Stapleton's Rewards

Joint Privacy Policy

Corporate Rewards Ltd (“CRL”) and Stapleton’s (Tyre Services) Ltd (“Stapleton’s”)

Welcome to the CRL and Stapleton’s Privacy Policy

CRL and Stapleton’s respect your privacy and are committed to protecting your Personal Data. This Privacy Policy will inform how we look after your Personal Data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you. This Privacy Policy aims to give you information on how CRL and Stapleton’s collects and processes your Personal Data , including any data you may provide through this website as a result of collecting award points having previously purchased from Stapleton’s.

This website is not intended for children and we do not knowingly collect information relating to children.

It is important you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide for specific occasions when we collect or process Personal Data to ensure you are fully aware of how and why we are using your information. IT supplements other notices and privacy policies and is not intended to override them.

Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in Stapleton’s Terms and Conditions.

CRL and Stapleton’s are registered information controllers and responsible for your Personal Data once entered onto the website with CRL managing this website.

Definitions

Data Controller - means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Data are, or are to be, processed. The Data Controller for this programme is the customer thereby by making Stapleton’s a “Processor” and any subsidiaries a “Sub-Processor”.

Information Processor - means any person (other than an employee of the Data Controller) who processes the information on behalf of the Data Controller.

Legitimate Interest - means the interest of our business in conducting and managing our business to enable us to give you the best service.

Performance of a Contract - means processing your information where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Personal Data - means information about an individual from which that person is identifiable.

Third Parties - means other companies (acting as joint controller or processors) and who provide IT and system administration services.

Usage Information - means information collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a website page visit).

The User - means the individual using our Service. The User corresponds to the Information Subject, who is the subject of Personal Data.

The Information We Collect about You

The Personal Data you enter onto the website is only collected and used with your prior permission to enable an account to be created and provide you with the programme services. This could include:

Identity Information - name, last name, username or similar identifier
Contact Information - billing address, email address and telephone numbers
Transaction Information details about payments to and from you and other details of services you have purchased from Stapleton’s
Technical Information - internet protocol (IP) address, your login information, browser type and version, time zone setting and location, browser plug-in types and versions, operating systems and platform and other technology on the devices you use to access this website such as cookies and usage information
Usage Information - information about how you use our website
Marketing and Communications Information - includes your account preference options

Personal Data will only be used to fulfil the specific purposes of the programme and associated activities, including but not limited to points banking account management, fulfilment of rewards and communications.

How We Use Your Personal Data

We will only use your Personal Data for the following purposes:

To register you on our website and to administer the programme website and services
For assessment and analysis of the programme performance and Stapleton’s reporting purposes
To enable the monitoring, reviewing and improvement of the products and services offered
For internal statistical user reporting
For our legitimate interests (where it does not override your fundamental rights).
Where we need to comply with a legal obligation

We have set out below a description of all the ways we use your Personal Data and identified what our legitimate interests are where appropriate.

Note that we may process your Personal Data for more than one lawful ground depending on the specific legal purpose we are relying on.

Purpose	Type of Information	Lawful basis for processing including basis of legitimate interest
To register you as a new customer	Identity Contact	Performance of a contract with you
To manage our relationship with you which will include: Notifying you about changes to our terms and or Privacy Policy Asking you to leave a review or take a survey	Identity Contact Profile Marketing and communications	Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to study how customers use our services)
To enable you to partake or complete a survey	Identity Contact Usage Marketing and Communications	Performance of a contract with you Necessary for our legitimate interests Study how customers use our services (to develop them and grow our business)
To administer and protect our business and this website (including troubleshoot, information analysis, testing, system maintenance, support, reporting and hosting of information)	Identity Contact Technical	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the contest of a business reorganisation).
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you in the form of Web Banners	Identity Contact Profile Usage Marketing and Communications Technical	Necessary for our legitimate interests (to study how customers use our services, to develop them, to group our business).
To use information analytics to improve our website, services, marketing, customer relationships and experience	Technical Usage	Necessary for our legitimate interests (to define types of customers for our services, to keep our website updated and relevant, to develop our business and inform marketing strategies)

Change of Purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that to use it for another reason that is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Opting Out

You can ask us to stop sending you marketing messages at any time (by logging into the website and checking relevant boxes to adjust your marketing preferences.)

Keeping your Personal Data Accurate and Current

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

Automated interactions - as you interact with our website, we will automatically collect technical information about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies (server logs) and other similar technologies including “Location and Tracking Information”.

Location Information - We may use and store information about your location if you give us permission to do so (“Location Information”). We use this information to provide features of our Service and to improve and customise our Service.

You can enable or disable location services when you use our Service at any time, through your device settings

Disclosures of your Personal Data

We may share your Personal Data with the parties in the event of:

Internal third parties - in order to fulfil contractual obligations.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third party providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions and your permission.

Law enforcement and public authority requests - under certain circumstances we may be required to disclose your Personal Data to law enforcement and public authorities.

Legal Requirements - CRL and Stapleton’s may disclose your Personal Data upon completion of the appropriate due diligence checks in order to:

Comply with a legal obligation
Protect and defend the rights or property of CRL and Stapleton’s
Prevent or investigate possible wrongdoing in connection with our service
Protect the personal safety of users of the service or the public
Protect against legal liability

Business Transactions - if CRL and Stapleton’s is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy.

International Transfers - of your Personal Data outside of the European Union or to a non-European Union approved country all commercially reasonably safeguards will be in place with any third party to protect your Personal Data to a level at least commensurate with that provided under the General Data Protection Regulation (GDPR).

Information Retention - How Long We Retain your Personal Data

We will retain your Personal Data for the period that you are registered with this programme. Thereafter your information will be retained for 6 months to enable an orderly close of the programme for Stapleton’s and your transactional information for a period not exceeding 2 years. Thereafter your Personal Data will be irretrievably deleted or for as long as reasonably necessary to fulfil the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a purpose of litigation in respect to our relationship with you.

To Whom We Disclose your Personal Data

We will not disclose to any third parties, Personal Data which relates to you without your prior consent, except:

To share between the two companies to enable the programme requirements to be met
Where it is necessary to enable any of our staff, employees, agents, contractors, suppliers or commercial partners to provide a service to us or to perform a function on our behalf (including fulfilling orders for products or services, supplying products or services that we provide on your behalf and as part of this programme)
Where there is justifiable reason to consider the disclosure of your information to other businesses, financial organisations or law enforcement agencies for the prevention or detection of fraud, or if we are required by law.

Your Rights

The right to be informed. (this Privacy Policy meets those rights)
To request access to your Personal Data (subject access request)
To request correction of your personal information (you have the right to inform us of any changes to your Personal Data if it is inaccurate or incomplete)
To request erasure of your Personal Data (you have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing)
To object to processing of your personal information on legitimate interests
To request the restriction of processing of your Personal Data (you can request that we continue to store your personal data, but not to further process it)
To request transfer of your personal information (data portability)
The right to withdraw consent
The right to lodge a complaint with the Information Commissioners Office

Subject Access Request

You have the right to request access to your Personal Data we hold on you. No fee is usually required. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. You will be notified of the fee (if applicable) prior to any significant work taking place.

Complaints

You have the right to make a complaint at any time. In the first instance, please contact one of the email addresses within the “Contact Us” section of this Privacy Policy.

You may also contact the Information Commissioners Officer (ICO) the UK Supervisory Authority for information protection issues (www.ico.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

To exercise any of these rights, or in the event of a complaint, please initially contact:

Data Protection Officer

Stapleton’s (Tyre Services) Ltd Fourth Ave,

Letchworth Garden City

SG6 2TT or email Group-Data-Protection@Stapletons-tyres.co.uk

We will verify your identity and will not be able to provide information until we are satisfied that you have a right to this information. Any information will be provided to you within 30 days unless in exceptional situations where we may advise you of an extension of up to 60 days.

Information Security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. However whilst the security of your information is important to us, it should be noted that no method of transmission over the internet, or method of electronic storage is 100% secure. Whilst we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Cookies

A cookie is a small file, typically of letters and numbers, downloaded onto a device when you access certain websites including ours. Cookies allow a website to recognise a user’s device. (for more information see: http//ww.allaboutcookies.org/)

Session and persistent cookies - Cookies can expire at the end of your browser session (from when you open the browser to when you exit the browser) or they can be stored for longer. We use:

Session cookies - allows our website to link the action you take during your bowser session. These session cookies expire after a browser session so would not be stored longer term.
Persistent cookies - are stored on your device in between browser sessions allowing your preferences or actions to be remembered
Third party cookies - when you link onto other website you are advised to review their cookie policy

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this

Contact Us

If you have any question about this Privacy Policy including any requests to exercise your legal rights please contact the Data Protection Officer:

Email address of CRL Information Protection Officer contact: DPO@corporaterewards.co.uk

Email address of Stapleton’s Data Protection Officer contact: Group-Data-Protection@Stapletons-tyres.co.uk