Last Updated: 30 May 2022
We recommend that you read this Privacy Notice in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant link below to jump to that section.
1. What is this privacy notice about?
1.1 HuYu is an Android and iOS app owned and operated by dunnhumby Limited. dunnhumby Limited (referred to in this Privacy Notice as "dunnhumby", "we", "our" or "us") respects your right to privacy. This Privacy Notice explains who we are, how we collect, share and use personal data about you (referred to in the Privacy Notice as "data"), as a user of HuYu, and how you can exercise your privacy rights in relation to your use of HuYu. In this Privacy Notice we will refer to you as a "user", " you" or "your".
1.2 This Privacy Notice applies to data that we collect via the HuYu Android and iOS app and the HuYu desktop web browser data capture extension ("HuYu Snapshot"). Together, simply "HuYu". dunnhumby is the controller of the data processed by HuYu that means we are responsible for making decisions about how your data will be processed.
1.3 If you have any questions or concerns about our use of your data, then please contact us using the contact details provided at section 14.1 of this Privacy Notice.
2. What does dunnhumby do?
2.1 dunnhumby is a consumer data science company, headquartered in the UK but with group companies all around the world. Our products and services help retailers and brands analyse data in order to improve consumer experiences and build loyalty.
2.2 For more information about dunnhumby and the services we provide, please see the "About us" section of our website at https://www.dunnhumby.com/about-us.
3. What is Huyu?
HuYu enables you to receive rewards for sharing your data with HuYu. You can earn points for scanning or forwarding grocery receipts, completing surveys and sharing web browsing data. These points can be turned into vouchers for shopping, eating out, and other treats – you can choose from a wide range of major brands. Rewards are managed by one of our trusted suppliers – see section 6 for more details. HuYu is a simple and easy way to make your data work for you.
4. What data do we collect?
Data that you provide voluntarily as a user of HuYu
4.1 We will collect the following data from you when you sign up and use HuYu:
4.2 We will never seek to collect or process any special category data. This is data about you which the law says is sensitive and includes data about your physical or mental health or condition, sexuality, religion, political affiliations – you can find a full list at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/). We will never intentionally use information obtained from information you provide us (especially receipts you have uploaded) to infer sensitive information about you. If you have any concerns that the products you purchase and shown on your receipts risk evidencing sensitive data about you , please don't scan the receipt into HuYu.
4.3 As we don't have control over what you choose to scan or share using HuYu, you might choose to provide an image to us that contains data which directly identifies you (e.g. your name or your address might be in an e-receipt you send to us). This data will not be used by us and will be deleted as described in section 10.
Data that we collect automatically
4.4 We automatically collect data about how and when you use HuYu, and data about your personal device, including smartphones and tablets. We explain how we use this data and the relevant legal bases in section 5. We collect the following data automatically:
We automatically collect and process the above data through third-party service provider tracking technology – as you download, register and interact with HuYu, our third-party service provider Google Analytics for Firebase, will automatically collect and process some of the information described above using tracking technology. See section 6 for more information about our third-party service providers.
Data that we obtain from brands, retailers and publishers
4.5 When working with brands, retailers and publishers as described in 5.1(g) below, we will obtain from them the following personal data about you:
4.6 When working with brands, retailers and publishers as described in 5.1(d) below to check for common users, they provide identifiers of their audiences/customers into a secure third-party data matching tools without directly transferring any identifiable data to us.
5. How we use your data and the legal basis for processing it
5.1 We use your data to do the following things and our legal basis for processing your data is set out in the table below:
|Processing activity||Legal basis|
|(a)||Registration: to register you as a HuYu user.||We do this to perform the contract we have with you|
|(b)||To create insights: to create aggregated insights, segmentations and models about HuYu users’ preferences, opinions and shopping behaviour. This involves (i) combining the information we have collected about you (including from any receipts you have uploaded, any snapshot data you have provided (see 5.1(j) below), and analytics data surveys or focus groups you have taken part in) to enrich our profile about you; (ii) combining the data about all HuYu users; and (iii) analysing this data so that we can identify trends and patterns of behaviour. When we do this, we may analyse the data of all HuYu users or just segments of HuYu users. From this analysis we create reports with aggregated insights, segmentations and models and we provide these aggregated reports to clients. These reports only ever include aggregated insights about all HuYu users or segments of HuYu users, not individuals, so these reports cannot identify you.||We rely on our legitimate interests to create analysis and insights for our clients.|
|(c)||Receipt product implementation: we extract and analyse product information from the receipts you’ve given us to understand what you buy. We improve the quality of the product data by augmenting it with data from retailers’ shopping websites.||We rely on our and our clients’ legitimate interests in improving the accuracy and quality of our data and services for our clients.|
|(d)||Matching data to identify common users: We match identifiers to determine how many HuYu users are also in our clients’ audiences/customer lists (known as generating a "Match Rate"). This enables us and our clients to see if some of our further services (such as measuring ad campaign effectiveness) could be helpful to our clients. We compare identifiers of HuYu users (or segments of HuYu users from a defined demographic or with particular behaviours or interests) against identifiers of our clients' audiences/customers using secure third-party data matching tools (“Matching”). We do not transfer any identifiable data to our clients. The matching tool providers do not retain or use the data shared for their own purposes.||
If we Match the data using mobile advertising IDs or other identifiers from your device, we only do so with your consent.
If we Match the data using other identifiers such as email addresses, we rely on our and our clients' legitimate interests for this Matching to enable us and our clients to understand whether we have a significant number of common users.
|(e)||Creating lookalike audiences with clients or data partners: A lookalike audience is made up of people whose interest or demographics are similar to your own (“Lookalikes”). We share data about you with our data partners or clients. They find customers whose interests and demographics are similar to yours to create an audience of individuals like you. They do this by Matching (see section 5.1(d) above) the mobile advertising IDs (or other identifiers like email addresses) of HuYu users to their database which also contains customer data. Our data partners licence these Lookalike audiences to their clients so they can show relevant advertising to the Lookalikes. Our clients use the Lookalike audiences to show their customers relevant advertising. You may be included by the advertiser in the Lookalike audience so we can help them measure the effectiveness of advertising (see 5.1(f) below). HuYu user data is kept by our clients and data partners for limited periods to create different lookalike audiences before then being refreshed or deleted.||
If we Match using your mobile advertising ID we carry out this activity if you provide your consent;
If we Match using other identifiers such as email addresses, we rely on our and our clients’ legitimate interest to show and measure the effectiveness of relevant advertising to Lookalike audiences.
Measuring campaign effectiveness: To measure the effectiveness of advertising campaigns for our clients (brands, retailers, publishers) by analysing changes in shopping behaviour of HuYu users who have been shown a particular advertisement by a brand or retailer and those who have not. We do this by Matching our HuYu database with all the people who saw the advertisement using identifiers. If you saw the advertisement, we use your shopping receipts or survey data to produce aggregated reports on how HuYu users from different segments responded to the advertisement. We provide these aggregated reports, which don't identify individual HuYu users, to the relevant brands, retailers and publishers. The service provider does not retain your identifiers.
You can find details of the information shared by clients for this purpose at section 4.5 above
If we Match the data using mobile advertising IDs or other identifiers from your device, we only carry out this Matching and measuring with your consent.
If we Match the data using other identifiers such as email addresses, we rely on our and our clients' legitimate interests to create aggregated measurement insights.
|(g)||Improving our clients' understanding of their customers: to provide our clients with information about their customers, or people who are Lookalikes of their customers. For example a chocolate brand may want to know more about their customers and their interests, or how they are different from shoppers who do not buy their brand. Alternatively, we might be asked for insights relating to people who have entered a competition||We rely on our legitimate interests in helping our clients understand their customers better by providing them with aggregated insights.|
|(h)||Data as a service: to provide our clients with aggregated and pseudonymised raw sales and other market data on a continuous basis, to enable them to create their own insights and reports to better understand market trends.||We rely on our legitimate interests to provide our services and our clients' legitimate interests to better understand market trends.|
|(i)||Knowing you through your “search and browse” online behaviour: to understand your interests and browsing behaviour by analysing your online behaviour i.e. the websites you visit and how you spend your time online, based on web browser history data you share with us using HuYu Snapshot. The data helps our clients understand how to optimise their platform and customer’ shopping experience and the best ways to communicate with their customers.||We do this only if you have given your explicit consent to share this data with us through HuYu Snapshot.|
|(j)||To issue your points and facilitate points redemption. We also keep a record of points redemption (including the date on which you exchanged your points, the number of points you exchanged, the reward you selected and the date on which your reward was sent to you).||We do this to perform the contract we have with you.|
|(k)||To facilitate the reward of points for e-receipts. When you forward an e-receipt to HuYu we will match the sender email address to the email addresses you have provided to us in order to recognise you as the sender of the e-receipt and award your points.||We do this to perform the contract we have with you.|
|(l)||To understand and track how users interact with HuYu so we can improve your user experience and develop new features and functions based on how you and other users are using HuYu.||We rely on our legitimate interests to improve our services. However, where we wish to do so using cookies, we will only do so if we have your consent- please see the Cookie Notice https://huyuapp.co.uk/cookienotice.html for more information.|
|(m)||To respond to your questions or comments.||We do this to perform the contract we have with you.|
|(n)||To send you emails and/or notifications, for example to let you know about new HuYu features, surveys, focus groups or feedback sessions, to remind you about HuYu activities or request feedback.||We will send you these if you have not opted out e.g. via the notifications page and via your device settings or otherwise tell us you don’t want to receive them.|
|(p)||To take the appropriate steps if you violate the HuYu Terms and Conditions.||We do this in order to perform the contractual terms in place with you.|
|(q)||To take action against you if you do something illegal||We do this to comply with a legal obligation.|
If you have questions about or need further information concerning the legal basis on which we collect and use data about you, please contact ususing the details in section 14.1.
6. Who does dunnhumby share my data with?
6.1 We will share your data with:
Some of our trusted service providers may automatically collect data about how
you use their services. You can find out more about the ways in which they will
use your data and how you can control the data they collect and uses here:
- Survey Monkey: https://www.surveymonkey.com/mp/legal/privacy-policy/;
- Tango Card: https://www.tangocard.com/privacy-policy;and
- Google: https://policies.google.com/technologies/partner;
7. How does dunnhumby share my data?
7.1 We share your data in the following formats:
8. How does dunnhumby keep my data secure?
8.1 We use appropriate technical, physical and organisational measures to protect your data. The measures we use are designed to provide a level of security appropriate to the risk of processing your data.
8.2 Specific measures we take include:
9.International data transfers
9.1 The data we hold about you is stored using Google Cloud Platform's servers in Belgium.
9.2 Our group companies and third-party service providers operate around the world. As a result, your data may be transferred to, and processed in, countries other than the country you are in. These countries may have data protection and privacy laws that are different to the laws of your country and, in some cases, may not be as protective.
9.3 We have taken appropriate safeguards so that your data is protected in the way we've explained in this Privacy Notice. These include implementing the European Commission's Standard Contractual Clauses for transfers of data between our group companies, which require all group companies to protect data they process from the EEA in accordance with European Union data protection and privacy law. If you're wondering what the EEA is, it's each country in the European Union plus Norway, Iceland and Liechtenstein.
9.4 If you would like to see our Standard Contractual Clauses, please contact us using the details in the "How to contact us" section below and we would be happy to provide a copy. We have similar safeguards in place with our third-party service providers and partners, if you would like further details about these, please contact us (see section 14.1).
10. Data retention
10.1 If you ask us to delete your account, your Account Information will be deleted within 30 days and all other data will be anonymised so you cannot be identified from it.
10.2 If you haven’t logged in to HuYu for 2 years, we will deem you a “Lapsed User”. Within 30 days we will close your HuYu account, delete your Account Information and anonymise all other data so you cannot be identified from it.
10.3 Unless you ask us to delete your account or become a Lapsed User (see Section 10.2), we will retain your data as follows:
10.4 There are circumstances where the law allows us to retain your data beyond the periods set out in this section 10, such as where the law requires us to keep a copy of your data or where we may need it to bring a claim or to defend ourselves against a claim. In such circumstances we will extend the retention periods specified for as long as required and will delete it promptly thereafter.
11. Minimum age of HuYu users
HuYu is for people who are 18 or over. If you are under 18, please do not download or use HuYu.
12. Your data protection and privacy rights
12.1 When you use HuYu, we will use your data as explained in this Privacy Notice, but you will always have the following rights over your personal data:
12.2 We will respond to any request which you send to us and we will manage your request in accordance with applicable laws.
13. Updates to this Privacy Notice
13.1 We want HuYu to get bigger and better and for you to get more out of HuYu in the future, so we will introduce more features. As HuYu evolves, we may collect more data about you and we may use your data in different ways – we will always be completely transparent with you about the data we collect and what we will do with it – we will update this privacy notice as we introduce new features where they change the data we collect about you or the way we use it.
13.2 We will also update this Privacy Notice as things change around us – this may be due to change in law, a change in technology – or it may be due to change in our business.
13.3 When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make, and we will obtain your consent to any material Privacy Notice changes if and where this is required by law.
13.4 You can see when this Privacy Notice was last updated by checking the "last updated" date displayed at the top of this Privacy Notice.
14. How to contact us
14.1 If you:
please contact our Data Protection Officer using the following details: firstname.lastname@example.org.
14.2 If you want to withdraw your consent (see section 12), please contact us using the following details: email@example.com.
14.3 The data controller of your data is dunnhumby Limited. If you have any concerns or would like to make a complaint to the Information Commissioner's Office, which is the UK regulator responsible for data protection issues, you can contact them using these details: https://ico.org.uk/make-a-complaint/.