This policy will explain how Wrkit will use information provided by yourself and third parties.
References to “Wrkit”, ”we”, and ”our” means Wrkit, its subsidiaries including Affinity Financial Network Ltd, Affinity Financial Network UK Limited, Wrkit Ltd, POWR, My Trust Benefits, and any associated companies from time to time. (AFN Ltd and AFN (UK) Ltd are both wholly owned subsidiaries of Wrkit Ltd)
Wrkit provides software as a service to our clients to help them with authorised users' engagement with their organisations. The services are provided through Wrkit’s portal where authorised users can view and avail of one or more of our great tools. These tools include and are not limited to Lifestyle Savings, Learning, Wellbeing, Recognition, and Surveys. Different data is gathered and used in each of these tools as described below.
Where your organisation is the provider of these services, they are the data controller of respective personal data and Wrkit is engaged as a data processor acting under their authority. As we are not the controller of the data, we do not decide the legal basis of the processing.
If an authorised user has signed up to one of our portals which Wrkit has created on their own merit, then Wrkit will be the data controller and data processor.
We only collect data that is necessary for our business needs and no more. We collect personal data for personalisation, to create a user account to use the service and so we can contact you (newsletters, competitions, rewards, cashback, transactions etc.) If users don’t provide Wrkit with an email address, they will not be able to create a user account to log in. You or your employer/member group may supply us with your personal information to create an account.
We may use your data to advise your employer/member group of your registration, to notify you about changes to our services, terms and conditions and/or policies, to carry out our obligations arising from our Service Agreement with your employer/member group.
We may use aggregated data to perform overall analytics. User clicks, open rates and general user habits, logs etc may also be stored for overall analytics or service issues.
You can object to us using your data as described above but we will unable to provide our service to you.
It is possible that member groups you are part of may sign up to our service. These groups may include trade unions. Be aware that membership of trade unions is considered special data under GDPR legislation. By signing up to our service you are consenting to us that you may be a member of a trade union.
We may also use your data to:
First name, surname, email address, phone number (optional), postal address, gender, age bracket, wellbeing score, bank account number if you would like to claim your cashback (this is deleted once processed), form submissions, competition entries, IP address, Information which is provided to us by your Employer.
The data you provide to us may be held on a computer, computer database, e-mail system, imaged documents, files, and letter and/or in any other way reasonable within the operation of a business.
Feature: Lifestyle Savings and Learning
Any payment transactions for Hot Deals are provided through our payment processing services provider; we do not possess or retain any payment information. These are PCI compliant.
Our recognition tool may post a recognition about you to your organisation’s recognition public wall on our system. We do not control what this recognition will say, however it will have to be approved by a manager. We ask that no extra personal data is shared on the public wall. If you do not consent to this processing, please contact your organisation and they will have the option of removing you from the service if appropriate to do so.
For our survey tool, a user’s answers will not be identifiable to that specific user. Only an overall score will be shown. If you create a survey, we ask that no personal or sensitive data be captured in survey answers.
POWR will generally collect your personal information directly from you, when you interact with the service via our website or by email.
When you undertake POWR assessments, the answers to the assessment questions are not recorded but the overall assessment score is recorded. When you participate in a POWR behavioural management plan (BMP) or participate in post BMP course assessment, the information you provide and details of your interaction with POWR will be recorded. Your information is stored as an electronic record. Each time you interact with POWR new information may be added to your record.
We may disclose your personal data to third parties:
If we or a substantial amount of our assets are acquired by a third party, your personal data may become one of the transferred assets
If we are under a duty to disclose or share your personal data in order to comply with a legal obligation, or in order to enforce or apply our Terms & Conditions and other agreements; or to protect the rights, property, or safety of ourselves, our customers, or others.
When considering a proposal, administering a communication, handling complaints or making decisions regarding Partner Providers, including whether to continue or to extend an existing arrangement.
when we share with participating merchants in order to fulfill your purchase transaction, shipping address and other personal information that may be required to complete such transaction;
We do not provide this data to any third party. We do not monitor your browsing preferences outside of our web sites.
Our site will record unique information from your computer such as your IP address, user agents and referring address.
We may monitor this information:
Users have the right to fair processing. You can contact Wrkit at any time where relevant to:
Users can edit their contact details by logging into their Wrkit portal and clicking on their profile. Users can fill out a form at the bottom of their profile page if they would like to make a subject access request, delete their profile, or object to processing.
Note where Wrkit is not the controller then the user shall submit these requests through their organisation / member group.
When deleted, it will be removed from all live systems. Data will not be deleted from current backups. However, in case of a data restoration from backups, user data will not be restored in to live system. All backups going forward from this time will not include deleted user data. Backups will only be kept for as long as is a business necessity.
Where the provider terminates their contract with Wrkit or user requests deletion of profile, user data will be deleted as soon as possible. This will take up to 180 days so that we can process and pay pending cashback in user’s account if applicable.
Form submissions / competition submissions are kept for 3 months for legal purposes and are then deleted.
Within the Lifestyle Savings feature, Hot Deal transactions are kept for as long as is a business necessity in case of complaints, warranties and for accounting purposes.
If you feel that your data has not been processed fairly, then please contact your organisation / member group or email us at firstname.lastname@example.org.
Alternatively, you have the right to write a complaint to:
Data Protection Commissioner
R32 AP23 Co. Laois
Information Commissioner's Office
Your data will be stored with our hosting provider in the UK (Fail over site in Germany). Our hosting provider and their data centre are ISO27001 certified. Backups may sometimes be stored with Amazon AWS EU with prior encryption.
Where someone sends us a query, this will be stored as a ticket in our CRM system – this data will be stored in the EU. This is kept for as long as is a business necessity.
Wrkit treat IT security and data privacy as a priority. Any personal information that you provide to Wrkit or its subsidiaries will be treated with the highest standards of security and confidentiality and handled in accordance with Data Protection laws and the General Data Protection Regulation.
We take all reasonable technical and organisational measures to prevent the loss, misuse, unauthorised access, disclosure, or alteration of your personal data.
These measures include:
If we become aware that there has been a security breach and that your personal data may have been compromised, we will contact you as soon as reasonably practical and we will take steps to rectify the breach.
Wrkit will not use your personal data for automated decisions or profiling.
Lifestyle Savings and Learning
We provide users with hundreds of offers provided by third party merchants. Where this data is provided by us to the third party to deliver a service to you, the processing is covered by this Privacy Statement. Where you provide your data directly to a third party, Wrkit no involvement in that transaction or access to the data and the processing is the responsibility of the third party. While we try to link only to sites that share our high standards and respect for privacy, we encourage you to read the third party’s privacy statement and terms before you disclose personal information to them. An example of this would be using one of our discount codes we provide, where you leave our site to redeem the discount.
For Hot Deals we pass on the data to the hot deal provider, so they can fulfil the order and deliver the item to you. Hot deal providers must agree to our data protection terms and fill out a security due diligence questionnaire to our standards. When an order is completed by the end-user, the merchant is the controller of the personal data it has received. The merchant is therefore responsible for determining the purpose and means of processing such data.
For call back forms as a redemption method, user’s details will be sent when submitting the form to the offer provider. After this Wrkit have no involvement in the transaction as the third party will then contact you directly. We store these forms for a limited time. They are then deleted as per our data retention policy above. Users should be aware that this information is being sent to the third party and the user will be subject to their privacy policies and terms thereafter.
When a user is rewarded on our recognition platform, they may claim a gift card of a certain monetary amount. We use third parties to fulfil these orders. Wrkit will perform a security due diligence on each provider that we use.
Agents, consultants and related third parties
Wrkit, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include delivering our communications, maintaining databases, analysing data, and processing payments. When we do retain another company, we only provide them with the information that they need to perform their specific function, and they may only use such information for our benefit and the purposes for which they were engaged.
If an authorised user redeems a reward in our recognition platform then we use third-party providers to fulfil these orders. One of our recognition card providers process their payments in the US. This company is covered under the EU-US Privacy Shield Framework.
Also your data may occasionally also be transmitted, held or processed outside of the EEA by staff who are employed by Wrkit in another jurisdiction.
Wrkit sends newsletters to Lifestyle Savings and POWR users regularly. These contain selected discounts and savings from multiple third-party providers. Users must opt in and give their consent, so they can receive these emails. Users can unsubscribe from these emails by clicking the link which is available at the bottom of every newsletter.
Wrkit will send transactional emails to users and sometimes to other persons. This includes gifting a hot deal, receiving rewards and recognition, cashback purchases, sending and responding to queries, follow-up communications, account-related emails to members, and POWR related emails. Sending, receiving and responding to transactional email communications is inherent in Wrkit’s Services.
We collect, use and share the data that we have in the ways described above:
Wrkit expects that organisations/member groups have received appropriate consent, according to applicable privacy laws, from your employees/members before transferring, in any format, personal information to us.
Our services are not intended for and may not be used by minors. “Minors” are individuals under the age of 16 (or under a higher age if permitted by the laws of their residence). Wrkit does not knowingly collect personal data from Minors or allow them to register. If it comes to our attention that we have collected personal data from a Minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact customer support.