Privacy Policy


Mi Rewards website and mobile applications are operated by Miconex Ltd t/a Mi Rewards (“Mi Rewards”). We are committed to a policy of protecting the rights and privacy of individuals, including members, in accordance with the General Data Protection Regulation (GDPR) and domestic UK data protection legislation (“the Data Protection Legislation”). Mi Rewards is a Data Controller in terms of the Data Protection Legislation. This statement sets out our privacy policy and explains what we do with the personal information that we collect from our users. Please read the following to understand our views and practices regarding personal information. If you have any questions or concerns regarding this statement, you should contact us using the details given at the end of this statement.

Please note that this policy applies only to the Mi Rewards website and mobile application and not to other organisations to which we may provide links. We are not responsible for the privacy policies or practices of such third-party organisations and you should make your own enquiries in respect of them.

Purpose of Mi Rewards Website and mobile application

The Mi Rewards website and mobile application provides the client with an opportunity to register to earn Mi Points by spending money at participating businesses. Registered customers can then convert their Mi Points balances into prize draw as defined on the website and in the Terms and Conditions.

What information may be collected?

When you visit our website, your IP address (the unique address which identifies your computer on the internet) will automatically be logged by our web server. We may automatically collect non-personal information about you such as the type of internet browsers you may use or the site from which you linked to our website. You cannot be identified from this information and it is only used to assist us in providing an effective service.

When you download and open our mobile application we may automatically collect non-personal information such as the type of mobile device used and its operating system version.

If you register, we will collect information such as your name, email address, post code and credit/debit card details. We will track your Qualifying Transactions so that we can monitor usage and convert into Mi Points only, all data collected is anonymised.

If you enable location services access to our mobile application we will track your location periodically so that we can monitor your movements and provide Mi Points for qualifying journeys as defined on the Mobility rules page on our website.

How is the information used?

We will use your personal information for basic profiling purposes and to let you know about other goods and services in which you may be interested. We will also use the information we collect to track and monitor the usage of our website and help us understand the patterns of site visitors. This will help us operate the site more effectively, identify what sort of information is of interest to our users and assist us in business processes such as record keeping. We also anonymise the data and use the information to help understand trends and spend patterns.

If you register, we may also use your personal information for the following purposes:

To record your spend at any of the businesses that are registered with the Service;

To communicate with you by email, (optional) browser notifications and potentially other marketing channels that we will add from time to time;

To help control access to restricted member areas of the website.

Will my personal information be provided to third parties?

We may share your personal information with third parties but only in the circumstances set out below.

  • We may supply your personal information to third parties (such as our internet service providers) who help us administer our website and mobile application. These third parties must at all times provide the same levels of security for your personal information as Mi Rewards and, where required, are bound by a legal agreement to keep your personal information private, secure and to process it only on the specific instructions of Mi Rewards. Other third parties whom we may share your personal information with are:

Our hosting administrators who are based in the EU;

Registered businesses that are part of the Service;

Place Managers (town/city managers);

Your data may be shared with other third parties but the personal data will be anonymised. Other elected third-party companies who will fulfil additional services including payment services, analytics, location tracking services, to help understand trends and spend patterns and to support delivery of the service.

We may also supply your personal information to government bodies and law enforcement agencies but only: if we are required to do so by the requirements of any applicable law; if in our good faith judgement, such action is reasonably necessary to comply with legal process; to respond to any legal claims or actions; or to protect the rights of Mi Rewards, its customers and the public.

Will I be sent information that I did not ask for?

We will use your personal information to keep you informed about our services through an email based newsletter and information about new Service developments and benefits. Also, where appropriate email communications relevant to content on the website or to keep you informed of relevant changes to the service, this may also include planned outages and operational changes to the website. If you wish not to receive such communications, unsubscribe to the weekly newsletter displayed at the end of the email or unsubscribe from their settings in the webpage. If you have any queries regarding this issue please contact us at the address below or e-mail us at gdpr@mi-cnx.com.

Cookie Policy

We will use “cookies”. Otherwise known as a type of tracking software, a cookie is a small, unique, text file that is sent to your browser from a web server and stored on your computer’s hard drive. We run Google Analytics, to aid the management of the site and for the purposes of authentication. We also use cookies to help you access our maps services, store session information and improve the users experience when navigating the website. For more information on our use of cookies please click here to read our Cookies Policy.

Chatroom, forums, profiles and User Generated Content

You may have an option to register through Facebook and X. If you register and use the services, please note that Facebook and X have their own privacy policies which you should be aware of before disclosing your personal data. Users are reminded that chat rooms, forums and areas of our services that allow you to submit content or set up a profile are for public viewing and discussion. Any personal information supplied by users here is widely accessible. Mi Rewards is not responsible for the content posted of these services posted by users.

What security will exist?

We are committed to protecting the privacy of your personal data. We use appropriate standards of technology and operational security to protect personal information including a Secure Server (based in the EU) and network firewall connection. Operationally, access to personal information is restricted to authorised personnel who are under a duty to maintain the confidentiality and security of such information.

Credit/debit card information is tokenized. We as the loyalty provider do not hold the card details. Card details are stored on the servers of a PCI compliance third party provider and are not accessible by us, in a similar manner to the Apple Pay concept.

Internet and Data Storage

Personal information submitted by means of the Internet may be vulnerable to unauthorised access by third parties. Submission of personal information using the Internet is at your own risk. We will take reasonable and appropriate technical measures to ensure that your personal information is stored in a secure manner. However, we shall have no liability for disclosure of data due to errors in transmission or the fraudulent, negligent or other illegal acts of a third party, such as ‘hacking’. Any transmission of personal information on or through the use of our website is at your own risk.

Transmission of Data Overseas

We will transfer your personal information to our website hosting administrators who are based in the EEA, other than this, we shall also transfer your personal information to certain companies who have contracted to use the Mi Rewards service and may reside outside the European Economic Area.

If we transfer your information outside of the EEA, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.

If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.

How can I access my personal information?

You have certain rights as a Data Subject under the Data Protection Legislation to request details and in certain circumstances a copy of the personal data which we hold about you. The law states that we may not charge you for providing this information. If you would like a copy, please contact us using the contact details at the end of this document and mark your communication, “Personal information request”.

We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

What if there is an error in my personal information you hold?

The accuracy of your information is important to us and we are always working on ways to make it easier for you to review and correct the information that we hold about you.

In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us using the contact details described at the end of this policy.

How long do you keep my personal information for?

We will keep your information only for as long as it is relevant and useful for the purpose for which it was originally collected.

Please note that if your account appears to have not been used for 2 years, we may try and contact you to check whether it is still in use and/or we may delete it.

Can I withdraw my consent for you using my personal information?

Where we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

What other legal rights do I have in relation to the information that we hold about you?

Right to access: You have the right to request access to your personal data held by us. Requests are to be made in writing, electronically and information will be provided in a commonly used electronic format. Requests will be handled within one month of receipt of the request, and free of charge with the exception of where requests are manifestly unfounded or excessive we hold the right to charge a reasonable fee taking into account the administrative costs of providing the information. More information can be found at www.ico.org.uk/for-the-public/personal-information/.

Right to rectification: You have the right to have personal data rectified if inaccurate or incomplete. Where the personal data in question has been disclosed to a third party, they will be made aware of the rectification where possible. Requests are to be made in writing, electronically, and will be handled within one month of receipt of the request.

Right to erasure: You have the right to request the deletion or removal of personal data in the following circumstances:

Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed. When you withdraw consent. When you object to the processing and there is no overriding legitimate interest for continuing the processing. The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR). The personal data has to be erased in order to comply with a legal obligation. This does not provide an absolute “Right to be forgotten”. Where the personal data in question has been disclosed to a third party, we will inform them about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so. Personal data will be erased by removal from our internal and cloud servers.

Right to restrict processing: You have a right to ‘block’ or suppress processing of personal data if you contest its accuracy; have objected to the processing; processing is unlawful and you oppose erasure; we no longer need the personal data but you require the data to establish, exercise or defend a legal claim. Where the personal data in question has been disclosed to a third party, we will inform them about the restriction on processing of the data, unless it is impossible or involves disproportionate effort to do so.

Right to data portability: You have the right to obtain and reuse your personal data for your own purposes. Requests are to be made in writing, electronically, and will be handled within one month of receipt of the request.

Right to object: You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics. Requests will be dealt with by immediate effect with no right for refusal.

You also have the right to make a complaint with the Information Commissioner at www.ico.org.uk if you think that any of your rights have been infringed by us.

All requests will be dealt with in your own merit, and in accordance with the Data Protection Legislation guidance.

Should a data breach occur, we have compliant procedures in place to investigate and report the matter to the Individual. In the event of a breach, it will be reported to you within 72 hours of discovery. A record of any breaches will be kept by the company.

You can exercise your rights by contacting us using the details set out in the “Contact Address" section below.

What about changes to the privacy policy?

We reserve the right to modify or amend this privacy policy at any time and for any reason. Details of any changes will be posted at the top of the privacy policy web page.

Contact Address

Miconex Ltd, t/a Mi Rewards