This is the privacy notice of The Defence Discount Service, operated by Blue Light Card Ltd, In this document, "we", "our", or "us" refer to Blue Light Card.
We are company number 06581540 registered in the UK. Our registered office is at 202 Ashby Road, Loughborough, Leicestershire, LE11 3AG
- This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, "process" means collect, store, transfer, use or otherwise act on information.
- We regret that if there are one or more points below with which you are not happy, we recommend that you do not use our website, apps or services..
- Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
- The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided at https://ico.org.uk/
- Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website or apps.
- Information we process because we have a contractual obligation with you
When you purchase a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us. In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information. We may use it in order to:
- verify your identity to ensure you qualify for access to the service
- sell products to you
- provide you with our services
- provide you with suggestions and advice on products, services and how to obtain the most from using our website and apps
- provide you with service communications, for example letting you know if your card is due for renewal.
Information we collect
- Full name, email address, position (staff number/service number), employer. This information is to help ensure you qualify for the service and to provide a basic account function for you to login
- Email address is also collected to provide you with service communications such as notifications that your card is due for renewal.
- County of interest so we can provide offers local to you
- Address, required when applying for a card. This is deleted 14 days after your card has been posted. If your application is not complete your address will remain until this has been completed it will be automatically deleted after the retention time (see point 18.e)
- Copy of ID/service documents. Your ID is required for us to ensure you qualify for the service and will be visually inspected. Whether the ID is declined or accepted the ID is removed from our system and is not stored. ID is processed with a 14 day period but often with 24 hours on a working day.
- Date of Birth. This is processed to confirm you are old enough to qualify for our services and identify if you qualify for certain offers, e.g. you must be over 18 to receive offers relating to alcohol.
- Applications made by the post. All information is added as above and all paper material is stored securely while being processed and after is shredded by an approved shredding device.
- Information we process with your consent
Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or apps or ask us to provide you more information on our products and services, you provide your consent to us to process information that may be personal information.
Wherever possible, we aim to obtain your explicit consent to process this information.
Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply.
If you have given us explicit permission to do so, we may pass your name and contact information to selected associates whom are required to help with your query or request. For example this could be to a company you are having difficulties with while using an offer found on our website or apps.
We continue to process your information on this basis until you withdraw your consent, or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing us [email protected] However, if you do so, you may not be able to use our website, our apps or our services further.
- Information we process in our legitimate interests
We collect information automatically from your use of our website, apps and services:
- Personalised redemption data relating to sales and savings of our members. We use this to let you know where you have made savings and how much you have saved, as well as to improve our services.
- Information, dates and times you have used the website to login, request passwords, register on both the website and apps. This is important so we can monitor user activity, provide security and try our best to improve the service we provide you.
- Information relating to offers you view and click including time/date, company, offer, newsletter offer used. This is useful for statistics and providing us and companies with feedback regarding the popularity of offers. We aggregate this data before sharing it with other companies and never provide anything that can be identified to a user.
We also anonymise the analytical data we collect so that you can no longer be identified from it. Once anonymised, it will no longer be personal data and we will share it with other companies to help them provide a better service and better understand the effectiveness of their services and offers. We also use this anonymised data to recruit new retail partners.
You have the right to object to processing carried out for our legitimate interests. See the Your Rights section below for more information.
- Information we process because we have a legal obligation
We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation. For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
This may include your personal information.
- Complaints regarding content on our website
- Information relating to your method of payment
- Sending a message to our support team
- to track how you use our website
- to record whether you have seen specific messages we display on our website
- to keep you signed in our site
- about the offers you have viewed or clicked
- Personal identifiers from your browsing activity
Requests by your web browser to our servers for web pages and other content on our website are recorded.
We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.
Once logged into the website or apps we track browsing activities that include;
- Products purchased, to track each product purchased and fulfil our obligation to provide you with your electronic code or voucher.
- Locations selected, allowing us to provide you with the correct products for this location
We use this information in aggregate to assess the popularity of the pages on our website and apps and how we perform in providing content to you. This information is also used in order to better enhance our website and apps, so it functions correctly, this information is aggregated and anonymised in reports generated.
If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed.
Information is stored for 6 years for tax purchases as data is only obtained when a purchase is made. All baskets and product not purchased information is removed 30 minutes after inactivity.
- Information we obtain from third parties
- Data processing outside the European Union
- Third parties
- Access to your personal information
- Removal of your information
- Verification of your information
- Objection to processing
- Use of site and services by children
- We do not sell products or provide services for purchase by children, nor do we market to children.
- You are required to be 16 years or older, in order to use our website and apps.
- You are required to provide a date of birth to ensure the products and serevices we are advertising are suitable.
- Encryption of data sent between us
- How you can complain
- You can make a complaint in writing to Blue Light Card PO BOX 10180, Loughborough, LEICS, LE11 9HN.
- If a dispute is not settled, then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
- If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office. This can be done at https://ico.org.uk/concerns/
- Retention period for personal data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
- Customer Service forms (from outside the members area) we store for 12 months.
- Emails, tickets, data will be removed after two years. Some data may be used for training purposes, but this information will be anonymised.
- Tracking information, the companies you have visited and viewed, from our websites, apps or electronic emails. Information will be anonymised after 2 years so performance can still be monitored to continue to deliver a personable service for you.
- Unique Vault codes will remain in your account for up to two years after expiry, this date is shown in your account area.
- Personal account information (card holder), if you have a physical membership card this is valid for five years. As your card can be used offline, you may not log into or use the website or app features in order to revalidate your activity. revalidate your activity therefore members information will be stored for five years and then a further two years at the renewal point unless opted for this to be removed.
- Personal account information (non card holder), we will store information on non card holders for two years, unless transacted with us directly and this will then be six years for tax and accounting requirements. A none active member will have the information automatically deleted at this time and should they wish to re-join the service will be require to fully validate their account and resubmit information again.
- Other information such as company follows, company favourites, push notification subscription numbers, will remain in place while your account is open (please see point 21.(5)/21.(6)), you have the ability to take/remove consent at anytime via the website and/or our apps.
- Your address information if provided for the delivery of a membership card will be stored for 14 days after the card has been sent, if you have started but not completed an application this information will be stored as per point 21.(6).
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
- to provide you with the service you have requested
- to comply with other law, including for the period demanded by our tax authorities.
- to support a claim or defence in court.
- Compliance with the law
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
Specific uses of information you provide to us
If you complain about any of the content on our website, we shall investigate your complaint.
If we feel it is justified or if we believe the law requires us to do so, we shall remove the content while we investigate.
If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.
Payment information is never taken by us or transferred to us either through our website or otherwise.
At the point of payment, you are transacting securely with one of our payment partner SagePay, Paypal or Stripe. The payment form may look like it is part of our website but this is taking place outside of our servers and website.
When you contact us, whether by telephone, through our website or by email, we collect the data you have given to us to reply with the information you need.
We record your request and our reply, to increase the efficiency of our business. This information is stored in our email clients/databases for two years and after this point it is securely removed.
When we receive a complaint, we record all the information you have given to us.
We use that information to resolve your complaint.
If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. Before this is done we will seek further permission to pass this information on to progress your complaint.
We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.
Use of information we collect through automated systems when you visit our website or use our apps
Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.
Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.
Disclosure and sharing of your information
Although we do not disclose your personal information to any third party (except as set out in this notice), we sometimes receive data that is indirectly made up from your personal information from third parties whose services we use.
This data could be matched to you if compared with our own data. Due to the level of some discounts on the site and to ensure offers are not being misused, we may use this information to validate that the member qualifies to use the offer. The response in this instance would be a yes or no and no further data provided.
We do not have control over these technologies or the data that these parties use externally of our website and therefore recommend each member reads the privacy policies on partner sites.
Our websites and apps are hosted in the United Kingdom and servers are owned by Blue Light Card Ltd.
Your personal information is not passed outside the European Union. We do use third party providers such as Amazon to provide some services used within our websites and emails sending these are all used via EU based services: Further information on Amazon and their GDPR policies and frameworks can be found: https://aws.amazon.com/compliance/gdpr-center/
We may share your information with suppliers and sub-contractors for the performance of any contract we enter into with you and to improve our services. This includes IT service providers, customer survey providers and analytics providers who help us to run and improve our systems and services. We aim to pseudonymise or anonymise personal data wherever practical before disclosure to those third parties.
If we are acquired by a third party then our data will be disclosed to the buyer as part of that purchase. Finally, we will disclose information if we have a legal obligation to do so.
At any time you may review your personally identifiable information that we hold about you via a download in Your Account section on our website.
If you wish us to remove personally identifiable information we hold about you, you may contact us at [email protected]rd.co.uk or via a ticket within your account area.
Please note some information such as products purchased will remain for the duration of 6 years for the purposes of tax and accounting.
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes. You also have the right to ask us not to process your personal data where it is processed on the basis of legitimate interests (see ‘Information we process in our legitimate interests’ above) provided that there are no compelling reasons for that processing.
We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.
Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.
However, ultimately it is your choice as to whether you wish to use our website, apps or services.
We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.
This Policy was last updated: 9th July 2019