Policy effective as of: 14/05/2018
A lot of people visit this policy to find out how to unsubscribe, so here’s a recap:
E-mail mailing list
You may unsubscribe from our e-mail mailing list at any time. To unsubscribe you may do any of the following:
- Enter your e-mail here
- Click the 'unsubscribe' link which is situated at the bottom of every e-mail we send.
- Contacting us directly asking to be unsubscribed
You may unsubscribe from our WhatsApp mailing list at any time. To unsubscribe you may do any of the following:
- Reply to any of our messages with 'Stop' to unsubscribe
Browser 'push' notifications
You may unsubscribe from our browser notification mailing list at any time. To unsubscribe you may:
- Follow the instructions on this page
1. Our purposes & legal bases for processing your data
The law states that we need to review and decide upon a legal basis for processing any of your personal data. These are the appropriate bases that we’ve selected and the data that is being processed:
a. Consent – e-mail mailing list
When joining our e-mail mailing-list you provide us with direct consent to send you e-mails containing freebies/offers. The frequency of these communcations will typically be twice daily (morning & afternoon), although when more freebies/offers are available we might send more often than this. You also agree for us to personalise the offers sent by e-mail according to any demographic data you’ve provided.
This e-mailing consent is provided on our subscribe forms by:
- The explanation within the heading and description text that the user is subscribing to the receive e-mails containing freebies/offers
- An affirmative action of submitting the subscribe button which states 'E-MAIL ME FREEBIES'
- The accompanying privacy notification text (shown clearly and unambiguously)
The minimum personal data we process and save during the subscribe is:
- IP address (to mitigate fraud & data duplications)
But is not limited to those data fields and some subscribe forms contain more. If you provide more personal information using on site forms, we will process it under the consent/legitimate interest shown in this privacy notice.
b. Consent – browser push notifications
When joining our push notification list for sending freebies/offers you provide us with direct consent to send you push notifications by explicitly turning on this browser-level permission.
c. Consent – WhatsApp messages
When joining our WhatsApp messaging list, a user provides explicit consent to receive WhatsApp messages from us by following these steps:
- Adding the phone number stated on the signup page to their address book
- Actively sending a message to that number that says ‘Start’
d. Legitimate Interest
For all our other data processing we use the legal basis of ‘legitimate interest’. This has been chosen after having performed a balancing test for each individual data use-case. During the tests we consider:
- The data processing that’s necessary for us to produce the best website for our users & perform as a profitable/sustainable company that uses marketing activity as its primary revenue driver
- Against your rights and interests as an individual
The data we use & processing we perform under the ‘legitimate interest’ bases are:
- We store what offers on the website a user has clicked or completed. This allows individual personalisation of our website to show/hide/re-order offers or other areas of the site. It also allows us to segment the user by this activity in order to send the most relevant offers via e-mail.
- We store store demographic data for a mailing list subscriber which the users provides using - on-site forms, via questions within our emails and any other method of demographic data disclosure by an affirmative & unambiguous action.
- We store the users demographic data to individually show/hide/re-order offers or other areas of the site. It also allows us to segment the user by their demographic in order to send the most relevant offers via e-mail.
- If a user wishes to unsubscribe from our e-mail marketing we need to keep a record of that e-mail in order to make sure it can’t be signed up with again. A user still has the ‘right to be forgotten’ in which case all of the personal information we hold about user will be deleted. They would then appear to us as a fresh user and would be able to subscribe again using the same details. To request this please visit our contact page.
- Google Analytics/Adwords - DoubleClick opt-out page or the Network Advertising Initiative opt-out page.
- Facebook – Login to your Facebook account and visit Settings -> Ads where you can customise your settings
- Bing – Visit the opt out page
- We also upload a one-way hashed version of your e-mail (the original e-mail is difficult to determine from this hash) to Google Adwords, Facebook & Bing so we can stop you from seeing ads if you are already a member of our mailing list. We also use it to target potential customers who these services deem similar to our current mailing list.
- We use Google Analytics to assess the number of visitors, sessions, page views, user journeys etc. We use this information to optimise the website and future marketing campaigns, however, it doesn’t include any personally identifiable information.
- Our servers hosted on Rackspace log errors and page requests to help fix problems and keep the website secure.
- We use the server monitoring software New Relic to monitor the integrity of our websites and keep them secure.
E-mail, browser notification & WhatsApp messaging
- We send e-mails using Campaign Monitor. Their platform records e-mail analytics on an individual user basis including (but not limited to) who was sent particular e-mails, opens, clicks, bounces & unsubscribes. These are used for segmentation and optimisation purposes.
- We send browser ‘push’ notifications using Pushcrew. Their platform records notification analytics on an individual user basis including (but not limited to) who was sent particular pushes, opens, clicks & unsubscribes. These are used for segmentation and optimisation purposes.
- We send WhatsApp messages using WhatsBroadcast. Their platform records WhatsApp analytics on an individual user basis including (but not limited to) who was sent particular WhatsApp messages, opens, clicks & unsubscribes. These are used for segmentation and optimisation purposes.
2. Recipients of personal data
As mentioned in section 2 we use several external companies/services to help us perform our legitimate interests. These services are:
- Google Analytics - Belgrave House, 76 Buckingham Palace Road, London, SW1W 9TQ
- Google Adwords - Belgrave House, 76 Buckingham Palace Road, London, SW1W 9TQ
- New Relic - 188 Spear St., Suite 1200, San Francisco, CA USA 94105
- Codebase HQ - Unit 9 Winchester Place, North Street, Poole, Dorset, BH15 1NX
- Facebook - 10 Brock St, London NW1 3FG
- Bing - Thames Valley Park, Reading, RG6 1WG
- Campaign Monitor - Campaign Monitor, Level 38, 201 Elizabeth Street, Sydney, NSW 2000, Australia
- Pushcrew - 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi, 110034, India
- WhatsBroadcast - Schwanthalerstr. 32, 80336, München
- Rackspace - 5 Millington Road, Hyde Park Hayes, Middlesex, UB3 4AZ
3. Personal data transfers outside the EU
You should be aware that some recipients of your data may be based outside the European Union, whose laws provide a different standard of protection than that provided under English law. We will not release your data to a non-EU country processor without performing proper due diligence as to the standards of data protection within the specified country and proof of compliance with the standards of the UK Data Protection Act 1998 and other relevant legislation. Such requirements will be part of a formal and legally binding Data Processing agreement between us and the recipient.
4. Retention periods – how long we store your data
When you provide us with personal data via consent or any other legal basis we store it within our server, database or external source. We don’t want to keep it longer than necessary. We’ve set these time limits on keeping personal data:
Demographic data (provided by consent and associated with an e-mail)
We will continue to keep this demographic data indefinitely within our database and our e-mail sending platform. A user can always request complete deletion of their data under the ‘right to be forgotten’.
Site/e-mail personalisation data
Personalisation data that’s associated with an e-mail we’ll keep indefintely within our database and our e-mail sending platform. A user can always request complete deletion of their data under the ‘right to be forgotten’.
For personalisation data that isn’t associated with an e-mail (the user has never subscribed) we’ll keep for 180 days since the last site interaction.
We will keep a record of suppressed (unsubscribed) e-mails & IP addresses indefinitely to make sure they cannot be re-subscribed. This is unless a user requests for complete data deletion under their ‘right to be forgotten’.
External data services
When we use external services to process your data this will be stored on their servers:
- Google Analytics (web analytics) - The data is stored indefinitely and as it’s not user identifiable does not fall under the remit of the ‘right to be forgotten’
- New Relic (server monitoring) - The data is stored indefinitely. However, we reserve the right to retain these records for security purposes even if a user requests the right to be forgotten.
- Codebase HQ (error monitoring) - The data is stored indefinitely. However, we reserve the right to retain these records for security purposes even if a user requests the right to be forgotten.
- Google Adwords / Facebook / Bing (advertising) - The hashed e-mail data is stored indefinitely in these services so that we are able to ‘suppress’ the viewing of ads. The one-way hashed data is not user identifiable and so does not fall under the remit of the ‘right to be forgotten’. However, as the data is periodically uploaded to these services if a user’s details have been deleted from our system under this right, it will not appear in this upload.
- Rackspace (server hosting) - The data within the access & error logs is stored indefinitely and can be identified to a user via the IP address. However, we reserve the right to retain these records for security purposes even if a user requests the right to be forgotten.
- Campaign Monitor (e-mail sending) - Any demographic / personalisation data we have on a user is also stored within the Campaign Monitor e-mail system. We will keep the same retention criteria as data on our own servers – keeping the demographic / personalisation data while a user is subscribed to our mailing list. A user can always request complete deletion of their data under the ‘right to be forgotten’ by contacting us.
- Pushcrew (browser push notifications) - The data required to send a push notification to a user will be stored on the Pushcrew system. We will keep this information indefinitely even if a user unsubscribes to we can make sure they don’t re-subscribe. A user can always request complete deletion of their data under the ‘right to be forgotten’ by contacting us and we will walk them through the steps to revoke the browser push consent.
- WhatsBroadcast (WhatsApp messages) - The data required to send a WhatsApp to a user will be stored on the WhatsBroadcast system. We will keep this information indefinitely even if a user unsubscribes to we can make sure they don’t re-subscribe. A user can always request complete deletion of their data under the ‘right to be forgotten’ by contacting us.
5. Your rights as a data subject
Along with other rights mentioned in this policy and in keeping with the GDPR regulations you have the:
- Right of access - Following an individual’s request to access their personal data we have a process to fulfil this request in a timely manner.
- Right to rectification and data quality - We have several internal processes that ensure your personal data remains accurate and up to date. A user can also request that their data be updated or changed by contacting us.
- Right to restrict processing - We have procedures to respond to an individual’s request to suppress the processing of specific personal data.
- Right of data portability - There are no other relevant environments which an individual could easily move, transfer or copy their data to. However, we can provide a copy of all the data we hold on an individual for the purposes of verification etc.
- Right to object - We have procedures to handle an individual’s objection to the processing of their personal data.
- Right to lodge a complaint - As an individual you will always retain the right to lodge a complaint with a supervisory authority.
If you wish to enforce any of your rights relating to data you may contact us and we will endeavour to get back to you within 48 hours. To speed up e-mail unsubscribe/suppression requests you may also use the form here.
6. Automated decision making
As mentioned in section 2.b 'Personalisation' we use your activity on our website – which offers you interact with / complete - to automatically show you more relevant ones. We also use any demographic information provided via consent to show you more relevant offers on site and via e-mail.
7. Gambling offers/content
As per section 2 - if you’ve joined our e-mail/browser push/whatsapp list we may send you e-mails/browser pushes/whatsapps containing freebies/offers. Some of these offers can contain information related to gambling or be offers from gambling companies.
Cookies help us to provide you a better website, enabling us to see which pages you find useful and which ones you don’t. The cookie in no way gives access to your computer or information about you, other than the data that you choose to share with MagicFreebiesUK.
When you visit a domain, the assets that are loaded on that domain may drop a third-party cookie. These sometimes allow the third party to track you from one site to the other.
You can choose to accept or decline cookies if you prefer by adjusting the setting within your web browser.
If you want to stop cookies being stored on your computer in future, please refer to your browser manufacturer's instructions by clicking 'Help' in your browser menu.
9. Cookie Analytics
We work with advertisers & marketing partners to fund the site and keep it free for use by the public.
10. Minimum age
You must be aged 18+ to register for marketing (by any channel) from Magic Freebies. We do not knowingly, deliberately or aim to, collect personal data from children under the age of 18, either for registration or for marketing purposes.
11. The data controller
The data controller for Magic Freebies is:
Veneficus Ltd, 229-235 High Street, Guildford, Surrey, GU1 3BJ. Phone: 01483 610253