GDPR privacy policy for reward card customers.

With the new data protection regulations (GDPR) coming into force on the 25th May 2018 we would like to outline our privacy policy relating to your data and how we use it.

Information Held:

Information that is held to administer the reward card scheme is held by Oxford Retail Data solely for this purpose. No data is stored by R H Thaxter Ltd. Data is held accurately and up to date as provided by you on your application form.

We are able to provide you with your data or remove and delete data at your request. Physical application forms are held by Oxford Retail Data for 18 months after which they are disposed of by confidential waste shredding.

The printing processes provide full traceability of all documents from printing through to despatch. Every document will be assigned a unique identifier; this identifier will be in the form of a 2D barcode. This provides full audit trail giving details of when it was sent, where and to whom, at what time it was submitted and printed. To enable us to provide this level of service we need to share some data with our postal partners – Whistl Ltd. Any data flow to them will be encrypted and transferred via a SFTP connection. Data will only be used for the purposes of printing and distribution. After 14 days of the data being printed and posted, all data will be deleted by them.

Data Security:

We have relevant security measures in place to protect your data. Data is encrypted and held on UK based servers.