1. About this policy
Blackboard Deals Ltd is committed to protecting your privacy and handling your personal data in a transparent and lawful manner. This policy, written in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR), explains how we collect, use and process your personal data when you use the BlackBoard mobile application ("the App") and associated services.
2. Who we are
The entity responsible for processing your personal data is Blackboard Deals Ltd, who acts as the Data Controller.
3. Data we collect and why
We collect different types of personal data depending on whether you are an App User (a deal seeker) or a Venue Partner (a venue manager or staff member).
| Data Category | Examples Collected | Purpose | Lawful Basis |
|---|---|---|---|
| Identity Data | Name, email address, hashed password, Apple or Google sign in ID. | To create, manage and secure your App account and to prevent fraud. | Contractual Necessity |
| Location Data (crucial) | Precise geographic coordinates (GPS) or network based location data. | To provide the core value added service of finding local deals and displaying the map view in West London. | Explicit Consent (mandatory under PECR) |
| Transaction Data | Records of deals claimed, unique QR code generation records, timestamps and successful redemption logs validated by venue staff. | To fulfil the core service contract, measure platform liquidity and provide ROI metrics to venue partners. | Contractual Necessity and Legitimate Interest |
| Venue Partner Data | Venue name, address, business licence details, staff names, work emails and assigned roles. | To verify the commercial partner, manage B2B accounts and establish secure role based access to the deal posting and scanning tools. | Contractual Necessity |
| Usage Data | App activity, search queries, filter selections, language preference, crash reports and API latency data. | To troubleshoot faults, improve App performance and inform feature prioritisation. | Legitimate Interest (product improvement) |
| Marketing Data | Preferences regarding electronic marketing and notifications such as push messages. | To send you relevant information about new features or deals, in line with your PECR preferences. | Consent or Legitimate Interest (as applicable) |
4. Special compliance: explicit consent for location data
Important. Your location is the most sensitive thing we touch, and we treat it that way. We will only process your location data if you give us prior, explicit consent.
The law (PECR) is very strict regarding the processing of location data for a service like deal mapping.
To comply with this legal obligation:
- Default state: geo location services are switched off by default upon installation. They will only be activated when you actively engage the map feature or agree to location services.
- Transparency first: before we request consent, we will provide you with clear and specific information, separate from this main policy, detailing the types of location data we will be processing, the exact purpose (mapping local deals), how long we will keep the data and whether the data will be passed to a third party (for example a map provider) to fulfil the value added service.
- Opt in mechanism: consent requires a clear positive action from you (for example tapping "I Agree to Location Sharing") before the data is processed.
- Withdrawal: you can withdraw your consent at any time via the User App Permissions dashboard within the App settings or through your device's operating system settings.
5. How and why we share your data
We will not sell your personal data. We only share data when necessary to provide the App service, comply with the law or manage our business.
A. Data Processors (third parties for service fulfilment)
We use external companies to help us run the App (Data Processors). These may include providers for cloud hosting, crash logging, analytics and push notifications. We mandate that all Data Processors have a written contract with us (a Data Processing Agreement) that sets out exactly what they are permitted to do with your data and obliges them to keep it secure. This contract specifically covers location data of corporate users (Venue Partners and Staff) as well as the personal data of individual App Users.
B. Venue Partners (B2B transactional data)
We share only the aggregated, anonymised metrics necessary for a Venue Partner to understand the performance and ROI of their deals. For example, we confirm to a Venue Partner that a QR code redemption was validated, but we do not share the Identity Data of the App User who redeemed it.
C. Legal compliance
We may disclose your data if required by law, court order or governmental authority (for example the Information Commissioner's Office, ICO).
6. Security and retention
We implement appropriate technical and organisational measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way.
- Retention: we only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for satisfying any legal, accounting or reporting requirements.
- Right to erasure: if you wish to stop using BlackBoard, you may use the Delete Account route in the App settings to formally request the permanent erasure of your personal data, in line with your UK GDPR rights.
7. Your legal rights
Under UK GDPR you have the right to:
- Access your personal data (commonly known as a data subject access request).
- Rectification of the personal data we hold about you if it is inaccurate or incomplete.
- Erasure of your personal data (the right to be forgotten) via the Delete Account route.
- Object to processing where we are relying on a legitimate interest.
- Restrict processing of your personal data.
- Portability of your personal data to another service provider.
- Withdraw consent at any time where we are relying on consent (such as for location data processing or certain marketing communications).
8. Contact and complaints
Data Protection contact
If you have any questions about this privacy policy or wish to exercise any of your rights, please contact our Data Protection representative.
Email: privacy@blackboarddeals.com
You also have the right to lodge a complaint with the supervisory authority in the UK, which is the Information Commissioner's Office (ICO).