Ubamarket Ltd (“Ubamarket”) is the service provider that provides the scan and go shopping mobile app for certain Central England Co-op Limited’s (‘CEC’) stores that support the App (“Stores”). We are a specialist retail mobile app provider and our details are set out below in this notice. For ease of reference, the main features of the Ubamarket app are:
(together we will refer to these as the “Services”)
In providing the Services to you, Ubamarket collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation (which applies across the European Union) and the Data Protection Act 2018 and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
Ubamarket and CEC collect certain personal data to be able to provide Services to you via the app including your name, gender (optional field), date of birth, phone number, mobile device ID, email address, and (if applicable) your Co-op member or partner number.
We collate information about your shopping, so that we can optimise your shopping experience and show you offers and discounts that we think are relevant to you.
If you pay for your shopping using ‘in App’ ‘or using the QR code at the checkout, then company we select to carry out the payment processing company will know your bank or credit/debit card details and any other personal details it requires from you to process the transaction.
If you elect to make contact with us to receive any customer service, we may require certain details from you to identify you as the account holder and to communicate with you.
We may also use your information to:
To provide the Services and as described in the paragraph above, we may collect the following information:
Device information: We may collect information about your device each time you use the App. For example, we may collect information on the type of mobile device that you are using and its unique device identifier (for example, the IMEI number, the device’s mobile phone number, or the MAC address of the device’s wireless network interface), the type of mobile browser that you are using, the mobile operating system that you are using, mobile network information, and the time zone setting.
Access to your device: we will need access to your camera to scan items and access to your microphone if you wish to use voice functionality to build a shopping list. If you choose to share a shopping list, we will require access to your contacts so that the list can be sent to the applicable person.
Location data: We may also collect information to determine your location, but only when using the App. We may require this so we know which store you are in to ensure you have access to the relevant shopping list and store directions.
Log Information: We collect log information about your use of the App including: the time, duration and frequency of your access; pages viewed; items browsed or purchased and your favourites.
Managing Access to your device: You can access or withdraw your consent to use if the camera, location data, microphone or contacts in your phone settings at any time, but this may affect the functionality of the App or even stop it working.
Notifications for offers and discounts
If you opt in to receive marketing offers (we call them [Offer Notifications]) via email, sms or push notification, you may receive offers and discounts that are relevant for you. In addition, from time to time we may send you other special or seasonal offers. For this purpose, we may use data such as your name, mobile number, date of birth or email address.
In addition, its worth noting that if you have opted-in to receive marketing from the store itself via a store loyalty scheme or similar, the store or its loyalty provider may contact you with details of our product or offers making use of our product. In each case, such communications are not controlled by Ubamarket.
We do not share information about you in any way other than as described in this privacy notice.
We may share your personal data with the Central Co-op) where there is a customer service issue or for other reasons in relation to your shopping transactions and experience. Click here to see store’s privacy notice. [https://www.centralengland.coop/your-co-op/privacy-and-data-protection]
As we mention above, we share certain personal data with the payment processor and the card issuer in order to facilitate payment for your shopping.
We may use a third party age verification provider for ‘in app’ age restriction clearance if you are purchasing age restricted items. Our partner is a government accredited provider in the UK and they pass us the minimum details necessary to clear age restriction. If you use the ‘age estimator method, no personal data will be collected. If you use the ‘age verification’ method, you will be asked to share your name, age and supporting evidence to our accredited age verification partner, who will only pass to use that you have cleared the applicable age check
We host, maintain, operate and improve our App on third party to our third-party cloud based application systems.
We may also share aggregated or de-identified information (meaning in such a way as you cannot be identified) with third parties.
The legal basis for the processing of your personal data is that it is necessary for us to fulfil our obligations according to the contact you have with us to provide the App and Services, legitimate interest (for example carrying out customer services or monitoring network and information systems security), or to comply with legal obligations. This is the same for the payment processor company and our age verification partner.
The legal basis for sending you marketing Central Co-op offers or discounts (as described above) by push notifications, email or sms offers is your consent. You will be able to manage your consent to this processing by going to ‘Preferences’ within the ‘My Settings’ area of the App. Please note that if you do not give or withdraw consent, you will still receive service related messages.
We will hold you personal data for a reasonable period of time while you still have the App installed on your device and after you delete the App. We continue to hold your information for a period after you delete the App in case there is an outstanding customer services issue relating to prior use or when there is a legal obligation to do so. At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregating with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
We have put in place appropriate security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. In addition, we limit access to your personal data to those of our personnel and other third parties who have a genuine business need to know it. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. To the extent possible, we will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. However, given the nature of the personal data we may process it is unlikely we would be able to contact you directly.
Under certain circumstances, you have rights under data protection laws (such as the GDPR) in relation to your personal data. For the most part, the personal information we collect on you is set out in the ‘My Account’ feature within settings area of the App. Information about your shopping and preferences is contained in the ‘Receipts’ and ‘Favourites’ sections of the App. You may contact us using the contact details below to see if we hold additional personal information, but there is unlikely to be any specific additional personal data unless you have contacted us with regards to customer services.
Under data protection laws (such as the GDPR), you may have the right to ask us to suspend the processing of your personal data. You can do this yourself by deleting the App. You may at any time update, correct or delete information you have provided to us in the ‘My Account’ section of the App. Enquiries regarding processing of personal data and access requests should be directed to the point of contact provided below.
Where we require personal data to be able to provide the benefits of Ubamarket to you or comply with legal obligations, then provision of such data is necessary. If such data is not provided, then we will not be able to manage our contractual relationship, or to meet obligations placed on us. In all other cases, the provision of requested personal data is optional.
If we transfer your personal data out of the EU, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a data protection supervisory authority, in particular in the European Union state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
We may change this privacy notice from time to time and any changes we make will be posted on this page. Any new version of this Policy will be published on our website.