Privacy Policy
Hupsale is the data controller. We understand and respect the importance of protecting your personaldata. This Privacy Policy sets out the basis on which any personal data we collect from you, or that youprovide to us, will be processed by us, in respect of your relationship with us as a customer or a potentialcustomer. This information may be collected via our websites (“Sites”), our contact centres, our mobileapplications (“Apps”), our questionnaires/surveys, our representatives or appointed agents in overseasdestinations, or our social media channels (collectively, our “Services”).Please read the following information carefully. You are responsible for ensuring that (i) the other people thatyou are acting on behalf of are aware of the content of this Privacy Policy; and (ii) you have checked withthem that they agree to their personal data being given to us.By giving your personal data to us, we will transfer, store or process it as set out below. We will take allreasonably necessary steps to ensure that your data is treated securely and in accordance with this PrivacyPolicy and we take appropriate security measures to help protect your personal data from accidental lossand from unauthorised access, use, alteration and disclosure.The security of your data also depends on you. For example, where we have given you or where you havechosen a password for access to certain services, you are responsible for keeping this password confidential.
Reasons for collecting and using your personal data
We will only collect and use your personal data if at least one of the following conditions applies: we have your consent; • it is necessary for a contract with you or to take steps at your request prior to entering into a contract; • it is necessary for us to comply with a legal obligation; • it is necessary to protect your vital interests or those of another individual; • it is in the public interest or we have official authority to do so; or • it is in our or a third party’s legitimate interests and these are not overridden by your interests or rights. More information on the lawful bases upon which we may rely to process your personal data is set out in Schedule two below.
Personal data you give to us
When you register your details on our Services or connect with us, including by email, post and phone or through social media, you may provide us with your personal details, including your name, e-mail address, post code, date of birth, phone number, travel preferences, and your account login details, such as your username and the password you choose. If you enter a competition or promotion, complete a survey or questionnaire, or if you give feedback or contributions or report a problem with any of our Services, we will collect your name and relevant contact information and any other personal data you choose to give us. If you contact us online, we may keep a record of your e-mail or other correspondence, and if you call us by telephone, we may monitor and/or record phone conversations for training and customer service reasons. If you upload any content to our Apps by positing videos, photographs, comments, and messages, such content may include some of your personal data which we will be stored on our secure servers until you delete that content or your account. To help us keep your information current, accurate and complete, please ensure you tell us if any thing needs to be changed.
Personal data we collect and/or observe about you
Based on how you have used our Services in the past and your activity on our website, social media channels, or with our contact centre, we collect the following personal data about you: • details of the services we have provided to you in the past, including your previous travel arrangements ,such as holidays and other purchases, and matters related to those arrangements, such as details of your previous enquiries, requirements or complaints; • personal information about you based on how you use our Apps (behavioural and engagement data) for the purposes of personalising content that appears in the App; • information about your social preferences, interests and activities; • details of your visits to our Sites and Apps (including, but not limited to, traffic data, location data and weblogs) whether this is required for our own purposes or otherwise, and of the resources that you access, including information about when you click on one of our adverts, including those shown on other organisations’ websites. We use third party technology services, such as Google Analytics to administer these services;
• details of website(s) you visited before you use a link to our Sites and Apps, pages visited in our Sites andApps, and time spent on each page; • information regarding referral source, payment source, information to the credit bureau, amount forproducts and services on a transaction and other related information; • your location data when you turn on location settings and use geo-tagging functions within our Apps.Some of our location-enabled Services require your personal data for the feature to work. If you wish touse location and geo-tagging services on our Apps, you will be asked to consent to your data being usedfor this purpose. You can withdraw your consent at any time by disabling Location Data in your App ordevice settings. • additional personal data that we may require you to provide us with as you use our Services; • information about your computer (or mobile device/tablet), including, where available, your IP address,operating system, device location, browser type and details, and online identifiers such as cookieidentification numbers, for system administration purposes, marketing purposes (both our own, and thirdparty advertisers for whom we provide advertising services) and to report aggregate information to ouradvertisers. This is statistical data about our users’ browsing actions and patterns, and any reports weshare do not identify any individuals; and • details of emails and other digital communications we send to you that you open, including any links inthem that you click on.
Personal data of children
Our Services, including the Sites and Apps, are not directed to children under the age of majority. We do notknowingly collect information, including personal data, from children or other individuals who are not legallyable to use our Sites and Services without a lawful basis for processing (which may include consent by theminor’s guardian or for the purposes of fulfilment of a contract). If we obtain actual knowledge that we have 1. collected personal data from a child under the age of majority, and there is no lawful basis for having suchpersonal data, we will promptly delete it unless we are legally obligated to retain such data. 2. Contact us if youbelieve that we have mistakenly or unintentionally collected information from a child under the age of majority.
Personal data obtained from others sources
We might also receive your personal data from third party sources who collect information about you on ourbehalf, such as specialist companies that supply information, retail partners and public registers. Thisincludes: • if you tell a third party that you would like to receive marketing communications from StayUpgrade, theywill securely transfer your contact details and marketing preferences to us; • if you log-in using your social network credentials to connect to any of our Services, such as Facebook,Google+ or Twitter, you will agree to share your user details with us, including, your name, email address,date of birth, location and any other information you choose to share with us; • if you complete any of our customer feedback questionnaires/surveys, the information you provide will beprocessed on our behalf and provided to us by a third party; and • if you provide feedback on us via a social media survey, the feedback, but not your personal data, will beprocessed by the social media platform and passed to us.
Personal data you provide about other individuals
We use personal data about other individuals provided by you in the course of providing you with theServices. By providing other people’s personal data, you must be sure that they agree to this and you are allowed orauthorised to provide it. You should also ensure that, where appropriate, they understand how their personaldata may be used by us.
Where is your data stored and who it's shared with
Your personal data is held on a combination of our own systems and systems of the suppliers we use toprovide our services. When you give your personal data to us, some of the personal data you provide will need to be given toand processed and stored by relevant third parties. These third parties include: • our carefully selected suppliers that carry out certain functions on our behalf, including our technology anddata management partners who help us to administer the Services, companies that help us with ITservices, storing and combining data, marketing, advertising campaign, and market research, companiesthat provide location services, and companies that help us to moderate the user-generated content toensure no harmful content is available on our Services; • other financial institutions that we have partnered with to jointly create and offer a product or service whomay only use this information to market and offer StayUpgrade related products, unless you have givenconsent for other uses; • our contact centre (including ‘live chat’) partners who provide services to support customer enquiries; and • an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses orany of our rights or obligations under any agreement we may have with you. If the transfer or sale goesahead, the organisation receiving your personal data can use your data in the same way as us. We may need to share personal data to establish, exercise or defend our legal rights, this includesproviding personal data to others for the purposes of preventing fraud and reducing credit risk. We maydo checks to confirm your identity. That is to help protect you from identity theft and other types of fraud,and to prevent and detect crime or money laundering. Once in a while we might run more checks withCRAs and FPAs to keep your information and your account up to date. If false or inaccurate information isprovided and identified as fraud, the details will be passed to FPAs. This information may also be sharedwith law enforcement agencies. Some of these third parties may be based outside of the UK or European Economic Area (“EEA”).
Organisations that are based outside of the UK or EEA may not be subject to the same level of controls in regard to data protection as exist within the UK and the EEA. We aim only to transfer your data to thirdparties outside of the UK or EEA where either: 1. your personal data will be subject to one or more appropriate safeguards set out in the law to make sureyour personal data remains adequately protected and that it is treated in line with this Privacy Policy. Ifyou’d like more information about our safeguards, please contact us. These safeguards might be the useof standard contractual clauses in a form approved by regulators, having our suppliers sign up to anindependent privacy scheme approved by regulators (like the US ‘Privacy Shield’ scheme), or otherappropriate measures; or 2. the transfer is necessary to enable your contract to be performed. Due to the decision of the UK leaving the EU, the way your data is transferred from the UK to othercountries may change to ensure continuing compliance with applicable data protection laws but it will notchange the security of your data. This will depend on the data protection rules in place for theinternational transfers of data outside of the UK once the UK has left the EU. When we share personal data with other organisations we require them to keep it safe, and they must notuse your personal data for their own marketing purposes. We only share the minimum personal data that enable our suppliers and retail partners to provide theirservices to you and us. We may share the minimum personal data necessary with other public authorities if the law says wemust, or we are legally allowed to do so.
How do we use your information when providing our service to you
1. In order to provide our services to you, we use the information we hold in a number of different ways. Weprocess your information where we have legal basis to do so, including because we have your consent or thatwe have a legitimate business reasons for doing so. We may use and process your personal data as set outbelow where it is necessary for us to carry out activities for which it is in our legitimate interests as abusiness to do so: • to manage and improve your experience; • to allow you to participate in interactive features of our Sites and Apps, when you choose to do so. Whenusing our Apps, you can choose not to use interactive features by changing your settings on the App itself; • to ensure that content from our Sites, Apps and systems is presented in the most effective manner for youand for your device; • to personalise your experience of our Services by ensuring only relevant and useful marketing material isvisible to you when using our services; or • to notify you about changes to our service; 1. to make contact and interact with you: • we want to serve you better as a customer so if you contact us, for example by email, post, and phone orvia social media, we may use personal data to provide clarification or assistance to you; and • we need to process your personal data so that we can manage any promotions and competitions youchoose to enter, including those we run with our suppliers and retail partners, for example, if you win aprize; and • to promote our business, and manage and improve our products, Services, and day-to-day operations: • to send marketing correspondence about products and services similar to those you have previouslybought from us or viewed on our App or Sites. You can opt out and object to our sending you electronicmarketing information and this option will be included in every marketing message we send you. See thesection ‘When and how do we use your information for marketing for more information’; • to monitor how our Services are used to help protect your personal data, detect and prevent fraud, othercrimes and the misuse of Services. This helps us to make sure that you can safely use our Services; • to respond to and to manage security operations; • to moderate content available on our Apps to ensure that no harmful content is made available on ourApps; • for internal research/analysis to improve the quality of our Services, • the products we offer and newproducts we are developing by: - inviting customers to take part in surveys, questionnaires, customer/business discussion groups or othermarket research activities; - using aggregated customer data to make informed decisions based on analysis of customer booking orother purchase trends and behaviours; and • to promote our business, brands and products and measure the reach and effectiveness of ourcampaigns: • to contact you with targeted advertising delivered online using Google DoubleClick and through socialmedia and other platforms operated by other companies. You may receive advertising based oninformation about you that we have provided to the platform or because, at our request, the platform hasidentified you as having similar attributes to the individuals whose details it has received from us. To findout more, please refer to the information provided in the help pages of the platforms on which you receiveadvertising from us; and • to obtain more information about you by sharing your personal data with technology companies orplatforms who may also hold information about you and can match their records with ours. We/thesecompanies may use cookies to match the personal data each of us hold about you (see further our CookiesPolicy). • We use this information in two ways: -we identify links between your attributes and your behaviours and market to others with the sameattributes, in our direct marketing campaigns and through targeted advertising delivered through ourSites, Apps or third party platforms, including social media channels; and -we tailor and personalise our interactions with you to make them more relevant to your interests. -Theseinteractions include your journey around our Sites and the content that appears on it and marketingcommunications we send or show to you in our direct marketing campaigns and through online targetedadvertising described in the paragraph above. Please see ‘How we personalise marketing for you’ formore information. • We may use and process your personal data, where we have your consent to do so, to send marketingcorrespondence about products and Services available from StayUpgrade and/or from our businesspartners/affiliates, where we have asked for your permission to do so. See the section ‘When and how dowe use your information for marketing for more information’. • We may use and process your personal data and may pass it to third parties where there is a legalrequirement for us to do so, including: -to respond to requests from any government body, law enforcement agency, court or regulatory authority,that requires us to disclose personal data in line with applicable data protection laws; or -for anti-money laundering and terrorist financing purposes. Processing subject to national laws: We may also use and process your personal data (including specialcategory data such as information on your health specifically for insurance purposes) where we have aspecific legal basis to do so under applicable data protection law.
Additional data provisions for banking transactions for customers in the EEA
In the event that the Services include a banking transaction, additional data regulations apply. These can be found in Schedule 1 of this Privacy Policy.
When and how do we use your information for marketing
If you have made an enquiry through one of our Services, your personal data may be used by us in theways applicable data protection law allows, to contact you by post, electronic means (e-mail or textmessage) and/or by phone with information and offers relating to our products or services. We will only dothis if you did not opt out of such marketing at the point where we collected your contact details. If you have not made an enquiry, we will only send you information and offers by e-mail or text message ifyou sign up (opt in) to receive such marketing, either directly through us or by telling a third party that youwould like to receive marketing from us. We will only send you information and offers by App pushnotifications if the permissions that are set in the Settings section of your device allow for this to happen. Ifyou do not wish to receive App push notifications, you can change your settings and opt-out at any time. We like to hear your views to help us to improve our products and Services, so we may contact you formarket research purposes. You always have the choice about whether to take part or continue in our market research.
How do we personalise our marketing to you
To try and ensure that our marketing communications and advertising are relevant to you, we work withthird parties to offer a better experience to customers and potential customers. Using new technologies and with the help of our advertising agencies and marketing activation platforms,we may use your personal data in the following ways: -to try to ensure any marketing communications we send to you are offering products or services likely tobe of interest to you. -to tailor and track our digital marketing (for example, our internet banner advertisements) and links fromour marketing partners’ websites to our Sites. This digital marketing may include marketing related toStayUpgrade or marketing related to business partners to whom we provide advertising services. -We monitor your usage and behavioural data to identify your interests.
-Where we identify that a productor service depicted in an advertisement aligns with your interests, we push those relevant advertisementsto you. -We maintain anonymised reports about the performance of the ads that appear in our Appsincluding information about how people interact with ads. Our business partners and advertising networks may serve you with non-personalised adverts on ourSites via advertising technology, including Google Double Click for Publishers. Non-personalised advertsare targeted using contextual information regarding the pages visited on our Site, rather than the pastbehaviour of a user. We allow third parties to collect information about your online activities using cookiesand other technologies. The third parties may include our affiliate companies, our suppliers/businesspartners who collect information when you view or interact with an advert on one of our Sites, andadvertising networks. We also collect information about your online activities using cookies and othertechnologies when you use websites other than our Sites to provide advertising services on behalf of our business partners. This technology allows us to display an advert to you relating to a business partner onother websites based on your page visits and other behaviours whilst on our Sites. Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on ourwebsites and mobile apps, and we use them to improve your customer experience. Please see our CookiesPolicy for more information.
What you need to do if you don't want our marketing communications
- You have the right at any time to ask us not to process your personal data for marketing purposes. - You can exercise your right to prevent such processing by selecting the ‘no marketing’ option on the forms weuse to collect your data. - You can also exercise this right at any later time by using the unsubscribe link onany marketing e-mail you receive, or by contacting us (see How to contact us). - You can opt out of App push notifications in the Settings section of your device.
Your right to access your personal data
You have the right to make a Data Subject Access Request in many circumstances. That is a request foraccess to the personal data that we hold about you. If we agree that we have to provide personal data toyou (or someone else on your behalf), we’ll provide it to you or them free of charge. We may ask for proof of identity and sufficient information about your interactions with us that we canlocate your personal data. If someone is acting on your behalf they will need to provide written and signedconfirmation from you that you have given your authority to that person/company for them to make therequest. We will ask for this to be provided before we give you (or another person acting on your behalf) acopy of any of your personal data we may be holding.
We may not provide you with a copy of yourpersonal data if it includes the personal data of other individuals or we have another lawful reason towithhold that information. Please see the section below titled ‘How to Contact Us’ if you
need to make a Data Subject AccessRequest.
Correcting and updating your personal data
The accuracy of your information is important to us and we are working on ways to make it easier for youto review and correct the information that we hold about you. In the meantime, if you change your name or address/e-mail address, or you discover that any of the otherinformation we hold is inaccurate or out of date, please let us know. It is your right to request correction ofthe personal data that we hold about you.
Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal data, as set out in sectionabove titled ‘How do we use your information when providing our services to you’, you may withdraw yourconsent at any time. If you would like to withdraw your consent to receiving any direct marketing to whichyou previously opted-in, please see the section titled ‘What you need to do if you don’t want our marketingcommunications’ for further details.
Objecting to our use of your personal data
You have a right to object to processing of your personal data where we rely on our legitimate businessinterests as the legal basis for processing your personal data for any purpose(s). You may object to us usingyour personal data for these purposes by e-mailing or writing to us at the address provided in the ‘How tocontact us’ section. Except for the purposes for which we are sure we can continue to process your personaldata, we will temporarily stop processing your personal data in line with your objection until we haveinvestigated the matter. If we agree that your objection is justified in accordance with your rights under dataprotection law, we will permanently stop using your data for those purposes. Otherwise we will provide youwith our justification as to why we need to continue using your data.
Erasing your personal data or restricting its processing
You have a right to request erasure of your personal data in certain circumstances. You may do so byasking for your personal data to be removed from our systems by e-mailing or writing to us provided inthe ‘How to contact us’ section. Provided we do not have any continuing lawful reason to continueprocessing or holding your personal data, we will make reasonable efforts to comply with your request. You also have a right to request that we restrict the processing of your personal data where you believe itis unlawful for us to do so, you have objected to its use and our investigation is pending or you require usto keep it in connection with legal proceedings. We may only process your personal data whilst itsprocessing is restricted if we have your consent or are legally permitted to do so, for example for storagepurposes, to protect the rights of another individual or company or in connection with legal proceedings. Where we rely on your consent as the legal basis for processing your personal data or need to process itin connection with your contract, as set out in the section titled ‘How do we use your data when providingour services to you’, you may ask us to provide you with a copy of that information in a structured data file. You have a right to request the transfer of your personal data to you or to a third party (for example,another service provider), and we will do so if this is technically possible. We will provide to you, or a thirdparty you have chosen, your personal data in a structured, commonly used, machine-readable format.Note that this right only applies to automated information which you initially provided consent for us touse or where we used the information to perform a contract with you. We may not provide you with acopy of your personal data if it contains the personal data of other individuals or we have another lawfulreason to withhold that information. We will erase your data, unless we have to keep it for legitimate business or legal purposes.
Making a complaint
We encourage you to contact us if you have a complaint and we will seek to resolve any issues orconcerns you may have. You have the right to lodge a complaint with the data protection regulator whereyou believe your legal rights have been infringed, or where you have reason to believe your personal datais being or has been used in a way that doesn’t comply with the law. The contact details for theInformation Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICOwebsite (ico.org.uk/). If you wish to contact us about this Privacy Policy, you can e-mail or write to us using the contact details inthe ‘How to contact us’ section.
How to contact us
You have a right to access your personal data by requesting a copy of the personal data we hold aboutyou, although you should be able to access online the personal data associated with your account orbooking. More information on your right to access your personal data is set out in Schedule Two below. Please include any details to help us identify and locate your personal data. Where we can provide dataaccess, we will do so free of charge except where further copies are requested in which case we maycharge a reasonable fee based on administrative costs. You can also contact us if you have a complaint about how we collect, store or use your personal data. Weaim to resolve complaints but if you are dissatisfied with our response, you may complain to theInformation Commissioner’s Office. To contact us about this Privacy Policy, to make a Data Subject AccessRequest, or a data protection related complaint, please submit your complaint or request: by email to: info@hupsale.com Please note that we may ask you to verify your identity before we can act on your request or complaint.We may also ask you for more information to help ensure that you are authorised to make such a requestor complaint when you contact us on behalf of someone else. Once you have made your request and provided us with the information we need to begin a search for thepersonal data we hold on you (including proof of identity), we will have 30 days to respond.
Keeping hold of your personal data
If you’ve made an enquiry, or agreed to receive marketing communications, your personal data will beretained to ensure we provide the best possible customer service to you. We retain your personal data foras long as is necessary for us to use your data as set out in this Privacy Policy. This will generally be for upto 2 years, or such other time that may be required for our legal and audit purposes or that is required bylaw. After this period, we will securely erase your personal data. If your personal data is needed after thisperiod for analytical, historical or other legitimate business purposes, we will take appropriate measuresto anonymise this personal data. If you’ve signed up for our App, the personal data that you provide to complete sign-up, sign-in andaccount maintenance will be retained for as long as your account is active. If you delete your account, wewill securely erase your personal data from our servers within 1 week. If you upload any content (including videos, photos, comments, and messages) to our App, that contentwill be retained for as long as your account is active or until such content is deleted by you, whichever issooner. If you provide any personal data to us for the purpose of completing a booking with us, such Personaldata will be retained indefinitely in order to allow you to access the details of any bookings you havemade with us, including upcoming and past bookings.
User engagement and behavioural data will be anonymised and stored for as long as is necessary for usto use your data as set out in this Privacy Policy. This will generally be for up to 5 years, or such other timethat may be required for our legal and audit purposes or that is required by law. After this period, we willsecurely erase your personal data.
What is our approach to data security
The transmission of information via the internet is not completely secure, and although we will do our best toprotect your personal data, we cannot guarantee the security of your data transmitted to our Services,therefore any transmission is at your own risk. Once we have received your information, we will take allreasonable steps to keep your personal data secure and to try to prevent any unauthorised access, use orloss of your data, by putting in place appropriate security measures and limiting access to those who have abusiness need to know. Where we have given you (or where you have chosen) a password which enables youto access certain parts of our Sites and Apps, you are responsible for keeping that password confidential. Weask you not to share a password with anyone. We have a process to deal with any suspected personal data breach and will notify you and the ICO of abreach where legally required to do so.
What happens when you follow a link from our website to a third party website
Our Services may contain links to and frames of websites of our principals, suppliers, advertisers and otherthird parties. You can tell when a third party is because their name will appear with ours. If you follow a linkor otherwise use any of these other websites, please note that these websites have their own privacy policiesand cookie policies and you should make sure that you read such policies carefully before providing anypersonal data on a third party’s website as we do not accept any responsibility or liability for these policies orfor these third party websites. Please check these policies before you submit any personal data to thesewebsites.
Social media features
Our Services may contain social media features such as Facebook, Twitter, Google+ and Pinterest that havetheir own privacy notices. Please make sure you read their terms and conditions and privacy notice carefullybefore providing any personal data as we do not accept any responsibility or liability for these features.
Changes to this privacy policy
This Privacy Policy replaces all previous versions. We reserve the right to update or alter this Privacy Policyfrom time to time so please check it regularly on our Sites for any updates. You can request a copy of aprevious version of our Privacy Policy. If the changes are significant, we will obtain your consent or provide aprominent notice on our Sites if and where this is required by applicable data protection laws.
Last update: May 2022
Schedule one - Additional provisions for banking transactions in the EEA
In order to provide the Services, certain of the information we collect (as set out in this Privacy Policy) may berequired to be transferred to other related companies or other entities, including those referred to in thissection in their capacity as payment providers, payment processors or account holders (or similar capacities).You acknowledge that according to their local legislation, such entities may be subject to laws, regulations,inquiries, investigations, or orders which may require the disclosure of information to the relevant authoritiesof the relevant country. Your use of the Services constitutes your consent to our transfer of such informationto provide you the Services.Specifically, you consent to and direct to disclose necessary information to: (i) the police and other lawenforcement agencies; (ii) security forces; (iii) competent governmental, intergovernmental or supranationalbodies; (iv) competent agencies, departments, regulatory authorities, self-regulatory authorities ororganisations, and other third parties, including companies, that: (a) we are legally compelled and permittedto comply with, including but without limitation the Luxembourg laws of 24 July 2015 on the US ForeignAccount Tax Compliance Act (“FATCA Law”) and 18 December 2015 on the OECD common reportingstandard (“CRS Law”); (b) we have reason to believe it is appropriate for us to cooperate with ininvestigations of fraud or other illegal activity or potential illegal activity; or (c) to conduct investigations ofviolations of our terms and conditions (including without limitation, your funding source or credit or debit cardprovider).If you are covered by the FATCA or CRS Law, we are required to give you notice of the information about youthat we may transfer to various authorities.We may also share, access and use (including from other countries) necessary information (including, withoutlimitation the information recorded by fraud prevention agencies) to help us and them assess and to managerisk (including, without limitation, to prevent fraud, money laundering and terrorist financing). Please contactus if you want to receive further details of the relevant fraud prevention agencies.
Schedule one - Lawful bases for the processing of personal data
Consent means processing your personal data where you have signified your agreement by a statement orclear opt-in to processing for a specific purpose. Consent will only be valid if it is a freely given, specific,informed and unambiguous indication of what you want. You can withdraw your consent at any time bycontacting us. Legitimate Interest means the interest of our business in conducting and managing our business to enable usto deliver the best services to you as well as to provide you with positive and secure experience. We makesure we consider and balance any potential impact on you (both positive and negative) and your rightsbefore we process your personal data for our legitimate interests. We do not use your personal data foractivities where our interests are outweighed by the potential negative impact on you (unless we have yourconsent or are otherwise required or permitted to by law). You can obtain further information about how weassess our legitimate interests against any potential impact on you in respect of specific activities bycontacting us.Performance of Contract means processing your data where it is necessary for the performance of a contractto which you are a party or to take steps at your request before entering into such a contract.Comply with a legal obligation means processing your personal data where it is necessary for us to complywith a legal obligation that we are subject to.
Privacy Policy
Hupsale is the data controller. We understand and respect the importance of protecting your personaldata. This Privacy Policy sets out the basis on which any personal data we collect from you, or that youprovide to us, will be processed by us, in respect of your relationship with us as a customer or a potentialcustomer. This information may be collected via our websites (“Sites”), our contact centres, our mobileapplications (“Apps”), our questionnaires/surveys, our representatives or appointed agents in overseasdestinations, or our social media channels (collectively, our “Services”).Please read the following information carefully. You are responsible for ensuring that (i) the other people thatyou are acting on behalf of are aware of the content of this Privacy Policy; and (ii) you have checked withthem that they agree to their personal data being given to us.By giving your personal data to us, we will transfer, store or process it as set out below. We will take allreasonably necessary steps to ensure that your data is treated securely and in accordance with this PrivacyPolicy and we take appropriate security measures to help protect your personal data from accidental lossand from unauthorised access, use, alteration and disclosure.The security of your data also depends on you. For example, where we have given you or where you havechosen a password for access to certain services, you are responsible for keeping this password confidential.
Reasons for collecting and using your personal data
We will only collect and use your personal data if at least one of the following conditions applies: we have your consent; • it is necessary for a contract with you or to take steps at your request prior to entering into a contract; • it is necessary for us to comply with a legal obligation; • it is necessary to protect your vital interests or those of another individual; • it is in the public interest or we have official authority to do so; or • it is in our or a third party’s legitimate interests and these are not overridden by your interests or rights. More information on the lawful bases upon which we may rely to process your personal data is set out in Schedule two below.
Personal data you give to us
When you register your details on our Services or connect with us, including by email, post and phone or through social media, you may provide us with your personal details, including your name, e-mail address, post code, date of birth, phone number, travel preferences, and your account login details, such as your username and the password you choose. If you enter a competition or promotion, complete a survey or questionnaire, or if you give feedback or contributions or report a problem with any of our Services, we will collect your name and relevant contact information and any other personal data you choose to give us. If you contact us online, we may keep a record of your e-mail or other correspondence, and if you call us by telephone, we may monitor and/or record phone conversations for training and customer service reasons. If you upload any content to our Apps by positing videos, photographs, comments, and messages, such content may include some of your personal data which we will be stored on our secure servers until you delete that content or your account. To help us keep your information current, accurate and complete, please ensure you tell us if any thing needs to be changed.
Personal data we collect and/or observe about you
Based on how you have used our Services in the past and your activity on our website, social media channels, or with our contact centre, we collect the following personal data about you: • details of the services we have provided to you in the past, including your previous travel arrangements ,such as holidays and other purchases, and matters related to those arrangements, such as details of your previous enquiries, requirements or complaints; • personal information about you based on how you use our Apps (behavioural and engagement data) for the purposes of personalising content that appears in the App; • information about your social preferences, interests and activities; • details of your visits to our Sites and Apps (including, but not limited to, traffic data, location data and weblogs) whether this is required for our own purposes or otherwise, and of the resources that you access, including information about when you click on one of our adverts, including those shown on other organisations’ websites. We use third party technology services, such as Google Analytics to administer these services;
• details of website(s) you visited before you use a link to our Sites and Apps, pages visited in our Sites andApps, and time spent on each page; • information regarding referral source, payment source, information to the credit bureau, amount forproducts and services on a transaction and other related information; • your location data when you turn on location settings and use geo-tagging functions within our Apps.Some of our location-enabled Services require your personal data for the feature to work. If you wish touse location and geo-tagging services on our Apps, you will be asked to consent to your data being usedfor this purpose. You can withdraw your consent at any time by disabling Location Data in your App ordevice settings. • additional personal data that we may require you to provide us with as you use our Services; • information about your computer (or mobile device/tablet), including, where available, your IP address,operating system, device location, browser type and details, and online identifiers such as cookieidentification numbers, for system administration purposes, marketing purposes (both our own, and thirdparty advertisers for whom we provide advertising services) and to report aggregate information to ouradvertisers. This is statistical data about our users’ browsing actions and patterns, and any reports weshare do not identify any individuals; and • details of emails and other digital communications we send to you that you open, including any links inthem that you click on.
Personal data of children
Our Services, including the Sites and Apps, are not directed to children under the age of majority. We do notknowingly collect information, including personal data, from children or other individuals who are not legallyable to use our Sites and Services without a lawful basis for processing (which may include consent by theminor’s guardian or for the purposes of fulfilment of a contract). If we obtain actual knowledge that we have 1. collected personal data from a child under the age of majority, and there is no lawful basis for having suchpersonal data, we will promptly delete it unless we are legally obligated to retain such data. 2. Contact us if youbelieve that we have mistakenly or unintentionally collected information from a child under the age of majority.
Personal data obtained from others sources
We might also receive your personal data from third party sources who collect information about you on ourbehalf, such as specialist companies that supply information, retail partners and public registers. Thisincludes: • if you tell a third party that you would like to receive marketing communications from StayUpgrade, theywill securely transfer your contact details and marketing preferences to us; • if you log-in using your social network credentials to connect to any of our Services, such as Facebook,Google+ or Twitter, you will agree to share your user details with us, including, your name, email address,date of birth, location and any other information you choose to share with us; • if you complete any of our customer feedback questionnaires/surveys, the information you provide will beprocessed on our behalf and provided to us by a third party; and • if you provide feedback on us via a social media survey, the feedback, but not your personal data, will beprocessed by the social media platform and passed to us.
Personal data you provide about other individuals
We use personal data about other individuals provided by you in the course of providing you with theServices. By providing other people’s personal data, you must be sure that they agree to this and you are allowed orauthorised to provide it. You should also ensure that, where appropriate, they understand how their personaldata may be used by us.
Where is your data stored and who it's shared with
Your personal data is held on a combination of our own systems and systems of the suppliers we use toprovide our services. When you give your personal data to us, some of the personal data you provide will need to be given toand processed and stored by relevant third parties. These third parties include: • our carefully selected suppliers that carry out certain functions on our behalf, including our technology anddata management partners who help us to administer the Services, companies that help us with ITservices, storing and combining data, marketing, advertising campaign, and market research, companiesthat provide location services, and companies that help us to moderate the user-generated content toensure no harmful content is available on our Services; • other financial institutions that we have partnered with to jointly create and offer a product or service whomay only use this information to market and offer StayUpgrade related products, unless you have givenconsent for other uses; • our contact centre (including ‘live chat’) partners who provide services to support customer enquiries; and • an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses orany of our rights or obligations under any agreement we may have with you. If the transfer or sale goesahead, the organisation receiving your personal data can use your data in the same way as us. We may need to share personal data to establish, exercise or defend our legal rights, this includesproviding personal data to others for the purposes of preventing fraud and reducing credit risk. We maydo checks to confirm your identity. That is to help protect you from identity theft and other types of fraud,and to prevent and detect crime or money laundering. Once in a while we might run more checks withCRAs and FPAs to keep your information and your account up to date. If false or inaccurate information isprovided and identified as fraud, the details will be passed to FPAs. This information may also be sharedwith law enforcement agencies. Some of these third parties may be based outside of the UK or European Economic Area (“EEA”).
Organisations that are based outside of the UK or EEA may not be subject to the same level of controls in regard to data protection as exist within the UK and the EEA. We aim only to transfer your data to thirdparties outside of the UK or EEA where either: 1. your personal data will be subject to one or more appropriate safeguards set out in the law to make sureyour personal data remains adequately protected and that it is treated in line with this Privacy Policy. Ifyou’d like more information about our safeguards, please contact us. These safeguards might be the useof standard contractual clauses in a form approved by regulators, having our suppliers sign up to anindependent privacy scheme approved by regulators (like the US ‘Privacy Shield’ scheme), or otherappropriate measures; or 2. the transfer is necessary to enable your contract to be performed. Due to the decision of the UK leaving the EU, the way your data is transferred from the UK to othercountries may change to ensure continuing compliance with applicable data protection laws but it will notchange the security of your data. This will depend on the data protection rules in place for theinternational transfers of data outside of the UK once the UK has left the EU. When we share personal data with other organisations we require them to keep it safe, and they must notuse your personal data for their own marketing purposes. We only share the minimum personal data that enable our suppliers and retail partners to provide theirservices to you and us. We may share the minimum personal data necessary with other public authorities if the law says wemust, or we are legally allowed to do so.
How do we use your information when providing our service to you
1. In order to provide our services to you, we use the information we hold in a number of different ways. Weprocess your information where we have legal basis to do so, including because we have your consent or thatwe have a legitimate business reasons for doing so. We may use and process your personal data as set outbelow where it is necessary for us to carry out activities for which it is in our legitimate interests as abusiness to do so: • to manage and improve your experience; • to allow you to participate in interactive features of our Sites and Apps, when you choose to do so. Whenusing our Apps, you can choose not to use interactive features by changing your settings on the App itself; • to ensure that content from our Sites, Apps and systems is presented in the most effective manner for youand for your device; • to personalise your experience of our Services by ensuring only relevant and useful marketing material isvisible to you when using our services; or • to notify you about changes to our service; 1. to make contact and interact with you: • we want to serve you better as a customer so if you contact us, for example by email, post, and phone orvia social media, we may use personal data to provide clarification or assistance to you; and • we need to process your personal data so that we can manage any promotions and competitions youchoose to enter, including those we run with our suppliers and retail partners, for example, if you win aprize; and • to promote our business, and manage and improve our products, Services, and day-to-day operations: • to send marketing correspondence about products and services similar to those you have previouslybought from us or viewed on our App or Sites. You can opt out and object to our sending you electronicmarketing information and this option will be included in every marketing message we send you. See thesection ‘When and how do we use your information for marketing for more information’; • to monitor how our Services are used to help protect your personal data, detect and prevent fraud, othercrimes and the misuse of Services. This helps us to make sure that you can safely use our Services; • to respond to and to manage security operations; • to moderate content available on our Apps to ensure that no harmful content is made available on ourApps; • for internal research/analysis to improve the quality of our Services, • the products we offer and newproducts we are developing by: - inviting customers to take part in surveys, questionnaires, customer/business discussion groups or othermarket research activities; - using aggregated customer data to make informed decisions based on analysis of customer booking orother purchase trends and behaviours; and • to promote our business, brands and products and measure the reach and effectiveness of ourcampaigns: • to contact you with targeted advertising delivered online using Google DoubleClick and through socialmedia and other platforms operated by other companies. You may receive advertising based oninformation about you that we have provided to the platform or because, at our request, the platform hasidentified you as having similar attributes to the individuals whose details it has received from us. To findout more, please refer to the information provided in the help pages of the platforms on which you receiveadvertising from us; and • to obtain more information about you by sharing your personal data with technology companies orplatforms who may also hold information about you and can match their records with ours. We/thesecompanies may use cookies to match the personal data each of us hold about you (see further our CookiesPolicy). • We use this information in two ways: -we identify links between your attributes and your behaviours and market to others with the sameattributes, in our direct marketing campaigns and through targeted advertising delivered through ourSites, Apps or third party platforms, including social media channels; and -we tailor and personalise our interactions with you to make them more relevant to your interests. -Theseinteractions include your journey around our Sites and the content that appears on it and marketingcommunications we send or show to you in our direct marketing campaigns and through online targetedadvertising described in the paragraph above. Please see ‘How we personalise marketing for you’ formore information. • We may use and process your personal data, where we have your consent to do so, to send marketingcorrespondence about products and Services available from StayUpgrade and/or from our businesspartners/affiliates, where we have asked for your permission to do so. See the section ‘When and how dowe use your information for marketing for more information’. • We may use and process your personal data and may pass it to third parties where there is a legalrequirement for us to do so, including: -to respond to requests from any government body, law enforcement agency, court or regulatory authority,that requires us to disclose personal data in line with applicable data protection laws; or -for anti-money laundering and terrorist financing purposes. Processing subject to national laws: We may also use and process your personal data (including specialcategory data such as information on your health specifically for insurance purposes) where we have aspecific legal basis to do so under applicable data protection law.
Additional data provisions for banking transactions for customers in the EEA
In the event that the Services include a banking transaction, additional data regulations apply. These can be found in Schedule 1 of this Privacy Policy.
When and how do we use your information for marketing
If you have made an enquiry through one of our Services, your personal data may be used by us in theways applicable data protection law allows, to contact you by post, electronic means (e-mail or textmessage) and/or by phone with information and offers relating to our products or services. We will only dothis if you did not opt out of such marketing at the point where we collected your contact details. If you have not made an enquiry, we will only send you information and offers by e-mail or text message ifyou sign up (opt in) to receive such marketing, either directly through us or by telling a third party that youwould like to receive marketing from us. We will only send you information and offers by App pushnotifications if the permissions that are set in the Settings section of your device allow for this to happen. Ifyou do not wish to receive App push notifications, you can change your settings and opt-out at any time. We like to hear your views to help us to improve our products and Services, so we may contact you formarket research purposes. You always have the choice about whether to take part or continue in our market research.
How do we personalise our marketing to you
To try and ensure that our marketing communications and advertising are relevant to you, we work withthird parties to offer a better experience to customers and potential customers. Using new technologies and with the help of our advertising agencies and marketing activation platforms,we may use your personal data in the following ways: -to try to ensure any marketing communications we send to you are offering products or services likely tobe of interest to you. -to tailor and track our digital marketing (for example, our internet banner advertisements) and links fromour marketing partners’ websites to our Sites. This digital marketing may include marketing related toStayUpgrade or marketing related to business partners to whom we provide advertising services. -We monitor your usage and behavioural data to identify your interests.
-Where we identify that a productor service depicted in an advertisement aligns with your interests, we push those relevant advertisementsto you. -We maintain anonymised reports about the performance of the ads that appear in our Appsincluding information about how people interact with ads. Our business partners and advertising networks may serve you with non-personalised adverts on ourSites via advertising technology, including Google Double Click for Publishers. Non-personalised advertsare targeted using contextual information regarding the pages visited on our Site, rather than the pastbehaviour of a user. We allow third parties to collect information about your online activities using cookiesand other technologies. The third parties may include our affiliate companies, our suppliers/businesspartners who collect information when you view or interact with an advert on one of our Sites, andadvertising networks. We also collect information about your online activities using cookies and othertechnologies when you use websites other than our Sites to provide advertising services on behalf of our business partners. This technology allows us to display an advert to you relating to a business partner onother websites based on your page visits and other behaviours whilst on our Sites. Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device. Cookies help us to provide important features and functionality on ourwebsites and mobile apps, and we use them to improve your customer experience. Please see our CookiesPolicy for more information.
What you need to do if you don't want our marketing communications
- You have the right at any time to ask us not to process your personal data for marketing purposes. - You can exercise your right to prevent such processing by selecting the ‘no marketing’ option on the forms weuse to collect your data. - You can also exercise this right at any later time by using the unsubscribe link onany marketing e-mail you receive, or by contacting us (see How to contact us). - You can opt out of App push notifications in the Settings section of your device.
Your right to access your personal data
You have the right to make a Data Subject Access Request in many circumstances. That is a request for access to the personal data that we hold about you. If we agree that we have to provide personal data to you (or someone else on your behalf), we’ll provide it to you or them free of charge. We may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal data. If someone is acting on your behalf they will need to provide written and signed confirmation from you that you have given your authority to that person/company for them to make the request. We will ask for this to be provided before we give you (or another person acting on your behalf) a copy of any of your personal data we may be holding. We may not provide you with a copy of your personal data if it includes the personal data of other individuals or we have another lawful reason to with hold that information. Please see the section below titled ‘How to Contact Us’ if you need to make a Data Subject AccessRequest.
Correcting and updating your personal data
The accuracy of your information is important to us and we are working on ways to make it easier for youto review and correct the information that we hold about you. In the meantime, if you change your name or address/e-mail address, or you discover that any of the otherinformation we hold is inaccurate or out of date, please let us know. It is your right to request correction ofthe personal data that we hold about you.
Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal data, as set out in sectionabove titled ‘How do we use your information when providing our services to you’, you may withdraw yourconsent at any time. If you would like to withdraw your consent to receiving any direct marketing to whichyou previously opted-in, please see the section titled ‘What you need to do if you don’t want our marketingcommunications’ for further details.
Objecting to our use of your personal data
You have a right to object to processing of your personal data where we rely on our legitimate businessinterests as the legal basis for processing your personal data for any purpose(s). You may object to us usingyour personal data for these purposes by e-mailing or writing to us at the address provided in the ‘How tocontact us’ section. Except for the purposes for which we are sure we can continue to process your personaldata, we will temporarily stop processing your personal data in line with your objection until we haveinvestigated the matter. If we agree that your objection is justified in accordance with your rights under dataprotection law, we will permanently stop using your data for those purposes. Otherwise we will provide youwith our justification as to why we need to continue using your data.
Erasing your personal data or restricting its processing
You have a right to request erasure of your personal data in certain circumstances. You may do so byasking for your personal data to be removed from our systems by e-mailing or writing to us provided inthe ‘How to contact us’ section. Provided we do not have any continuing lawful reason to continueprocessing or holding your personal data, we will make reasonable efforts to comply with your request. You also have a right to request that we restrict the processing of your personal data where you believe itis unlawful for us to do so, you have objected to its use and our investigation is pending or you require usto keep it in connection with legal proceedings. We may only process your personal data whilst itsprocessing is restricted if we have your consent or are legally permitted to do so, for example for storagepurposes, to protect the rights of another individual or company or in connection with legal proceedings. Where we rely on your consent as the legal basis for processing your personal data or need to process itin connection with your contract, as set out in the section titled ‘How do we use your data when providingour services to you’, you may ask us to provide you with a copy of that information in a structured data file. You have a right to request the transfer of your personal data to you or to a third party (for example,another service provider), and we will do so if this is technically possible. We will provide to you, or a thirdparty you have chosen, your personal data in a structured, commonly used, machine-readable format.Note that this right only applies to automated information which you initially provided consent for us touse or where we used the information to perform a contract with you. We may not provide you with acopy of your personal data if it contains the personal data of other individuals or we have another lawfulreason to withhold that information. We will erase your data, unless we have to keep it for legitimate business or legal purposes.
Making a complaint
We encourage you to contact us if you have a complaint and we will seek to resolve any issues orconcerns you may have. You have the right to lodge a complaint with the data protection regulator whereyou believe your legal rights have been infringed, or where you have reason to believe your personal datais being or has been used in a way that doesn’t comply with the law. The contact details for theInformation Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICOwebsite (ico.org.uk/). If you wish to contact us about this Privacy Policy, you can e-mail or write to us using the contact details inthe ‘How to contact us’ section.
How to contact us
You have a right to access your personal data by requesting a copy of the personal data we hold aboutyou, although you should be able to access online the personal data associated with your account orbooking. More information on your right to access your personal data is set out in Schedule Two below. Please include any details to help us identify and locate your personal data. Where we can provide dataaccess, we will do so free of charge except where further copies are requested in which case we maycharge a reasonable fee based on administrative costs. You can also contact us if you have a complaint about how we collect, store or use your personal data. Weaim to resolve complaints but if you are dissatisfied with our response, you may complain to theInformation Commissioner’s Office. To contact us about this Privacy Policy, to make a Data Subject AccessRequest, or a data protection related complaint, please submit your complaint or request: by email to: info@hupsale.com Please note that we may ask you to verify your identity before we can act on your request or complaint.We may also ask you for more information to help ensure that you are authorised to make such a requestor complaint when you contact us on behalf of someone else. Once you have made your request and provided us with the information we need to begin a search for thepersonal data we hold on you (including proof of identity), we will have 30 days to respond.
Keeping hold of your personal data
If you’ve made an enquiry, or agreed to receive marketing communications, your personal data will beretained to ensure we provide the best possible customer service to you. We retain your personal data foras long as is necessary for us to use your data as set out in this Privacy Policy. This will generally be for upto 2 years, or such other time that may be required for our legal and audit purposes or that is required bylaw. After this period, we will securely erase your personal data. If your personal data is needed after thisperiod for analytical, historical or other legitimate business purposes, we will take appropriate measuresto anonymise this personal data. If you’ve signed up for our App, the personal data that you provide to complete sign-up, sign-in andaccount maintenance will be retained for as long as your account is active. If you delete your account, wewill securely erase your personal data from our servers within 1 week. If you upload any content (including videos, photos, comments, and messages) to our App, that contentwill be retained for as long as your account is active or until such content is deleted by you, whichever issooner. If you provide any personal data to us for the purpose of completing a booking with us, such Personaldata will be retained indefinitely in order to allow you to access the details of any bookings you havemade with us, including upcoming and past bookings.
User engagement and behavioural data will be anonymised and stored for as long as is necessary for usto use your data as set out in this Privacy Policy. This will generally be for up to 5 years, or such other timethat may be required for our legal and audit purposes or that is required by law. After this period, we willsecurely erase your personal data.
What is our approach to data security
The transmission of information via the internet is not completely secure, and although we will do our best toprotect your personal data, we cannot guarantee the security of your data transmitted to our Services,therefore any transmission is at your own risk. Once we have received your information, we will take allreasonable steps to keep your personal data secure and to try to prevent any unauthorised access, use orloss of your data, by putting in place appropriate security measures and limiting access to those who have abusiness need to know. Where we have given you (or where you have chosen) a password which enables youto access certain parts of our Sites and Apps, you are responsible for keeping that password confidential. Weask you not to share a password with anyone. We have a process to deal with any suspected personal data breach and will notify you and the ICO of abreach where legally required to do so.
What happens when you follow a link from our website to a third party website
Our Services may contain links to and frames of websites of our principals, suppliers, advertisers and otherthird parties. You can tell when a third party is because their name will appear with ours. If you follow a linkor otherwise use any of these other websites, please note that these websites have their own privacy policiesand cookie policies and you should make sure that you read such policies carefully before providing anypersonal data on a third party’s website as we do not accept any responsibility or liability for these policies orfor these third party websites. Please check these policies before you submit any personal data to thesewebsites.
Social media features
Our Services may contain social media features such as Facebook, Twitter, Google+ and Pinterest that havetheir own privacy notices. Please make sure you read their terms and conditions and privacy notice carefullybefore providing any personal data as we do not accept any responsibility or liability for these features.
Changes to this privacy policy
This Privacy Policy replaces all previous versions. We reserve the right to update or alter this Privacy Policyfrom time to time so please check it regularly on our Sites for any updates. You can request a copy of aprevious version of our Privacy Policy. If the changes are significant, we will obtain your consent or provide aprominent notice on our Sites if and where this is required by applicable data protection laws.
Last update: May 2022
Schedule one - Additional provisions for banking transactions in the EEA
In order to provide the Services, certain of the information we collect (as set out in this Privacy Policy) may berequired to be transferred to other related companies or other entities, including those referred to in thissection in their capacity as payment providers, payment processors or account holders (or similar capacities).You acknowledge that according to their local legislation, such entities may be subject to laws, regulations,inquiries, investigations, or orders which may require the disclosure of information to the relevant authoritiesof the relevant country. Your use of the Services constitutes your consent to our transfer of such informationto provide you the Services.Specifically, you consent to and direct to disclose necessary information to: (i) the police and other lawenforcement agencies; (ii) security forces; (iii) competent governmental, intergovernmental or supranationalbodies; (iv) competent agencies, departments, regulatory authorities, self-regulatory authorities ororganisations, and other third parties, including companies, that: (a) we are legally compelled and permittedto comply with, including but without limitation the Luxembourg laws of 24 July 2015 on the US ForeignAccount Tax Compliance Act (“FATCA Law”) and 18 December 2015 on the OECD common reportingstandard (“CRS Law”); (b) we have reason to believe it is appropriate for us to cooperate with ininvestigations of fraud or other illegal activity or potential illegal activity; or (c) to conduct investigations ofviolations of our terms and conditions (including without limitation, your funding source or credit or debit cardprovider).If you are covered by the FATCA or CRS Law, we are required to give you notice of the information about youthat we may transfer to various authorities.We may also share, access and use (including from other countries) necessary information (including, withoutlimitation the information recorded by fraud prevention agencies) to help us and them assess and to managerisk (including, without limitation, to prevent fraud, money laundering and terrorist financing). Please contactus if you want to receive further details of the relevant fraud prevention agencies.
Schedule one - Lawful bases for the processing of personal data
Consent means processing your personal data where you have signified your agreement by a statement orclear opt-in to processing for a specific purpose. Consent will only be valid if it is a freely given, specific,informed and unambiguous indication of what you want. You can withdraw your consent at any time bycontacting us. Legitimate Interest means the interest of our business in conducting and managing our business to enable usto deliver the best services to you as well as to provide you with positive and secure experience. We makesure we consider and balance any potential impact on you (both positive and negative) and your rightsbefore we process your personal data for our legitimate interests. We do not use your personal data foractivities where our interests are outweighed by the potential negative impact on you (unless we have yourconsent or are otherwise required or permitted to by law). You can obtain further information about how weassess our legitimate interests against any potential impact on you in respect of specific activities bycontacting us.Performance of Contract means processing your data where it is necessary for the performance of a contractto which you are a party or to take steps at your request before entering into such a contract.Comply with a legal obligation means processing your personal data where it is necessary for us to complywith a legal obligation that we are subject to.