Privacy Policy

Last updated: 27 October 2025

Introduction

Klubby Limited ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in other ways.

This Privacy Policy applies to the Klubby website (https://klubby.co.uk), our rewards platform, and all related services.

Data Controller

Klubby Limited is the data controller responsible for your personal data.

Company Name: Klubby Limited

Address: 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom

Email: support@klubby.co.uk

Information We Collect

Personal Information

We may collect personal information that can identify you, including:

  • Name, email address, and contact details
  • Date of birth (to verify eligibility)
  • Payment information (processed securely by our payment providers; we do not store full card details)
  • Profile information and preferences
  • Communication preferences
  • IP address and device information

Usage Data

We automatically collect information about how you interact with our services:

  • Pages visited and actions taken
  • Access times and dates
  • Device and browser information
  • Referring websites
  • Clickstream and analytics data

Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For more details, see our Cookie Policy.

How We Use Your Information

We use the information we collect to:

  • Provide and maintain our services
  • Manage subscriptions and process payments
  • Operate your account and membership benefits
  • Deliver transactional and service-related communications
  • Notify winners of prize draws
  • Improve our website and user experience
  • Enhance platform security and detect fraud
  • Comply with legal and regulatory obligations

Marketing communications are only sent with your explicit consent.

Legal Basis for Processing

We process your data under the legal bases permitted by UK GDPR:

  • Contract: to provide the services you have subscribed to
  • Consent: for marketing communications
  • Legitimate Interests: to improve services, ensure security, and operate our business
  • Legal Obligation: to meet regulatory and compliance requirements

Data Sharing and Disclosure

We may share your information with:

Service Providers (Data Processors)

These providers support the operation of our services and process data on our behalf:

  • Mailgun Technologies, Inc.
    Used for transactional email delivery, routing, and related diagnostics and analytics. Mailgun may process metadata, device information, and limited message content to ensure secure and reliable delivery.
  • Klaviyo, Inc.
    Used for marketing email delivery and subscriber management with your consent. Klaviyo may process contact details, communication preferences, and engagement analytics for email campaigns.

Payment Processors

We use Stripe as our payment processor to securely handle subscription and transaction payments. When you make a payment, your payment information is processed directly by Stripe and not stored on our servers. For more information about how Stripe handles personal data, see Stripe's privacy policy: https://stripe.com/gb/privacy.

Hosting, analytics and technical support providers

Used to operate, maintain, and secure our service infrastructure.

Business Partners

Where you choose to redeem offers or rewards from our partner brands.

We require all service providers to comply with data protection laws and act only on our documented instructions.

We do not sell personal data to third parties.

International Data Transfers

Some service providers are located outside the United Kingdom, including Mailgun and Klaviyo which may process data in the United States or European Economic Area.

Where transfers occur, we ensure appropriate safeguards such as:

  • UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses
  • Adequacy decisions
  • Additional contractual and security controls

Data Security

We use technical and organisational measures to protect your personal information, including:

  • Encryption
  • Secure servers
  • Access controls and authentication
  • Regular monitoring and assessments

No system is completely secure, but we work continuously to safeguard your data.

Data Retention

We retain personal data:

  • For the duration of your membership
  • As required by law (e.g., tax and financial purposes)
  • To prevent fraud and resolve disputes
  • As necessary for legitimate business interests with safeguards

Your Rights (UK GDPR)

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of data where permitted
  • Restrict or object to certain processing
  • Request a copy of your data in a portable format
  • Not be subject to solely automated decisions with legal effects

To exercise any rights, contact: support@klubby.co.uk

We will respond within statutory timeframes.

Marketing Communications

We only send marketing emails with your consent. You can opt out anytime via:

  • The unsubscribe link in emails
  • Updating preferences in your account
  • Contacting support@klubby.co.uk

You will still receive essential service emails.

Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect data from children. If we learn we have done so, we will remove the data.

Changes to This Policy

We may update this Privacy Policy periodically. Changes will be indicated by the “Last updated” date above. Significant updates may be communicated more directly.

Complaints

You can raise concerns with us at support@klubby.co.uk.

You also have the right to contact the UK Information Commissioner’s Office (ICO):

  • Website: https://ico.org.uk
  • Phone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Contact Us

For questions about this Privacy Policy:
Email: support@klubby.co.uk