Already have an account? Log in now

Privacy Notice

Reward Gateway Pty Limited ("we", "us" or "our") is committed to protecting and respecting your privacy under the New Zealand Privacy Act 2020 and other applicable New Zealand privacy laws.

This Privacy Notice ("Notice") describes how we collect, store, use, disclose, share and secure any personal information ("Personal Information") we collect from you or from third parties, including Linde NZ (the "administrator"), with whom we have entered into a Licence Agreement, about you on this programme (“Linde my Rewards NZ”), which will be processed by us in accordance with New Zealand privacy requirements.

In the event of a conflict between the terms of this Notice and the terms of the Licence Agreement, the Licence Agreement shall prevail.

We have appointed a Data Protection Team who can be contacted using the details at the end of this Notice should you have any questions, complaints or feedback about your privacy.

Information We Collect from You and How We Use It

We will collect various types of personal information from you when you use Linde my Rewards NZ, depending on the particular services which you use. Further details of how we use, disclose and protect your personal information in New Zealand are set out below.

Before You Register

Before you register on Linde my Rewards NZ, to allow us to carry out our eligibility checks we will ask the administrator to provide two pieces of information about you (such as your postcode, payroll ID, start date or date of birth).

The administrator has provided us with your information for an account to be created in accordance with the New Zealand Privacy Act 2020.

When You Register

In addition to the personal information provided to us by the administrator, when you register on Linde my Rewards NZ we will also collect and store some personal information about you, such as your name, company identifier, email address, password, postcode, contact telephone number, gender and date of birth. At the administrator’s choice, we may also collect additional information about you, such as your office location.

You will also need to provide the information necessary to allow us to carry out our eligibility check (which will vary depending on the information provided by the administrator, see above).

This information will be used in order to complete your registration and to allow you to use Linde my Rewards NZ. You will not be able to register without at least providing your name, email address, password and postcode or date of birth, as these are used to secure your account and to allow us to confirm your identity if you contact the support team.

When You Login

Each time you log in to Linde my Rewards NZ, we automatically conduct checks against your Internet Protocol (IP) address to ensure your security. This includes looking up your IP address against a “proxy denylist” to check that someone is not using your credentials and trying to hide their location. This proxy denylist is operated by MaxMind Inc., a United States-based service provider, and any related processing is undertaken in accordance with the New Zealand Privacy Act 2020 and applicable cross-border transfer safeguards. If your IP address appears on it, we will not allow you to log in.

We also look up the IP address in a static database we download from MaxMind Inc. to check which country the IP is affiliated with. This helps us to further protect your account against people who may have access to your credentials. If we detect a change, we will alert you and ask you to confirm your login in order to verify your identity before continuing.

This information, along with time and event data (such as successful or failed logins), is recorded securely in our database for audit and security purposes.

Depending on the services you use on Linde my Rewards NZ, we may collect and process additional personal information about you, as set out below.

When You Use Cashback

If you visit a Cashback retailer on Linde my Rewards NZ, we will record that you clicked and visited their website for the purpose of tracking the Cashback earned. We will provide the merchant with a pseudo-anonymous ‘click reference’ to allow us to attribute the purchase and Cashback to you.

If you have a problem with the retailer and your Cashback, we may need to provide them with additional information about your order to help. We will ask you for the minimum information we need to do this, but you will be responsible for the accuracy and level of detail it contains.

Each of these retailers are independent on Linde my Rewards NZ, so you should check their privacy notices to make sure you are happy with them before providing any other details to them. Where retailers are based outside New Zealand, their handling of your information may be subject to overseas privacy laws, and we take reasonable steps to ensure that any sharing complies with the safeguards required under the New Zealand Privacy Act 2020.

When You Withdraw Your Cashback

If you make a request for a Cashback withdrawal to your bank account, you will need to provide your bank details for us to process the withdrawal, but we will only store your bank details until the withdrawal is processed. Your details will be shared securely with our banking partner, HSBC (or another authorised payment provider), to complete your request, after which the details will be deleted in accordance with our data-retention policy.

Alternatively, you will be able to withdraw your Cashback as part or full payment for goods on Linde my Rewards NZ, or ask us to donate it to the nominated charity on Linde my Rewards NZ.

When You Make a Debit or Credit Card Purchase

If you choose to purchase goods using a credit or debit card through Linde my Rewards NZ, we will collect your payment details from you and pass them to Checkout.com, our secure payment processor, who will use them to process the payment. We do not store or process your credit or debit card details on our own servers, and all processing is carried out in accordance with the New Zealand Privacy Act 2020 and applicable cross-border safeguards.

We will also collect your delivery address from you and use the contact details previously provided to allow us to process the order.

If you opt in to saving your credit or debit card details for future use on Linde my Rewards NZ, your information will be stored securely by Checkout.com. You can update or remove these details at any time.

Where goods are dispatched by a third-party supplier, we may need to share your information with them to fulfil your order (for example, your contact details and delivery address). This will be clearly indicated at the point of purchase, and you will be able to review the supplier’s privacy notice before any personal information is shared.

We will also carry out a fraud check during the order process. This check is carried out by our third-party provider, Sift Science, which will only act in accordance with our instructions. Any processing by Sift Science may involve overseas data handling, and we ensure that such processing meets the transfer-protection standards required under the New Zealand Privacy Act 2020.

Sift Science collects information about your behaviour on the programme (for example, the time between logging in and reaching checkout), technical information about your device (such as browser version and IP address), and the details you enter at checkout (such as contact and delivery or billing address) solely for fraud-prevention and security purposes.

After you have placed your order and before goods are dispatched, Sift Science will use the information described above to provide us with a risk score based on the likelihood of fraud. The score provided determines whether your order is automatically accepted by us or queued for our human review. If it is queued for human review, we will carry out a manual fraud check to decide whether to accept or refuse your order or, in some circumstances, require payment to be made by an alternative, more secure mechanism such as a bank transfer.

All fraud-screening activities are conducted in accordance with the New Zealand Privacy Act 2020 and applicable cross-border data-transfer safeguards. For more information about this processing activity, please contact us using the details provided at the end of this Notice in the “Contacting Us” section.

After Too Many Failed Orders

If too many failed orders originate from your account, we will automatically restrict access to your account. Before allowing you to access your account again, we will notify you and ask you for further supporting documents such as your driver licence, bank or credit-card statement, rates notice, or utilities bill, as evidence that it is you attempting these orders. If these documents are not to our satisfaction, we may contact the administrator with the intention of verifying that it is you using your account in this way.

These supporting documents will only be used for the purpose of verifying your identity, will not be shared with any unauthorised third parties, and will be deleted as soon as the verification process is complete, even if we are not satisfied with their legitimacy or authenticity.

You do not need to provide these supporting documents to us but, if you choose not to, then we will not be able to provide you with access to your account.

When You Contact Us

If you contact us for support purposes, we will require some information to handle your query. The following data are saved in Zendesk, our secure customer-support platform, to enable processing: your name, email address, telephone number, and any other personal information you provide to us for the purpose of dealing with your query. Zendesk may store or process this information on servers located outside New Zealand. Where this occurs, we ensure that appropriate cross-border protections are in place consistent with the New Zealand Privacy Act 2020.

When You Visit Linde my Rewards NZ

When you visit Linde my Rewards NZ, we will automatically collect information about your visit such as the pages you viewed, offers or services you viewed or searched for, length of visits to certain pages, the times and dates of these actions, details of page response times and any download errors that occurred.

We will also collect data from the device and application that you use to access our services, including your IP address (from which we may infer your geographic location), login information and browser type. This information helps us to improve the performance, security and usability of the programme and is collected in accordance with the New Zealand Privacy Act 2020.

When You Visit Linde my Rewards NZ – Analytics and Use of Information

If you arrive at our website from an external source (such as a link on another website or in an email), we record information about that source.

We will use the above information in order to:

  • administer Linde my Rewards NZ and conduct internal operations, including troubleshooting, data analysis (including analysing the use of the various services available on Linde my Rewards NZ and measuring their popularity and effectiveness), testing, research, statistical and survey purposes, and to comply with our legal obligations under New Zealand law;

  • improve Linde my Rewards NZ to ensure that content is presented in the most effective manner for you and for your computer or device;

  • as part of our efforts to keep Linde my Rewards NZ safe and secure and to comply with our legal and regulatory obligations;

  • measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you. We, or our third-party advertisers, may use your age or gender to determine whether advertising is relevant to you; and

  • make suggestions and recommendations to you and other users of Linde my Rewards NZ about goods or services that may interest you or them.

Other Information and Uses

We will also collect the personal information you provide when you use Linde my Rewards NZ:

  • to provide you with our newsletter and with information about other third-party benefits we offer that are similar to those you have already used or enquired about or that we feel may interest you (you can opt out of receiving such communications at any time by following the unsubscribe instructions or contacting us directly);

  • to notify you about changes (permanent or temporary) to our service;

  • to ensure that content from our website is presented in the most effective manner for you and your computer; and

  • to administer our website and for internal operations, including troubleshooting, data analysis, testing, research and statistical purposes, and as part of our efforts to keep our website safe and secure.

Information We Receive from Other Sources

We will combine information we receive from other sources (as set out in this Notice) with information you give to us. We will use this information and the combined information for the purposes set out in this Notice (depending upon the services you access).

Where we receive information about you from third parties located outside New Zealand, we will ensure that the information is transferred and handled in accordance with the cross-border disclosure principles under the New Zealand Privacy Act 2020.

Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose and permitted under the New Zealand Privacy Act 2020. If we need to use your personal information for an unrelated purpose, in most cases we will notify you and explain the lawful basis that allows us to do so.

Disclosures of Your Information

We use service providers to help us to provide the website, such as data-storage providers, marketing-email providers, analytics providers and benefit providers. Some of these service providers are located outside New Zealand, and where your personal information is transferred overseas, we ensure that appropriate contractual and technical safeguards are in place in accordance with the New Zealand Privacy Act 2020 (particularly Information Privacy Principle 12 on cross-border disclosures).

These service providers include:

  • Amazon Web Services EMEA SARL – a cloud-hosting provider;
  • Emailcenter UK – a transactional and bulk-email gateway;
  • Google Inc. – a web-analytics tool;
  • Heap Inc. – an analytics-service provider;
  • New Relic Inc. – a performance-measurement tool;
  • Twilio Inc. – an SMS / text-messaging gateway;
  • Formstack LLC – a configurable data-capture provider;
  • Zendesk Inc. – a customer-support platform;
  • Atlassian Pty Ltd – a ticketing system for our internal teams;
  • Mailgun Technologies Inc. – a transactional and bulk-email gateway; and
  • WalkMe Inc. – contextual help, support and assistance for administrators.

Use of Braze for Marketing and Customer Engagement

We use Braze, a customer-engagement platform, to help us deliver personalised communications and improve the relevance of our marketing efforts. Braze allows us to analyse and understand how you interact with our communications and services, helping us create a more tailored experience.

All data handled by Braze is processed on our behalf in accordance with a data-processing agreement that meets New Zealand Privacy Act 2020 standards, including requirements for secure transfer and storage of information outside New Zealand.

Data Collected and Processed

In connection with our use of Braze, we may collect and process the following types of personal information:

  • Contact information (e.g. email address, name, unique identifier, company name)

  • Interaction data (e.g. open rates, clicks, or engagement with messages we send you)

  • Usage data (e.g. information about how you use our website or app, if applicable)

Purpose of Processing

We use Braze to:

  • deliver personalised email, SMS, and in-app messages based on your preferences and activity;
  • track engagement and interaction to improve our messaging and enhance your experience; and
  • conduct analytics to better understand the effectiveness of our communication and make improvements.

Data Sharing and Privacy Protections

Braze processes this data on our behalf and is obligated to comply with applicable data-protection laws. We regularly review Braze’s privacy and security practices to confirm alignment with New Zealand privacy requirements.

Opting Out of Marketing Communications

Braze processes this data on our behalf and is obligated to comply with applicable data-protection laws. We regularly review Braze’s privacy and security practices to confirm alignment with New Zealand privacy requirements.

Opting Out of Marketing Communications

You can opt out of receiving marketing communications at any time by following the unsubscribe link in any email we send or by contacting us directly. If you opt out, Braze will no longer process your data for marketing purposes on our behalf. Your opt-out choice will be respected in accordance with the Unsolicited Electronic Messages Act 2007 (NZ).

The Administrator

Because the administrator pays us to operate for you, they’ll want to know how the website is performing. Except as set out elsewhere in this Notice, we will only share information with the administrator on an aggregated and anonymous basis about how often you’ve used the website and what services you used. We will not share information with the administrator about how much you’ve spent, where you shop, and how much you’ve saved as an individual, as we treat this as confidential. Where any information shared with the administrator could identify you, it will be shared only to the extent necessary for programme administration and in accordance with the New Zealand Privacy Act 2020.

Our Internal Teams and Prospective Retailers

We also use information about you on an aggregated and anonymised basis for internal-management purposes, to share it with current or prospective retailers and to use it to target offers that are made to users of Linde my Rewards NZ. This type of information includes, for example, the types of products that you purchase and the value of those purchases. However, you can’t be identified from this information.

Members of Our Group

We share personal information with members of our group for the purposes of providing the benefits to you and managing our business: RG Engagement Group Ltd, Reward Gateway Pty Ltd, Reward Gateway (USA) Inc, Reward Gateway (UK) Ltd Branch, SEO Reward Gateway DOOEL Skopje, International Benefits Holdings Ltd., Asperity Employee Benefits Group Ltd.

Some group companies are located outside New Zealand; where information is transferred internationally, we apply the cross-border disclosure safeguards required under the New Zealand Privacy Act 2020 (Information Privacy Principle 12).

Other Parties

We will also disclose your personal information to third parties:

  • in the event that we sell or buy any business or assets, in which case we will disclose your personal information to the prospective seller or buyer of such business or assets;
  • if we or substantially all of our assets are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets; and/or
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of us, our users, customers and providers. This will include sharing your information as part of a legal or official investigation if we have evidence or reason to suspect that purchases on your account could be fraudulent.

Any such disclosure will be limited to what is necessary for the stated purpose and made in accordance with New Zealand law.

Transfers of Your Personal Information

A number of the service providers and group entities listed above are based outside New Zealand, and your personal information may therefore be transferred to or accessed from outside New Zealand, where the data-protection laws may differ. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Notice and the New Zealand Privacy Act 2020 (Information Privacy Principle 12), and no transfer of your personal information will take place to an organisation or a country unless there are adequate controls and contractual safeguards in place to protect the security and privacy of your data.

We remain fully responsible for ensuring that any offshore service provider or group company receiving your information continues to protect it to New Zealand standards.

Your Rights

Under the New Zealand Privacy Act 2020 (Information Privacy Principles 6 and 7), you have the right to:

  • request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it; and
  • request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances, in accordance with sections 53–55 of the Privacy Act 2020.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. To withdraw your consent in relation to direct marketing, please contact us using any of the details set out below in the “Contacting Us” section or change your preferences in the “My Account” section of Linde my Rewards NZ.

If you would like to exercise any of your rights set out above, please contact us using the secure methods listed below.

Please note that, as the administrator may store other information from your use of this service, you should also contact them directly if you would like to exercise your rights in relation to the data held by them.

Resolving Your Privacy Concerns and Complaints

If you have a question or complaint about how your personal information is being handled by us, our affiliates or contracted service providers, please contact us using the contact details provided below.

We will treat your complaint confidentially and, after investigating your complaint, discuss the ways in which we can remedy the situation. We will ensure that we respond to your complaint within a reasonable time (and in any event within the time required by the Privacy Act 2020).

You also have the right to make a complaint at any time to: New Zealand Privacy Commissioner

The Office of the Privacy Commissioner (OPC) investigates complaints under the Privacy Act 2020. Complaints can be made:

  • online: www.privacy.org.nz
  • phone: 0800 803 909
  • in writing: Office of the Privacy Commissioner, PO Box 10-094, Wellington 6143, New Zealand

If your issue relates to processing performed outside New Zealand (for example, through our UK or EU affiliates), you may also have the right to lodge a complaint with the relevant overseas data-protection authority.

Updating Your Information

It is important that the personal information we hold about you is accurate and current. Please keep your records on Linde my Rewards NZ up to date. If you wish to update or amend your personally identifiable information or data you may do so by making the change within your account once logged in or by contacting our Helpdesk. We will respond to your request within five working days, or as required under the Privacy Act 2020.

Storage and Retention of Your Information

Unless we need to keep your data for legal purposes, we will only retain your personal information for 60 days after the administrator lets us know you no longer work for them or they decide to use a different service. The legal purposes for which we may need to retain your data include:

  • retaining payment records for one year to comply with PCI DSS requirements;
  • retaining backups for up to 180 days after de-provisioning; and
  • retaining your order history for two years from the date of your order in case of a dispute.

We may also retain anonymised data about you for longer periods for integrity and financial-reporting purposes. Recordings of calls are retained for 40 days and chat transcripts for 90 days.

Security of Your Information

We take the security and confidentiality of your personal information very seriously. We use strict procedures and security features to prevent unauthorised access, including compliance with ISO 27001 and ISMS certifications, access controls, penetration testing, encryption, hashing, and robust physical-security controls.

You are also responsible for the security of your personal information by taking precautionary measures, such as keeping your account password confidential and using secure wireless connections.

Changes to This Notice

Any changes we make to this Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this Notice.

Contacting Us

If you have any queries, comments or requests regarding this Notice, or you would like to exercise any of your rights set out above, or contact our Data Protection Team, you can contact us in the following ways:

By email: dpo.uk@edenred.com

By post: Reward Gateway Pty Limited, Suite 13.01, Level 13, Australia Square Plaza, 95 Pitt Street, Sydney NSW 2000, Australia.

For New Zealand privacy queries, you may contact our local Privacy Officer via the same email address, referencing “New Zealand Privacy Enquiry”.