Deactivate Your Account
Employees can deactivate their account which permanently deletes all data related to the employee from our systems. This is a simple way for employees to exercise their right to erasure (sometimes referred to as ‘right to be forgotten’). A request is sent to administrators of the scheme (usually someone in the HR department) to verify the request is genuine and then approve or deny it. Once approved, all data is removed including any available cashback funds on account.
Where can employees find the Security Center?
In each employee’s 'My Account' section, there is a link to access the Security Settings. This would be under the normal General Settings link. You can read more about our Security Center at A guide to the Employee Security Center.
Why does my employer need to approve the request to delete my data / my right to erasure?
There are a number of reasons we involve your employer in these requests.
- We need to validate the authenticity of the request. Password reuse and account sharing is an unfortunate common practise. If we were to delete your data without properly authenticating the request, we would potentially be causing an incident by removing access to your data.
- Rather than requesting copies of identity documents - which many other companies do in response to erasure requests - we decided to build a simple workflow which allows employers to authenticate these requests. This also handles notifying your employer of your request to no longer share your data with us.
- Your employer is the Data Controller of some information and Reward Gateway is the processor. We need to inform them in order to ensure they do not share your information with us again.
- This process means you can have your data deleted quickly with very little effort from you, well within the month we have to respond to your request. We have automatic reminders to employers who do not respond to these requests in a timely manner.
What is expected of employers receiving these requests?
- Checking with the member through trusted channels (eg. internal communication platforms) that they did make this request.
- Approving the request if the request is genuine. Rejecting the request and informing us if the request is not genuine.
- Ensuring you update the systems they use to share employee data with us to reflect the employees right to restrict processing and erasure.
What if my employer won’t or doesn’t respond to these requests, and I want my data deleted as soon as possible?
- You can get in touch with us through the usual support channels, or directly via privacy-requests @ rewardgateway.net (without spaces)
- We may manually verify your identity and approve the request ourselves, while informing your employer at the same time without waiting for their approval (they will still be informed). Please note however, we do have one month to respond to these requests, and going through our automated process is more likely to ensure your request is dealt with quickly and efficiently.
What if my employer shares my data with Reward Gateway, even after I have exercised my right to erasure?
We have a process where we make a secure ‘hash’ (a one-way, irreversible process) of the unique identifier that your employer shares with us (this is usually your payroll ID, work email address, staff number).
When processing a membership refresh or upload, we compare the data provided with this ‘hashed’ value. If it matches, we inform the administrator and reject the data, ensuring we don’t process your data once you have informed us not to.
This is designed as a safety measure to ensure we don’t process your data after being instructed not to, on the basis that employers often use automated data integrations with us and in some situations may not update their systems as quick as we update ours. It is not designed as a replacement for proper lawful basis management and we advise employers to ensure they have their own internal processes for managing this.