Data Sharing Principles

When Reward Connected receives, uses or shares data, including special category data, it will comply with the data protection principles in the GDPR:

Lawfulness, fairness and transparency

We will describe and document the lawful basis for using the data. ensuring special category data received the extra protection required. We will only process data in the way we have described and agreed.

Purpose limitations

We will only obtain data for specified, explicit and legitimate purposes. Data will only be used for a specific processing purpose that the client has been made aware of and no other, without further agreement.

Data minimisation

We will only collect the data we need for the task.


We will, work to ensure all data is kept accurate and, where necessary, up to date.

Storage limitations

We will only keep data that identifies individuals for as long as necessary. We will de-personalise it as soon as possible and delete it as soon as it is no longer needed, in line with our retention, review and deletion policy.

Integrity and confidentiality

We will share, keep, store and delete data securely and protect it against unlawful processing, accidental loss, destruction or damage. We will identify, document, assess and minimise any potential risks to data subjects through Data Protection Impact Assessments (DPIAs) where necessary.


We take responsibility for complying with the data principles and have appropriate processes and records in place to demonstrate our compliance.