Last updated: 11/11/25
This Privacy Policy explains how Candi Loyalty App (“we”, “our”, “us”) collects,
uses, and protects personal data when you visit our website https://
candiloyalty.app/ (the “Website”) or otherwise interact with us online.
We are committed to protecting your privacy and handling your information in a
transparent and lawful manner.
Candi Loyalty App T/A Sugar Rush
Operating in: Northern Ireland
Email: sales@candiloyalty.app
We act as the data controller for the personal information collected through
this Website.
We may collect and process the following types of personal information:
(a) Information you provide directly
● Your name, email address, phone number, or business name when you
contact us via forms or email.
● Any other information you voluntarily submit to us (e.g. feedback or
support messages).
(b) Information collected automatically
When you browse our Website, we may automatically collect:
● IP address and browser type
● device and operating system
● referring pages, access times, and pages visited
● cookie identifiers or similar technologies (see section 6 below)
This helps us understand how people use our site and improve its functionality.
We use personal data for the following purposes:
● To respond to enquiries or support requests
● To provide information about our services
● To maintain and improve the Website’s functionality and security
● To manage marketing communications (where you have opted in)
● To comply with legal obligations or resolve disputes
We only use your information where there is a lawful basis, such as:
● your consent (e.g. for marketing emails)
● contractual necessity (if you engage with us as a client)
● our legitimate interests (e.g. to improve our site and services)
● legal obligation (to keep certain records)
We do not sell your personal data.
We may share information only in the following limited circumstances:
● With trusted service providers who help us operate the Website (e.g.
web hosting, analytics, email delivery).
● When required by law or in response to valid legal requests.
● In the event of a business transfer (e.g. merger or acquisition), where
your data may be part of transferred assets.
All third parties are required to handle your data securely and only for
authorised purposes.
Calendly
When visitors book an appointment or demo through our website, the
scheduling process is handled via Calendly, a third-party service operated by
Calendly LLC (based in the United States). Information such as your name,
email address, and chosen meeting time is collected by Calendly in order to
arrange the meeting and send confirmations. Calendly acts as an independent
data controller for that information and processes it in accordance with its own
privacy policy, available at https://calendly.com/privacy. We receive limited
details from Calendly (such as your name, email, and appointment time) so we
can prepare for and conduct the meeting.
We keep personal data only as long as necessary for the purposes described
above or to comply with legal obligations.
When data is no longer required, it will be securely deleted or anonymised.
Our Website may use cookies or similar technologies to:
● enable basic site functionality
● measure and analyse traffic and usage
● personalise user experience
You can control or delete cookies through your browser settings.
If you disable cookies, some parts of the Website may not function properly.
If we use analytics tools such as Google Analytics (GA4), data is collected in
aggregate form and does not identify individual visitors.
We implement appropriate technical and organisational measures to protect
personal data against unauthorised access, alteration, disclosure, or
destruction.
However, no internet transmission is completely secure, and we cannot
guarantee absolute security.
Where we use service providers outside the UK or EEA, we ensure appropriate
safeguards (such as UK adequacy decisions or Standard Contractual
Clauses) are in place to protect your information.
Some of our third-party service providers, such as Calendly, are located
outside the UK or EEA (for example, in the United States).
Where personal data is transferred internationally, we ensure that appropriate
safeguards are in place — for example, UK adequacy regulations or Standard
Contractual Clauses approved by the UK Information Commissioner’s Office
(ICO).
Under UK GDPR, you have the following rights:
● Access – to request a copy of the personal data we hold about you.
● Rectification – to request correction of inaccurate or incomplete data.
● Erasure – to request deletion of your data (“right to be forgotten”).
● Restriction – to limit how we process your data in certain cases.
● Data portability – to receive your data in a usable format and transfer
it elsewhere.
● Objection – to object to processing based on legitimate interests or
direct marketing.
To exercise these rights, contact us at sales@candiloyalty.app
Our Website may contain links to external websites.
We are not responsible for the content or privacy practices of those third-party
sites.
You should review their privacy policies separately.
We may update this Privacy Policy from time to time.
Any updates will be posted on this page with the revised “Last updated” date.
We encourage you to review this Policy periodically.
For any questions or requests regarding this Privacy Policy or our data
practices, please contact:
Candi Loyalty App T/A Sugar Rush
Email: sales@candiloyalty.app
Northern Ireland
