PRIVACY POLICY

Webite Pte. Ltd./ Cupongoo is committed to protect its customers’ and partners’ personal data as carefully as possible. This privacy policy aims to provide transparency about the way personal data is processed and stored Webite complies with the requirements of the different local and international data protection laws, including UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and Online Safety Act 2023. We handle everyone’s privacy with care and adhere not only to statutory privacy legislation but also to approved codes of conduct.

WHY WE ASK FOR CONSENT

In accordance with our data processing operations, we have assessed that your explicit consent is the most appropriate basis for processing. We ask our customers and respondents to positively opt-in before any data processing begins.

The consent request is presented clearly and separately from any promotional terms or participation conditions. Your consent is used solely to manage and communicate about the campaigns you have chosen to join.. If you want to withdraw your consent, your contact data will be deactivated until you have given your consent again. Consent is never pre-ticked or assumed. We maintain clear records of when and how consent was obtained, including what information was presented at the time.

Should you have questions about the campaign to which you participated in, then please contact our Data Protection Officer (DPO) at  [email protected] who can reply to you directly for any question or concern you may have.

HOW TO GIVE OR WITHDRAW CONSENT

We give individual options to consent or positively opt-in to different purposes and types of processing. We name our organisation and any third party controllers who will be relying on the consent at the moment of collecting your data. You may withdraw or refuse consent at any time without negative consequences. We process withdrawal requests as soon as we can and/or direct our customers and respondents how to do so. When providing online communication to our customers and respondents, we obtain consent only when it is necessary and appropriate for our data processing  purposes and our relation with you. 

We have age-verification measures (and parental-consent measures for minors under the age thresholds defined in Article 8 GDPR) in place to prevent minors (below 12) and youngsters (12-18) from participating in our services.

PRINCIPLES

Under the UK General Data Protection Regulation, we already work with the principles for processing.

These principles continue to be in effect, and relate to:

  • Lawfulness, fairness and transparency;
  • Purpose limitation;
  • Data minimisation;
  • Accuracy;
  • Storage limitation;
  • Integrity and confidentiality; and
  • Accountability.

CATEGORIES OF DATA

The categories of personal data which are necessary to provide the services are:

  • The customer’s and respondent’s first and surname, title, gender, date of birth, address, postcode, place of residence and similar data required for communication by the person concerned.
  • Contact data such as (mobile) telephone number and email address.
  • Consent data including name, surname, e-mail address, IP address and copy of campaign materials.
  • Preferences or (confirmed) opt-in requests how to be contacted via email, mobile phone number and sms or mms.
  • Opt-out request not to be contacted for marketing purposes at all.
  • Online identifiers such as IP address, cookie identifiers, or device IDs, where applicable, in accordance with Recital 30 of the GDPR
  • Records of parental consent for minors
  • Preferences for different kinds of promotions, goods or services.
  • Further information requests and/or contact history.

LEGITIMATE INTERESTS

These categories of personal data are processed under the lawful basis of legitimate interests in accordance with the laws and regulations. Our legitimate interests,and thoseof our trusted partners, include providing you with relevant offers that match your preferences and expectations. The promotions contain not only offers which benefit our customers’ and respondents’ contact preferences (see above) but also apply to inform you about discount offers and for that purpose sending appropriate email and sms on the right moment. To balance the commercial interests with your privacy preferences we only collect the minimum data necessary for a proper operational performance of our online communication. Marketing profiling is limited to non-automated analysis unless explicit consent for automated decision-making is provided

WHY WE PROCESS DATA

The processing is intended to provide, analyse, administer, enhance and personalize our service efforts, to process your registration, your orders, and to communicate with you on these and other topics, keeping an overview of the information sent and maintaining the contact with the data subjects. For example, we use such information to:

  • provide you with customized and personalized recommendations for content and offers we think will be of interest to you;
  • help us quickly and efficiently respond to inquiries and requests;
  • secure our systems, prevent fraud and help us protect the security of accounts;
  • analyze and understand our audience, improve our service (including our user interface experiences and service performance) and optimize content selection and delivery;
  • communicate with you concerning our service and assist you with operational requests such as password reset requests.

We process data when such is necessary for:

  • The responsible management and online communication.
  • Providing the option to register or unregister for specific user interests in the portal shops.
  • Operation of customer services, such as answering questions and blocking personal data on the first request of the data subject.
  • Processing of traffic data (inbound clicks, A/B testing, log files where needed) and analyse these to detect fraud and redemption.
  • Offering the option to use mobile devices as a form of identification to obtain or purchase services from other organisations and address the benefit of the data subject therein.
  • If applicable, the conclusion or performance of a contract concluded in the interest of the data subject between the end user and merchant.
  • The (further) performance of another legal obligation.

Data is not automatically used for all purposes simultaneously.

ONLINE COMMUNICATION

Data required for online (direct) communication are processed in accordance with the following requirements. No other personal data will be processed than: telephone number and similar data required for communication; data relating to the information to be sent and transmitted. No special categories of data under GDPR will result from the processing. Personal data is deleted at the request of the data subject, or retained for no longer than 24 months unless a longer period is legally required or explicitly consented to.

USE OF ARTIFICIAL INTELLIGENCE (AI)

We use AI-assisted tools to support the design, analysis and preparation of reports and services, and to assist in the handling and review of customer complaints. Where AI tools process personal data — such as complaint content — this is done under strict data processing agreements with our AI providers and subject to human review before any action is taken. AI tools do not make autonomous decisions about individuals. Our use of AI complies with applicable data protection law, and personal data is not used to train AI models. All AI-assisted processing follows the same security and privacy standards described in this policy.

SECURITY

Data required for security reasons are processed in accordance with the following requirements. Personal data is processed for security purposes including system control, backups, sorting/recovering files, and system management. Only those responsible for such systems (including certain third parties) have access. Unless legally required to retain it, personal data is deleted within 180 days of collection.

DATA TRAFFIC WITH COUNTRIES OUTSIDE THE UK

As controller of the data, Webite does not intend to transfer personal data to a third country with the exception of the European Union, which is covered by the UK–EU adequacy decision (Commission Implementing Decision 2021/1772). Should data be transferred to a country outside the European Union then:

  • The existence or absence of an adequacy decision under UK GDPR Chapter V will be reviewed, such as the UK extension to the EU–US Data Privacy Framework (UK–US Data Bridge, 2023); and
  • Where no adequacy regulations apply, appropriate safeguards will be implemented—such as International Data Transfer Agreements (IDTAs) or the Addendum to the EU Standard Contractual Clauses (UK Addendum)—in accordance with the requirements of the Information Commissioner’s Office.
  • Reference will be made to the appropriate or suitable safeguards and those may be made available on request.
  • In case of absence of adequacy decision, the data subject will be explicitly asked for consent to a proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards. 
  • The transfer will happen if it is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request, or the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and Sponsor.

YOUR INDIVIDUAL RIGHTS

You have the following rights under GDPR:

  • Information and access: You can request to know what data we process and why
  • Rectification: You can request updates or corrections to incorrect or incomplete data
  • Erasure: You can request deletion of your data unless retention is legally required
  • Restriction: You may request limits on how your data is used
  • Objection: You can object to processing, particularly for direct marketing
  • Withdraw consent: You can unsubscribe from marketing at any time
  • Data portability: You may request your data be transferred to another party

In order to exercise these rights, please contact us at [email protected]. We respond to all validated requests within one month.

BROWSING SESSION AND IP-ADDRESS

We also make use of the IP-address of your computer. This IP-address is a number which is automatically assigned to your computer when you have a browsing session on the internet, such as when you visit one of our sites or landing pages. They can be used to see which use has been made of the website and for drafting analyses and reports with non-identifiable information. IP addresses and browsing data are anonymized or pseudonymized wherever feasible.

DATA RELATED TO PROCESSING COMPLAINTS

All data processed in relation to handle complaints (such as name, surname, email address, phone number and other applicable data) will be only stored for as long as necessary to successfully resolve the complaint, and deleted no later than six months after the complaint is closed, unless the complaint is under active regulatory or legal review. 

WEBSITE AND COOKIES

Cupongoo uses cookies and similar technologies on its websites. Cookies are small text files that are saved on your device (computer, telephone, tablet) when you visit a website. Cookies such as ‘functional session cookies’ are used to provide services or to store your preferred settings for purposes such as:

  • Remembering and communicating information that you fill in during the entry process or that you enter when indicating your interests in the various web pages, so that you don’t have to re-enter the same information every time or see the same promotions twice,
  • Saving of preferred settings, and
  • Tracking the unauthorised use of our landing pages.

FUNCTIONAL COOKIES

Functional cookies are essential for the proper operation of our websites. They remember your preferences, such as language settings or login details, and help ensure features like shopping carts and form submissions work correctly. These cookies do not track your browsing activity and do not require consent.

ANALYTICAL COOKIES

Analytical cookies help us understand how visitors use our websites. They track metrics like visitor numbers, session duration, and navigation patterns. This data allows us to improve usability and fix technical issues. The information collected is aggregated and anonymized wherever possible.

TRACKING COOKIES

Tracking cookies are used for personalized marketing and are only activated with your explicit consent. These cookies—often placed by third parties—help tailor advertisements and promotions based on your online behaviour. Third parties may also use tracking cookies across their own networks.

OTHER TECHNOLOGIES

In addition to cookies, we also use technologies such as JavaScript. Using JavaScript in your browser allows us to make our sites interactive and to develop web applications in a consumer friendly tailor made manner. For the provision of our service we keep database records in order to have a robust control in place on our services (and our service providers). The purpose of this is to optimize the reliability of the service. The information derived from these data is used to prevent misuse of data and if necessary to comply with more detailed information queries from authorized third-party processors on the basis of (self)regulation.

QUESTIONS, COMPLAINTS OR DISPUTES

If you wish to ask a question, make a complaint or provide any comments on our privacy policy or sites please contact us and our DPO on: [email protected]. We aim to reply within 48 hours. You also have the right to lodge a complaint with your national supervisory authority.

You are also invited to send a letter to:

Representative Cupongoo,  Webite Pte. Ltd.,

Correspondence address: 105  Cecil Street, #16-05 Singapore 069534

ADJUSTMENTS

We reserve the right to update this policy. Significant updates will be published on this page.

Updated, April 2026