Privacy Policy

THIS POLICY WAS LAST UPDATED ON: 3^rdJanuary 2023

INTRODUCTION

We are HyperJar Limited (“we, “us” or “our”) and we arecommitted to protecting your personal data.

This policy applies to your use of our website at HyperJar.com(“Site”), the HyperJar digital wallet application (“App”) and any of our services that are accessible through the Site or the App(collectively referred to as our “Services”). It sets out thebasis on which any personal data we collect about you, or you provideto us, will be processed and used by us.

If you open a sub-account in your App (“Sub-account”) for anotherperson, including where that person is your child (“Sub-accountUser”), this privacy policy also covers the personal data of thatSub-account User (and references to “you” or “your” will alsorefer to your Sub-account Users where applicable).

We recommend you print a copy of this policy for future reference.

1. IMPORTANT INFORMATION AND WHO WE ARE

PURPOSE OF THIS PRIVACY NOTICE

It is important that you read this policy, together with any otherprivacy or fair processing notice we may provide on specificoccasions when we are collecting or processing personal data about(or provided by) you or a Sub-account User, so that you (and yourSub-account Users) are fully aware of how and why we are using your(and their) data. This privacy policy supplements the other noticesand is not intended to override them.

CONTROLLER

For the purpose of the relevant data protection regulations, HyperJar Limited is the “data controller” of your personal data. Thismeans that we decide on the purpose for which your personal data isprocessed.

We have appointed a data privacy manager who is responsible foroverseeing questions in relation to this policy. If you have anyquestions, including any requests to exercise your legal rights,please contact the data privacy manager using the details set outbelow.

CONTACT DETAILS AND COMPLAINTS

Email address: privacy@hyperjar.com

Postal address: HyperJar, 71-75 Shelton Street, Covent Garden,London, United Kingdom, WC2H 9JQ.

You have the right to make a complaint at any time to the InformationCommissioner’s Office (ICO), the UK supervisory authority for dataprotection issues (www.ico.org.uk). Our registration number with theICO is ZA286245. We would, however, appreciate the chance to dealwith your concerns before you approach the ICO, so please contact usin the first instance.

CHANGES TO THE PRIVACY NOTICE

We may update this policy from time to time. If we do so, the changeswill be made available on our Site and in the App and, whereappropriate, we will provide notification of the changes and where the latest version can be accessed. The new policy may bedisplayed on-screen and you may be required to accept the changes tocontinue using the App or the Services.

Please check back regularly to see any updates or changes.

THIRD-PARTY LINKS

Our Site and the App may include links to third-party sites, plug-insand applications. Clicking on those links or enabling thoseconnections may allow third parties to collect or share data aboutyou or your Sub-account Users. We do not control these third-partysites and are not responsible for their privacy policies or any datathat may be collected or used through those sites. Please check theirpolicies before you or your Sub-account Users submit any informationto them.

NOTICE TO PARENTS THAT OPEN A SUB-ACCOUNT AND TO SUB-ACCOUNT USERS

Parents:

As a parent orguardian who opens a Sub-account you are giving us permission tocollect, use, store, share and transfer your child’s personal datain the ways specified in this policy. We encourage you to explain toyour child how their information will be used, as set out in thispolicy. For a child friendly summary see our Child Sub-accountPrivacy Notice [include hyperlink].

If you havepermitted your child to use the App to access their Sub-account youare explicitly giving us your permission to communicate with yourchild by sending them the following communications:

In-App service communications e.g. attempted spend at a non-permitted merchant.
In-App Usage alerts e.g. notifications about advance payments they have made to a merchant featured on our App (if permitted), redemptions they have made using their HyperJar card or details of rejected transactions and pending gift receipts.
Responses to support enquiries. Your child’s email address is not required for provision of the Service and we will be unable to process support queries received from your child’s email address as that email address will not be linked to a registered account. We therefore recommend that all Sub-account support enquiries are dealt with by you, or by your child using the in-App chat feature if they are permitted to use it.

We rely on you to provide us with your child’s correct age in orderto implement our privacy policy and age-related protections. Formore information about applicable filters and protections see our[FAQs].

Sub-account Users:

The registered accountholder that has opened your Sub-account, whichwill be your parent or guardian if you are a child, willhave full visibilityof all activity on your Sub-account. That means they will be able tosee all activity and use of your Sub-account and HyperJar card. Thiswill include your Transaction Data, Contact Data, Profile Data, UsageData, Marketing Data, HyperJar card details and your Sub-account ID(see section 2 below for more details on what these terms mean).

2. THE DATA WE COLLECT

Personal data, or personal information, means any information aboutan individual from which that person can be identified. It does notinclude data where the identity has been removed (anonymous data).

We may collect, use, store, share and transfer different kinds ofpersonal data about you (and your Sub-account Users) which we havegrouped together as follows:

Identity Data: includes first name, last name, username or similar identifier, marital status, title, date of birth, photo ID, video selfie, mobile number and gender.
Contact Data: includes home address, delivery address, phone number and email address.
Financial Data: includes your bank account and payment card details, your HyperJar electronic money account and your (and your Sub-account User’s) HyperJar card details.
Transaction Data: includes your Account ID and the Account ID of any Sub-account, details about loading your account, rewards, payments and transfers to and from you or your Sub-account Users (including advance payments and redemptions by you or your Sub-account Users to merchants featured on our App or Site, and other purchase information regarding products and services you or they have accepted from such merchants, or other merchants, using our Services.
Account ID: your (and your Sub-account Users) unique HyperJar customer account identifier(s).
Technical Data: includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access the Services.
Profile Data: includes your (and your Sub-account Users) employment status, occupation, monthly income range, username, in-App purchase and redemption history, interests, App jar limits, permissions, goals and objectives, preferences, feedback and survey responses.
Usage Data: includes information about how our Services are used including communications between us and you or your Sub-account Users.
Content Data: includes friends lists stored on the devices you (and your Sub-account Users if permitted by you) use to access the Services or in social media accounts you (and your Sub-account Users if permitted by you) choose to link to your account or their Sub-account.
Marketing Data: includes your communication preferences, and your (or your Sub-account Users, if applicable) preferences in receiving personalised marketing from us, our partners and third parties, for your account and any Sub-account.
Location data: includes the current location of your and your Sub-account User’s) device (when permitted) when you or they are using the App to help us confirm it is you or them and to improve the messaging that we provide.

We also collect, use and share “Aggregated Data” such asstatistical or demographic data. Aggregated Data may be derived fromyour (or your Sub-account User’s) personal data but is notconsidered personal data in law as this data does not directly orindirectly reveal your (or your Sub-account User’s) identity. Forexample, we may aggregate Usage Data to calculate the percentage ofusers accessing a specific App feature.

3. HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you (and yourSub-account Users), including through the interactions outlinedbelow.

Direct interactions

You (and your Sub-account Users) may give us Identity, Contact,Transaction or Financial Data by completing online forms or bycorresponding with us by using our Services. This includes personaldata you provide when you register to use the App, create an accountor a Sub-account, you or your Sub-account User enter any transactionusing our Services (such as making an advance payment to a merchantfeatured on the App), complete a survey, enter a promotion, report aproblem with the Services or sign-up to receive marketingcommunications from us.

You may allow us to access your (and your Sub-account Users ifpermitted by you) Content Data to identify contacts that are Appaccountholders or to send them a gift or a referral link. TheServices may periodically re-collect this information to stay up todate.

You (and your Sub-account Users if permitted by you) may also provideus with personal data about others when you or they use parts of ourServices, such as when you open a Sub-account, add otheraccountholders to share a jar, make a payment to a third party’s UKbank account, authorise us to receive details of contacts or referfriends. In doing so, you confirm that you have obtained consent fromsuch person to the disclosure of the information to us (whetherdisclosed by you or by your Sub-account Users), and to ourcollection, use and disclosure of the information in accordance withthis policy.

As you or your Sub-account Users navigate our Services, we may alsocollect Usage Data, Profile Data and Marketing Data as specified byyou or by them from time to time.

Automated technologies or interactions

As you or your Sub-account Users interact with our Services, we mayautomatically collect Technical Data about your or their equipment,browsing actions and patterns. We collect this by using cookies,server logs and other similar technologies. Our Services also useCookies to distinguish you and your Sub-account Users from otherusers. This helps us to provide users with a good experience and toimprove our Services. We may also receive Technical Data about you oryour Sub-account Users if you or they visit other sites employing ourcookies.

Please see our CookiePolicy for further details on the cookies we use, thepurposes for which we use them and how you can exercise your choicesregarding our use of cookies.

We may also use device-based data to determinethe current location of your, or your Sub-account User’s, devicewhen you or they are using the App to improve our messaging. If youallow the use of the Location Data feature in the permissions thatyou set for your account or for any Sub-account, you or yourSub-Account Users (if applicable) will be asked to consent to the useof your or their data for this purpose. You or they can withdrawconsent at any time by disabling Location Data in your App settings.

Third parties. In order to provide our Services to you,we may receive personal data about you and your Sub-account Usersfrom various third parties as set out below:

The banks you use to transfer money to us will provide us with Identity and Financial Data, such as your name and bank account details.
Business and service providers that we work with to enable us to deliver our Services: they may provide us with Financial Data such as your payment card details, Transaction Data such as store location and till ID.
Identify verification and fraud prevention agencies: they may provide us with information to help corroborate the information you have provided to us about yourself or your Sub-account Users or to verify your or their identity or information about your or your Sub-account User’s transactions. As we will only do a soft search with credit reference agencies it should not impact your credit score, although it may leave a footprint on your credit file that you will be able to see.
Merchants: where you choose to link your HyperJar account to your account with a merchant featured on our App we may, with your consent, receive your merchant account ID and balances from them and display them in your HyperJar account and provide your Account ID and HyperJar merchant related balances to them.
Social media accounts: where you (or your Sub-account Users, if you permit this) choose to link your or their App account to these we may, with your consent, receive Identity Data and Content Data. The Services may periodically re-collect this information to stay up to date.

4. PURPOSES FOR WHICH WE WILL USE PERSONAL DATA

The table below describes the ways we plan to use your (and yourSub-account User’s) personal data, and which of the legal bases werely on to do so. You (and they) may obtain further information onthe legal ground relied on, or how we assess our legitimate interestsagainst any potential impact on you or them, by contacting usat privacy@hyperjar.com.

What is a legitimate interest?

This means our interest in conducting our business to enable us toprovide the best Services in an efficient and secure way. We do notuse your or your Sub-account User’s personal data for activitieswhere our interests are overridden by the impact on you or them(unless we have your consent or are otherwise required or permittedto by law).

What is Performance of a Contract?

This means processing your and your Sub-account User’s data whereit is necessary for us to be able to contract with you so that you(and they) can use our Services.

‍

	Activity / Purpose	Lawful Basis for Processing
1.	Provide our Services to you including: Setting up and maintaining your account and any Sub-account(s), issuing your (and your Sub-account User’s) HyperJar card, enabling you (and your Sub-account Users, if permitted) to browse the Explore section of the App and create merchant and storage jars, enabling you (and your Sub-account Users, if permitted) to accept offers or awards, enabling you and your Sub-account Users if permitted to make or receive (as applicable) payments or redemptions and to use the App features and Services (such as participating in competitions or prize draws). Applying age-appropriate filters on the version of the App accessed by your Sub-account Users (if you have permitted them to access their Sub-account using the App). Understanding usage of the Service so we can provide a safe and reliable experience and present content in an effective manner. Providing general Service information, updates and support, including contacting you about your account and any Sub-accounts (e.g. to notify you about suspicious activity, changes to our terms or to send usage alerts) communications about offers you and your Sub-account Users are participating in and responding to communications from you and your Sub-account Users. Administering, protecting and improving our Services, including troubleshooting, data analysis, testing, system maintenance, cyber security and reporting and hosting of data.	Performance of a contract with you.
2.	Verifying your identity and utilising fraud prevention measures in order to comply with financial crime laws, confirming your (and their) eligibility to use our Services and to protect our business, account holders and merchants featured on the App or Site. We may also verify the identity of your Sub-account Users.	Complying with applicable legal and regulatory obligations.
3.	Marketing products and services generally in-App, measuring or analysing the effectiveness of the advertising we serve, monitoring trends to develop our Services and studying how you use our Services.	Necessary for our legitimate interests.
4.	Marketing and communicating products and services we think will be of interest to you by email to you or by creating In-App personalised promotions based on your preferences and behaviour.	Your consent.

‍

5. MARKETING

We will never sell your or your Sub-account Users personal data toany third-party company for marketing purposes.

You will receive in-App marketing communications from us if you have signed up to use our App, and your Sub-account Users will alsoreceive in-App marketing communications from us if you have permitted them to use the App to access their Sub-account.

We will only use your personal data to construct more relevantmarketing messages for you if you have consented to us doing so. Wewill not use the personal data of any account user, or Sub-accountUser, that is under the age of 16 to construct more relevantmarketing messages for them.

You or your Sub-account Users can ask us to stop using your personaldata to construct more relevant marketing messages at any time in theApp and adjusting your marketing preferences in the “profile” tabor by following the unsubscribe links on any marketing messages sentto you.

6. DISCLOSURES OF PERSONAL DATA

We may share your (and your Sub-account User’s) personal data withselected third parties to perform our Services and do the thingsoutlined in the table above including:

Third Party Service Providers who provide us with support services to enable us to provide the Services, such as payment and card processing, electronic money account provision and issuing of electronic money, card issuing, identity verification, website hosting, customer service, email delivery, cloud storage, IT and system administration, cyber security, card manufacturing/personalisation and delivery services.
Regulators, fraud prevention and other third parties: to verify identity, protect against fraud, comply with anti-money laundering laws, or confirm eligibility to use our Services. We may also be under a duty to disclose or report processing activities to these third parties to comply with: law, a subpoena or other legal process, our agreements or policies, or to protect the rights, property or safety of HyperJar, its customers or others.
Professional advisors, including lawyers, bankers, auditors, and insurers who provide consulting, legal, insurance and accounting services.
Analytics and search engine providers that assist us in the improvement and optimisation of our Services.
Depending on your marketing preferences, we may engage third party service providers to send communications.
Third parties you consent to us sharing your (or your Sub-account User’s) information with, such as with social media networks or when you add other accountholders to share a jar.
Merchants as featured on the App or Site from time to time for support purposes or, with your consent, for their marketing or other stated purposes.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this policy.

We require all third parties who use personal data in deliveringservices to us to respect the confidentiality and security of yourpersonal data and to treat it in accordance with the law.

If you would like further information about who we have shared youror your Sub-account User’s personal data with, and whether theywill be acting as a controller or processor of that data, pleasecontact us at privacy@hyperjar.com.

7. INTERNATIONAL TRANSFERS

The personal data that we collect may be transferred to, and storedat, a destination outside the UK. It may also be processed by staffoperating outside of the UK who work for us or one of our suppliers.Whenever we transfer your or your child’s personal data out of theUK, we ensure a similar degree of protection is afforded to it bytransferring to countries and organisations havebeen deemed to provide an adequate level of protection for personaldata or that we have agreed standard data protection clauseswith.

Please contact us at privacy@hyperjar.com if you wantfurther information on the specific mechanism used by us whentransferring your personal data out of the UK.

8. DATA SECURITY

All information you or your Sub-account Users provide to us is storedon our secure servers. Any payment transactions carried out by us orour chosen third-party provider of payment processing services willbe sent in encrypted form.

Transmission of information via the internet is not completelysecure. Although we do our best to protect your and your Sub-accountUser’s personal data, we cannot guarantee its security duringtransmission. Once we have received your and their information, wewill use strict procedures and security features to try to preventyour and your Sub-account User’s personal data from beingaccidentally lost, used or accessed in an unauthorised way.

We limit access to personal data to those employees, agents,contractors and other third parties who have a business need to knowthe information and are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personaldata breach and will notify you and any applicable regulator of abreach where we are legally required to do so.

9. DATA RETENTION

We only retain personal data for as long as necessary to fulfil thepurposes we collected it for, including for the purposes ofsatisfying any legal, accounting, or reporting requirements.

Details of retention periods for different aspects of your personaldata are available in our retention policy which you can request fromus by contacting us at privacy@hyperjar.com.

10. YOUR LEGAL RIGHTS

Under certain circumstances, you have rights under data protectionlaws in relation to your (and your Sub-account Users) personal data.

You have the right:

to ask us not to contact you or them for marketing purposes before you have signed up for the Services, or after you have withdrawn from the Services, by contacting us at privacy@hyperjar.com, or by clicking on the unsubscribe link in the relevant communication.
to ask us not to use your or your Sub-account Users personal data to construct more relevant marketing information by adjusting your notification preferences within the “profile” tab of your account.
to withdraw any consent you have previously given to us.
subject to applicable laws, to ask for access to the personal data we hold about you or your Sub-account Users.
to ask us to correct any personal data we hold on you or your Sub-account Users that is inaccurate, incorrect or out of date.
to ask us to delete your (or your Sub-account User’s) personal data when it is no longer necessary, or no longer subject to a legal obligation which we are subject to. If your or your Sub-account User’s data is impossible to permanently delete, we will put it beyond reasonable use.
to request the transfer of your or your Sub-account User’s personal data to you or to a third party. We will provide your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
to object to our use of your or your Sub-account User’s information where we are relying on a legitimate interest (or those of a third party) and we cannot demonstrate that we have compelling legitimate grounds to process your information which override your or their rights and freedoms.
to request restriction of processing of your or your Sub-account User’s personal data. You may ask us to suspend the processing of your or their personal data : (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Your Sub-account Users will also have these rights in relation to their personal data.

Get started with HyperJar