The IPG App - Privacy Policy

1. Introduction

This Privacy Policy explains how The IPG Ltd (“The IPG”, “we”, “us”, “our”) collects, uses, stores, shares and protects personal data when you use The IPG App (the “App”).

The App is a loyalty and rewards platform designed for tradespeople. It enables users to participate in prize draws and interact with participating member stores.

We are committed to protecting your personal data and complying with all applicable data protection laws, including:

• the UK General Data Protection Regulation (“UK GDPR”)
• the Data Protection Act 2018
• the Privacy and Electronic Communications Regulations 2003 (“PECR”)

2. Who We Are

For the purposes of UK GDPR, The IPG is the data controller for personal data processed through the App.

3. Data Protection Officer

Data Compliance Officer: Stuart Gibbs
Email: data@the-ipg.co.uk

4. Who Can Use the App

The App is available to individuals aged 18 or over. It is open to any tradesperson who wishes to create an account. Certain features, such as prize entry, are only available at participating member stores.

5. Personal Data We Collect

When you create and use an App account, we may collect the following personal data:

• first name and last name
• email address
• phone number
• job title / trade
• postcode
• address
• account identifiers and login credentials
• location data (where you enable location services on your device)
• prize draw participation and entry history
• associated participating store (“home store”)

We do not collect payment data, proof of purchase, special category data, or children’s data.

6. How We Collect Personal Data

Personal data is collected when you:

• create an App account
• complete user profile
• enter prize draws
• manage communication preferences in the App

Location data is collected only where you grant permission through your device settings.

7. Purposes, Lawful Bases and Data Use

The table below explains how we use your personal data.

8. Marketing and Consent

When you create an App account, you are presented with separate, optional consent choices:

• receiving marketing communications from The IPG
• allowing your details to be shared with participating stores and prize partners for their own marketing

These consents are not required to use the App and can be withdrawn at any time.

Marketing communications may be sent by email or WhatsApp. Every message includes an unsubscribe option.

9. Sharing Personal Data

We may share personal data with:

• participating member stores and prize partners, only where you have consented
• service providers acting as processors (e.g. HubSpot, hosting and infrastructure providers)
• professional advisers and regulators where required

Participating stores and prize partners act as independent data controllers for any personal data they receive.

Where consent has not been given, participating stores can view only limited information (first and last name) for competition administration purposes.

10. International Data Transfers

Some of our service providers are based outside the United Kingdom, or may process personal data outside the UK, including in countries that are not subject to a UK adequacy decision.

Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR. These safeguards may include the use of the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with additional contractual and technical measures where required.

Further information about the safeguards used, including copies of the relevant contractual protections, may be obtained by contacting us at data@the-ipg.co.uk.

11. Data Retention

We retain personal data collected through the App only for as long as necessary for the purposes for which it was collected, including the operation of the App, administration of prize draws and compliance with legal obligations.

Retention periods are determined as follows:

• Active App accounts – personal data is retained for as long as the App account remains active and is required to provide App functionality and administer prize draws.
• Inactive App accounts – where an App account has not been used for a continuous period of three years, the personal data associated with that account will be anonymised, so that it can no longer be used to identify the individual.
• Deleted App accounts – where a user deletes their App account, personal data will be anonymised without undue delay, subject to the retention of limited information where required for legal or regulatory purposes.
• Prize draw records – personal data relating to prize draw participation will be retained for the duration of the relevant prize draw and any associated administration period and will be anonymised after three years.
• Marketing suppression records – where a user opts out of marketing communications, limited personal data (such as an email address) will be retained on a suppression list for three years to ensure compliance with marketing laws and to prevent further contact.

Where personal data is anonymised, it is no longer treated as personal data under UK GDPR and may be retained for statistical or analytical purposes only.

12. Security

We use appropriate technical and organisational measures to protect personal data, including:

• individual user accounts
• hashed and salted passwords
• role-based access controls
• restricted access to App data

Only authorised IPG staff in marketing and IT roles can access App data.

13. Your Rights

Under UK data protection law, you have the following rights in relation to your personal data:

• Right of access – to request access to the personal data we hold about you
• Right to rectification – to request correction of inaccurate or incomplete personal data
• Right to erasure – to request deletion of your personal data in certain circumstances
• Right to restriction of processing – to request that we limit the processing of your personal data in certain circumstances
• Right to data portability – to receive your personal data in a structured, commonly used and machine-readable format and to have it transferred to another controller where applicable
• Right to object – to object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent – where processing is based on consent, to withdraw that consent at any time

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe that we have not handled your personal data in accordance with applicable data protection law.

Requests to exercise your rights can be made by contacting us at data@the-ipg.co.uk.

14. Automated Decision-Making and Profiling

We do not carry out automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, as defined under UK GDPR.

Certain limited processes within the App, such as the random selection of prize draw winners and the automated management of data retention and marketing preferences, are carried out using automated tools. These processes are administrative in nature, do not evaluate personal characteristics, and do not produce legal or similarly significant effects on individuals.

15. Complaints

If you are unhappy with how we handle your data, please contact us first.

You also have the right to complain to the Information Commissioner’s Office:
www.ico.org.uk

16. Changes to This Policy

We may update this policy from time to time. The latest version will always be available in the App.