Introduction• You remain in control of your data – you can delete your account at any time, if so, we will remove all your personal data from our database.
• We don’t sell any personal data to third parties or pass on without your express consent, except for the purposes of delivering our service.
• All data transferred between the JamDoughnut servers to your App is encrypted.
• JamDoughnut is the data controller of any information you enter into the App or our website. As a data controller, we are responsible for the data that we process.
• We are registered with and fully accountable to the UK Data Protection Authority, the Information Commissioner’s Office (ICO).
• In order to deliver our service, we will be required to send you transactional emails and/or text messages (SMS) related to the service.
• During the registration process you have the option to opt-in to marketing communications. If at any time you wish to opt out, please send us an email to firstname.lastname@example.org.
In this document we outline what personal data we capture and store on you as a user. All data is required under legitimate interest in order to deliver the service.
If you refer a consumer to the App then we shall send you a confirmation email when the person you referred sign ups and when they complete their first cash out. If you are the Referree the emails sent to the Referrer will contain your username only. We are sharing this data as the Referee has used the Referrer code. We shall not share any specific Personally Identifiable Information (PII).
We shall retain referral (referred and referee data) within the App. This shall include any bonus rewards that you or the person that referred you receives.
Creating an accountWhen you create an account with JamDoughnut, we collect your full name, mobile number, email address, password, device ID, operating system, operating software version, location data (if shared), the App version, logins, cash outs, and purchase data for your account.
You can sign into the App using biometric data. We do not store or access biometric data but instead use the confirmation provided to us by your device provider. We will retain a log of your access to the App.
The JamDoughnut platform is not intended for use by anyone under 18 years of age. If parents or guardians wish to exercise their children’s rights on their behalf, then they can find out more information about this from the ICO here
Making a purchase
When you use our platform to purchase, we collect data from you related to that purchase including the company, the amount, points earned (which we will automatically calculate), payment method, time of purchase, incentives/rewards or bonuses, purchase ID, and access to the gift card. We process this data on the basis of our contract with you.
Your purchase is confirmed with the gift card issuer and the payment provider. Apple and Google Pay payments are processed by Stripe. We provide Stripe with your user ID and the payment details.
If you purchase using Open Banking bank transfer (Pay by Banked) the
payment will be conducted by Banked. In order to process the transaction, we will then pass Banked your email address and the payment details. Banked will store your banking details for conducting the transaction as well as fraud prevention purposes.
From time to time, we may ask you for a copy of your identification. This is a requirement for Know Your Customer and to prevent fraud. If this is required, we will request a photo of your photo ID. We will verify your documents and then delete the documents. No documents shall be retained.
JamDoughnut shall require your bank details in order to complete the cash out. This will include your account name, sort code and account number. In order to simplify subsequent cash outs, we will retain this data. You can change your bank details whenever you cash out.
All refunds given by JamDoughnut will be transferred back to your orginal payment method. We will retain a copy of all refunds for our records and fraud prevention.
Certain types of data are classified as “special category” under the GDPR. This type of data is deemed to be potentially sensitive, as it relates to matters including race, ethnicity, sexuality, sex life, health status and religious or philosophical views. A higher threshold of protection requirements applies to dealing with this data.
JamDoughnut will ask you for your age and sexuality during sign up. You are not obliged to provide this data. This data is to allow us to understand our customer base.
Marketing From time to time if opted in we will send you marketing communications. These are separate from any transactional communications. You are opted into these communications at sign up to receive an initial purchase bonus on your first purchase.
Marketing communications shall be sent via the following channels:
• Push notification
You can opt out of these at any time by either clicking on the link in the email to unsubscribe or to contact email@example.com. For push notifications you can set your preferences on your mobile device.
Providing support to you
Information is also stored when you communicate with JamDoughnut via email, social media or other means by which you decide to contact us. This is usually limited to your name, email address and/or social account depending on how you contact us and any correspondence with us on resolving your enquiry.
We process this data on the basis of our contract with you and/or our legitimate interests in providing an efficient service to you.
In order to better understand our customers, JamDoughnut may also collects anonymised data in surveys and other feedback methods. We will use different platforms from time to time to conduct this. This helps us improve our service by tailoring our developments. Participation in surveys is optional and anonymous. Where you choose to participate in a survey, we process this data on the basis of our legitimate interests in understanding your experience on our platform.
When using our platform, we may also record your location, device type, OS version, App version as part of normal request processing and session management, and to support you and our service in the event of problems occurring. This is optional and determined within your device setting. We process this data on the basis of our legitimate interests in providing a secure platform.
Data sharing and processorsWhen you use JamDoughnut the information you provide may be shared with carefully selected third party suppliers only to perform certain data processing tasks on our behalf. We engage these providers on terms that ensure the confidentiality and security of your data and that is not shared or used for the express purpose and process stipulated.
Except as set out below, JamDoughnut does not share your data with any other third parties unless required to do in response to a lawful request by authorities.
The list below sets out the third parties we engage as processors and provides more information about their data protection practices.
• Google Analytics. For more information about Google Analytics, please visit https://privacy.google.com/businesses/compliance/. You can also choose to opt out at any time. To do this, please visit https://tools.google.com/dlpage/gaoptout.
Where we transfer your data outside the UK or EU to a country deemed to have a lower standard of data protection in place, for example to a third-party processor based in the US, we will ensure that your data is appropriately protected by meeting the obligations on us under GDPR and ensuring there is a transfer safeguard in place with the recipient, for example the Standard Contractual Clauses issued by the European Commission.
In general, we retain data for as long as is necessary for the purpose(s) for which we originally collected it. We may also retain information as required by law. Whilst you have an open account in JamDoughnut your data shall be stored on the platform. If you delete your account we will remove all personal data. In order to prevent fraud we will retain transactional data even after deletion of your account.
Third party links
Our App may contain links to other websites or applications which are not controlled by JamDoughnut. JamDoughnut is not responsible for the privacy practices or content of such other websites or applications. As such, visiting these other websites or applications is at your own risk.
Non-essential cookies, for example for statistics or analytics, are deployed only on the basis of user consent. You can adjust your cookie preferences at any time by clearing the cookie cache in your web browser, which will present you with the cookie consent management platform when you visit the JamDoughnut website again.
Changes and revisions
JamDoughnut believes that people should be fully informed of their rights, so that they can act upon them should they wish to. Under GDPR and data protection laws, there are certain rights that may be available to you with respect to your personal data:
1. Right to access – you have a right to ask for the personal data that we hold about you. We will provide you with your data within 30 days. If we may take longer, we will let you know and explain the reasons for the delay. We will not charge you for such a request, unless we reasonably consider your request to be excessive or repetitive. We also reserve the right to refuse a request if we reasonably consider it unfounded, repetitive, or excessive.
2. Right to be informed – This policy provides the information you need about how we collect and use your data which we have outlined within this document.
3. Right to rectification – If you consider that any information, we hold is inaccurate, please contact us at firstname.lastname@example.org and we will take steps to rectify it.
4. Right to erasure – In certain circumstances, you have the right to have personal data that we hold about you erased. You can delete your account and all data in our database from the App. We may be required by law to retain some data for a period of time.
5. Right to object and restrict – You can ask for the processing of your personal data to be restricted, for example for marketing purposes. Where your data is processed on the basis of consent, you may also withdraw your consent to that processing at any time. You can also object to the processing of your data entirely, but this may affect the service we are able to offer.
6. Right to portability – You can request a copy of your personal data to be sent to another data controller or to yourself in a machine readable format.
Please note, these rights are not absolute and may be restricted in certain circumstances. To exercise your rights or if you require any further information, please contact our data protection team at email@example.com or via post to our registered address.
If you are unsatisfied with the way we handle a request or believe we have processed your data unlawfully, you also have the right to make a complaint to the ICO https://ico.org.uk/make-a-complaint/. If you are based outside the UK, you can also contact your national data protection authority for further information.
How to complain about the use of your data You have the right to complain about the way your data has been handled or processed. If you have any concerns our complaints process is as follows.
• Raise issue with customer services, email firstname.lastname@example.org and raise your concerns.
• If you feel the issue has not been addressed, then you can email support at email@example.com.
• If you are not happy with the outcome, then you can raise your concern with the Information Commissioners Office (ICO).
This policy was updated on the 23rd February 2023.