Version 5.7 (19/11/2023)
Please see important information below regarding the acquisition of Reward Gateway (UK) Ltd by Edenred SE.
Edenred (UK Group) Limited & Childcare Vouchers Ltd, (together "Edenred/we/us/our") are companies incorporated in England & Wales with a registered office at 50 Vauxhall Bridge Road, London, SW1V 2RS. The registered company number for Edenred UK (Group) Limited is 00540144. The registered company number for Childcare Vouchers Limited is 02420196.
We are committed to protecting the confidentiality and security of your personal information in accordance with applicable data protection legislation. To achieve this we have policies and procedures in place to comply with the General Data Protection Regulation (also known as the GDPR) and other applicable UK and EU regulations such as the Data Protection Act 2018.
Why does Edenred need to collect and store your personal information?
Edenred collects, stores and processes your personal information on behalf of our clients for the purpose of administering our various services such as:
- Childcare Vouchers
- Employee Savings
- Eyecare Vouchers
- Flexible Benefits
- Compliments Select (and its full catalogue)
- Connect Recognition
- Connect Incentive
- Incentive Award card
- Compliments Card
- Select Eat
- Select Grocery
We are committed to ensuring that the information we collect and use is appropriate for its proposed purpose and does not constitute an invasion of your privacy. Edenred will only use the information you provide in a manner that is compatible with applicable data protection legislation. At all times we will endeavour to keep your information accurate and up to date.
If you do not have a commercial relationship with us, we may hold limited personal information about you to communicate and promote our services.
Personal information collection, use & storage
When providing our services, we may obtain personal data when;
- Your employer (or other organisation with which you are formally affiliated) passes your personal information to us for the provision of services they have purchased on your behalf; or
- You provide your personal information to Edenred whilst using the service; or
- You provide your personal information when requesting more information about becoming a client of Edenred
The personal information collected by Edenred is restricted to information essential for service operation and does not include sensitive personal information.
This information is collected to allow us to:
- Create and manage your account to provide access to our online services
- Deliver offline aspects of our services
- Process your requests for accessing discreet elements of our service such as purchasing employee savings discounts; making flexible benefits choices; or redeeming incentive awards given to you by your employer or affiliated organisation
- Comply with our legal obligation to implement strong customer authentication for our Edenred Mastercard products
- Run marketing campaigns to communicate and promote our services
- Conduct surveys to study customer needs and satisfaction to identify trends and improvement opportunities for the supply of our products and services
- Service the contract we have with you, your employer or affiliated organisation to include our ability to offer you enhanced services as we upgrade our technology across the Edenred group of companies.
All personal information stored and processed by Edenred services are located within the UK. Where Edenred share personal information with a third-party, data is stored within the UK and European Union. Edenred ensures that your personal data will not be transferred outside of the European Union in the absence of an adequacy decision by the European Commission or the establishment of appropriate and adequate safeguards ensuring the security and protection of your personal data.
Who has access to your personal information?
Your personal information will be only be accessible to authorised personnel who have been granted access rights based on their need to perform their job role to deliver the service. All authorised personnel are bound by a contractual non-disclosure agreement.
Personal information data retention periods
We will not retain your personal information for longer than is necessary. However, in some instances the law sets the maximum length of time personal data must be retained to satisfy any legal, accounting, or reporting requirements.
After the retention period has elapsed, data is securely destroyed or anonymised so that it can no longer be associated with you.
Our data retention periods are as follows:
- Edenred Service data 6 years (generally from last data subject login)
- Edenred Survey data 3 years
Lawful basis for processing your information
Wherever possible, your personal data will not be obtained, held, used or disclosed unless you have been informed (and where required given your consent) for it to be shared with Edenred. Your employer or affiliated organisation is responsible for taking the necessary steps to achieve this.
We are generally a Data Controller, and sometimes a separate and distinct controller, in respect of the services we provide but in certain limited circumstances operate as a Data Processor. If you have any questions in respect of this please do not hesitate to get in touch at email@example.com
Please see the table below which sets out our status.
|Edenred UK service||General status|
|Childcare Vouchers||Data controller|
|Edenred Savings||Data controller|
|Eyecare Vouchers||Data controller|
|Flexible Benefits||Data controller|
|Compliments Select (and its catalog)||Data controller|
|Connect Recognition||Data controller|
|Connect Incentive||Data controller|
|Incentive Award card||Data controller|
|Compliments card||Data controller|
|Select Eat||Data controller|
|Select Grocery||Data controller|
Edenred will only use your personal information to perform our contractual obligations with you, your employer or affiliated organisation and to pursue our legitimate interests delivering, maintaining, improving and promoting the required service. Should the need arise we may also be required to use your personal information to comply with our legal and regulatory obligations.
Marketing and electronic communications
From time to time we may contact you via email or telephone with information about Edenred products and services. As follows:
Existing users: Your employer or affiliated organisation will have determined the initial extent to which Edenred can communicate with you using either your business or personal contact information. This means that our lawful basis for communicating with you can vary between;
- Edenred performing our contractual obligations with you, your employer or affiliated organisation. For example, when sending you service notifications such as joining instructions; or
- pursuing our legitimate interests. For example, when sending promotional emails to your work email address; or
- relying on your consent. For example, when sending promotional emails to your personal email address.
Whichever method is used we will always provide you with the option to opt-out of receiving future communications or surveys. With the following exception; occasionally your employer or affiliated organisation will ask Edenred to communicate with all its employees or scheme members providing a notice that is required to be sent to all participants concerning essential information about the provided service in accordance with our contractual obligations.
Direct marketing and communications with corporate clients and prospects: We will communicate with you to pursue our legitimate interests in promoting our products and services. We will always provide you with the option to opt-out of receiving future communications. Where appropriate our business-to-business communication process uses proposal tracking software, this will not be done without your consent.
For business-to-business marketing activity and client business communications, a limited amount of personal data is transferred to a third-party sub-processor based in the US. Appropriate safeguards are in place; as required by the GDPR the sub-processor Data Processing Agreement includes Standard Contractual Clauses.
Please note the grounds and purposes for processing your personal information may overlap which could result in several of those grounds justifying our usage.
Keeping you informed and conducting surveys
In the interest of continually improving our services, we may periodically wish to contact you by email or telephone to inform you about services or offers which might be of interest to you, or to obtain your feedback on our products and services.
Our stated lawful basis for these processing activities is based on Edenred’s legitimate interest to conduct customer needs and satisfaction surveys to identify improvement opportunities for the products and services to deliver optimum customer experience
Our Passion for Customers Program aims to improve the experience of Edenred's customers and harness ongoing interactions through tools that allow Edenred to conduct and manage surveys, mine and classify customer insights to fuel continuous feedback, learning, improvement and drive strategies and actions to deliver the best in class customer experience. To do so, this solution uses profiling to determine what needs to be addressed by actions to increase customer satisfaction. If you have received something in error, please contact firstname.lastname@example.org and we will remove you from our mailing list(s). We will provide an unsubscribe option on all relevant marketing communications.
Sharing personal information with third parties
Edenred may need to supply data to third parties for the purpose of providing the service purchased by your employer or affiliated organisation and to promote and improve our products and services to existing and potential new clients. For example:
- Employee benefits providers
- Printing and mailing companies
- Email service providers
- Website tracking and analytics providers
- Edenred SE group Companies (such as Reward Gateway (UK) Ltd)
- Survey tool providers (Survey Monkey and Medallia)
We require third parties to safeguard the security of your data in accordance with applicable data protection laws. All Edenred third party service providers are contractually required to take appropriate security measures to protect your personal information. Edenred will only share the minimum personal information required to provide the third-party service. Third parties are only allowed to use your personal data for provision or promotion of that service.
As a result of the acquisition of Reward Gateway (UK) Ltd by Edenred SE in May 2023 we will be transferring personal data to Reward Gateway (UK) Ltd from January 1st 2024 as part of an internal group re-organisation. All data subject rights will be fully respected. If you have any questions please do not hesitate to get in touch with our Data Protection Officer using the contact details provided.
To ensure that your data subject rights can be consistently protected across both Edenred (UK Group) Limited and Reward Gateway (UK) Ltd we are appointing a single Data Protection Officer across both who can be reached via email at email@example.com or at firstname.lastname@example.org
Please also be aware that the two technical IT networks of Edenred (UK Group) Limited and Reward Gateway (UK) Ltd will remain completely segregated and air-gapped such that there is no transmission of personal data between them other than any normally occurring network communication such as email. As such clients and data subjects of Edenred (UK Group) Limited are reassured that service provision will be identical, delivered by the same people and that all personal data will continue to be processed in line with applicable standards and consistent with any contracts in place. All data subject rights will continue to be fully respected.
Disclosure of personal information
Edenred will ensure that your personal information is not disclosed to unauthorised third parties, including family members, friends, government bodies, and in certain circumstances, the Police. Edenred will not sell, rent or trade your personal data. Data protection legislation does however permit certain disclosures without consent when the information is requested for one or more of the following purposes:
- To safeguard national security
- Prevention or detection of crime including the apprehension or prosecution of offenders
- Assessment or collection of tax duty
- Discharge of regulatory functions (includes health, safety and welfare of persons at work)
- To prevent serious harm to a third party
- To protect the vital interests of the individual, this refers to life and death situations
All requests to provide personal data for one of the above reasons will be specifically authorised by the Edenred Data Protection Officer.
Rights of access to your personal information
Under the General Data Protection Regulation and subject to qualifying circumstances you have the following rights:
- You can request a copy of personal data which we hold about you (commonly known as a subject access request or SAR).
- You can request to have any inaccuracies in your personal information corrected.
- Under certain circumstances you can request to have your personal information removed.
- You can object to the processing of your personal information if you have issues with the content of the information we hold or how we are processing it.
- You can request that a restriction be placed on the processing of your personal information.
To exercise any of the above rights please use the form provided here
Security of your personal information
We have implemented stringent security measures to ensure the integrity & confidentiality of your personal information and to protect it from loss, misuse, alteration or destruction. Wherever you communicate with our data processing systems your connection will be encrypted using a minimum of TLS 1.2.
Edenred UK personnel who handle personal data are made aware of their responsibilities and are trained in how to protect the data. Each Edenred UK contract of employment specifically includes provision for the confidential handling of customer information.
Edenred have procedures in place to investigate a suspected data security breach. We will notify your employer or affiliated organisation if you have been affected as well as assisting the data controller with reporting data breaches to the relevant regulatory authority to comply with our legal obligations.
Where necessary Edenred UK will report data breaches to the ICO and impacted data subjects within the time periods required.
Supplier and third-party links
Edenred UK accepts no responsibility or liability for any third-party websites.
If you have concerns about how we are processing your personal information or you wish to make a complaint please contact us by emailing email@example.com. You are also entitled to contact the Information Commissioner Office’s helpline for advice on data protection and your information rights here or call them on 0303 123 1113.
Version 4.6 (25/10/2023)
Cookies are small files containing a short string of numbers and letters placed automatically by a website into the cookie folder in your browser. Cookies are generally used to make a website easier and faster to use. The cookie recognises that a device is or has accessed the website and acts accordingly, (depending on what the cookie is designed to do). Mostly cookies perform mundance but necessary tasks.
For more information on cookies visit: https://allaboutcookies.org/.
What types of cookies do we use?
'Session cookie': This is a temporary cookie that remains active until you sign-out of the website or the cookie expires due to a period of inactivity. The session cookie is essential in the provision of certain services.
'Persistent cookies': These remain on your device for a longer period, dependent upon their intended purpose. Our websites utilise two forms of persistent cookie:
- Stored on your device after you login to a website and expires after 60 days. This cookie is used to provide site branding and other website customisations where appropriate
- Stored on your device if you have given your consent on that website to have the website remember your details
‘Strictly necessary’ cookies: These cookies are essential to navigate our websites and support core features such as using a shopping cart.
‘Functional cookies’: These cookies allow websites and applications to provide you with enhanced and more personal features by remembering choices you make. This enables us to identify your device using a unique user identifier, but doesn’t collect personal data such as your name and email address.
Some examples of how we do this include:
- Remembering if you’ve visited the site before so you don’t see messages intended for first time users.
- Remembering if we’ve asked you if you want to complete a survey, so you’re not asked the same questions again.
'Web beacons'. These are small transparent graphical images which are used only where relevant to the related service.
'Analytics cookies': These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
- Our cookies never contain Personally Identifiable Information (PII)
- Our cookies are always sent over an encrypted channel (SSL/TLS)
- The values inside our cookies are encrypted when necessary
- We never share or allow third parties to read our cookies
Third party cookies
Edenred UK may embed video or other content into our websites.
When you visit a web page with embedded content you may be presented with cookies related to that content. Edenred UK does not control these cookies and we recommend that you check the third party's own website for information about them.
Video embedded into the website will not play automatically. By clicking on the play button for any embedded video you consent to a cookie (if applicable) being stored on your device.
How to control your cookies
There are various ways that you can control and manage your cookies. Please remember that any settings you change will apply to all websites that you visit (unless you choose to block cookies from particular sites). The settings you change will also only apply to the device on which you change them and will not apply across all your devices. If you want to opt out of cookies on all your devices, you will need to change the settings on all your devices individually.
Managing cookies in your browser
Most modern browsers will enable you to:
- Show you what cookies you've got and delete them on an individual basis.
- Block third party cookies.
- Block all cookies from being set.
- Delete all cookies when you close your browser.
You should be aware that any preferences will be lost if you delete all cookies. This includes where you have opted out from cookies, as this requires an opt-out cookie to be set. So if you opt out from cookies and then delete all cookies, your opt out will not be saved and you’ll need to opt out again (which will store a strictly necessary cookie so that your device can remember that you have opted out).
If you block cookies completely, many websites will not work properly and some functionality on these websites will not work at all. We don’t recommend turning cookies off when using our services for these reasons.
The links below take you to the ‘help' sections for each of the major browsers so that you can find out more about how to manage your cookies.
It's possible to opt out of having your browsing activity recorded by analytics cookies. Edenred UK uses the following analytics providers and you can opt out of their cookies using the links above or as specified below. Please note that this will take you to the relevant third party's website and generate a ‘no thanks' cookie, which will stop any further cookies being set by those third parties.
Please remember by not allowing analytics cookies, this stops us from being able to learn what people like or don't like about our services, so that we can make them better.
We will shortly be migrating to a new analytics service provider, Piano, in order to further enhance our compliance with Data Protection regulations.