Ubamarket Ltd – powering Ubacart and white label shop and pay Apps – Privacy Notice
Who we are and what we do
Ubamarket Ltd (“Ubamarket”) is the service provider that provides scan and pay shopping mobile app(s) for certain stores that support the App (“Stores”). We are a specialist retail mobile app provider and our details are set out below in this notice. For ease of reference, the main features of the Ubamarket app are:
- The creation of shopping lists
- Scan and pay shopping functionality
- ‘in app’ promotions and store offers and promotions relevant to you
- marketing notifications to inform you of offer available ‘in app’ if you chose to receive them
- payment for your shopping either ‘in app’ or using the QR code at the checkout till
(together we will refer to these as the “Services”)
In providing the Services to you, Ubamarket collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation (which applies across the European Union) and the Data Protection Act 2018 and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
Information collected by us
Ubamarket (and the store for a store branded app) collects certain personal data to be able to provide Services to you via the app including your phone number, mobile device ID and email. We also, at your option, collect your name, month and year of birth (optionally), and (if applicable) your store discount card number.
We collate information about your shopping and purchases, so that we can optimise your shopping experience and show you offers and discounts that we think are relevant to you or based on your shopping history and preferences.
If you pay for your shopping in the App, then the company we select to carry out the payment processing company will know your bank or credit/debit card details and any other personal details it requires from you to process the transaction. We do not collect this information.
If you elect to make contact with us to receive any customer service, we may require certain details from you to identify you as the account holder and to communicate with you.
We may also use your information to:
- monitor and analyse trends, usage, and activities in connection with our App to enable us to improve and give you a better retail experience; and
- monitor for fraud; review compliance with our policies and contracts; and to comply with applicable law and government requests.
Device information that we may collect
To provide the Services and as described in the paragraph above, we may collect the following information:
Device information: We may collect information about your device each time you use the App. For example, we may collect information on the type of mobile device that you are using and its unique device identifier (for example, the IMEI number, the device’s mobile phone number, or the MAC address of the device’s wireless network interface), the type of mobile browser that you are using, the mobile operating system that you are using, mobile network information, and the time zone setting.
Access to your device: we will need access to your camera to scan items and access to your microphone if you wish to use voice functionality to build a shopping list. If you choose to share a shopping list, we will require access to your contacts so that the list can be sent to the selected person.
Location data: We may also collect information to determine your location, but only when using the App. We may require this so we know which store you are in to ensure you have access to the relevant shopping list and store directions.
Log Information: We collect log information about your use of the App including: the time, duration and frequency of your access; pages viewed; items browsed or purchased and your favourites.
Managing Access to your device: You can access or withdraw your consent to use if the camera, location data, microphone or contacts in your phone settings at any time, but this may affect the functionality of the App or even stop it working.
Notifications for offers and discounts
If you opt in to receive marketing offers via email or push notification, you may receive offers and discounts that are relevant for you. In addition, from time to time we may send you other special or seasonal offers. For this purpose, we may use data such as your name, mobile number, date of birth or email address.
In addition, it’s worth noting that if you have opted-in to receive marketing from the store itself via a different store loyalty scheme or similar, the store or its loyalty provider may contact you with details of our product or offers making use of our product. In each case, such communications are not controlled by Ubamarket.
Who we share your personal information with
We do not share information about you in any way other than as described in this privacy notice.
We may share your personal data with applicable stores where you have shopped where there is a customer service issue or for other reasons in relation to your shopping transactions and experience.
As we mention above, we share certain personal data with the payment processor and the card issuer in order to facilitate payment for your shopping.
We may use a third party age verification provider for ‘in app’ age restriction clearance if you are purchasing age restricted items. Our partner is a government accredited provider in the UK and they pass us the minimum details necessary to clear age restriction. If you use the ‘age estimator method, no personal data will be collected. If you use the ‘age verification’ method, you will be asked to share your name, age and supporting evidence to our accredited age verification partner, who will only pass to use that you have cleared the applicable age check
We host, maintain, operate and improve our App on our third-party cloud based application systems and the data is hosted in the UK for UK based stores and in the EU for EU based stores.
We may also share aggregated or de-identified information (meaning in such a way as you cannot be identified) with third parties.
Legal basis for using your personal information
The legal basis for the processing of your personal data is that it is necessary for us to fulfil our obligations according to the contact you have with us to provide the App and Services, legitimate interest (for example carrying out customer services or monitoring network and information systems security), or to comply with legal obligations. This is the same for the payment processor company and our age verification partner.
The legal basis for sending you marketing Budgens offers or discounts (as described above) by push notifications, email or sms offers is your consent. You will be able to manage your consent to this processing by going to ‘Preferences’ within the ‘My Settings’ area of the App. Please note that if you do not give or withdraw consent, you will still receive service related messages.
How long your personal information will be kept
We will hold your personal data for a reasonable period of time while you still have the App installed on your device and after you delete the App. We continue to hold your information for a period after you delete the App in case there is an outstanding customer services issue relating to prior use or when there is a legal obligation to do so. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregating with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
What steps do we take to keep your personal data safe?
We have put in place appropriate security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those of our personnel and other third parties who have a genuine business need to know it. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. To the extent possible, we will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. However, given the nature of the personal data we may process it is unlikely we would be able to contact you directly.
How can I see what information you have about me?
Under certain circumstances, you have rights under data protection laws (such as the GDPR) in relation to your personal data. For the most part, the personal information we collect on you is set out in the ‘My Account’ feature within the ‘settings’ area of the App. Information about your shopping and preferences is contained in the ‘Receipts’ and ‘Favourites’ sections of the App. You may contact us using the contact details below to see if we hold additional personal information, but there is unlikely to be any specific additional personal data unless you have contacted us with regards to customer services.
Can I delete my data?
Under data protection laws (such as the GDPR), you may have the right to ask us to suspend the processing of your personal data. You can do this yourself by deleting your user account the App. You may at any time update, correct or delete information you have provided to us in the ‘My Profile’ section of the App. Enquiries regarding processing of personal data and access requests should be directed to the point of contact provided below.
Where we require personal data to be able to provide the benefits of Ubamarket to you or comply with legal obligations, then provision of such data is necessary. If such data is not provided, then we will not be able to manage our contractual relationship, or to meet obligations placed on us. In all other cases, the provision of requested personal data is optional.
Transfer of your information out of the EEA
If we transfer your personal data out of the EU, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a data protection supervisory authority, in particular in the European Union state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
How to contact us
Please contact us if you have any questions or comments about our privacy practices or this privacy notice. You can reach us online by email at: email@example.com
Changes to this Notice
We may change this privacy notice from time to time and any changes we make will be posted on this page. Any new version of this Policy will be published on our website.