Privacy Notice

This document details JamDoughnut notice for privacy and states how the Company, through its platform, app or website, collects, handles and processes data of its customers and visitors. It explicitly describes whether that information is kept confidential, or is shared with or sold to third parties.

JamDoughnut’s Privacy Notice

JamDoughnut takes data protection and privacy responsibilities seriously. This notice will inform you of how we protect, process and share your personal data when you visit our site or app, as well as what your rights are as a data subject.
We may amend this notice from time to time to keep it up to date with legal requirements and the way we operate our business. Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you.
This version was last updated in December 2023.
JamDoughtnut is the Data Controller for the personal information processed, unless otherwise stated in this privacy notice. Our Company registration Number is 12277192 and Information Commissioners Office (ICO) registration Number is ZA759668. Our registered Office is 2 Leman Street, London, E1W 9US.

Contact details

If you need to reach out to us, please use the following contact form.

We have appointed a Data Protection Officer (DPO), who is responsible for overseeing this privacy notice. If you have any questions or would like to exercise your legal rights, please contact our DPO using the following form.

Information we may collect and how it’s collected

When using our website or App we may collect, use or store the following information:

Referrals

If you refer a customer to the App then we shall send you a confirmation email when the person you referred signs up and when they complete their first cash out. If you are the Referee the emails sent to the Referrer will contain your username only. We are sharing this data as the Referee has used the Referrer code. We shall not share any specific Personally Identifiable Information (PII).
We shall retain referral (referred and referee data) within the App. This shall include any bonus rewards that you or the person that referred you receives.

Registration

When you create an account, we collect your full name, mobile number, email address, device ID, operating system, operating software version, location data (if shared), the App version, login activity and referral tracking for your account.
You can sign into the App using biometric data. We do not store or access biometric data but instead use the confirmation provided to us by your device provider. We will retain a log of your access to the App.
The JamDoughnut platform is not intended for use by anyone under 18 years of age. If parents or guardians wish to exercise their children’s rights on their behalf, then they can find out more information about this from the ICO here

Making a purchase

When you use our platform to purchase, we collect data from you related to that purchase including the company, the amount, points earned (which we will automatically calculate), payment method, time of purchase, incentives/rewards or bonuses, purchase ID, and access to the gift card. We process this data on the basis of our contract with you.
If you purchase using Apple or Google Pay the payment will be conducted by a regulated Digital Card Payment Provider. Your payments will be securely authenticated using Apple and Google Pay. We provide the payment provider with your user ID, full name, email address and order details. The Digital Card Payment Provider will store your card details securely for conducting the transaction as well as for financial crime prevention.
If you purchase using Open Banking bank transfer (Pay by Instant Bank Payment) the payment will be conducted by a regulated Open Banking Payment provider. We provide the Open Banking Payment Provider with your user ID, full name, email address and order details. The Open Banking Payment Provider will store your banking details for conducting the transaction as well as for financial crime prevention.

Identification verification

From time to time, we may ask you for a copy of your identification. This is a requirement for Know Your Customer and to prevent financial crime. If this is required, we will request a photo of your photo ID.

Cashing out to your bank account (withdrawals)

All refunds given by JamDoughnut will be transferred back to your orginal payment method. We will retain a copy of all refunds for our records and fraud prevention.

Refunds

All refunds given by us will be transferred back to your original payment method. This information will be shared with our Payment Provider and our bank to facilities the transfer. We will retain a copy of all refund transactions for our records and for financial crime prevention.

Sensitive Data

We do not request any sensitive personal data (also known as special category data) from you. Nor do we collect any information about criminal convictions and offences. If this information is disclosed to us, our lawful basis for processing would be with your consent and will be stored in line with our data retention policy.

Automated decision making

Automated individual decision-making is a decision made by automated means without any human involvement. We may carry out automated decision making from time to time as part of our financial crime prevention. However, you have the right to contact us to ask for a person to review an automated decision.

Marketing

From time to time if opted in we will send you marketing communications. These are separate from any transactional or service related communications. You are opted into these marketing communications at sign up to receive an initial purchase bonus on your first purchase.
Marketing communications shall be sent via the following channels:
• Email
• SMS
• Push notification
You can opt out of these at any time by either clicking on the link in the email to unsubscribe or by using the following contact form . For push notifications you can set your preferences on your mobile device.

Contacting us

Information is also stored when you communicate with us via email, social media or other means by which you decide to contact us. This is usually limited to your name, email address and/or social media account depending on how you contact us and any correspondence on resolving your enquiry. We process this data on the basis of our contract with you and/or our legitimate interests in providing an efficient service to you.

Surveys

In order to better understand our customers, we may also collect anonymised data in surveys and other feedback methods. We will use different platforms from time to time to conduct this. This helps us improve our service by tailoring our developments. Participation in surveys is optional and anonymous. Where you choose to participate in a survey, we process this data on the basis of our legitimate interests in understanding your experience on our platform.

Operational data

When using our platforms, we may also record your location, device type, OS version, App version as part of normal request processing and session management, and to support you and our service in the event of problems occurring. This is optional and determined within your device setting. We process this data on the basis of our legitimate interests in providing a secure platform.
If you do not provide us with some of this information where we need to collect your personal data by law or under the terms of a contract we have with you, or you fail to provide the data when we request it, we may not be able enter a contract with you or perform the contract we have.

How we use your data

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for processing your personal data include:
1. Consent: In certain circumstances, we process your data with your consent. For example, we rely on your consent to send you marketing material. Where we rely on your consent, you have the right to withdraw your consent at any time. Please be aware, if you withdraw your consent, we may not be able to provide certain products/services to you.
2. Performance of a contract: We need your personal data for the performance of a contract.
3. Legal obligations: If we are required by the law, we will need to process your personal data. For example, to comply with our tax and financial reporting obligations with respect to monies we owe you.
4. Legitimate interests: We have a business interest that a customer would reasonably expect their data to be used and will have a minimal privacy impact on them. Whenever this lawful basis is used, we will consider the potential impact on you and your rights before we process your personal data for our legitimate interests.

Data Sharing and processors

When you use us, the information you provide may be shared with carefully selected third party suppliers only to perform certain data processing tasks on our behalf. We engage these providers on terms that ensure the confidentiality and security of your data and that is not shared and only used for the express purpose and process stipulated.

Except for the reasons set out below, we do not share your data with any other third parties unless required to do in response to a lawful request by authorities.

The list below sets out the categories of third parties that we engage with to facilitate our services to you:
Open Banking Provider – Bank transfer processing
Digital payment Provider – Payment card processing
Cloud hosting Provider – Server hosting and data storage
User Analytics Provider - Site and App usage
Help Desk Provider - Customer service communications
Communication sending provider – Email, SMS and Push Notifications
Social media channels – Customer service and engagement

International transfers

Where we transfer your data outside the UK or EU to a country deemed to have a lower standard of data protection in place, for example to a third-party processor based in the US, we will ensure that your data is appropriately protected by meeting the obligations on us under GDPR and ensuring there is a transfer safeguard in place with the recipient For example the Standard Contractual Clauses issued by the European Commission.

Third party links

Our App may contain links to other websites or applications which are not controlled by us. We are not responsible for the privacy practices or content of such other websites or applications. As such, visiting these other websites or applications is at your own risk.

Cookies

We use cookies on our app/website to facilitate proper functioning and analyse how users interact with the site. You have the right to reject the use of cookies, accept only essential cookies or to accept all cookies.
Non-essential cookies, for example for statistics or analytics, are deployed only on the basis of user consent. You can adjust your cookie preferences at any time by clearing the cookie cache in your web browser, which will present you with the cookie consent management platform when you visit the JamDoughnut website again. For more information about the cookies we use, please see our cookie policy.

Data Security

We have implemented and maintained appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.

Deleting your account through the iOS App

To delete your account, please sign in to your account, select the user icon and at the bottom of your settings, there is an option to delete your account. Deleting your account will not delete your personal data. If you wish to exercise your right to erasure, please contact us using our online form.

Data Retention

In general, we retain data for as long as is necessary for the purpose(s) for which we originally collected it. We may also retain information as required by law. Whilst you have an open account in JamDoughnut your data will be stored on the platform.
To determine the appropriate retention period for personal data, we consider a number of factors. Details of retention periods are available in our retention policy which you can request from us by contacting our DPO.

Your data protection rights

Under the UK data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information:

Right to access

If at any point you wish to either confirm whether your personal data is being processed and/or access the personal data we hold on you, you can request to see this information, usually free of charge, and we will respond to this request within a 1-month period. We may however charge a reasonable fee when a request is manifestly unfounded or excessive particularly if this is repetitive and for further copies of the same information.

Right to be informed

This policy provides the information you need about how we collect and use your data which we have outlined within this document.

Right to rectification

You are entitled to have data corrected if it is inaccurate or incomplete.

Right to erasure

In certain circumstances, you have the right to have personal data that we hold about you erased.

Right to object and restrict

You can ask for the processing of your personal data to be restricted, for example for marketing purposes. Where your data is processed on the basis of consent, you may also withdraw your consent to that processing at any time. You can also object to the processing of your data entirely, but this may affect the service we are able to offer.

Right to portability

You can request a copy of your personal data to be sent to another data controller or to yourself in a machine readable format.

Please note, these rights are not absolute and may be restricted in certain circumstances. To exercise your rights or if you require any further information, please contact our data protection team through this form.

How to complain about the use of your personal data

In the first instance, if you are not fully satisfied with our response, or believe we are processing your data unfairly or unlawfully, you can contact our Data Protection Officer through this form.

You also have the right to complain to the Information Commissioner’s Office (ICO). You can find further information about the ICO and their complaints procedure here: https://ico.org.uk/concerns
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram