隱私政策

Welcome to the UNiDAYS Privacy Policy

Last updated: March 2026

For eligibility criteria to verify your student status and join UNiDAYS as a member please click here.

Your privacy is our priority. We appreciate that you entrust us with your personal data and want you to know that we respect your privacy. Our privacy practices are based on these core principles:

  • We do not sell your personal data. We only share your data to the extent necessary to perform our services to you as set out in this policy.
  • We design our platforms and services with your privacy in mind.
  • We strive for transparency about how we process your personal data. We work hard to provide clear and straightforward descriptions of our privacy practices because we want you to understand them.
  • We are dedicated to the protection of your personal data. We continually assess data security risks and test and monitor our security practices to protect against them.

WE DO NOT KNOWINGLY COLLECT INFORMATION FROM CHILDREN UNDER AGE 13. The Platform is not intended for use by children under age 13. If you are under the age of 13, please do not use or attempt to use our Platform or provide any personal data to us. If you learn or suspect that anyone under age 13 has provided UNiDAYS with personal data, please notify info@myunidays.com

What's in this document?

This Privacy Policy describes how Myunidays Limited (MYUNIDAYS LTD) and its affiliates (collectively “UNiDAYS”, “our”, “us” or “we”) collect and process your personal data and how you can exercise your privacy rights.

If you are located in the European Economic Area (EEA) or the UK, the data controller for the personal data that UNiDAYS collects is Myunidays Limited of Spaces 3rd Floor, 25 City Road, Epworth House, Shoreditch, London, United Kingdom EC1Y 1AA. The ICO registration number is Z2692580.

If you are located in the US or Canada, the legal entity responsible for personal data processing is Unidays Inc., Penn Plaza 9th Floor 132 W 31st St. New York City NY 10001, United States.

If you are located in India, the legal entity responsible for personal data processing is UNiDAYS Private Limited, with its principal place of business at 4th Floor, Vedwati Apartments, Opposite Agriculture College, Shivaji Nagar, Pune, Maharashtra, India 411005.

For all other jurisdictions, the legal entity responsible for personal data processing is MYUNIDAYS LTD of Spaces 3rd Floor, 25 City Road, Epworth House, Shoreditch, London, United Kingdom EC1Y 1AA.

MYUNIDAYS LTD is incorporated and registered in England and Wales with company number 07552253, VAT number 130053865, and registered office at Spaces 3rd Floor, 25 City Road, Epworth House, Shoreditch, London, United Kingdom EC1Y 1AA.

When we refer to our “Platform”, we mean www.myunidays.com, the UNiDAYS mobile application (our “App”), The Edit, our iframe on websites of our business partners that allow access to UNiDAYS, and any other website or application operated by or on behalf of UNiDAYS on which this Privacy Policy is posted or linked.

This Privacy Policy applies to the students, graduates, and others who are eligible to create UNiDAYS accounts (“Members”) and to others who browse the public sections of our Platform or engage with UNiDAYS on social media. Different privacy policies apply for job applicants, current and prospective Partners and suppliers, GenZ Insights, and our other Corporate pages.

YOU ACKNOWLEDGE THAT THIS PRIVACY POLICY DESCRIBES HOW WE PROCESS YOUR PERSONAL DATA WHEN YOU USE OUR PLATFORM.

If you are located in the UK or the EEA, the UK/EEA-specific requirements to the Privacy Policy take precedence over all other provisions.

To learn how you can exercise your privacy rights:

UNiDAYS provides student identity verification services and works with brands that want to provide verified students with benefits and/or advertise their products and services to our Members on our platform. We refer to these brands as our “Partners”. Through the Platform, Members have access to exclusive promotions, discounts, and other exciting offers from Partners (“Offers”). Members may also have access to available sweepstakes, competitions, contests, volunteer opportunities, polls, surveys, subscriptions, exclusive content, and other online and in-person opportunities and events. Members also can benefit from the verification status to log on to other 3rd party platforms of Partners via our UConnect services.

To the extent that UNiDAYS and a Partner use the OAuth 2.0 authorisation protocol embedded in our UConnect services, and you elected to verify your identity and eligibility with UNiDAYS, we, with your express consent when required, will share certain personal data with the Partner for the specific purposes of verifying your identity and eligibility to receive Partner Offers and/or enable you to log in on a 3rd party Partner’s platform using UNiDAYS credentials:

If you are resident in the United States of America, please see our US State Privacy Notice available here.

We collect information from or about Members so that we verify identity and curate Offers and for the purposes described in this Privacy Policy. Of course, we also collect information when we are required to do so by applicable laws.

We collect four main categories of personal data:

We collect personal data that you provide when you register, verify your identity, or otherwise choose to share with us. We collect this personal data for many reasons, including to create and secure your account, provide our services, and protect the Platform.

A personal email address is required to create a UNiDAYS account and additional academic personal information for student verification status: an academic email address, and/or Student ID Card, and/or University/College/Academic Institution supporting documents (depending on the verification flow of your choice such as the Portal). All other personal data collected through the account or use of the Platform may include:

  • First and last Name;
  • University/College/Academic Institution;
  • Enrolment Status;
  • Country of residence;
  • Social media username;
  • Telephone number;
  • Date of Birth and Age;
  • Gender;
  • Photographs of yourself, such as on your Student ID or when you allow UNiDAYS to access your photos through the App;
  • Customer service communications;
  • Preferences, opinions, and other details about yourself that you choose to share in your responses to surveys or during focus groups or discussions; and
  • Personal data shared with other Members through the Platform.

We collect these personal data for the following purposes:

  • To verify identity and eligibility for membership;
  • To create Members’ accounts;
  • To send information about Offers that we think will interest Members, including Offers that are personalised based on the information associated with that Member’s account;
  • To administer sweepstakes (also known as giveaways), contests, polls, surveys, and events in which Members choose to participate;
  • To respond to correspondence and requests, such as Member interactions with our Customer Service team;
  • To learn how Members interact with the Platform so that we can improve the Platform, develop new features, and identify which Partners’ Offers are most popular with Members;
  • To process a Member’s application to become a UNiDAYS blogger, influencer, or other content creator;
  • To present volunteer and internship opportunities for Members;
  • To obtain feedback and provide customer service about Offers, Partners, and the Platform in general;
  • To detect and protect against spam, fraud, or unauthorised use of the Platform; and
  • To monitor and enforce compliance with our legal agreements.

Both us and our contractors and vendors automatically collect personal data related to your use of the Platform. This information includes:

  • Device Information: When you interact with the Platform, we collect technical information about your computer or mobile device including your IP or MAC address, device make, model and operating system, mobile network information, internet service provider, unique device identification number, advertising ID, browser type and language, geographic location (e.g., country or city-level location or time zone);
  • Online Activity and Browsing Information: We use cookies, pixel tags, software development kits (“SDKs”) and other tracking technologies to automatically collect information about your interaction with the Platform. This information includes log-in events (i.e., when you log into and for how long you use the Platform),"click stream" data, which are data about how your computer or mobile device interacts with the Platform e.g. interactions with offers, polls, surveys and other content on the Platform. The use of cookies, pixel tags, software development kits (“SDKs”) and other tracking technologies are subject to your explicit consent and more information can be found in our Cookie Policy.
  • Transactional Information: When you access Offers through the Platform, we collect details of the specific offer and the date and time that it was accessed.

Automatically-collected data help us understand how Members and visitors who are not Members use the Platform. Specifically, we use automatically-collected data:

  • To personalise and target our advertising through our online advertising partners, including social media platforms;
  • For analytics to enhance how Members use the Platform or a device;
  • To evaluate the performance of Offers and other content, such as which Partners and types of Offers are most popular;
  • To improve the quality and relevance of the Platform for Members, such as by showing or offering Members Platform content based on their preferences inferred from clickstream data (with consent where necessary);
  • To present Offers and information that we believe are tailored to the interests of particular categories of Members;
  • To help resolve technical issues and develop and update the Platform;
  • To detect unauthorised use of the Platform and/or distribution of Platform content;
  • For customer service; and
  • For billing purposes, so that we can bill our Partners for the services that we provide.

We may receive personal data from third parties when you interact with Offers. We use this personal data to analyse and improve the Platform, provide our services, personalise your experience and carry out our business.

From time to time, we may receive personal data about you from Partners and other third-party data sources (including publicly available sources). We receive transactional data about your interactions with a Partner’s website or app when you click through an Offer to make a purchase. We use this data for billing purposes so that we can bill our Partners for the services that we provide. The data we receive from third parties also are used to learn more about our Members, to tailor Members’ experiences on the Platform, to recommend Partners and Offers that we think will interest particular Members, and to improve the quality of the Platform content. These data also help us to monitor and analyse trends and Platform use so that we can better manage our technology infrastructure and detect and protect against fraud or unauthorised use of the Platform.

If you click through to UNiDAYS from a link on social media sites such as Facebook, Pinterest, Quora, Reddit, TikTok and Snapchat, the social media site will share information with us about the way our Platform is being used. This is aggregate information and cannot be used to identify you. For example, these statistics may tell us the age ranges of our visitors and whether they are male or female. Our Cookie Policy has more information about how you can control this.

When we combine data from third-party data sources to enhance the data that we hold about you, we require that each third-party data source confirm that its sharing of personal data with UNiDAYS is transparent and lawful.

We also process your personal data to provide personalised and relevant advertising based on your likes and preferences.

We display and help our Partners display targeted advertising by using personal data collected when Members and visitors interact with the Platform. Targeted ads (also sometimes referred to as personalised or interest-based ads) are displayed based on information generated by your online activity, such as:

  • any purchases you make through the Platform;
  • your use of the Platform;
  • visiting sites that contain Partners’ content, ads, or cookies; and the websites that you visit before and after you log on to the Platform. We also use social media platforms such as Facebook, Reddit, Pinterest, Quora, TikTok and Snapchat to advertise.

We, and our Partners, will process personal data about you for the following purposes, linked to targeted advertising, including to:
  • track user usage and event attendance;
  • target marketing campaigns specific to our users;
  • collect information and insights about you when you visit the Platform;
  • deliver advertisements from third party advertisers; and
  • determine what advertisements should be shown that may be relevant to you.

You can change your cookie preferences, including targeting cookies (which are used to present you with relevant advertising) on the Platform in your account settings. You will still see ads but they may not be personalised to you.

Some web browsers (including Safari, Internet Explorer, Firefox, and Chrome) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a browser’s user does not want to have his or her online activity tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including UNiDAYS, do not respond to DNT signals.
For information about how and why we use cookies for targeted advertising, please see our Cookie Policy.

We share your personal data with parties (including employees and contractors, where appropriate) that help us provide the Platform and to carry out our business.

We also share your personal information when you give us your consent.
UNiDAYS shares personal data with organisations that help operate the Platform, when we are legally required to do so, and otherwise as described in this Privacy Policy.

We share personal data with the following categories of recipients:

  • Professional advisors, such as lawyers, accountants, and information security and forensics experts;
  • Third party companies we partner with for targeted advertising purposes who are deploying cookies and similar technologies on our Platform;
  • Partners and other Platform advertisers as needed to process orders, payments and to carry out our business;
  • Marketing vendors that help UNiDAYS promote the Platform and from time to time supplement personal data that we already have. For this purpose we may provide your email address to the social media platforms in hashed form for them to present sponsored posts in your social media feed and to other providers for them to help us develop insights, to match behaviour and to build audiences;
  • Our contractors and vendors to enable them to work for us, including without limitation those who perform data analytics and test, monitor, secure, and enable the Platform and services. For example:
    • Iterable receives and uses our data to assist us with marketing email campaigns;
    • Kevel receives and uses our data to deliver personalised advertising to Members;
  • Competent law enforcement, government regulators, courts, or other third parties when we believe disclosure is necessary (i) to comply with the law, (ii) to exercise, establish or defend our legal rights, or (iii) to protect the vital interests of Members, Partners or another third party;
  • Potential or actual acquirers or investors and their professional advisers in connection with any proposed merger, acquisition, or investment in or of all or any part of our business. We will use our best efforts to ensure that the terms of this Privacy Policy apply to personal data after the transaction or that you receive notice of any changes to your personal data processing;
  • Our affiliates; and
  • To any other third party with your permission.

We only collect and process your personal data according to applicable law. Your location will determine the legal entity that is responsible for the collection and processing of your personal data.

Under EEA and UK data protection law, UNiDAYS may collect and process your personal data only when UNiDAYS follows the lawful bases specified in EEA and UK data protection law and informs you of the specific lawful bases on which UNiDAYS relies.

The lawful bases on which UNiDAYS relies are:

  • Consent: we process your personal data when you provide your consent;
  • Performance of a contract: UNiDAYS operates the Platform and related services on the basis of a contract with you, which are our Terms of Service;
  • Our legitimate interests: UNiDAYS may base the processing of personal data on our legitimate interests as a business in:
    • efficiently operating, maintaining and managing the Platform and related services;
    • tailoring the Platform and related services to suit our users;
    • ensuring the security of the Platform;
    • understanding customer behaviour to improve and create new services and products which benefit our Members and Partners;
    • preventing and detecting fraud;
    • communicating with you in accordance with your wishes and expectations;
    • responding to and handling any requests or complaints;
    • maintaining internal administrative records;
    • undertaking quality control and business planning;
    • retaining evidence of our compliance with the law;
    • accessing appropriate professional advice, and;
    • defending UNiDAYS against legal claims or fraud.
      When we rely on our legitimate interests as our basis for processing personal data, we balance our interests with strong privacy protections tied to fairness and purpose limitation and which are designed to minimise the risks to our Members, visitors, and others.
  • Compliance with a legal obligation to which we are subject.

If we ask you to provide personal data to comply with a legal obligation or to perform a contract with you, we may not be able to comply with our legal obligation or enter into or perform the contract if you do not provide that personal data. For example, when we ask you to provide your email address, we need that data to verify that you are eligible to use the Platform. We will advise you whether providing your personal data is mandatory and the possible consequences if you do not provide your personal data.

If another legal basis or legitimate interest is relevant to particular personal data processing, we will make that clear when we collect that personal data. If you have questions or need further information concerning the legal basis on which we process your personal data, please contact us using the contact details provided under the “How Do I Contact UNiDAYS?” heading below.

  • If you are located in the European Economic Area or the UK, the data controller for the personal data that UNiDAYS collects is Myunidays Limited of Spaces 3rd Floor, 25 City Road, Epworth House, Shoreditch, London, United Kingdom EC1Y 1AA. The ICO registration number is Z2692580.
  • If you are located in India, the legal entity responsible for personal data processing is UNiDAYS Private Limited, with its principal place of business at 4th Floor, Vedwati Apartments, Opposite Agriculture College, Shivaji Nagar, Pune, Maharashtra, India 411005.
  • If you are located in the U.S. or Canada, the legal entity responsible for personal data processing is Unidays Inc., Penn Plaza 9th Floor 132 W 31st St. New York City NY 10001, United States.
  • For all other jurisdictions, the legal entity responsible for personal data processing is MYUNIDAYS LTD of Spaces 3rd Floor, 25 City Road, Epworth House, Shoreditch, London, United Kingdom EC1Y 1AA.

Our Data Protection Officer is available via dpo@myunidays.com

.
If you are located in the UK or the EEA, the following apply to you in addition to (and, in case of any inconsistencies, takes precedence over) the other provisions of this section:
  • If UNiDAYS’ processing of your personal data is based on your consent, the legal basis is Art. 6(1)(a) of the U.K and EU General Data Protection Regulations (GDPR). You can withdraw your consent at any time (Art. 7(3) GDPR), effective for the future. This will not affect the legality of processing that took place before you withdrew your consent.
  • If UNiDAYS’ processing of your personal data is based on the performance of a contract between UNiDAYS and you, the legal basis is Art. 6(1)(b) GDPR.
  • If UNiDAYS’ processing of your personal data is based on legal obligations that UNiDAYS must fulfil, the legal basis is Art. 6(1)(c) GDPR.
  • If UNiDAYS’ processing of your personal data is based on UNiDAYS’ legitimate interests, the legal basis is Art. 6(1)(f) GDPR. If you are interested in detailed information on the balancing of your and UNiDAYS’ interests, please contact UNiDAYS as described in the section “HOW DO I CONTACT UNiDAYS?”. Insofar as the processing is based on UNiDAYS’ legitimate interests, you have the right to object to the processing (Art. 21 GDPR).
  • Pursuant to Art. 77 GDPR, you have a right to lodge a complaint related to UNiDAYS’ processing of your personal data, which you may exercise by submitting a complaint to your local data protection supervisory authority of the EU Member State of residence or where the issue that is the subject of the complaint occurred. We hope you will allow us to address your concerns by contacting us at info@myunidays.com or dpo@myunidays.com before you approach a Supervisory Authority, but otherwise, the contact details are available at https://edpb.europa.eu/about-edpb/board/members_en.

We offer easy to use forms to streamline your data privacy rights requests. You can always reach out to us with any questions or concerns regarding your data privacy rights.

If you are a resident of the United States of America, please see our US State Privacy Notice, which supplements this Privacy Policy and is available here.

For personal data for which we are the data controller, we honour the following privacy rights in accordance with applicable law:

  • If you wish to review, correct, update, restrict the use or delete your personal data:
  • For other requests, please contact us using the contact details provided under the “How Do I Contact UNiDAYS?” heading below.
  • Please note that requests relating specifically to STUDY by UNiDAYS can be accessed as follows: Right To Be Forgotten Form and Right To Know Form.
  • You can object to the processing of your personal data, request restrictions on the processing of your personal data, or request the portability of your personal data. To exercise these rights, please contact us using the contact details provided under the “How Do I Contact UNiDAYS?” heading below.
  • You can opt-out of (or unsubscribe from) UNiDAYS’ email marketing communications by clicking the “unsubscribe” or “opt-out” link in one of our marketing emails or through your account settings. Please note that you cannot unsubscribe from certain communications, such as messages relating to your account transactions, non-promotional messages, business relationships, or system updates or system issues.
  • If we process your personal data based on your consent, you can withdraw your consent at any time by contacting us using the contact details provided under the “How Do I Contact UNiDAYS?” heading below. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal data conducted in reliance on a lawful basis other than consent.
  • If we process your personal data based on our legitimate interests, you have the right to object to that processing, subject to certain exceptions, by contacting us using the contact details provided under the “How Do I Contact UNiDAYS?” heading below.
  • When our processing of your personal data results in automated decisions, such as document verification, security monitoring (e.g when to trigger an email notification to you when we do not recognise a log in because it is from a different device or location) or which ads or content to show you, we do not intend that these decisions legally affect or significantly affect you. By automated decision, we mean that a decision concerning you is made automatically on the basis of computer algorithms without our human review. If we make an automated decision about you that legally affects or otherwise significantly affects you, you have the right to ask us to review the decision and to require a human review of the decision. You can learn about and exercise this right by contacting us using the contact details provided under the “How Do I Contact UNiDAYS?” heading below.

We will review your request as we can and respond within the time periods required by applicable law. In any request you submit to us, please make clear the personal data that are the subject of your request.

We respond to all requests we receive from individuals wishing to exercise their privacy rights in accordance with applicable data protection laws. Please know that the rights described above are not automatic rights and may not apply in all circumstances. When this occurs, we will notify you in our response to you.

For your protection, if you are a Member, we only fulfil requests for the personal data associated with the email address in your account and, if you are not a Member, we only fulfil requests for the personal data associated with the email address that you use to send us your request. We may need to request information from you to help us confirm your identity and ensure your right to access personal data. When we make these requests for more information, we do so as a security measure to ensure that your personal data are not disclosed to someone who has no right to receive your personal data. We also may contact you to ask you for further information in relation to your request to speed up our response.

Keeping your personal data – particularly your email addresses – accurate and current is important. Please update your account and/or contact us if your personal data changes during your relationship with us.

Please note that we may need to retain certain personal data for recordkeeping purposes and/or to complete a transaction that you began prior to requesting a change or deletion, such as fulfilling a prize in a sweepstake. Our databases and other records may have residual personal data which we cannot and will not remove. We also may not allow you to review certain personal data for legal, security, or other similar reasons.

Generally, no fee is associated with exercising your privacy rights but UNiDAYS may charge a reasonable fee if your request is unfounded, repetitive, or excessive.

IF YOU ARE LOCATED IN A JURISDICTION WITH PRIVACY LAWS THAT OFFER YOU PRIVACY RIGHTS NOT DESCRIBED IN THIS PRIVACY POLICY, PLEASE CONTACT US AT DPO@MYUNIDAYS.COM.

If you are located in the UK or the EEA, the following applies in addition to (and, in case of any inconsistencies, takes precedence over) the other provisions of this section:

  • You have the right to confirmation, and the right to access this personal data or request a copy of it (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR), and a right to restrict (block) your data (Art. 18 GDPR).
  • In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR).
  • If you have provided the data, you can request the transmission of the data (Art. 20 GDPR).
  • If the processing is based on consent within the meaning of Art. 6(1)(a) or Art. 9(2)(a) GDPR, you can revoke consent at any time with effect for the future (Art. 7(3)(1) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).

Whether and to what extent these rights are effective in individual cases and under what conditions they apply is stipulated by law.

Generally, we process personal data in the United Kingdom, Ireland and the United States, depending on the circumstances. We transfer data only as permitted by applicable law.

Your personal data may be transferred to and processed someplace other than where you live. These other jurisdictions may have privacy laws that are different from the laws of where you reside (and, in some cases, not as protective).

Our servers are primarily located in Ireland but we store and replicate your personal data on servers in other places in order to provide speed of access, robustness, and protection against server failure. The other primary jurisdictions where personal data are processed by or on behalf of UNiDAYS are the United States of America and the United Kingdom.

The Partners, vendors, and contractors with whom or which we share personal data as described in this Privacy Policy are located in and transfer personal data to various jurisdictions around the world.

Where your personal data is transferred by us or on our behalf, we use appropriate safeguards to protect your personal data in accordance with this Privacy Policy and applicable law. These safeguards include entering into Standard Contractual Clauses for transfers of personal data where applicable. We also may require additional safeguards depending on where personal data are transferred. Please contact us using the contact details provided under the “How Do I Contact UNiDAYS?” heading below for more information.

When we share personal data with a third party acting as our processor, we do so subject to contractual obligations that require that the processor protect your personal data in accordance with this Privacy Policy.

We take care to secure and safeguard your personal data using various technological measures as required by applicable law.

Like any other organisation, UNiDAYS cannot fully eliminate security risks associated with the processing of personal data but UNiDAYS uses technical, physical, and administrative safeguards intended to protect the personal data that we process. Our safeguards are designed to provide a level of security appropriate to the risk of processing your personal data and include (as applicable) measures to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and a procedure for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing of personal data.

You are responsible for maintaining the security of your account credentials. UNiDAYS will treat access to the Platform through your account credentials as authorised by you.

We may suspend your use of all or part of the Platform without notice if we suspect or detect any breach of security. If you believe that information you provided to UNiDAYS or your account is no longer secure, please notify us immediately at info@myunidays.com.

If we become aware of a breach that affects the security of your personal data, we will provide you with notice as required by applicable law. When permitted by applicable law, UNiDAYS will provide this notice to you through the email address associated with your account.

UNAUTHORISED ACCESS TO PERSONAL DATA AND THE PLATFORM – INCLUDING SCRAPING – IS PROHIBITED AND MAY LEAD TO CRIMINAL PROSECUTION.

We only keep personal data as long as permitted by applicable law. We also anonymise certain personal data for our records.

UNiDAYS will only retain your personal data for as long as we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements or to protect against fraud). We may retain your personal data for a longer period to address a complaint or if we reasonably believe that litigation in respect to our relationship with you is possible.

When we have no ongoing legitimate business need to process personal data, we will either delete or anonymise that personal data. If you are a Member, UNiDAYS’ policy is to delete or anonymise your personal data three (3) years after your membership terminates.

If we are not able to delete or anonymise certain personal data (for example, because your data are stored in backup archives or due to a legal requirement), then we will securely store the personal data and isolate the data from any further processing until deletion or anonymization is feasible.

We may anonymise personal data for research or statistical purposes, in which case the resulting data are no longer personal data subject to this Privacy Policy and we may use these data without restriction.

This Privacy Policy applies to the UNiDAYS Platform. When you interact with an Offer or otherwise visit a third party's website or app, those third party's policies and terms will apply.

This Privacy Policy does not apply to personal data processing by Partners on their own websites or other third-party websites, even when those websites are linked to or from the Platform. The personal data collected through any of these third-party websites are subject to the respective third party’s privacy policy and practices. Your access to all third party websites is at your own risk. We encourage you to review the applicable privacy policy before disclosing personal data to anyone.

We may change this Privacy Policy from time to time. You can always find the latest version on our website.

UNiDAYS may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update this Privacy Policy, we will post the updated version and change the “Last Updated” date above. We also will take appropriate measures to inform you so that you have an opportunity to review significant changes to this Privacy Policy, but please regularly check this Privacy Policy to ensure you are aware of the updated version.

For questions about this Privacy Policy or UNiDAYS’ personal data processing, please contact us at:

  • By Email: dpo@myunidays.com.
  • By Post: Myunidays Limited, ℅ DPO, Spaces 3rd Floor, 25 City Road, Epworth House, Shoreditch, London, United Kingdom EC1Y 1AA

Name of the service

UNiDAYS

Description of the service

UNiDAYS is the world’s leading Student Affinity Network, connecting a global student audience with relevant brands and services.

Data controller and a contact person

MyUnidays Limited of Spaces 3rd Floor, 25 City Road, Epworth House, Shoreditch, London, United Kingdom EC1Y 1AA is the data controller, and can be contacted directly by post to the address above, or by e-mail to dpo@myunidays.com

Jurisdiction

GB, England

Personal data processed

Following data is retrieved from your Home Organisation:

  • your unique user identifier (SAML persistent identifier, ePPN or ePTID)
  • your role in your Home Organisation (eduPersonAffiliation, eduPersonPrimaryAffiliation or eduPersonScopedAffiliation)

歡迎閱讀 UNiDAYS 私隱政策

最後更新時間:2026年3月

如欲了解驗證學生身份及成為 UNiDAYS 會員的資格準則,請點擊此處。 此處.

您的私隱是我們的首要考量。我們感謝您將個人資料交付予我們,並希望您知道,我們尊重您的私隱。我們的私隱政策遵循以下核心原則:

  • 我們不會出售您的個人資料。我們僅在本政策所述範圍內,為向您提供服務的必要目的而分享您的資料。
  • 我們在設計平台及服務時,均以保障您的私隱為首要考量。
  • 我們致力於對個人資料的處理保持透明。我們努力提供清晰明確的私隱政策說明,讓您能夠充分了解我們的做法。
  • 我們致力於保護您的個人資料。我們會持續評估資料安全風險,並測試及監察安全措施,以防範各類風險。

我們不會刻意收集13歲以下兒童的資訊。. 本平台並非供13歲以下兒童使用。如您未滿13歲,請勿使用或嘗試使用本平台,亦勿向我們提供任何個人資料。如您得知或懷疑有13歲以下人士向 UNiDAYS 提供了個人資料,請立即通知我們。 info@myunidays.com

本文件內容包括哪些事項?

本私隱政策說明 Myunidays Limited(MYUNIDAYS LTD)及其關聯公司(統稱「UNiDAYS」、「我們」或「本公司」)如何收集及處理您的個人資料,以及您如何行使您的私隱權利。

如您位於歐洲經濟區(EEA)或英國,UNiDAYS 所收集個人資料的資料控制者為 Myunidays Limited,地址為英國倫敦肖爾迪奇市中心路25號 Epworth House,3樓 Spaces,郵編 EC1Y 1AA。ICO 登記號碼為 Z2692580。

如您位於美國或加拿大,負責處理個人資料的法律實體為 Unidays Inc.,地址為美國紐約市西31街132號 Penn Plaza 9樓,郵編 10001。

如您位於印度,負責處理個人資料的法律實體為 UNiDAYS Private Limited,其主要營業地點位於印度馬哈拉施特拉邦浦那市 Shavaji Nagar 農業學院對面 Vedwati Apartments 4樓,郵編 411005。

對於其他地區,負責處理個人資料的法律實體為 MYUNIDAYS LTD,地址為英國倫敦肖爾迪奇市中心路25號 Epworth House,3樓 Spaces,郵編 EC1Y 1AA。

MYUNIDAYS LTD 於英格蘭及威爾斯註冊成立,公司編號為 07552253,增值稅號碼為 130053865,註冊辦公室位於英國倫敦肖爾迪奇市中心路25號 Epworth House,3樓 Spaces,郵編 EC1Y 1AA。

當我們提及「本平台」時,指的是 www.myunidays.com,以及 UNiDAYS 手機應用程式(以下稱「本應用程式」), 編輯,我們在合作夥伴網站上的嵌入框(iframe),可用於訪問 UNiDAYS,以及由 UNiDAYS 或代表 UNiDAYS 運營、並張貼或連結本私隱政策的任何其他網站或應用程式。

本私隱政策適用於有資格創建 UNiDAYS 帳戶的學生、畢業生及其他人士(以下稱「會員」),以及瀏覽本平台公開部分或在社交媒體上與 UNiDAYS 互動的其他人士。對於不同對象,則適用其他私隱政策。 求職申請者, 現有及潛在的合作夥伴與供應商, GenZ Insights, 以及我們的其他相關人士 企業用戶 頁面

您承認,本私隱政策說明了當您使用本平台時,我們如何處理您的個人資料。

如您位於英國或歐洲經濟區(EEA),則本私隱政策中針對英國/EEA 的特定規定,優先於其他條款。

如欲了解您如何行使您的私隱權利:

UNiDAYS 提供學生身份驗證服務,並與希望向經驗證的學生提供優惠及/或向我們的會員在平台上推廣其產品與服務的品牌合作。我們將這些品牌稱為「合作夥伴」。透過本平台,會員可享有合作夥伴提供的獨家促銷、折扣及其他精彩優惠(以下稱「優惠」)。會員亦可能獲得參與抽獎、比賽、競賽、志願活動、投票、調查、訂閱、獨家內容,以及其他線上或實體活動的機會。會員還可透過 UConnect 服務利用驗證身份登入合作夥伴的其他第三方平台。

在 UNiDAYS 與合作夥伴使用該等資料的範圍內, OAuth 2.0 若 UNiDAYS 與合作夥伴使用嵌入於我們 UConnect 服務中的授權協議,且您選擇透過 UNiDAYS 驗證您的身份及資格,我們將在必要時取得您的明示同意,與合作夥伴分享特定個人資料,以達成以下特定目的:驗證您的身份與資格以獲取合作夥伴優惠及/或使您能使用 UNiDAYS 帳戶登入第三方合作夥伴的平台。

如您居住在美國,請參閱我們的美國州級私隱聲明,可於以下位置取得: here.

我們收集會員的資料,以便驗證身份、精選優惠,並用於本私隱政策所述的目的。當然,當適用法律要求時,我們也會收集相關資料。

我們收集四大類個人資料:

我們會收集您在註冊、驗證身份或自行選擇提供給我們的個人資料。我們收集這些資料的目的包括:建立及保護您的帳戶、提供我們的服務,以及保障平台的安全。

建立 UNiDAYS 帳戶需要提供個人電子郵件地址,而學生驗證身份則需提供額外的學術個人資料,例如學術電子郵件地址、學生證及/或大學/學院/學術機構的支持文件(依您選擇的驗證流程,如 Portal 而定)。透過帳戶或使用平台收集的其他個人資料可能包括:

  • 姓名(姓氏及名字);
  • 大學/學院/學術機構;
  • 註冊狀態;
  • 居住國家;
  • 社交媒體用戶名稱;
  • 電話號碼;
  • 出生日期及年齡;
  • 性別;
  • 您的個人照片,例如學生證上的照片,或當您允許 UNiDAYS 透過應用程式存取您的照片時;
  • 客戶服務通訊記錄;
  • 您在回應問卷調查、參與焦點小組或討論時選擇分享的偏好、意見及其他有關您的資料;以及
  • 透過本平台與其他會員分享的個人資料。

我們收集上述個人資料的目的包括:

  • 用於驗證身份及會員資格;
  • 用於建立會員帳戶;
  • 用於向會員發送我們認為其可能感興趣的優惠資訊,包括根據該會員帳戶相關資料而作出個人化的優惠;
  • 用於管理會員自願參與的抽獎活動(亦稱為贈品活動)、比賽、投票、問卷調查及活動;
  • 用於回覆來函及處理相關請求,例如會員與我們客戶服務團隊的互動;
  • 用於了解會員如何與本平台互動,以便我們改進平台、開發新功能,以及識別哪些合作夥伴的優惠最受會員歡迎;
  • 用於處理會員申請成為 UNiDAYS 博客、網紅或其他內容創作者的申請;
  • 用於向會員提供志願服務及實習機會;
  • 用於收集反饋意見,並提供有關優惠、合作夥伴及平台的一般客戶服務;
  • 用於偵測及防範垃圾訊息、詐騙或未經授權使用本平台;以及
  • 用於監察及執行我們的法律協議合規性。

我們以及我們的承包商和供應商會自動收集與您使用本平台相關的個人資料。此類資料包括:

  • 裝置資訊:當您使用本平台時,我們會收集有關您的電腦或行動裝置的技術資料,包括您的 IP 或 MAC 位址、裝置品牌、型號及操作系統、行動網路資訊、網際網路服務提供商、裝置唯一識別號碼、廣告識別碼、瀏覽器類型與語言、以及地理位置(例如國家或城市級位置或時區);
  • 線上活動及瀏覽資訊:我們使用 Cookie、像素標籤、軟件開發工具包(「SDK」)及其他追蹤技術,自動收集您與本平台互動的資訊。此類資訊包括登入事件(即您何時登入及使用平台的時間長度)、點擊流資料(click stream data),即您的電腦或行動裝置與平台互動的資料,例如與優惠、投票、問卷調查及平台上其他內容的互動情況。Cookie、像素標籤、SDK 及其他追蹤技術的使用需獲得您的明示同意,更多資訊可參閱我們的 Cookie Policy.
  • 交易資訊:當您透過本平台使用優惠時,我們會收集該優惠的詳細資料以及使用的日期和時間。

自動收集的資料有助我們了解會員及非會員訪客如何使用本平台。具體而言,我們利用自動收集的資料來:

  • 用於透過我們的線上廣告合作夥伴(包括社交媒體平台)進行廣告個人化與定向投放;
  • 用於分析,以改善會員使用本平台或裝置的體驗;
  • 用於評估優惠及其他內容的表現,例如哪些合作夥伴及優惠類型最受歡迎;
  • 用於提升平台對會員的質量與相關性,例如根據會員的點擊流資料推測的偏好(在必要時取得同意)來展示或提供平台內容;
  • 用於向特定類別的會員展示我們認為符合其興趣的優惠及資訊;
  • 用於協助解決技術問題,以及開發和更新平台;
  • 用於偵測未經授權使用平台及/或分發平台內容的行為;
  • 用於客戶服務;以及
  • 用於帳單處理,以便我們向合作夥伴收取所提供服務的費用。

當您與優惠互動時,我們可能會從第三方接收個人資料。我們使用這些資料來分析及改善平台、提供服務、個人化您的使用體驗,並經營我們的業務。

我們可能不時從合作夥伴及其他第三方資料來源(包括公開資料來源)獲取您的個人資料。當您透過優惠點擊進入合作夥伴的網站或應用程式並進行購買時,我們會收到有關您與該合作夥伴互動的交易資料。我們使用這些資料進行帳單處理,以便向合作夥伴收取所提供服務的費用。此外,從第三方獲取的資料也用於更了解我們的會員、個人化會員在平台上的體驗、推薦我們認為特定會員可能感興趣的合作夥伴及優惠,以及提升平台內容的質量。這些資料還有助於我們監察與分析平台使用趨勢,以便更有效管理技術基礎設施,並偵測及防範詐騙或未經授權使用平台的行為。

如果您透過社交媒體網站(如 Facebook、Pinterest、Quora、Reddit、TikTok 和 Snapchat)上的連結進入 UNiDAYS,該社交媒體網站會與我們分享有關平台使用情況的資訊。這些資訊為彙總數據,無法用來識別您的身份。例如,這些統計資料可能會告訴我們訪客的年齡範圍以及性別。我們的 Cookie Policy 提供了更多有關您如何控制此類資料分享的資訊。

當我們將來自第三方資料來源的資料與我們持有的您的資料結合使用以增強資料完整性時,我們要求每個第三方資料來源確認其與 UNiDAYS 分享個人資料的行為是透明且合法的。

我們亦會處理您的個人資料,以根據您的喜好和偏好提供個人化及相關的廣告。

我們會利用會員及訪客在平台上的互動所收集的個人資料,向會員展示廣告,並協助合作夥伴展示定向廣告。定向廣告(有時稱為個人化廣告或基於興趣的廣告)是根據您的線上活動所產生的資訊來展示,例如:

  • 您透過平台進行的任何購買;
  • 您對平台的使用情況;
  • 造訪包含合作夥伴內容、廣告或 Cookie 的網站;以及您在登入平台前後造訪的網站。我們也使用社交媒體平台,如 Facebook、Reddit、Pinterest、Quora、TikTok 和 Snapchat 進行廣告投放。

我們及合作夥伴將處理有關您的個人資料,用於與定向廣告相關的以下目的,包括:
  • 追蹤使用者的使用情況及活動參與;
  • 針對特定使用者進行行銷活動定向;
  • 在您造訪平台時,收集有關您的資訊與洞察;
  • 提供第三方廣告商的廣告;以及
  • 決定向您展示可能相關的廣告。

您可以在帳戶設定中更改平台上的 Cookie 偏好設定,包括定向 Cookie(用於向您展示相關廣告)。即使如此,您仍會看到廣告,但這些廣告可能不再是個人化的。

某些網頁瀏覽器(包括 Safari、Internet Explorer、Firefox 和 Chrome)內建「請勿追蹤」(Do Not Track,簡稱 DNT)或類似功能,用以向網站發出信號,表示使用者不希望其線上活動被追蹤。當一個網站能回應特定 DNT 信號時,瀏覽器可阻止該網站收集使用者的某些資訊。但並非所有瀏覽器都提供 DNT 選項,且 DNT 信號尚未統一。因此,包括 UNiDAYS 在內的許多網站經營者不會回應 DNT 信號。
如欲了解我們如何以及為何使用 Cookie 進行定向廣告,請參閱我們的 Cookie 政策.

我們會與協助我們提供平台服務及經營業務的相關方(包括員工及承包商,視情況而定)分享您的個人資料。

當您給予我們同意時,我們也會分享您的個人資料。
UNiDAYS 會與協助運營平台的組織分享個人資料,或在法律要求下分享,及依本私隱政策所述的其他情況分享。

我們會將個人資料分享給以下類別的接收方::

  • 專業顧問,例如律師、會計師,以及資訊安全和取證專家;
  • 與我們合作進行定向廣告的第三方公司,這些公司會在我們的平台上部署 Cookie 及類似技術;
  • 合作夥伴及其他平台廣告商,在需要時用於處理訂單、付款及執行我們的業務;
  • 行銷供應商,協助 UNiDAYS 推廣平台,並不時補充我們已持有的個人資料。為此,我們可能會將您的電子郵件地址以加密形式提供給社交媒體平台,以便在您的社交媒體動態中展示贊助貼文,並提供給其他服務提供商,以協助我們開發洞察、匹配行為及建立受眾群體;
  • 我們的承包商及供應商,以便他們能為我們工作,包括但不限於執行資料分析,以及測試、監控、保護和支援平台及服務的承包商。例如:
    • Iterable 收取並使用我們的資料,以協助我們進行行銷電子郵件活動;
    • Kevel 收取並使用我們的資料,以向會員提供個人化廣告;
  • 在我們認為有必要披露的情況下,向具備資格的執法機關、政府監管機構、法院或其他第三方提供資料,包括:(i) 遵守法律,(ii) 行使、確立或維護我們的法律權利,或 (iii) 保護會員、合作夥伴或其他第三方的重大利益;
  • 潛在或實際的收購方或投資者及其專業顧問,與任何擬議的合併、收購或對我們全部或部分業務的投資相關。我們將盡最大努力確保本私隱政策的條款在交易後仍適用於個人資料,或讓您收到有關個人資料處理變更的通知;
  • 我們的關聯公司;以及
  • 在您允許的情況下,提供給其他第三方。

我們僅依據適用法律收集和處理您的個人資料。您的所在地將決定負責收集和處理您個人資料的法律實體。

根據歐洲經濟區(EEA)及英國的資料保護法,UNiDAYS 僅能在遵循 EEA 和英國資料保護法所規定的合法依據時,收集和處理您的個人資料,並需告知您 UNiDAYS 所依據的具體合法依據。

UNiDAYS 所依據的合法處理依據包括:

  • 同意:當您提供同意時,我們會處理您的個人資料;
  • 履行合約:UNiDAYS 根據與您的合約運營平台及相關服務,這些合約包括我們的 服務條款;
  • 我們的合法權益:UNiDAYS 可能基於作為企業的合法權益而處理個人資料,包括:
    • 高效地營運、維護及管理本平台及相關服務;
    • 因應我們用戶的需要,度身訂造本平台及相關服務;
    • 確保本平台的安全性;
    • 了解客戶行為,以改進及創建能惠及我們會員及合作夥伴的新服務及產品;
    • 防止及偵測欺詐行為;
    • 按照你的意願及期望與你進行溝通;
    • 回應及處理任何要求或投訴;
    • 保存及維持內部行政紀錄;
    • 進行品質控制及業務規劃;
    • 保留我們遵守法律規定的證據;
    • 尋求適當的專業意見,以及;
    • 為 UNiDAYS 抗辯任何法律索償或欺詐行為。
      當我們以合法權益作為處理個人資料的依據時,會在我們的權益與嚴格的私隱保障之間取得平衡;該等保障以公平性及目的限制為基礎,並旨在把對我們會員、訪客及其他人士的風險降至最低。
  • 遵守我們所須履行的法律義務。

如我們要求你提供個人資料以遵守法律義務或履行與你之間的合約,而你未有提供該等個人資料,我們可能無法遵守相關法律義務,或無法與你訂立或履行該合約。舉例而言,當我們要求你提供電郵地址時,我們需要該等資料以核實你是否符合使用本平台的資格。我們將會告知你提供個人資料是否屬強制性,以及如未能提供該等個人資料可能產生的後果。

如有其他法律依據或合法權益適用於特定的個人資料處理活動,我們將於收集該等個人資料時清楚說明。如你就我們處理你個人資料所依據的法律基礎有任何疑問或需要進一步資料,請使用下文「如何聯絡 UNiDAYS?」標題下所載的聯絡方式與我們聯絡。

  • 如你位於歐洲經濟區或英國,UNiDAYS 所收集之個人資料的資料控制者為 Myunidays Limited,地址為:英國倫敦 Shoreditch Epworth House,City Road 25 號,3 樓,郵區編碼 EC1Y 1AA。其於英國資訊專員公署(ICO)的登記編號為 Z2692580。
  • 如你位於印度,負責處理個人資料的法律實體為 UNiDAYS Private Limited,其主要營業地點位於:印度馬哈拉施特拉邦浦那市 Shivaji Nagar,Agriculture College 對面,Vedwati Apartments 4 樓,郵區編碼 411005。
  • 如你位於美國或加拿大,負責處理個人資料的法律實體為 Unidays Inc.,地址為:美國紐約市西 31 街 132 號,Penn Plaza,9 樓,紐約州,郵區編碼 10001。
  • 就所有其他司法管轄區而言,負責處理個人資料的法律實體為 MYUNIDAYS LTD,地址為:英國倫敦 Shoreditch Epworth House,City Road 25 號,3 樓,郵區編碼 EC1Y 1AA。

我們的資料保障主任可透過以下方式聯絡: dpo@myunidays.com

.
如你位於英國或歐洲經濟區,除本節的其他條文外(如有任何不一致之處,以下內容將優先適用),下列條款亦適用於你:
  • 如 UNiDAYS 處理你個人資料的行為是以你的同意為基礎,其法律依據為英國及歐盟《一般資料保障規例》(GDPR)第 6(1)(a) 條。你可隨時撤回你的同意(GDPR 第 7(3) 條),而該撤回僅對將來生效,並不影響在你撤回同意前已進行之處理行為的合法性。
  • 如 UNiDAYS 處理你個人資料的行為是基於履行你與 UNiDAYS 之間的合約,其法律依據為《一般資料保障規例》(GDPR)第 6(1)(b) 條。
  • 如 UNiDAYS 處理你個人資料的行為是基於其必須履行的法律義務,其法律依據為《一般資料保障規例》(GDPR)第 6(1)(c) 條。
  • 如 UNiDAYS 處理你個人資料的行為是基於 UNiDAYS 的合法權益,其法律依據為《一般資料保障規例》(GDPR)第 6(1)(f) 條。如你有興趣了解有關你與 UNiDAYS 權益衡量的詳細資料,請按照本節所述方式與 UNiDAYS 聯絡。 「如何聯絡 UNiDAYS?」. 如相關處理是基於 UNiDAYS 的合法權益,你有權反對該等處理(《一般資料保障規例》(GDPR)第 21 條)。
  • 根據《一般資料保障規例》(GDPR)第 77 條,你有權就 UNiDAYS 處理你個人資料的行為提出投訴;你可向你居住地的歐盟成員國,或發生有關投訴事項之地的本地資料保障監管機構提交投訴。我們亦希望你能先透過以下方式與我們聯絡,讓我們有機會處理你的關注事項: info@myunidays.com or dpo@myunidays.com 在你向監管機構提出投訴前;否則,有關聯絡資料可於以下位置查閱: https://edpb.europa.eu/about-edpb/board/members_en.

我們提供簡便易用的表格,以協助你更有效地提交資料私隱權利請求。如你對你的資料私隱權利有任何疑問或關注,亦可隨時與我們聯絡。

如你為美利堅合眾國居民,請參閱我們的《美國州私隱通知》,該通知為本私隱政策的補充,並可於以下位置查閱。 此處.

就由我們作為資料控制者的個人資料而言,我們將根據適用法律履行以下私隱權利:

  • 如你希望查閱、更正、更新、限制使用或刪除你的個人資料:
    • 如需刪除資料,請填寫以下表格 被遺忘權 表格;
    • 如欲查閱 UNiDAYS 所持有關於你的個人資料,請填寫以下表格 知情權 表格;以及
  • 如有其他請求,請使用以下所載的聯絡方式與我們聯絡: 「如何聯絡 UNiDAYS?」 下文標題下。
  • 請注意,與 STUDY by UNiDAYS 特別相關的請求可按以下方式查閱: 被遺忘權表格 以及 知情權 表格.
  • 你可反對處理你的個人資料、要求限制處理你的個人資料,或要求將你的個人資料作資料可攜轉移。如欲行使上述權利,請使用以下標題下所載的聯絡方式與我們聯絡: 「如何聯絡 UNiDAYS?」 下文標題下。
  • 你可透過點擊我們任何一封推廣電郵中的「取消訂閱」或「選擇退出」連結,或透過你的帳戶設定,選擇不再接收(或取消訂閱)UNiDAYS 的電郵推廣訊息。請注意,你無法取消訂閱某些通訊內容,例如與你的帳戶交易相關的訊息、非推廣性訊息、業務關係通訊,或系統更新或系統問題相關的訊息。
  • 如我們基於你的同意而處理你的個人資料,你可隨時透過以下標題下所載的聯絡方式與我們聯絡,以撤回你的同意: 「如何聯絡 UNiDAYS?」 下文標題下。撤回你的同意不會影響我們在你撤回同意前已進行之任何處理行為的合法性,亦不會影響基於同意以外的其他合法依據而進行的個人資料處理。
  • 如我們基於我們的合法權益而處理你的個人資料,在若干例外情況下,你有權反對該等處理,並可透過以下標題下所載的聯絡方式與我們聯絡以行使該權利: 「如何聯絡 UNiDAYS?」 下文標題下。
  • 當我們對你個人資料的處理涉及自動化決定時,例如文件驗證、安全監察(例如當我們因登入來自不同裝置或地點而未能識別時,向你發出電郵通知),或向你顯示哪些廣告或內容,我們並無意令該等決定對你產生法律效力或對你造成重大影響。所謂自動化決定,是指在未經我們進行人工審核的情況下,僅根據電腦演算法自動作出與你有關的決定。倘若我們就你作出的自動化決定對你產生法律效力或以其他方式對你造成重大影響,你有權要求我們覆核該決定,並要求進行人工審核。你可透過以下標題下所載的聯絡方式與我們聯絡,以了解及行使上述權利: 「如何聯絡 UNiDAYS?」 下文標題下。

我們將在可行情況下審視你的請求,並於適用法律所規定的期限內作出回應。於你向我們提交的任何請求中,請清楚說明有關請求所涉及的個人資料。

我們將根據適用的資料保障法律,回應所有個人就行使其私隱權利而向我們提出的請求。請注意,上述所述的權利並非自動適用,亦未必在所有情況下均適用;如出現此情況,我們將於回覆中通知你。

為保障你的資料安全,如你為會員,我們僅會處理與你帳戶所使用之電郵地址相關的個人資料請求;如你並非會員,我們僅會處理與你用以向我們提交請求之電郵地址相關的個人資料請求。我們或會要求你提供額外資料,以協助我們核實你的身分並確保你有權查閱相關個人資料。當我們要求你提供進一步資料時,該等要求屬於保安措施之一,以確保你的個人資料不會被披露予無權接收該等資料的人士。我們亦可能就你的請求向你索取進一步資料,以加快我們的回應。

保持你的個人資料(尤其是你的電郵地址)準確及最新十分重要。如你在與我們的關係期間個人資料有所變更,請更新你的帳戶及/或與我們聯絡。

請注意,我們可能需要保留某些個人資料以作紀錄保存之用,及/或用以完成你在提出更改或刪除要求前已開始的交易,例如兌現抽獎活動中的獎品。我們的資料庫及其他紀錄中或會留有我們無法亦不會刪除的剩餘個人資料。此外,基於法律、保安或其他類似理由,我們亦可能不允許你查閱某些個人資料。

一般而言,行使你的私隱權利毋須繳付任何費用;惟如你的請求屬毫無根據、重複或過度,UNiDAYS 可能會收取合理費用。

如你位於設有私隱法例並賦予你本私隱政策未有載述之私隱權利的司法管轄區,請透過以下方式與我們聯絡: DPO@MYUNIDAYS.COM.

如你位於英國或歐洲經濟區,除本節的其他條文外(如有任何不一致之處,以下內容將優先適用),下列內容亦適用於你:

  • 你有權獲得確認,並有權查閱該等個人資料或要求取得其副本(《一般資料保障規例》(GDPR)第 15 條)、有權更正不正確的資料(第 16 條)、有權要求刪除資料(第 17 條),以及有權限制(封鎖)你的資料(第 18 條)。
  • 此外,如相關處理是基於《一般資料保障規例》(GDPR)第 6(1)(e) 或 (f) 條,你亦可反對該等處理(第 21 條)。
  • 如該等資料由你所提供,你可要求轉移該等資料(《一般資料保障規例》(GDPR)第 20 條)。
  • 如相關處理是基於《一般資料保障規例》(GDPR)第 6(1)(a) 條或第 9(2)(a) 條所指的同意,你可隨時撤回該同意,且僅對將來生效(第 7(3)(1) 條)。你亦有權向有關的資料保障監管機構提出投訴(第 77 條)。

上述權利是否以及在何種程度上於個別情況下生效,並適用於何種條件,均由法律規定。

一般而言,我們會視乎情況在英國、愛爾蘭及美國處理個人資料。我們僅會在適用法律所允許的情況下轉移資料。

你的個人資料可能會被轉移至你居住地以外的地區並於該等地區進行處理。該等司法管轄區的私隱法例可能與你居住地的法例有所不同(在某些情況下,其保障程度可能較低)。

我們的伺服器主要設於愛爾蘭,但為了提供更快的存取速度、更高的系統穩定性,以及防止伺服器故障,我們亦會在其他地區的伺服器上儲存及複製你的個人資料。UNiDAYS 或代表 UNiDAYS 處理個人資料的其他主要司法管轄區包括美利堅合眾國及英國。

如本私隱政策所述,我們與其共享個人資料的合作夥伴、供應商及承辦商,分佈於全球不同司法管轄區,並會將個人資料轉移至該等地區。

如你的個人資料由我們或代表我們轉移,我們將根據本私隱政策及適用法律,採取適當的保障措施以保護你的個人資料。該等保障措施包括(如適用)就個人資料轉移訂立《標準合約條款》。視乎個人資料轉移的地點,我們亦可能要求採取額外的保障措施。請使用以下標題下所載的聯絡方式與我們聯絡:「如何聯絡 UNiDAYS?」 下方標題提供更多相關資訊。

當我們將個人資料分享給作為我們處理方的第三方時,我們會依據合約義務進行,要求該處理方依本私隱政策保護您的個人資料。

我們會依據適用法律,採取各種技術措施來保護和保障您的個人資料安全。

像所有組織一樣,UNiDAYS 無法完全消除與個人資料處理相關的安全風險,但 UNiDAYS 採用技術、實體及管理上的保障措施來保護我們處理的個人資料。我們的保障措施旨在提供與個人資料處理風險相適應的安全等級,包括(視情況而定)確保處理系統的持續保密性、完整性、可用性與韌性,以及定期測試、評估和檢查技術及組織措施有效性的程序,以確保個人資料處理的安全性。

您有責任維護帳戶憑證的安全性。UNiDAYS 將視透過您的帳戶憑證進入平台的行為為您授權的操作。

如果我們懷疑或發現任何安全違規行為,可能會在未通知的情況下暫停您使用平台的全部或部分功能。如果您認為您提供給 UNiDAYS 的資訊或您的帳戶已不再安全,請立即通知我們,聯絡方式為 info@myunidays.com.

如果我們得知有違規事件影響到您的個人資料安全,我們將依據適用法律向您提供通知。在法律允許的情況下,UNiDAYS 將透過與您帳戶相關聯的電子郵件地址向您發送此通知。

未經授權存取個人資料及平台——包括資料抓取(scraping)——是被禁止的,可能會導致刑事起訴。

我們僅在適用法律允許的期間內保留個人資料。我們也會將部分個人資料匿名化以作存檔使用。

UNiDAYS 只會在持續存在合法業務需求的期間內保留您的個人資料(例如,為了向您提供您所要求的服務,或為了遵守適用的法律、稅務或會計要求,或防範詐騙)。如果需要處理投訴,或我們合理地認為可能與您之間產生訴訟,我們可能會將您的個人資料保留更長時間。

當我們不再有持續的合法業務需求來處理個人資料時,我們將刪除或匿名化該個人資料。若您是會員,UNiDAYS 的政策是在您的會員資格終止後三(3)年刪除或匿名化您的個人資料。

如果我們無法刪除或匿名化某些個人資料(例如,因為您的資料存放於備份檔案中或基於法律要求),我們將安全地儲存這些個人資料,並將其與任何進一步處理隔離,直到可以刪除或匿名化為止。

我們可能會將個人資料匿名化,用於研究或統計目的。在這種情況下,所得資料不再屬於本私隱政策所規範的個人資料,我們可以無限制地使用這些資料。

本私隱政策適用於 UNiDAYS 平台。當您與優惠互動或造訪第三方的網站或應用程式時,將適用該第三方的政策與條款。

本私隱政策不適用於合作夥伴在其自身網站或其他第三方網站上進行的個人資料處理,即使這些網站與本平台有連結。透過任何這些第三方網站收集的個人資料,將受各該第三方的私隱政策及作法約束。您訪問所有第三方網站需自行承擔風險。我們建議您在向任何人提供個人資料前,先查閱相關的私隱政策。

我們可能會不時更新本私隱政策。您隨時都可以在我們的網站上查閱最新版本。

UNiDAYS 可能會因應法律、技術或業務發展的變化,不時更新本私隱政策。當我們更新本私隱政策時,會發布更新版本並修改上方的「最後更新日期」。我們也會採取適當措施通知您,以便您有機會審閱本私隱政策的重要變更,但請您定期查看本私隱政策,以確保了解最新版本。

如對本私隱政策或 UNiDAYS 的個人資料處理有任何疑問,請透過以下方式聯絡我們:

  • 電子郵件: dpo@myunidays.com.
  • 郵寄地址:Myunidays Limited,收件人:資料保護主管(DPO),Spaces 3 樓,25 City Road, Epworth House, Shoreditch, London, United Kingdom EC1Y 1AA

服務名稱

UNiDAYS

服務描述

UNiDAYS 是全球領先的學生聯繫網路,將全球學生群體與相關品牌及服務連結起來。

資料管理者及聯絡人

資料管理者為 MyUnidays Limited,地址為 Spaces 3 樓,25 City Road, Epworth House, Shoreditch, London, United Kingdom EC1Y 1AA。您可透過上述郵寄地址直接聯絡,或發送電子郵件至 dpo@myunidays.com

管轄區

GB, England

處理的個人資料

以下資料由您的母組織提供:

  • 您的唯一使用者識別碼(SAML 永久識別碼、ePPN 或 ePTID)
  • 您在母組織中的角色(eduPersonAffiliation、eduPersonPrimaryAffiliation 或 eduPersonScopedAffiliation)