Last updated 09/01/2023
- Our Company Details
Steppr Limited is incorporated and registered in England and Wales, with company number 14433954. Our registered office is 128 City Road, London, United Kingdom, EC1V 2NX. “Steppr” is our trading name, and is a registered trademark owned by Steppr Limited. We are the data controller of the personal information you provide to us. Please contact us here if you have any questions. Words used in this User Privacy Policy have the same attributed meanings as those in our User Terms & Conditions.
- We Respect Your Privacy
Please read this document carefully as it details our approach to protecting your privacy in relation to data we collect and process about you through our website (steppr.com, steppr.uk, steppr.co.uk, collectively “Website”) and App (together with Website referred to as our “Platform”). By using our Service in any way, you are confirming that you have read and agree to this User Privacy Policy and our User Terms & Conditions. If you disagree with any of this, please do not interact with our Service or Platform in any way and reach out to us to discuss the matter immediately (don’t worry, we won’t be hurt!).
- Collecting Your Information
Personal information/data includes any information that can be used to identify you, whether directly or indirectly. The information we collect directly from you (whether through post, email, phone or your use of the Platform to perform actions such as User Account creation, Voucher purchase, greetings card personalisation) or indirectly from you (pertaining to automated collection of technical data about your equipment, browsing and purchasing activity and patterns) can often fall into that category, and may include the following:
-
Usage information: Information we may collect about your use of our Service (including your use of the Platform), such as the date of creation of your User Account, account use timings and which specific Vouchers you have bought;
-
Technical information: Information we may collect about your use of a mobile or other device to access our Platform. This may include device-specific information such as device type, device identifiers, operating system, browser and connection information, IP address and other types of technical information such as mobile payment methods, performance and other characteristics data, other information from cookies and other similar technologies; and
Please note that if you decide to save a payment method during a purchase on your User Account, that information is not stored by us. The payment service provider used (Stripe) will store the information and is required to comply with the Payment Card Industry Data Security Standard (PCI DSS) to securely store and protect your data. During the payment process you may be asked to authenticate a payment following a prompt from your card issuer.
- Using Your Information
The information we collect, store and process is used to provide, maintain, personalise and improve our Service to you, in areas including:
-
User Account management: Administer and manage your User Account on our Platform, including registering your account, tracking your redemptions where we are able in order to update your purchase history categories and Voucher statuses;
-
Purchase history display: While you are emailed about your Product purchases, we also display them to you in three categories in your User Account (these categories may change): (1) Vouchers you have bought for yourself that have not yet been redeemed; (2) Vouchers you have bought as gifts for other End-Recipients; and (3) Vouchers you have bought that have been redeemed.
-
Voucher eligibility: We display Vouchers to you that you are eligible for. For example, you may be eligible to buy Vouchers similar to those you have already purchased, at greater discounts, and this depends on your purchase history. Please note, ‘eligibility’ as stated here is at our sole discretion and is not a guarantee in any way;
-
Monitoring and analysis of data: We may investigate and perform tests on data we have gathered for our internal operations and audit requirements, observing and understanding trends, general customer analytics and research, and troubleshooting;
-
Platform maintenance and improvement: We may use your information to help us create and design product updates, personalisation of your and general User experience, to research and develop new features, and to maintain security of the Platform;
-
Reminders: We may display in-app notifications, push notifications and send emails to you, or other reminders using information agreed upon, often based off your purchase history, for reasons including but not limited to reminding you to use a Voucher, or that a Partner you previously purchased from is selling more Vouchers; and
-
Customer communication: This includes emailing you about updates or changes to our Service, User Terms & Conditions, this User Privacy Policy, or other important documents, asking you to partake in a survey or review or competition, marketing information (only if you consent beforehand and you will be able to opt-out) and about our Service features that you may be interested in, as well as answering questions you may have and responding to your queries.
- Legal Basis
There are six lawful bases for us to be allowed to process your personal data, and we will only do so, or are allowed to do so, if one or more apply:
-
Legitimate interests: The processing is necessary for our or a third parties’ legitimate interests unless a good reason to protect your data overrides those legitimate interests. These legitimate interests include: (a) monitoring the use of our intellectual property; (b) complying with our internal procedures and policies; (c) enabling us to carry out our Service in respect to you both effectively and efficiently; and (d) ensuring our Platform components, and other related systems and services, are secure.
We rely predominantly on Contract (this relates to aspects of our Service such as facilitating your ability to purchase Vouchers from Partners), Legal obligations and Legitimate interests. Please contact us if you would like more information about the specific legal bases for how we are processing your personal data in general, or for certain purposes.
- Disclosure of Your Information
We do not share or sell your personal information to third parties for direct marketing purposes. We treat your personal data confidentially and will not disclose it to any other third parties, except for the following circumstances:
-
When you purchase a Voucher from a Partner (facilitated by our Platform), they have access to the relevant Order information that is required for the Voucher creation and management processes, which includes your name and email address. There may also be an exchange of information between Steppr and the Partner when Vouchers are redeemed at their Checkout (although redemption is an arrangement between you and the Partner that does not require Steppr), for monitoring and accounting purposes. We urge you to contact or read the privacy policies of any Partners before purchasing Vouchers from them;
-
When you have purchased a Gift, third party suppliers such as the printing service we use to fulfil the Order will require certain information, such as the greetings card content, recipient name and address, to print and send the physical greetings cards;
-
Technology and IT service providers for technical support, search engine providers and analytics services (such as Firebase Google analytics – which makes use of cookies, IDs and other technologies to collect and store user personal data, which you can read more about here: policies.google.com/technologies/partner-sites) that may help us improve and optimise the Platform;
-
If we are acquired or purchased by, merged with, sold to, or enter into a partnership or joint venture with another business entity (or are involved in negotiations for any of these cases), or create a subsidiary of Steppr, then your information may be correspondingly transferred or disclosed to that business entity, its partners, owners or advisors; and
-
Our User Terms & Conditions, provision of our Service and business operations, or other agreements may require it; protection of our own rights, or those of other parties related to us, may require it; other legal obligations may require us to share your information in certain circumstances (such as to prevent and protect against fraud).
- Where Do We Store and Process Personal Data?
We take important steps to protect access to your data, however you must understand that we may transfer all or some of your personal data that we collect to third party data processors who are located in countries outside of the UK, and in the European Union (EU). No method of electronic information is completely safe or secure, so we cannot guarantee absolute security.
- Information Security
We act to protect your personal information from being used or accessed in an unauthorised way, or unlawfully processed, and to prevent against accidental loss, destruction and damage. However, it is important you understand that transmission of information via the internet is not completely secure, and therefore we cannot guarantee its security. Any transmission of information is at your own risk. Our Partners may also have access to some of your information when you purchase a Voucher, such as your name and email address, and we rely on them maintaining their own information security standards too.
There are some measures you can also take to help ensure the safety of your personal information, including:
- Information Retention
We only keep your personal information for the length of time as is reasonably necessary to fulfil our original legitimate purpose for collecting the information including for improvements to the Service and Platform, as long as we have your permission, or for a length of time required to meet financial, regulatory, legal, tax, accounting or other requirements, or if we believe there may be legal action that may require your personal information. Please make sure any personal information you give us is accurate and up-to-date.
- Your Rights in Relation to Personal Data
We respect your rights around your personal data. Please contact us here if you wish to exercise any of them, make a complaint, or otherwise require our assistance with relation to them, or send a written letter to our business address. We endeavour to respond within one (1) month, unless the request is particularly complex or there are a number of individual requests from you, in which case we may take up to three (3) months to respond. A description of your rights under GDPR in relation to us follows, although certain exclusions may apply to given situations:
-
The right to be informed: You have the right to be provided with concise, transparent, intelligible and easily accessible information about our collection and use of your personal data, explained in clear and plain language. This is the intention of this User Privacy Policy, as well as your ability to contact us here if you have any concerns;
-
‘The right to be forgotten’: You have the right to request for us to erase your personal data, although certain situations may not allow us to do this, including if we need to comply with a legal obligation to keep the specified data;
-
The right to make a complaint: You have the right to lodge a complaint about us in relation to our treatment of your information with the Information Commissioner’s Office (ICO), which is the UK supervisory authority for data protection (www.ico.org.uk/concerns; 0303 123 1113). We would appreciate you giving us the opportunity to deal with your concerns first!
You will not be charged a fee for access to your personal information, although we reserve the right to do this in the case that your request is unnecessarily repetitive or excessive or clearly unfounded. We may also require certain information from you in order to confirm your identity, to ensure the security of your personal information.
- Linking to External Websites and Third Party Content
There may be links from our Platform to external websites, plugins and other applications, and third party content may be displayed (some of which have already been explained elsewhere in this User Privacy Policy). This does not constitute an endorsement by us of the material contained by and within them, should you follow these links. We do not control the third parties, and they have their own privacy policies which we are not responsible or liable for, and which we recommend you read before interacting with them.
- Use of cookies
Cookies are small text files that are sometimes placed on your computer when you visit a website. They are widely used in order to make websites work, or work more efficiently, and provide website owners with certain information. They can also be used for advertising. We respect your privacy and do not have any cookies (as our customer-facing platform for Users is currently App-based aside from a landing page), although as our Platform evolves we may need to implement some in future, such as those required for Google Analytics, and will inform you accordingly (through updating this policy). That is why we have mentioned cookies above in this policy.
You can alter your browser settings to manage which cookies you allow on websites, and opt-out of using them – although as there are many browsers and devices, you will need to refer to the relevant provider for accurate instructions. For more information, check here: ico.org.uk/global/cookies. Beware that when disabling or refusing certain cookies, certain platforms may not function correctly.
- Changes to User Privacy Policy
We may make changes to this User Privacy Policy as and when appropriate, through updating this page and, where necessary, email notification. Please remember that continued use of our Service and/or Platform will amount to your acceptance of these changes.
- Contact Us
If you have any questions, comments or requests about our User Privacy Policy, please email us at here. Alternatively, you can also send us physical correspondence at Steppr Limited, 128 City Road, London, United Kingdom, EC1V 2NX.