data retention
- 9.1 We will retain your personal data for as long as we provide the Service to you or your employer, or if
we have a legitimate reason to keep it (for example, to keep sending you marketing emails to you (if
you have not unsubscribed), acting in your business or professional capacity including as a
representative or your employer).
- 9.2 Unless we need to keep your personal data for a legitimate business reason (for example, our general
business management, compliance with applicable legal, tax or accounting requirements), we will
delete your personal data following the expiry or termination of our contract with our client (i.e. your
employer) or, if we stop providing certain services in accordance with our client's request. We will also
instruct third parties to delete your personal data when we delete it.
- 9.3 Our third-party payments processor, Stripe Inc., may retain your payment information to comply with
their financial regulatory and other legal obligations in accordance with their Privacy Policy which you
can view here.
10. Your rights
- 10.1 Depending on how and where your data was collected and/or is being used, the law may grant you certain rights that you can exercise. This section explains what those rights are and how you can exercise them.
- 10.2 If European Union or United Kingdom data protection laws apply to you, you have the right to access the personal data we hold about you and know how we use it and who we’ve shared it with. You can also ask that we delete or correct personal data that you believe is inaccurate or no longer relevant in this same way. Other countries’ laws may grant you similar rights. Please make any such requests in writing to individualrights@dunnhumby.com. We may ask you for information to verify your identity (e.g. a copy of your passport, national ID or other such documentation which will allow us to determine your identity and therefore you legal right to access the personal data) or clarify your request.
- 10.3 In addition to being able to update and correct your personal data, you may also have other data
protection rights:
- If we have collected and processed your personal data with your consent, you have the right
to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness
of any processing we carried out prior to your withdrawal, nor will it affect processing of your
personal data carried out in reliance on other lawful grounds other than consent;
- You may have certain additional rights in relation to your personal data, such as:
- (i) in certain circumstances you may have the right to object to our processing of your
personal data or to ask us to restrict processing of your personal data (although
sometimes we may not be able to comply with this request); and
- (ii) you may have your personal data erased in a number of circumstances, such as
where it has been unlawfully processed, or where there is no overriding legitimate
grounds for the processing.
- 10.4 You can make any of these requests by using the email address individualrights@dunnhumby.com. We will respond to all requests in accordance with applicable data protection laws.
- 10.5 You have the right to complain to an information authority about our collection and use of your personal
information. For more information, please contact your local authority. Contact details for authorities in
the European Economic Area, Switzerland and certain non-European countries (including the US and
Canada) are available here.
11. Cookies
Please read the dunnhumby Key Performance Report Cookie Notice for information about how we use cookies in relation to the Service.
12. Changes to this Privacy Notice
We can update this Privacy Notice at any time and we will update this notice if we change the Service in a way that changes the personal data we collect about you or how we use it; or, if the law changes so that we need to change our Privacy Notice. If we make any updates, we will inform you of the changes by posting the updated Privacy Notice on the Service or we may send you an e-mail. The current version of the Privacy Notice will always be the version which you can access through the link on the Service and replaces all previous versions.
13. Contact
If you have any queries about this Privacy Notice or the way we handle or process your personal data, please email our Data Protection Officer at: individualrights@dunnhumby.com.
14. Data Controller
dunnhumby Limited provides the Service and is the data controller of your personal data.