Caffè Nero App Privacy Notice
Last Updated On: 24th May 2018
Privacy & Cookies
The Caffè Nero App is powered by Yoyo Wallet. Your account is held by Yoyo Wallet.
Where the words "we", "us" or "our" are used in this document, they are all references to Yoyo Wallet Limited, a company incorporated in England and Wales (under company registration number 08515940) and whose registered office is at 78 Whitfield Street, London W1T 4EZ. Yoyo Wallet Limited is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (Firm Ref. 900645) for the issuing of electronic money. You should also know that we are registered as a data controller with the United Kingdom Information Commissioner’s Office under registration number ZA019543.
We treat your information very carefully and we have written this document to help you understand what information we collect, who has access to it and for what purposes.
If you are in the process of creating an account with or have already done so, you should read this document in connection with our User Terms. This document is not part of the User Terms and is not binding on you (it is for information only) but the User Terms set out additional rights and obligations you have in relation to your use of our apps and services.
We summarise below:
- the types of information about you that we might process;
- how and why we process it;
- who we share it with;
- how long we process it for;
- your rights in relation to the information we hold about you; and
- what to do if you have any questions or complaints.
You can ask us to stop processing your information at any time by emailing us at email@example.com (although, as some types of information processing and sharing are essential to the provision of our services or certain aspects of those services, if you do ask us to stop processing your information we may not be able to provide some of the services or continue to provide the services in the same way). You can also stop us processing your information by closing your account or by emailing firstname.lastname@example.org. However, even if you do ask us to stop, we may have other lawful grounds for processing your information (for example, to comply with our statutory or regulatory duties or the orders of a court).
We encourage you to read the remainder of this policy to understand more about how your information is used.
1. How do we collect information about you?
We collect information about you when you access our website (including if you have signed up to our Insights mailing list), register to open an account with us, use our app or services, make transactions using our app or services and when you contact us.
We might also receive information about you from someone else (for instance, from your bank or social media accounts but only where you have agreed that they can share your information). We will let you know if this happens and we are not already processing information about you.
2. What information do we collect?
2.1 We may process the following types of information about you:
(a) information that may be used to identify you. This might include your title, name, postcode, email address, mobile phone number, date of birth and any other data you use to set up your account, to log-in or to use our services;
(b) third party sourced data. Information that you grant us permission to collect, and public information, from third party apps or websites such as, but not limited to, banks (and other financial institutions) and social media sites;
(c) information about how you transact using our app or services. This might include the goods or services you purchase, the rewards and gifts you earn and redeem (and when and where you do so), the transaction ID, the price paid or discount given, the location and time of the transaction, and the outcome of that transaction. It might also include information about prize draws and promotions you participate in;
(d) anonymised Yoyo Wallet ID. A unique customer identifier;
(e) your preferences. Information about your use of our app and services including location or demographic data, language preferences, notification settings and stated preferences (e.g. “favouriting” a particular merchant);
(g) payment information. Small amounts of information about your payment card (the last four digits of the card number, the card type and the expiry date); and
(h) surveys. Information that you have opted to provide to us in response to customer research and satisfaction surveys.
3. What do we use your information for?
3.1 We use your information:
(a) to provide our services. To do this we might use your information to identify you, information about your use of our apps and services, information about your preferences and information about your device and networks. This might include doing things like:
- processing and managing your application for and use of our services and participation in any reward or offer programmes offered by our merchants;
- processing transactions that you initiate using our services;
- communicating with you about your orders or purchases, our services, your account with us and to provide support where you contact us;
- communicating with you about any prize draw, reward or offer programmes you participate in using our services;
- facilitating the negotiation of any merger, sale of company assets, financing, acquisition or divestiture of all or a portion of our business;
- recommending things we think you’ll like such as nearby merchant outlets (where you have switched on your location settings), merchants you like to shop with and the things you like to buy; and
- providing electronic receipts;
(b) to improve our services. To do this we might use information like your location and information about your use of our services. This might include doing things like:
- measuring the performance of our app and services;
- making sure you use the right version of the app for where you are (like prompting you to change the language or location settings);
- conducting statistical analysis about how you and other users of our services make use of those services. We might do this to make improvements to our services or to develop new services, but we will not share statistical analyses about you individually with anyone else;
- providing software updates so that they deliver improved features and functionality (to our services better) or fixing bugs in our software;
- changing how we run our business, organise ourselves and deliver the services to you; and
- personalising parts of the service to your tastes and preferences, including the places you like to shop and the goods you like to buy;
(c) to communicate with you about marketing or promotional campaigns or to send you our Insights (but only where you have told us you want to receive these communications and you have not told us to stop sending you messages). To do this we might use data for the means of identifying you and ensuring you are who you say you are, your preferences, your device and network and information about your use of our services. This might include:
- sending you Insights;
- sending you messages about sales, promotions or prize draws offered by us or a merchant;
- personalising parts of the service to your tastes and preferences, including the places you like to shop and the goods you like to buy; and
- creating personalised promotions based on your purchasing preferences and behaviour;
(d) for business, regulatory and legal purposes, like:
- obtaining and maintaining insurance policies;
- dealing with any requests you make or content you submit;
- getting in touch if we need to tell you about something, like a change to our policies or issues with our apps or services;
- managing risk (for instance, by assessing payment and funding risks, identifying, preventing, detecting or tackling fraud, money laundering and other crime and carrying out regulatory checks); and
- complying with any court order or applicable law, regulation or governmental request (e.g. tax authorities) and to protect our rights or property, or the security or integrity of our business or services.
4. How do we protect your information?
4.1 We hold personal data about you at our own premises and with the assistance of third-party service providers. We use third party service providers to perform a number of functions on our behalf including to host our platform, to send messaging on our behalf, to provide support services to you (including to provide translations to and from the English language) and to process transactions for the purchase of goods and services.
4.2 Your personal data may also be processed outside the European Economic Area by our staff or the staff of our third party service providers. Such staff may be engaged in, among other things, the provision of your support services. However, we will transfer your personal data only to a country that the European Commission has decided is a country which ensures an adequate level of protection or if we have otherwise provided for other appropriate safeguards to legitimise such data transfers.
4.3 Whenever we share your personal data with third parties, we will take all reasonable steps to ensure that your privacy rights continue to be protected under the applicable data protection legislation. By sharing your personal data with us and interacting with the services, you consent to the storing, processing and/or transfer described in paragraphs 1 and 4.2 above.
4.4 If data is transferred to a country where appropriate safeguards need to be put in place, we would be happy to provide information pertaining to such safeguards on request. You can contact us for this information by emailing email@example.com.
4.5 We take reasonable measures, including administrative, technical and physical safeguards, to protect your personal data from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction.
4.6 We do not store customer card details, and apply information security practices to keep card data safe as it is in transit through our app.
(a) Whenever you enter your card information into our app, those details are encrypted and passed directly to our payment service providers ("PSP").
(b) Upon receiving your information, our PSP sends us a token (consisting of random letters and numbers) and small amounts of information about your payment card (the last four digits of the card number, the card type and the expiry date).
(c) The token (not your card details) is then used to effect payments for the products or services you purchase through our app.
(d) To ensure the required level of payment security, we will always use a PCIDSS compliant payment gateway to store, process and transmit your payment card data.
(e) We reserve the right to change our payments gateway at our sole discretion, provided any such payment gateway meets this security compliance level.
5. Who do we share your personal data with and why?
5.1 Transfers to other data controllers
(a) Where you have registered using, a merchant branded version of our app, we may share information about you, your account and how you use the service and the merchant branded version of our app with the relevant merchant.
(b) We might also share your information with a merchant to investigate and resolve support issues you experience or where you notify us of a complaint about a merchant or the goods or services you purchase from them.
(c) Where you have linked your bank account or debit or credit card to your account with us and given us consent to share your information, we will share information with your bank.
(d) Where we do share your information with the PSP, your bank or a merchant in this way, they will become a new data controller of your information and will contact you to let you know about this and how they use and protect your information.
(e) The information we share might include:
- information that can be used to identify you;
- information about how you transact using our app or services;
- detailed transaction data;
- your preferences (but only as they relate to that bank or merchant); and
- where you have raised a support issue or notified us of a complaint about a merchant or the goods or services you purchase from them, the nature of the issue or complaint.
(f) As a fraud prevention measure, we send your full name and postcode to payment service providers when you link a debit or credit card to your account with us. We do this to ensure that your personal details match with the cardholder details and that you are the legitimate cardholder.
(g) Where you make payments using our services, we share your data with the PSP and they process your transactions. The PSP may share your information with third parties including regulators, your bank and the operators of the card schemes. Where the PSP shares your information with Mastercard, it will process your information under the Mastercard Binding Corporate Rules (as amended from time to time and currently available here: https://www.mastercard.co.uk/content/dam/mccom/global/documents/mastercard-bcrs-february-2017.pdf). You have the right to enforce these rules as a third party beneficiary.
5.2 Third party sourced data. We do not share personal data received from third party sources other than as stated in paragraph 1(c) above.
5.3 Transaction data. We share transaction information with the merchants who are receiving payment or providing rewards and offers on that transaction. We do this so that the merchant can reconcile their point of sale data with our data and to allow them to analyse transactions. We only send this information with your Anonymised Yoyo Wallet ID – never your information that could be used to identify you.
5.4 Anonymised Yoyo Wallet ID:
(a) We provide merchants with a unique Yoyo Wallet ID linked to you alongside the transaction data to allow the merchant to understand the payment, reward and offer behaviour of a particular customer or group of customers.
(b) The Yoyo Wallet ID may also be sent to third parties who provide payment services to our customers to enable them and us to match incoming funds to you and the transactions you initiate.
5.5 Anonymous purchasing profile. Retail brands that have products sold by merchants can obtain reports showing results from analysis conducted using anonymised and aggregated purchasing data to enable them to get a better understanding of the purchasing patterns of their products so they can design more effective promotions and campaigns. We do not give them access to the underlying transaction data or information that could be used to identify you individually.
5.6 Financial account information. This information is only held by the payment service provider. We do not hold any sensitive financial information about our customers.
5.7 Network, hardware and web. We will not share any of this type of data with third parties other than when required to comply or assist with court, orders, applicable law or regulatory or criminal enquiries.
5.8 Other uses. We may share your information with third parties, including law enforcement agencies for any of the following:
(a) to fulfil our obligations under our User Terms, or as required by applicable law or payment method rules;
(b) to assess financial and insurance risks, risk of fraud, sector risk and credit risk;
(c) in relation to any breach of, or to enforce, the User Terms;
(d) to recover debt or in relation to your insolvency;
(e) to develop products, services and our systems;
(f) to detect, investigate and prevent fraud or other crime;
(g) to respond to requests from courts, law enforcement agencies and other governmental or regulatory authorities or agencies; and
(h) to protect our rights, privacy and property, and that of our customers.
5.9 We may also share your information with:
(a) our service providers. Service providers help us with things like payment processing, website hosting, data analysis, information technology and related infrastructure, customer services, email delivery and anti-fraud services. These third parties are authorised to use your information only as necessary to provide their services to us and we take appropriate steps to ensure that third parties protect your information; and
(b) third parties in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). We shall endeavour to ensure such third parties are bound by confidentiality obligations in relation to such information.
6. How long do we process your information for?
6.1 In most cases we will process your information only for as long as we need to in order to provide the services or until you close your account or ask us to stop processing your information.
6.2 You can ask us to stop processing your information or change the way in which we use it by:
(a) changing the settings in our app (to effect changes to things like your location settings, language settings, notification settings, access to your contacts list); or
(b) otherwise, by:
- emailing firstname.lastname@example.org; or
- writing to us at Customer Support (Data Protection), Yoyo Wallet Limited, 78 Whitfield Street, London W1T 4EZ.
6.3 There are some exceptions to this, however. We may have other lawful grounds for processing your information (for example, to comply with our statutory or regulatory duties or the orders of a court). For example, we might be required to retain your personal data for a longer period (usually up to six years after you close your account or tell us to stop but this may vary depending on the territory in which you use the service) in order to comply with applicable law, tax obligations or regulatory requirements. This might apply to information about the transactions you make, when and where you make transactions and the information we hold about you for fraud and other crime prevention purposes. If we do retain your information in this way, we will cease other forms of processing and we will continue to keep your information secure.
7. Your rights
7.1 You can request a copy of the personal data we hold about you, its origin and any recipients of it as well as the purpose of any data processing carried out. For further information, please contact us by emailing email@example.com with the subject "Data subject access request".
7.2 You can correct, restrict our use of or ask us to delete your personal data at any time by emailing firstname.lastname@example.org with the subject “Data subject change request”.
7.3 If you have any questions about this document or in relation to how we use your personal data, please contact us by:
(a) emailing email@example.com; or
(b) writing to us at Customer Support (Data Protection), Yoyo Wallet Limited, 78 Whitfield Street, London W1T 4EZ.
8.1 If you wish to make a complaint about how we process your information, please contact us by
(a) emailing firstname.lastname@example.org; or
(b) writing to us at Customer Support (Data Protection), Yoyo Wallet Limited, 78 Whitfield Street, London W1T 4EZ.
8.2 The Information Commissioner’s Office regulates data protection and privacy matters in the UK and you have the right to make a complaint to the Information Commissioner’s Office at any time about the way that we use your information. You can find more details at ico.org.uk however we should appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office.
9. Updating our Privacy Notice
9.1 We may update this Privacy Notice from time to time. When we do so, we will post the new version on our website and will ask you to accept the new version when you next use our app.