Skip to main content
EqualiShop logo
Request a Demo

Privacy Policy

How we collect, use and protect your personal data at EqualiShop.

Last updated: 30 March 2026

Who We Are

EqualiShop is a values-led employee rewards platform that connects organisations with diverse and ethical brands. This privacy policy explains how EqualiShop (“we”, “us”, “our”) collects, uses and safeguards your personal information when you use our website and platform.

What Data We Collect

We collect the following categories of personal data:

  • Account information – your name, email address, organisation affiliation and role when you register or are invited to join.
  • Authentication data – hashed passwords, single-sign-on tokens and multi-factor authentication credentials.
  • Usage data – pages visited, features used, discount codes redeemed and interaction timestamps.
  • Device and technical data – IP address, browser type, operating system and screen resolution collected automatically via server logs and cookies.
  • Communication data – information you provide when you contact support or submit feedback.

How We Use Your Data

We process your personal data for the following purposes:

  • Providing and operating the EqualiShop platform and its features.
  • Authenticating your identity and managing your account.
  • Delivering personalised brand recommendations and discount offers.
  • Generating aggregate engagement analytics for employer administrators (individual browsing details are never shared).
  • Sending service-related notifications such as password resets and account updates.
  • Improving the platform through anonymised usage analytics.
  • Complying with legal obligations and enforcing our terms of service.

Legal Basis for Processing

We process your data under the following lawful bases as defined by UK GDPR and the Data Protection Act 2018:

  • Contract – processing necessary to provide the service you have signed up for.
  • Legitimate interests – improving our platform, preventing fraud and ensuring security.
  • Consent – where you have given explicit consent, for example accepting optional analytics cookies.
  • Legal obligation – where we are required to process data by law.

Data Sharing

We do not sell your personal data to third parties. We may share data in the following limited circumstances:

  • Your employer – aggregate, anonymised engagement metrics only. Individual browsing or redemption details are never disclosed.
  • Brand partners – when you click through to a brand website or redeem a code, the brand may receive the information necessary to fulfil the offer. This is subject to that brand’s own privacy policy.
  • Service providers – trusted third-party providers who help us operate the platform (hosting, email delivery, analytics) under strict data-processing agreements.
  • Legal requirements – where required by law, regulation or valid legal process.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the service. If you request account deletion, we will remove your data within 30 days, except where we are legally required to retain certain records. Anonymised, aggregate data may be retained indefinitely for analytical purposes.

Your Rights

Under UK GDPR you have the following rights regarding your personal data:

  • Access – request a copy of the data we hold about you.
  • Rectification – ask us to correct inaccurate or incomplete data.
  • Erasure – request deletion of your personal data (“right to be forgotten”).
  • Restriction – ask us to restrict processing in certain circumstances.
  • Portability – receive your data in a structured, machine-readable format.
  • Objection – object to processing based on legitimate interests.

You can exercise your data access and deletion rights directly from your profile settings, or by contacting us at the address below.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit and at rest, access controls, regular security reviews and secure development practices. While no system is completely secure, we are committed to protecting your information to the highest practical standard.

International Transfers

Your data is primarily processed and stored within the United Kingdom. Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Children’s Privacy

EqualiShop is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. The date at the top of the page shows when it was last revised. We encourage you to review this page periodically. Where changes are significant, we will notify you via the platform or by email.

Contact Us

If you have any questions about this privacy policy or wish to exercise your data rights, contact us at support@equalishop.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.