The Collinson Group (“we”) is committed to processing personal data in compliance with applicable data protection law. This privacy notice (“Privacy Notice”) together with our Terms of Use, explains how we treat any personal data that we collect and process when you use our website, Services or products.
This privacy notice aims to inform you about how we collect, store, use and disclose information about you when you:
For the purposes of data protection legislation, The Collinson Group Limited is a company registered in England and Wales with company number 11141096 and office in 3 More London Riverside, 5th Floor, London, SE1 2AQ, United Kingdom. The contact details for our Data Protection Team and information on your rights are set out in the ‘Your rights’ section below.
Depending on the Service you use, we may act as:
Where we act as a processor, the relevant partner organisation, as data controller, will be responsible for explaining how your personal data is used.
We collect and process the personal data that you provide when interacting with us, either online or via email, mobile, phone or post.
Such personal data may include the following:
We may receive your personal data from:
We must have a legal basis in order to process your personal data. In most cases, that will be for us to provide the contracted Service. The table below sets out the purposes for which we use your personal data and our legal basis for doing so:
What we use your information for | Our legal basis for doing so |
Administer, deliver and manage membership programmes, travel benefits, insurance, assistance services, lounge access, loyalty and customer engagement programmes made available through your payment card issuer, employer, insurer or other partner. | To perform our contract with you, or to take steps at your request prior to entering into a contract |
Verify your identity, eligibility and entitlement to Services (including validation with your card issuer or programme partner). | To perform our contract with you; and for our legitimate interests in preventing fraud and ensuring Services are provided only to eligible individuals |
Provide customer support, respond to enquiries, manage complaints and resolve disputes. | To perform our contract with you; and for our legitimate interests in maintaining service quality and customer satisfaction |
Process transactions, manage billing arrangements with partners, reconcile usage data and prevent misuse of Services. | To perform our contract; and for our legitimate interests in financial administration and fraud prevention |
Comply with applicable legal, regulatory and governance obligations (including financial services regulation, audit, reporting, sanctions screening and law enforcement requests) | To comply with our legal obligations |
Manage corporate transactions, restructurings or asset transfers. | For our legitimate interests in business continuity and corporate governance |
Establish, exercise or defend legal claims. | For our legitimate interests and, where applicable, under Article 9(2)(f) in respect of special category data. |
Conduct fraud detection, prevention, security monitoring and investigations. | For our legitimate interests in protecting our business, partners and customers from fraud and unlawful activity; and to comply with legal obligations |
Improve, develop and enhance our Services, digital platforms, customer experience solutions and analytics capabilities (including usage analysis and service optimisation). | For our legitimate interests in improving our products and Services and enhancing user experience |
Conduct aggregated analytics, performance reporting and insights for our partners (in anonymised or aggregated form where possible). | For our legitimate interests in commercial reporting and business intelligence |
Send you service-related communications (including operational updates, changes to Services, security alerts and transactional communications). | To perform our contract with you and to comply with legal obligations |
Send marketing communications about our own or partners’ products and Services where permitted by law. | Where you have provided consent; or where permitted under applicable laws based on our legitimate interests |
We will not share your personal data with anyone else unless you agree to this, or such sharing is necessary to fulfil our contract with you, or we are legally allowed or required to do so. Moreover, your personal data will only be shared with selected organisations which comply with our security procedures and policies. Organisations we may share your personal data with include:
- Another member of our group of companies where they help provide our Services to you;
- Our Service providers and subcontractors, where they help us provide our Services to you;
- To a regulating body or other authority where we need to comply with a regulatory or legal obligation; and
- Fraud prevention or debt collection organisations when required to protect our legitimate interests.
Where personal data is transferred outside the United Kingdom or European Economic Area, we implement appropriate safeguards including:
1. UK International Data Transfer Agreements (IDTA);
2. The UK Addendum to the EU Standard Contractual Clauses;
3. European Commission Standard Contractual Clauses; or
4. Other legally recognised transfer mechanisms.
We will only keep your personal data for as long as it is needed for the purposes for which it was collected, and we will remove from our systems all personal data which is no longer required.
Retention periods vary depending on the type of Service provided. For example:
Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113, Email: icocasework@ico.org.uk.
Your rights: | Meaning: |
The right to object to the processing | You have the right to object to the processing of your personal data in certain situations. |
The right to information | You have the right to be informed whether and to what extent we process your data. |
The right of access | Subject to certain exceptions you have the right to obtain a confirmation as to whether or not we process your personal data, and if we do, request access to your data. |
The right to rectification | If the personal data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time. |
The right to deletion | Subject to certain exceptions, if you consider that we should stop processing some or all of your personal data, you have the right to request its deletion. However, there may well be reasons why an immediate deletion may not be possible (for example, where retention is required to meet legal or regulatory obligations). |
The right to restrict the processing | You have the right to request that we restrict the processing of your personal data in certain situations: If you contest the accuracy of your personal data, you may request that its processing is restricted while we verify its accuracy. If the processing of your personal data is considered unlawful, but you do not require the deletion of your personal data. If we no longer need the data for the purposes of its processing, but you need it for the establishment, exercise or defence of legal claims. If you object to our processing of your data based on our legitimate interests. |
The right to data portability | Where the processing takes place on the basis of your consent or contract, and is carried out by automated means, you have the right to request that we provide your personal data to you in a machine-readable format. |
Your rights in relation to automated decision making and profiling | You have the right to object to decisions based exclusively on the automated processing of your personal data. |
The right to withdraw your consent | If your personal data is processed on basis of your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. |
Once we receive your request, members of our Data Protection Team will endeavour to get back to as soon as possible to confirm receipt. Where we use Service providers to hold your personal data, a process exists to process the data subject right request also.
We may have links to other sites promoting our partners and clients. These links may take you to other companies who have their own privacy notice and our privacy notice will not cover their use of data. We encourage you to review the Privacy Notice of any linked site you visit.
We may choose to buy or sell assets and may share or transfer customer information in connection with the evaluation of these transactions. Also, if we, or our assets, are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal data could be one of the assets transferred to or acquired by a third party.
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies which are regularly audited, and the audits are reviewed at senior level.
Some of our Services may involve the processing of personal data relating to dependants or family members in connection with membership benefits. Where required by law, we rely on consent provided by a parent or legal guardian. If you are under 18, please do not attempt to register for our Services or send any personal data about yourself to us. If we learn that we have collected personal data from a child under age 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us personal data, please contact us a soon as possible.
We may use automated tools to assist in fraud detection, eligibility validation and risk monitoring. However, we do not make decisions based solely on automated processing which produce legal or similarly significant effects without human review. You have the right to request human intervention and further information.
We keep our Privacy Notice under regular review, and we will make new versions available on our privacy notice page on our website. This Privacy Notice was last updated in March 2026. If our use of personal data changes, we will update this Privacy Notice and, where required, notify you.
The Collinson Group (“we”) is committed to processing personal data in compliance with applicable data protection law. This privacy notice (“Privacy Notice”) together with our Terms of Use, explains how we treat any personal data that we collect and process when you use our website, Services or products.
This privacy notice aims to inform you about how we collect, store, use and disclose information about you when you:
For the purposes of data protection legislation, The Collinson Group Limited is a company registered in England and Wales with company number 11141096 and office in 3 More London Riverside, 5th Floor, London, SE1 2AQ, United Kingdom. The contact details for our Data Protection Team and information on your rights are set out in the ‘Your rights’ section below.
Depending on the Service you use, we may act as:
Where we act as a processor, the relevant partner organisation, as data controller, will be responsible for explaining how your personal data is used.
We collect and process the personal data that you provide when interacting with us, either online or via email, mobile, phone or post.
Such personal data may include the following:
We may receive your personal data from:
We must have a legal basis in order to process your personal data. In most cases, that will be for us to provide the contracted Service. The table below sets out the purposes for which we use your personal data and our legal basis for doing so:
What we use your information for | Our legal basis for doing so |
Administer, deliver and manage membership programmes, travel benefits, insurance, assistance services, lounge access, loyalty and customer engagement programmes made available through your payment card issuer, employer, insurer or other partner. | To perform our contract with you, or to take steps at your request prior to entering into a contract |
Verify your identity, eligibility and entitlement to Services (including validation with your card issuer or programme partner). | To perform our contract with you; and for our legitimate interests in preventing fraud and ensuring Services are provided only to eligible individuals |
Provide customer support, respond to enquiries, manage complaints and resolve disputes. | To perform our contract with you; and for our legitimate interests in maintaining service quality and customer satisfaction |
Process transactions, manage billing arrangements with partners, reconcile usage data and prevent misuse of Services. | To perform our contract; and for our legitimate interests in financial administration and fraud prevention |
Comply with applicable legal, regulatory and governance obligations (including financial services regulation, audit, reporting, sanctions screening and law enforcement requests) | To comply with our legal obligations |
Manage corporate transactions, restructurings or asset transfers. | For our legitimate interests in business continuity and corporate governance |
Establish, exercise or defend legal claims. | For our legitimate interests and, where applicable, under Article 9(2)(f) in respect of special category data. |
Conduct fraud detection, prevention, security monitoring and investigations. | For our legitimate interests in protecting our business, partners and customers from fraud and unlawful activity; and to comply with legal obligations |
Improve, develop and enhance our Services, digital platforms, customer experience solutions and analytics capabilities (including usage analysis and service optimisation). | For our legitimate interests in improving our products and Services and enhancing user experience |
Conduct aggregated analytics, performance reporting and insights for our partners (in anonymised or aggregated form where possible). | For our legitimate interests in commercial reporting and business intelligence |
Send you service-related communications (including operational updates, changes to Services, security alerts and transactional communications). | To perform our contract with you and to comply with legal obligations |
Send marketing communications about our own or partners’ products and Services where permitted by law. | Where you have provided consent; or where permitted under applicable laws based on our legitimate interests |
We will not share your personal data with anyone else unless you agree to this, or such sharing is necessary to fulfil our contract with you, or we are legally allowed or required to do so. Moreover, your personal data will only be shared with selected organisations which comply with our security procedures and policies. Organisations we may share your personal data with include:
- Another member of our group of companies where they help provide our Services to you;
- Our Service providers and subcontractors, where they help us provide our Services to you;
- To a regulating body or other authority where we need to comply with a regulatory or legal obligation; and
- Fraud prevention or debt collection organisations when required to protect our legitimate interests.
Where personal data is transferred outside the United Kingdom or European Economic Area, we implement appropriate safeguards including:
1. UK International Data Transfer Agreements (IDTA);
2. The UK Addendum to the EU Standard Contractual Clauses;
3. European Commission Standard Contractual Clauses; or
4. Other legally recognised transfer mechanisms.
We will only keep your personal data for as long as it is needed for the purposes for which it was collected, and we will remove from our systems all personal data which is no longer required.
Retention periods vary depending on the type of Service provided. For example:
Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113, Email: icocasework@ico.org.uk.
Your rights: | Meaning: |
The right to object to the processing | You have the right to object to the processing of your personal data in certain situations. |
The right to information | You have the right to be informed whether and to what extent we process your data. |
The right of access | Subject to certain exceptions you have the right to obtain a confirmation as to whether or not we process your personal data, and if we do, request access to your data. |
The right to rectification | If the personal data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time. |
The right to deletion | Subject to certain exceptions, if you consider that we should stop processing some or all of your personal data, you have the right to request its deletion. However, there may well be reasons why an immediate deletion may not be possible (for example, where retention is required to meet legal or regulatory obligations). |
The right to restrict the processing | You have the right to request that we restrict the processing of your personal data in certain situations: If you contest the accuracy of your personal data, you may request that its processing is restricted while we verify its accuracy. If the processing of your personal data is considered unlawful, but you do not require the deletion of your personal data. If we no longer need the data for the purposes of its processing, but you need it for the establishment, exercise or defence of legal claims. If you object to our processing of your data based on our legitimate interests. |
The right to data portability | Where the processing takes place on the basis of your consent or contract, and is carried out by automated means, you have the right to request that we provide your personal data to you in a machine-readable format. |
Your rights in relation to automated decision making and profiling | You have the right to object to decisions based exclusively on the automated processing of your personal data. |
The right to withdraw your consent | If your personal data is processed on basis of your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. |
Once we receive your request, members of our Data Protection Team will endeavour to get back to as soon as possible to confirm receipt. Where we use Service providers to hold your personal data, a process exists to process the data subject right request also.
We may have links to other sites promoting our partners and clients. These links may take you to other companies who have their own privacy notice and our privacy notice will not cover their use of data. We encourage you to review the Privacy Notice of any linked site you visit.
We may choose to buy or sell assets and may share or transfer customer information in connection with the evaluation of these transactions. Also, if we, or our assets, are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal data could be one of the assets transferred to or acquired by a third party.
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies which are regularly audited, and the audits are reviewed at senior level.
Some of our Services may involve the processing of personal data relating to dependants or family members in connection with membership benefits. Where required by law, we rely on consent provided by a parent or legal guardian. If you are under 18, please do not attempt to register for our Services or send any personal data about yourself to us. If we learn that we have collected personal data from a child under age 18, we will delete that information as quickly as possible. If you believe that a child under 18 may have provided us personal data, please contact us a soon as possible.
We may use automated tools to assist in fraud detection, eligibility validation and risk monitoring. However, we do not make decisions based solely on automated processing which produce legal or similarly significant effects without human review. You have the right to request human intervention and further information.
We keep our Privacy Notice under regular review, and we will make new versions available on our privacy notice page on our website. This Privacy Notice was last updated in March 2026. If our use of personal data changes, we will update this Privacy Notice and, where required, notify you.