Privacy Notice

Last updated on 15.05.2025

At Gocertify we work hard to ensure that we minimise the amount of data we do collect, and ensure that we look after and protect any data that is shared with us. Our shoppers’ privacy is at the forefront of what we do. This privacy notice provides you with details of how and why we process personal data.

Contact details

Email: privacy@gocertify.me

Address: 85 Great Portland Street, London, W1W 7GA

We are registered with the ICO under number: ZA779547

Our role

When you set up an account with Gocertify and use us to verify your eligibility for a discount, we act as the data controller. Being a controller means that we are trusted to look after and deal with your personal information in accordance with this notice, and applicable laws. We determine the ways and means of processing your data and must therefore, be accountable for it. 

When you fill in details of your data purely for providing the brand with data they can use for marketing purposes, we do this on behalf of the brand. We do not use that data for our own purposes, we simply pass it to the brand for you. In that situation, we are the data processor.

Our privacy notice relates only to activity where we are the Controller of your personal data. For details of how your data is processed when we are the data processor, you should refer to the brand’s privacy notice. This will normally be linked from their own website and on the DataCaptureiFrame. 

To understand how we process your personal data, please click the link below that best describes your relationship with us.

Your Rights

As a data subject, you have a number of rights under data protection law.

  • Your right of access - you have the right to ask us for copies of your personal information.
  • Your right to rectification - you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - you have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - you have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing - you have the right to object to our processing your information if the legal basis is legitimate interest.
  • Your right to data portability - this only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under a contract, or in talks about entering into one, and if the processing is automated.
  • Automated decision making - you have a right not to be subjected to automated decision making and profiling in certain circumstances. 

If you want to exercise any of these rights, please contact us.

You also have the right to complain to the Information Commissioner's Office (ICO). You can find the ICO contact details below:

ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Helpline number: 0303 123 1113.

ICO Website: https://www.ico.org.uk

Data Processing

I’m a shopper

In brief: We collect data when you set up an account with us and when you verify your discount status. We do not share that data with the brands, and we delete all verification data after 24 hours.

  • When you set up an account with Gocertify
    • What personal data do we collect, why do we collect it, and what legal basis do we rely on?

When you set up an account, we will collect your mobile phone number so that we can send you a code via SMS. We will then associate a verified status to your phone number. If you have signed up with an email address, then we will hold that instead of, or as well as, a phone number.

Our lawful basis for processing is contract, as you are creating an account with us for us to provide a service. This data is never shared with the brand. 

If we believe your account has been used fraudulently then we will place a flag on it and prevent you being able to log in. Our lawful basis for processing data for fraud prevention is legitimate interest.

  • How long do we hold your account data?

We keep your account open until you decide to close it, or after 5 years of non-activity.

  • When you verify your discount status
  • What personal data do we collect, why do we collect it, and what legal basis do we rely on?

When you verify your status for a discount, we will ask for additional data. The data processed will vary depending on the type of discount you are applying for. We offer over 40 types of discounts and the typical data we ask for is listed here: https://docs.Gocertify.me/section/buildRewardFlows/closedUserGroups

None of this data is shared with the brand other than the type of discount you verified against, if your verification was successful. This detail is also shared with the affiliate network (if applicable) to ensure that Gocertify gets paid for their part in the transaction.

We use legitimate interest to process this data unless the documents contain special category data (for example, a maternity certificate or Disability Living Allowance (DLA) Letter), in which case we ask for your explicit consent.

  • How long do we hold your verification data?

We delete the data you provided for verification purposes after 24 hours, regardless of the outcome of the verification. We store the type of verification that was approved within your account, so it remains valid, for 12 months.

I am a brand

In brief, we process data to engage with brands that we think will be interested in our services or to manage our existing relationship

  • Brands we currently work with
    • What personal data do we collect, why do we collect it, and what legal basis do we rely on?

If you are a brand that is currently working with us to verify your discounts, then the personal data we hold will be limited to our point of contact at your company, their name, email address, signature if they signed the contract, and any correspondence between us that is personal in nature.

If we wish to record any phone calls with you, we will always give you the opportunity to opt out of the recording.

Our lawful basis for processing this data is legitimate interest, as it allows us to maintain the relationship with you.

  • How long do we hold this data?

We hold this data for the length of time you are working with us plus 7 years in case of dispute. 

  • Brands we are looking to work with
    • What personal data do we collect, why do we collect it, and what legal basis do we rely on?

If you are a brand that we are looking to work with, then we will hold contact details of decision makers so we can make you aware of our services. These will have been sourced from conferences, networking or online sources. 

We communicate with you via phone and email. If we wish to record any phone calls with you, we will always give you the opportunity to opt out of the recording. You can opt out of receiving emails from us at any time. 

Our lawful basis is legitimate interest, to contact you about our services we think you may be interested in.

  • How long do we hold this data?

This data is held for the length of time that we believe you may be interested in our services.

Data sharing and transfers

Like most companies, we use a number of other companies as part of our data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the UK or the EEA, we ensure that appropriate protection and mechanisms are in place, for example Standard Contractual Clauses or the UK’s International Data Transfer Agreement. If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy). 

When we are a controller of your data, we do not share your data with the brands we are working with. 

If they request your email address or phone number on their website for their own marketing, then we collect this data from you on their behalf, acting as a processor. We do not keep a copy of that data and do not use it for our own purposes. To understand how they handle this data, you should check the brand’s privacy notice on their website.

Security

Keeping your data secure is core to everything we do at Gocertify. We're ISO/IEC 27001 certified, meaning we follow internationally recognised standards for managing information security. Our team regularly takes part in data protection and security awareness training. We apply strict access controls so that only the right people can access the right data, and we regularly review these permissions. We also follow clear data retention and deletion policies to make sure personal data is only kept for as long as it's needed, in line with regulatory and contractual requirements.Gocertify prevents Personal Data from being read, copied, changed or deleted in an unauthorised way during electronic transmission, transport or storage on data media through firewalls and encryption.

Cookies

We ask for your consent before we drop any third party or unnecessary cookies. For strictly necessary cookies, we rely on legitimate interest as we need these for our website to work.

“Cookies” are small text files placed on your device (e.g. computer, phone or tablet) when viewing certain pages in our software. Cookies allow us to keep track of some of your browsing preferences and optimise our software for your personal use. Cookies also allow us to automatically track certain information about how you navigate through, and interact with, our software, which helps us to measure its performance and to improve its design and functionality.

We use the following types of cookies:

  • Essential cookies. These are cookies that are required for the operation of our software. They include, for example, cookies that enable you to log into your account. 
  • Analytics cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our software when they are using it. This helps us to improve the way our services work, for example, by ensuring that users are finding what they are looking for easily. 
  • Personalisation cookies. These remember your preferences and provide you with enhanced features when you visit our website. 
  • Marketing cookies. These cookies record your visit to our software, the pages you have visited and the links you have followed. We will use this information to make our product and our marketing activities more relevant to your interests.

To see which cookies we use, or to change your preferences, click on the cookie icon on the left hand side corner of our website. This opens up the banner with all the details.

We also use cookie data to help us create an audit trail between you verifying for a discount and subsequent your activity on the brand’s website. These cookies are usually set on the brand’s website and controlled by their cookie banner..

8.  What happens if our business changes hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us. 

In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.

Changes to our Privacy Notice

We may change this Privacy Notice from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date.

If we make any material changes to the manner in which we process and use your personal data, we will contact you, where possible, to let you know about the change.


EU Representative

In accordance with Article 27 of the General Data Protection Regulation (GDPR), we have appointed Ametros Group as our EU Representative for data protection matters.

If you are located in the EU and have any questions regarding our processing of your personal data under the GDPR that you feel have not been adequately addressed by Gocertify directly, you may contact our EU Representative using the details below:

Contact: Ametros Group

Email: gdpr@ametrosgroup.com

Please note that this contact is intended only for EU data subjects and data protection authorities. For general or commercial queries, please contact Gocertify directly via privacy@gocertify.me.