Dot

Health & financial wellbeing in one portal 24/7 GP access and mental health support Salary access and thousands of discounts One branded platform for your workforce

Llll

Privacy Policy

Last updated: 5 June 2026

This Privacy Policy explains how Perks Direct collects, uses, shares and protects personal data when you visit our website, enquire about our services, or use the employee benefits, wellbeing and engagement platform we provide. Please take a few minutes to read it — we have tried to keep it clear and free of jargon.

The short version: we only collect what we genuinely need, we never sell your personal data, we take particular care with health and wellbeing information, and you are always in control of your rights over your data.

Who we are

Perks Direct is an employee benefits, wellbeing and engagement platform (including an Employee Assistance Programme, or EAP). Perks Direct is a trading name of Benefits Direct Ltd, a company registered in England and Wales under company number 12498610. We are registered with the Information Commissioner’s Office (ICO) under registration number C1397758.

For any questions about this policy, or to exercise your data protection rights, you can reach our data protection contact at info@perksdirect.co.uk.

Are we a “controller” or a “processor”? (This matters)

Data protection law distinguishes between a controller (who decides why and how data is processed) and a processor (who handles data on a controller’s instructions). Our role depends on the context:

  • We are the controller for our own marketing website (www.perksdirect.co.uk), for enquiries and quote requests you send us, for any newsletter or marketing we send, for our server logs and analytics, and for our business contacts with prospective and current employer clients.
  • We typically act as a processor (or under a joint arrangement) when we handle employee personal data on behalf of an employer client. In that case your employer is the controller of its own workforce data, and our processing is governed by a data processing agreement and our services contract with them.
  • Our clinical and specialist partners may be independent controllers in their own right. For example, where you access a GP/telehealth consultation or counselling through the platform, the partner delivering that care is responsible, as a controller, for the health data involved in providing it.

If you are an employee using the platform, please also refer to your employer’s own privacy notice for information about how they handle your personal data in the employment context.

The personal data we collect and how

We collect data only through realistic channels for our website and service:

  • Website forms (such as our contact, “Get a Quote” and “Get a Free Quote” forms): your name, work email address, company name and the details of your enquiry or message.
  • The employee benefits portal: account and registration details, and information about your use of the benefit services available to you. Some of this is special-category health data (see below) where you access services such as GP/telehealth, mental-health counselling or the EAP.
  • Partner and third-party services accessed through the platform (for example legal, debt advice, counselling, salary access / earned wage access, and retail discounts): where a partner processes your data to deliver the benefit you have requested.
  • Server logs: technical data such as your IP address, browser type and timestamps, used to keep our service secure and available.
  • Analytics: where in use, consent-based analytics data, named in our Cookie Policy.
  • Embedded media: where pages contain embedded content such as explainer videos, the provider of that content may set its own cookies or collect usage data.

Special category (health and wellbeing) data

Because our platform includes services such as 24/7 GP/telehealth access, mental-health support and counselling (delivered by accredited counsellors), and an Employee Assistance Programme, using those services can involve special category data about your health and wellbeing. This is treated as particularly sensitive and is handled with extra care.

  • We (or the relevant clinical partner) process this data only to deliver the support you have asked for — for example to arrange a GP consultation or counselling session.
  • Much of this clinical information is held by the specialist partner who delivers the service, acting as a controller in their own right under their own Article 9 condition and bound by their own professional and confidentiality obligations. Where we process health data, we do so on the basis of your explicit consent.
  • If we ever rely on the “provision of health or social care” or a “substantial public interest” condition under Article 9, we do so in line with an Appropriate Policy Document as required by the Data Protection Act 2018, and such data is handled by, or under the responsibility of, people bound by a duty of confidentiality.
  • We do not share the clinical detail of your use of these services with your employer. Where an employer receives reporting, it is in aggregated, anonymised form that does not identify individuals.

Our lawful bases for using your data

We rely on the following lawful bases under Article 6 of the UK GDPR:

  • Consent — for sending you marketing communications and for setting non-essential cookies. You can withdraw consent at any time.
  • Legitimate interests — for responding to enquiries and quote requests, keeping our website and systems secure, and understanding website usage through analytics in aggregate. We balance these interests against your rights and freedoms.
  • Performance of a contract — for delivering the platform and the benefit services you or your employer have requested.
  • Legal obligation — for record-keeping, accounting and complying with our legal and regulatory duties.

Our Article 6 basis for arranging the benefit and clinical services you request is normally performance of a contract (or steps you ask us to take before entering into one). For the health data itself, we rely on an Article 9 condition — usually your explicit consent, or where applicable the provision of health or social care, as described in the section above.

How we use your data

  • To respond to your enquiries and provide quotes.
  • To set up and administer accounts on the employee benefits portal.
  • To deliver the benefit, wellbeing and EAP services you access, including arranging access to partner services.
  • To send marketing or newsletter communications where you have consented.
  • To keep our website and systems secure, available and working properly.
  • To understand and improve how our website and platform are used.
  • To meet our legal, regulatory and record-keeping obligations.

Who we share your data with

We share personal data only where necessary, with appropriate safeguards and contracts in place. We never sell your personal data. The categories of recipient include:

  • Our hosting provider — to host the website and platform.
  • Website form and CRM tooling — to receive and manage enquiries.
  • Our analytics provider — named in our Cookie Policy, where consent-based analytics are in use.
  • Benefit-delivery partners — the specialist providers who deliver the services you access, such as legal advice (for example Irwin Mitchell), debt advice (for example Auriga), counselling, GP/telehealth and salary access. These are examples, not an exhaustive list.
  • Your employer — where we act as processor for your employer client, and only as set out in our agreement with them (clinical detail is not shared; any reporting is aggregated and anonymised).
  • Professional advisers and authorities — where we are required to do so by law or to establish, exercise or defend legal claims.

Keeping your data secure

We use appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access — for example access controls, encryption in transit and limiting access to those who need it. The partners and processors we work with are bound by contract to keep your data secure and to process it only on our instructions or, where they are controllers in their own right, in line with their own obligations.

International transfers

We aim to keep personal data within the UK. Transfers to the European Economic Area are covered by UK adequacy regulations, which the UK government has determined provide an equivalent level of protection. Where a provider processes data in any other country, we put an appropriate safeguard in place — such as UK adequacy regulations for that country, or the International Data Transfer Agreement (or the UK Addendum to the EU Standard Contractual Clauses) — so that your data continues to receive an equivalent level of protection.

How long we keep your data

We keep personal data only for as long as we genuinely need it. Enquiry and quote data is kept while we deal with your request and for a reasonable period afterwards; account and service data is kept for the duration of the relevant relationship; and some records are kept longer where the law requires (for example, accounting and tax records). Where we act as a processor, retention of employee data is governed by our agreement with the employer client. When data is no longer needed, we securely delete or anonymise it.

Your rights

Under UK data protection law you have the right to:

  • be informed about how your data is used;
  • access a copy of the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased in certain circumstances;
  • restrict or object to certain processing;
  • data portability;
  • withdraw consent at any time where we rely on consent; and
  • object to direct marketing at any time.

We will respond to any rights request without undue delay and within one month of receiving it. If your request is complex, or you have made a number of requests, we may extend this by up to a further two months, and we will tell you (and explain why) within the first month. We will not normally charge a fee.

To exercise any of these rights, contact our data protection contact at info@perksdirect.co.uk. If your request relates to data we process on behalf of your employer, we may need to direct it to your employer as the controller, or handle it on their instructions.

Automated decision-making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing, and we do not use your personal data for that kind of automated profiling.

Children’s data

Our website and platform are intended for employers and their employees, and are not intended for anyone under 16 (or under 18 for clinical services such as GP/telehealth and counselling). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can address it.

Cookies

Our website uses cookies and similar technologies. Essential cookies are needed for the site to function; non-essential cookies (such as analytics) are only set with your consent. You can change or withdraw your cookie consent at any time, as easily as you gave it, through our Cookie Policy or cookie settings. Full details of the cookies we use, including any analytics provider, are set out in our Cookie Policy, where you can also manage your preferences.

Third-party links

Our website and platform may contain links to third-party websites and partner services. This Privacy Policy does not apply to those external sites, and we are not responsible for their content or privacy practices. We encourage you to read the privacy notice of any site or service you visit.

Your right to complain

We would always prefer to resolve any concern directly, so please contact us first at info@perksdirect.co.uk. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection, at ico.org.uk or on their helpline 0303 123 1113.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, technology or legal obligations. When we make changes, we will update the “Last updated” date at the top of this page. Please check back periodically to stay informed.

x
Get a Quote
Explore the Platform
Learn About Us

Get in Touch

Perks Direct is the trading name of Benefits Direct Ltd · Company No 12498610 · ICO Reg C1397758.