Legals 
PRIVACY POLICY
PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE DOWNLOADING, INSTALLING OR USING THE CARROT APP. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, DO NOT DOWNLOAD OR USE THE CARROT APP.
1. WHO WE ARE
This Privacy Policy, together with any User Document (together, the “Agreement”) constitute a legal agreement between you (“customer” or “you”) and Carrot Company Limited of 1518 S Chapman Rd, Greenacres, WA 99106, USA (“Carrot” or “us” or “we”) in relation to the Carrot App, the Carrot Website, the Partner Portal, and all other Carrot Services.
This Privacy Policy applies to your use of the Carrot App, the Carrot Website, the Partner Portal, and all other Carrot Services. This Privacy Policy and our other User Documents are available on our website at https://www.meetcarrot.xyz/legals/.
By way of the Terms of Service (https://www.meetcarrot.xyz/legals/) Carrot has granted Carrot Users a non-exclusive, royalty-free licence to use and download the Carrot App. By way of the Partner Terms and Conditions (https://www.meetcarrot.xyz/legals/) Carrot has granted Partners a non-exclusive, royalty-free license to use the Partner Portal and the Partner App.
To provide for your use of the Carrot App, the Carrot Website, the Partner Portal, the Partner App and all other Carrot Services and to promote our business, we will need to collect and process certain person information about you.
2. WHAT THIS PRIVACY POLICY DOES
2.1 This Privacy Policy explains what information we collect about you, why we collect that information, how we may use that information, and the steps we take to ensure that it is kept secure.
2.2 Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
2.3 We, Carrot Company Limited, are the data controller of any personal data collected by us through your use of the Carrot App.
3. DATA PROTECTION OFFICER and WITHDRAWING CONSENT
For more information on Carrot’s data protection policies, please see our Cookies Policy at https://www.meetcarrot.xyz/legals/.
To discuss, complain, or enquire about Carrot’s use of personal data, please contact us by way of email at: support@meetcarrot.com
3.1 Once you provide consent, you may change your mind and withdraw consent at any time by contacting our data protection officer but that will not affect the lawfulness of any processing carried out before you withdraw your consent.
4. DEFINITIONS
| **Carrot | |
| Account** | the Carrot App account in a Carrot User’s name, associated with the payment card(s) linked by the Carrot User, the log in and access to which is limited to that specific Carrot User |
| **Carrot | |
| App** | the mobile application created, managed, operated and owned by Carrot Company Limited or its successors, agents, employees, or contractors with which a Carrot User may hold a Carrot Account to, for example and without limitation, earn Carrot Rewards |
| **Carrot | |
| Offer** | a promotional offer in the form of a cashback percentage (%) amount created and presented by Carrot on the Carrot App for a Carrot User, or several Carrot Users as the context may require, to generate, for example and without limitation, Carrot Rewards through the completion of Qualifying Transactions |
| **Carrot | |
| Services** | the features and benefits of the Carrot App and the Partner Portal and the Carrot Website and the Carrot App and all other Carrot services provided to a Carrot User and/or a Partner by Carrot Company Limited or their successors |
| **Carrot | |
| Rewards** | an amount shown in a Carrot User’s Carrot App wallet screen generated subsequent to the completion of a Qualifying Transaction by a Carrot User which represents the amount that the Carrot User can claim in a cash reward from Carrot subject to the terms of the Carrot End User License Agreement (EULA) |
| **Carrot Rewards | |
| System** | the process and scheme through which Carrot Offers are created and presented and through which, for example and without limitation, Carrot Rewards are generated for Carrot Users |
| Carrot User | an individual who has created and keeps active a Carrot Account |
| Carrot Website | the online website available at https://www.meetcarrot.xyz |
| Loyalty Scheme | the Carrot loyalty scheme operated by a Partner |
| ** | |
| Partner** | a business that has been accepted by Carrot to hold an account on the Partner Portal and who continues to use the Partner Portal and/or other relevant Carrot goods, products and services and with whom Carrot Users may make Qualifying Transactions and Qualifying Transactions (Loyalty) to earn, for example and without limitation, Carrot Rewards |
| **Partner | |
| App** | the mobile application created, managed, operated and owned by Carrot Company Limited or its successors, agents, employees, or contractors which a Partner may download and use |
| **Partner | |
| Portal** | the website created, managed, operated and owned by Carrot Company Limited or its successors, agents, employees, or contractors with which a Partner may hold an account |
| **Partner Terms and | |
| Conditions** | the agreement between Carrot and a Partner as applicable in accordance with Section 12 (‘THE PARTNER AGREEMENT’), of the Terms of Service, therein and setting out, amongst other things, the terms upon which Partners may use the Carrot Services |
| Privacy Review Date | the date on which this Privacy Policy will be reviewed |
| **Qualifying | |
| Transaction** | a purchase of goods or services made by a Carrot User from a Parnter using a payment card linked to the Carrot App and for which a Carrot Offer applies |
| **User | |
| Documents** | the Carrot Codes of Conduct, the Carrot End User Licence Agreement, the Carrot Data Retention and Destruction Policy, the Carrot Cookies Policy and this Privacy Policy |
5. THE DATA WE COLLECT ABOUT CARROT USERS AND Partners
5.1 We may collect, use, store and transfer different kinds of personal data about Carrot Users as follows:
(a) Identity Data such as your name, date of birth, gender identity, address, nationality, and your friend connections on the Carrot App
(b) Contact Data such as your personal email address, academic email address, and mobile phone number
(c) Academic Information such as your educational institution, year of study and course length
(d) Financial Data such as your bank name, sort code, and account number
(e) Transaction Data such as the date, time, currency, card ID, location information, amount, the identity of the Partner, the nature of the purchase, the description of each transaction, and the method of payment ( e.g. contactless, chip and pin), all relating to all of your purchases of goods and services as relating to the Carrot Rewards System
(f) Technical Data including online identifiers such as internet protocol (IP) address, type of device you use, mobile network information, browser information, operating system, server logs, language, and Carrot App settings
(g) Profile Data such as your Carrot App username and password, user credentials, your most used features, rewards redeemed using the Carrot App, preferences, feedback, user ID
(h) Location Data including a unique identifier for your mobile device. In some instances, location information can be derived from your IP address or through your wi-fi connection
5.2 We may collect, use, store and transfer different categories of personal data about Partners as follows:
(a) Identity Data such as your business contact/representative name, business contact/representative name at owning/parent business
(b) Contact Data such as your work email address and phone number, work email address of owning/parent business
(c) Business information such as the name of your owning/parent business
(d) Account information such as your Partner Portal login email and password, user credentials, your most used features, feedback
(e) Financial Data such as your bank name, sort code and account number
(f) Technical Data including online identifiers such as internet protocol (IP) address, type of device you use, browser information, operating system, server logs, language, and Partner Portal or Partner App settings
the items in this Clause 5.2, together with the items in Clause 5.1 above, “personal data”.
6. AGGREGATED DATA AND PROFILING
6.1 You acknowledge that as part of Carrot’s processing of your personal data for the purposes of providing the Carrot App or Partner Portal or Partner App or other Carrot Services, Carrot may use profiling to analyse or predict aspects of your use, requirements or behaviour relating to the Carrot App or Partner Portal or Partner App or other Carrot Services to deliver you a best personalized service. This profiling does not result in automated decision making which would produce legal effects to you or would have any significant consequences.
6.2 You also acknowledge that we may collect, use, and share Aggregated Data (as defined below) such as statistical or demographic data for any purpose.
6.3 Whilst Aggregated Data may be derived from your personal data, Aggregated Data is not personal data in law as Aggregated Data cannot be used to determine your identity, either directly or indirectly (“Aggregated Data”).
6.4 An example of Carrot’s use of Aggregated Data is that Carrot may aggregate the transaction data of a Carrot User with the transaction data of other Carrot Users to determine the percentage of Carrot Users that purchase from a particular Partner, and the average spend with that Partner. This Aggregated Data may then be shared with that Partner.
6.5 However, if we combine or connect your Aggregated Data with your personal data so that it may directly or indirectly identify you, we will treat the combined data as personal data and the relevant terms of this Privacy Policy shall apply to the combined data.
7. SPECIAL DATA
We do not collect any Special Categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
8. HOW WE COLLECT YOUR PERSONAL DATA
8.1 We will collect and process the following data about you:
(a) Information you give us. This is information (including identity, contact, financial, and marketing and communications data) you consent to giving us about you by filling in forms on the Carrot App, Partner Portal, the Carrot Website, the Partner App or other Carrot Services, or by corresponding with us (for example, by email or using a digital communications feature). It includes information you provide when you register to use the Carrot App or Partner Portal or Partner App or other Carrot Services, download or register on the Carrot App or Partner Portal or Partner App or other Carrot Services (such as information collected in your on boarding forms), share data via the Carrot App, Partner Portal, Partner App, Carrot Website, or other Carrot Services’ social media functions, and when you report a problem with the Carrot App, Partner Portal, Partner App, the Carrot Website, or other Carrot Services.
(b) Information collected through your communications. We collect the content of all communications between yourself and us, this may include the recording of any telephone calls.
(c) Information we collect about you and your device. Each time you visit the Carrot Website, the Partner Portal, or use the Carrot App or the Partner App or other Carrot Services, we will automatically collect technical data and usage data. We collect this data using cookies and other similar technologies. Please see our cookie policy https://meetcarrot.xyx/legals for further details.
(d) Location Data. We also use GPS technology and/or your Transaction Data to determine the current location of Carrot Users. The Carrot App requires access to your location data to provide you with details and offers at a proximate Partner.
(e) Information we receive from other sources including third parties and publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
i. analytics providers such as Google and Facebook. Carrot will access the transaction data and financial data of Carrot Users through our data service provider, Fidel Limited;
ii. the third-party account provider used to login into the Carrot App, including Facebook, and/or Apple;
iii. in relation to Carrot User’s, contact, financial and transaction data from providers of technical, payment and delivery services such as your bank; and
iv. identity and contact data provided by your educational establishment to verify Carrot Users’ student status.
9. HOW WE USE YOUR PERSONAL DATA AND THE LEGAL BASIS
9.1 We will only use your personal data where there is a legal basis for such use.
9.2 The legal bases we rely on for processing your personal data are:
(a) Consent: we will obtain your consent to use your personal data wherever necessary.
(b) Legitimate Interest: we will use your personal data where we have a legitimate interest, this is where we use your personal data in a way that you would reasonably expect.
(c) Obligation: where we need to use your personal data to comply with our legal obligations.
(d) Contract: to enter or perform a contract with you.
9.3 We will use your personal data for the following business purposes, on the following legal basis:
(a) We may use your personal data in communicating with you, including notifying you of updates to the Carrot App or the Partner Portal or the Partner App or other Carrot Services.
- The legal basis for this is to comply with our legal obligations with you and legitimate interest.
(b) We will also use your personal data in communications related to any claim or complaint regarding your use of the Carrot App or the Partner Portal or the Partner App or other Carrot Services.
- The legal basis for this is to comply with our legal obligations with you and your consent.
(c) We may use your personal data in verifying your identity and/or academic status, both during the on boarding process, and afterwards.
- the legal basis for this is to fulfill our contract with Carrot Users and legitimate interest.
(d) We may use any part of your personal data to administer, provide, operate, improve, and manage your use of the Carrot App or the Partner Portal or the Partner App or other Carrot Services.
- the legal basis for this is to fulfill our contract with you and legitimate interest.
(e) We may use Carrot Users’ financial and transaction data to update your Carrot App profile, and to inform your Carrot App friend connections that you have visited a specific Partner. This feature will be automatically disabled on the Carrot App and must be enabled by you.
- the legal basis for this is your consent.
(f) We may use your financial data and transaction data to track Carrot Users’ transactions, and to receive, process, provide and inform you of Carrot Offers which we believe are most relevant to you.
- the legal basis for this is to fulfill our contract with you and legitimate interest.
(g) We use your financial data to make payments you validly request to your nominated bank account.
- the legal basis for this is to fulfill our contract with you and legitimate interest.
(h) We may use your location data to notify you of Carrot Offers that are available near to your location. This feature will be automatically disabled on the Carrot App and must be enabled by you.
- the legal basis for this is your consent.
(i) We may reconcile your Transaction Data and/or Technical Data and/or Location Data and/or Profile Data with Carrot Offers to identify Qualifying Transactions and Qualifying Transactions (Loyalty) in order to calculate the Carrot Rewards and other benefits to which you are entitled.
- the legal basis for this is to fulfill our contract with you.
(j) We may use your transaction data and/or financial data to monitor purchases and transactions for the purpose of fraud prevention and anti-money laundering.
- the legal basis for this is to fulfill our contract with you and legitimate interest.
(k) We may use your personal data in any communications with or by you made on or via the Carrot App or Partner Portal or the Partner App or other Carrot Services including but not limited to likes, comments, chats, and other response systems to optimise the Carrot Offers that are notified to Carrot Users. We will also monitor the Carrot App social chat feature to ensure compliance with the Carrot Codes of Conduct and the other User Documents.
- the legal basis for this is to fulfill our contract with you and your consent.
(l) We may use analytics provided by third parties such as Facebook, Google, or Apple to suggest additional features of the Carrot App, such as Carrot App friend suggestions.
- the legal basis for this is to fulfill our contract with Carrot Users and Carrot Users’ consent.
(m) We may use technical data to provide you with third party-serviced (e.g. Google) push notification and dynamic links features of the Carrot App.
- the legal basis for this is legitimate interest.
(n) We may use technical data and/or profile data (e.g. our reconciliation of your user ID with Google’s Firebase Crashalytics service) to provide you with third party-serviced (e.g. Google) performance and crash optimisation for the Carrot App.
- the legal basis for this is to fulfill our contract with you.
(o) From time to time, you may participate in a survey or provide us with feedback or otherwise engage with us in ways that, in combination with other data we hold, may be included in your profile data.
- the legal basis for this is your consent.
(p) We may use combined identity, contact, profile, transaction, financial, technical, usage data, and other categories of personal data, as applicable, to tailor features of the Carrot App and/or Partner Portal and/or Partner App and/or other Carrot Services to you, as well as to tailor the marketing, communications to you to optimise and make more relevant, your use of the Carrot App and/or Partner Portal and/or Partner App and/or other Carrot Services.
- the legal basis for this is to fulfill our contract with you and legitimate interest.
9.4 We will only send you direct marketing communications by email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us.
9.5 We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
10. CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES
10.1 We keep our privacy policy under regular review.
10.2 This version was last updated on 19 August 2021. It may change and if it does, these changes will be posted on the Carrot Website and, where appropriate, notified to you when you next open the Carrot App, Partner Portal, Partner App, Carrot Website, or other Carrot Services. The new policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of the Carrot App, Partner Portal, Partner App, Carrot Website, or other Carrot Services.
10.3 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
11. COOKIES
11.1 We use cookies to distinguish you from other users of the Carrot App, Partner Portal, Partner App, Carrot Website, or other Carrot Services and to remember your preferences. This helps us to provide you with the best experience possible when you use the Carrot App, the Partner Portal, the Partner App, browse the Carrot Website or use other Carrot Services and allows us to improve the Carrot App, the Partner Portal, the Partner App, the Carrot Website and other Carrot Services.
11.2 For detailed information on the cookies we use, the purposes for which we use them and how you can exercise your choices regarding our use of your cookies, see our Cookies Policy.
12. DISCLOSURE OF PERSONAL INFORMATION
12.1 When you consent to providing us with your personal data, we will also ask you for your consent to share your personal data with the third parties set out below:
(a) Educational establishment(s) to verify your registration status with such establishment(s).
(b) Third party service providers who perform support services for the Carrot App or Partner Portal or Partner App or Carrot Website or other Carrot Services. This may include internet service providers, data analytics providers and advertisement and marketing service providers, IT service providers and administrators.
(c) Third party legal advisors and regulatory authorities, where it is necessary to share such personal information for the purpose of Carrot’s compliance with legal obligations.
(d) Professional advisers including lawyers, bankers, auditors, and insurers based in the EEA who provide consultancy, banking, legal, insurance and accounting services.
(e) Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
12.2 We will also ask you for your consent to share payment card information relating to any payment cards that you link with us with Mastercard Europe S.A. and its affiliated companies (“Mastercard”), American Express Payment Services Limited and its affiliated companies (“Amex”), and Visa Europe Services Inc. and its affiliated companies (“Visa”). Mastercard, Amex, and/or Visa will monitor your transactions on any cards that you link with us. If you choose to register a payment card in connection with transaction monitoring, you authorise Carrot to share your payment card information with Mastercard, Amex, and/or Visa so they know you enrolled. You authorise Mastercard, Amex, and/or Visa to monitor transactions on your registered payment card(s) to identify qualifying purchases, and for Mastercard, Amex, and/or Visa to share Transaction Data with Carrot to enable your card-linked offer(s) to be implemented, and to target other offers that may be of interest to you. You may opt-out of transaction monitoring on the payment card(s) you have registered by using the opt-out functionality in the Carrot App.
13. INTERNATIONAL TRANSFERS
13.1 We do not transfer your personal data outside the United States of America.
14. DATA RETENTION
14.1 Details of retention periods for different aspects of your personal data are available in our data retention policy which can be accessed at the following link: https://www.meetcarrot.xyz/legals/.
14.2 By law we must keep basic information about our Carrot Users and Partners including contact, identity, financial and transaction data, as applicable, for six years after they cease to be Carrot Users for tax purposes.
14.3 In some circumstances you can ask us to delete your data: see your legal rights at Clause 15 below for further information.
14.4 In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
14.5 If you do not use the Carrot App for a period of six years, then we will treat your Carrot Account as expired and your personal data may be deleted.
15. Data security
15.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. As security is so important to us, we use TLS v1.3 certification to ensure your data is secure. We have put in place internal procedures which deal with any suspected data breach and conform us to the ISO 27001 security standard. We will notify you and any applicable regulatory body of a breach where we are legally required to do so.
16. Your legal rights
16.1 You have the right to:
(a) Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
(b) Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
(c) Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
(d) Object to processing of your personal data. Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
(e) Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
-
if you want us to establish the data's accuracy;
-
where our use of the data is unlawful, but you do not want us to erase it;
-
where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
-
you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
(f) Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
(g) Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Please complete this form to submit a data subject rights request (DSRR).
Carrot is a trade name of Carrot Company Limited. Carrot is registered in the United States of America whose registered office is at 1518 S Chapman Rd., Greenacres, WA 99106, USA.
These Terms were last updated on October 24, 2022.