Legal
Privacy Policy
This is a placeholder pending legal review. It is not the final policy and should not be relied on.
Effective date: 1 January 2026. This Privacy Policy explains how SeeGap collects and uses personal data through our website, our cashback claim pages and our brand dashboard.
Who we are
SeeGap is a receipt-verified cashback platform for FMCG brands. The Services are operated by SeeGap Ltd, a company incorporated in Ireland (company number 761945) with its registered office at Hartnett Enterprise Acceleration Centre, Moylish Park, Limerick, V94 E8YF, Ireland.
For most Campaign activity, including cashback claims, receipt verification and feedback collection, we act as a data processor on behalf of the Brand running that Campaign, who acts as data controller and decides why and how your data is used. We process your data strictly under the Brand's instructions, and we do not sell your personal data or use it for our own purposes beyond delivering the Services.
In limited cases, such as running our own website, marketing and enquiries, we act as data controller in our own right.
If you have any questions about this policy or how we handle personal data, contact us at hello@seegap.com.
What data we collect
When you submit a receipt or claim cashback through a Campaign, we may collect:
- your name, email address and phone number;
- a photo or upload of your receipt, and the purchase details it contains (retailer, product, date and amount paid);
- the payout details needed to pay cashback owed to you (such as a bank account or payment account identifier);
- basic eligibility information requested for a Campaign, such as age range or general location, where the Campaign Terms require it;
- feedback or survey responses you choose to give about the product or Campaign; and
- technical data such as your IP address and device type, used to process your claim and to help detect fraud.
When a Brand contacts us or uses our dashboard, we may collect the name, business email, phone number and company details of the people we deal with.
When you visit our website, we automatically collect technical and usage data (such as pages viewed and general location inferred from IP address) through Google Analytics. See our Cookie Policy for details and how to manage this.
Why we process your data, and our legal basis
- To verify and pay cashback claims, and to prevent fraudulent or duplicate claims, on the instructions of the Brand running the Campaign (contractual necessity and the Brand's legitimate interests).
- To operate and improve our website and Services (our legitimate interests).
- To respond to enquiries and manage Brand accounts (contractual necessity).
- To meet legal and regulatory obligations, such as responding to a lawful request from a regulator or law enforcement (legal obligation).
- To send you marketing communications, where you have given your consent (consent), which you can withdraw at any time.
Who we share your data with
- The Brand running the Campaign, as the data controller for that Campaign's activity.
- Payment providers, to pay cashback owed to you via the method specified in the Campaign details.
- Fraud prevention providers, to help detect duplicate or fraudulent claims.
- Cloudflare, our hosting and security provider.
- Google Analytics, to understand how our website is used.
- Professional advisers, regulators or law enforcement, where we are required to by law.
- A buyer or its advisers, if SeeGap is involved in a merger, restructuring or sale, under appropriate confidentiality terms.
We do not sell your personal data. Where we share aggregated or anonymised data (for example, Campaign performance reporting for a Brand), it will not identify you.
Some of our providers, including Cloudflare and Google Analytics, may process data outside the European Economic Area. Where this happens, we rely on appropriate safeguards recognised under the GDPR, such as the EU-US Data Privacy Framework or standard contractual clauses.
How long we keep your data
We keep personal data collected for a Campaign for as long as necessary to verify and pay claims, resolve disputes, and meet our reporting obligations to the Brand, and no longer than the retention period agreed with that Brand. As a general default, absent a different instruction from the Brand, we retain Campaign data for 90 days after the Campaign ends, other than records we must keep longer to meet a legal, tax or fraud-prevention obligation.
In addition, we retain a hashed (irreversibly anonymised) version of your email address for up to 3 years after a Campaign ends, so that we can recognise repeat participation and prevent fraudulent or duplicate claims across Campaigns. We may retain data in anonymised or aggregated form for longer, where it no longer identifies you.
Security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse. No method of transmitting or storing data is completely secure, and where we become aware of a data breach affecting you, we will notify you and the relevant regulator where the law requires it.
Marketing
We will only send you marketing communications where you have given your consent, and you can withdraw that consent at any time using the unsubscribe link in any marketing message or by contacting hello@seegap.com. Withdrawing marketing consent will not affect service messages we need to send you, such as updates about a claim you have submitted.
Cookies
Our use of cookies and similar technologies, including Google Analytics and any cookies set on cashback claim pages, is set out in our Cookie Policy.
Your rights
Under the GDPR and the Irish Data Protection Act 2018, you have the right to: be informed about how we use your data; access a copy of your data; have inaccurate data corrected; have your data erased in certain circumstances; restrict or object to certain processing; and request that your data be moved to another provider (data portability), where the processing is based on consent or contract and carried out by automated means.
To exercise any of these rights, contact us at hello@seegap.com. Where we act as a data processor for a Brand's Campaign, we will pass your request to the relevant Brand as data controller and support them in responding, or direct you to them, as appropriate. We aim to respond to any request within one month.
Children's data
Under Irish law, the digital age of consent is 16. We do not knowingly collect personal data from anyone under 16 without the consent of a parent or legal guardian, except where a Campaign specifically permits participation by 13 to 17 year olds with such consent, as described in our Terms of Service. If you believe a child has provided us with personal data without appropriate consent, contact us at hello@seegap.com and we will delete it.
How to complain
If you have concerns about how we handle your personal data, please contact us first at hello@seegap.com so we can try to resolve it. You also have the right to lodge a complaint with the Irish Data Protection Commission: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland, or via dataprotection.ie.
Changes to this policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page, and where a change is material we will give reasonable additional notice.
Contact
Questions about this draft can go to hello@seegap.com in the meantime.
