Last updated: 02 May 2023
Yimba is operated by Yimba Limited, a company registered in England and Wales under Company number 11811799, whose registered office is at 1 Marcher Court, Sealand Rd, Chester, CH1 6BS (“we”, “our”, or “us”).
For the purpose of the Data Protection Act 1998 and the EU General Data Protection Regulation 2016/679 (including any legislation incorporating it into local law), we are the data controller. This means that we are responsible for and control the processing of the Personal Information that we may collect about you. “Personal Information” or “personal data” means information that can be used to identify or contact you.
Personal information collection
Once you register for our Services via the Site or App, we may collect a variety of information about you, including the categories of information described below.
We may combine the information you provide to us directly with information we collect about you and information we receive about you from other sources and use the combined information for the purposes set out below (depending on the types of information we receive).
We shall retain your Personal Information for as long as you have maintained Services with us, or via any third party, and for such additional period after that as is necessary to allow us to meet our legal and regulatory obligations.
Personal Information that you provide to us directly
You may provide Personal Information to us in various ways including:
- when you register to use the Site or App, whether directly or through a third-party channel;
- when filling in forms on the Site or App;
- using the Services (such as personalising an image on a payment card);
- corresponding with us using our App, Site, by phone, e-mail or other form of communication;
- providing a review of the Site or App – for example, on an app store;
- participating in discussion boards;
- sharing, linking or using any other social media functions on our Site, App or contacting us through social media channels; or
- if you enter a competition, promotion or survey or provide feedback on our Services.
Personal Information you give us may include your full name, address, e-mail address, social media ‘handle’, age, gender, phone number.
In the course of providing Services to you, we may collect special categories of Personal Information about you, to allow us to provide the Services. This type of Personal Information may include information about your membership of a professional association or information about your health, for example. If we request such Personal Information from you, we will explain why we are requesting it and how we intend to use it. We may also receive this Personal Information as a result of how you use your ewallet, for example if you use your ewallet to pay for membership fees or to buy health related products or services, or from your social media profile, if your privacy settings in that social media platform allow this information to be shared with us. We will only use this Personal Information to allow us to provide the Services to you.
Personal Information that we collect about you
Each time you visit our Site or use our App, we may automatically collect the following information:
- technical information, including the Internet protocol (“IP”) address used to connect your computer or device to the Internet, the type of mobile device you use, mobile network information, browser type and version, time zone settings, operating systems and platforms; and
- details of your use of our Site or App including, but not limited to, traffic data, location data, weblogs and other communication data, and the pages and other resources that you access; and
- device type, ewallet loaded along with card issuer name; and
- history of images selected and used to personalise payment card within our App.
We may also use GPS technology to determine your current location for features within our App to work. If you wish to use the particular feature, you will be asked to consent to your location information being used for this purpose. You can withdraw your consent at any time by updating your location services preferences in your device settings.
Personal Information we receive about you from other sources
We may receive information about you from third parties we work closely with (including, for example, ewallet providers, payment card issuers, retailers, programme providers, other business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies). We receive this information so that we can provide the Services to you and as part of our legitimate interest to help us provide our Services to you in accordance with our partner requirements and to improve and personalise our Services.
Specifically, we receive information from your ewallet provider (e.g. Samsung, Google, Apple) about the images you have selected to personalise your ewallet payment card. We may also receive some or all of this information from the Merchants or financial institutions who we partner with directly, such as where our application is incorporated into an application operated by a Merchant or a bank. This information will be used to provide the Services to you.
By personalising any payment card inside our App, you authorise your ewallet provider to share the transaction data with us in order to facilitate your receipt of the Services and for reporting to the relevant Business Partner, Merchant or financial institution. You give us the right to receive this transaction data from your Personalised Payment Card until you remove the images provided by Our Services. It may take a short period of time for the removal of your Personalised Payment Card to take effect.
We may retain the data associated with your Personalised Payment Cards for historical transactions which will be used to provide a historical transaction overview for you and our Business Partners, Merchants and financial institutions and which will allow you to monitor, preserve your history of images selected.
If you have any questions about the data we keep in this context, please contact us here.
Use of your personal information
We use your Personal Information on the following legal basis for the following purposes:
1. To perform our agreement to provide the Services to you including:
- to verify your unique ID and manage and operate your account(s);
- to provide you with the Services and carry out our obligations under our agreement(s) with you including, for example, to ask the Merchant to allocate offers and other benefits to you and to provide the other aspects of the Services to you;
- to provide you with information relating to the Services including latest digital content updates;
- to provide you with information about our Yimba partners including digital content providers, financial institutions and other organisations who join Yimba;
- to make automated decisions, known as “profiling”, using your Personal Information, such as decisions to make information about particular benefits and offers to you based on your previous image selections or transactions;
- to provide you with information about products or services that you request from us; and
- to notify you about changes to our Site, App or Services.
2. For our legitimate interest including:
- to improve our Services;
- to personalise your visits to the Site or App and provide tailored digital content to you so that you have a more relevant and better experience;
- to analyse and understand how our Site, App and Service are used including carrying out technical and statistical analysis to monitor our Services, the Site and App;
- to offer you improved customer service and support;
- to conduct market research; and
- to ensure that content on our Site and App is presented in the most effective manner for you.
3. To comply with our legal obligations including:
- preventing and prosecuting fraud; and
- meeting legal, regulatory, insurance and security requirements.
4. Where you have consented including:
- where you have consented, for example when you registered for the App or through the App settings, or have already received similar products or services from us and not indicated that you do not want to be contacted for such purposes, to provide you with information about products or services which we feel may interest you by post, email, SMS, or other electronic messaging methods;
- where you have provided your express consent, to provide you with information about the products or services of members of the Yimba Group, and those of our Business Partners, Merchants, financial institutions and other Yimba partners as notified to you at the time of obtaining your consent, which we feel may interest you by post, email, SMS, or other electronic messaging methods;
- where you have provided express consent, and if you use our App, we may use push notifications to contact you for these purposes.
If you decide at any time that you no longer wish to receive marketing messages from us, you can opt out at any time. To do so, please follow the unsubscribe instructions provided in any of the marketing messages you receive from us or contact us (see “Changing or Deleting Information” below). If you no longer want to receive push notifications from us, you can update your preferences for the App via your device settings.
5. Anonymised information
We may also use anonymized Personal Information about you when we prepare aggregated data reports showing anonymized information for the purpose of advising ourselves, Merchants and our other business partners regarding past and potential future patterns of spending, fraud, and other insights that may be extracted from this data.
Sharing your personal information
Where necessary to fulfil our obligations to you, we may pass your details to third parties where this is necessary for the operation of our Service. If you do not wish your Personal Information to be shared in this way, you must not register for the Service and you must not use our Site or our App.
This may include sharing Personal Information about you with Merchants, financial institutions and our business partners, suppliers and sub-contractors that join Yimba or that we engage to help us provide the Services to you including:
- Sharing information about the personalised image selections for your App so that we may identify current and historic selection of digital content and transactions – this information is protected by being “tokenized” for us by a service provider, which means Yimba never sees the actual card number as it is replaced by a different number which cannot be linked to your actual card number;
- Sharing information about how you use your personalised payment card with Merchants so that you receive the benefit of the Services;
- Sharing information with Merchants and financial institutions who incorporate the Yimba application into their own mobile/device application; and
- Sharing information about you with our other service providers so that we can provide customer service to you.
We may share your Personal Information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries (“Yimba Limited”).
As may be necessary for us to comply with our legal obligations, we may disclose your Personal Information to third parties (such as government or regulatory bodies, law enforcement agencies and professional services advisers) in order for us to comply with applicable laws and valid requests for information from government or regulatory bodies, or in order to enforce or apply our User Terms and Conditions and other agreements; or to protect our rights, our customers, or others. This may include exchanging Personal Information with other companies and organisations for the purposes of fraud protection and risk management.
1. Obtaining a copy of your Personal Information
At any point you can contact us to ask for a copy of the Personal Information about you which we hold and to request further information in relation to our processing of the Personal Information. If you do wish to receive copies of your Personal Information which we hold, please write to us (including full details of your request) here. Once we have received your request, we will respond within one month.
In exceptional circumstances, requests that require disproportionate effort may be rejected or only responded to in part; however, we will always communicate our justification for this to you.
We will provide a copy of your Personal Information free of charge, however we may charge a small fee based on administrative costs (not exceeding the maximum permitted by law) for any further copies of this information that you may request.
2. Changing, updating and erasing your Personal Information
We will strive to ensure that the Personal Information that we hold on you is up to date and accurate, based on the information we collect. If you believe that the Personal Information we hold on you is out of date, incomplete or incorrect, please contact us here and we will ensure that it is updated.
If you would like us to stop using your Personal Information, you can request that we erase the Personal Information we hold but, this may not include any information from our App given our architecture does not may the link to an individuals Personal Information for security and compliance purposes.
Once we have processed your request, we will confirm whether all the Personal Information has been deleted or tell you the reason why any of it cannot be deleted. If you would like us to delete your Personal Information, please contact us here with a request that we delete your Personal Information from our database. We will use commercially reasonable efforts to honour your request. We may retain an archived copy of your records (which may include your Personal Information) to meet our legal obligations.
3. Portability of your Personal Information
You also have the right to receive your Personal Information in such a way that it can be transferred to another controller. Once we have received your request, we will comply where it is feasible to do so. If you would like to exercise this right, please write to us (including full details of your request) here.
Where we use automated decision making based on your Personal Information (also known as “profiling”), you have the right to have a person intervene in that decision, to express your point of view, to an explanation of a decision reached and to challenge the decision. If you would like to exercise this right, please write to us (including full details of your request) here.
5. Make a complaint
You can make a complaint about how we have used your Personal Information to us by writing to us here. Alternatively, you can contact the relevant supervisory authority – for the UK this is the Information Commissioner’s Office, at https://ico.org.uk/.
We take the security of your Personal Information very seriously and use strict procedures and security features to prevent unauthorised access to your Personal Information.
Although we will do our best to protect your Personal Information, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your Personal Information transmitted to our Site or App. As such, any such transmission is at your own risk.
We have put into place additional procedures to protect the Personal Information we hold about you from misuse and loss, and from unauthorised access, modification or disclosure. We work hard to maintain these procedures and keep them current and up to date.
Links to other sites
Our Site or App may contain links to and from other websites (“Third Party Sites”). If you choose to follow a link to a Third Party Site, please note that these websites have their own privacy policies and that we are not responsible for these policies. Please check these policies before submitting any information to a Third Party Site.
When contacted with an enquiry from someone who is not a registered user, we will hold the name and contact details only for the purposes of handling the enquiry.
The online forms used for enquiries are subject to the same cookies and tracking as the rest of the website (see the above section ‘Cookies” and our separate Cookies Policy for more information).
Calls made to us may be recorded to protect the interests of all parties. Any call records which are created will generally be deleted within 30 days unless we need to keep them longer to meet our obligations.
Changes to this policy