Privacy and Cookies Policy

Last Updated: 06 June 2021
At Oneworld, we are working hard to serve shoppers a little better every day. Looking after the personal data members share with us is a hugely important part of this. We want members to be confident that their data is safe and secure with us, and that members understand how we use it to offer them a better and more personalised shopping experience.
We reserve the right to change this policy at any time, so please check back regularly to keep informed of updates to this policy.

What this policy covers

The data controller (who determines the purpose and manner in which membersā€™ personal data is used) is Loyalty Oneworld (Mauritius) Ltd (referred to in this policy as ā€œweā€ or ā€œusā€).

We are committed to doing the right thing when it comes to how we collect, use, and protect membersā€™ personal data. That is why we have developed this privacy and cookies policy (ā€œPolicyā€), which:

  • Sets out the different ways members interact with us and the types of personal data that we collect
  • Explains the reasons why we use the data we collect
  • Explains when and why we will share personal data within the Oneworld ecosystem and with other organisations
  • Explains the rights and choices members have when it comes to their personal data

We offer a wide range of products and services, so we want members to be clear about what this Policy covers. This Policy applies to members if they use our services (referred to in this Policy as ā€œour Servicesā€).

Using our Services means:

  • Being a member of the Oneworld loyalty scheme (ā€œOneworldā€)
  • Shopping with us over the phone, online (including kiosks in any Oneworld Partner stores), or using any of the websites (ā€œour Websitesā€) or mobile applications (ā€œour Mobile Appsā€) where this Policy is posted
  • Interacting with us if a member contacts us or we contact a member regarding our Services

Notes

  1. Parts of this Policy also apply to our partnersā€™ store CCTV systems where they capture footage of members.
  2. Some other parts of our business, Oneworld Group companies, and Oneworld partners may need to collect and use personal data to provide members with their products and services and for certain other purposes. They have their own privacy policies that explain how they use a memberā€™s personal data.
  3. Our Websites or Mobile Apps may contain links to other websites operated by third parties that have their own privacy policies. Please make sure you read their terms and conditions and privacy policies carefully before providing any personal data, as we do not accept responsibility or liability for websites of other organisations.

Personal data we collect when we interact with a member

This section tells you what personal data we may collect from a member when a member use our Services and what other personal data we may receive from other sources.

Types of data

Aggregated data
We do not keep personal data we do not need. If we remove enough personal data it becomes anonymous. This means that a member cannot be identified. We might also take data we hold and remove certain information and replace it with other non-identifying information such as ID number or reference number. This is an extra technique we use to protect data. We normally use these techniques to look at large amounts of individuals customers. This includes information that is statistical or demographic data.
Identity data This is information that helps us identify who is a member (e.g. his name, title or card number)
Contact data This is information that details how we can contact a member i.e his/her address, email or telephone number.
Financial data This is information about payment details.
Location data In some cases our apps might ask for memberā€™s location information to help better serve member. Member will be made aware at the time if we would collect this data.
Special category data This is special information that the law says is more sensitive (sometimes it is referred to as sensitive personal data) and it needs more protection. If we collect sensitive personal data in our interactions with a member (for example a member is making a complaint to us), this will be done with memberā€™s consent and its use made clear to member.
Transaction data This is information about memberā€™s purchase of a product or service from us. This includes when, where, what and how member purchased that item or service. It will also include where we sent that product or service and any Oneworld points or other benefits collected as part of the transaction.
Technical data This is information about memberā€™s device used to access our sites and apps. This could be information that identifies memberā€™s device, its operating system, internet address, memberā€™s login data; browser and plug-ins; location; where member came to our site from and where member leave to as well as how often a member visits. If a member use our in-store WIFI we will collect information about where and when he/she accessed our network; This is done via the use of cookies which is covered elsewhere in this notice.
User data This is information collected about a member as a user of our partnersā€™ stores, products and services more generally (compared to other types of data that relate to a member directly for us to deliver our specific service to the member). This may include where a member engage with Oneworld in a survey, provide feedback on his/her shopping experience, are captured by CCTV, or other camera technologies such as queue monitoring. We will also collect information about the member that allows us to create an analysis of the member as a consumer to better judge what products and services to offer in our partnersā€™ stores.
Interaction data This is information about how a member interact with our products and services, namely, what he/she clicks on and interact with on our sites and apps or products in partners ā€˜stores.
Marketing &communications data This is the memberā€™s marketing preferences and also his/her interaction with online marketing to be able to judge its effectiveness.

When a member registers for our Services

He/she may provide us with:
His/her personal details, including his/her region, email addresses, phone numbers, date of birth, NIC and title;
Information relating to his/her membership of any of our loyalty programmes;
His/her account login details, such as his/her username and the password that he/she has chosen. We may collect:
Identity data
Contact data
Financial data
Technical data
User data
Marketing and communications data

When a member shops with us online or browse our Websites or use our Mobile Apps

We may collect:
Information about memberā€™s online purchases (for example, what a member has bought, when and where he/she bought it and how he/she paid for it);
Information about memberā€™s online browsing behaviour on our Websites and Mobile Apps and information about when he/she clicks on one of our adverts (including those shown on other organisationsā€™ websites);
Information about any devices a member has used to access our Services (including the make, model and operating system, IP address, browser type and mobile device identifiers). What type of data might be collected:
Identity data;
Contact data;
Financial data;
Transaction data;
Technical data;
User data;
Interaction data;
Marketing and communications data.

When a member use Oneworld card to shop with us, or use Oneworld vouchers or coupons

We may collect:
Transaction information, including the in-store and online purchases member earns Oneworld points for and how he/she uses his/her Oneworld card coupons and vouchers within the Oneworld ecosystem and/or with Oneworld Partners. What type of data might be collected:
Identity data;
Transaction data;
User data;
Marketing and communications data.

When you contact us or we contact you or you take part in promotions, competitions, surveys or reviews about our Services

We may collect:
Personal data the member provides about himself/herself anytime he/she contacts us about our Services (for example, his/her name, username and contact details), including by phone, email or post or when he/she speaks with us through social media;
Details of the emails and other digital communications we send to the member that he/she open, including any links in them that he/she clicks on;
His/her feedback and contributions to customer surveys or reviews. What type of data might be collected:
Identity data;
Contact data;
User data.

When a member visits Oneworld partnersā€™ stores

We may collect:
Footage of the member may be recorded on the CCTV systems. What type of data might be collected:
Identity data;
User data;
Interaction data.

Other sources of personal data

We may also use personal data from other sources, such as specialist companies that supply information, online media channels, our Retail Partners, and public registers. For example, this additional personal data helps us to:

  • Manage memberā€™s Oneworld account (including the allocation of points)
  • Review and improve the accuracy of the data we hold
  • Improve and measure the effectiveness of our marketing communications, including online advertising

Why we collect the data and why we are allowed to use it

This section explains in detail how and why we use personal data. We use personal data to:

Make our Services available to Oneworld members
This means that processing memberā€™s personal data allows us to:
Manage the accounts the member holds with us, including his/her Oneworld account
Process memberā€™s orders and refunds
Why do we process memberā€™s personal data in this way?
We need to process memberā€™s personal data so that we can manage memberā€™s accounts, provide with the goods and services he/she want to buy and help him/her with any orders and refunds he/she may ask for.
Why we are using this data?
Contractual Necessity ā€“ at the time we collect it:
Purchase &transaction data;
Contact details;
Profile details;
Delivery/collection details.
We will not be able to provide the member with his/her products or services if he/she does not provide us with this data.
Legitimate Interests –following fulfilment of memberā€™s order.

Manage and improve our day-to-day operations

Manage and improve our Websites and Mobile Apps Why do we process memberā€™s personal data in this way?
We use cookies and similar technologies on our Websites and Mobile Apps to improve customer experience. Some cookies are necessary so a member should not disable these if he/she want to be able to use all the features of our Websites and Mobile Apps. A member can disable other cookies but this may affect his/her customer experience.
Help to develop and improve our product range, services, stores, information technology systems, know-how and the way we communicate with a member
Why do we process memberā€™s personal data in this way?
We rely on the use of personal data to carry out market research and internal research and development, and to improve our information technology systems (including security) and our product range, services and stores. This allows us to serve Oneworld members better as customers.
Detect and prevent fraud or other crime Why do we process memberā€™s personal data in this way?
It is important for us to monitor how our Services are used to detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that our members can safely use our Services.
Why we are using this data?

    Contractual Necessity ā€“ at the time we collect it:
    • Purchase & transaction data
    • Contact details
    • Profile details
    • Delivery/collection details
    • We will not be able to provide you with products or services if you do not provide us with this data
    Legitimate Interests ā€“ following fulfilment of a memberā€™s order for the other personal data in that section

Personalising memberā€™s experience

Use memberā€™s online browsing behaviour as well as his/her in-store and online purchases (including Oneworld transactions) to help us better understand him/her as a customer and provide him/her with personalised offers and services. Why do we process your personal data in this way?
Looking at memberā€™s browsing behaviour and purchases allows us to personalise our offers and services for members. This helps us meet memberā€™s needs as a customer.
Provide member with relevant marketing communications (including by email, post or online advertising), relating to our products and services, and those of our suppliers, Retail Partners and the Oneworld ecosystem. As part of this, online advertising may be displayed on websites across the Oneworld ecosystem and on other organisationsā€™ websites and online media channels. We may also measure the effectiveness of our marketing communications and those of our suppliers and Retail Partners. Why do we process your personal data in this way?
We want to ensure that we provide members with marketing communications, including online advertising, that are relevant to their interests.
To achieve this, we also measure membersā€™ responses to marketing communications relating to products and services we offer, which also means we can offer them products and services that better meet their needs as a customer.
A member canā€Æchange his/her marketing choices, both when he/she register with us, and at any time after that. He/she also has choices when it comes to online advertising. We set outā€Æbelowā€Æhis/her choices when it comes to cookies, and how he/she can control his/her online behavioural advertising preferences. Why are we using this data?
Legitimate Interests.

Contact and interact with a member

Contact a member about our Services, for example by phone, email or post or by responding to social media posts that he/she has directed at us. Why do we process your personal data in this way?
We want to serve the member better as a customer so we use personal data to provide clarification or assistance in response to his/her communications.
Manage promotions and competitions a member take part in, including those we run with our suppliers and Retail Partners. Why do we process your personal data in this way?
We need to process memberā€™s personal data so that we can manage the promotions and competitions he/she choose to enter.
Invite a member to take part in and manage customer surveys, reviews and other market research activities carried out by the Oneworld Group and by other organisations on our behalf. Why do we process your personal data in this way?
We carry out market research to improve our Services. However, if we contact a member about this, he/she does not have to take part in the activities. If he/she tell us that he/she does not want us to contact him/her for market research, we will respect this choice. This will not affect his/her ability to use our Services or his/her Oneworld card.
Why are we using this data?
Legitimate Interests.

Claims

In order to resolve legal claims or disputes involving a member or us. Why do we process the memberā€™s personal data in this way?
For example if the member has any accident or there is an incident at our partnersā€™ stores. This could include medical reports.
Why are we using this data?
Bringing or defending legal claims

CCTV

To monitor the safety of our partnersā€™ stores in order to prevent and detect crime and anti-social behaviour.
If a member park in a Oneworld partnerā€™s car parks, we may utilise Automatic Number Plate Recognition Technologies (ANPR) to identify if memberā€™s vehicle has complied with parking rules. Where there is a security or claim incident involving a vehicle, we may use ANPR to assist in investigation into those incidents. Why do we process your personal data in this way?
In order to protect our business, the local community, customers and colleagues.

Why are we using this data?
Legitimate Interests.

Our Legitimate Interests in using your personal data

This section explains how and why we share personal data with other companies within the Oneworld Group.
Where we have mentioned above our use of your personal data is based on our ā€œlegitimate interestsā€, these are:

  • To service our customersā€™ needs, including delivering our products and services
  • To promote and market our products and services
  • To service membersā€™ accounts (such as your Oneworld account), manage complaints, and resolve disputes
  • To understand our customers, including their patterns, behaviours, likes, and dislikes
  • To protect and support our business, colleagues, customers, and shareholders
  • To prevent and detect anti-social behaviour, fraud, and other crimes
  • To test and develop new products and services, as well as improve existing ones

Sharing personal data with Retail Partners and Service Providers

This section explains how and why we share personal data with Retail Partners and Service Providers.
When we share personal data with these companies, we require them to keep it safe and adhere all of the GDPR, DPA and relevant regulatory requirements. We work with carefully selected partners that can provide customers with services that complement the One World offering and the partner will use the data in accordance with this purpose only. Members agrees for their data being shared and contacted in correlation to digital payment solutions and any other complementary offerings.

Retail partners

We work with a number of Retail Partners who:

  • Sell products through our services
  • Offer products, services, and/or the ability to earn points through Oneworld

Service Providers

  • Technology services
  • Storing, combining, and analysing data
  • Processing payments
  • Providing legal or other professional services
  • Delivering orders

Sharing personal data with other organisations

  • If the law or a public authority requires us to share the data, or for the administration of justice
  • If we need to share data to establish, exercise, or defend our legal rights (including sharing information to prevent fraud)
  • If we restructure, sell, or transfer our business (or part of it), for example in connection with a takeover or merger

How we protect memberā€™s personal data

  • We apply physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal data
  • We protect the security of information during transmission by encrypting it
  • We use computer safeguards such as firewalls and data encryption to keep data safe
  • We authorise access only to employees and trusted partners who need it to carry out their responsibilities
  • We regularly monitor our systems for potential vulnerabilities and attacks, and conduct penetration testing to further strengthen security
  • We request proof of identity before sharing a memberā€™s personal data with them

How long we use personal data for

  • Customer complaints and feedback: Deleted 3 years after the date of last communication
  • Research panel/market survey submissions: Deleted 3 years after creation
  • CCTV data: Deleted 1 month after creation
  • Health and safety records (e.g., incident reports): Deleted 7 years after creation
  • Personal data related to serious disputes (e.g., litigation): Deleted 7 years after the closure of the matter

Cookies and similar technologies

We and our partners use cookies and similar technologies, such as tags and pixels (ā€œcookiesā€), to personalise and improve customer experience as a member use our Websites and Mobile Apps and to provide him/her with relevantā€Æonline advertising. This section provides more information about cookies, including how we use them and how a member can exercise his/her choices about our use of cookies.

How we use cookies

Cookies are small text files containing a unique identifier, which are stored on computer or mobile device so that the device can be recognised when a person is using a particular website or mobile app. They can be used only for the duration of the personā€™s visit or they can be used to measure how the person interacts with services and content over time. Cookies help to provide important features and functionality on our Websites and Mobile Apps, and to improve customer experience. Cookies can also be used help us to detect fraudulent activity or to prevent security breaches and so we may record information about a device within the cookie.
When a member consents to cookies on our Services, these may be used to do the following:

  • Improve the way our Websites and Mobile Apps work Cookies allow us to personalise the experience and enable useful features for members.
  • Improve performance Cookies help us understand how our Websites and Mobile Apps are used. For example, they can tell us if a user receives error messages while browsing. The data collected is mostly aggregated and anonymous.
  • Deliver relevant online advertising, including via social media We use cookies to deliver advertising that is most relevant to members, both on our Websites and on third-party sites. These cookies may collect data such as IP address, referral websites, purchase history, or shopping basket contents. Members may see our adverts on our Websites, on other organisationsā€™ websites, or on social media. We may also combine cookie data with other data such as Oneworld card usage and in-store purchases.
  • Measure the effectiveness of marketing communications Cookies can show us if a member has seen a specific advert and how long ago. This allows us to measure campaign effectiveness and limit the number of times a member sees an advert. They also help us measure whether marketing emails we send have been opened.

Third parties operating through our Websites and Mobile Apps

Our key partners are listed below with information about the services they provide to us. This list is not exhaustive but it does include those partners with whom we have an established relationship and whose cookie technologies are most frequently deployed through our Services.
Measurement &Personalisation
To analyse how our services are used, including to test different content versions. This data may also be used to enable us to personalise our services and the marketing of our services. Adobe
Optimizely
Google
Integral Ad Science
Product recommendations
To enrich memberā€™s shopping experience by delivering personalised recommendations to him/her on some of our websites. Rich Relevance
Online marketing
To personalise Oneworld adverts shown to members via Oneworld and on other websites based on membersā€™ interactions with Oneworld. For example, by using data about memberā€™s transactions with Oneworld, what he/she has in his/her basket and the pages and products he/she looks at. We may also use Oneworld data to better personalise our marketing via our main data partner, Bramston &Associates. Bing
Google
Social media
To market to member via social media platforms and to enable social sharing and engagement on our websites. These companies may use membersā€™ data for their own purposes, including to profile and target members with other advertising. Facebook
Twitter
Instagram
WhatsApp

Commenting
To power commenting on our websites. Disqus
Delivering ads for our Retail Partners
To enable us to personalise and deliver online advertising on behalf of our Retail Partners. Google
Security of our websites and apps
To enable us to personalise and deliver online advertising on behalf of our Retail Partners. Akamai

Your choices when it comes to cookies

Web browser cookies A member can use his/her browser settings to accept or reject new cookies and to delete existing cookies. He/she can also set his/her browser to notify him/her each time new cookies are placed on his/her computer or other device. If a member choose to disable some or all cookies, he/she may not be able to make full use of our Websites. For example, he/she may not be able to add items to his/her shopping basket, proceed to checkout, or use any of our products and services that require him/her to sign in.
Mobile Apps
Cookies work differently on Mobile Apps as they are coded into the App itself and will use a unique identifier created by the mobile device for use for advertising activities. A user can turn off or reset this advertising identifier through his/her mobile deviceā€™s privacy settings.
Managing cookie preferences We use cookies to improve memberā€™s experience on our website. However, memberā€™s consent is needed for certain cookies before they can be used. Member can also choose which cookies he/she allow us to use, apart from essential cookies, which canā€™t be turned off.

Subject access rights

A member has the right to see the personal data we hold about him/her. This is called a Subject Access Request.
To comply with government guidance and enable our office colleagues to work from home, if you would like a copy of the personal data we hold about you, please email us at subjectaccess.request@oneworld.mu.

Other data protection rights

In relation to memberā€™s personal data, a member also have the right to:

  1. Have inaccurate information corrected ā€“ If he/she believes we hold inaccurate or missing information, he/she may let us know and we will correct it.
  2. Object to our use of it ā€“
    General objection: We will consider the memberā€™s objection to our use of his/her personal data. If, on balance, his/her rights outweigh our interests in using it, we will either restrict our use or delete it.
    Objection in relation to direct marketing: If a member makes such an objection, we will stop using his/her personal data for direct marketing purposes.
  3. Restrict our use of it ā€“ A member may restrict our use of his/her personal data in several situations, including (but not limited to):
  4. He/she has successfully made a general objection.
  5. He/she is challenging the accuracy of the personal data we hold.
  6. We have used his/her personal data unlawfully, but he/she does not want us to delete it.
  7. Have us delete it ā€“ A member may ask us to delete his/her personal data in several situations, including (but not limited to):
  8. We no longer need to keep the personal data.
  9. He/she has successfully made a general objection.
  10. He/she has withdrawn consent to us using the personal data (and we have no other grounds to use it).
  11. We have unlawfully processed the personal data.
  12. Have us transfer or ā€œportā€ a copy of it ā€“ Data portability is a memberā€™s right to obtain and reuse the personal information that he/she has provided to Oneworld for his/her own purposes across different services.
  13. Complain to the data protection regulator ā€“ We would like the chance to resolve any complaints a member has. However, he/she also has the right to complain to the Mauritius Data Protection Office about how we have used his/her personal data. Website: https://dataprotection.govmu.org