Privacy policy
1. Background
- This privacy policy sets out how we use your personal data and what your rights are in respect of it.
- We may change this privacy policy from time to time. If we make significant changes in the way we treat your personal information, or to the privacy policy, we will make that clear on this website, or by some other means such as email, so that you are able to review the changes before you continue to use our website.
- This page was last updated on 6th May 2020.
2. Our details
- We are Feefo Holdings Limited, a limited company registered in England with the company registration number 7191962 and our registered address at Feefo Holdings Ltd, Feefo Barn, Heath Farm, Heath Road East, Petersfield, Hampshire, GU31 4HT.
- If you wish to contact us in relation to this policy, or data protection generally, please contact us by:
- telephone on 0203 362 4209;
- email on gdprcompliance@feefo.com; or
- post using the address above.
3. Our relationship to you and your personal data
- Our legal status in relation to you and your personal data differs, depending on where you are in the review process, which we explain in this section. You should contact the “controller” of your data, as indicated below.
Emails and/or SMS inviting you to submit a review Here, we act as data processor, solely on behalf and on the instruction of the merchant/retailer.
Where we email you or send you an SMS to ask you to submit a review in respect of a merchant/retailer’s product or service, that merchant/retailer has given us your name and email address and/or mobile telephone number, and asked us to send you such email and/or SMS.
We will not use your name, email address or mobile telephone number for any other purpose, unless we already hold it in respect of a review (see paragraph 3.2 below). Even where we already hold your name, email address or mobile telephone number, we will only invite you to submit a review where the merchant/retailer has provided the same name, email address or mobile telephone number. - When you visit our website, and your review itself (and any other data you submit with it)
Here, we act as data controller.
When you visit our website, we will automatically collect certain personal data using cookies and your IP address.
We may also collect personal data contained in any forms you submit to our website, including the details of any review you submit.
The purposes for which we use your personal data are set out in the table below.
Please note that merchant/retailer will also be a data controller of review data, and you may need to contact both us and the merchant/retailer to exercise rights in respect of your personal data.
4. Who you should contact in relation to your personal data and your rights
- Where Feefo is the “controller”, as set out in paragraph 3 above, you should direct any queries you have in relation to your personal data to Feefo.
- Where Feefo is the “processor”, as set out in paragraph 3 above, you should direct any queries you have in relation to your personal data to the merchant/retailer in question.
5. The processing
- This privacy policy applies to customers of merchants/retailers that use our services, and visitors to our website.
- Where a row is tinted grey, we carry out that activity as the data processor of a merchant/retailer, and any queries you have in relation to such activity should be directed to the merchant/retailer.
- The table below sets out the personal data that we will collect, why we collect it, the legal basis on which we rely and how long we will keep it.
- Where multiple retention periods apply to the same personal data, the retention period will be the longest one (although we will stop using such personal data for a purpose when the retention period for that purpose expires).
- Where our legal basis for processing is legitimate interests, you may have the right to object to our processing (see the section titled “Objecting to legitimate interests processing” below).
- Other than the personal data set out above, we also collect certain non personal data, which might derive from personal data. For instance, we may aggregate statistics about trends in buying habits, or trends in user sentiment. Unless it is impossible to re-identify you from this information, we will treat it as personal data.
Type of data |
Purpose |
Legal basis for the processing |
How long we keep it |
Your name, email address and/or mobile telephone number.
|
To invite you to submit a review in respect of a product or service, on the instruction of a merchant/retailer.
|
As a data processor, we are not responsible for establishing a legal basis.
The merchant/retailer, as data controller, must have a legal basis. |
Until the earlier of:
• the merchant/retailer instructing us to delete it; and
• the expiry or termination of our contract with the merchant/retailer.
In some cases we may keep it for longer, for instance where we are required to by law or need it to bring or defend a legal claim. |
Review data, including the product or service you bought, your name and location (if you provide them), email address, a customer service star rating, a product star rating and any free text you enter as part of your review.
|
To publish your review on our website.
Note: where you have asked us to keep your review anonymous, we won’t publish identifying information about you. |
Necessary for our legitimate interest of publishing reviews submitted in respect of our merchant/retailer clients.
|
We keep your data for the length of the contract we have with our customer as this is used for statistical purposes. |
To supply the relevant merchant/retailer a feed of reviews.
Note: where you have asked us to keep your review anonymous, we won’t provide your name.
|
Necessary for our legitimate interest of fulfilling our contract with the merchant/retailer.
Necessary for the merchant/retailer’s legitimate interest in (a) carrying out market research to improve its customer experience, products and/or services; and (b) promoting its products and services with positive customer reviews. |
|
|
For the merchant/retailer to publish your review on its website, marketing collateral and social media profiles.
Note: where you have asked us to keep your review anonymous, the merchant/retailer won’t publish your name |
Necessary for the merchant/retailer’s legitimate interest in (a) carrying out market research to improve its customer experience, products and/or services; and (b) promoting its products and services with positive customer reviews.
|
|
|
To generate aggregated/anonymised statistics.
Note: which we may publish publicly or make available to third parties. However, such aggregated/anonymised statistics are not in themselves personal data, as you will not be identifiable from them. |
Necessary for our legitimate interest of carrying out market research, for example only to analyse buying trends or customer sentiment.
|
|
|
Potentially all personal data we hold about you, depending on the nature of the dispute |
To bring or defend legal claims.
|
Our legitimate interest of bringing and/or defending legal claims.
|
|
Your IP address, the web site from which you visit us, the web pages you actually visit and the date and length of your visit. |
To understand how visitors use our website. |
Necessary for our legitimate interest of optimising and improving our website. |
We keep your data for the length of the contract we have with our customer as this is used for statistical purposes or for a maximum of 6 years. |
To help us secure and manage the performance of our websites. |
Necessary for our legitimate interest of securing and managing the performance of our websites. |
|
|
Your name and email address |
To send you marketing emails which we think will be of interest to you. |
Your opt-in consent or because it is necessary for our legitimate interest of keeping you informed about our business and services. |
Until you withdraw your consent and/or notify us that you no longer wish to receive our marketing emails. |
6. Where we obtain your personal data from
We obtain your personal data in the following ways:
- from merchants/retailers (although we do so as their data processor);
- directly from you, for instance where you submit something to our website, communicate with us, or otherwise voluntarily providing personal data to us; and
- from your accounts on other online services, where you give us permission to do so. For instance, if you use Google, Facebook or Twitter to log into our website or grant us access to data they hold, we may obtain some information from those services;
- Google Content API – with your explicit authorisation Feefo use the Google Content API to retrieve product inventory data held in Google’s Merchant Center to supplement the transactional data you provide directly to Feefo. This data is used to enrich the end user experience when submitting/reading reviews through the display of extended product information and media content; to supplement Feefo’s product rating feed to Google with global identification data and to support analytical segmentation within the Feefo Hub. As part of the authorisation process Feefo will also receive Google user profile information which is used to maintain and manage your connection. Feefo’s access to your profile and product content can be revoked at any point via your Feefo Hub account or by request to the Feefo Support team.
- automatically when you use our website. For instance:
- like most websites, we use cookies (which are smaller text files sent between your web browser and our services) to provide or improve certain functionality and to track which of our pages you visit (see our the “Cookies” section below for more information); and
- our web server automatically collects certain information about your use of our website, for instance some key settings on your device, what type of device you are using, the operating system on your device, the website from which you came and your IP address.
7. Persons with whom we may share your data:
- All review data is shared with the merchant in respect of which you submitted a review.
- In general, internal access to your personal data will be restricted to those who have a need to access it in order to carry out their duties (for example our customer services team).
- However, we will also share your personal data with the following external third parties in some circumstances:
- fraud prevention agencies or other third parties that assist us in preventing fraud or other forms of risk;
- regulators such as the ICO, and government authorities such as HMRC or the police, if we are required to do so by law or if the regulator or authority requests it and we regard that request as reasonable or are required to comply by law;
- our insurers, legal advisers or other third parties who need access to it in the context of managing, investigating or defending claims or complaints;
- other businesses in connection with re-organisations, mergers and acquisitions of all or part of our business;
- organisations that process your data on our behalf who are not allowed to use your data for any other purpose, for instance our web hosts;
- other companies within our group, for instance where they provide us services; and
- where you have consented to do us doing so.
- Where we share your personal data with our service providers, we have contracts with those service providers setting out how they must handle your personal data, including not to use your personal data other than in accordance with our instructions.
- Where we have been able to full anonymise personal data, we may share that anonymised data with third parties, for instance our merchants/retailers to share market trends or consumer sentiment, or in PR material that we publish.
8. Solely automated decision making
We do not make any solely automated decisions based on personal data with legal or similarly significant effects.
9. Transfers outside of the EEA
- In certain limited circumstances, we may export personal data outside of the European Economic Area for processing, and we may use third party service providers who do the same.
- We only do that if there is a good reason to do it and where either:
- there are adequate safeguards in place (such as the appropriate contractual arrangements with suppliers, or adequacy decisions, depending on the destination country). To obtain a copy of the safeguards which apply, please contact us using the information in paragraph 2 above; or
- we are otherwise permitted by data protection law (for instance, where you consent or such transfer is necessary to provide our service to you).
10. Withdrawing consent
- Where we process your personal data on the basis of consent for marketing purposes, you can withdraw your consent in one of the following ways:
- by visiting www.feefo.com/consent (note, you may need to login to verify your identity);
- by following the unsubscribe link which we include in all of the electronic marketing we send; or
- by contacting our customer services team using the email address consent@feefo.com.
11. Objecting to our legitimate interests processing
- Where we process your personal data on the basis of our legitimate interests for direct marketing purposes, you always have the right to object to that processing. To object to direct marketing either follow the instructions for withdrawing marketing consent in the section above or contact us using the details at the top of this policy.
- You have the right to object to other processing on the basis of our legitimate interests, but we might not have to cease processing where you do so if either:
- we are able to demonstrate compelling legitimate grounds for the processing which override your interests; or
- where that legitimate interest is the establishment, exercise or defence of legal claims.
To object to legitimate interests processing, please contact us using the details at the top of this policy.
12. Your rights
The law gives you certain rights in respect of the personal data that we hold, which you should be aware of:
- You have the right to obtain your personal data from us except in limited circumstances. Where we provide it, the first copy will be free of charge, but we reserve the right to charge a small fee for additional requests;
- You have the right to require us to rectify any inaccurate personal data we hold concerning you;
- Taking into account the purposes of the processing, you may also have the right to have incomplete personal data completed, by means of providing a supplementary statement or otherwise;
- You have the right to require us to erase your personal data on certain limited grounds (including where they are no longer necessary for the purpose for which they were collected or where we rely on consent, which you withdraw, and there is no other legal ground for the processing);
- Where we process personal data either on the basis of consent or contractual necessity, you provided the personal data to us, and we process that personal data by automated means, you have the right to require us to give you your data in a commonly used electronic format;
- You have the right to object to our processing of personal data which we process on the grounds of our legitimate interests, as detailed in the paragraph titled “Objecting to our legitimate interest processing” above;
- You have the right to require us to restrict the processing of your personal data on certain grounds, including where:
- you contest the accuracy of the personal data and want us to restrict processing of your personal data while we verify its accuracy;
- the processing is unlawful, but you request a restriction of the processing rather than erasure;
- we (as controller) no longer need the data for the purposes of the processing, but you have told us you require us to retain that personal data for you to establish, exercise or defend legal claims; or
- you have objected to us processing your personal data on grounds of legitimate interests and want us to restrict processing of your personal data while we consider your objection.
- If you would like to exercise any of these rights, please contact us using the details set out at the top of this policy.
13. If we can’t remedy an issue you have
Should you have any complaints or issue with our treatment of your personal data, you may lodge a complaint with the Information Commissioner’s Office (ico.org.uk).
14. Cookies
- We use cookies when you visit our site. Cookies are small text files placed on your browser, typically made up of text and numbers. Those text and numbers will correspond with a record on our webserver, which can contain information about you or your website visit.
- We may use other technologies that allow us to do similar things where more appropriate to do so. For instance we may use “tracking pixels” which are tiny image files that are used to track your movements across our website.
- There are five main types of cookies – here’s how and why we use them.
- Site functionality cookies – these cookies allow you to navigate the site and use our features;
- Site analytics cookies – these cookies allow us to measure and analyse how our customers use the site, to improve both its functionality and your experience.
- Customer preference cookies – when you are browsing or shopping on our website these cookies will remember your preferences, so we can make your experience as seamless as possible, and more personal to you.
- Targeting or advertising cookies – these cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.
- Third party functionality cookies. We include third party services on our website to allow you to interact with them whilst on our website. In doing so, such third parties pay place cookies on your device to enable their functionality. Examples may include LinkedIn, Facebook, Twitter and Instagram.
- By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies. Further information about cookies can be found at https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/.
- Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site.