Last updated: 18 December 2020
We keep this privacy notice under regular review. This privacy notice was last updated on 9 December 2020.
This privacy notice sets out how Piggyback processes your personal data when you contact us and when you use this website. Personal data is information about individuals or information from which individuals can be identified (“personal data”).
Piggyback Interactive Limited is a private limited company incorporated under the laws of England and Wales with company number 03521751. Our registered office is at 6th Floor, Charlotte Building, 17 Gresse Street, London, W1T 1QL (“we”, “our”, “us” and/or “Piggyback”). Piggyback is registered as a data controller at the Information Commissioner’s Office (“ICO”) with registration number ZA762413.
How do we collect personal data?
We collect personal data directly from you when you use this website, including if you provide it to us in the process of registering and creating a profile on this website. We may also receive your personal data from third parties, including our website analytics service provider and our distributors, such as Digital River, Yoast, WordPress, Google, Gamestop.com, B&N.com, Amazon.com, Target.com, Walmart.com, Ebgames.ca, Bestbuy.ca, Amazon.ca, Game.co.uk, Amazon.co.uk, Argos.co.uk, Ebgames.com.au, Amazon.fr, Fnac.com, Micromania.fr, Gamestop.it, Amazon.it, Amazon.de, Mediamarkt.de, Saturn.de, Wog.ch, Gameware.at, Gamesonly.at, Game.es, Amazon.es, Xtralife.com, Fnac.es, Mediamarkt.es, Muve.pl, Empik.com, Grymel.pl, Alza.cz, Jrc.cz, Brloh.sk, Playitstore.hu, Platinumshop.hu, and Cdgalaxis.hu.
We may also collect your personal data through Facebook, Twitter and YouTube when you use tools to tag us and mention us in your posts, statuses and comments through your accounts on these platforms, and when you provide us with your personal data on our accounts on these platforms, e.g. when you comment on one of our posts on Facebook or subscribe to our channel on YouTube. We may also receive anonymised data that was derived from your personal data from YouTube when you play one of our YouTube videos embedded on our website or directly on YouTube.
What personal data do we collect?
We collect the personal data listed in the Schedule to this privacy notice.
How do we use your personal data?
The following is a list of the purposes for which we process your personal data, and the lawful bases on which we carry out such processing:
Purpose | Lawful basis |
To set up, administer and manage your account with us | Necessary for the performance of our contract with you |
To administer your orders, including upgrading your account | Necessary for the performance of our contract with you |
To respond to communications, including customer support queries | Your consent |
To send you service messages and updates about our website and services | Necessary for the performance of our contract with you |
To prepare and analyse statistics relating to the use of our website and services by you and other users, to investigate complaints and to seek and analyse feedback | Our legitimate interests in ensuring our services and website are as enjoyable as possible |
To run our everyday operations, e.g. communications between members of our team in connection with the provision of our products | Our legitimate interests in running our business |
To administer and protect our business and the website including troubleshooting, data analysis and system testing | Our legitimate interests in running our business, provision of administration and IT services, including network security |
To administer a sale or possible sale of the whole of or part of our business or the restructuring of our business | Our legitimate interests in facilitating any such possible or actual transaction or restructuring |
To consider any job applications we may receive | Your consent |
We may also process your personal data (a) to comply with a legal obligation we are under; and (b) for additional purposes in the future, but only if such purposes are compatible with those listed above and if we believe that the same lawful basis applies.
In certain circumstances, you may be obliged to provide us with your personal data under a statutory or contractual requirement. This might include, but is not limited to, personal data we require to enter into an agreement with you or your business; for tax and accounting purposes; and to enable us to fulfil our compliance and other obligations under relevant legislation or regulation. Failure to provide us with personal data required under a statutory or contractual requirement may prevent us from entering into or performing our obligations under a contract with you or your business.
When do we disclose your personal data?
We may share your personal data with third parties.
Some of these third parties may be based, or may process data in, the EU. When we transfer personal data to third parties within the EU, we currently do so on the basis of Article 28, General Data Protection Regulation ((EU) 2016/679) (GDPR) compliant terms. We may also share your personal data with third parties that process data in and/or are incorporated in territories outside of the UK and/or the EEA and which do not provide the same level of protection to personal data as countries subject to the GDPR (international partners).
Until such time as the Brexit transition period expires on 31 December 2020 no additional safeguards are required for the transfer of personal data between the UK and the EEA.
For such time as UK data controllers continue to remain subject to the GDPR, we will disclose your personal data to international partners only as permitted under the GDPR, which will generally be on the basis of appropriate safeguards approved under the GDPR (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/), including standard contractual clauses approved by the European Commission which can be found at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. After the decision of the CJEU in the Schrems II case, in which the CJEU found that the US/EU Privacy Shield does not afford sufficient protection for personal data when transferred to the US, we have been monitoring the instances in which personal data is transferred to the US to establish whether any such transfer presents a significant risk to your rights and freedoms even when done under the relevant standard contractual clauses. If it does, we commit to making necessary changes.
To the extent that there are different or additional appropriate safeguards required for the transfer of personal data outside the UK following the end of the Brexit transition period, we will ensure those are put in place.
Third parties and/or international partners we may share your personal data with, or whom we permit to access personal data, include WordPress (our open-source content management system), Google (our website platform – Google Cloud – and website analytics provider), Yoast (our other website analytics provider), Borlabs (our cookies and tracking technologies management service provider) and Digital River (our payments and refunds partner: Digital River deals with clients directly regarding all payment and refund related matters and provides automated confirmations so that we can effect changes to accounts, for example, to upgrade an account and allow access to the interactive map).
Your personal data may be shared with other parties and/or on our social media accounts for the purposes and the legitimate interests of facilitating our operations and promoting our offerings including on, Facebook, Twitter and YouTube, for example, when we share a post that you commented on. Your personal data will also be shared with YouTube when you play one of our YouTube videos embedded on our website or directly on YouTube.
We may also transfer your personal data to third parties or international partners in the context of a sale or possible sale of the whole of or part of our business or the restructuring of our business.
We may also disclose your personal data to law enforcement agencies in order to assist with any investigations, when we bring a claim or defend ourselves against a claim that requires the disclosure of the personal data, and when we engage professional advisors.
How long do we retain your personal data for?
We will retain your personal data for the following purposes and retention periods.
Purpose | Retention period |
User profile | The period of time during which a user profile is live and up to 7 years after it is deactivated |
Future employment opportunities with us when a job application has been unsuccessful | Up to 2 years |
Potential claims | Up to 7 years after the end of a matter/interaction with us |
If you unsubscribe from our communications, we will maintain a record of your unsubscribe request and associate it with your email address to ensure you do not receive future communications.
Your communications preferences:
We would love to stay in touch with you, but we completely understand if you do not want to receive communications from us via email. You are able to select your choices for communication when you sign up to our mailing list or register with us. Additionally, we always offer an unsubscribe option at the bottom of every email you receive from us and you are welcome to use it to change your email preferences.
Website cookies and trackers:
We use cookies and similar technologies on this website. A “cookie” is a small file of text which is downloaded onto your computer or device when you access this website, and it allows us to recognise when you return to the website.
We will obtain your consent to use these cookies except where the use of the cookie is strictly necessary for the operation of our website.
The cookies used on our website are either set by us or by our third party service providers i.e. by domain providers (other than the provider of our website domain) that provide us with external services, such as analytics providers, product distributors and payment processing services providers, and they fall into the following categories:
- Necessary: Those that are necessary for the operation of the website, including those that allow you to interact with our website, to stay logged in after signing in to your account, to recall selections as you move between pages, and to enable core functionality such as security, credentials authentication, network management and accessibility, for example the Borlabs cookie that manages visitors’ preferences on our website’s cookie banner.
- Functional: Those that remember choices you make e.g. to remember your username and to allow you to dismiss notices and suggestions and allow you to use non-essential features on our website, such as playing YouTube videos embedded on our website.
- Analytics: Those that analyse the use of our website, and monitor our web audience and traffic:
- Google Analytics, the web analysis service provided by Google. Google utilises the data collected to track and examine the use of our website, and to prepare reports on its activities which we review. Google shares those reports with other Google services. Google may also use the data collected to contextualise and personalise the ads on its own advertising network. The personal data that is collected is cookie and usage data, and that processing takes place in the USA under Google’s standard terms and privacy policy, which you will find here. You can opt out of Google Analytics cookies on the cookie pop-up you see before viewing our website.
- Yoast SEO, the search engine optimisation tool provided by Yoast. Yoast utilises the data collected to improve this website’s and its content’s search engine optimisation level and to provide feedback towards the improvement of the readability of the content of this website.
We use a combination of both session and persistent cookies. Session cookies keep track of your current visit and how you navigate the website and persistent cookies enable our website to recognise you as a repeat visitor when you return. The session cookies will be deleted from your device when you close your browser. Persistent cookies remain on your device after you have left the website.
Most browsers have cookies enabled by default, but you are able to change your cookies settings, which are usually found in the ‘options’ or ‘preferences’ menu of your internet browser. You can block any cookies from any website by activating the setting on your browser that allows you to refuse the setting of some or all cookies. You can also use your browser settings to delete cookies. For more information about cookies please visit https://ico.org.uk/your-data-matters/online/cookies/.
You have the following rights under data protection legislation. If you have any questions about your rights, or you wish to exercise any of these rights, please email service@piggyback.com. We may require you to provide forms of identity should you wish to exercise one of your rights below.
Access: Upon request, you are entitled to confirmation that we process your personal data and to a copy of such personal data.
Rectification: If the personal data we hold on you is incorrect, you have the right for it to be rectified. You may also update your personal data through your account settings.
Erasure: You can request us to erase your personal data where there is no compelling reason for us to continue processing it, and in certain other circumstances.
Restriction: You may request a restriction on the processing we undertake on your personal data. This right will only apply if: (a) we no longer have a lawful basis on which to process your personal data; (b) your personal data is inaccurate; or (c) you object to our processing of your personal data and there is a reason for us to continue holding the data.
Objection: You may object to our processing of your personal data if our processing is carried out on the basis of our legitimate interests. Please note, however, that should we determine that our interests are so compelling as to override your objection we may continue to process your personal data.
You may object to receiving direct marketing at any time.
Portability: You may have the right to receive some of your personal data in machine readable format. This right extends to you being able to request that such data is sent to a third-party controller.
Withdrawing consent: If the lawful basis we rely on to process your personal data is consent you have the right to withdraw this consent. Please email us at service@piggyback.com to withdraw consent for the processing of your personal data.
To withdraw your consent for the processing of your personal data by a third party, please contact the relevant organisation.
Complaining to a supervisory authority: Further information about your rights can also be obtained from your national data protection regulator – in the UK, this is the ICO (https://ico.org.uk/). If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with your national data protection supervisory authority, although we would ask that you contact us in the first instance.
Your right to be informed: You can contact us to find out more or to ask any questions you may have about our use of your personal data.
Schedule
Personal data we collect:
Type of personal data | Method of collection |
Full name | Directly from you |
Email address | Directly from you |
Type of account | Autogenerated |
Username | Directly from you |
Password | Directly from you |
Unique link to reset password | Autogenerated |
IP address | Directly from you |
Opt-in to marketing updates | Directly from you |
Interests regarding marketing updates | Directly from you |
Enquiries and opinions, and any personal data you may provide to us in such communications | Directly from you |