ScanExtras Privacy Notice

IMPORTANT – This notice explains that ScanExtras has obtained your personal data from an information capture form when you scanned one of our QR point of sale items in a store.  We are the data controller for the purposes of the General Data Protection Regulation (“GDPR”) and can be contacted below.

ScanExtras (‘the Company’) is responsible for the processing of personal data and is a data controller for the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation (‘GDPR’)).

The Company’s registered address is Kemp House 152-160 City Road, London, England, EC1V 2NX (company no. 12716233). The Data Protection Officer (‘DPO’) is contactable at  This notice is produced in accordance with relevant data protection law.

What data we collect.

we are processing your:

  • Name
  • Mobile phone number (if applicable)
  • Email address (if applicable)
  • Other identification information: information about your computer or mobile device, including your device identifier or other unique identifier (e.g. Android advertising ID or Apple IDFA), IP address, operating system model, network, renewal date and browser type.
  • Preferences & Interests information: the types of offers and retailers/brands that interest you, information collected from social media interactions (such as via Facebook Connect).
  • Transactional information: details of your visits to and use of our site (the “Website”) or our browser extension (the “Browser Extension”) or emails that we send you (the “Emails”), including the offers you view and use, rewards you redeem, including receipts and other data you submit as part of the reward, traffic data and other communication data, the resources that you access, the transactions you make.
  • Location information: includes information relating to the latitude and longitude of your device and the time and date the location information was recorded, your location relative to nearby retailers/brands or your presence within a geofence.
  • In respect of the Browser Extension only, the site you are visiting when the Browser Extension is activated.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

The Website, App and Browser Extension are not intended for children and we do not knowingly collect personal data relating to children.

How we collect personal data

We collect information about you in the following ways:

Directly from you by email, phone, the Website, App, Browser Extension or otherwise:

  • If you scan one of our QR point of sale items in a store.
  • if you submit forms on the Website or Browser Extension.
  • if you share a code or other promotion.
  • if you contact us for any reason.
  • if you enter one of our competitions.
  • if you complete our surveys.
  • if you otherwise interact with our services.
  • Where we obtained your personal data

How we use personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where it is necessary for our legitimate interests in conducting and managing our business including to enable us to provide you with best service and experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us using the details below.
  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email, the use of cookies and similar technologies and access to your device’s location details. You have the right to withdraw consent to marketing email at any time by unsubscribing to our mailing list, either on the emails sent or sending an email to

We use information held about you in the following ways:

  • to ensure that content from our service is presented in the most effective manner for you and your device.
  • to provide you with information, products or services that you request from us or which we feel may interest you.
  • to carry out our obligations arising from any contracts entered into between you and us.
  • to allow you to participate in competitions and surveys
  • to notify you about changes to our service.
  • to report aggregate information to our business users. This is statistical data about our users’ actions and patterns.
  • to estimate our audience size and usage pattern.
  • to store information about your preferences, and so allow us to customise our service according to your individual interests.
  • to recognise you when you return to our Website or Browser Extension.
  • to gain understanding and insights about the nature of our audience and how they interact with our products and services.
  • to detect and prevent potential fraudulent or other activity in breach of our terms and conditions.

Third parties collecting your data through cookies or other similar technologies referred to above may use the information to provide you with interest-based (behavioural) advertising or other targeted content.

Disclosure of personal data

We may share your personal data with the third parties set out below for the purposes set out in this privacy notice:

External third parties such as:

  • Service providers who provide IT and system administration services, email service providers, customer services and other support services which allow us to run the business.
  • Merchants who we promote on the Website or Browser Extension.
  • Affiliate networks to track sales originating from our service.
  • Professional advisers acting as processors including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances.

Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Automated decisions

We do not use your personal data for making any automated decisions that would have a significant impact on you.

Recipients of your Data

In pursuance of our commercial purposes we will transfer your personal data to some or all of the following categories of recipients/industries:

  • Hotels and Restaurants
  • Café’s and coffee shops
  • Eateries
  • Gyms
  • Beauty salons
  • Hair salons & Barber shops
  • Spas
  • Health & Wellness stores
  • Retail stores
  • Convenience stores
  • Retail Trade; Repair of Motor Vehicles and Goods
  • Real Estate, Renting and Business Activities

Direct mailings and unsubscribing

Where you have consented to receive marketing communications from us, we will send you emails containing our latest codes, deals and promotions that we feel may interest you.

You may withdraw your consent for email marketing communications (i.e. unsubscribe) at any time using one of the following methods:

  1. Click the “Unsubscribe” link in a marketing communication email we send you.
  2. You may also withdraw your consent by emailing our support team at

Please allow two working days for this instruction to take effect in all of our systems.

Other Transfers

Your data is not transferred internationally by us. It may be disclosed to international organisations with offices within the European Economic Area only. These organisations will be subject to an adequacy decision pursuant to Article 45 from the European Commission.

Your personal data is stored on our secure, UK based network, which meets internationally recognised security standards.

Data Retention Period

Your data will be retained in a form that permits identification of the individual for no longer than is necessary for the purposes for which it was processed.


We do not conduct specific profiling or automated decision-making processes on your data. We will use it to generate market intelligence analysis and general statistical analysis. These processes will not have any foreseeable legal affects concerning you.

IMPORTANT – Your Rights

Access – Firstly you have the right to access your personal data (a Data Subject Access Request). You will need to prove your identity to us in order for us to provide you with access to the personal data we are processing.

Rectification – If your personal data is inaccurate, you have the right to have it rectified.

Erasure – Under certain conditions you have the right to have your personal data erased from our database, (the right ‘to be forgotten’).

Restriction – You can suppress the processing of your personal data. This might be applicable where you do not object to us holding it, but you do not agree to it being processed in certain way/s.

The Right to Object – Where a data controller processes your personal data because they have legitimate interests to process it where your consent has not been obtained vis-à-vis that processing, you may object to that processing.

Data Portability – If you provided us with your personal data directly, and we are processing that data in a digital format, based on your consent or under a contract between us, you have the right to request a machine-readable copy of the personal data we are processing.

Automated Individual Decision-Making or Profiling – You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects you. This applies to processes without human intervention. As mentioned above, this does not apply to the processing of your personal data by ScanExtras in this instance.

Objecting to Processing

If you do not want ScanExtras, or its recipients as listed above to process your personal data as explained above, you may exercise your rights to object or to erasure. you can do this by contacting the DPO at the above email address at any time, and we will comply with your request in accordance with the relevant provisions of the GDPR.

Making a Complaint

You have the right to lodge a complaint with the Supervisory Authority, which in the UK is the Information Commissioner’s Office (ICO). Full details can be found on the ICO’s website

Changes to this Privacy Notice

Any changes we may make to our privacy notice in the future will be posted on this page. You can obtain a historic version of this privacy notice by contacting us using the details above.