Download BrochureContact Us

Privacy Policy


By using this website you are acknowledging that you have read and agreed to this privacy policy and terms of service and are consenting to the practices described here. This privacy policy is created to be compliant with the European General Data Protection Regulation (GDPR).

This policy will explain how Wrkit will use information provided by yourself and third parties.

References to “Wrkit”, ”we”, and ”our” means Wrkit, its subsidiaries including Affinity Financial Network Ltd, Affinity Financial Network UK Limited, Wrkit Ltd, POWR, My Trust Benefits, and any associated companies from time to time. (AFN Ltd and AFN (UK) Ltd are both wholly owned subsidiaries of Wrkit Ltd)


Why We Process Your Data:

All Features

Wrkit provides software as a service to our clients to help them with authorised users' engagement with their organisations. The services are provided through Wrkit’s portal where authorised users can view and avail of one or more of our great tools. These tools include and are not limited to Lifestyle Savings, Learning, Wellbeing, Recognition. Different data is gathered and used in each of these tools as described below.

Where your organisation is the provider of these services, they are the data controller of respective personal data and Wrkit is engaged as a data processor acting under their authority. As we are not the controller of the data, we do not decide the legal basis of the processing.

If an authorised user has signed up to one of our portals which Wrkit has created on their own merit, then Wrkit will be the data controller and data processor.

Users can log onto our portal and view this privacy policy to see how their data is processed at all times.

We only collect data that is necessary for our business needs and no more. We collect personal data for personalisation, to create a user account to use the service and so we can contact you (newsletters, competitions, rewards, cashback, transactions etc.) If users don’t provide Wrkit with an email address, they will not be able to create a user account to log in. You or your employer/member group may supply us with your personal information to create an account.

We may use your data to advise your employer/member group of your registration, to notify you about changes to our services, terms and conditions and/or policies, to carry out our obligations arising from our Service Agreement with your employer/member group.

We may use aggregated data to perform overall analytics. User clicks, open rates and general user habits, logs etc may also be stored for overall analytics or service issues.

You can object to us using your data as described above but we will unable to provide our service to you.

It is possible that member groups you are part of may sign up to our service. These groups may include trade unions. Be aware that membership of trade unions is considered special data under GDPR legislation. By signing up to our service you are consenting to us that you may be a member of a trade union.

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can give consent on his/her behalf to the processing of his or her personal data in accordance with this Privacy Policy.

We may also use your data to:

  • Process any products/services you have contacted us about
  • Administer any future agreements we may have with you
  • Fulfil any orders placed through our site
  • Record details of your visits to our site including but not limited to, traffic data, location data, web logs and other communication data, whether this is required for our own billing purposes or otherwise and the resources you access whilst visiting the Wrkit site
  • Conduct research on any information you provide during surveys, although this is at the user’s discretion
  • Conduct competition draws, when a user elects to enter a competition
  • Manage any communication notified by you or by a third party and for client services, research and statistical analysis


What Personal Data We May Collect

All Features:

First name, surname, email address, phone number (optional), postal address, gender, age bracket, wellbeing score, bank account number if you would like to claim your cashback (this is deleted once processed), form submissions, competition entries, IP address, Information which is provided to us by your Employer.

The data you provide to us may be held on a computer, computer database, e-mail system, imaged documents, files, and letter and/or in any other way reasonable within the operation of a business.


Feature: Lifestyle Savings and Learning

Any payment transactions for Hot Deals are provided through our payment processing services provider; we do not possess or retain any payment information. These are PCI compliant.  


Feature: Recognition

Our recognition tool may post a recognition about you to your organisation’s recognition public wall on our system. We do not control what this recognition will say, however it will have to be approved by a manager. We ask that no extra personal data is shared on the public wall. If you do not consent to this processing, please contact your organisation and they will have the option of removing you from the service if appropriate to do so.


Feature: POWR/Wellbeing

POWR will generally collect your personal information directly from you, when you interact with the service via our website or by email.

When you undertake POWR assessments, the answers to the assessment questions are not recorded but the overall assessment score is recorded. When you participate in a POWR behavioural management plan (BMP) or participate in post BMP course assessment, the information you provide and details of your interaction with POWR will be recorded. Your information is stored as an electronic record. Each time you interact with POWR new information may be added to your record.


How we may disclose your Data

We may disclose your personal data to third parties:

If we or a substantial amount of our assets are acquired by a third party, your personal data may become one of the transferred assets

If we are under a duty to disclose or share your personal data in order to comply with a legal obligation, or in order to enforce or apply our Terms & Conditions and other agreements; or to protect the rights, property, or safety of ourselves, our customers, or others.

When considering a proposal, administering a communication, handling complaints or making decisions regarding Partner Providers, including whether to continue or to extend an existing arrangement.

when we share with participating merchants in order to fulfill your purchase transaction, shipping address and other personal information that may be required to complete such transaction;


Information Automatically Logged:

We do not provide this data to any third party. We do not monitor your browsing preferences outside of our web sites.

Our site will record unique information from your computer such as your IP address, user agents and referring address.

We may monitor this information:

  • To help find problems on our website
  • To help to administer our website
  • To help to identify unique users of services.
  • To help gather broad demographic information to help us improve our site


Rights of Users

Users have the right to fair processing. You can contact Wrkit at any time where relevant to:

  • Request access to information that Wrkit has on you
  • Correct any information Wrkit have on you
  • Delete information Wrkit has about you
  • Restrict/object to processing of your personal data
  • Your right to data portability


Users can edit their contact details by logging into their Wrkit portal and clicking on their profile. Users can fill out a form at the bottom of their profile page if they would like to make a subject access request, delete their profile, or object to processing.

Note where Wrkit is not the controller then the user shall submit these requests through their organisation / member group.



All Features

We will only keep your personal information for as long as is necessary for the purposes outlined in this Privacy Policy. Users have the right to have their personal data deleted except where we are required to retain it to satisfy legal, regulatory and accounting requirements.

When deleted, it will be removed from all live systems. Data will not be deleted from current backups. However, in case of a data restoration from backups, user data will not be restored in to live system. All backups going forward from this time will not include deleted user data. Backups will only be kept for as long as is a business necessity.

Where the provider terminates their contract with Wrkit or user requests deletion of profile, user data will be deleted as soon as possible. This will take up to 180 days so that we can process and pay pending cashback in user’s account if applicable.

Form submissions / competition submissions are kept for 3 months for legal purposes and are then deleted.

Within the Lifestyle Savings feature, Hot Deal transactions are kept for as long as is a business necessity in case of complaints, warranties and for accounting purposes.


Right to complain

If you feel that your data has not been processed fairly, then please contact your organisation / member group or email us at

Alternatively, you have the right to write a complaint to:


Data Protection Commissioner
Canal House
Station Road
R32 AP23 Co. Laois


Information Commissioner's Office
Wycliffe House
Water Lane


Where We Store Data

Your data will be stored with our hosting provider in the UK (Fail over site in Germany). Our hosting provider and their data centre are ISO27001 certified. Backups may sometimes be stored with Amazon AWS EU with prior encryption.

Where someone sends us a query, this will be stored as a ticket in our CRM system – this data will be stored in the EU. This is kept for as long as is a business necessity.


Security Measures

Wrkit treat IT security and data privacy as a priority. Any personal information that you provide to Wrkit or its subsidiaries will be treated with the highest standards of security and confidentiality and handled in accordance with Data Protection laws and the General Data Protection Regulation.

We take all reasonable technical and organisational measures to prevent the loss, misuse, unauthorised access, disclosure, or alteration of your personal data.

These measures include:

  • Applying various levels of access control to restrict access to your personal information to employees and contractors who require a level of access as part of their role.
  • Working with experienced, specialised consultants to help develop and maintain the security of our platforms.
  • Regularly reviewing and auditing our security and data protection policies and procedures to ensure a high level of operational security is maintained.


If we become aware that there has been a security breach and that your personal data may have been compromised, we will contact you as soon as reasonably practical and we will take steps to rectify the breach.



Wrkit will not use your personal data for automated decisions or profiling.


3rd party offer providers

Lifestyle Savings and Learning

We provide users with hundreds of offers provided by third party merchants. Where this data is provided by us to the third party to deliver a service to you, the processing is covered by this Privacy Statement.  Where you provide your data directly to a third party, Wrkit no involvement in that transaction or access to the data and the processing is the responsibility of the third party. While we try to link only to sites that share our high standards and respect for privacy, we encourage you to read the third party’s privacy statement and terms before you disclose personal information to them. An example of this would be using one of our discount codes we provide, where you leave our site to redeem the discount.

For Hot Deals we pass on the data to the hot deal provider, so they can fulfil the order and deliver the item to you. Hot deal providers must agree to our data protection terms and fill out a security due diligence questionnaire to our standards. When an order is completed by the end-user, the merchant is the controller of the personal data it has received. The merchant is therefore responsible for determining the purpose and means of processing such data.

For call back forms as a redemption method, user’s details will be sent when submitting the form to the offer provider. After this Wrkit have no involvement in the transaction as the third party will then contact you directly. We store these forms for a limited time. They are then deleted as per our data retention policy above. Users should be aware that this information is being sent to the third party and the user will be subject to their privacy policies and terms thereafter.  



When a user is rewarded on our recognition platform, they may claim a gift card of a certain monetary amount. We use third parties to fulfil these orders. Wrkit will perform a security due diligence on each provider that we use.


Agents, consultants and related third parties

Wrkit, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include delivering our communications, maintaining databases, analysing data, and processing payments. When we do retain another company, we only provide them with the information that they need to perform their specific function, and they may only use such information for our benefit and the purposes for which they were engaged.


Transfer internationally

In general, Wrkit does not transfer your personal data outside of the European Economic Area (‘EEA’) region. Any transfers outside the EEA region will be stated in this privacy policy. In particular:

If an authorised user redeems a reward in our recognition platform then we use third-party providers to fulfil these orders. One of our recognition card providers process their payments in the US. This company is covered under the EU-US Privacy Shield Framework.

Also your data may occasionally also be transmitted, held or processed outside of the EEA by staff who are employed by Wrkit in another jurisdiction.



Wrkit sends newsletters to Lifestyle Savings and POWR users regularly. These contain selected discounts and savings from multiple third-party providers. Users must opt in and give their consent, so they can receive these emails. Users can unsubscribe from these emails by clicking the link which is available at the bottom of every newsletter.

Wrkit will send transactional emails to users and sometimes to other persons. This includes gifting a hot deal, receiving rewards and recognition, cashback purchases, sending and responding to queries, follow-up communications, account-related emails to members, and POWR related emails. Sending, receiving and responding to transactional email communications is inherent in Wrkit’s Services.


What is our legal basis for processing data?

We collect, use and share the data that we have in the ways described above:

  • For legitimate purposes necessary to fulfil our terms of service. These include maintaing your account info, data which is automatically logged, service data (service data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you).
  • In order to comply with contracts, set out by your organisation / member group.
  • Consistent with your consent, which you may revoke at any time.
  • As necessary to comply with our legal obligations.


Wrkit expects that organisations/member groups have received appropriate consent, according to applicable privacy laws, from your employees/members before transferring, in any format, personal information to us.



Our services are not intended for and may not be used by minors. “Minors” are individuals under the age of 16 (or under a higher age if permitted by the laws of their residence). Wrkit does not knowingly collect personal data from Minors or allow them to register. If it comes to our attention that we have collected personal data from a Minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact customer support.



Any changes to this Privacy Policy will be posted on this page and will be effective immediately, please ensure you visit this policy frequently.



Stay Up to Date

Get the latest employee engagement tips to your email

Please enter a valid email address.

Unfortunately it seems there was an error subscribing you. Please try again later.

Do not ask again

Thank you for subscribing to Wrkit.
Click here to return to our site.