Last Updated: 14 July 2020
1. About You, HuYu and dunnhumby
Get rewarded for sharing your data with HuYu. Earn points for scanning or forwarding grocery receipts, completing surveys and sharing your data. Then turn your points into vouchers for shopping, coffee, or rides – take your pick from a whole range of major brands. It’s a fair, simple and easy way to make your data work for you.
HuYu is an app brought to you by dunnhumby and we respect your right to privacy. We will be upfront with you about the data we collect from you when you use HuYu and how we it – so we've written this Privacy Notice for you.
dunnhumby is a consumer data science company, headquartered in the U.K. but with group companies all around the world. dunnhumby is the company behind HuYu and we're the company to contact if you have any questions about HuYu and the way we use your data. You can find out more information about dunnhumby at here. If you have any questions about the way we use your data, please contact us (See Paragraph 12).
Please read this Privacy Notice in full to ensure you are fully informed before you start using HuYu.
2. What is HuYu?
HuYu is the mobile app that rewards you for connecting your data. You earn HuYu points when you scan or forward your shopping receipts, answer surveys and choose to share other data about yourself.
We've got big plans for HuYu so we’ll let you know when we add more features. If the data we collect about you or the way we use your data changes, we'll let you know. The 'Updates to this Privacy Notice' section below explains how we'll do this.
3. What data do we collect?
Data that you provide voluntarily as a participant of HuYu
We will collect the following data from you when you sign up and use HuYu:
We will never seek to collect any special category data. This is information about you which the law says is sensitive and includes information about your physical or mental health or condition, sexuality, religion, political affiliations – you can find a full list at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/) If your receipts contain special category data, please don't scan the receipt into HuYu.
We don't have control over what you choose to scan or share using HuYu, which means that you might choose to provide an image to us which contains information which directly identifies you (e.g. your name or your address might be in an -e-receipt you send to us). This information will not be used by us. Please see section 8 for more information on data retention.
Data that we collect automatically
We automatically collect data and keep records of how and when you use our HuYu app and data about your phone. Some of this is essential (because HuYu wouldn’t work without it) and some of this is to help us improve HuYu. Automatically collected data includes:
The data about your phone and your use of HuYu is connected to you and we will only use it in accordance with data protection and privacy laws.
We automatically collect and process the above data through third-party service provider tracking technology – as you download, register and interact with HuYu, our third-party service providers Appsflyer and Google Analytics for Firebase, will automatically collect and process some of the information described above using tracking technology. See paragraph 5 for more information about our third-party service providers.
4. How we use your data and the legal basis for processing it
We use your data to do the following things and, unless we say something different below, the legal reason we use it is for our legitimate business interests as a data science company:
Your data will not be used to advertise or market third party products or services to you.
If you have questions about or need further information concerning the legal basis on which we collect and use data about you, please contact us (See paragraph 12).
5. Who does dunnhumby share my data with?
dunnhumby will never share your individual level data, i.e. data which identifies you or which someone can use together with other data to identify you, with third parties other than our trusted service providers. The main trusted service providers that we use for HuYu are listed below.
The insights we share with our dunnhumby clients (retailers and brand-owners) and other partners will never contain your personally identifiable data or enable our clients to identify you because the data we share is always aggregated. The insights will be general information about trends and behaviour patterns which we have created using data about a large number of HuYu users. We provide clients with insights into their customers' preferences and trends, to help them develop products and improve the shopping experience they provide to their customers.
We may disclose your data to our group companies who operate around the world to help us make HuYu available to you or to create and deliver insights to our clients.
We will disclose your data to third party services providers who help us provide HuYu, for example by hosting it, enabling certain features or functionality, or by providing ancillary services such as data analytics, data storage, support and maintenance or security technology. The main third party service providers that we use for HuYu are:
These third-party service providers may automatically collect data about how you use their services. You can find out more about the ways in which they will use your data and how you can control the data they collect and uses about you here: Appsflyer (https://www.appsflyer.com/privacy-policy/); Survey Monkey (https://www.surveymonkey.com/mp/legal/privacy-policy/); Tango Card (https://www.tangocard.com/privacy-notice/); and Google (https://policies.google.com/technologies/partner-sites).
We will share your data with any competent law enforcement body, regulatory, government agency, court or other third party any competent law enforcement body, regulatory, government agency, court or other third party where we believe we need to share it (i) because the law or regulations requires us to, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
We may share your data with any other person if you consent to us sharing it with them.
6. How does dunnhumby keep my data secure?
We use appropriate technical physical and organisational measures to protect the data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your data.
Specific measures we use include:
7. International data transfers
The data held by HuYu is stored using Google Cloud Platform's servers in Belgium.
Our group companies and third party service providers operate around the world. As a result, your data may be transferred to, and processed in, countries other than the country you are in. These countries may have data protection and privacy laws that are different to the laws of your country and, in some cases, may not be as protective.
We have taken appropriate safeguards so that your data is protected in the way we've explained in this Privacy Notice. These include implementing the European Commission’s Standard Contractual Clauses for transfers of data between our group companies, which require all group companies to protect data they process from the EEA in accordance with European Union data protection and privacy law. If you're wondering what the EEA is, it's each country in the European Union plus Norway, Iceland and Liechtenstein.
If you would like to see our Standard Contractual Clauses, please contact us using the details in the How to Contact Us section below and we would be happy to provide a copy. We have similar safeguards in place with our third party service providers and partners, if you would like further details about these, please contact us (See Paragraph 12).
8. Data retention
The personal data HuYu holds on you will be kept for 117 weeks and then deleted, save for e-receipts where the raw data will be kept for 7 days and then deleted.
When you send us any receipt (paper or email), we only require the following raw data to create the insights:
We will delete the raw data, but once data about you and other HuYu users is aggregated to create insights and trends data, your data will be anonymised and we won't be able to identify you or separate your data from other HuYu users. Because you are no longer identifiable, this data is no longer personal data and will be retained indefinitely.
We will keep information and records about you for as long as you're a HuYu user and for 117 weeks after you stop being a HuYu user (for example, to deal with any claims or complaints which you may make and to manage any requests you make to exchange your HuYu points for rewards).
If you have given us your phone number for the purposes of participating in a focus group or feedback session, we will only keep your phone number for the period necessary for the purposes of arranging the focus group or feedback session you have opted in for. Unless you request that we delete it earlier, your phone number will be deleted after the focus group or feedback session has taken place.
9. Minimum age of HuYu users
HuYu is for people who are 18 or over. If you are under 18, please do not download or use HuYu.
10. Your data protection and privacy rights
When you use HuYu, we will use your data as explained in this Privacy Notice, but you will always have the following rights over your personal data:
We will respond to any request which you send to us and we will manage your request in accordance with applicable laws.
11. Updates to this Privacy Notice
We want HuYu to get bigger and better and for you to get more out of HuYu in the future, so we will introduce more features. As HuYu evolves, we may collect more data about you and we may use your data in different ways – we will always be completely transparent with you about the data we collect and what we will do with it – we will send you updates to this privacy notice as we introduce new features where they change the data we collect about you or the way we use it.
We will also update this Privacy Notice as things change around us – this may be due to change in law, a change in technology – or it may be due to change in our business. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection and privacy laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
12. How to contact us
If you have any questions or concerns about our use of your data, please contact our Data Protection Officer using the following details: email@example.com. The data controller of your data is dunnhumby Limited. If you have any concerns or would like to make a complaint to the Information Commissioner's Office, which is the UK regulator responsible for data protection issues, you can contact them using these details: https://ico.org.uk/make-a-complaint/.
Last Updated: 15/06/2020
Our HuYu Privacy Notice explains who we are, what we do and about HuYu in general. It also explains how we transfer your data between countries, how we keep it secure and your rights in relation to your personal data. This Supplemental Privacy Notice explains how we will be requesting, sharing and using additional personal data about you during the COVID-19 pandemic and gives you more information in addition to our general HuYu Privacy Notice.
What additional data are we requesting during this period?
We will be asking you (by email and other communication channels) to provide personal data related to the impact of COVID-19 via surveys and quick polls through HuYu. In addition to the information listed in our general HuYu Privacy Notice, we will be asking about your attitudes, opinions and responses to COVID-19 and the impact this unprecedented event has had upon your confidence in the economy, retailers and the government, and how it has changed your shopping experiences, shopping behaviours, work, personal finances and lifestyle.
As part of these surveys, we may ask you questions about your health. If we do, we will inform you at the time we collect this data and ask you to consent to us processing it.
If we do not ask you for data about your health please ensure you do not provide it. If you provide data that relates to your health we will treat your voluntary provision of such data as your consent to our use of such data for the purposes specified in this Privacy Notice.
How we use this additional data and our legal bases
As is explained in our general HuYu Privacy Notice, we use the data that you provide and other data that we collect or receive from third parties to create "insight data" for our retail or brand clients to enable them to improve customer experiences and build loyalty among their customers. Specifically, the additional data we collect during the COVID-19 pandemic will help retailers to understand and meet shoppers' needs during this time, as well as help them be ready for any future challenges. Our processing of data for this purpose is necessary to pursue our legitimate interest in providing data insight services to our clients.
In particular, we match your COVID-19 pandemic related-survey data to your shopping data provided when you scan receipts (such as shopping behaviour in our retailers’ physical and online stores) to learn about consumer attitudes toward COVID-19, for example, how worried you are about it and how it has changed your shopping behaviour or levels of satisfaction with physical and online grocery stores.
We will use this data to help our clients predict your (and other shoppers’) behaviour, habits or preferences as the pandemic continues. To do this we use data science, for example to predict changes in shopping habits (e.g. increases in online shopping, or purchases or non-perishable foods). We only ever report this information to our clients on an aggregated basis (i.e. in a way that does not identify you). This helps retailers and their suppliers make important decisions around how to best serve you, for example by ensuring they can more accurately predict demand for certain products and services.
Where the personal data we collect is specific to the COVID-19 pandemic, we will only use that personal data for the purposes described in this Supplemental Privacy Notice. Where we ask you for personal data unrelated to the COVID-19 pandemic, our collection and use of that data is as described in in our general HuYu Privacy Notice.
Who will dunnhumby share this additional data with?
We may disclose your data to the recipients and in the formats described in our general HuYu Privacy Notice under 'Who does dunnhumby share my data with?' and 'How does dunnhumby share my data?'.
We will keep data collected as described above for the periods of time set out in our general HuYu Privacy Notice under 'Data retention'.
Updates to this Supplemental Privacy Notice
We will update this Supplemental Privacy Notice while we continue to collect and store the data described above. When we update this Supplemental Privacy Notice, we will take appropriate measures to inform you as appropriate in relation to the significance of the changes we make. You can see when this Supplemental Privacy Notice was last updated at the top of the page.
How to contact us
If you have any questions or concerns about our use of your data, please contact our Data Protection Officer using the following details: firstname.lastname@example.org.
The data controller of your data is dunnhumby Limited. If you have any concerns or would like to make a complaint to the Information Commissioner's Office, which is the UK regulator responsible for data protection issues, you can contact them using these details: https://ico.org.uk/make-a-complaint/.