Last updated: 24 January 2025
1. Introduction
This Privacy Policy explains how Retail Geek Ltd ("we", "us", "our") collects, uses, and protects personal data when you use PerQ, our digital loyalty card service.
Retail Geek Ltd
Company Number: 16740532
Registered in England & Wales
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Who This Policy Applies To
This policy applies to two groups:
- Retailers - businesses that subscribe to PerQ to run their loyalty programs
- Customers - individuals who add retailer loyalty cards to their Apple Wallet or Google Wallet
3. Data Controller vs Data Processor
3.1 For Retailer Business Data
Retail Geek Ltd is the data controller for retailer account information (business details, contact info, login credentials, billing data).
3.2 For Customer Loyalty Data
The retailer is the data controller for their customers' loyalty data. Retail Geek Ltd acts as a data processor on behalf of the retailer.
This means:
- Retailers are responsible for obtaining customer consent
- Retailers must inform customers how their data will be used
- Retail Geek processes customer data only as instructed by the retailer
- Customers should contact the retailer for data requests (access, deletion, etc.)
4. Information We Collect
4.1 Information Collected from Retailers
When you sign up for PerQ, we collect:
- Business Information: Business name, address, contact name
- Contact Details: Email address, phone number (optional)
- Account Credentials: Email and password for dashboard login
- Payment Information: Processed securely by Stripe (we never see your full card details)
- Branding Assets: Logo, brand colors, reward names
- VAT Information: VAT registration status and number (if applicable)
- Marketing Preferences: Your consent to receive marketing emails
4.2 Customer Loyalty Data (Processed on Behalf of Retailers)
When customers add a loyalty card to their wallet, we process:
- Customer Identifiers: Unique customer ID, customer number
- Loyalty Activity: Stamps earned, rewards claimed
- Timestamps: When stamps were added, when rewards were claimed
- Platform Information: Whether the customer uses Apple Wallet or Google Wallet
- Device Registration Data: For sending wallet pass updates (managed by Apple/Google)
We do NOT collect:
- Customer names
- Email addresses or phone numbers
- Dates of birth
- Payment card details
- Location data
- Biometric data
4.3 Usage and Analytics Data
We collect:
- Dashboard usage metrics (which features you use)
- Scanner app activity logs
- Monthly active customer counts (for billing purposes)
- Technical data (IP addresses, browser type, device type)
5. How We Use Your Information
5.1 Retailer Data
We use your business data to:
- Create and manage your PerQ account
- Provide access to the dashboard and scanner app
- Process payments and billing
- Generate invoices and usage reports
- Send service updates and support messages
- Send marketing emails (only if you've consented)
- Improve our services
- Comply with legal obligations
5.2 Customer Loyalty Data
We process customer data to:
- Create and update digital wallet passes
- Track stamps and rewards
- Enable retailers to scan QR codes and add stamps
- Send pass update notifications to Apple/Google
- Calculate monthly active customer counts for billing
- Prevent fraud and abuse
6. Legal Basis for Processing
Under UK GDPR, we process data based on:
- Contract: To provide the PerQ service you've signed up for
- Legitimate Interests: To operate and improve our business, prevent fraud, and send service updates
- Consent: For marketing emails (you can withdraw consent at any time)
- Legal Obligation: To comply with tax, accounting, and legal requirements
7. How We Share Your Information
We do not sell your data. We share data only with:
7.1 Service Providers (Sub-Processors)
- Google Firebase: Cloud hosting and database services (US/EU data centers)
- Stripe: Payment processing (PCI-DSS compliant)
- Apple Inc.: Apple Wallet pass management and push notifications
- Google LLC: Google Wallet pass management
7.2 Legal Requirements
We may disclose data if required by law, court order, or regulatory authority.
7.3 Business Transfers
If Retail Geek Ltd is sold or merged, your data may be transferred to the new owner (we will notify you).
8. International Data Transfers
Your data may be processed outside the UK by our service providers (e.g., Google Firebase, Stripe). We ensure adequate safeguards are in place through:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreements with sub-processors
- Compliance with UK GDPR transfer requirements
9. Data Retention
9.1 Retailer Data
- Account data is retained while your subscription is active
- After cancellation, we retain data for 90 days to allow reactivation
- After 90 days, all data is permanently deleted
- Billing and invoice data is retained for 7 years (UK tax law requirement)
9.2 Customer Loyalty Data
- Retained as long as the retailer's subscription is active
- Deleted 90 days after the retailer cancels their subscription
- Retailers can delete individual customer records at any time via the dashboard
10. Your Rights (UK GDPR)
10.1 Rights as a Retailer
You have the right to:
- Access: Request a copy of your data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your account and data
- Portability: Receive your data in a structured format (CSV export available)
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Unsubscribe from marketing emails at any time
10.2 Rights for Customers (Wallet Pass Holders)
Customers should contact the retailer directly to exercise their rights, as the retailer is the data controller.
If you cannot reach the retailer, contact us at app@retailgeek.co.uk and we will assist.
11. Data Security
We protect your data using:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest (Firebase encryption)
- Secure authentication (Firebase Auth)
- Access controls and role-based permissions
- Regular security audits and updates
- PCI-DSS compliant payment processing (Stripe)
12. Cookies and Tracking
Our dashboard uses:
- Essential Cookies: For login and session management
- Analytics Cookies: Google Analytics (anonymized IP) - with your consent via Cookiebot
For full details, see our Cookie Policy.
13. Children's Privacy
PerQ is a business service for retailers. We do not knowingly collect data from children under 13. If you believe we have inadvertently collected such data, contact us immediately.
14. Marketing Communications
We only send marketing emails if you've consented during sign-up. You can:
We will always send essential service emails (billing, security alerts) regardless of marketing preferences.
15. Third-Party Links
Our service may link to third-party websites (e.g., Apple, Google, Stripe). We are not responsible for their privacy practices. Please review their privacy policies.
16. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.
Material changes will be communicated via:
- Email notification to your registered email address
- Dashboard notification when you log in
17. Your Responsibilities as a Retailer
As a PerQ retailer, you must:
- Inform your customers that you use PerQ for loyalty management
- Have a lawful basis for processing customer loyalty data
- Comply with UK GDPR when collecting and using customer data
- Respond to customer data rights requests (access, deletion, etc.)
- Display appropriate privacy notices to your customers
18. Data Protection Officer
For privacy-related queries, contact:
Email: app@retailgeek.co.uk
19. Complaints
If you're unhappy with how we handle your data, you have the right to complain to the UK supervisory authority:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113
