Privacy Policy
Last updated 4 November 2022 for previous version of this policy here.
1. Introduction
This privacy policy explains our privacy practices here at Thanks Ben Ltd., a company incorporated in England & Wales having its registered office at 73 Cornhill, London, United Kingdom, EC3V 3QQ with company number 12335851.
Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal data) in connection with your use of our website. the Thanks Ben platform, and any services provided by us. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.
Ben is a data processor for the purpose of providing the Ben Platform and Service. The Customer is the data controller.
Ben is the data controller for any data collected through the Ben website.
If you have any questions about how we protect or use your data, please email us at privacy@thanksben.com.
2. What this policy applies to
This privacy policy relates to your use of our website, the Thanks Ben platform, and any services we provide to you. The privacy policy does not apply to any information gathered by any benefits provider, card services provider or other third party you link to through the website or Thanks Ben platform which will be processed by them in accordance with their privacy policies.
3. Personal data we may collect about you and how we collect it
The personal data we collect
The personal data we collect about you depends on the particular activities carried out through our website and or the Thanks Ben platform. We may collect and use the following personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes [details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, the Thanks Ben platform and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with a Thanks Ben account). In this case, we may have to cancel service you have with us, but we will notify you if this is the case at the time.
How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you:
- Register to use our services;
- create a Thanks Ben account;
- request marketing to be sent to you;
- report a problem to us;
- enter a competition, promotion or survey; or
- give us feedback or contact us.
- Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy [HERE] for further details.
- Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
- Contact and Profile Data from your employer where they have contracted with us for our services;
- Contact Financial and Transaction Data form banks, technical, and payment service providers;
- Identity and Contact Data from publicly available sources [such as Companies House and the Electoral Register based inside the UK;
- Identity, Contact, and Financial Data from credit reference agencies;
- Identity, Contact, and Technical Data from advertising networks and analytics providers.
4. Uses made of the information
We use your information when the law allows us to in the following ways:
(a) to carry out our obligations relating to your contracts with us and to provide you with the information, products and services that you request from us;
(b) to comply with any applicable legal and/or regulatory requirements;
(c) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
(b) Contact
(b) Necessary for our legitimate interests (to deliver the contract we have signed with your employer)
(a) Notifying you about changes to our services, terms or privacy policy
(b) Asking you to leave a review or take a survey
(b) Contact
(c) Profile
(d) Marketing and Communications
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
- Keep our services and platform safe and secure
- Improving our services to ensure they are presented in the most effective manner
(b) Contact
(c) Profile
(d) Usage
(e) Technical
(b) Necessary for our legitimate interests (to deliver our services in a safe and user friendly manner)
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
(b) Contact
(c) Technical
(b) Necessary to comply with a legal obligation
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications(f) Technical
(b) Usage
(b) Contact
(c) Technical
(d) Usage
(e) Profile
(f) Marketing and Communications
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.
Third-party marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Opting out
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of providing you with Ben's services.
5. Disclosure of your information
We may share your personal data with selected third parties where we have a lawful basis to do so including:
(a) companies within our group of companies, located in or outside of the United Kingdom and European Union, for the supply of our Services;
(b) affiliates, business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you including employers who subscribe to our services, benefits providers who offer their products through the Thanks Ben platform and ;
(c) analytics and search engine providers that assist us in the improvement and optimisation of our site.
(d) fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Such decisions may be part of an automated process. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by https://www.cifas.org.uk/fpn
(e) affiliates, business partners, suppliers and sub-contractors who may be in a position to offer related services to you and you have consented to be contacted by them.
We may disclose your personal information to third parties:
(f) in order to provide our Services to you, in which case we may share your personal data with other companies of our group or with our business partners, located in or outside of the European Union;
(g) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
(h) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions which regulate the relationship between you and us and other applicable agreements; or to protect the rights, property, or safety of Thanks Ben Ltd., our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
(i) to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so;
(j) to prevent and detect fraud or crime;
(k) in response to a subpoena, warrant, court order, or as otherwise required by law;
(l) to assess financial and insurance risks;
(m) to recover debt or in relation to your insolvency; and
(n) to develop customer relationships, services and systems.
Some of the sub-processors which we currently use to provide our services include:
Greenhills Road, Tymon North, Dublin, Ireland
25 First Street, 2nd FloorCambridge, MA 02141, USA
ISO 27001 / SOC 2 and SOC 3 report
1745 Peachtree Rd NW Suite G, Atlanta, GA 30309, United States
SO 27001 / SOC 2
55 2nd Street, 4th Floor, San Francisco, CA 94105, USA
ISO 27001 / SOC 2 / CSA
ISO/IEC 27001 / ISO/IEC 27018 / SOC-2 / SOC-3
Gordon House, Barrow Street,Dublin 4,Ireland
SO 27001 / SOC 2
55 Almaden Blvd # 600, San Jose, CA 95113, USA
SOC 2 (Type II) / CSA-STAR (Level 2) / International Association of Privacy Professionals
6. International transfers
Many of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us
9. Your Rights
You generally have the following rights, which you can usually exercise free of charge:
Access to a copy of your personal data - The right to be provided with a copy of your personal data
Correction (also known as rectification) - The right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten) - The right to require us to delete your personal data—in certain situations
Restriction of use - The right to require us to restrict use of your personal data in certain circumstances, eg if you contest the accuracy of the data
Data portability - The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object to use
The right to object:
- At any time to your personal data being used for direct marketing (including profiling)
- In certain other situations to our continued use of your personal data, eg where we use your personal data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
Not to be subject to decisions without human involvement - The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. We do not make any such decisions based on data collected by our website
The right to withdraw consents - If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time. You may withdraw consents by contacting us. Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn
For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us. You may also find it helpful to refer to the the guidance from the UK's ICO on your rights under the UK GDPR
If you would like to exercise any of those rights then please contact us. When contacting us please:
provide enough information to identify yourself [(eg your full name, address and customer or matter reference number)] and any additional identity information we may reasonably request from you, and
let us know which right(s) you want to exercise and the information to which your request relates
10. Changes to our privacy policy
Any changes we may make to our privacy policy will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
11 . Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@thanksben.com.
12. How to complain
Please contact us if you have any queries or concerns about our use of your personal data. We hope we will be able to resolve any issues you may have.
If you feel that we have not addressed your questions or concerns adequately, you may make a complaint with the Information Commissioner’s Office in the United Kingdom. You may access their details via https://ico.org.uk/global/contact-us/.
Privacy Policy
1. Introduction
This policy explains what you can expect from us and what we need from you in relation to your personal data. Please read this carefully as this policy is legally binding when you use our Services. For the purpose of the relevant data protection regulations, the company in charge of your information (as known as the data controllers) is Thanks Ben Ltd., 73 Cornhill, London, United Kingdom, EC3V 3QQ with registration number 12335851. If you have any questions about how we protect or use your data, please email us at privacy@thanksben.com.
2. How we protect your personal information
2.1
We are serious about guarding the security of your personal information and use a secure server to store your personal information. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using Transport Layer Security technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share this password with anyone else and not to use this password for other services or products.
2.2
As you will know, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data but we cannot guarantee the security of your data during transmission, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
2.3
We restrict access of your personal information to those employees of Thanks Ben Ltd. who have a business reason for knowing such information. We continuously educate and train our employees about the importance of confidentiality and privacy of customer information. We maintain physical, electronic and procedural safeguards that comply with the relevant laws and regulations to protect your personal information from unauthorised access.
2.4
In some instances in order for us to provide our Services to you, we may need to share your information with companies of our group, located in or outside of the European Union. This means that such companies may become independent data controllers of your data. If you have more questions about this sharing of information, please email privacy@thanksben.com
3. Information we may collect from you
We may collect and use the following data about you:
3.1
Information you give us.
(a) You may give us information about you by filling in forms when registering or using our Services or via correspondence e.g. email. This includes information you provide when you register to use our Services, participate in discussion boards or other social media functions on our Website or App, enter a competition, promotion or survey, and when you report a problem with our Services. The information you give us may include your name, address, email address, phone number, financial information (including credit card, debit card, or bank account information), payment reason, geographical location, social security number, personal description and photograph.
(b) We may also need additional commercial and/or identification information from your e.g. if you send or receive certain high-value or high volume transactions or as needed to comply with our anti-money laundering obligations under applicable law.
(c) In providing the personal data of any individual (other than yourself) to us during your use of our Services, you promise that you have obtained consent from such individual to disclose his/her personal data to us, as well his/her consent to our collection, use and disclosure of such personal data, for the purposes set out in this Privacy Policy.
3.2
Information we collect about you. With regard to your use of our Services we may automatically collect the following information:
(a) details of the transactions you carry out when using our Services, including geographic location from which the transaction originates;
(b) technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
(c) information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website or App (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our Customer Support number.
3.3
Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties and may receive information about you from them for example, banks and payment service providers you use to transfer money to us; banks and payment service providers of your recipient; business partners; sub-contractors in technical, payment and delivery services; advertising networks; analytics providers; search information providers; and credit reference agencies.
4. Cookies
4.1
Our Services use cookies to distinguish you from other users. This helps us to provide you with a good experience and also allows us to improve our Services. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.
5. Uses made of the information
5.1
We use your information in the following ways:
(a) to carry out our obligations relating to you contracts with us and to provide you with the information, products and services that you request from us;
(b) to comply with any applicable legal and/or regulatory requirements;
(c) to notify you about changes to our Services;
(d) as part of our efforts to keep our Services safe and secure;
(e) to administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
(f) to improve our Services and to ensure that they are presented in the most effective manner;
(g) to measure or understand the effectiveness of advertising we serve;
(h) to allow you to participate in interactive features of our Services, when you choose to do so;
(i) to provide you with information about other similar goods and services we offer;
(j) combine information we receive from other sources with the information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
6. Disclosure of your information
6.1
We may share your information with selected third parties including:
(a) companies of our group, located in or outside of the European Union, for the supply of our Services;
(b) affiliates, business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you; and
(c) analytics and search engine providers that assist us in the improvement and optimisation of our site.
(d) The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Such decisions may be part of an automated process. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by https://www.cifas.org.uk/fpn
(e) affiliates, business partners, suppliers and sub-contractors who may be in a position to offer related services to you
6.2
We may disclose your personal information to third parties:
(a) in order to provide our Services to you, in which case we may share your personal data with other companies of our group or with our business partners, located in or outside of the European Union;
(b) in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
(c) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions which regulate the relationship between you and us and other applicable agreements; or to protect the rights, property, or safety of Thanks Ben Ltd., our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
(d) to assist us in conducting or co-operating in investigations of fraud or other illegal activity where we believe it is reasonable and appropriate to do so;
(e) to prevent and detect fraud or crime;
(f) in response to a subpoena, warrant, court order, or as otherwise required by law;
(g) to assess financial and insurance risks; 4(h) to recover debt or in relation to your insolvency; and
(i) to develop customer relationships, services and systems.
7. Where we store your personal data
7.1
The data that we collect from you may be transferred to, and stored at, a destination outside the European Union. It may also be processed by staff operating outside the European Union who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your payment order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
8. Your Rights
8.1
You have the right to ask us not to process your personal data for marketing purposes by contacting us at privacy@thanksben.com.
8.2
Our Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility for them. Please check these policies before you submit any personal data to these websites.
9. Access to Information
9.1
Subject to applicable laws, you may have the right to access information we held about you. Your right of
access can be exercised in accordance with the relevant data protection legislation. Any access request may be subject to a fee of to meet our costs in providing you with details of the information we hold about you.
10. Changes to our privacy policy
10.1
Any changes we may make to our privacy policy will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
11. Contact
11.1
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@thanksben.com.
11.2
If you feel that we have not addressed your questions or concerns adequately, you may make a complaint with the Information Commissioner’s Office in the United Kingdom. You may access their details via https://ico.org.uk/global/contact-us/.