1. Our Role Under Data Protection Law

When you use WOW Rewards & Loyalty:

You (as our client) are the Data Controller

We (WOW Rewards & Loyalty) are your Data Processor

Boomerangme, Inc. is our Sub‑Processor

This means:

You decide what customer data is collected and why

We process that data only on your instructions

Boomerangme hosts and processes the data on our behalf

We do not own or control the platform infrastructure. We simply use Boomerangme’s technology to deliver loyalty services to your business.

2. Compliance With UK & EU Regulations

UK GDPR & Data Protection Act 2018

We comply with:

- UK GDPR

- Data Protection Act 2018

- PECR (Privacy and Electronic Communications Regulations)

This includes:

- Lawful, fair, and transparent processing

- Data minimisation

- Secure storage

- Respecting customer rights

- Clear opt‑in and opt‑out mechanisms

- ICO registration (number to be added)

EU GDPR

For EU-based clients or customers, we also comply with:

- EU GDPR

- Cross‑border transfer requirements

- Data subject rights

- Purpose limitation and retention rules

3. Compliance With US Regulations

While the USA has no single federal privacy law, we align with:

- CCPA & CPRA (California)

- Colorado Privacy Act

- Virginia CDPA

- Connecticut Data Privacy Act

- Utah Consumer Privacy Act

We do not sell personal data and provide clear rights to access, correction, and deletion.

4. Compliance With Canadian Regulations

PIPEDA

We comply with:

- Meaningful consent

- Access and correction rights

- Secure storage

- Limited use and retention

CASL

All digital communications follow CASL requirements:

- Clear opt‑in

- Easy opt‑out

- Transparent sender identification

5. What Data We Process

We process only the data required to operate your loyalty program, such as:

- Customer name

- Email address

- Phone number

- Purchase history

- Reward activity

- Device type (Apple Wallet / Google Pay)

- Location (if geolocation offers are enabled)

We do not collect sensitive personal data.

6. How Data Is Used

Customer data is used solely for:

- Issuing and updating digital loyalty cards

- Sending push notifications and offers

- Tracking reward balances

- Providing analytics

- Improving service performance

We never sell or share customer data for advertising.

7. Data Hosting & Sub‑Processors

Your data is hosted on the Boomerangme platform. Boomerangme provides:

- Secure cloud hosting

- Encryption

- Backups

- Access controls

- System monitoring

Additional sub‑processors include:

- Stripe (payment processing)

Any optional services you choose to integrate

A full sub‑processor list can be provided upon request.

8. Data Transfers

Boomerangme is based in the USA. Data may be transferred outside the UK/EU under:

- Standard Contractual Clauses (SCCs)

- Appropriate safeguards

- GDPR‑compliant agreements

9. Customer Rights

Your customers can:

- Access their data

- Correct inaccuracies

- Request deletion

- Withdraw consent

- Opt out of marketing

- Request a copy of their data

We help you fulfil these requests promptly.

10. Security Measures

We and our sub‑processors use:

- Encryption

- Secure servers

- Access controls

- Regular audits

- Data minimisation

- Staff permissions

- Automatic backups

11. Contact

For privacy or compliance questions:

Wealth Makers Ltd t/a WOW Rewards & Loyalty

Email: [email protected]

ICO Registration: TBA