gocertify Privacy Notice

📅 Last updated on 01/11/2023

At gocertify we work hard to ensure that we minimise the amount of data we do collect, and ensure that we look after and protect any data that is shared with us. Our shopper’s privacy is at the forefront of what we do.


📮 Our contact details

Email: privacy@gocertify.me

Address: 33 Boston Road South, Holbeach, Spalding, England, PE12 7LR


❓ What is this notice all about?

We want to be completely transparent about how we collect and use your personal data and this privacy notice exists to tell you exactly how we do this.

This notice applies wherever we decide why and how we process personal data (and therefore act as a Data Controller under data protection law).

Our privacy notice tells you the journey of your personal data from the moment it enters our systems up until it's time for us to say "goodbye 👋", as well as the various stops it makes along the way.


👇 The different ways we process personal data

I’m a shopper…

  • When you set up an account with gocertify

    • 🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?

      When you set up an account, we will collect your mobile phone number so that we can send you a code via SMS. We will associate your verified status to your phone number.

      You may choose to add your email address to receive additional promotions and offers from a brand. If you do this, we will also store your email address on your account for use if you choose to sign up to other brands.

      We will rely on Article 6(1)(f) Legitimate Interest of the GDPR for this processing.

    • 🗺️ Where do we store it?

      Your mobile phone number, and your email address if you supply one, is stored on a communications platform and a database.

      Any data stored by gocertify is encrypted at rest and in transit. Any data transfers to cloud based applications that are headquartered outside of the EEA, for example in the United States, are secured by SCCs and the UK Addendum where appropriate.

    • 🗺️ Who will you share my data with?

      We will only share your data with the brand you are applying to for the discount.

      Depending on the brand and the campaign, you may not receive the discount, or you may receive a lower discount if you refuse. Before giving us the green light to share your data with the brand make sure you have read their Privacy Notice. The decision to ask you to share the data rests solely with the brand.

    • ⏲️ How long do we keep it for?

      We will retain the account for as long as a user wants us to. Cookies retention periods can be found on the ‘when you visit our website’ section below.

  • When you verify for a discount code using an email address

    • 🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?

      When you verify your identity for a discount code, you will need to select the method of verification that suits you best.

      If you verify using email, we will collect your email address and use it to send you a code. We will rely on Article 6(1)(f) Legitimate Interest of the GDPR for this processing.

      We will share with the brand or store which category you have verified for. We rely on Article 6(1)(f) Legitimate Interest of the GDPR for this processing.

    • 🗺️ Where do we store it?

      Any data stored by gocertify is encrypted at rest and in transit. Data transfers to cloud based applications that are headquartered outside of the EEA, for example in the United States, are secured by SCCs and the UK Addendum where appropriate.

    • ⏲️ How long do we keep it for?

      All verification data, such as uploads, is deleted within 24 hours after the verification process is finished, regardless of the result.

  • When you verify for a discount code by uploading a document

    • 🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?

      When you verify your identity for a discount code, you will need to select the method of verification that suits you best.

      If you verify by uploading a document, for example a work ID, passport, driving licence or a payslip, we will use AI technology to verify it and then provide a code. We will rely on Article 6(1)(f) Legitimate Interest of the GDPR for this processing. It is up to you to decide which document you upload to allow us to verify that you qualify for the discount.

      We will share with the brand or store which category you have verified for. We rely on Article 6(1)(f) Legitimate Interest of the GDPR for this processing.

      If you are verifying that you are pregnant, we will use this information to send you a code. We will rely on Article 6(1)(a) consent, and Article 9(a) explicit consent of the GDPR for this processing and sharing with the brand.

    • 🗺️ Where do we store it?

      Any data stored by gocertify is encrypted at rest and in transit. Data transfers to cloud based applications that are headquartered outside of the EEA, for example in the United States, are secured by SCCs and the UK Addendum where appropriate.

    • ⏲️ How long do we keep it for?

      All verification data, such as uploads, is usually deleted within 24 hours after the verification process is finished, regardless of the result.

  • When you verify for a discount code using a learning portal

    • 🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?

      When you verify your identity for a discount code, you will need to select the method of verification that suits you best.

      You can verify by using the learning portal ‘VerifID’: who will notify us to confirm your status and we will send you a code.

      We will rely on Article 6(1)(f) Legitimate Interest of the GDPR for this processing.

      We will share with the brand or store which category you have verified for. We rely on Article 6(1)(f) Legitimate Interest of the GDPR for this processing.

    • 🗺️ Where do we store it?

      We share with the learning portal VerifID.

      Any data stored by gocertify is encrypted at rest and in transit. Any data transfers to cloud based applications that are headquartered outside of the EEA, for example in the United States, are secured by SCCs and the UK Addendum where appropriate.

    • ⏲️ How long do we keep it for?

      All verification data is deleted within 24 hours after the verification process is finished, regardless of the result.

  • When you verify for a discount code based on charitable donation

    • 🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?

      When you verify your identity for a discount code, you will need to select the method of verification that suits you best.

      If you choose to donate to JustGiving, we will direct you to that site and after confirmation of a charitable donation, we will send you a code.

      We will rely on Article 6(1)(f) Legitimate Interest of the GDPR for this processing.

      We will share with the brand or store which category you have verified for. We rely on Article 6(1)(f) Legitimate Interest of the GDPR for this processing.

    • 🗺️ Where do we store it?

      We will redirect you to JustGiving, who will confirm with us that a donation has been made.

      Any data stored by gocertify is encrypted at rest and in transit. Any data transfers to cloud based applications that are headquartered outside of the EEA, for example in the United States, are secured by SCCs and the UK Addendum where appropriate.

    • ⏲️ How long do we keep it for?

      Completed verification data is deleted within 24 hours

      Once the verification is confirmed, any data collected is deleted within 24 hours.

      Any data collected for verification is deleted within 24 hours of completion

  • When you manually verify for a discount code

    • 🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?

      When you verify your identity for a discount code, you will need to select the method of verification that suits you best.

      Occasionally an individual may have trouble verifying a document. When this happens our customer service team will manually verify and will need to collect your email, mobile number as well as the document you are relying on. We will rely on Article 6(1)(f) Legitimate Interest of the GDPR for this processing.

      We will share with the brand or store which category you have verified for. We rely on Article 6(1)(f) Legitimate Interest of the GDPR for this processing.

    • 🗺️ Where do we store it?

      Because we provide a 24/7 365 service, your data may be processed by staff who are based internationally.

      Any data transfers to cloud based applications that are headquartered outside of the EEA, for example in the United States, are secured by SCCs and the UK Addendum where appropriate or by another approved mechanism.

    • ⏲️ How long do we keep it for?

      All verification data, such as document uploads, is deleted within 24 hours of completed verification regardless of the result.

  • When you are claiming an offer that doesn’t require sign in

    • 🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?

      When you claim your discount, if we collect your mobile phone number and/or your email address, they may be shared with the brand to enable the discount to be provided. Depending on the brand and the campaign, you may not receive the discount, or you may receive a lower discount if you refuse. Before giving us the green light to share your data with the brand be sure you have read their Privacy Notice. The decision to ask you to share the data rests solely with the brand.

      We will rely on Article 6(1)(f) Legitimate Interest of the GDPR for this processing.

    • 🗺️ Who will you share my data with?

      We will only share your data with the brand you are applying to for the discount. As soon as we have successfully shared this data we will delete it from our systems.

    • ⏲️ How long do we keep it for?

      We will only store your data while we transfer it to the brand. We do not store it beyond this transitory period.

  • When you visit our website

    Our website uses cookies and other similar technologies of which you should be aware.

    • 🗂️ What cookies do we collect, why do we collect them, and what legal basis do we rely on?

      When you use our website, the cookies that can be stored on your device are first party essential cookies, which are placed and read by us directly while you are using our website. As part of the verification flow, you will be redirected via a third party site that will deploy an essential cookie that will count your visit.

      Below is a list of the cookies we use and the purposes for which they are used:

      • Essential cookies

        Cookie Purpose Duration
        _gocertify_session Persist signed in user’s credentials 1 month
        gc_params Persist special source of the visit (if any, like a promotion partner or referred by a friend) while the session is open
      • Non-essential cookies

I’m a business…

  • Details about automated decision-making and profiling

    The UK GDPR restricts organisations from making solely automated decisions, including those based on profiling, that have a legal or similarly significant effect on individuals. However, this restriction only covers solely automated individual decision-making that produces legal or similarly significant effects (a legal effect is something that affects someone’s legal rights). We use AI automations to verify documents that you provide to us but offer an alternative method on request and if the verification is unsuccessful.

  • When a brand or customer starts working with us

    • 🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?

      When a customer starts working with us, we will require the name, email address, phone number and job title of our primary customer contact in order to manage our contractual relationship. We will rely on our contractual obligation under Article 6(1)(b) of the GDPR for this processing.

    • 🗺️ Where do we store it?

      We hold customer information in our Customer Relationship Platform, so we are able to communicate easily.

      Contracts are signed using a cloud based application.

      Customer invoices and payments are managed through our financial platform.

      We sometimes like to send our customers gifts, as a sign of our appreciation. When this happens we ask for home addresses or personal emails. These are stored in our Customer Relationship Platform.

      We provide email support to our customers, and this is stored on our communication hub.

      Any data transfers to cloud based applications that are headquartered outside of the EEA, for example in the United States, are secured by SCCs and the UK Addendum where appropriate.

    • ⏲️ How long do we keep it for?

      We keep customer account data mentioned for the duration of the account with us and for 6 years after it has ended, in line with the statutory retention periods for contractual claims.

      Any personal email addresses and home addresses with permission from the individual are deleted after any gift has been safely received.

  • When we raise awareness of our business

    • 🗂️ What personal data do we collect, why do we collect it, and what legal basis do we rely on?

      When we raise awareness of our business, we will collect contact details of potential customers to add to a marketing list. Some of these contact details are collected at networking events by referral or from networking sites. We also make use of attendee lists at events. We have partnered with affiliate networks who will pass on contacts to us at their request. We also make use of marketing databases and sales intelligence tools to get leads. We will rely on Article 6(1)(f) Legitimate Interest of the GDPR for this processing.

    • 🗺️ Where do we store it?

      Our marketing list is held on our customer relationship management platform. We also use a sales execution platform to enrich the data we directly collect. Sometimes we will download the data into a Google Workspace application such as Gmail.

      Any data transfers to cloud based applications that are headquartered outside of the EEA, for example in the United States, are secured by SCCs and the UK Addendum where appropriate.

    • ⏲️ How long do we keep it for?

      We will retain these records in line with our retention schedule, and we include an unsubscribe link on all emails so that members of the list can remove their details at any time.


🇪🇺 What are your rights?

Your personal data is yours and you have rights in relation to it granted by the UK GDPR, which include:

  • 📮 The right to be informed

    You have the right to be informed about the collection and use of your personal data, the purposes for processing, retention periods for that personal data and who it will be shared with. We have set this information out in this privacy notice.

  • 🗝️ The right of access

    You have the right to ask us for copies of the data we hold about you. If you ask us, we’ll confirm whether we’re processing your personal information and, if so, provide you with a copy of that personal information (along with certain other details).

  • The right to object

    You have the right to ask us to stop processing your personal information in some circumstances, such as when we are relying on our own (or someone else’s) legitimate interests to process your personal information, when we are processing your personal information for direct marketing or when we are processing your personal information for research.

  • 📝 The right to rectification

    You have the right to ask us to rectify the personal information you think is inaccurate or to complete information you think is incomplete. When you ask us to rectify your information, if we’ve shared your personal information with others, we’ll let them know about the rectification where possible.

  • 🧽 The right to erasure

    You have the right to ask us to erase your personal information, in some circumstances, such as where we no longer need it or you withdraw your consent (where applicable).

  • 🚫 The right to restrict processing

    You have the right to ask us to restrict the processing of your personal information for a period of time in some circumstances, such as where you contest the accuracy of that personal information or object to us processing it. This right is separate from the right to object and will only stop us from using your personal information further, not from processing it. If we’ve shared your personal information with others, we’ll let them know about the restriction where possible.

  • ✈️ The right to data portability

    You have the right to ask that we transfer the personal information you gave us to another organisation, or to someone else, in some circumstances.

You don't have to pay anything in order to exercise your rights. Please contact us by sending an email to privacy@gocertify.me if you wish to make a request under your rights; we have a calendar month to get back to you with a response.

🇺🇸 What are your rights?

  • 🗝️ The right to know

    You have the right to ask a business to disclose what personal data they have collected, used, shared or sold about you and why it was collected, used, shared or sold. You have the right to this information for the 12 month period preceding your request. The data should be provided in a portable format.

  • The right to opt-out of sale

    You have the right to ask a business to stop selling your personal information (”opt-out”). With some exceptions, a business cannot sell your personal information if they receive an opt-out request unless you provide authorisation allowing them to again.

    Nevada Residents: We do not sell your personal information, but nevertheless we offer an opt out to sales of your data in an overabundance of caution to ensure compliance with Nevada law. Verified requests under Nevada law (NRS 603A) to not make any sale of any covered information we have collected or will collect regarding you may be sent to privacy@gocertify.me. Please include in your email "Request for Nevada Opt-Out" in the subject line and in the body of your message.

  • 📝 The right to rectification

    You have the right to ask us to rectify the personal information you think is inaccurate or to complete information you think is incomplete. When you ask us to rectify your information, if we’ve shared your personal information with others, we’ll let them know about the rectification where possible.

  • 🚫 The right to limit use of sensitive information

    You have the right to ask us to only use your sensitive personal information (for example, your social security number, financial account information, your precise geolocation data, or your genetic data) for limited purposes, such as providing you with the services you requested. If we’ve shared your personal information with others, we’ll let them know about the restriction where possible.

  • 🧽 The right to delete

    You have the right to request that businesses delete personal information they collected about you and to tell their service providers to do the same. There are some exceptions that allow businesses to keep your personal information.

  • ⚖️ The right to non-discrimination

    Businesses cannot deny goods or services, charge you a different price, or provide a different level or quality of goods or services just because you exercised your rights under the CCPA.

  • 💡 Shine a Light (California Residents)

    If you are a California resident and have an established business relationship with us, you can request a notice disclosing the categories of personal information we have shared with third parties for the third parties’ direct marketing purposes during the preceding calendar year. To request a notice, please submit your request to: privacy@gocertify.me. Please include in your email "Request for California Shine the Light Opt-Out" in the subject line and in the body of your message. Please allow 30 days for a response.

You don't have to pay anything in order to exercise your rights. Please contact us by sending an email to privacy@gocertify.me, if you wish to make a request under your rights; we have 45 days to get back to you with a response.


💔 How you can complain

If you have any concerns about our use of your personal information, please let us know by:

💡 Emailing us at privacy@gocertify.me

If you are not satisfied with our response or you are unhappy with how we have used your data, you can complain to the Information Commissioner's Office (ICO). You can find the ICO contact details below:

💡 ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Helpline number: 0303 123 1113.

💡 ICO Website: https://www.ico.org.uk

Go back