Ikano Bank (‘Ikano’) takes the handling and protection of personal information very seriously. This privacy notice provides you with important information about what personal information we process when you visit our website and participate in Ikano Rewards, as well as other important information such as the purposes for which we will process your personal information, as well as giving you information about your rights in relation to your personal information.

If you are not able to read this privacy notice now, we recommend that you do take the time to read it, or at least those sections of it which are most important to you so that you are aware of how we will process your personal information.

In order to assist you quickly and easily identify what information is relevant to you, we’ve provided a list of headings below which will take you quickly to the areas that you are interested in.

Who we are and how to contact us and our Data Protection Officer

Ikano Bank AB (publ) is a data controller of your personal information and can be contacted at Ikano Bank AB (publ), PO Box 7221, Willenhall WV1 9DR or at dpo@ikano.se

Personal information means information that is about you or from which we can identify you. This privacy notice describes how we deal with your personal information. We are the data controller of this information under relevant data protection laws because in the context of our business relationship with you we decide how and why it is processed in the ways explained in this privacy notice. When we use terms such as we, us and our in this notice, we mean Ikano Bank AB (publ).

Our Data Protection Officer can be contacted if you have queries about this privacy notice or wish to exercise any of the rights mentioned in it.

This privacy notice may be updated from time to time. We may send you an updated copy (depending on whether we are required to do that or not) but you can also find the current version at Privacy policy

About Ikano Rewards

Ikano Rewards is an online platform through which you can access links to buy products direct from third party suppliers online and receive cashback on your spend. We use a third party, VAC Media Limited, to provide Ikano Rewards and the website to you and to operate, administer and manage Ikano Rewards and the website on our behalf.

What should you do if your personal information changes?

You should tell us without delay so that we can update our records. The contact details for this purpose are:

By logging into your online account and updating your information within the ‘My Account’ section

By logging into your online account and raising a support ticket from the online helpdesk

By contacting us at support@ikanorewards.co.uk

What kinds of personal information about you do we process?

We have set out below a description of the types of personal information which we hold about you and which we will process to administer this website and operate Ikano Rewards.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• Your title, full name, your contact details, including for instance your email address, home and mobile telephone numbers;
• Your home address and correspondence address (where different from your home address);
• Your date of birth and/or age;
• Payment details so thatyou can receive payment of any reward/cash back you are entitled to under Ikano Rewards;
• Records of how you have contacted us and, if you get in touch with us online, details such as your mobile phone location data, IP address and MAC address;
• Details about what third party products and services you are interested in, what rewards you have requested, and your interests, preferences, feedback and survey responses;
• Information about how you use the website;
• Personal information provided by you to us in correspondence, whether by email, written letter, or telephone call (as telephone calls to and from us are recorded for training, monitoring and security purposes).

How do we collect your personal information?

We use different methods to collect data from and about you including through:

• Direct interactions with you. You may give us personal information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes information you give us when you register for and use Ikano Rewards.
• Automated technologies or interactions. As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
  Cookie Settings
• Third parties. We may receive personal data about you from various third parties as set out below:
• VAC Media Limited, who operates, administers and manages Ikano Rewards and the website on our behalf;
• third party retailers who participate in Ikano Rewards and from whom you may purchase products and services via links on our website;
• analytics providers [such as Google based outside the UK];
• advertising networks; and
• search information providers.
• providers of technical, payment and delivery services.

What are the legal grounds for our processing of your personal information (including when we share it with others)?

Data protection laws require us to explain what legal grounds justify our processing of your personal information (this includes sharing it with other organisations). For some processing more than one legal ground will be relevant (even where we rely on a consent for non-marketing purposes).

Here are the legal grounds that are relevant to us:

1. Processing necessary to perform our contract with you

This purpose includes such processing as is necessary for us to provide Ikano Rewards to you. The processing will include administering and managing Ikano Rewards and provide you with rewards under Ikano Rewards.

2. Where processing is necessary for our legitimate interests

This will include processing which, on balance, we consider is in our legitimate interests and which do not cause you undue prejudice. Our legitimate interests are:

• Administering and managing Ikano Rewards and provide you with rewards under Ikano Rewards. This is necessary to keep our records updated and to study how customers use our products/services;
• To test the performance of our websites, products, services and internal processes.This is necessary to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy;
• To adhere to guidance and best practice under the regimes of governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman, and the Information Commissioner’s Office;
• For management and audit of our business operations including accounting. This is necessary for running our business;
• To carry out monitoring and to keep records (see below).This is necessary for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise;
• To administer our good governance requirements such as internal reporting and compliance obligations or administration. This is necessary for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise;
• For market research and analysis and developing statistics. This is necessary to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy; and
• For marketing communications (where it is lawful for us to do so and where you have not objected to the use of your personal information for these purposes). This is necessary to develop our products/services and grow our business.

3. Processing necessary to comply with our legal obligations

• For compliance with laws that apply to us;
• For establishment, defence and enforcement of our legal rights or those of any other member of our group;
• For activities relating to the prevention, detection and investigation of crime;
• To carry out monitoring and to keep records (see below);
• To deal with requests from you to exercise your rights under data protection laws; and
• To process information about a crime or offence and proceedings related to that (in practice this will be relevant if we know or suspect fraud).

4. Processing with your consent

• When you request that we share your personal information with someone else and consent to that; and
• For marketing communications purposes to personalise and improve your digital experience, communications, or to carry out profiling for the purposes of targeting marketing offers and market research if we have your consent to do so.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Disclosure to third parties

We may share your personal data with the parties set out below for the purposes set out above:

• VAC Media Limited, who operates, administers and manages Ikano Rewards and the website on our behalf;
• Our legal and other professional advisers, auditors and actuaries;
• Financial institutions and trade associations;
• Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman, and the Information Commissioner’s Office;
• Tax authorities who are overseas for instance if you are subject to tax in another jurisdiction we may share your personal information directly with relevant tax authorities overseas (instead of via HMRC);
• Other organisations and businesses who provide services to us such as back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions such as sending letters, statements and other correspondence;
• Buyers and their professional representatives as part of any restructuring or sale of our business or assets;
• Market research organisations who help us to develop and improve our products and services.
• Courts and to other organisations where that is necessary for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

How and when can you withdraw your consent?

Much of what we do with your personal information is not based on your consent, instead it is based on other legal grounds (as described above). For processing that is based on your consent, you have the right to withdraw that consent for future processing at any time. You can do this by contacting us using the details below.

By logging into your online account and updating your information within the ‘My Account’ section

By logging into your online account and raising a support ticket from the online helpdesk

By contacting us at support@ikanorewards.co.uk

Is your personal information transferred outside of the UK or the EEA?

We operate in the UK but sometimes your personal information may be transferred outside the UK or the European Economic Area. If it is processed within Europe or other parts of the European Economic Area (EEA) then it is protected by European data protection standards which are equivalent to UK standards and have been deemed adequate.

Some countries outside the EEA do have adequate protection for personal information under laws that apply to us. We will make sure that suitable safeguards are in place before we transfer your personal information to countries outside the EEA which do not have adequate protection under laws that apply to us. Generally these will be using approved standard contractual clauses. Details of these can be found here. Please contact us if you would like more information on overseas transfers of your personal data.

Do we do any monitoring which involves the processing of your personal information?

By monitoring, we mean any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, emails, text messages, social media messages and other communications We may monitor where permitted by law and we will do this where the law requires it. In particular, where we are required by the Financial Conduct Authority’s regulatory regime to record certain telephone calls (as relevant) we will do so.

Some of our monitoring may be to comply with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures, to have a record of what we have discussed with you and actions agreed with you, to protect you and to provide security for you (such as in relation to fraud risks on your account) and for quality control and staff training purposes.

How long is your personal information retained by Ikano?

Unless you are notified by us of any variation, we will hold your personal information for the following periods:

• Retention in accordance with legal and regulatory requirements: We will retain the personal information that we need to keep even after the relevant contract you have with us has come to an end for at least 6 years and this will be to satisfy our legal and regulatory requirements.

What are your rights under data protection laws?

Here is a list of the rights that all individuals have under data protection laws. They do not apply in all circumstances. If you wish to exercise any of them we will explain at that time if they apply or not.

• The right to be informed about your processing of your personal information;
• The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
• The right to object to processing of your personal information;
• The right to restrict processing of your personal information;
• The right to have your personal information erased (the “right to be forgotten”);
• The right to request access to your personal information and to obtain information about how we process it;
• The right to move, copy or transfer your personal information (“data portability”);

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk

If you wish to exercise any of these rights against the Credit Reference Agencies or the Fraud Prevention Agencies who are data controllers in their own right, you should contact them directly.

Data anonymisation and use of aggregated information

Your personal information may be converted into statistical or aggregated data which cannot be used to re-identify you. It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this privacy notice.

Your marketing preferences and what this means

We may use your home address, phone numbers, email address and social media (e.g. Facebook, Google and message facilities in other platforms) to contact you according to your marketing preferences. This means we do this only if we have a legal ground which allows it under data protection laws - see above for what is our legal ground for marketing. You can stop our marketing at any time by calling us, writing to us, or by following the instructions on how to do that in the marketing email or other communication.