Facebook Pixel Skip to main content

Privacy Policy

SQUID Reward Ltd Privacy Policy

Effective Date: 01/05/2024

This Privacy Policy is issued by Squid Rewards Limited (all references to “Squid”, “we”, “us” or “our” in this notice refer to Squid Rewards Limited).  We are registered in Ireland under company number 644810 and have our registered address at 48 Main Street, Schull, Co. Cork.

Squid is committed to protecting the privacy and personal data of its users. This Privacy Policy outlines how we collect, process, and store personal data, including anonymised user data, in compliance with the General Data Protection Regulation (GDPR).

Data Controller and Contact Information

The controller for the SQUID loyalty app and platform is Squid, which is responsible for the collection, processing, and storage of personal data of our users, including anonymised user data. If you have any questions or concerns about this Privacy Policy or our data practices, you can contact us at privacy@squidloyalty.ie.

Personal Data Collected

We collect personal data from users in order to provide loyalty and reward services and to improve our marketing and promotional efforts. The categories of personal data we collect are set out in the “Purposes for Processing and Associated Legal Bases” section of this Privacy Policy below, along with the purposes for which we process that personal data.  

Sources of Personal Data 

Most of the personal data relating to you that Squid holds is collected directly from you. As well as collecting information from you directly, if you sign up to a points based program and/or decide to auto-link your payment card, Squid collects or receives information about you from the following sources:

  • Square – Details of your transactions will be retrieved from Square payment terminals in participating retailers in order to calculate your loyalty points/stamps.

Use of Personal Data

We collect and process personal data for the following purposes:

  • To register users and enable them to earn and redeem rewards and vouchers from retailers.
  • To link users’ credit or debit cards so that their transactions in participating retailers can be linked to their accounts, to accrue stamps and loyalty points.
  • To calculate users’ stamps and/or loyalty points.
  • To verify users’ phones with their accounts for certain promotional offers.
  • To respond to any queries or complaints users have.
  • To communicate with users regarding their rewards, updates and promotional offers.
  • To personalise user experience on the app and improve our products and services.
  • To provide analysis, statistics, and insights to our retailers and third-party service providers.
  • To comply with legal and regulatory requirements.
  • To personalise user experience on the app and improve our products and services. 

In the “Purposes for Processing Activities and Associated Legal Bases” section below we explain what personal data we process to achieve these purposes.  

Legal Basis for Data Processing

We process your personal data lawfully using one of the following legal bases: 

  • User consent – in certain circumstances we may ask for your consent to process your personal data, for example to send you promotional or marketing material. You can withdraw your consent at any time. 
  • Processing necessary to perform a contract between you and Squid – if you have signed up to use our services, we will process your personal data in order to fulfil the contract and to provide you with services. 
  • Legitimate interests – we may process your personal data to pursue our legitimate interests of providing loyalty and reward services to our users and maintaining those services as well as our legitimate interests in improving our products and services.
  • Legal obligations – we may process your personal data when we are required to do so under law, for example if An Garda Síochána requires that we provide them with your personal data.

Purposes for Processing and Associated Legal Bases 

Squid processes your personal data in order to: 

Purposes Categories of personal dataLegal bases 
To register users 
  • Name 
  • Date of Birth
  • Email
  • Username/Sign-In ID
  • Password
  • IP address, IMEI, IMSI, device ID and OS version
Performance of a contract
To verify your account and phone during promotions
  • Phone number (when used to verify your account in this way we only keep a hashed representation of your phone number, which we cannot identify you from and cannot reverse from its hashed representation)
  • Username/ Sign-In ID 
Legitimate interests
To tailor your account and app experience to you
  • Gender 
  • Date of birth
  • Location 
Legitimate Interests
To contact you with information in the app or by email relating to your account (other than for marketing)
  • Name 
  • Email address
  • Account details
  • Stamps/points information
  • App usage and activity
  • Legitimate Interests
  • Performance of a contract
To link your payment card with your account (when you participate in a points based program)
  • Card number (we only store the last four digits in a hashed representation, which we are unable to identify you from and cannot reverse from its hashed representation)
  • Expiration date of card
  • Card type and brand
  • BIN
  • Four-character code on your receipt (if you have not already added your card details to the app)
  • Amount of transaction (if you are using the four character code on your receipt to link your card to the app)
Performance of a contract
To calculate your loyalty points (when you participate in a points based program)
  • Hashed card identifier 
  • Expiry date of card
  • Card type and brand
  • BIN 
  • Payment time
  • Amount of transaction and currency used
  • Payment status (e.g. completed)
  • Location of the purchase
  • Retailer where purchase was made
  • Receipt details (number and URL) including details of items purchased
Performance of a contract
To record your loyalty stamps when using a stamp only based program
  • Details of stamps accrued at retailers
To keep the Squid app working, such as to troubleshoot issues, analyse user data, to test new products and services in order to enhance and improve our business
  • Location 
  • Payment time 
  • Amount of transaction 
  • Date of birth (to identify which general age group you fall under)
  • Email address
Legitimate interests
To notify you of special offers, promotions and other deals or marketing information through push notifications, in-app messaging, email or to your mobile phone number 
  • Loyalty tier
  • App usage and activity 
  • Offers applicable to you
  • Location 
  • Email 
  • Phone number 
  • FCM token
Consent 
To respond to queries and complaints 
  • Name 
  • Email address
  • Any other personal information you include in your query or complaint
Legitimate interests
To anonymise your personal data in order to share it with third parties and retailers (so you can no longer be identified from this data)
  • Amount of transaction 
  • Date of birth (to identify which general age group you fall under)
  • Payment time
  • Amount of transaction and currency used
  • Payment status (e.g. completed)
  • Location of the purchase
  • Receipt details (number and URL) including details of items purchased
Legitimate interests

We may also process your personal data for the purposes of complying with our legal and regulatory obligations, or to enforce our rights where necessary. In those circumstances our legal bases for processing may be one of the following: 

  • Legal obligation (e.g. if a regulator or law enforcement body requires your data); or

  • Legitimate interests (e.g. if a legal dispute arises between you and Squid Rewards).

Data Sharing and Recipients of Data

We may share user data with: 

  • our third-party service providers, agents, contractors and advisors; 
  • law enforcement agencies as required by law; and
  • third parties, their agents and professional advisors, subject to confidentiality obligations, for the purpose of a due diligence exercise by third parties in connection with any proposed merger, acquisition, re-organisation or transfer of our business and to any person proposing to participate in, or promote or underwrite or manage any such arrangement.

Finally, we may share anonymised data with our retailers and other third parties, however you will not be identifiable from this data. 

Transfers Abroad

In connection with the above we might transfer your personal data outside the European Economic Area, including to a jurisdiction which is not recognised by the European Commission as providing for an equivalent level of protection for personal data as is provided for in the European Union.  If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers. These may include entering into a contract governing the transfer that contains the ‘standard contractual clauses’ approved for this purpose by the European Commission or, in respect of transfers to the United States of America, ensuring that the transfer is covered by the EU-US Privacy Framework. [To the extent that we transfer personal data to the United Kingdom, this transfer is made lawfully on the basis of the Commission Implementing Decision (EU) 2021/1772 of 28 June 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom, which can be found here]. If you would like to receive further details of the measures that we have taken in this regard, please contact us at privacy@squidloyalty.ie.

Data Retention

We retain personal data for as long as necessary to provide loyalty services and comply with legal and regulatory requirements, or to protect our rights. We regularly review and anonymise inactive user data.

To determine the appropriate length of time to retain your personal data, we consider the amount, nature, and sensitivity of the personal data we hold about you, as well as the risk of harm from unauthorised use or disclosure of that data. We also consider the purposes for which we process your personal data and whether we can achieve those purposes through other means, and applicable legal requirements.

For more information on our retention practices in relation to the processing activities we have listed above, please contact privacy@squidloyalty.ie

Your Rights

 You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your personal data: 

  • Right to access the data – You have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data. 

  • Right to rectification – You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete. 

  • Right to erasure – You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten. 

  • Right to restriction of processing or to object to processing – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes. 

  • Right to data portability – You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine-readable format. 

  • Right to withdraw consent – If you have given us consent to use your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of the processing which took place up until you withdrew your consent. 

Please note that these rights are not absolute and are subject to certain restrictions and exemptions. 

In order to exercise any of the rights set out above, please contact us at privacy@squidloyalty.ie

Required Information

You are not required to provide us with your personal data. However, there are certain pieces of information that you must provide to us in order for us to ensure that our app and our other services work for you (e.g. your card information, name, date of birth, email address). If we do not receive this information, this will impact our ability to provide you with our services and may impact your ability to collect and use stamps and loyalty points. 

Data Security

We take appropriate technical and organisational measures to ensure the security of personal data against unauthorised access, theft, and loss. We will also ensure that any of our agents or any third parties service providers who process your personal data are required to keep your data safe and secure. 

Changes to the Policy

We may update this Privacy Policy from time to time and users can find the updated policy at www.squidloyalty.ie and you will be notified of any changes.

Questions and Complaints

If you have any questions or complaints about our use of your personal data, please contact us at privacy@squidloyalty.ie or using the contact details above. 

Further information about data protection can be found on the Data Protection Commission’s website: www.dataprotection.ie.

You also have the right to lodge a complaint with the Data Protection Commission if you are not happy with the way we have used your information or addressed your rights. Details of how to lodge a complaint can be found on the Data Protection Commission’s website.   

User Code Of Conduct

Welcome to SQUID loyalty platform! We’re excited to have you join our community. To ensure a smooth and enjoyable experience for all users, we’ve established this User Code of Conduct. Please take a moment to familiarise yourself with these guidelines.

  1. Respect for Others

Be Kind and Courteous: Treat all staff of our partner retailers with respect and kindness. Let’s build a supportive and friendly environment.

Respect Store Policies: Follow the policies and guidelines set by participating retailers when using SQUID’s loyalty program. Non-compliance may result in the forfeiture of rewards.

  1. Loyalty Program Guidelines

Stamp Collection: Use the NFC feature as intended by participating retailers to collect loyalty stamps. Do not attempt to misuse or manipulate the stamp collection process.

Reward Redemption: Redeem rewards in accordance with the terms and conditions specified by retailers. Any fraudulent activities will not be tolerated.

  1. Privacy and Data Security

Privacy: Safeguard your personal information and respect the privacy of others. 

Account Security: Maintain the security of your SQUID account to prevent unauthorised access or misuse.

  1. Reporting Violations

Reporting Issues: If you encounter any issues or violations of this Code of Conduct while using SQUID, please report them promptly to our support team. Your feedback is essential to maintain a safe and reliable platform.

  1. Consequences of Violation

Violations of this Code of Conduct may result in various consequences, including but not limited to:

Warning: A first-time minor offence may result in a warning from our moderation team.

Loyalty Point Deduction: Misuse of loyalty programs may lead to the deduction of loyalty points or stamps.

Account Suspension: Severe or repeated violations may result in a temporary or permanent suspension of your SQUID account.

  1. Contact Us

If you have any questions, concerns, or need to report a violation of this Code of Conduct, please contact our support team at support@squidloyalty.ie.

By using SQUID, you agree to adhere to this User Code of Conduct. We reserve the right to update these guidelines as needed to ensure a safe and enjoyable platform for independent retailers and users.

Community Guidelines link: 

Prohibited Activities:

  • Double stamping
  • Violating the terms of a promotion
  • Stealing of tags
  • Hacking of the technology
  • Spam

Investigation Process:

  • SQUID is capable of reviewing all actions taken by a user on the platform and tie these to the email etc.

Consequences of Violations:

  • SQUID reserves the right to ban users from the platform 
  • Something to revert back to here about how users are the retailers’ responsibility and that they need to govern their tags themselves