1. Personal Information collected by Shopmium and legal basis for processing personal information
A. Information that we collect
- Personal data that you share with us:
This includes your first name, surname, gender, telephone number, date of birth, email address, company, bank account information, PayPal account details, postal address, loyalty card numbers, comments and reviews, as well as any other information you choose to provide.
We collect photos of receipts that you send us and the information contained in these receipts, such as items that you purchased, their price, the total cost of purchases and the store where the receipt was issued. We also collect information about Shopmium offers that you interact with and add to your Shopmium selection.
- Personal data that we collect automatically:
We record usage data when you visit the Sites, using cookies and other trackers. We also collect technical data about your internet connection, browser and any information they may send us and devices, pages consulted, location data, device number, mobile advertising identifier and IP address. View our cookies policy .
Although some location data are collected automatically, you will be asked to share this information with us when you use a browser or device with a GPS connection. You can enable or disable this option in your device or browser settings at any time.
B. How we use the information we collect
We collect your data for the following purposes and according to the following legal basis:
1. Processing is necessary for the performance of a contract
We use your data to provide services, such as:
- Setting up and managing your account;
- Sending you push notifications and emails regarding your use of our services;
- Making transfers to your PayPal or bank account;
- Responding to queries sent to our customer services team;
- Processing and displaying product ratings and reviews;
- Displaying your loyalty cards;
- Allowing you to receive cashback for referral and be part of the Shopmium Club;
- Allowing us to verify your proof of purchase.
2. Processing is necessary for the purposes of Shopmium's legitimate interest
We use your data in our legitimate interest, including for:
- Compiling marketing statistics and analyses, in order to understand how you use our services;
- Measuring the performance of promotional campaigns on our Sites;
- Measuring the performance of Shopmium promotional campaigns on third-party sites;
- Offering you personalised content and improving your user experience;
- Conducting surveys (e.g. customer satisfaction, feedback). These data allow us to get to know you better and provide valuable insight that can help us offer solutions that meet your needs and expectations. You may receive emails from our trusted partners, offering you the chance to participate in a survey;
- Fighting fraud;
- The purpose of collecting and keep evidence;
- Offering you the chance to enter in-app competitions;
- Creating a user profile (profiling). To do this, we analyse data that you share with us or generate when you use our range of services, in order to build profiles (also known as segments, personas, etc.) that align with your preferences and interests;
- Collect purchase receipts and data from purchase receipts downloaded to the Application over the past 3 years, potentially in combination with other personal data about you that we might use in its raw state, pseudo anonymize or fully anonymize within the meaning of the RGPD;
- When leaving a product review on a Site, your name and username may be published on the Sites along with your review. If you allow your comments to be shared with our partners, they may reuse your comments on their platforms, and we may be required to share personal data with these partners so that they can establish the authenticity of comments.
3. Shopmium relies on your consent
We use your data with your consent in order to:
- Send you communications regarding our services and promotions in accordance with your communication preferences. You can unsubscribe from our marketing newsletter service by clicking on the unsubscribe link indicated at the bottom of each newsletter, as well as in your account. You can also disable Push notifications in your account and on your device;
- Allow you to find stores near you based on your location data;
- Allow us (via data processors including Yahoo and Unify) and our partners to personalise ads that are displayed on third-party sites, so that you do not see ads that are not relevant to you. You can give and withdraw your consent at any time in your account.
- To allow us to collect your purchase receipts and collect and analyse data from your purchase receipts (including date and time of purchase, products purchased, products on promotion, transaction amount, issuing store, and any other information to be found on the receipt) uploaded on the Application up to 3 years, potentially in in combination with other personal data about you. We, our partners, clients or our sub processors may use personal data (in particular from purchase receipts) to evaluate purchasing trends, improve products and services, optimise commercial operations and carry out targeted advertising on mobile phones, TV screens and any other device. The results of these analyses and/or the profiles created and/or the personal data, including that obtained from purchase receipts, may be communicated and/or sold to certain of our partners in the context of our commercial activities .Data might be transferred for commercial purposes to such partners in its raw state, pseudo anonymized or fully anonymized. Please find also here the list of businesses potentially acquiring data from Shopmium.
4. Statutory obligations
2. Information that we share with third parties
Data that we collect may be accessed by our service partners, operating as subcontractors, who provide administrative and technical services involved in achieving the aforementioned purposes (e.g. web hosting, payment services, ad tech, etc.).
We may disclose your personal information to law enforcement agencies, regulatory bodies, government departments and agencies, courts and other third parties, where we consider such disclosure necessary (i) under applicable law or regulations, (ii) to exercise, establish or defend our legal rights, and/or (iii) to protect your or any other person's vital interests;
Some of our partners may, as data controllers, collect data with your consent. These include the following advertising service providers:
- Criteo SA (https://www.criteo.com/privacy/);
- LiveRamp, Inc (https://liveramp.com/privacy/service-privacy-policy/);
- Nielsen Marketing Cloud (https://www.nielsen.com/us/en/legal/privacy-statement/nielsen-marketing-cloud-privacy-notice/);
- Yahoo EMEA Limited (https://legal.yahoo.com/ie/en/yahoo/privacy/index.html) ;
- Xandr, Inc (https://www.xandr.com/privacy/platform-privacy-policy/ )
- Omen data
- M6 (https://gdpr.m6tech.net/politique_confidentialite%CC%81_partenaires-groupeM6.pdf)
We may share personal data that we collect from you with these companies. Items of data include your email address (in hashed, de-identified form), age and gender, IP address, mobile advertising identifier, browser or operating system information, data obtained from using our service (frequency of visits, categories of posts viewed, interaction with our offers and type of loyalty card). Please refer to their privacy policies (indicated above) for more information.
These partners may use your data to provide you with advertising based on your interests (or online behavioral advertising). These relevant advertisements may be served based on your activity on websites and apps you have recently visited and these partners may use third-party cookies to provide a more targeted advertising experience both on and off those websites or apps. Please see the Network Advertising Initiative website (www.networkadvertising.org) and the Digital Advertising Alliance website (www.abou tads.info) for more information.
When you use our mobile app, we may share with our partner LiveRamp and its group companies personal data about you, including your email address (in hashed, de-identified form), IP address, mobile device ID and timestamp. LiveRamp may use this information to create a link between your mobile and other information (demographic or interest-based information) that LiveRamp or its clients and partners may have collected about you in order to provide you with personalized content or advertising throughout your online experience. You have the right to exercise your rights under GDPR including object to the processing of your personal information at any time by clicking on this link: https://your-rights.liveramp.uk/home.
3. International data transfers
We may use and store personal information that we collect from you in countries outside the European Economic Area (including the United States of America, India and Madagascar). Please note that countries outside the European Economic Area are unable to offer the same level of data protection as the European Union.
Specifically, our Web servers are located in the United States and the European Union, and our group companies and third-party service providers and partners operate across the world. This means that when we collect your personal information, we can process them in one of these countries.
Our standard contractual clauses are available on request. We have put similar appropriate security measures in place with our third-party service providers and partners, and further details are available on request.
4. Your data protection rights
You have the following rights over your data:
- Right of access: You may contact us to find out what information we hold about you.
- Right of rectification and erasure: You may correct your data and ask for it to be erased.
- Right to restrict processing. You may object to our carrying out of certain processing actions.
- Right of portability: You may ask us to forward items of your personal data in electronic format to you.
It should be noted, however, that the exercise of these rights is not absolute and may be restricted on legal grounds, or on the grounds of legitimate interest (e.g. customer disputes).
If you would like to access, correct, update or request the erasure of your personal information, you can do so at any time in your personal account space.
- You can also object to the processing of your personal data, ask us to restrict the processing of your personal data, or exercise the right of portability over your personal data. You can exercise these rights by getting in touch using the contact details given via the "Contact Us" link below.
- You may decide to stop receiving marketing communications from us at any time. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link in marketing emails that we send you.
- Equally, if we have collected and processed your personal data with your consent, you can withdraw this consent at any time. Withdrawing your consent shall not affect the legality of all processing activity carried out before this date and any processing activity carried out on grounds of legitimate interest other than consent.
- You have the right to contact the relevant data protection authority regarding our collection and use of your personal data.
- If you live in France, you can also instruct us as to how we can continue to store, erase and share your information after you die and, where applicable, nominate an individual to exercise these rights after you die.
We respond to all requests that we receive from individuals who wish to exercise their data protection rights in accordance with applicable data protection law.
5. Automated decision-making
In some instances, the use of your personal information may involve automated decisions being made (including profiling) that affect you legally or otherwise significantly. Automated decisions mean that decisions about you are made automatically, based on the outcome of computer system processing (using algorithms), with no human input. For example, we use automated decisions to select offers that are most likely to interest you. We have put measures in place to protect the rights and interests of individuals whose personal information is used in automated decision-making.
When we make an automated decision about you, you have the right to contest the decision, state your position and demand a review of the decision by a physical person. You may exercise this right via the "Contact Us" link below.
6. Retaining your data
We keep personal information that we collect where we have a legitimate commercial interest in doing so (e.g. to provide a service that you requested or to comply with applicable legal, tax or accounting requirements).
When we no longer need to process or retain your personal information, we will delete or anonymise this information, or, where that is not possible (e.g. because they were stored in backups), we will store them securely and place them beyond the scope of subsequent processing activity until it is possible to delete them.
7. Child privacy on our sites
Shopmium will at no time collect personal information from children aged under 16 (sixteen). Sites and their content are targeted at individuals aged 16 (sixteen) or over. If you are under 16 (sixteen), you may not use our Sites unless you have the consent of a parent or guardian and are supervised.
While we continue to offer our visitors new types of content and services, the Sites may make changes to how we collect, use and/or share information. Should there be a major change to the way we collect, use and/or share information, this shall only apply to information collected subsequently, and we will take appropriate measures to notify you, based on the extent of the changes we intend to make.
9. Security Statement
We take all appropriate technical and organisational measures to protect your personal data as best we can. The measures we take are intended to provide a level of security commensurate with the risk from processing your personal information. We operate secure data networks that are firewall-protected in accordance with industry standards, and password-protected against loss, misuse and modification of information under our control.
10. Contact Us
If you have any questions, comments or concerns regarding our privacy practices, please contact us using the following contact details depending on your geographic location:
- If you are accessing our Sites or using our Services from the United Kingdom:
- Email us at firstname.lastname@example.org
- Write to us at Shopmium, 46 Rue de l'Arbre Sec, 75001 Paris, France
- If you are accessing our Sites or using our Services from Belgium:
- Email us at email@example.com
- Write to us at Shopmium, 46 rue de l'Arbre Sec, 75001 Paris, France
- If you are accessing our Sites or using our Services from France:
- 2mail us at firstname.lastname@example.org
- Write to us at Shopmium, 46 rue de l'Arbre Sec, 75001 Paris, France
07 December 2023 Version