Skip to main content Skip to footer

Privacy Policy

WELCOME TO THE UNIDAYS PRIVACY POLICY

Last updated: 30 March 2021
To see the previous version of our Privacy Policy, please click here


OUR COMMITMENT TO YOUR PRIVACY

Your privacy is our priority. We appreciate that you entrust us with your personal data and want you to know that we respect your privacy. Our privacy practices are based on these core principles:

OUR PRIVACY POLICY

This Privacy Policy describes how Myunidays Limited (MYUNIDAYS LTD), UNiDAYS, Inc. and their respective affiliates (collectively "UNiDAYS" "us" or “we”) collect and process your personal data and how you can exercise your privacy rights. MYUNIDAYS LTD is incorporated and registered in England and Wales with company number 07552253, VAT number 130053865, and registered office at 2 Castle Boulevard, Nottingham, Nottinghamshire, NG7 1FB.

When we refer to our “Platform”, we mean www.myunidays.com, the UNiDAYS mobile application (our “App”), The Edit, our iframe on websites of our business partners that allow access to UNiDAYS, and any other website or application operated by or on behalf of UNiDAYS on which this Privacy Policy is posted or linked.

This Privacy Policy applies to the students, graduates, and others who are eligible to create UNiDAYS accounts (“Members”) and to others who browse the public sections of our Platform or engage with UNiDAYS on social media. Different privacy policies apply for job applicants, current and prospective Partners and suppliers, GenZ Insights, and our other Corporate pages.

WHEN YOU USE OUR PLATFORM, YOU ACKNOWLEDGE AND AGREE THAT THIS PRIVACY POLICY APPLIES TO THE PROCESSING OF YOUR PERSONAL DATA.

To learn how you can exercise your privacy rights:

WHAT IS UNIDAYS?

UNiDAYS works with brands that want to advertise their products and services to our Members. We refer to these brands as our “Partners”. Through the Platform, Members have access to exclusive promotions, discounts, and other exciting offers from Partners (“Offers”). Members may also have access to available sweepstakes, contests, volunteer opportunities, polls, surveys, subscriptions, exclusive content, and other online and in-person opportunities and events.


WHAT INFORMATION DOES UNIDAYS COLLECT AND WHY?

We collect information from or about Members so that we can curate Offers and for the purposes described in this Privacy Policy. Of course, we also collect information when we are required to do so by applicable laws.


We collect five main categories of personal data:

1. Personal data that you provide to UNiDAYS

A Member’s email address is required to create a UNiDAYS account. Other personal data collected through Member accounts or use the Platform are:

We collect these personal data for the following purposes:

2. Automatically-collected Personal Data

When you visit the Platform, some data are automatically collected from or about your computer or mobile device and the websites you visit before and after the Platform. Depending on where you live and applicable law, these automatically-collected data are not personal data and are not covered by this Privacy Policy.


Automatically-collected data include:

Automatically-collected data help us understand how Members and visitors who are not Members use the Platform. Specifically, we use automatically-collected data:

Some automatically-collected data are collected using cookies, web beacons, and similar tracking technologies. Please review our Cookie Policy for more information.

3. Information Collected through the App

When you download, access, or otherwise use our App, the data that we collect depends on your device and your in-App and operating system settings.

The App must access certain data on your mobile device in order to function but the App’s settings enable you to check or change your status for certain data collection. If you do not wish the App to access data on your mobile device, then please uninstall the App. Also, if you change your settings, certain App features may not function properly.

When you agree, the App may collect the geo-location of your mobile device and access to photos stored on your mobile device. If you choose via the App settings, you can receive push notifications from UNiDAYS.

We collect logs and usage statistics from and about your mobile device. For example, we record when you open the App so that we can monitor when the App is used, how the App is used, and if/when the App stops working to help us identify and fix the cause.

When you download the App from Apple's App Store or Google Play (each, an "App Platform"), you acknowledge and agree that:

To learn more about the specific data collected by the App, please check your mobile device settings or review the disclosures on the App Platform from which you downloaded the App. To stop the collection of all data through the App, please uninstall it.

4. Data from third parties

From time to time, we may receive personal data about you from Partners and other third-party data sources (including publicly available sources). We may receive data about your interactions with a Partner’s website or app when you click through an Offer to make a purchase. We use this data for billing purposes so that we can bill our Partners for the services that we provide. The data we receive from third parties also are used to learn more about our Members, to tailor Members’ experiences on the Platform, to recommend Partners and Offers that we think will interest particular Members, and to improve the quality of the Platform content. Regarding subscriptions, we may receive identifying information (e.g. session ID or customer ID) from Stripe (a payment processor) to confirm your eligibility to use the related services. These data also help us to monitor and analyze trends and Platform use so that we can better manage our technology infrastructure and detect and protect against fraud or unauthorized use of the Platform.

When we combine data from third-party data sources to enhance the data that we hold about you, we require that each third-party data source confirm that its sharing of personal data with UNiDAYS is transparent and lawful.

5. Data related to Targeted Advertising

We display and help our Partners display targeted advertising using data collected when Members and visitors interact with the Platform. Targeted ads (also sometimes referred to as personalized or interest-based ads) are displayed based on information generated by online activity, such as purchasing through the Platform, use of the Platform on more than one device, visiting sites that contain Partners’ content, ads, or cookies and the websites that you visit before and after you log on to the Platform. You can opt out of receiving UNiDAYS’ targeted ads on the Platform here. You will still see ads but they may not be personalized to you.

UNiDAYS uses Google Analytics technology for targeted advertising. Google sometimes refers to targeted advertising as ‘remarketing’. The data generated by Google’s technology are transmitted to and stored by Google on servers in the United States. On behalf of UNiDAYS, Google will use this information to evaluate use of the Platform and compile reports for us and third parties that help operate and provide services related to the Platform. For information about how Google collects, uses, and shares your information, please visit Google’s Privacy Policy. Google has developed an opt-out browser add-on; if you want to opt out of Google Analytics, you can download and install the add-on for your web browser. You may refuse the use of these cookies by selecting the appropriate settings on your browser.

Some web browsers (including Safari, Internet Explorer, Firefox, and Chrome) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a browser’s user does not want to have his or her online activity tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including UNiDAYS, do not respond to DNT signals.

For information about how and why we use cookies for targeted advertising, please see our Cookie Policy.

WE DO NOT KNOWINGLY COLLECT INFORMATION FROM CHILDREN UNDER AGE 16. The Platform is not intended for use by children under age 16. If you are under the age of 16, please do not use or attempt to use our Platform or provide any personal data to us. If you learn or suspect that anyone under age 16 has provided UNiDAYS with personal data, please notify info@myunidays.com.

HOW DOES UNIDAYS SHARE PERSONAL DATA?

UNiDAYS shares personal data with organizations that help operate the Platform, when we are legally required to do so, and otherwise as described in this Privacy Policy.

We share personal data with the following categories of recipients:

Third parties also may access certain personal data using OAuth and other similar protocols when you choose to log into the Platform using your log-in information from other services or when you receive a third party’s notification or ‘prompt’. We can use OAuth and similar protocols to share our data about you without sharing your security credentials.

WHAT ARE UNIDAYS’ LAWFUL BASES FOR PROCESSING PERSONAL DATA?

Under EU data protection law, UNiDAYS may collect and process your personal data only when UNiDAYS follows the lawful bases specified in EU data protection law and informs you of the specific lawful bases on which UNiDAYS relies.

The lawful bases on which UNiDAYS relies are:

If we ask you to provide personal data to comply with a legal obligation or to perform a contract with you, we may not be able to comply with our legal obligation or enter into or perform the contract if you do not provide that personal data. For example, when we ask you to provide your email address, we need that data to verify that you are eligible to use the Platform. We will advise you whether providing your personal data is mandatory and the possible consequences if you do not provide your personal data.

If another legal basis or legitimate interest is relevant to particular personal data processing, we will make that clear when we collect that personal data. If you have questions or need further information concerning the legal basis on which we process your personal data, please contact us using the contact details provided under the “How Do I Contact UNiDAYS?” heading below.

Our Data Protection Officer is available via dpo@myunidays.com. Our EU representative is available at unidays_eu_representative@planit.legal.

EU residents: If you have a complaint related to UNiDAYS processing of your personal data, you may submit a complaint to the Supervisory Authority of the EU Member State of residence or where the issue that is the subject of the complaint occurred. We hope you will allow us to address your concerns by contacting us at info@myunidays.com or dpo@myunidays.com before you approach a Supervisory Authority, but otherwise the contact details of the EU Supervisory Authorities are available at https://edpb.europa.eu/about-edpb/board/members_en.


HOW DOES UNIDAYS HONOUR PRIVACY RIGHTS REQUESTS?

If you are a resident of California, please see our California Privacy Notice, which supplements this Privacy Policy and is available here.

For personal data for which we are the data controller, we honoUr the following privacy rights in accordance with applicable law:

We will review your request as soon as reasonably practicable and respond within the time periods required by applicable law. In any request you submit to us, please make clear the personal data that are the subject of your request.

We respond to all requests we receive from individuals wishing to exercise their privacy rights in accordance with applicable data protection laws. Please know that the rights described above are not automatic rights and may not apply in all circumstances. When this occurs, we will notify you in our response to you.

For your protection, if you are a Member, we only fulfil requests for the personal data associated with the email address in your account and, if you are not a Member, we only fulfil requests for the personal data associated with the email address that you use to send us your request. We may need to request information from you to help us confirm your identity and ensure your right to access personal data. When we make these requests for more information, we do so as a security measure to ensure that your personal data are not disclosed to someone who has no right to receive your personal data. We also may contact you to ask you for further information in relation to your request to speed up our response.

Keeping your personal data – particularly your email address – accurate and current is important. Please update your account and/or contact us if your personal data changes during your relationship with us.

Please note that we may need to retain certain personal data for recordkeeping purposes and/or to complete a transaction that you began prior to requesting a change or deletion, such as fulfilling a prize in a sweepstakes. Our databases and other records may have residual personal data which we cannot and will not remove. We also may not allow you to review certain personal data for legal, security, or other similar reasons.

Generally, no fee is associated with exercising your privacy rights but UNiDAYS may charge a reasonable fee if your request is unfounded, repetitive, or excessive.

IF YOU ARE LOCATED IN A JURISDICTION WITH PRIVACY LAWS THAT OFFER YOU PRIVACY RIGHTS NOT DESCRIBED IN THIS PRIVACY POLICY, PLEASE CONTACT US AT DPO@MYUNIDAYS.COM.

WHERE DOES UNIDAYS PROCESS PERSONAL DATA?

Your personal data may be transferred to and processed someplace other than where you live. These other jurisdictions may have privacy laws that are different from the laws of where you reside (and, in some cases, not as protective).

Our servers are primarily located in Ireland but we store and replicate your personal data on servers in other places in order to provide speed of access, robustness, and protection against server failure. The other primary jurisdictions where personal data are processed by or on behalf of UNiDAYS are the United States of America and the United Kingdom.

The Partners, vendors, and contractors with whom or which we share personal data as described in this Privacy Policy are located in and transfer personal data to various jurisdictions around the world.

Where your personal data is transferred by us or on our behalf, we use appropriate safeguards to protect your personal data in accordance with this Privacy Policy and applicable law. These safeguards include entering into Standard Contractual Clauses for transfers of personal data out of the EEA. We also may require additional safeguards depending on where personal data are transferred. Please contact us using the contact details provided under the “How Do I Contact UNiDAYS?” heading below for more information.

When we share personal data with a third party acting as our processor, we do so subject to contractual obligations that require that the processor protect your personal data in accordance with this Privacy Policy.

HOW DOES UNIDAYS PROTECT PERSONAL DATA?

Like any other organization, UNiDAYS cannot fully eliminate security risks associated with the processing of personal data but UNiDAYS uses technical, physical, and administrative safeguards intended to protect the personal data that we process. Our safeguards are designed to provide a level of security appropriate to the risk of processing your personal data and include (as applicable) measures to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and a procedure for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of personal data.

You are responsible for maintaining the security of your account credentials. UNiDAYS will treat access to the Platform through your account credentials as authorized by you.

We may suspend your use of all or part of the Platform without notice if we suspect or detect any breach of security. If you believe that information you provided to UNiDAYS or your account is no longer secure, please notify us immediately at info@myunidays.com.

If we become aware of a breach that affects the security of your personal data, we will provide you with notice as required by applicable law. When permitted by applicable law, UNiDAYS will provide this notice to you through the email address associated with your account.

UNAUTHORIZED ACCESS TO PERSONAL DATA AND THE PLATFORM – INCLUDING SCRAPING – IS PROHIBITED AND MAY LEAD TO CRIMINAL PROSECUTION.

FOR HOW LONG WILL UNIDAYS RETAIN PERSONAL DATA?

UNiDAYS will only retain your personal data for as long as we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements or to protect against fraud). We may retain your personal data for a longer period to address a complaint or if we reasonably believe that litigation in respect to our relationship with you is possible.

When we have no ongoing legitimate business need to process personal data, we will either delete or anonymize that personal data. If you are a Member, UNiDAYS’ policy is to delete or anonymize your personal data three (3) years after your membership expires.

If we are not able to delete or anonymize certain personal data (for example, because your data are stored in backup archives or due to a legal requirement), then we will securely store the personal data and isolate the data from any further processing until deletion or anonymization is feasible.

We may anonymize personal data for research or statistical purposes, in which case the resulting data are no longer personal data subject to this Privacy Policy and we may use these data without restriction.

DOES THIS PRIVACY POLICY APPLY TO PARTNERS OR WEBSITES LINKED TO THE PLATFORM?

This Privacy Policy does not apply to personal data processing by Partners on their own websites or other third-party websites, even when those websites are linked to or from the Platform. The personal data collected through any of these third-party websites are subject to the respective third party’s privacy policy and practices. Your access to all third party websites is at your own risk. We encourage you to review the applicable privacy policy before disclosing personal data to anyone.

WHEN AND WHY DOES UNIDAYS UPDATE THIS PRIVACY POLICY?

UNiDAYS may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update this Privacy Policy, we will post the updated version and change the “Last Updated” date above. We also will take appropriate measures to inform you so that you have an opportunity to review the revised Privacy Policy. If your consent is required by applicable privacy laws, we will obtain your consent to changes before the revised Privacy Policy applies to you.

HOW DO I CONTACT UNIDAYS?

For questions about this Privacy Policy or UNiDAYS’ personal data processing, please contact us at:

Our European Representative is Planit Legal.

Close