Affinion International Limited ("Affinion”, “We", "us", "our") respects your privacy and is committed to protecting your personal data. This privacy and cookies policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
This privacy and cookies policy is provided in a layered format so you can click through to the specific areas set out below.
Affinion are committed to protecting and respecting your privacy. We want you to know how and why we use any personal data we collect from you, hold about you, you provide to us, or we otherwise process. This Privacy and Cookies Policy will also explain the choices you have available to you about your data. In providing your data to us or using our services or our websites you agree to this Policy and accept the practices outlined in this Policy.
“Personal data” and “your data” mean any information about you which is personally identifiable or can be related back to you such as your name, date of birth, credit or debit card numbers, address, telephone number, email address, marketing preferences, service selections and queries.
This Policy covers the provision of all our consumer services, our websites and our interactions with you. These include any services that you enrol in or otherwise subscribe to.
Please refer to your terms and conditions to understand whether we are the Data Controller or Data Processor of your data.
If you have a concern about your data or a question about this Policy for our Data Protection Officer, please contact them by email at email@example.com
Affinion collects and uses your data for the purpose of providing you with the product you have signed up to whilst ensuring you have a great and enjoyable experience.
You provide some of this data directly when you sign up to the product/service, via the telephone when you call our customer service teams for support, when you communicate with us in writing by email or post and whilst using the product/service.
It is up to you what data we collect and you may decline to provide us with your data. However, if you choose not to provide us with your data which is necessary to provide you with the product/service, you will not be able to use that product/service.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
The data we collect will depend on the type of product/service you sign up to and the features you use, your interactions with us, whether you are paying us for the service or receiving the service through a package offered by one of our partners and the preferences you select. The data we collect includes the following:
We will also use your data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. You will receive marketing communications from us about similar products and services if you have requested information from us or purchased goods or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing by clicking the unsubscribe link in the email or SMS.
We will ask you for your express opt-in consent before we share your personal data with any company outside Affinion controlled affiliates, subsidiaries and our parent company for marketing purposes. We will provide you with more information about the categories of these companies at the time of asking you for your express opt-in consent. This will typically be for products/services offered by other companies which may be of interest to you based on the product/service you have with us or may be for another purpose which will also be made clear to you at the time of obtaining your express opt-in consent.
We will also ask you for your express opt-in consent before we send you marketing communications about our products/services that are not similar to what you currently have with us.
If you provide your explicit opt-in consent to receive such marketing communications, we may provide you with further options where you can choose how to receive it, such as email, SMS, physical mail or telephone and the frequency of such marketing communications. If you have provided your explicit consent to receive marketing communications but later change your mind, you can edit your preferences on how you receive them, how often you receive them or even stop receiving them altogether. To find out how to do this, please click here.
We explain throughout the Policy when and why we process your data for a legitimate business purpose. A legitimate business purposes means the interests of Affinion in conducting and managing our business to enable us to give you the best products and services and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You have the right to object to this processing if you wish and if you wish to do so please contact our Data Protection Officer. If you do object, this may affect our ability to carry out the tasks for your benefit where we are processing your data for a legitimate business purpose.
We may share your data if it is necessary to do so in order to provide you with your product/service, if we have a legitimate business purpose for doing so, or if you have given us your explicit consent to do this.
Please note that when you are redirected to a partner or third party website from our website, if you provide personal data to any of those partners or third parties, your data will be governed by their privacy statement/policy. You should read their privacy statement/policy before you submit any of your data to their websites.
The entities we will share your data with include selected third parties such as your bank, credit card provider, credit agencies, insurers so they can process your payment or provide other financial services (i.e. fraud prevention) or travel related organisations such as airlines, hotels, cruise organisers or providers of airport parking/lounge services. We will share your data with partners to enable us to provide you with the product/service in connection with purchases you have made with that partner (i.e. the provider you have booked your event tickets with, the online retailer you have made a purchase from, the marketing partner or other partner that signed you up to our product/service or any other partner relevant to your product/service).
Additionally, third party providers of information security services will have access to your data for the purposes of monitoring our networks and websites to help keep your data secure. This processing is undertaken for legitimate business purposes.
We may share your data among Affinion controlled affiliates, subsidiaries and our parent company throughout the world who are acting as our data processor and only processing your data according to our instructions for legitimate business purposes. If you would like to see an up to date list of these companies, please click here. We will do this in order to process transactions and ensure you are able to use the product/service. Your data is still protected in the same manner as set out in this Policy in line with applicable laws. Click here to understand our position on the transfer of data outside of the European Economic Area.
We may also share your data with others, such as advertisers interested in advertising on the Affinion websites but only in aggregate, anonymous form, which means that the shared information will not contain nor be linked to any personally identifiable information about you or any other person.
We may ask your card issuer to update us with any changes to the information they have provided to us, for example, by providing us with any updated or new card numbers or expiry dates. This is necessary to ensure a smooth transition for your continued enjoyment of the product/service especially for products/services where you receive cyber security and fraud detection services.
Additionally we reserve the right to access and disclose your information in order to comply with applicable laws, to comply with lawful requests from governments, law enforcement agencies or parties whose request we reasonably consider to be justified in connection with any allegations by any party about your abuse of our services, to operate our systems properly or to protect ourselves or our users from any of the scenarios mentioned in this section This includes protecting the rights of Affinion through the enforcement of the terms governing the product/service and protecting our customers from spam or activity which may defraud users of our product/service.
We store information that we collect through cookies, log files, clear gifs, and/or third party sources to create a summary of your preferences. We tie your personally identifiable data, and/or your membership usage history in order to provide tailored promotions and marketing offers, to improve the content of the site for you and/or to determine your preferences. We may match information collected from you through different means or at different times, including, for example, information collected online and offline, and use such information along with information obtained from other sources, including third parties. To do this, it is often necessary to share this information with carefully selected vendors and partners we work with, such as companies that perform marketing services and other business operations for us.
We use strictly necessary cookies – these cookies are essential, as they enable you to move around our website and use its features. Without these cookies, services you’ve asked for (such as completing an application form or logging into a secure area of our website) can’t be provided.
In particular, we use session and persistent cookies on this site. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. You can remove persistent cookies and reject persistent and session cookies by following the directions provided in your Internet browser’s “help” file or by visiting www.allaboutcookies.org. If you reject persistent or session cookies, you may still use our site, but you may not be able to access all the site’s functionality or your access may be limited.
We are continually looking to adopt and implement new practices and technologies in order that we may improve your user experience. We may update this Cookies Policy from time to time with details of new cookies.
Details of the cookies we currently use on this website are shown below:
|Strictly necessary cookies||ASP.NET_SessionId||Essential session tracking||Visit the Microsoft website for more information - microsoft.com|
|hasCookies||Determines whether or not the user allows first party cookies in their browser.||If a web browser cannot accept first party cookies it will not be possible to use our websites|
|Visitor||Essential session tracking||A unique reference assigned to each visitor to help improve their experience using our website. Short expiry|
|sis||Essential session tracking||A unique reference assigned to each visitor to help improve their experience using our website. Short expiry|
|visitorid||Essential session tracking||A unique reference assigned to each visitor to help improve their experience using our website. Short expiry|
We use web beacons, provided by our ad serving partner, to help manage our online advertising. These web beacons allow us and/or our ad serving partner to access individual cookies when a browser visits the site. This allows us to identify which advertisements or listings served by our ad serving partner bring users to our website. Web beacons are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on webpages and are about the size of the period at the end of this sentence. We link the information gathered by clear gifs to your data (see How we use information we collect through cookies above).
Like many websites, we gather certain information relating to website use automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information, which does not by itself identify individual users, to analyse trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole. After collection, during our processing of the data, we link this automatically-collected data to the data we hold about you.
Where you are using our websites, we may use your IP address to help diagnose problems with our server and to administer our website. Your IP address may also be used to help identify you for the duration of a session and to gather broad demographic information. Your IP address will never be linked to any personally identifiable data unless you are in the process of making a purchase, in which case the link between this information will terminate upon your final purchase.
As you use the internet, a trail of electronic information is left at each website you visit. This information, which is sometimes referred to as “clickstream data”, can be collected and stored by a website’s server. Clickstream data can tell us the type of computer and browsing software you use, the address of the website from which you linked to our website, and, in some instances, your e-mail address. We may use clickstream data to determine how much time visitors spend on each page of our site, how visitors navigate throughout the site and how we may tailor our web pages to better meet the needs of visitors. This information will only be used to improve our websites. Any collection or use of clickstream data will be anonymous and aggregated and will not contain any of your identifiable data except where you have selected an email address that identifies your name.
If you would like to see the data we process on you, restrict the processing of your data or have it deleted you can contact our Data Protection Officer who will investigate the matter and take you through the necessary steps to provide you with the data you requested or to delete it. If you would like it deleted, in particular any data which is necessary for us to process to provide you with the product/service, you will no longer be able to use the product/service. If applicable, our Data Protection Officer will explain any circumstances where we are not be able to erase your data such as the exercise or defence of a legal claim and situations where you can restrict the processing of your data. Our Data Protection Officer will respond to your query within 30 days of receiving your request.
You can edit or remove your information from our marketing database by emailing, writing or calling us using the contact details above, specifying your name, the email or other address/ telephone number you used to register with us and, if referring to a web registration, your user name in the email. You may also do this online if you have an online account by visiting your preferences page.
In addition, if you have provided us with your explicit consent to receive marketing communications via email, you will normally find an unsubscribe link at the bottom of the marketing emails you receive, which you can use to tell us if you no longer wish to receive marketing communications from that source.
If you object to us processing your data based on a legitimate business purpose, please contact our Data Protection Officer who will investigate and take action on the matter.
Securing your personal and non-personal information is very important to us. All customer databases are held in a secure environment and (except for law enforcement authorities in limited circumstances), only those Affinion employees or other persons who need access to your data in order to perform their duties are allowed such access. Any of these employees or persons who violate our privacy and/or security policies may be subject to disciplinary action, including possible termination and civil and/or criminal prosecution. Where you are using our websites, we take proactive steps to put safeguards in place to provide for the secure transmission of your data from your computer to our servers. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and Affinion, and Affinion and you, will be free from unauthorised access by third parties, such as hackers. We have implemented all necessary and reasonable technical and organisational measures to protect your data including:
Our websites utilise Standard SSL encryption on pages where secure information is transmitted over the Internet. We also use Verisign as our Certificate of Authority. If you would like more information on our Verisign Certificate, please visit www.verisign.com/?dmn=verisign.co.uk.
We may update this Policy when necessary to reflect changes in our products/services. Please check the last updated date at the top of this Policy to ensure you are reviewing our most current version and understand how we protect your data. If there are any material changes to this Policy which change the way we collect and use your personal data, we will let you know by either posting on this website a notice of the changes we are making before they take effect or by sending you a notification.
You can contact our Data Protection Officer if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We retain your data for as long as you continue to use the product/service for the purposes explained in Section 2 above. When you cease your membership of the product/service, we will retain your data for as long as necessary to comply with our legal obligations, to resolve disputes and defend claims, as well as, for any additional purpose based on the choices you have made such as to receive marketing communications that you provided your consent to. In particular, we will retain call recordings, the data you supplied when joining the product, including complaints, claims (for insurance products) and any other data you supplied during the duration of your contract with us for your product/service for a period of 7 years from termination or expiry of your service in line with industry standards and UK statutory limitation periods for the defence of contractual claims.
If you have a concern about your data or a question about this Policy for our Data Protection Officer, please contact them by email at firstname.lastname@example.org. If you are not happy with the response you received or believe your data has not been used in accordance with this policy and therefore not processed in line with applicable laws, you may lodge a complaint with the Information Commissioner’s Office (ICO), the UK Supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.