CUB3 PRIVACY NOTICE
WHERE THE WORDS “WE”, “US” OR “OUR” ARE USED IN THIS DOCUMENT, THEY ARE ALL REFERENCES TO CUB3, INC., A DELAWARE CORPORATION. WE TREAT YOUR INFORMATION VERY CAREFULLY AND WE HAVE WRITTEN THIS DOCUMENT TO HELP YOU UNDERSTAND WHAT INFORMATION WE COLLECT, WHO HAS ACCESS TO IT AND FOR WHAT PURPOSES.
IF YOU ARE IN THE PROCESS OF CREATING AN ACCOUNT WITH OR HAVE ALREADY DONE SO, YOU SHOULD READ THIS DOCUMENT IN CONNECTION WITH OUR AGREEMENT WITH YOU.
You can ask us to stop using your information at any time by emailing us at [email@example.com] (although, as some types of information processing and sharing are essential to the provision of our services or certain aspects of those services, if you do ask us to stop using your information, we may not be able to provide some of the services or continue to provide the services in the same way). You can also stop us using your information by closing your account or by emailing [firstname.lastname@example.org]. However, even if you do ask us to stop, we may have other lawful grounds for using your information (for example, to comply with our statutory or regulatory duties or to comply with legal requirements).
This Privacy Notice applies to all personal data we collect, use, and disclose in respect of our users, customers and other business partners. It does not apply to the extent we process personal data in the role of a processor or service provider on behalf of our customers or partners.
We encourage you to read the remainder of this Privacy Notice to understand more about how we collect, use and disclose your data.
HOW DO WE COLLECT INFORMATION ABOUT YOU?
We collect information about you when you use our website, register to open an account with us, use our apps or services, make transactions and when you contact us.
We might also receive information about you from someone else (for instance, from your bank or social media accounts or from your employer where you represent one of our customers or business partners).
WHAT INFORMATION DO WE COLLECT?
We may collect the following types of information about you:
- information to identify you. This might include your title, name, zip/ postal code, email address, mobile phone number, date of birth, your billing and shipping address and any other data you provide to us when you set up your account, log-in to your account or use our services;
- third party sourced data. Information that you grant us permission to collect, and public information, from third party apps or websites such as, but not limited to, banks (and other financial institutions) and social media sites;
- information about how you use our website, apps or services. This might include how you interact with our website, apps or services, the services purchased (and when and where you do so), the price paid, the location and time of the transaction. It might also include information about campaigns and how you participate;
- internal account attributes. These might include unique identifier numbers (UIDs), transaction status, if you have verified your phone number or email address and internal notes recording actions taken on your account;
- your preferences. Information about your use of our website, apps or services including location or demographic data, language preferences, notification settings, opt-in/ opt-out from direct marketing and stated preferences;
- payment information. Information about your payment instrument (e.g. payment debit/ credit card), which may include (the Bank Identification Number (BIN) and the last four digits of the card number, the card type, postal code, expiration date and country of issue);
- surveys, feedback and complaints. Information that you have opted to provide to us in response to customer research and satisfaction surveys, support functions or complaints;
- professional details if you represent a customer or business partner. This might include your employer, job title, professional email address, contact number and copies of identity and proof of address.
For some services we are unable to provide you with our services unless you provide us with your name, date of birth, phone number, email address and transaction data, as we are required to process this in order to fulfil certain regulatory requirements or our contractual obligations under the user terms.
Limited Use Compliance Statement:
We strictly adhere to the Google API Services User Data Policy, including its Limited Use requirements. Our use and transfer of information received from Google APIs will be limited to the scope described in the Google API Services User Data Policy, ensuring the highest level of privacy and security for our users. For more details, please refer to the Google API Services User Data Policy [Google policy here].
WHAT DO WE USE YOUR INFORMATION FOR?
We will only use your personal data where:
- we need to perform the contract we are about to enter into or have entered into with you or the customer or business partner you represent;
- we have a legitimate interest in processing your personal data and your interests and fundamental rights do not override that interest;
- we need to comply with a legal or regulatory obligation; or
- you have given your consent.
We use your information:
- to provide our services. This might include:
- operating and managing an application for our services as well as how you access and use our website, apps and services. We have a legitimate interest in this to understand how users interact with our app or services and to comply with our regulatory obligations and to take steps to enter into a contract with you;
- processing transactions using our services (including for the purchase of goods or services or redemption of rewards). We will do this to perform the contract we have with you;
- communicating with you about orders and purchases, our services, your account with us and to provide support or handle complaints where you contact us. We have a legitimate interest in this communication so we can provide you with adequate support;
- enabling you to use social features, such as shareable items to other users. We have a legitimate interest in this so we can offer you our services;
- facilitating the negotiation of any merger, sale of company assets, financing, acquisition or divestiture of all or a portion of our business. We have a legitimate interest in this in order to conclude any of these transactions;
- recommending things we think you’ll like such as XXXX (where you have switched on your location settings in our website, our app and on your phone). We will do this because you have given us your consent to use your location data when you switched on your location settings;
- providing electronic receipts. We will do this as part of performing our contract with you; and
- communicating with you if you represent one of our customers or business partners. We will have a legitimate interest in this communication to establish our commercial relationship with the customer or business partner and as part of performing our contract with them.
- to improve our services. This might include doing things like:
- measuring the performance of our website, app and services. We have a legitimate interest in this to develop our product and services and to promote our company, products and services;
- making sure you use the right version of the website or app for where you are (like prompting you to change the language or location settings). We have a legitimate interest in this to ensure that you benefit from all of our services;
- conducting statistical analysis about how you and other users of our website, apps and services make use of them. We have a legitimate interest to make improvements to our website, apps and services or to develop new websites, apps and services;
- providing software updates so that they deliver improved features and functionality or fixing bugs. We have a legitimate interest in this and may also do this to ensure that we can continue to perform our contract with you;
- changing how we run our business, organise ourselves and deliver the services to you. We have a legitimate interest in this to develop and improve our product and services; and
- personalising parts of our website, apps and services to your tastes and preferences (for more information regarding profiling, please see below). We have a legitimate interest in this to develop our business and assess how users interact with our app or services.
- to communicate with you about marketing or promotional campaigns or to send you our insights (but, unless you represent a customer or business partner, only where you have told us you want to receive these communications and you have not told us to stop sending you messages). This might include:
- sending you insights;
- sending you messages about sales, promotions or prize draws offered by us or one of our customers or business partners;
- personalising parts of the service to your tastes and preferences (please see below for more information on profiling); and
- creating personalised promotions based on your purchasing preferences and behaviour;
- getting in touch if we need to tell you about something, like a change to our policies or issues with our apps or services (service notices). In some cases, we will do this to perform the contract we have with you. Alternatively, we will have a legitimate interest in giving you these service notices;
- for business, regulatory and/ or legal obligations, like:
- obtaining and maintaining insurance policies;
- dealing with any requests you make or content you submit;
- managing risk (for instance, by assessing payment and funding risks, identifying, preventing, detecting or preventing fraud, money laundering and other criminal activity and carrying out regulatory checks); and
- complying with any court order or applicable law, regulation or governmental request (e.g. tax authorities) and to protect our rights or property, or the security or integrity of our business or services.
We may analyse the personal data we hold about you to recommend merchants and products that we think you might be interested in. We may also analyse the personal data in order to detect and prevent fraud and financial crime.
HOW DO WE PROTECT YOUR INFORMATION?
We hold personal data about you at our own premises and with the assistance of third party service providers. We use third party service providers to perform a number of functions on our behalf including to host our platform, to send messaging on our behalf, to provide support services to you (including to provide translations to and from the English language) and to process transactions for the purchase of goods and services and to process invoicing for or by our customers or business partners.
Whenever we share your personal data with third parties, we will take reasonable steps to ensure that your privacy rights continue to be protected under the applicable data protection legislation. By sharing your personal data with us and interacting with the services, you consent to the storing, processing and/or transfer described in this part of the Privacy Notice.
WHO DO WE SHARE YOUR PERSONAL DATA WITH AND WHY?
Transfers to third parties
- Customers and other business partners. Where you have registered using a version of our app branded for one of our customers or business partners, we may share information about you, your account and how you use the app and service with that customer or business partner. We might also share your information with a merchant to investigate and resolve support issues you experience or where you notify us of a complaint about a merchant or the goods or services you purchase from them.
- Linking accounts. Where you have linked your Cub3 account to another account you hold (like a bank account or social media account) we will share information with the operator of that account.
Where we do share your information in this way, the recipient will become a new data controller of your information.
The information we share might include:
- information that can be used to identify you (such as name, email address and phone number);
- information about how you use our website, apps or services;
- your preferences (but only as they relate to that recipient); and
- where you have raised a support issue or notified us of a complaint about a merchant or the goods or services you purchase from them, the nature of the issue or complaint.
As a fraud prevention measure, we send your full name and zip/ postal code to payment service providers when you link a payment instrument to your account. We do this to ensure that your personal details match with the cardholder details and that you are the legitimate cardholder.
Where you make payments using our services, we share your data with a payment service provider (“PSP”) and they process your transactions. The PSP may share your information with third parties including regulators, your bank and the operators of the card networks. Where the PSP shares your information with Stripe, it will process your information under the Stripe Binding Corporate Rules (as amended from time to time and currently available here: https://stripe.com/gb/legal/ssa. If you are located in the EEA, the UK, or Switzerland, you have the right to enforce these rules as a third party beneficiary.
Unique Identifier Number. When you register with us, we create a UID linked to your account and transaction history. This may be sent to third parties who provide payment services to our customers or business partners to enable them and us to match incoming funds to you and the transactions you initiate. This information may be sent to third parties who provide payment.
Other uses. We may share your information with third parties, including law enforcement agencies for any of the following:
- to fulfil our obligations under our contract with you (or the customer or business partner you represent), or as required by applicable law or payment network rules;
- to assess financial and insurance risks, risk of fraud, sector risk and credit risk;
- in relation to any breach of, or to enforce, our contact with you (or the customer or business partner you represent);
- to recover debt or in relation to your insolvency;
- to develop products, services and our systems;
- to detect, investigate and prevent fraud or other crime;
- to respond to requests from courts, law enforcement agencies and other governmental or regulatory authorities or agencies; and
- to protect our rights, privacy and property, and that of our business partners.
We may also share your information with:
- our service providers. Service providers help us with things like payment processing, website hosting, database hosting, data analysis, information technology and related infrastructure, customer services, email delivery and anti-fraud services. These third parties are authorised to use your information only as necessary to provide their services to us and we take appropriate steps to ensure that third parties protect your information; and
- third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). We will make reasonable efforts to ensure such third parties are bound by confidentiality obligations in relation to such information.
HOW LONG DO WE STORE YOUR INFORMATION FOR?
In most cases we will store your information only for as long as required to provide the services or until you close your account or ask us to stop using your information.
You can ask us to stop using your information or change the way in which we use it by changing the settings in our app or services (to effect changes to things like your location settings, language settings, notification settings, access to your contacts list), by emailing email@example.com.
There are some exceptions to this, however. We may have other lawful grounds for processing your information (for example, to comply with our statutory or regulatory duties or the orders of a court). For example, we might be required to retain your personal data for a longer period (usually up to six years after you close your account or tell us to stop but this may vary depending on the territory in which you use the service) in order to comply with applicable law, tax obligations or regulatory requirements and for the establishment, exercise and defence of legal claims. This might apply to information about the transactions you make, when and where you make transactions and the information we hold about you for fraud and other crime prevention purposes. If we do retain your information in this way, we will cease other forms of processing.
ADDITIONAL DISCLOSURES FOR INDIVIDUALS IN EUROPE
If you are located in the EEA, the UK, or Switzerland, you have certain rights and protections under the law regarding the processing of your personal data, and this section applies to you.
You can request a copy of the personal data we hold about you, its origin and any recipients of it as well as the purpose of any data processing carried out. For further information, please contact us by emailing firstname.lastname@example.org with the subject “Data subject access request”.
You can correct, restrict, object to our use of or ask us to delete your personal data at any time by emailing email@example.com with the subject “Data subject change request”. If the processing is based on the legal grounds of consent or performance of a contract, you have the right to portability. This means that you can receive the personal data that you have provided to us in a structured, commonly used and machine-readable format, and have the right to transfer this data to another data controller.
You have an absolute right to object to the processing of your personal data for direct marketing. You also have the right to recall your prior given consent. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal and we may continue processing your personal data based on other legal grounds.
If you have any questions about this document or in relation to how we use your personal data, please contact us by emailing firstname.lastname@example.org or writing to us at by emailing email@example.com.
Your personal data may be processed outside the EEA, the UK, or Switzerland, by our staff or the staff of our service providers.
Where we do this, we will ensure that one of the following safeguards are in place:
- the European Commission has decided the relevant country ensures an adequate level of protection;
- we have agreed the Standard Contractual Clauses (SCC) with the recipient of the personal data. These SCC are approved by the European Commission as providing adequate protection for your personal data; or
- the recipient of the data has in place binding corporate rules approved by the European Commission as providing adequate protection for your personal data.
If data is transferred to a country where appropriate safeguards need to be put in place, we would be happy to provide information pertaining to such safeguards on request. You can contact us for this information by emailing firstname.lastname@example.org.
If you wish to make a complaint about how we collect, use, or disclose your information, please contact us by emailing email@example.com.
The Information Commissioner’s Office regulates data protection and privacy matters in the UK and you have the right to make a complaint to the Information Commissioner’s Office at any time about the way that we use your information. You can find more details at ico.org.uk, however we should appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office.
Location Information. When you first launch any of our mobile apps that collect precise location information, you will be asked to consent to the app’s collection of this information. If you initially consent to our collection of such location information, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. You may also stop our collection of this location information by following the standard uninstall process to remove all of our mobile apps from your device. If you stop our collection of this location information, some features of our services may no longer function properly.
Communications Preferences. You may opt out of receiving promotional messages from us by following the instructions in those communications, by managing your communication preferences in your account settings menu or by emailing us at firstname.lastname@example.org. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
Mobile Push Notifications. With your consent, we may send push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
UPDATING OUR PRIVACY NOTICE
We may update this Privacy Notice from time to time. When we do so, we will post the new version on our website, update the date at the top of this Privacy Notice, and ask that you accept the new version when you next use our app.
ADDITIONAL INFORMATION ABOUT US
Our company registration number is C1328220 and our registered office is at 6A BURGOYNE ROAD, London, N4 1AD. We are also registered as a data controller with the United Kingdom Information Commissioner’s Office under Registration Number 13966987.