Last Updated Date: 06 May 2020
1. About You, HuYu and dunnhumby
Get rewarded for sharing your data with HuYu. Earn points for scanning or forwarding grocery receipts, completing surveys and sharing your data. Then turn your points into vouchers for shopping, coffee, or rides – take your pick from a whole range of major brands. It’s a fair, simple and easy way to make your data work for you.
HuYu is an app brought to you by dunnhumby and we respect your right to privacy. We will be upfront with you about the data we collect from you when you use HuYu and how we it – so we've written this Privacy Notice for you.
dunnhumby is a consumer data science company, headquartered in the U.K. but with group companies all around the world. dunnhumby is the company behind HuYu and we're the company to contact if you have any questions about HuYu and the way we use your data. You can find out more information about dunnhumby at here. If you have any questions about the way we use your data, please contact us (See Paragraph 12).
Please read this Privacy Notice in full to ensure you are fully informed before you start using HuYu. By accepting the HuYu Terms and Conditions, and using HuYu, you consent to us using your personal data as described in this Privacy Notice.
2. What is HuYu?
HuYu is the mobile app that rewards you for connecting your data. You earn HuYu points when you scan or forward your shopping receipts, answer surveys and choose to share other data about yourself.
We've got big plans for HuYu so we’ll let you know when we add more features. If the data we collect about you or the way we use your data changes, we'll let you know. The 'Updates to this Privacy Notice' section below explains how we'll do this.
3. What data do we collect?
Data that you provide voluntarily as a participant of HuYu
We will collect the following data from you when you sign up and use HuYu:
We will never seek to collect any special category data…..this is information about you which the law says is sensitive and includes information about your physical or mental health or condition, sexuality, religion, political affiliations – you can find a full list at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/) If your receipts contain special category data, please don't scan the receipt into HuYu.
We don't have control over what you choose to scan or share using HuYu, which means that you might choose to provide an image to us which contains information which directly identifies you (e.g. your name or your address might be in an -e-receipt you send to us). This information will not be used by us. Please see section 8 for more information on data retention.
Data that we collect automatically
We automatically collect data and keep records of how and when you use our HuYu app and data about your phone. Some of this is essential (because HuYu wouldn’t work without it) and some of this is to help us improve HuYu. Automatically collected data includes:
The data about your phone and your use of HuYu is connected to you and we will only use it in accordance with data protection and privacy laws.
We automatically collect and process the above data through third-party service provider tracking technology – as you download, register and interact with HuYu, our third-party service providers Appsflyer and Google Analytics for Firebase, will automatically collect and process some of the information described above using tracking technology. See paragraph 5 for more information about our third-party service providers.
4. How we use your data and the legal basis for processing it
We use your data to do the following things and, unless we say something different below, the legal reason we use it is for our legitimate business interests as a data science company:
Your data will not be used to advertise or market third party products or services to you.
If you have questions about or need further information concerning the legal basis on which we collect and use data about you, please contact us (See paragraph 12).
5. Who does dunnhumby share my data with?
dunnhumby will never share your individual level data, i.e. data which identifies you or which someone can use together with other data to identify you, with third parties other than our trusted service providers. The main trusted service providers that we use for HuYu are listed below.
The insights we share with our dunnhumby clients (brands and retailers) will never contain your personally identifiable data or enable our clients to identify you because the data we share is always aggregated. The insights will be general information about trends and behaviour patterns which we have created using data about a large number of HuYu users. We provide clients with insights into their customers' preferences and trends, to help them develop products and improve the shopping experience they provide to their customers.
We may disclose your data to our group companieswho operate around the world to help us make HuYu available to you or to create and deliver insights to our clients.
We will disclose your data to third party services providers who help us provide HuYu, for example by hosting it, enabling certain features or functionality, or by providing ancillary services such as data analytics, data storage, support and maintenance or security technology. The main third party service providers that we use for HuYu are as follows:
These third-party service providers may automatically collect data about how you use their services. You can find out more about the ways in which they will use your data and how you can control the data they collect and uses about you here: Appsflyer (https://www.appsflyer.com/privacy-policy/); Survey Monkey (https://www.surveymonkey.com/mp/legal/privacy-policy/); Tango Card (https://www.tangocard.com/privacy-policy); and Google (https://policies.google.com/technologies/partner).
We will share your data with any competent law enforcement body, regulatory, government agency, court or other third party where we believe we need to share it (i) because the law or regulations requires us to, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
We may share your data with any other person if you consent to us sharing it with them.
6. How does dunnhumby keep my data secure?
We use appropriate technical physical and organisational measures to protect the data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your data. Specific measures we use include restricting access to staff on a need to know basis and ensuring our staff receive data protection training, treat your data in confidence and are required to comply with our data protection policies and procedures. When we share your data with the other organisations listed in section 6, we will put appropriate safeguards in place to protect your data including putting contracts in place and making sure that they treat your data confidentially.
7. International data transfers
The data held by HuYu is stored using Google Cloud Platform's servers in Belgium.
Our group companies and third party service providers operate around the world. As a result, your data may be transferred to, and processed in, countries other than the country you are in. These countries may have data protection and privacy laws that are different to the laws of your country and, in some cases, may not be as protective.
We have taken appropriate safeguards so that your data is protected in the way we've explained in this Privacy Notice. These include implementing the European Commission’s Standard Contractual Clauses for transfers of data between our group companies, which require all group companies to protect data they process from the EEA in accordance with European Union data protection and privacy law. If you're wondering what the EEA is, it's each country in the European Union plus Norway, Iceland and Liechtenstein.
If you would like to see our Standard Contractual Clauses, please contact us using the details in the How to Contact Us section below and we would be happy to provide a copy. We have similar safeguards in place with our third party service providers and partners, if you would like further details about these, please contact us (See Paragraph 12).
8. Data retention
The data HuYu holds on you (both the raw data taken from your receipts and the insights we create from those receipts and survey responses) will be kept for 117 weeks and then deleted, save for e-receipts where the raw data will be kept for 7 days and then deleted.
When you send us any receipt (paper or email), we only require the following raw data to create the insights:
We will delete the raw data, but once data about you and other HuYu users is aggregated to create insights and trends data, your data will be anonymised and we won't be able to identify you or separate your data from other HuYu users. Because you are no longer identifiable, this data is no longer personal data and will be retained indefinitely.
We will keep information and records about you for as long as you're a HuYu user and for 117 weeks after you stop being a HuYu user (for example, to deal with any claims or complaints which you may make and to manage any requests you make to exchange your HuYu points for rewards).
If you have given us your phone number for the purposes of participating in a focus group or feedback session, we will only keep your phone number for the period necessary for the purposes of arranging the focus group or feedback session you have opted in for. Unless you request that we delete it earlier, your phone number will be deleted after the focus group or feedback session has taken place.
9. Minimum age of HuYu users
HuYu is for people who are 18 or over. If you are under 18, please do not download or use HuYu.
10. Your data protection and privacy rights
When you use HuYu, we will use your data as explained in this Privacy Notice, but you will always have the following rights over your personal data:
We will respond to any request which you send to us and we will manage your request in accordance with applicable laws.
11. Updates to this Privacy Notice
We want HuYu to get bigger and better and for you to get more out of HuYu in the future, so we will introduce more features. As HuYu evolves, we may collect more data about you and we may use your data in different ways – we will always be completely transparent with you about the data we collect and what we will do with it – we will send you updates to this privacy notice as we introduce new features where they change the data we collect about you or the way we use it.
We will also update this Privacy Notice as things change around us – this may be due to change in law, a change in technology – or it may be due to change in our business. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection and privacy laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
12. How to contact us
If you have any questions or concerns about our use of your data, please contact our Data Protection Officer using the following details: firstname.lastname@example.org. The data controller of your data is dunnhumby Limited. If you have any concerns or would like to make a complaint to the Information Commissioner's Office, which is the UK regulator responsible for data protection issues, you can contact them using these details: https://ico.org.uk/make-a-complaint/..