Privacy Policy

Welcome to the UNiDAYS Corporate Privacy Policy

 Last updated: 15 August 2023

Our Commitment to Your Privacy

UNiDAYS Corporate does not sell or share any personal data as defined under US State Privacy  Laws, in any event, see our US State Privacy Notice here for more information about your rights.
Your privacy is our priority. We appreciate that you entrust us with your personal data and want you to know that we respect your privacy. Our privacy practices are based on these core principles:

  • We design our platforms and services with your privacy in mind.
  • We strive for transparency about how we process your personal data. We work hard to provide clear and straightforward descriptions of our privacy practices because we want you to understand them.
  • We are dedicated to the protection of your personal data. We continually assess data security risks and test and monitor our security practices to protect against them.
Our Privacy Policy

This Privacy Policy describes how Myunidays Limited (MYUNIDAYS LTD) and its affiliates (collectively “UNiDAYS”, “our”, “us” or “we”) collects and processes your personal data when you interact with UNiDAYS through our Site. It also explains how your personal data is used, shared and protected and how you can exercise your privacy rights and contact us.

If you are located in the EEA or the UK, the data controller for the personal data that UNiDAYS collects is Myunidays Limited of 2 Castle Boulevard, Nottingham, Nottinghamshire, United Kingdom NG7 1FB. The ICO registration number is Z2692580.

If you are located in the US or Canada, the legal entity responsible for personal data processing is Unidays Inc., Penn Plaza 9th Floor 132 W 31st St. New York City NY 10001, United States.

If you are located in India, the legal entity responsible for personal data processing is UNiDAYS Private Limited, with its principal place of business at 4th Floor, Vedwati Apartments, Opposite Agriculture College, Shivaji Nagar, Pune, Maharashtra, India 411005.

For all other jurisdictions, the legal entity responsible for personal data processing is MYUNIDAYS LTD of 2 Castle Boulevard, Nottingham, Nottinghamshire, United Kingdom NG7 1FB

MYUNIDAYS LTD is incorporated and registered in England and Wales with company number 07552253, VAT number 130053865, and registered office at 2 Castle Boulevard, Nottingham, Nottinghamshire, NG7 1FB.

When we refer to our “Site”, we mean www.corporate.myunidays.com and www.genzinsights.com.

YOU ACKNOWLEDGE THAT THIS PRIVACY POLICY DESCRIBES HOW WE PROCESS YOUR PERSONAL DATA WHEN YOU USE OUR SITE.

If you are in the UK or the EU, the UK/EU-specific requirements to the Privacy Policy take precedence over all other provisions.

To learn how you can exercise your privacy rights

  • If you are resident in the United States of America, please see our US State Privacy Notice section, which supplements this Privacy Policy.
  • For everyone else, please see ”How does UNiDAYS Corporate honour privacy requests” below. 

The Site is hosted by our service provider Hubspot Inc on behalf of UNiDAYS. Hubspot Inc, is an inbound marketing tool used by UNIDAYS for Business-to-Business marketing operations.

What is UNiDAYS Corporate?

UNiDAYS Corporate is a Business-to-Business marketing website aimed at connecting with existing partners (brands and educational institutions) and establishing new business relationships and acquiring new partners.UNiDAYS Corporate website enables organisations to sign-up to UNiDAYS in order to become partners. UNiDAYS provides student verification services and works with brands that want to provide verified students with benefits and/or advertise their products and services to our members on the UNiDAYS platform. UNiDAYS Corporate website allows new Partners to sign up in order to receive a verification service and/or to provide exclusive promotions, discounts, and other exciting offers to verified students and members.

Gen Z Insights is a Business-to-Business marketing website aimed at providing a subscription based newsletter to existing and prospective UNiDAYS partners the latest marketing insights and retail trends about students. It is a Gen Z focused brand and market research tool, backed by the UNiDAYS Student Affinity Network. Gen Z Insights provides the latest Gen Z marketing trends and perspectives, presented by UNiDAYS for the benefit of its partners.

What information does UNiDAYS Corporate collect and why?

If you are a resident in the United States of America, please see our US State Privacy Notice available here.

We collect three main categories of personal data:

  • Personal data that you provide to UNiDAYS Corporate
  • Automatically-collected Personal Data
  • Data from third parties

Personal data that you provide to UNiDAYS Corporate
We collect personal data that you provide when you register, or otherwise choose to share with us. We collect this personal data for many reasons, including to create and secure your account, to provide a newsletter you have subscribed to, to contact you in response to a prospective partnership, to provide our services and protect the Site.

The information collected may include:

  • Name;
  • Work Email;
  • Company Name;
  • Country;
  • Industry;
  • Job Title;
  • Phone Number.

We collect these personal data for the following purposes:

  • To contact you in response to an enquiry that you have made on our Site in relation to a potential or existing partnership with UNiDAYS (brand or educational institution);
  • To register you for an event;
  • To create an account;
  • To respond to a media enquiry that you have submitted;
  • To provide you with a service that you have requested, for example a newsletter that you have subscribed to, or a report that you have requested;
  • To enable us to improve our products and services and  understand more about prospective partners.
  • We will also use and analyse the information we collect so that we can administer, support, improve and develop our business.
  • In particular, we may use your information to contact you for your views on our services and to notify you occasionally about important changes or developments to the Site or our services.
  • Further, we might also use your information to let you know about other products and services which we offer which may be of interest to you. If you change your mind about being contacted in the future, please contact us directly to let us know.
  • In addition, collecting this information enables us to verify your identity and it positions us to better prevent fraud, and to understand the users of the Site, such as where they come from and what content is of interest to them. We use this information for our internal analytics purposes, to improve the quality of our products and services.
  • To monitor and enforce compliance with our legal agreements.

Automatically-collected Personal Data


We automatically collect personal data related to your use of the Site. This information includes:

  • Device Information: When you interact with the Site, we collect technical information about your computer including your IP address, device type and software characteristics, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information.
  • We may also collect information about how your device has interacted with the Site, including the pages accessed and links clicked.

Automatically-collected data help us understand how visitors use the Site. Specifically, we use automatically-collected data:

  • To help resolve technical issues and develop and update the Site;
  • To detect unauthorised use of the Site and/or distribution of Site content;
  • For analytics to enhance how the Site or a device is used.
 
Data from third parties
From time to time, we may receive personal data about you (such as name, job title, company name and email address) from third party sources (including publicly available sources) such as corporate websites and third-party Business-to-Business marketing vendors. We use this personal data to contact you via e-mail and initiate discussions with you as a business contact at one of our prospective partner brands or educational institutions, and so we can introduce our product and service offerings.


If we receive your personal data from a third party source (including publicly available sources), we will provide you with notice (including this Privacy Policy) within a reasonable period after obtaining the personal data, but at the latest within one month. In that initial communication, we will also explain how you can easily opt-out of any further email marketing from us.




WE DO NOT KNOWINGLY COLLECT INFORMATION FROM CHILDREN UNDER AGE 16. The Site is not intended for use by children under age 16. If you are under the age of 16, please do not use or attempt to use our Site or provide any personal data to us. If you learn or suspect that anyone under age 16 has provided UNiDAYS Corporate with personal data, please notify info@myunidays.com.

 

How does UNiDAYS Corporate share personal data?

UNiDAYS Corporate shares personal data with third parties that help operate the Site, when we are legally required to do so, and otherwise as described in this Privacy Policy.

We share personal data with the following categories of recipients:

  • Professional advisors, such as lawyers, accountants, and information security and forensics experts.
  • Third party companies we partner with who are deploying cookies and similar technologies on our Site.
  • Our contractors and vendors, to enable them to work for us.
  • Competent law enforcement, government regulators, courts, or other third parties when we believe disclosure is necessary (i) to comply with the law, (ii) to exercise, establish or defend our legal rights.
  • Potential or actual acquirers or investors and their professional advisers in connection with any proposed merger, acquisition, or investment in or of all or any part of our business. We will use our best efforts to ensure that the terms of this Privacy Policy apply to personal data after the transaction or that you receive notice of any changes to your personal data processing;
  • To any other third party with your permission.
What are UNiDAYS Corporate lawful basis for processing personal data?

We only collect and process your personal data according to applicable law. Your location will determine the legal entity that is responsible for the collection and processing of your personal data.


Under EU and UK data protection law, UNiDAYS Corporate may collect and process your personal data only when UNiDAYS Corporate follows the lawful bases specified in EU and UK data protection law and informs you of the specific lawful bases on which UNiDAYS Corporate relies:

  • Consent: we will process your personal data when you provide your consent. For example, using your email address to send you newsletters. You are free to revoke your given consent at any time for the future.
  • Performance of a contract: UNiDAYS Corporate operates the Site and related services on the basis of a contract with you, which are our Terms of Service.
  • Our legitimate interests: UNiDAYS Corporate may base the processing of personal data on our legitimate interests as a business in:
    • efficiently operating, maintaining and managing the Site and related services;
    • tailoring the Site and related services to suit our partners and prospective partners;
    • ensuring the security of the Site;
    • promoting UNiDAYS Corporate to existing and prospective partners (brands and educational institutions);
    • communicating with you in accordance with your wishes and expectations;
    • responding to and handling any requests or complaints;
    • maintaining internal administrative records;
    • undertaking quality control and business planning;
    • accessing appropriate professional advice, and;
    • defending UNiDAYS Corporate against legal claims or fraud.
      When we rely on our legitimate interests as our basis for processing personal data, we balance our interests with strong privacy protections tied to fairness and purpose limitation and which are designed to minimise the risks to our visitors, and others.
  • Compliance with a legal obligation to which we are subject.

If we ask you to provide personal data to comply with a legal obligation or to perform a contract with you, we may not be able to comply with our legal obligation or enter into or perform the contract if you do not provide that personal data. We will advise you whether providing your personal data is mandatory and the possible consequences if you do not provide your personal data.

If another legal basis or legitimate interest is relevant to particular personal data processing, we will make that clear when we collect that personal data. If you have questions or need further information concerning the legal basis on which we process your personal data, please contact us using the contact details provided under the “How Do I Contact UNiDAYS Corporate?” heading below.

  • If you are located in the European Economic Area or the UK, the data controller for the personal data that UNiDAYS Corporate collects is Myunidays Limited of 2 Castle Boulevard, Nottingham, Nottinghamshire, United Kingdom NG7 1FB. The ICO registration number is Z2692580.
  • If you are located in India, the legal entity responsible for personal data   processing is UNiDAYS Private Limited, with its principal place of business at 4th Floor, Vedwati Apartments, Opposite Agriculture College, Shivaji Nagar, Pune, Maharashtra, India 411005.
  • If you are located in the U.S. or Canada, the legal entity responsible for personal data processing is Unidays Inc., Penn Plaza 9th Floor 132 W 31st St. New York City NY 10001, United States.
  • For all other jurisdictions, the legal entity responsible for personal data processing is MYUNIDAYS LTD of 2 Castle Boulevard, Nottingham, Nottinghamshire, United Kingdom NG7 1FB.

Our Data Protection Officer is available via dpo@myunidays.com. 

Our EU representative is available at unidays_eu_representative@planit.legal.
If you are in the EU, the following apply to you in addition to (and, in case of any inconsistencies, takes precedence over) the other provisions of this section:

  • If UNiDAYS Corporate processing of your personal data is based on your consent, the legal basis is Art. 6(1)(a) of the U.K and EU General Data Protection Regulations (GDPR). You can withdraw your consent at any time (Art. 7(3) GDPR), effective for the future. This will not affect the legality of processing that took place before you withdraw your consent.
  • If UNiDAYS Corporate processing of your personal data is based on the performance of a contract between UNiDAYS Corporate and you, the legal basis is Art. 6(1)(b) GDPR.
  • If UNiDAYS Corporate processing of your personal data is based on legal obligations that UNiDAYS Corporate must fulfil, the legal basis is Art. 6(1)(c) GDPR.
  • If UNiDAYS Corporate processing of your personal data is based on UNiDAYS Corporate legitimate interests, the legal basis is Art. 6(1)(f) GDPR. If you are interested in detailed information on the balancing of your and UNiDAYS interests, please contact UNiDAYS Corporate as described below. Insofar as the processing is based on UNiDAYS Corporate legitimate interests, you have the right to object to the processing (Art. 21 GDPR).
  • Pursuant to Art. 77 GDPR, you have a right to lodge a complaint related to UNiDAYS Corporate processing of your personal data, which you may exercise by submitting a complaint to your local data protection supervisory authority of the EU Member State of residence or where the issue that is the subject of the complaint occurred. We hope you will allow us to address your concerns by contacting us at info@myunidays.com, dpo@myunidays.com or unidays_eu_representative@planit.legal before you approach a supervisory authority, but otherwise, the contact details are available at https://edpb.europa.eu/about-edpb/board/members_en.

 

How does UNiDAYS Corporate honour privacy rights requests?

If you are a resident in the United States of America, please see our US State Privacy Notice, which supplements this Privacy Policy and is available below.

We offer easy to use forms to streamline your data privacy rights requests. You can always reach out to us with any questions or concerns regarding your data privacy rights.

For personal data for which we are the data controller, we honour the following privacy rights in accordance with applicable law:

  • If you wish to review, correct, update, suppress, restrict or delete your personal data:
  • For other requests, please contact us using the contact details provided under the “How do I contact UNiDAYS Corporate?” heading below.
  • You can object to the processing of your personal data, request restrictions on the processing of your personal data, or request the portability of your personal data. To exercise these rights, please contact us using the contact details provided under the “How do I contact UNiDAYS Corporate?” heading below.
  • You can opt-out of (or unsubscribe from) UNiDAYS Corporate email marketing communications by clicking the “unsubscribe” or “opt-out” link in one of our marketing emails or through your account settings. Please note that you cannot unsubscribe from certain communications, such as messages relating to business relationships, or system updates or system issues.
  • If we process your personal data based on your consent, you can withdraw your consent at any time by contacting us using the contact details provided under the “How do I contact UNiDAYS Corporate?” heading below. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal data conducted in reliance on a lawful basis other than consent.
  • If we process your personal data based on our legitimate interests, you have the right to object to that processing, subject to certain exceptions, by contacting us using the contact details provided under the “How do I contact UNiDAYS Corporate?” heading below.

We will review your request as soon as reasonably practicable and respond within the time periods required by applicable law. In any request you submit to us, please make clear the personal data that are the subject of your request.

We respond to all requests we receive from individuals wishing to exercise their privacy rights in accordance with applicable data protection laws. Please know that the rights described above are not automatic rights and may not apply in all circumstances. When this occurs, we will notify you in our response to you.

Keeping your personal data – particularly your email address – accurate and current is important. Please update your account and/or contact us if your personal data changes during your relationship with us.

Please note that we may need to retain certain personal data for recordkeeping purposes prior to requesting a change or deletion. Our databases and other records may have residual personal data which we cannot and will not remove. We also may not allow you to review certain personal data for legal, security, or other similar reasons.

Generally, no fee is associated with exercising your privacy rights but UNiDAYS Corporate may charge a reasonable fee if your request is unfounded, repetitive, or excessive.

IF YOU ARE LOCATED IN A JURISDICTION WITH PRIVACY LAWS THAT OFFER YOU PRIVACY RIGHTS NOT DESCRIBED IN THIS PRIVACY POLICY, PLEASE CONTACT US AT DPO@MYUNIDAYS.COM.

If you are in the EU or the UK, the following applies in addition to (and, in case of any inconsistencies, takes precedence over) the other provisions of this section:

  • You have the right to confirmation from us, as to whether personal data relating to you are processed by UNiDAYS and the right to access this personal data or request a copy of it (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR), and a right to restrict (block) your data (Art. 18 GDPR).
  • In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR).
  • If you have provided the data, you can request the transmission of the data (Art. 20 GDPR).
  • If the processing is based on consent within the meaning of Art. 6(1)(a) or Art. 9(2)(a) GDPR, you can revoke consent at any time with effect for the future (Art. 7(3)(1) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).

Whether and to what extent these rights are effective in individual cases and under what conditions they apply is stipulated by law.

Where does UNiDAYS Corporate process personal data?

We take care to secure and safeguard your personal data using various technological measures as required by applicable law.

Like any other organisation, UNiDAYS Corporate cannot fully eliminate security risks associated with the processing of personal data but UNiDAYS Corporate uses technical, physical, and administrative safeguards intended to protect the personal data that we process. Our safeguards are designed to provide a level of security appropriate to the risk of processing your personal data and include (as applicable) measures to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and a procedure for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing of personal data.

You are responsible for maintaining the security of your account credentials. UNiDAYS Corporate will treat access to the Site through your account credentials as authorised by you.

We may suspend your use of all or part of the Site without notice if we suspect or detect any breach of security. If you believe that information you provided to UNiDAYS Corporate or your account is no longer secure, please notify us immediately at info@myunidays.com.

If we become aware of a breach that affects the security of your personal data, we will provide you with notice as required by applicable law. When permitted by applicable law, UNiDAYS Corporate will provide this notice to you through the email address associated with your account.

UNAUTHORISED ACCESS TO PERSONAL DATA AND THE SITE – INCLUDING SCRAPING – IS PROHIBITED AND MAY LEAD TO CRIMINAL PROSECUTION.

For how long will UNiDAYS Corporate retain personal data?

We only keep personal data as long as permitted by applicable law. We also anonymise certain personal data for our records.

UNiDAYS Corporate will only retain your personal data for as long as we have an ongoing lawful purpose and legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements or to protect against fraud). We may retain your personal data for a longer period to address a complaint or if we reasonably believe that litigation in respect to our relationship with you is possible.

When we have no ongoing legitimate business need to process personal data, we will either delete or anonymise that personal data. 

If we are not able to delete or anonymise certain personal data (for example, because your data are stored in backup archives or due to a legal requirement), then we will securely store the personal data and isolate the data from any further processing until deletion or anonymization is feasible.

We may anonymise personal data for research or statistical purposes, in which case the resulting data are no longer personal data subject to this Privacy Policy and we may use these data without restriction.

When and why does UNiDAYS Corporate update this Privacy Policy?

We may change this Privacy Policy from time to time. You can always find the latest version on our website.

UNiDAYS Corporate may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update this Privacy Policy, we will post the updated version and change the “Last Updated” date above. We also will take appropriate measures to inform you so that you have an opportunity to review significant changes to this Privacy Policy, but please regularly check this Privacy Policy to ensure you are aware of the updated version.

How do I contact UNiDAYS Corporate?

For questions about this Privacy Policy or UNiDAYS Corporate personal data processing, please contact us at:

Our European Representative pursuant Art. 27 GDPR is PLANIT//LEGAL.