HuYu Privacy Policy

Version 2.1

Last Updated Date 23/10/18

1. About You, HuYu and dunnhumby

Get rewarded for sharing your data with HuYu. Earn points for scanning grocery receipts, completing surveys. Then turn your points into vouchers for shopping, coffee, or rides – take your pick from a whole range of major brands. It’s a fair, simple and easy way to make your data work for you.

HuYu is brought to you by dunnhumby and we respect your right to privacy. When you use our HuYu app, we want to be upfront with you about the information we collect, share and use about you and your privacy rights – so we've written this Privacy Policy for you. One thing we want to be clear about from the start is that we don't share your personal data with anybody else so that they can send you marketing or build profiles about you – that's not what we're about!

dunnhumby is a consumer data science company, headquartered in the U.K. but with group companies all around the world. dunnhumby is the company behind the HuYu app and we're the company that's responsible if you have any issues with our HuYu app and the way we use your information. You can find out more information about dunnhumby here. If you have any questions about the way we use your information, please contact us (See Paragraph 12).

Please read this Privacy Policy in full to ensure you are fully informed before you start using our HuYu app. By accepting the HuYu App Terms and Conditions, downloading, registering and using HuYu, you consent to us using your personal data as described in this Privacy Policy.

2. What is HuYu?

HuYu is a mobile app that you can download to your phone which is designed to collect information about your shopping activity and lifestyle. Through HuYu, you can share your shopping receipts with us, answer a survey, sign up and share some information about you from your Facebook or Google account, and in exchange, we will award you points which you can trade-in for rewards.

HuYu is all about the transparent exchange of data from you in exchange for rewards from us – a fair deal where we tell you what we would like to do with your information and you agree to provide your information to us.

That's what HuYu does now, but we've got big plans for HuYu – as HuYu evolves to provide more features and functions, we will let you know what's changing. If the information we collect about you or the way we use your information changes, we'll let you know – see the 'Updates to this Privacy Policy' section below which explains how we'll do this.

3. What information do we collect and why?

Information that you provide voluntarily as a participant of HuYu

We will collect the following information about you when you sign up and use HuYu (but only if you choose to share it with us – with HuYu, you control the information you want to share with us):

  • Information about you – before you start using the HuYu app, we will ask you to confirm that you are 18 or over and that you live in the UK. You can then start using the HuYu app and scan receipts. If you would like to redeem your points and get rewards, you will need to sign up to HuYu through Facebook or Google;
  • Information about you from Facebook – in order to redeem your points, you will have to sign up to HuYu using Facebook or Google. When first signing up, we will ask you if you're happy for us to access your public profile on Facebook and to use the information in your public profile, which includes your name, profile picture and email address. You can find out more about the ways in which Facebook uses your information and how you can control the information which Facebook collects and uses about you at https://en-gb.facebook.com/policy.php. If you don't log-in to HuYu for more than 90 days, you may be asked to sign-up again;
  • Information about you from Google – in order to redeem your points, you will have to sign up to HuYu using your Google or Facebook account. When first signing up, we will ask you if you're happy for us to access your public profile on your Google account and to use the information in your public profile, which includes your name, profile picture and email address. You can find out more about the ways in which Google uses your information and how you can control the information which Google collects and uses about you at https://policies.google.com/privacy. If you don't log-in to HuYu for more than 90 days, you may be asked to sign-up again;
  • Receipt details - images of receipts which you choose to share with us through the HuYu app which includes all of the information you would normally find on a receipt, such as, total spend, total number of items, individual product descriptions, individual product price, offers (e.g. 3 for 2 or 10% off), name of store, address of store or website, date and time of receipt, last 4 digits of payment card, loyalty card number;
  • Survey details – results of online surveys and anything you share with us when you take part in a survey;
  • Things you tell us – whilst HuYu can do lots of things, there will be times when you will want to get in touch with us. This might be if something doesn't work, HuYu breaks, you can't work out how to make HuYu do the things you want it to do or you just don't like something about HuYu and want to tell us. Our customer service and support team will be happy to help you, but we'll need to keep a record that you contacted us and how we helped you. We'll also use information about problems and complaints to make HuYu better for you and other HuYu users.

We will never seek to collect any special category information…..this is information about you which the law says is sensitive and includes information about your physical or mental health or condition, sexuality, religion, political affiliations – you can find a full list at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/) but it's entirely up to you what you share with us through HuYu. If your receipts contain special category information and you don't want to share this with us, please don't scan the receipt into HuYu. If you do share this type of information with us, we will not use it to create insights about you as we're not looking to create insights about HuYu user's and this type of information.

We don't have control over what you choose to scan using HuYu, which means that you might choose to provide an image to us which contains information which directly identifies you (e.g. your name or your address might be in an online receipt you send to us). HuYu will detect this information, extract it and delete it within 24 hours. This information will not be used by us.

Information that we collect automatically

We automatically collect information and keep records of how, when and where you use our HuYu app and information about your phone. Some of this is essential (because HuYu wouldn’t work without it) and some of this is to help us improve the quality of our HuYu app. Automatically collected information includes:

  • App use data:
    • Your IP address (this is the place from which you connect to the internet and comes to us which is displayed as a series of numbers);
    • logs of when you downloaded our app, when you registered, when you used it, how long you used it for, how many times you scanned receipts, how many times you took part in surveys, and the parts of our app that you use and don't use;
    • whether you signed up using your Facebook or Google account;
    • your profile photo, username and email data if you sign up using your Facebook or Google account;
    • app version, foreground or background state (if it's visibly open, or running in the background);
    • the store you installed the app from and store referral data on how you navigated to HuYu; and
    • interactions with advertisements for HuYu.
  • Phone data:
    • Phone type (for example, iPhone or Android phone);
    • Unique phone/app identification numbers (unique for an app install for a phone or phone ID itself);
    • IMEI number;
    • Mobile phone category and operating system (such as Apple OS or Android OS); and
    • other technical information about your phone including any crash logs (these are sent to us when HuYu breaks or stops working), memory, your mobile carrier (e.g. EE, O2), battery level, mobile signal strength and type, jailbroken or rooted status.

The information which we learn about your phone and which is connected to you and your use of HuYu is your information and we will only use it in accordance with data protection and privacy laws.

We automatically collect and process the above information through third-party service provider tracking technology – as you download, register and interact with our HuYu app, our third-party service providers Appsflyer and Google Analytics for Firebase, will automatically collect and process the information described above using tracking technology. See paragraph 5 for more information about our third-party service providers.

4. How we use your information and the legal basis for processing it

We use your information to do the following things and, unless we say something different below, we use your information to perform our legitimate business interests as a data science company:

  • register you as a HuYu user - we do this to perform the contract we have with you;
  • review the information we receive from you and other HuYu users to create insights about your preferences, patterns, habits and behaviour, but also carry out market research and statistical analysis which will include adding your information to information about other HuYu users so that we can identify trends and patterns of behaviour.– when we do this we may analyse all of our HuYu users or segments of our HuYu users which we think are most relevant for this purpose and we make your information anonymous so that we can see general trends and patterns but we can no longer identify you or your information within that data. We will use the insights and trends we see to create reports which we will sell to our partners such as retailers and brand-owners – these reports will never contain information specifically about you and will only ever include general information about all of our HuYu users or segments of HuYu users (e.g. based on age-range or gender);
  • manage your HuYu points, rewards account including sending you rewards when you redeem your HuYu reward points and keeping a record of this (including the date on which you exchanged your points for a reward, the number of points you exchanged, the reward you selected and the date on which we sent your reward to you) – we do this to perform the contract we have you with you;
  • keep records of how you use HuYu;
  • invite you to take part in our HuYu surveys;
  • carry out and analyse your answers to the HuYu surveys and review your response to our HuYu surveys and those of our other HuYu users. When we do this, we look at all HuYu users responses together or segments of users, not just yours;
  • respond to your questions or comments and to look into and fix any issues or problems you report to us – we do this to perform the contract we have with you;
  • remind you about HuYu activities through push alerts where you have told us you are happy with this, for example by allowing HuYu to send push alerts on your phone (push alerts can be disabled at any time using your phone settings);
  • to let you know about new HuYu features;
  • to let you know updates to our privacy policy, terms of use and any other legal updates – we do this to perform the contract we have with you and to comply with a legal obligation;
  • make HuYu better and make sure HuYu evolves to provide you with new and better content, features and functions based on your feedback and our insights from how you and other HuYu users are using HuYu;
  • take action against you if you violate the HuYu Terms; and/or
  • take action against you if you do something with HuYu which is against the law – we do this to comply with a legal obligation.

Your data will not be used to advertise or market third party products or services to you unless you have opted-in.

If you have questions about or need further information concerning the legal basis on which we collect and use information about you, please contact us (See paragraph 12).

5. Who does dunnhumby share my information with?

The insights we share with our dunnhumby partner brands will never contain your personally identifiable information or enable our partners to identify you because the information we share is always aggregated. The insights will be general information about trends and behaviour patterns which we have created using information about a large number of HuYu users. When we talk about dunnhumby partner brands, we mean retailers and brand-owners who we work with to provide them with better insights into their customers' preferences and trends, to help them develop products and improve the shopping experience they provide to their customers.

We may disclose your information to our group companies. For example, we have one global access management system which is provided from the UK. We also have a number of global access management and support teams.

We may disclose your information to third party services providers who help us provide HuYu, for example by hosting it, enabling certain features or functionality, or by providing ancillary services such as data analytics, data storage, support and maintenance or security technology. The main third party service providers that we use for HuYu are as follows:

  • The App Business is the developer of HuYu;
  • Survey Monkey provides HuYu's survey functionality;
  • AppsFlyer provides mobile attribution and marketing analytics;
  • Tango Card fulfils the rewards available from HuYu and will receive your user ID and email address so that they can contact you with your rewards; and
  • Google provides the following services:
    • Cloud Platform which is the cloud storage platform that HuYu uses;
    • Big Query which is our cloud data warehouse for analytics; and
    • Google Analytics for Firebase (including the following Firebase features: Authentication, Firebase Analytics, Cloud Messaging, Cloud Functions, Administration Console and Storage) which we use for data analytics.

These third-party service providers may automatically collect information about how you use their services. You can find out more about the ways in which they will use your information and how you can control the information they collect and uses about you here: Appsflyer (https://www.appsflyer.com/privacy-policy/); Survey Monkey (https://www.surveymonkey.com/mp/legal/privacy-policy/); Tango Card (https://www.tangocard.com/privacy-policy); and Google (https://policies.google.com/technologies/partner).

We will share your information with any competent law enforcement body, regulatory, government agency, court or other third party where we believe we need to share it (i) because the law or regulations requires us to, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.

We may share your information with any other person if you consent to us sharing it with them.

6. How does dunnhumby keep my information secure?

We use appropriate technical and organisational measures to protect the information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your information. Specific measures we use include restricting access to staff on a need to know basis. ensuring our staff receive data protection training, treat your information in confidence and are required to comply with our data protection policies and procedures. When we share your information with the other organisations listed in section 6, we will put appropriate safeguards in place to protect your information including putting contracts in place and making sure that they treat your information confidentially.

7. International data transfers

The data held by HuYu is stored using Google Cloud Platform's servers in Belgium. Our group companies and third party service providers and partners operate around the world.

As a result, your information may be transferred to, and processed in, countries other than the country you are in. These countries may have data protection and privacy laws that are different to the laws of your country and, in some cases, may not be as protective.

We have taken appropriate safeguards so that your information is protected in the way we've explained in this Privacy Policy. These include implementing the European Commission’s Standard Contractual Clauses for transfers of information between our group companies, which require all group companies to protect information they process from the EEA in accordance with European Union data protection and privacy law. If you're wondering what the EEA is, it's each country in the European Union plus Norway, Iceland and Liechtenstein.

If you would like to see our Standard Contractual Clauses, please contact us using the details in the How to Contact Us section below and we would be happy to provide a copy. We have similar safeguards in place with our third party service providers and partners, if you would like further details about these, please contact us (See Paragraph 12).

8. Data retention

The information HuYu holds on you (both the raw data taken from your receipts and the insights we create from those receipts and survey responses) will be kept for 117 weeks and then deleted. We will delete the raw data, but once information about you and other HuYu users is aggregated to create insights and trends data, your information will be anonymised and we won't be able to identify you or separate your information from other HuYu users.

We will keep information and records about you for as long as you're a HuYu user and for 117 weeks​ after you stop being a HuYu user (for example, to deal with any claims or complaints which you may make and to manage any requests you make to exchange your HuYu points for rewards).

9. Minimum age of HuYu users

HuYu is for people who are 18 or over. If you are under 18, please do not download or use our HuYu app.

10. Your data protection and privacy rights

When you use HuYu, we will use your information as explained in this Privacy Policy, but you will always have the following rights over your personal information:

  • You can access, correct, update or request deletion of your information, by contacting us using the contact details provided under the “How to contact us” (see paragraph 12). If for any reason, you no longer wish to use HuYu and wish to close your account with us, you can delete the HuYu app at any time from your phone/tablet or you can get in touch with us using the “How to contact us” (See paragraph 12), so that we can delete your account information. Please note that there are circumstances where the law allows us to retain your information – for example, where the law requires us to keep a copy of your information or where we need it to bring a claim or to defend ourselves against a claim. An example of this would be a record of the rewards which we have provided to you in exchange for your reward points – we would need to keep a record of this in case you felt that we hadn't provided the right rewards.
  • You can object to processing of your information, ask us to restrict processing of your information or request portability of your information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” (See Paragraph 12). Please note, certain features and the third-party service provider tracking technology used by Firebase and Appsflyer cannot be turned off for individual users so you will need to cease use of HuYu if you wish to exercise your right to object to processing or restrict processing carried out through the relevant feature or tracking technology.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” link in the marketing e-mails we send you. Where we use your information with your consent, then you can withdraw your consent at any time. If you withdraw your consent, this means that we can't use your information for that purpose any longer, unless we have another lawful ground for us to use it. It also won't affect our use of your information before you withdrew your consent.
  • You can complain to an information authority about the way we have used your information. For more information, please contact your local authority. (Contact details for authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm).

We will respond to any request which you send to us and we will manage your request in accordance with applicable laws.

11. Updates to this Privacy Policy

HuYu is all about fairness and transparency – you only share the information that you're happy to share with us and we'll provide you with rewards and perks without any nasty surprises.

We want HuYu to get bigger and better and for you to get more out of HuYu in the future, so we will introduce more features and functions. As HuYu evolves, we may collect more information about you and we may use your information in different ways – we will always be completely transparent with you about the information we collect about you and what we will do with it – we will send you updates to this privacy policy as we introduce new features and functions where they change the information we collect about you or the way we use it.

We will also update this Privacy Policy as things change around us – this may be due to change in law, a change in technology – or it may be due to change in our business. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection and privacy laws.

You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

12. How to contact us

If you have any questions or concerns about our use of your information, please contact our Data Protection Officer using the following details: individualrights@dunnhumby.com. The data controller of your information is dunnhumby Limited. If you have any concerns or would like to make a complaint to the Information Commissioner's Office, which is the UK regulator responsible for data protection issues, you can contact them using these details: https://ico.org.uk/make-a-complaint/..