This is the Privacy Policy of Receipt Branch Limited, a company registered in the United Kingdom, registered number 14465480 and whose registered office is at Suite B, Fairgate House, 205 Kings Road, Birmingham, B11 2AA (“RB”, Company”, “we”, “us” and “ours”)
You can store your receipts using our paperless receipts system, so that at any time you need to see what you have spent your money on, if you have a query on your bank or credit card statement you can reconcile it easily or need to make an enquiry with the retailers you can bring up, read or show your receipts using this great new App and also our website – “user”, “you”, “your” and “yours”
The Receipt Branch App is an innovative new app developed for the benefit of retailers and our users alike. A paperless, eco friendly system which stores all of your receipts in one place making it simple and easy to look-up them up. No more wallets and purses full of paper and no lost receipts. These terms also apply to our website.
1.1 We have set out the general categories of personal data that we collect. We do not collect any data from third parties.
1.2 We may process data enabling us to get in contact with you (“contact data”). This contact data may include your name, email address, telephone number and postal address. If you use our services you may also be provided with log in details and passwords, by us, which will also be collected and retained by us.The contact data is provided by you, if you download our App or view our website and use our services it is necessary for us to carry out the services we provide.
1.3 As a retailer using the services you will also be provided with authentication codes as well as the requirement for you to provide your company and contact information. This will be retained by us for the purpose of providing our services and your use of them.
1.4 We may process information contained in or relating to any communication that you send to us or that we send to you (“communication data”). The communication data may include the communication content and metadata associated with the communication. Our App/website will generate the metadata associated with communications made using the App contact forms.
1.5 We may process data about your use of App/website services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, usage, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics.
1.6 Please do not supply any other person’s personal data to us, the data you supply must only be your own.
1.7 For Partners, we will retain, securely and separately your bank details for the collection of our fee’s.
1.8 We may not retain all of the information above depending on what services you use and your interaction with our App/website.
1.9 Application Data – If you use our App/website, we also may collect the following information if you choose to provide us with access or permission:
1.9.1. Geolocation Information – Track Location based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services.
1.9.2 Mobile Device Data – we automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our App/website we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our App you accessed. You may also download and add receipts from your phone storage or by taking a photograph of an old receipt and we will treat this information as down loaded from a mobile device
1.9.3 Push Notifications and Prompts – we may request to send you push notifications and prompts regarding your account, features or deals based on your purchase history on the App/website. We will extract and retain purchase data based upon purchases made in store or online.
1.10 If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings, in doing so you may not be able to receive the full befit of our services.
1.11 If you wish to change our access or permissions, you may do so in your device’s settings.
1.12 No data is collected from any person under the age of 16.
2.1 Special Category Data – is information about race, religion, ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data or health data.
2.2 We do not collect any ‘Special Category Data” if any receipt is stored which contains such information it is not recognised as such as the details of your receipts are not collected by us. You may store receipts containing Special Category information safely and securely knowing that the data is not collected or stored.
3.1 We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.
3.2 We will store your personal data on secure servers, personal computers and mobile devices, and in secure manual record-keeping systems.
3.3 Any data relating to your enquiries and financial transactions that is sent from your mobile browser to our server, or from our server to your mobile browser, will be protected using encryption technology.
3.4 You acknowledge that the transmission of unencrypted or inadequately encrypted data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
3.5 You should ensure that any password and any login details are not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our App confidential and we will not ask you for your password (if any) (except when you log in to our App).
3.6 Retailers must also ensure that your authentication codes are deleted once used for security of your login process.
3.7 When you login:-
3.7.1 We process your information to provide, improve, and administer the services our App/website supplies to you;
3.7.1.1 for security and fraud prevention, to communicate with you and to comply with law.
3.8 We may also process your information for other purposes only with your specific consent:
3.8.1 To provide you with a personal account and the necessary authentication and otherwise manage user accounts;
3.8.2 We may process your information so you can create and log in to your account, as well as keep your account in working order and update your account when used;
3.8.3 To ensure proper delivery of services to you and to process your information to provide you with the requested service;
3.8.4 To respond to your inquiries and to support you whilst using our services;
3.8.5 We may process your information to respond to account inquiries and solve any potential issues you might have with the requested service;
3.8.6 To send information to you for the administration of your account;
3.8.7. We may process your information to send you details about changes or updates to our services, changes to our terms and policies, and other such information; and
3.8.8 To save or protect an individual’s or company’s vital interest to prevent harm.
3.9 Our Partners, who are the retailers who you scan your receipts through, using our Analytics are able to view the following in respect of our Users:
Total receipts; total purchases; average purchase; gender total purchase; age ratio; total client count; discount usage; discount usage by gender; discount usage by age; deal views and clicks on hyperlinks.
3.9.1 Receipt Branch Receive the right to add more analytics without notice to the User, such additions will be notified on any updated Privacy Policy. You, the User Expressly agree to this to enable your access to the free app service.
4.1 Operations – We may process your personal data for the purposes of operating our App/website, the processing and fulfilment of Services, providing additional services, generating invoices, bills and other payment-related documentation, and credit control. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
4.2 Relationships and communications – We may process personal data for the purposes of managing our business relationships, communicating with you by email, our push notices providing support services and complaint handling. The legal basis for this processing is our legitimate interests, namely communications with our App/website users, retailers and the maintenance of our relationships, enabling the use of our App and the proper administration of our App/website and business.
4.3 Personalisation – We may process account data, service data and/or usage data for the purposes of personalising the content that you see on our App/website and through our App /website services to ensure that you only see material that is relevant to you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
4.4 Direct marketing – We may process contact data, account data, profile data, customer relationship data and/or transaction data for the purposes of creating, targeting and sending direct marketing communications by email, SMS and/or push notices for marketing-related purposes. The legal basis for this processing is promoting our business and communicating marketing messages and offers to our App/website visitors and users. You may opt out of this service at any time by contacting us at email address here email address.
4.5 Research and analysis – We may process usage data, service data and/or transaction data for the purposes of researching and analysing the use of our App/website and services, as well as researching and analysing other interactions with our business. The legal basis for this processing is our legitimate interests, namely monitoring, supporting, improving and securing our App/website services and business generally. This data is anonymised and your data cannot be identified to you.
4.6 Record keeping – We may process your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy and any legal requirements we are obligated to.
4.7 Security – We may process your personal data for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our App/website, services and business, and the protection of others.
4.8 Insurance and risk management – We may process your personal data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
4.9 Legal claims – We may process Your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, Your legal rights and the legal rights of others.
4.10 Legal compliance and vital interests – We may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.
4.10.1 if we are unable to obtain permission but believe it is in the interest of the individual that we collect and retain certain information, we will do so in the following circumstances:
4.10.1.1 If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way;
4.1.1.2 For investigations and fraud detection and prevention
4.1.1.3 For business transactions provided certain conditions are met;
4.1.1.4 If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim;
4.1.1.5 For identifying injured, ill, or deceased persons and communicating with next of kin;
4.1.1.5 If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse;
4.1.1.6 If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the services;
4.11 All processing of Information is done in line with the Data Protection Act 2018, EU GDPR Regulations (Data Protection Directive 95/46/EC), COPPA (Children’s Online Privacy Protection Act) and in compliance with CCPA (California Consumer Privacy Act).
Also see table below
Purpose/Activity | Type of Data | Lawful basis for processing including basis of legitimate interest. |
To register you as a new User | (a) Identity (b) Contact | Performance of a contract. |
Tp process your account details including: (a) manage any payments, fees and charges; (b) Collect and recover money owed to us | (a) Identity (b) Financial (c) Transaction (d) Marketing and communications | Performance of a contract with you and necessary for our legitimate interest (to recover dents due to us) |
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy; (b) Asking you to leave a review or take a survey; (c) Agree to your modes of communication with you (d) To send users marketing information and offers from third parties | (a) Identity (b) Contact (c) Profile (d) Marketing and communications | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interest ( to keep our records updated and to study how our customers use our products/services |
To enable you to partake in a prize draw, competition or complete a survey | (A) Identity (b)Contact (c) Profile (d) usage (e)marketing and communications | (a) performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business. (c) |
To administer and protect our business and this App/Website(including trouble shooting, data analysis, testing, system maintenance, support, reporting and hosting data) | (a) Identity (b) Contact (c) Technical | (a) necessary for our legitimate interest (for running our business, provision of administration and IT services, network security, tp prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation). |
To deliver relevant App/Website content to you and measure or understand the effectiveness of the content we serve to you. | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and communications (f) Technical | Necessary for our legitimate interest (to study how customer, buyers and/or vendors use our products/services to develop them, to grow our business and to inform you of our marketing strategy). |
Two use data analytics to improve our App/Website, services, marketing, customer relationships and experiences. | (a) Technical (b) Usage | Necessary for our legitimate interests (to define types of customers for our products/services, to keep our App/Website updated and relevant, to develop our business and to inform you of our marketing strategy. |
To make suggestions and recommendations to you about services that ,ay be of interest to you, this to include accuses to direct marketing by third parties on our App/website | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and communications | Necessary for our legitimate interest (to develop our products/services and grow our business ) |
5.1 Vendors, consultants, and other third-party service providers that we made need to share such information with to enable them to perform the services we require of them. We ensure that these third parties cannot use or supply your personal information unless we have given them permissions to do so. They will also not share your personal information with any other organisation apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The categories of third parties we may share personal information with are as follows:
5.1.1.Affiliate Marketing Programs;
5.1.2 Data Analytics Services;
5.1.3 Sales & Marketing Tools;
5.2 We also may need to share your personal information in the following situations:
5.2.1 Business Transfers – We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company;
5.2.12 Affiliates – We may share your information with our affiliates, in which case they are legally required to abide by this privacy notice. Affiliates include any parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us;
5.2.3 Selected third party suppliers of products and/or services identified on our App for the purpose of enabling them to contact you so that they can offer, market and sell to you relevant products and/or services. Each such third party will act as a data controller in relation to the personal data that we supply to it; and upon contacting you, each such third party will supply to you a copy of its own privacy policy, which will govern that third party’s use of your personal data. You can opt out of this service at any time by contacting us at email address here email address;
5.2.4 Insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.
5.3 Our database will be stored on the servers of our hosting services.
5.4 In addition to the specific disclosures of personal data, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose Your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
6.1 Registering through and logging in from your social media account, Google account and/or with your email address will give us access to additional personal information.
6.2 Such a facility is or may be offered to you through such third party sites as Facebook, or Twitter.
6.3 When or if you choose this login option your profile information may also be provided, this is dependent upon your social media setting and the account type.
6.4 The information transferred may include a profile picture, name, email address, friends list and any other information you have available on a “public” setting.
6.5 We will only use this information as detailed in this Privacy Policy and if you do not wish such information to be provided please adjust your social media setting prior to registering or logging in through this medium.
6.6 If you allow this information to be transferred and you give permission for third party access, see clause 5, those third parties may use the information in accordance with their own privacy policy.
7. KEEPING YOUR INFORMATION SAFE
7.1 We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.
7.2 We will store your personal data on secure servers, personal computers and mobile devices, and in secure manual record-keeping systems.
7.3 Data relating to your enquiries and financial transactions (not including your stored receipts) that is sent from your browser to your server, or from our server to your web browser, will be protected using encryption technology.
7.4 You acknowledge that the transmission of unencrypted or inadequately encrypted data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
7.5 You should ensure that any authentication details, password and any login details are not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our App confidential and we will never ask you for your password (if any) (except when you log in to our App/website).
8.1 These are our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
8.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
8.3 We will retain your personal data if you have agreed to allow us to send you marketing emails and supply your data to third parties for the purpose of sending third party marketing emails.
8.4 We will retain your personal data for the purposes of any business transaction and account creation.
8.5 We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. This may entail your personal data being retained for longer period.
8.6 We may retain your personal data for as long as required for the requirements of our accounting obligations and for providing details to the HMRC if requested.
8.7 Where ever possible if we are required to retain your personal data for a longer period and we can do so safely we will anonymise your personal data.
9. OUR POLICY ON MINORS
9.1 We do not knowingly collect data from or market to children under the age of contractual consent:
9.1.1 In the UK this is eighteen (18) years of age;
9.1.2 In the EU this is eighteen years of age;
9.1.3 In the USA this is sixteen (16), Seventeen (17) or eighteen (18) years of age ,depending upon your location; and
9.1.4 In Canada this is sixteen (16) years of age.
9.2 In other areas please ensure you do not register to use our app if you are under the age of consent in your jurisdiction.
9.3 By using the services, you represent that you are at least 18 or that you are the parent or guardian of such minors and consent to such minor dependent’s use of the services.
9.4 If we learn that personal information from users less than relevant age of consent has been collected, and there is no parental or guardian permission in place we will deactivate the account and take reasonable measures to promptly delete such data from our records.
10.1 We provide information about the circumstances in which your personal data may be transferred to a third country under UK, EU and/or US data protection law.
10.2 We may transfer your personal data to the European Economic Area (EEA) or the US from the UK and process that personal data in the EU for the purposes set out in this policy, and may permit our suppliers and subcontractors to do so, during any period with respect to which the EU is not treated as a third country under UK data protection law or benefits from an adequacy decision under UK data protection law; and We may transfer your personal data from the UK to the EEA and process that personal data in the EEA for the purposes set out in this policy, and may permit our suppliers and subcontractors to do so, during any period with respect to which EEA states are not treated as third countries under UK data protection law or benefit from adequacy regulations under UK data protection law.
10.3 We may transfer outside of the UK, other than the EU or EEA, If we intend to do this we will notify you, in doing so we will ensure that the terms under which Personal Data is held is such that it complies with all of the same or similar requirements as if it was held in the EU, EEA or EU.
10.4 The hosting facilities for our App /website are situated in the UK only and our App/website hosting facilities are situated in UK. The competent data protection authorities have made an adequacy determination with respect to the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the competent data protection authorities.
11.1 We have summarised the rights that you have under UK Data Protection Law (Data Protection Act 2018) and other laws in other jurisdictions where relevant.
11.2 Further information can be found at https://ico.org.uk/ , if you are in Europe contact https://EC.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en and for the US contact The Federal Trade Commission at www.ftc.gov .
11.2 Your principal rights under data protection law are:
(a) the right to access – you can ask for copies of Your personal data;
(b) the right to rectification – you can ask us to rectify inaccurate personal data and to complete or incomplete personal data;
(c) the right to erasure – you can ask us to erase your personal data;
(d) the right to restrict processing – you can ask us to restrict the processing of your personal data;
(e) the right to object to processing – you can object to the processing of your personal data;
(f) the right to data portability – you can ask that we transfer your personal data to another organisation or to you;
(g) the right to complain to a supervisory authority – you can complain about our processing of your personal data; and
(h) the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.
11.3 You have the right to confirm as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply you with a copy of our personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
11.4 You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
11.5 In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
11.6 In some circumstances You have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; We no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and You have objected to processing, pending the verification of your objection. Where processing has been restricted on this basis, We may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
11.7 You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in Us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
11.8 You have the right to object to our processing of Your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
11.9 You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
11.10 To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
11.11 If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. In relation to complaints under EU data protection law, you may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement; in relation to complaints under UK data protection law, you should do so in the UK. In the US you should make a complaint to your state regulator.
11.12 To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
11.13 California Civil Code Section 1798.83, also known as the ‘Shine The Light’ law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided.
11.14 You may exercise any of your rights in relation to your personal data by emailing company information email address here and making a Data Subject Request. Such a request must only be in respect of your one data.
12.1 Receipt Branch Limited does not support “Do Not Track” requests. Whether or not any of the third party services uses “Do Not Track” requests you must read their privacy policies.
12.2 You can check on your browser and set your options to Do Not Track independently of our App/website should you wish to do so.
13.1 We may update this policy from time to time to ensure we continue to be in compliance with the appropriate laws and regulation or if we offer additional services on our app/website which would require this policy to be updated.
13.2 Please see at the bottom of this document the “Last Updated Date”
13.3 We recommend that you read this policy from time to time to ensure you understand how we deal with you Personal Data.