Security & Privacy Policy

Contents:

  1. The information we collect and how we use it
  2. How we protect your information
  3. Sale of business
  4. Updating your details
  5. Your consent
  6. Google Analytics
  7. Security Standards
  8. Access
  9. How to contact us

Youatwork Limited (Registered in England with number 4234654) and Youatwork Financial Services Limited (Registered in England with number 6503351) of 6th Floor, Corinthian House, Lansdowne Road, Croydon CR0 2BX are committed to ensuring that your privacy is protected.

This Security & Privacy Policy explains how we use the information we collect about you, how you can instruct us if you would prefer to limit our use of that information and the procedures we have in place to safeguard your privacy.

1. The information we collect and how we use it

Registration

When you register to use our site we will request information from you including your name and e-mail address. We may also request other limited information about you or your business. We, our agents and subcontractors may check some of the information that you provide to us against third party databases to confirm that it is accurate.

We gather and use this information to allow us to process your registration and provide you with our services. We, our agents and sub-contractors may also use this information to communicate with you on any matter generally relating to the provision of our services. Any calls that you make to our customer team may be recorded and the information obtained used for the purposes of our business management, training and security. You will always be able to see and amend the registration information we hold about you by contacting us at Youatwork Limited, 6th Floor, Corinthian House, Lansdowne Road, Croydon CR0 2BX

Suppliers

When you order goods or services from any supplier via our site, the supplier may need to know your credit card or other payment details and delivery details, and may collect other information from you. The supplier will be responsible for maintaining the security of the information (including credit card details) you provide to it, and its use of that information will be governed by the supplier's privacy policy.

When you place an order with a supplier via our site that supplier may send back to us information about you and your order. We may also be provided with data, including personal data, relating to fulfilment of your order and any complaint you may make. We may use that data in accordance with this policy, including to monitor site usage, supplier performance and customer satisfaction. On occasions we carry out surveys or other promotional activities which may be for our own benefit or for more general interest, and may collect further information about you in connection with them. Participation in any survey is entirely optional.

Certain of the tools and functionality provided on our site may permit you to enter and/or store data on our site. We may access and use that data in accordance with this Privacy Policy, including to improve and tailor our services to you.

Our use of information gathering technologies

A cookie is a small piece of information that a web site puts on your hard disk or stores in your computer's memory so that it can remember something about you at a later time. A cookie records your preferences when using a particular site, ensuring that you are not shown the same information and/or are only shown information you have indicated that you are interested in. In order to use our site you must agree to let cookies be saved on your computer's memory as they are an essential part of the site navigation.

Our site uses "in-memory" cookies which essentially remember, during any one visit to the site, who a user is between page clicks, so that we can deliver personalised information and navigation by shaping the information you receive. Since each user has individual access rights to areas of the site we must be able to identify users at all times. As soon as your browser is shut down or you log out of our site, any cookies stored on your computer from our web site will expire. Each time you enter our site you will be given a new "in-memory" cookie. We reserve the right to use other tracking technologies in the future.

We, or our third party advertisers, may also use cookies to monitor the effectiveness of advertising on our site and we may provide those advertisers with the information we have gained from using cookies to allow them to do this. Our suppliers may use cookies on their sites and should inform you as to how and when they are doing this. You can accept or decline cookies by modifying the setting in your browser. Please note that if you disable cookies you may not be able to use all the features of our site.

We (or our customer service agencies) may use the information we collect about you using cookies to monitor site usage, supplier performance and customer satisfaction or for other research and analytical purposes, in order to improve and better tailor the services we provide and to decide which customers to include in any promotional campaigns we may run. We or our agents and sub-contractors may occasionally contact you including by post, email or telephone to ask you for your feedback and comments on our services.

We may also use aggregate information and statistics for the purposes of monitoring web site usage in order to help us develop and improve our site and our services and we may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual.

We and our group companies may also wish to provide you with information about special features of our web site or any special service or products which we think may be of interest to you. We may also want to provide you with related information from third parties which we think may interest you. If you would rather not receive such information from us, please log on to the website and update your personal information in the "My Account" section of the site to inform us of this. We will check in with you from time to time to see if you wish to amend your preferences.

All personal information supplied by you will be treated in confidence by us and our Group companies and will not be disclosed to any third parties except where your consent has been received or where required by law. In order to provide you with products and services this information will be held in the data systems of our Group companies or our agents or sub-contractors.

2. How we protect your information

The Internet is not a secure medium. However we take security issues very seriously and abide by strict internal standards. Some of the relevant security procedures are described in this Privacy Policy.

We capture the information we collect through our site over a secure link using recognised industry standard techniques which encrypt data while travelling over the internet. When you access certain pages of our site which involve the transmission of confidential information over the Internet, your computer's browser will be provided with an electronic certificate confirming that you have accessed our site and communications between you and us will be encrypted. We recommend that you use the facilities of your computer's browser to confirm which pages are secured in this way.

Firewalls are used to attempt to block unauthorised traffic to the servers that host our site and the actual servers are located in a secure location, which can only be accessed by authorised personnel.

We keep the information we have about you confidential. Our internal procedures cover the storage, access and disclosure of that information.

You should ensure you keep your password confidential and remember to sign out when not using the site to prevent unauthorised access.

3. Sale of business

In the event that our business is sold or integrated with another business (such as in a joint venture arrangement) the details we have about you may be disclosed to our advisers and any prospective purchasers' advisers, and will be passed on to the new owners of the business.

4. Updating your details

To update any of your details, please log on to the site and update your personal information in the "My Account" section. Alternatively, you may let us know the correct details by sending a letter to youatwork Limited, 6th Floor, Corinthian House, Lansdowne Road, Croydon CR0 2BX

5. Your consent

By submitting information on our site you consent to the use of that information as set out in this Privacy Policy. In particular, you agree that by providing any health or other sensitive data as part of your use of our site (or any services provided via our site) you explicitly consent to the use of that information as set out in this Privacy Policy. You also agree, by entering our site, to the acquiring and use of other information we gain about you (including through using cookies), as set out in this Privacy Policy. These consents are additional to, and do not affect, any consents you may have given, or may give, to us, our suppliers, agents or subcontractors, sending you marketing information by email, fax or telephone.

If we change this Privacy Policy we will post the changes on this page, and may place notices on other pages of our site to alert you to them. Continued use of our services will signify that you agree to any such changes.

Because the Internet infrastructure is global, the information you provide may be transferred during use as set out in this Privacy Policy outside the European Economic Area ("EEA") for processing purposes to countries that do not have similar data protection legislation to protect your rights to that that within it. However, we have taken steps to ensure that that information will be kept securely and only used for the purposes for which you provided it. Details of the countries and recipients involved will be provided to you on request.

6. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

7. Security Standards

Hundreds of companies trust us to manage their benefits & rewards programmes, so our top priority is to ensure that all transaction and sensitive data is kept secure at all times.

We maintain high standards of data security and have implemented key international standards of best practice in online and data security at our Data Centre and where data held by our systems can be accessed.

  • PCI Data Security Standard
  • ISO27001*
  • SSAE 16 Reporting Standards (SOC 1, SOC 2, SOC 3)*

We take an active role in the overall reduction of identity theft and fraud on the Internet by ensuring the security of our IT systems, personnel and infrastructure.

Our employees are trained in all aspects of web application security, including infrastructure vulnerabilities, cross-site scripting, secure data storage, and using the software development lifecycle to maintain and improve security.

Transaction security

All transaction and credit card information entering Youatwork Ltd systems is encrypted using 128-bit SSL certificates from VeriSign. No sensitive information is ever passed unencrypted in a web browser to Youatwork systems. You can be completely secure in the knowledge that nothing you enter as part of a secure Youatwork transaction can be examined, used or modified by any third parties attempting to gain access to sensitive information.

Encryption and data storage

At our Data Centre rigorous physical, electronic, and personnel security measures protect your data. Those measures are regularly assessed by Youatwork Ltd IT Management and our systems are scanned quarterly by Security Metrics, an official Visa Qualified Security Assessor.

Once on our systems, payment card and password data is encrypted and securely stored in our dedicated hosting facilities at our Data Centre. Our servers and network infrastructure are owned and used by Youatwork Ltd and are not shared with any other company or industry.

All sensitive information and authentication data passed to the Youatwork web site in a web browser is encrypted and protected during transmission using SSL certificates from Symantec and Thawte.

Links to banks

Youatwork Ltd authorises credit card transactions in partnership with Barclaycard Merchant Services (BMS). Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.

If you have questions about security or privacy on our site please contact our Customer Care Team.

The UK-based data centre where our servers are located is ISO27001, 14001 and 5001 compliant. Additionally it meets SSAE 16 Reporting Standards (SOC 1, SOC 2, SOC 3)

8. Access

We will give you access to the web-site provided always that your employer has paid our licence fee, upgrades fees, administration fees, and any other fees (as applicable). We reserve the right to change our licence fees, upgrade fees, administration fees, and any other fees from time to time and will notify your employer accordingly.

9. How to contact us

We welcome your views about our web site and this Privacy Policy. If you would like to contact us with any queries or comments please contact our Customer Care Team.