This document describes the policy and procedure of Edenred as applied to the collection and use of personal information. If you have any requests or queries concerning your personal information please contact us.
What is Personal Data?
Within the Data Protection Act 1998, Personal Data is defined as data that relates to a living individual who can be identified:
- from the data, or
- from the data and other information which is in the possession of, or likely to come into the possession of, the Data Controller, and includes any expression of opinion about the individual, and/or any indication of the intentions of the Data Controller or any other person in respect of the individual.
Why does Edenred UK need to collect and store personal data?
Edenred UK collects and stores personal data for the following purposes: staff administration; advertising; marketing & public relations; accounts & records, and; consultancy and advisory services. We are committed to ensuring that the information we collect and use is appropriate for its proposed purpose, and does not constitute an invasion of your privacy.
Collection & use
When providing our services, we may obtain personal data when –
(i) your employer (or other organisation with which you are formally affiliated) passes personal data to us for the provision of services they have purchased on your behalf or,
(ii) you provide your personal data online to Edenred, or
(iii) you provide your personal data in relation to a prize promotion or via feedback.
Edenred UK will use the information you provide in a manner that is compatible with the Data Protection Act. We will endeavour to keep your information accurate and up to date and not retain it for longer than is necessary. In some instances the law sets the maximum length of time personal data may be retained.
After the retention period has elapsed, data is securely destroyed. All security controls are periodically reviewed by Edenred UK in line with legal and technical developments.
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
Wherever possible, your personal data will not be obtained, held, used or disclosed unless you have given consent. We understand that "consent" means you have been fully informed of the intended processing of your personal data and have signified your acceptance.
Consent cannot be deemed to have been given if it was obtained on the basis of misleading information or inferred from non-response, by you, to a communication we send to you.
A cookie is a small piece of data containing a unique reference which is written to a web-enabled user device such as a computer, smartphone, tablet and/or other device running a web browser capable of connecting you to the internet. For more information on cookies visit: www.allaboutcookies.org.
What types of cookies do we use?
'Session cookie': This is a temporary cookie that remains active until you sign-out of the website or the cookie expires due to a period of inactivity. The session cookie is essential in the provision of certain services.
'Persistent cookies': These remain on your device for a longer period, dependent upon their intended purpose. Our websites utilise two forms of persistent cookie -
- Stored on your device after you login to a website and expires after 60 days. This cookie is used to provide site branding and other website customisations where appropriate.
- Stored on your device if you have given your consent on that website to have the website remember your details.
'Web beacons'. These are small transparent graphical images which are used only where relevant to the related service.
‘Analytics cookies’: These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
- Our cookies never contain Personally Identifiable Information (PII)
- Our cookies are always sent over an encrypted channel (SSL/TLS)
- The values inside our cookies are encrypted when necessary
- We never share or allow third parties to read our cookies
Third Party Cookies
Edenred UK may embed video or other content into our websites.
When you visit a web page with embedded content you may be presented with cookies related to that content. Edenred UK does not control these cookies and we recommend that you check the third party's own website for information about them.
Video embedded into the website will not play automatically. By clicking on the play button for any embedded video you consent to a cookie (if applicable) being stored on your device.
Edenred UK may need to supply data to third parties for the purpose of providing the service you have chosen.
Edenred UK protects your personal data and we will not sell, rent or trade that personal data.
Disclosure of data
Edenred UK will ensure that personal data is not disclosed to unauthorised third parties, including family members’, friends, government bodies, and in certain circumstances, the Police.
The Data Protection Act does however permit certain disclosures without consent when the information is requested for one or more of the following purposes:
- To safeguard national security
- Prevention or detection of crime including the apprehension or prosecution of offenders
- Assessment or collection of tax duty
- Discharge of regulatory functions (includes health, safety and welfare of persons at work);
- To prevent serious harm to a third party
- To protect the vital interests of the individual, this refers to life and death situations
All requests to provide personal data for one of the above reasons will be specifically authorised by the Edenred UK Information Security Manager.
Keeping you informed
In the interest of continually improving our services, we may occasionally wish to contact you by email or telephone to inform you about services or offers which might be of interest to you, or to obtain your feedback on our services.
If you have received something in error please contact email@example.com and we will remove you from our mailing list(s). We will provide an unsubscribe option on all relevant marketing communications.
Rights of access to data
Under the Data Protection Act 1998 you have the right to request a copy of personal data which we hold about you and to have any inaccuracies corrected. Subject Access Requests must be made in writing, using the application form accessible from this web page. We charge £10 per SAR and require two forms of personal identification to be provided with each request. Full details are contained within the SAR application form. For assistance please email firstname.lastname@example.org
We have implemented stringent security measures to ensure the integrity & confidentiality of your personal data and to protect it from loss, misuse, alteration or destruction. Wherever you communicate with our data processing systems, the communication will be encrypted using SSL / TLS validated by our Extended Validation SSL certificates.
Edenred UK personnel who handle personal data are made aware of their responsibilities and are trained in how to protect the data. Each Edenred UK contract of employment specifically includes provision for the confidential handling of customer information.
Supplier and Third Party Links
Edenred UK accepts no responsibility or liability for any third party websites.
Conditions of Use
Version 4.3 (01/03/2017)