This Privacy Policy applies to Next Jump Inc. and its wholly owned UK subsidiary Next Jump Limited ("Next Jump"),
and to any member of our Perks at Work website. In this Privacy Policy, Personal Data means any information that
identifies or could identify a living individual. This Policy sets forth the standards under which Next Jump will
treat Personal Data.
Next Jump will be the data controller of your Personal Data that is processed by us. Next Jump Inc. is a company
incorporated in the State of Delaware with registered office at 261 Fifth Avenue, New York, N.Y., 10016 , and its UK
representative is Next Jump Limited. Next Jump Limited is a company incorporated in England with registered office
at 99 Waterloo Road, London, SE1 8XP, UK. Next Jump Limited is registered as a data controller with the UK
Information Commissioner's Office (ICO) under registration number Z2001110. Please see the Contact Us section at the
end of this Privacy Policy for information on how to contact Next Jump.
Next Jump ("Next Jump", "we", "us" or "our") is committed to protecting your privacy. This Privacy Policy sets out
what data we collect, how we use that data and the choices we offer you, including how to access and update your
information.
When you sign up for Perks at Work, we provide you with a program that aggregates the purchasing power of millions
of individuals in order to create special pricing on a wide range of goods and services ("Program"). As a registered
user of the Program, you will have access to the following features:
- ONECart: the ability to make purchases directly through the Program;
- WOWPoints: ability to earn and burn reward currency
WOWPoints (100 WOWPoints = $1 [USD], or £1 [GBP] for UK users)
at hundreds of retailers;
- In Store Rewards: ability to shop in-store using your own credit or debit card
and earn WOWPoints;
- Shopping Cards: ability to purchase pre-paid shopping cards and instant e-codes;
and
- Reward & Recognition or WOWCards: WOWPoints given to you as
part of the Programme;
We ensure that your personal data is processed in accordance with relevant laws and industry-recognized data
protection standards. At no time will we trade, sell, or distribute your personal information to any individual,
company, vendor or organization, in ways other than as disclosed in this Privacy Policy. If you have any questions
or concerns regarding our Privacy Policy, please contact us through one of the methods described in the last section
of this Privacy Policy.
By registering for the Program, you acknowledge that you have read this Privacy Policy and consent to the practices
described herein, including the transfer of your personal information to entities outside the country of origin. To
be clear, we store your personal information on servers located in the United States of America. By agreeing to this
Privacy Policy, you give your consent for us to do so.
You may withdraw consent at any time visiting the
Contact Us page.
We process your Personal Data where the processing is necessary for the performance of a contract with you, or in
order to take steps at your request prior to entering into a contract with you, and where the processing is
necessary for the purposes of the legitimate interests pursued by us, as set out in the table below.
Where we carry out processing based on legitimate interests, we have identified those legitimate interests below.
Activity/Purpose |
Type of data |
Lawful Basis or Bases (including legitimate interest) |
Register users |
Personal data either collected from you or received from your organization including name, email, postal
code and employee ID
|
Performance of a contract with the user |
Authenticate and manage user sessions |
Authentication data (username, password), session IDs |
Necessary for legitimate interests (grant access to platform, manage user activity, prevent fraud) |
Process and fulfil transactions |
Payment and bank information, transaction history, DOB |
- Performance of a contract with the user
- Necessary for legitimate interests (perform e-commerce transactions)
|
Manage user relationships, including communications and customer service |
Personal data including name, email, WOWPoints activity, customer service tickets and transaction
history
|
- Performance of a contract with the user
- Necessary to comply with a legal obligation
- Necessary for legitimate interests (facilitate user communications and inquiries)
|
Administer and protect the website and associated services |
Personal data including name, email, postal code, employee id, credentials, site usage activity,
transaction history
|
- Necessary for legitimate interests (for running the business, provision of administration and
IT services, network security, to prevent fraud)
- Necessary to comply with a legal obligation
|
Deliver relevant content including through email marketing and provide recommendations based on
profiling
|
Preferences, reminders, transaction history, site usage activity |
Necessary for legitimate interests (provide useful content and experiences to the user) |
Analyze usage activity to evaluate program effectiveness and optimize the user experience |
Site usage activity |
Necessary for legitimate interests (analyze the use of products/services, to keep the website updated
and relevant, to develop the business and to inform marketing strategy)
|
Operate Rewards and Recognition programs |
Name, email, transaction history, WOWPoints activity, |
- Performance of a contract
- Necessary for legitimate interests (operate Employers Rewards and Recognition program)
|
Recommend and invite friends and family to use the service |
Friends and family name and email address |
US Only feature (not applicable to European Economic Area residents) |
We may send marketing communications to your individual email address where you have consented to us doing so.
Where we process your Personal Data based on your consent, you have the right to withdraw your consent at any time
on the Your Account section or by using the
Contact Us page. Any withdrawal of
consent by you shall not affect the
lawfulness of processing based on your consent before it was withdrawn.
Information about you is an important part of our business. We do not sell your information to any third parties.
All information disclosing is based on the principle of sharing only the information necessary to fulfil the
legitimate business purpose. When shared, data may be transferred and hosted outside the country of origin. We only
share your Personal Data with third parties as set out below:
- Aggregated information showing the general use of the Program without any personally identifying
information is shared with your organization to evaluate the effectiveness and value of the Program;
- Information on whether and when you have registered and used the Program may be provided to your
organization to minimize redundant or irrelevant communications;
- Information on spending and savings on the Program may be provided to your organization to be included in
total reward statements with other benefits you receive from your organization;
- Information about your WOWPoints activity may be provided to your organisation to facilitate the operation
of long service and, rewards and recognition;
- RSVPs for private, in store events may be provided to participating vendors for admittance to the event;
- Payment card information may be shared with payment processors to facilitate card transactions and
identify transactions where you have earned or burned WOWPoints;
- Bank account information may be shared with our bank to facilitate payment into your account;
- Information may be shared with participating merchants in order to fulfil your purchase transaction,
including payment information, shipping address and other personal information that may be required to
complete such transaction;
- If your organisation has contracted a third party to run the Program (such as a flexible benefits
provider), any of the above information We share with your organisation may also be shared with the third
party;
- All of the information we collect, as described above, may be shared with the companies that perform IT
services on our behalf such as credit card processors, data management firms, data analytics firms, fraud
prevention services and call center providers for the purposes of providing you with the Program and
developing and maintaining it. These companies are authorised to use your Personal Data only as necessary to
provide these services to us;
- We reserve the right to disclose your Personal Data , to your organization or authorities, as required by
law and when it is believed that disclosure is necessary to protect our rights, our clients' interests
and/or to comply with a judicial proceeding, court order, or legal process;
- We will otherwise share your Personal Data with your consent.
In the event Next Jump discloses Personal Data covered by this Policy to a non-agent third party, it will do so
consistent with any notice provided to Data Subjects and any choice they have exercised regarding such disclosure.
If Next Jump has knowledge that a third party to which it has disclosed Personal Data covered by this Policy is
processing such Personal Data in a way that is contrary to this Policy and/or the Principles, Next Jump will take
reasonable steps to prevent or stop such processing. In such case, the third-party is liable for damages unless it
is proven that Next Jump is responsible for the event giving rise to the violation.
We use profiling in order to enhance your user experience and to present you with advertising that is relevant to
you and in line with your browsing history and past purchases. We do not carry out any automated decision making.
you exercise your right to object to profiling, then we will unsubscribe you from Perks at Work and stop processing
your Personal Data in accordance with our retention policy. This is because the type of profiling that we carry out
is fundamental to the Program and we would not be able to offer the Program without it.
We are committed to protecting the confidentiality of your information. We take reasonable measures to secure your
information, including industry standard administrative, physical and technical controls. These controls include
encryption, third party audits, access controls and security testing.
Your Personal Data may be transferred outside of your country of origin. We will store your Personal Data on servers
located in the United States of America.
Next Jump complies with the U.S.-EU Privacy Shield Framework Principles, including the Supplemental Principles as
set forth by the U.S. Department of Commerce (collectively, the "Principles"). Next Jump has certified that it
adheres to the Principles with respect to its services and certain Personal Data transferred from the European Union
("EU") to Next Jump in the United States ("U.S."). To learn more about the Principles and to view Next Jump's
certifications, please
visit:
https://www.privacyshield.gov/participant?id=a2zt00000008RFLAA2&status=Active.
Your Personal Data may be shared outside of the Next Jump group as stated in the 'Information We Share' section
above. Where we work with service providers, your Personal Data may be transferred to countries outside of the
European Economic Area which do not have equivalent standards of data protection under their legislation and on
these occasions, we take other steps to protect the data as required under European data protection laws. The steps
we take may include the use of European Model Clause contracts and (where relevant to our suppliers) the US-EU
Privacy Shield
Next Jump's commitments under the Principles are subject to the jurisdiction and enforcement and investigatory
authority of the United States Federal Trade Commission.
We use cookies to provide you with the best experience while using the Program, to manage your browser sessions and
to power the Program's functionality. For more information, please see our Cookie Policy. Cookies allow you to use
all of the Program's functions as designed. Disabling cookies will limit functionality of the Program and
significantly degrade the user experience.
Some third parties (e.g., advertisers, tracking utilities) use cookies and Web beacons on their site(s). We do not
have access or control over these tracking technologies. We do not share your personally identifiable data with
these advertisers.
This Privacy Policy covers our use of cookies on the Program and the private label subdomains delivered by us, only.
This Privacy Policy notice does not cover the use of cookies by any third parties.
We do not send unsolicited marketing emails to individuals without prior consent. We send pre-registration emails at
the request of your organization in order to invite you to join Perks at Work. You may manage the way in which you
will receive correspondence, including email reminders, newsletters and Program updates using the "My Account"
section of the Program.
All marketing emails sent by us relating to the Program contain instructions on how to unsubscribe from future
correspondence. You may opt out of marketing correspondence relating to the Program by visiting the
Contact Us page
or by clicking on the unsubscribe link in the marketing email. Users may also access and edit their personal
information in the "My Account" section of the website. You can change your communication preferences at any time.
You will continue to receive operational emails relating to the Program unless you choose to unsubscribe from the
Program.
If you would like your personal information, including email address, to be completely removed from Our database,
you should use the
Contact Us page. We will respond to your request within
thirty (30) business days. Completely
removing your personal information from the database will negate your ability to login and use to the Program.
We will consider any requests made by you under this section in accordance with applicable data protection laws. The
rights that apply to European Economic Area Residents are summarized below.
You are entitled to request a copy of your Personal Data held by us, as well as a description of how the information
is used. A Subject Access Request should be made using the
Contact Us page and
labelled as 'SAR' or 'Subject Access
Request'.
To comply with the Standard Contractual Clauses (model contracts issued by the EU Commission for data transfers
outside of the European Economic Area), We may need to notify and obtain authorization from your organization prior
to responding to any data subject access request.
You are entitled to request that any incorrect Personal Data that we hold is corrected. You can also make these
changes yourself, through the 'My Account' page.
You are entitled in certain circumstances to request that some or all of your Personal Data is deleted. If you
request that all of your Personal Data is deleted we will close your account and you will no longer be able to
access Perks at Work.
You can ask us to stop using some or all of your Personal Data in certain circumstances, including where you
exercise your right to object to the processing of your personal data based on our legitimate interests.
You are entitled to request a copy of the Personal Data that you provided in machine readable form.
This Privacy Policy may be reviewed and amended from time to time. You will be notified of changes to this Privacy
Policy by a notice posted on the Program login page. The notice will contain a link, whereby the amended privacy
policy can be examined in full. In this way, you will be made aware of policy changes prior to browsing or shopping
on the Program. We may e-mail periodic reminders of our notices and conditions, but you should check our website
frequently to see recent changes. As always, if you are not amenable to the conditions of a revised privacy policy
you may opt out of the Program by the means outlined earlier in the 'Opting Out' section above.
We will store your Personal Data while you remain registered as a user of Perks at Work. If you unsubscribe from
Perks at Work we will close your account and your Personal Data will be deleted from our database based on our
retention policy.
We will retain your Personal Data even after we have closed your account to the extent necessary to comply with our
legal obligations and to resolve disputes, and to fulfil your request not to receive further communications from us.
Many offers on the Program will redirect you to a participating retailer's web site. An interstitial page will be
displayed that will inform you that you are being redirected. At this point you will be on the merchant web site and
the merchant's privacy policy will then apply to any information you provide. It is important to read and
familiarise yourself with the merchant's privacy policy.
If you have questions or concerns regarding this Privacy Policy, the Program, or Next Jump's compliance with the
Privacy Shield Principles please submit your enquiry through the
Contact Us
page. You can also contact us at
privacy@nextjump.com
Next Jump will respond to any such inquiries or complaints within forty-five (45) days. In the event that Next Jump
fails to respond or its response is insufficient or does not address the concern, Next Jump has registered with JAMS
to provide independent third party dispute resolution at no cost to the complaining party. To contact JAMS and/or
learn more about the company's dispute resolution services, including instructions for submitting a complaint,
please visit:
https://www.jamsadr.com/eu-us-privacy-shield.
Complaining parties may also, in absence of a resolution
by Next Jump and JAMS, seek to engage in binding arbitration through the Privacy Shield Panel.
Next Jump will cooperate with the United States Federal Trade Commissions and any data protection authorities of the
EU Member States ("DPAs") in the investigation and resolution of complaints that cannot be resolved between Next
Jump and the complainant that are brought to a relevant DPA. If your inquiry has not been satisfactorily addressed,
you may initiate a dispute resolution process.
If you are a citizen of the European Economic Area, you should contact the European Union Data Protection
Authorities Panel (EU DPA) on ec-dppanel-secr@ec.europa.eu. The EU DPA will then serve as a liaison to resolve your
concerns. Additionally, you have the right to lodge a complaint with the data protection supervisory authority in
the UK, the ICO. The ICO website is at
https://ico.org.uk/. However, we would
request that you contact our Data
Protection Officer before making a formal complaint.
If you are not a citizen of the European Economic Area, you should contact the U.S. Better Business Bureau
http://www.BBB.org. The Better Business Bureau will then serve as a liaison to resolve your concerns.
Next Jump commits to periodically reviewing and verifying the accuracy of this Privacy Policy and its compliance
with the Principles and applicable data privacy legislation), and remedying issues identified.
Next Jump is committed to protecting your privacy. We do not sell, trade, give away, or rent personal information to
any third parties in ways other than disclosed in this Privacy statement. We use the information collected while you
are using the Program in order to make shopping and promotional activities possible and enhance your overall
experience of the Program.
We provide several methods for corresponding with us. Please direct your questions or comments to:
- Contact Us page
- Data Protection Officer
The Data Protection Officer of Next Jump Limited is Abhay Sesha who can be contacted at privacy@nextjump.com.