Security & Privacy Policy

PIB Employee Benefits Limited is authorised and regulated by the Financial Conduct Authority, Firm Reference Number 300198. PIB Employee Benefits Limited is registered in England and Wales. Company Registration Number 02026964. Registered Office: Rossington’s Business Park, West Carr Road, Retford, Nottinghamshire, DN22 7SW. Part of PIB Group.

PIB Employee Benefits are committed to ensuring that your privacy is protected.

The Data Controller for your personal data on this site is University of Essex. If you don't have contact details for your Data Controller please visit the Help & FAQ page to contact our team who will be happy to help. PIB Employee Benefits Limited has been appointed as the Data Processor for this site who are a subsidiary of PIB Group Limited who are likewise a Data Processor. Where PIB Employee Benefits Limited engage with you for FCA regulated activities we are an independent Data Controller.

1. Introduction

This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we'll store and handle that data, and keep it safe.

We know that there's a lot of information here but we want you to be fully informed about your rights, and how we use your data.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

It's likely that we'll need to update this Privacy Notice from time to time. We'll notify you of any significant changes, but you're welcome to come back and check it whenever you wish.

2. The legal bases we rely upon

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, the ones that we use for your data are:

Legitimate interests

In specific situations, our clients, the Data Controllers, require us to process your data to pursue their legitimate interests in a way which might reasonably be expected to offer you our services. We take great care to ensure this does not materially impact your rights, freedom or interests.

For example:

  • Once you have selected your employee benefits, we will need to pass your details on to the benefit provider.
  • In order for you to take up the offers on our Discounts page, we pass on your details to our discounts partner.
  • If you order an item from one of our offers, we'll collect your payment and address details for the provider to fulfil your purchase.
  • To protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account.

Consent

In specific situations, we can collect and process your data with your consent.

For example:

  • In order to create an account to order a gift card

3. Your individual rights

The GDPR provides the following rights for individuals:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

4. The information we collect and how we use it

4.1 Processed for specified, explicit and legitimate purposes

We only process personal data for the specific purposes set out in this Policy (or for other purposes expressly permitted by the Regulation). We will only collect and process personal data for and to the extent necessary for the specified purpose(s).

4.2 Registration

When you register to use our site we will request information from you including your name and e-mail address. We may also request other limited information about you such as your date of birth or your payroll ID to verify your identity. We use these details to protect your account and ensure the details we have for you are correct. Our Customer Services team may ask you for some of these details to verify who you are when you contact us. We, our agents and subcontractors may check some of the information that you provide to us against third party databases to confirm that it is accurate.

We gather and use this information to allow us to process your registration and provide you with our services. We, our agents and subcontractors, partners and third parties that provide services to you may also use this information to communicate with you on any matter generally relating to the provision of our services. We do not capture any special category data.

Any calls that you make to our Customer Services team may be recorded and the information obtained used for the purposes of our business management, training and security. You will always be able to see and amend the registration information we hold about you by contacting us at PIB Employee Benefits Limited, Rossington’s Business Park, West Carr Road, Retford, Nottinghamshire, DN22 7SW. Or visiting your Profile page in 'My Account'.

5. Privacy and Cookies

We may pass your personal data on to third-party service providers contracted to PIB Employee Benefits Limited. Any third parties that we may share your data with are obliged to keep your details secure, and to use them only to fulfil the service they provide you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with their procedures.

5.1 Our use of information gathering technologies

Website Analytics

We use analytics technologies to monitor usage of the website and report on website trends. The information recorded includes the address of pages that you visit, and the date and time of the visit.

We use this information for the purpose of evaluating use of the website on an aggregate basis, compiling and publishing summary reports on website activity to customers who have licensed the software provided via the website.

Cookies

Like most websites, this website uses cookies to store specific information about you and ensure a seamless transition between website pages.

What is a cookie?

A cookie is a small text file that is sent to your browser and stored on your computer's hard drive when you visit a website. Each time you use the same computer to access the website, our web servers will be notified of your visit, and in turn we may have knowledge of your visit and the pattern of your usage.

What types of cookies does the website use?

Some cookies are essential for the operation of our website. For example, when you log in, a cookie will help us recognise you as an existing user and show you the right information. If you choose to block them, some aspects of the site may not work for you.

The following cookies are used on this website

Cookie Name Type Expiry Description
ASP.NET_SessionId Session Essential At end of session Used to maintain your session with the website.
.ASPNETAUTH Session Essential At end of session Used to maintain your secure session with the website.
YawCookieConsent Functionality Essential 3 months We will use this persistent cookie to track if you have accepted that we use cookies on this site.
7E732B3631 Functionality Essential 30 days We use this cookie to save an optional persistent identifier so that the website can remember your user name between visits.
zlcmid Performance Essential 1 hour since last request We use Zopim to provide live customer service chat. This cookie stores the Live Chat ID to identify the device during visits.

What kind of information is stored in the cookies?

Our cookies do not contain any personal information such as names, emails or credit card numbers.

How do I disable cookies?

Most web browsers allow you to refuse to accept cookies. You can also delete cookies already stored on your computer. You can find more information on how to control and remove cookies for the various versions of different browsers at https://ico.org.uk/your-data-matters/online/cookies/.

Blocking cookies will have a negative impact upon the usability of some websites.

6. How we protect your information

We have implemented appropriate technical and organisational measures to secure against the loss of personal data or against any form of unlawful processing. Our web pages and emails are secured using Transport Layer Security (TLS), based on Secure Sockets Layer (SSL), a security protocol that provides communications privacy over the Internet in a way that is designed to prevent eavesdropping, tampering, or message forgery.

Only employees who need to access information about customers and their use of the system to perform their work are granted access to personal identifiable information.

We take security issues very seriously and abide by strict internal standards. We know how much data security matters to all our customers. With this in mind, we will treat your data with the utmost care and take all appropriate steps to protect it.

We secure access to all areas of our website using HTTPS technology. Access to your personal data is password-protected and secured by TLS/SSL encryption during transmission and at rest.

We regularly monitor our system for possible vulnerabilities and attacks, and we carry out regular vulnerability scanning to identify ways to further strengthen security.

You should ensure you keep your password confidential and remember to sign out when not using the site to prevent unauthorised access.

7. What are your rights over your personal data?

An overview of your different rights

You have the right to request:

  • Access to the personal data we hold about you, free of charge in most cases.
  • The correction of your personal data when incorrect, out of date or incomplete.
  • That we stop using your personal data for direct marketing (either through specific channels, or all channels).
  • That we stop any consent-based processing of your personal data after you withdraw that consent.

You can contact us to request to exercise these rights at any time as follows:

To ask for your information please email Customer Services.

To update any of your details, please log on to the site and update your personal information in the "My Account" section. Alternatively, you may let us know the correct details by sending a letter to PIB Employee Benefits Limited, Rossington’s Business Park, West Carr Road, Retford, Nottinghamshire, DN22 7SW.

If we choose not to action your request, we will explain to you the reasons for our refusal.


Our Data Protection Officer

PIB Employee Benefits Limited is a subsidiary of PIB Group Limited.

Our Data Protection Officer can be contacted directly here:

Data Protection Officer
PIB Group Limited
1 Minster Court
Mincing Lane
London, EC3R 7AA
dpo@pib-insurance.com
0330 058 9700


Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.

We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request. To unsubscribe from our marketing emails please visit your profile page and turn off your subscriptions.

Checking your identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.

8. How long will we keep your personal data?

Whenever we collect or process your personal data, we'll only keep it for as long as is necessary for the purpose for which it was collected.

At the end of that retention period, your data will either be deleted completely or anonymised, so that it can be used in a non-identifiable way for statistical analysis and business planning.

Some examples of customer data retention periods:

Orders

When you place an order, we'll keep the personal data you give us for seven years so we can comply with our legal and contractual obligations. In the case of certain products, such as electrical and nursery items, we'll keep the data for 10 years.

Inactive accounts

If you’re flagged as a leaver, your details will be flagged as inactive. We’ll delete or anonymise the personal data associated with it 6 months later.

Child Care Voucher accounts

Your details are kept for 7 years after you ask for the account to be closed because of HMRC reporting requirements.

9. Sale of business

In the event that our business is sold or integrated with another business (such as in a joint venture arrangement) the details we have about you may be disclosed to our advisers and any prospective purchasers’ advisers and will be passed on to the new owners of the business.

10. Contacting the Regulator

The Company’s data protection registration is available to view on the ICO Data Protection Register.

In the event that you wish to make a complaint about how your personal data is being processed by PIB Employee Benefits Limited (or third parties), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and University of Essex's data protection representatives. If you do not have the contact details for University of Essex please contact Customer Services.

This notice was last updated on 5th April 2024

Summary of updates

5th April 2024

This policy has been updated to reference PIB Employee Benefits Limited.

19th August 2021

This policy has been updated to reflect changes to our Gift Card Store Process and to update addresses and links.

10th May 2018

This policy has been updated to include changes we have made to comply with the General Data Protection Regulation which came in to force on May 25th 2018