Client Privacy & Information Assurance Policy

This Client Privacy Policy provides standard policy and implementation details related to Loyalty Logistix data privacy provisions and information assurance for our service provision to Clients and covers the specific provisions for Information Assurance and Privacy for a contract, project or programme of work. 

The intended audiences are:
 

  • Loyalty Logistix clients and suppliers

  • Loyalty Logistix third party data processors and data storage providers

  • ISO 27001 certification service provider


Legal basis for data storage and processing

Where Loyalty Logistix Limited provide platform systems for The Client, the system and services within the scope of the project are defined in a ‘System Register’, provided at project set-up phase. Loyalty Logistix have agreed to process and store information on behalf of The Client on the lawful basis as determined by The Client.

The lawful basis is:

 

  • Consent: the individual has given clear consent for The Client to process their personal data for a specific purpose.

  • Contract: the processing is necessary for a contract between The Client and the End Customer, or because the End Customer has requested The Client to take specific steps before entering into a contract.


Parties
 

Name                       Privacy Responsibility           Contract Role

The Client                 The Client (Data Controller)   Provide clear instruction on the data privacy policies required. Manage End Customer consent.


Loyalty Logistix Ltd   Data Processor                     Receive data from the client comprising Customer, Vehicle and Service Transaction data objects.

                                                                        De-duplicate customer records.

Socketlabs                Data Processor                    Receive campaign data sets from Loyalty Logistix Limited including personal details of                                                                                      customers and owned vehicles.  Create and send emails to customers. 
                                                                        Securely delete the data set.

Microsoft                 Data Processor                     Azure hosting for database and application software.
 

Privacy and Data Protection

Loyalty Logistix shall process and store information on behalf of the client. The policies, processes, methods and tools used will be subject to the following regulations and/or accreditations.
 

ISO27001:2013 - www.iso.org/isoiec-27001-information-security.html
 

General Data Protection Regulations EU - www.ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/?q=fine
 

Information Commissioner’s Office - ico.org.uk
 

1.0  General provisions

         This policy applies to all personal data processed under the contract.
 

1.1.1.Lawful Processing
  1. To ensure its processing of data is lawful, fair and transparent, Loyalty Logistix Limited shall maintain a Register of Systems.

  2. Individuals have the right to access their personal data and any reasonable and legal requests for access shall be processed as follows.
    a) The Client shall verify the basis of the request.
    b)The request will be dealt with in a timely manner.
     

1.1.2.Lawful Purposes
  1. All data processing within the contract shall be on at least one of the lawful bases stated above in section 1:

  2. Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.

  3. Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and we will record the request.
     

1.1.3.Data Minimisation
  1. Loyalty Logistix Limited shall ensure that personal data are adequate, relevant and limited to what is necessary for the purpose of the contract.
     

1.1.4.Accuracy
  1. The Client shall take reasonable steps to ensure personal data is accurate.

  2. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
     

1.1.5.Data Lifecycle
  1. The Client will specify and provide the Data Retention Policy related to The Contract.

  2. Personal data shall be retained by Loyalty Logistix Limited as specified by The Client’s Data Retention Policy.
     

1.1.6.Security
  1. Loyalty Logistix Limited will ensure that personal data is stored securely using software from an approved provider. The software shall be a current version which is in support and patched in accordance with the provider’s security recommendations. 

  2. Access to personal data shall be limited to authorised Loyalty Logistix Limited personnel with a defined requirement for access.

  3. Appropriate back-up and disaster recovery solutions shall be in place.
     

1.1.7.Breach

As Data Processor under the terms of this contract, Loyalty Logistix Limited shall manage any breach or suspected breach which could result in accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, as follows:
 

  1. Notify the Loyalty Logistix Limited Data Protection Officer.

  2. Conduct the first line breach investigation and determine:
    a. The nature and scale of the breach.
    b. Personal data affected.
    c. Status in terms of ongoing, stopped, limited.
    d. Actions required to stop the breach.
    e. Immediate and long-term actions to rectify the breach.
    f. Communications required.

  3. Notify the Client of the breach, status and any ongoing actions required.

  4. In the event of a major breach notify the regulatory body and affected customers.
     

2.Regulatory Compliance

Loyalty Logistix Limited operate in multiple national and international jurisdictions. These Information Assurance and Personal Data Privacy provisions are based on the stringent requirements within the EU GDPR and ISO 27001:2013, and particularly the following provisions.
 

2.1.Consent

When relying on Consent as the lawful basis of processing, Loyalty Logistix Limited require Explicit Consent with a Positive Opt-in mechanism.
 

2.1.1.Customer Registration via a Loyalty Logistix App or Personal Web Page (PWP)

The App or PWP shall provide a clear definition of the effect of giving consent with a link to the full terms and conditions. The default state is “opted out” and opting in requires positive action and confirmation.
 

2.1.2.Customer Consent Data Provided by Data Transfer from the Client

When consent data is provided by The Client in a data transfer of consent and/or personal information, it is the responsibility of The Client to obtain explicit consent, and Loyalty Logistix Limited will rely on that explicit consent.
 

2.2.Accuracy and Changes to Personal Information

Where possible, Loyalty Logistix Limited will allow the end customer to check and correct their own personal information, including items such as address and car ownership. When that is not appropriate The Client will be responsible for validating the request and Loyalty Logistix Limited will then action the change as instructed by The Client.
 

2.3.Right to be Forgotten

This right is intrinsic to the GDPR approach and Loyalty Logistix Limited will undertake reasonable steps to comply.  The Client will be responsible for validating a request from an End Customer based on the right to be forgotten. Loyalty Logistix Limited will then action the change as instructed by The Client.
 

2.4.Cookies

Loyalty Logistix Limited will implement cookie management when developing PWPs for The Client. The GDPR requires that cookies are treated as personal information, and so must be subject to the same level of consent as other items of personal information.
 

3.Car and Vehicle Sales Sector Specific Requirements
 
3.1.White Listing and Reputation

Loyalty Logistix Limited and its third-party suppliers implement a white listing process which is designed to protect the reputation of The Client and Loyalty Logistix Limited.


Suppression list

Major mailbox providers such as Gmail, Hotmail, AOL, and others calculate and manage reputations for IP addresses and domains.

Factors used in determining reputation are invalid address delivery attempts and complaints from end-recipients. To maximise and protect The Client reputation we suppress attempts to deliver to bad addresses or to users that have previously complained.

Loyalty Logistix Limited and its suppliers will maintain a Suppression List for your account and use it to minimise failed delivery attempts. This will help maintain reputation and increase inbox delivery rates. It will minimise the chances of Grey Listing or Blacklisting by mailbox providers.


Sender Reputation
Sender reputation is the process used by major email providers to rate an IP address based on its sending history. This is usually determined by the bounce rate, the number of spam trap hits, user complaints, and the volume of outbound mail.


3.2.Vehicle Unbinding

Loyalty Logistix Limited will provide the ability for an End Customer to remove an association with an owned vehicle from their Personal Account. This is also known as unbinding, and typically occurs when the vehicle ownership changes. As the owner of the data and the only party with original knowledge of the change of ownership it is the End Customer’s responsibility to action the unbinding.

Loyalty Logistix Limited will action a change intervention only in exception circumstance and based on clear instruction from The Client with the lawful reason stated.

Contact us

If you have any questions about this Privacy & Information Assurance Policy, please contact us.

Loyalty Logistix Ltd
M-SParc, Menai Science Park, Gaerwen, Anglesey, North Wales, LL60 6AG 
Tel: +44 (0) 1248 546000
 

 

Copyright
 

The information and styling of this website is copyright property of Loyalty Logistix Limited. 

© 2019 Loyalty Logistix Ltd. All rights reserved  
Company Registration No. 4991455    Registered in England & Wales   VAT Reg No: 840 460548

Registered Office: c/o Fraser Wood, Victoria House, Plas Llywd Terrace, Bangor, Gwynedd, North Wales, LL57 1UB. U.K.

 

Website Terms of use & Privacy Policy

Client / Supplier Privacy & Information Assurance Policy

  • LinkedIn App Icon
  • Facebook App Icon
  • Twitter App Icon