Privacy Policy

Love Cashback United Kingdom

Effective date: 13th August 2025

Who we are

Love Cashback (“we”, “us”, “our”) operates a coupons and cashback platform that helps members earn rewards on qualifying purchases. We are the data controller of personal data processed for our UK services.

How to contact us

Email: [email protected]

Data Protection Lead / DPO (if applicable): [email protected]

Supervisory authority: UK Information Commissioner’s Office (ICO). You have the right to complain to the ICO if you are unhappy with how we handle your data.

What this policy covers

This policy explains what personal data we collect, how and why we use it, who we share it with, how long we keep it, and your rights under the UK GDPR and the Data Protection Act 2018.

Data we collect

  • Account data – name, email address, password hash, country/region, marketing preferences.
  • Cashback & transaction data – click-throughs, retailer visited, timestamp, device/user agent, order ID, basket value, currency, items (where the network/retailer provides), status (pending/confirmed/paid/declined), and withdrawal history.
  • Bank payout details (UK) – account name, account number, and sort code (only when you request a bank transfer payout via our payment provider).
  • PayPal payout details – PayPal account email address (stored securely using AES-256 encryption).
  • Technical data – IP address, device identifiers, approximate location from IP, logs and diagnostics.
  • Cookie & tracking identifiers – first/third-party cookies, pixels, and affiliate network IDs used to attribute sales and prevent fraud.
  • Support data – messages, attachments, claim evidence for missing cashback, and call/chat metadata.

Payout details (Bank Transfer & PayPal)

When you request a payout, you can choose between bank transfer (via our payment provider) and PayPal. The way we handle your details depends on the payout method:

Bank transfer (via payment provider)

  • We collect your account name, account number, and sort code.
  • These details are sent securely via HTTPS to our payment provider and are not stored in our systems.
  • Our payment provider stores and processes these details in accordance with their privacy policy.
  • When displayed in your account, they are retrieved in real-time from the payment provider and masked to hide sensitive parts.
  • We store only a unique recipient ID to facilitate future payouts.

PayPal

  • We collect your PayPal account email address.
  • This email address is stored securely in our database using AES-256 encryption.
  • We use it only to send your payouts to PayPal and do not share it with third parties other than PayPal.

Cookies and affiliate tracking

We and our partners use cookies and similar technologies to attribute sales and ensure cashback can be awarded. Some cookies are strictly necessary (e.g., to maintain session state or store your click ID). Others are for analytics or marketing and can be controlled in your browser or our preferences centre.

Who we share data with

  • Retailers & affiliate networks to validate transactions and confirm commission.
  • Payment providers for withdrawals (e.g., our payment provider, PayPal).
  • Service providers (hosting, analytics, fraud tools, customer support platforms) under contract.
  • Authorities where required by law or to enforce our rights.

International transfers

Where data is transferred outside the UK, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or Addendum to the EU SCCs, and apply technical/organizational measures.

Retention

Account and transaction records are typically kept for the life of your account and for up to six years after closure for tax/audit compliance, fraud prevention, and dispute resolution, unless a longer period is required by law.

Your rights (UK)

  • Access your personal data and receive a copy.
  • Rectify inaccurate or incomplete data.
  • Erase data in certain circumstances.
  • Restrict or object to processing based on legitimate interests.
  • Data portability for data you provided to us.
  • Withdraw consent at any time for marketing.
  • Lodge a complaint with the ICO.

Children

Our services are not intended for anyone under the age of 18 years old. We do not knowingly collect data from children. If you believe a child has provided data, contact us to delete it.

Security

We use appropriate technical and organisational measures (including encryption in transit, AES-256 encryption for stored sensitive data, access controls, logging, network security, and regular reviews) to protect your data.

Changes to this policy

We may update this policy from time to time. We will post changes here and update the effective date.