1. Who we are & contact details
You can request more details of how we use your data and exercise your legal rights by contacting our Information Officer by email at firstname.lastname@example.org or write to us at Information Officer, Quidco, Moneysupermarket House, Saint Davids Park, Ewloe, Chester, CH5 3UZ.
We collect and process data that relates to you (called "personal data") for the purposes of the following Quidco Services:
If you have a complaint, you can also use those same contact details to get in touch. We’ll investigate and get back in touch with you as soon as possible.
We’re registered with the Information Commissioner’s Office (ICO) with registration number Z9450695. The ICO is an independent organisation that protects people’s information and privacy rights (www.ico.org.uk).
You also have the right to complain to the ICO at any time. We’d, however, appreciate the chance to deal with your concerns first before you approach the ICO.
We collect and process data that relates to you (called "personal data") for the purposes of the following Quidco Services:
- The Quidco cashback service for website and app-based transactions
- The Quidco Compare cashback service for price comparison service
- The Quidco ClickSnap cashback service for instore supermarket purchases
- The Quidco Payout service for gift card exchange services
2. What personal data do we collect?
We collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Claims Data includes data you provide concerning a purchase made from a retailer as part of the process of raising and processing a cashback claim on your behalf.
- Contact Data includes postcode, address, email address and telephone numbers.
- Customer Service Contact Data includes records of your contact with our customer care team, including live chat, online tickets raised, emails and contacts through any other customer contact channels.
- Financial Data includes bank account and PayPal account (including Identifier Card and Cashback Withdrawal Method) details.
- Identity Data includes first name, last name, username, date of birth, gender or similar identifier.
- Marketing and Communications Data includes your preferences for receiving marketing from us and your communication preferences.
- Profile Data includes your username and password, purchases or orders made by you, cashback allocated to you, your interests, preferences, feedback, reviews and survey responses.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access Quidco.
- Transaction Data includes details about Cashback payments that may be due to you and details of transactions that may give rise to Cashback.
- Usage Data includes information about how you use Quidco and about the websites that you accessed prior to accessing Quidco.
We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data may be derived from your personal data but is put together in an aggregated and anonymous manner (so that your identity and personal data are not accessible) and does not constitute personal data for legal purposes. For example, we may aggregate your Usage Data and Transaction Data and (a) use it for internal management purposes, and (b) share it with current or prospective retailers. This type of information includes, for example, usage of an Account Holder's Cashback Withdrawal Method, including the types of products that the individual Account Holder purchases, the value of those purchases and the web, app or other channels through which the purchases are made.
3. How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by
corresponding with us by post, phone, email or otherwise. This includes personal data you provide when
- Create an account with Quidco;
- Use a Quidco Service;
- Request marketing to be sent to you;
- Enter a competition, promotion or survey; or
- Give us some feedback.
- Automated technologies or interactions. As you use Quidco, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data and Usage Data about you if you visit other services employing our cookies.
- Third parties or publicly available sources. We may receive personal data about you from various third
parties as set out below:
- Technical and Usage Data from the following parties:
- Analytics providers such as Google;
- Affiliate advertising networks that are involved as intermediaries in the process of administering your Cashback-generating transactions such as Affiliate Window, Commission Junction and Performance Horizon; and
- Technical monitoring and error reporting service providers that we engage to assist us with our programme of continuous monitoring and improvement for Quidco Services and the gathering of information about faults that may occur, such as New Relic and Papertrail.
- Contact, Financial and Transaction Data from:
- Providers of technical, payment and delivery services for Quidco Services such as CheckoutSmart (for Quidco ClickSnap);
- Retailers from which you have made a purchase;
- Affiliate advertising networks;
- Online third party businesses which partner with us to provide commercial services to our Account Holders, such as the comparison service deployed by Quidco Compare, Quidco's gift card mall, and other booking services offered through Quidco, (together, Quidco Associates). To be clear: when we say "Associate" we don't mean that Quidco is in a formal association or partnership with the other company - our business and the associate's business are entirely separate.
- Contact Data, Marketing and Communications Data, and Technical Data from businesses through which we carry out, or which assist us to carry out, marketing campaigns addressed to new or existing Account Holders, such as (but not limited to) by means of lead generation campaigns, social media marketing, display advertising and the promotion of the Quidco app.
- Technical and Usage Data from the following parties:
4. How do we use your personal data, and what is our legal basis for doing so ?
These are the legal bases we have for holding and processing your personal data:
- Contract: To enter into or perform a contract with you
- Legitimate Interest: For our (or third parties’) legitimate interests, as long as they aren’t overridden by your interests and rights
- Consent: Your consent
- Obligation: To comply with our legal obligations
And here is how we use your personal data, and our relevant legal basis (Our basis) for doing so:
When you register with us, we obtain your Identity and Contact Data. That Identity and Contact Data may be supplemented over time with other information, such as Transaction Data, and additional or updated Identity and Contact Data. We use this information to maintain your registration with Quidco and administer our relationship with you. Our basis: Contract.
If you enter into a transaction through the Quidco website or app or provide us with details of a transaction (such as where you are seeking to obtain Cashback on a Quidco ClickSnap purchase), we may use your Identity, Contact, Financial (Identifier Card) and Transaction Data to track your transaction and to receive and process Referral Fees. Our basis: Contract and Legitimate Interest (to receive payment of sums owed to us and you).
We use the Cashback Withdrawal Method you have registered in your Account as part of your Financial Data to process and distribute Cashback to you. Our basis: Contract
Where a claim or complaint is raised as to Cashback that may be owed, we may use your Identity, Contact, Financial and Transaction Data, as well as relevant Claims Data, to process that claim or complaint. Our basis: Contract and Legitimate Interest (to receive payment of sums owed to us and you).
We will also use Identity and Contact Data, Payment Data and Transaction Data to monitor purchases with the objective of helping to prevent fraud. Our basis: Legitimate Interest (fraud-prevention).
From time to time, you may participate in a survey or provide us with feedback or otherwise engage with us in ways that, in combination with other data we hold, may be included in your Profile Data. In using the Quidco (and other) websites and apps, we and our service providers will also collect Technical and Profile Data. We use and combine Identity, Contact, Profile, Transaction, Financial, Technical, Usage Data and your Marketing and Communications Data to make our products and services, including the Quidco website and app, and the offers and marketing you receive, better and more relevant to you, and to enable us to create content that is more suited to you - and send you more relevant communications. Our basis: Legitimate Interest (marketing our products and services to you and making our products and services more specific to you), Consent (where your consent is necessary).
When you engage with a retailer or a Quidco Associate, you may authorise us to communicate your Identity and Contact Data when you apply to or register with that retailer or Quidco Associate. Our basis: Consent
You may also consent to a third party - such as a retailer or Quidco Associate - providing us with Transaction Data concerning your purchase from the retailer or Quidco Associate, which we will combine with your Identity, Contact Data and Profile Data, in order to market other goods and services to you. For example, if you have booked a hotel through a Quidco Associate, we may be provided with details of your stay - which we may use to market car hire opportunities that we think may interest you. We only do any of this if you have permitted it by giving your consent to the retailer or Quidco Associate. Our basis: Consent.
We use Contact Data, Technical Data and Marketing and Communications Data about you that we receive as a result of marketing campaigns addressed to new or existing Account Holders to calculate commission due to the businesses that assist in performing the relevant marketing campaign and help us to analyse your use of Quidco. Our basis: Legitimate Interest (in the marketing, and understanding the use, of Quidco)
We retain records of our financial transactions and contracts with you in order to maintain adequate accounting records and meet legal requirements. Our basis: Obligation.
We use Customer Service Contact Data, and your Identity and Contact Data, to deal with and investigate issues you raise with us, to communicate with you about them and (in the case of Customer Service Contact Data that we de-identify for the purpose) to improve Quidco Services. Our basis: Contract; Legitimate Interest (improving Quidco Services).
We work with online advertising businesses which use small files known as cookies to serve you with advertising that is thought to be relevant to you, based on your previous browsing habits. Gathered data is also used to limit the number of times you see an advertisement and to help measure the effectiveness of the advertising campaign. Our basis: Consent (in providing you with advertising appropriate to you from third parties).
We will only use your personal data for the above purposes, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may process your personal data without your knowledge or consent where this is required or permitted by law.
5. How long will we keep your personal data for?
We keep your personal data for as long as is necessary:
- to address relevant legal, tax or accounting requirements, including potential claims by and against us.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of that data, the purposes for which we process it, whether we can achieve those purposes through other means, as well as legal, taxation and accounting requirements.
You can request more details of how we apply these criteria by contacting our Information Officer by email at email@example.com.
When the need to keep your personal data ends, we either delete or anonymise it.
6. Whom will we share your personal data with?
Your personal data may be shared with other members of Moneysupermarket Group for the purpose of improving price comparison and cashback products and services, including the Quidco site and app. The Moneysupermarket Group includes MoneySuperMarket, MoneySavingExpert, Decision Technologies and CYTI.
We also share information with various third party businesses, but in each case always for the uses referred to above. These third party businesses are:
- Affiliate networks that are involved in the transaction and cashback-allocation process
- Payment and transactional service providers
- Advertising service providers, such as Google Ad Manager, providing cookie display advertising on Quidco and on other sites you visit
- Businesses through which we carry out, or which assist us to carry out, marketing campaigns
- Retailers, listed at https://www.quidco.com/a-z/
- Businesses we engage to process data on our behalf, including:
- Website and app-hosting services
- Website optimisation services
- Website usage services
- Email service providers
- Mobile push notification services
- Data management platform providers
- Digital gift card distribution services
- Customer relationship management services
- Marketing tracking partners
- Messaging services
- Social media platforms
- Online and offline marketing services
- Research and profiling services
We may also disclose your personal data to HM Revenue & Customs, regulators and other authorities who legally require us to do so.
We may also share your personal data with others where to do so is mandated by applicable law.
If we sell our business or assets, your personal data may be provided to the prospective purchaser’s advisers with appropriate legal protections and will be passed to the new owners of the business.
Your Marketing and Communications Data will only be shared with a third party for the purpose of them directly marketing to you where you have consented to that marketing.
7. Transferring your data outside of the United Kingdom
We work with third party businesses in the United Kingdom (UK), in the European Economic Area (EEA) and in countries outside of the EEA. If we transfer your personal data outside the EEA to a country that does not provide adequate levels of personal data protection as determined by the European Commission, we’ll put in place legally appropriate safeguards as stated under UK law to require the protection of your personal data, for example by using the international data-transfer agreement, or the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers as approved by the UK government. You can request details of those safeguards by contacting our Information Officer by email at firstname.lastname@example.org
8. How do we keep your data secure?
We have put in place appropriate security measures intended to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. Your legal rights
Under the UK GDPR, you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be in a position to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact our Information Officer by email at email@example.com. You will not have to pay a fee to exercise any of your legal rights as specified above. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the relevant personal data (or to exercise any of your other legal rights). This is a security measure we take to help avoid your personal data being disclosed to a person who has no right to receive it.
We may also contact you to ask you for further information in relation to your request to help speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11. Password Security
Your personal information's security is very important to us. Quidco Services uses TLS/SSL encryption (HTTPS) to securely transmit data between your device and our infrastructures. However, no data transmission over the internet can be guaranteed to be totally secure. Certain information, for example, your Cashback Withdrawal Method, is encrypted to minimise the risk of interception during transit.
Access to your Account is password-protected for your privacy and security. While we do our best to protect your personal information you also must protect yourself. What does this mean?
- Choose a strong password to access your account that you’ve not used before. You can use a password manager (which will also remember it for you), or if you want to create one yourself, make sure it is lengthy and includes a mixture of upper and lower case letters, numbers and special characters.
- Keep your password or other access information secret.
- Ensure no-one else uses Quidco while your machine is "signed in" to the Quidco website or App.
- Make sure you sign out from your Account when not using it.
- Ensure that only you have access to the details of your Cashback Withdrawal Method, such as PayPal or digital gift card, charitable donation, or bank account, which are intended to be kept secret.
12. Editing your Account and marketing communication settings
We like to keep in touch with our Account Holders so – where we are permitted to do so – we will use your relevant data to communicate our marketing to you.
Of course we know lots of marketing communications can be annoying, so we try to keep ours to a minimum. However, if you feel you're getting too many or would like more, you can change the settings in your Account at any time. We have a one click unsubscribe policy, and each communication gives you the opportunity to opt-out of receiving similar future communications. You can also review, change or correct your Identity and Contact Data by signing into your Account and going to the settings tab.
Please note there are some (non-marketing) communications that are an integral part of the Quidco Services and cannot be opted-out of. These communications cover, amongst other things, changes to the Quidco Services and your transactions with retailers. They can be brought to an end by de-registering your Account.
The date of the most recent revision will appear on this page. If we make significant changes to this policy, we may also notify you by other means such as sending an email. Where required by law we will obtain your consent to make these changes. If you do not agree with any changes please do not continue to use the Quidco Services.
Last updated: 24 May 2022