We are Meniga Sweden AB company registration no. 556868-5712, Mäster Samuelsgatan 42, 111 57 Stockholm, Sweden, a wholly owned subsidiary of Meniga Ltd. You can reach us by e-mail at rewards.support@meniga.com or dpo@meniga.com, and we are the data controller for the processing of your personal data.

We trust that this Privacy Policy answers your questions about our collection, use, protection and disclosure of your personal data. If you have additional questions, please contact us on the address or e-mail address provided above.

We may amend this Privacy Policy from time to time. If we do so, the amended Privacy Policy will enter into force when we publish it on the Website. The latest date of amendment is stated at the bottom of the Privacy Policy.

If any amendment makes the Privacy Policy less protective of your personal data, such amendment will not apply to data we collected about you before the amendment was made. The amendment will, however, apply to such data if you provide your consent to the Service and/or to new version of the Privacy Policy, or if you provide new information or restate the same information after the entry into force of the amendment.

4.1 What information we collect

We collect the personal data which has been provided by you or collected in the Service. For Users, the personal data we process consists of the following:

4.1.1 Registration

When you register as a User we collect and store your user information, including your full name, birth date and e-mail address.

4.1.2 Payment account linking

When you link your cards and/or payment accounts to the Service we ask you to provide your card or payment account details and/or the account number to be linked to the Service and the other information as necessary for such linking.

4.1.3 Transactions

When using the Service, we automatically collect from the linked cards/payment accounts the transaction data transferred from your bank/card/payment provider under your consent and approval (i.e. information about the purchases that you make using your linked card/payment account, such as purchase amount and merchant information). This information will be transferred automatically to Meniga after your consent and approval, as long as it is valid.

4.1.4 Uploaded information and data created by you

We collect data from you when you enter or upload data through forms in our Service, such as preferences, interests, settings and whether or not you wish to receive marketing from us and any messages to our support team.

4.1.5 Collection of general and statistical data

We use cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to recognize you across the Service and when using different devices. We use logins, cookies, device information and internet protocol address to identify you and log your use. If you set your mobile device or your web browser not to accept cookies the Service will not function as intended.

4.1.6 Other information

We may also collect other technical information related to your use of the Service, such as browser information, any website from which you have been referred; pages you visit in the Service, and your IP-address; and location information. 

For Merchants, the personal data we process consists of the following:

4.1.7 Registration

When you register as a Merchant we collect and store your user information, including your full name, birth date, e-mail address, mobile phone number and other details, such as your company details and billing information.

4.1.8 Uploaded information and data created by you

We collect data from you when you enter or upload data through forms in our Service, such as campaign information, interests, settings and whether or not you wish to receive marketing from us and any messages to our support team.

4.1.9 Payment information

When using the Service and ordering campaigns, we ask you to provide payment through our third-party payment service provider. In connection with such payments, we collect information on inter alia payments made, campaign rewards and remaining amounts.

4.1.10 Collection of general and statistical data

We use cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to recognize you across the Service and when using different devices. We use logins, cookies, device information and internet protocol address to identify you and log your use. If you set your mobile device or your web browser not to accept cookies the Service will not function as intended.

4.1.11 Other information

We may also collect other information related to your use of the Service, such as browser information, any website from which you have been referred; pages you visit in the Service, and your IP-address; and location information.

4.2 How we collect your information

We collect your personal data directly from you in connection with your visit or registration on the Service, or when you use our Service by for example earning cashbacks and redeeming rewards, registering for newsletters or contacting us by mail, e-mail, chat or telephone. 

We may also collect your data, to the extent you have given your consent to it through either the digital banking application of a participating bank or the Meniga Rewards app, from the cards/payment accounts you have linked. This information will be transferred automatically to Meniga after your consent and approval, for as long as it remains valid. 

We may combine information that you have provided to us with information from other sources, such as information which confirms your card/payment account details or your telephone number. We do this in order to ascertain the correctness of the information we are collecting, and to be able to provide better service.

Your personal data will not be used in any manner that is incompatible with the purpose for which it was collected. Please note that certain data can be used even without your consent, for example if we need the data to provide our Service. We process your personal data for the purposes set out in Clauses 5.1-5.5 below.

5.1 Provide our Service

We use your personal data to provide our Service and the features therein, e.g. to analyze your purchases and provide offers for cashbacks and rewards based on your purchase history and profile (if you are a User), to administrate and publish campaigns and any rewards or cashbacks related thereto (if you are a Merchant), to administer your User/Merchant profile, to process your information in connection with a purchase, to process any request that you make for information or advice, to communicate with you and to provide support. Processing relating to analyzing your purchases and processing your transactions is based on your prior consent. Other processing activities set out above are necessary for the performance of our contracts with you or based on our legitimate interest in providing the Service. As part of providing our Service, we create anonymized statistics about the aggregate buying behavior of all of our users and subsegments of the user base. We provide these statistics about buying behavior to merchants and others as part of the Service. We also use these statistics as part of the data we provide to merchants about rewards campaign performance and how cashback reward campaigns are having an effect on buying behavior.

5.2 Improve our Service

We will process your personal data to produce statistics on how you use our Service. We can do this e.g. by analyzing your use of the Service. When we use your personal data to improve our Service, we use it in an aggregated form (i.e. study the overall user patterns by reviewing de-identified data) to the extent possible. We use your information to be able to make the Service more user friendly, e.g. by fixing bugs, amending the interface in order for you to easily reach the information that you seek or highlighting popular functions. This processing is based on our legitimate interest to continuously improve the Service.

5.3 Prevent abuse or misuse

Your personal data can also be used to prevent abuse of our Service or to prevent or investigate crimes. Abuse refers to, among other things, fraud, attempt of unauthorized login to user accounts and other measures which are in violation of our terms of service or law. This processing is based on our legitimate interest to avoid abuse of the Service.

5.4 Direct marketing and marketing of the Service

We use your personal data to communicate with you, to send newsletters, personalized offers and relevant information about our Service. These communications can be sent to you in the Service, by SMS or e-mail. This processing is based on your prior consent or based on our legitimate interest to communicate with you regarding your use of the Service. You may at any time unsubscribe from direct marketing messages.

5.5 Aggregating data

We regularly aggregate and de-identify your personal data after certain retention periods. The anonymization is made in such a way that a recipient of such data does not receive information of your identity and thus cannot identify you individually. We may in connection with this use your personal data to aggregate and anonymize data for further use, such as in marketing or improving the Service. Only de-identified and anonymized data is used in such marketing – no personal information can be found in such aggregated data. We may share anonymized data, for example with our partners. This processing is based on our legitimate interest in improving or marketing the Service.

We do not sell or assign any of your personal data to any third parties. However, at times the personal data that we collect may be shared with other companies in the Meniga group to provide the Service, for the processing on our behalf or for the centralization of data. Meniga may also provide your user information to the issuer of the card(s)/payment account(s) that you have linked to the Service. If Meniga shares your personal data in such ways, we will ascertain that your information is still processed only in accordance with this Privacy Policy.

 Meniga does not share your personal information with any third party, except as described below.

6.1 Service providers

Meniga may use third parties to manage one of more aspects of our business operations, including the processing or handling of personal information. We may share personal information with such third parties to perform services on our behalf such as processing payments, sending marketing communications, conducting research surveys, verifying and validating information that you have provided to us, and providing customer support services.

6.2 Partner banks

If you enroll into the service through your bank digital application, we may share certain information with the bank.

6.3 Sale or transfer of business or assets

Any information we have about you may be transferred or disclosed to a purchaser or prospective purchaser in the event of a sale, assignment, or other transfer of all or a portion of our business or assets. Should such a transfer occur, we will use reasonable efforts to ensure that the transferee uses your information in a manner that is consistent with this Privacy Policy.

6.4 Legal purposes

Meniga may also disclose your information if we are required to do so by law or to comply with legal requests (e.g. disclosure queries, court decisions, legal actions or the like) or when it is necessary to detect, prevent and address fraud and other criminal activity, to protect ourselves, you and other users, including as part of an inquiry if we in good faith believe that such action is required by applicable law. The above may include answering legal requests from non-EU/EEA jurisdictions, where we in good faith believe that the response is required by the law of the relevant jurisdiction, affects users in this jurisdiction and is in accordance with internationally recognized standards.

 When we use service providers within the scope of our business in accordance with Clause 6.1 above, we will enter into a data processing agreement with the service provider and take other appropriate measures to ensure that your personal data is processed in accordance with this Privacy Policy. Processing in accordance with Clause 6.2-6.3 above is necessary for the performance of our contracts with you or based on our legitimate interest in providing the Service or based on our requirements under law.

Anonymized and aggregated data may be made available without your explicit consent (such as statistics etc.). We may thus publish anonymous and aggregated information about the use of the Service or other conclusions that may be deducted from the use of the Service.

The files containing your personal information will be stored on our servers and will only be accessible to our employees and those of our agents and service providers who require it in the course of their duties. We maintain appropriate safeguards and current security standards to protect your personal information against unauthorized access, disclosure, or misuse. For example, electronic records are stored in secure, limited-access servers and electronic data is stored behind secured encryption access. We use technological tools like firewalls and multi-factor authentication, and we ensure our employees are trained on the importance of maintaining the security and confidentiality of the personal information we process.

All communications between your device and Meniga are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering and message forgery. We offer industry-standard practices and security measures to safeguard and secure the personal data we collect. We use a combination of firewall barriers, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect Meniga accounts and systems from unauthorized access.

We generally retain your personal data as long as it is necessary for the purposes it was collected for or as otherwise required or authorized by applicable law, such as GDPR.

We will save your personal data as long as you are a registered User/Merchant with Meniga. However, we routinely aggregate and de-identify your transaction data within at least twelve months from its collection, where after such personal information is no longer stored in an identifiable manner.  

You may at any time request that we delete your account for the Service. If you do so, your user information will be permanently expunged from our servers, to the extent Meniga does not need to retain data for further periods (e.g. as set out in 8.1 below), and further access to your account will not be possible. To request deletion of your account, use the delete my account option in the App. Merely deleting the App from your device does not constitute a request to delete your account or unsubscribe to the Service.

Upon your un-subscription to the Service or any other termination of your access to the Service in accordance with Meniga’s Terms of Service, Meniga will, to the extent Meniga does not need to retain data for further periods (e.g. as set out in 8.1 below), erase your personal data from its systems and anonymize all identifiable information related to you. Thus, anonymized data, in de-identified and aggregate forms, may remain on our system indefinitely. We reserve the right to use this aggregate data to improve our service and for other lawful purposes, as discussed above.

8.1 Un-subscription

After your un-subscription to the Service or any other termination of your access to the Service in accordance with Meniga’s Terms of Service, Meniga will only retain your personal data to the extent necessary for Meniga’s fulfilment of our legal requirements or as otherwise necessary or required. For example, Meniga stores information on your personal identification number and your cashback for the fulfilment of our accounting obligations under law.

As a member, you always have the possibility to remove or correct the information we have about you. You can do this on your profile in our mobile applications or on the Website. Please note, however, that we may continue to process your personal data to the extent necessary for the performance of our contracts with you or if there is any other legal basis than consent for processing the data.

You have a right to access your own personal data, to see which personal data we hold about you and to receive a copy of the data upon your request. This right is not absolute, there might be instances where applicable laws or regulations would require us to withhold some of the information relating to you. In such cases we will inform you, to the extent possible, of why some information had to be withheld.

You have a right to have your data rectified, e.g. if some of the data relating to you is wrong, and we encourage you to help us keep your personal information up to date and accurate.

You have a right to request erasure of your data. The right to deletion of data is not absolute.  It might for example apply to information that are wrong, outdated or no longer needed for the purpose it was collected for.

You may also have a right to have the processing of your data restricted, objecting to processing and profiling and to have your data transferred to another data controller (data portability). Those rights are limited and will be evaluated on a case-by-case basis.

If you wish to exercise any of those rights, please contact us at dpo@meniga.com.

If you think we process your data in a way that is not compatible with relevant Data Protection Legislation you are of course free to contact the Data Protection Authority, but we strongly urge you to voice your concerns with the contact named above first, to see if we can rectify the situation.

Meniga stores and processes your personal data within the EU/EEA. If other companies within the Meniga group or our partners conduct business outside the EU/EEA, we will ensure that appropriate protective measures are taken prior to the data transfer to such business.