GDPR

Our Journey

To Protect Your Privacy

EU

By now you’ve probably heard about the EU’s new regulation, the General Data Protection Regulation (GDPR). It’s a new set of laws aimed at enhancing the protection of EU citizens’ personal data and increasing the obligations of organizations to deal with that data in transparent and secure ways. The GDPR applies not only to EU-based businesses, but also to any business that controls or processes data of EU citizens. At Next Jump, our organization has been hard at work ensuring that our practices are GDPR compliant and your rights are addressed.

We are fully committed to enhancing our platform, Perks at Work, to comply with the GDPR before May 25th.


DISCLAIMER: This web page includes background information to help you better understand how Next Jump has addressed some important points in the GDPR. The information is not legal advice for your company to use in complying with EU data privacy laws like the GDPR.


Perks at Work Journey to GDPR


April 2016 - GDPR Approved by EU
•••
November 2017 - Perks at Work begins work on GDPR
•••
May 2018 - GDPR goes live

We have been following developments in the General Data Protection Regulation since it was approved in April 2016. It was clear from the beginning that GDPR was going to be the most far-reaching change to data protection in a generation, and present some unique challenges. At Next Jump, we considered these challenges as opportunities to give you more control over your data, strengthen our programs and increase our transparency.

The work began in earnest in November 2017. Our first step was to compare our current practices and programs against the new requirements. In parallel we did extensive mapping of the EU data, systems and process flows. Over the next 5 months the program took shape and started firing on all cylinders.

Important components of the program completed:
  • Hired a GDPR legal expert for guidance and advisory services.
  • Ensured the lawful basis for processing your data.
  • Implemented changes to the platform that give you more control over your data.
  • Increased transparency by informing you about the processing of your data through clear and concise language in the Privacy Policy.
  • Executed Data Protection Agreements with service providers.
  • Implemented privacy impact assessments and privacy by design principles.
  • Conducted reviews and upgrades to our security program to ensure proper technical and organizational controls to protect your data and minimize risk.
  • Certified under the U.S. Department of Commerce’s Privacy Shield that our transfers of personal data from the European Union to the United States comply with EU-US data protection requirements.

As the 25th of May approaches, our commitment to your data privacy is ongoing and steadfast. If you have any feedback or questions please reach out to the Data Protection officer at privacy@nextjump.com.

Protecting Your Privacy


As the world leading employee rewards and benefits provider, we (Next Jump) take security and privacy of your data as our highest priority. We are working smart to ensure Perks at Work complies with EU’s new regulation, the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), when it comes into effect on 25 May 2018.

At Next Jump we consider protecting your data a business imperative and a social responsibility. Privacy, security and earning your trust is fundamental to everything we do. For full transparency, we have created this page to share with you our approach to GDPR compliance and serve as your go-to place for GDPR related questions. We apply a cycle of continuous improvements of technical and organizational measures; as well as consult third party industry experts who audit and certify us on a year-round basis. We do all of this and more to safeguard the data you entrust us through our suite of programmes and apps.

Let’s take a closer look at GDPR and how we are stepping up to the challenge:

Feature How Perks at Work addresses it
Lawful Basis of Processing

Perks at Work processes your data based on legitimate interest and the performance of contract, as specified by the Terms of Use. Details on our lawful basis for processing can be found in the Privacy Policy.

Data Rights of Individuals

In general, we are addressing your rights by providing you transparency, access and control over your data.

a) Right to be Informed

We use the Privacy Policy to provide you clear and concise information about our data processing and privacy programs.

b) Right to Access

With Perks at Work you can access your data in a variety of ways including the My Account, Rewards Statement, and Purchase History pages.

c) Right to Rectification

Accurate information is good. We provide several pages where you can edit and manage your account information, email settings and payment card information. You may also Contact Us and we will help manage your data.

d) Right to Erasure

It is your data and you control it. You can always have your data erased from the My Account page. You may also Contact Us to request that your data be erased. However, keep in mind that our platform can not work without data so when you request that your data be erased, you will no longer be able to access the rewards and features of Perks at Work.

e) Right to Data Portability

You can take your data with you. You may request a copy of your data from the My Account page. You may also Contact Us to request a copy of your data.

f) Right to Object

You control your information. We provide several pages where you can restrict processing such as email settings and payment card information. You may also Contact Us and we will act on your request.

g) Right to not be Subject to Automated Decision Making

We provide you a highly personalized shopping experience but do not perform any automated decision making. Our platform is based on providing a highly personalized experience for you. As a result if you prefer not be included in the personalizaton then you may unsubscribe from the overall service at any time using the My Account page. You may also Contact Us to unsubscribe from the service.

Security Controls

Protection of your data is our highest priority and has been years. We are proud of our robust security program that includes components such as information classification, privacy by design, risk management, breach notification, encryption, incident response, and technical, organizational and physical controls, and more. Our work never stops. We actively evaluate and update our programs to ensure we are staying ahead of the evolving threat landscape.

FAQ


Here are common questions that we get asked. Check back often as we will frequently update this list with new questions.

The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will be in be in effect on 25 May 2018.
The regulation applies to all organizations processing and storing personal data of EU citizens, regardless of the company’s location. In addition, it not only applies to company’s within the EU but any company’s located outside the EU if they offer goods or services to, or monitor the behavior of EU citizens.
GDPR defines personal data as any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. GDPR provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and ways organizations collect information about people. The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible.
The regulation does not require EU personal data to be hosted with the European Economic Area (EEA), nor does it place any restrictions on transfers of personal data outside the EEA. However transfers to outside of the EEA do require that a valid transfer mechanism is in place to protect the data once it leaves the EEA.
We are happy to help! For additional information you may contact the Customer Service team using the Contact Us page or the Data Protection Officer at privacy@nextjump.com.