PARK RETAIL LIMITED

Love2shop Gift Card Platform

Love2shop provide a SelfServe platform available over the internet, hosted remotely, which provides access to a variety of gift card products including physical gift cards, digital e-gift cards and Mastercard products which can be accessed and purchased via API integration or through direct access to the Love2shop platform.

Features

• E-Commerce ordering platform
• API Integration - real-time issuing of e-gift card
• Ordering of physical and digital gift cards and codes
• Delivery of recognition awards
• Remote access
• Self Service management of account

Benefits

• Access to multiple reward and gifting products
• Redemption at multiple high street and online retailers
• Recognition and engagement platforms available
• Access everything from gift cards to prepaid mastercard
• Ideal for HR rewards and incentives
• Ideal for rewarding external recipients
• Funds disbursement including emergency and cost of living

£0.00 to £0.00 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@love2shop.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

515583762901803

Contact

Sarah Brown
0330 333 1201
bids@love2shop.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: There are no service constraints. Gift cards are available to purchase through our platform at all times. Any planned down-time for maintenance will be communicated to clients and performed at the times that will have least impact to clients.
• System requirements: Up to date browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Under our SLA's we provide email support during normal UK office hours between 9am - 5pm. All emails are responded to within 24hrs (working hours).
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: We conform with the required standards.
• Onsite support: No
• Support levels: The Client Services department is the frontline support function for Love2shop Business. The department provides day-to-day, routine support for corporate clients putting them and their interests at the heart of all they do ensuring quality, timeliness and an excellent client experience whilst fully recognising the importance of meaningful relationships. In addition to Client Services providing services to its corporate clients they also provide support to the Account Management Team. ; ; Client Services provide services such as bulk ordering, fulfilment processing, telephone support, online chat assistance, and client aftercare services. The team also work closely with Love2shop Business Account Management team, Finance, and the Client Engagement Team providing daily business support in all aspects of their business needs. ; ; Client Services regularly review, identify and seek to improve processes, procedures and client touchpoints. The team also take appropriate action where complaints are received and/or errors found and ensure these are promptly resolved and reconciled. The team focus on continuous improvement activity with the customer at the heart of all thinking.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The clients will need to set up and account with Love2shop in order to purchase products. Accounts can be set up either via a link or account opening form provided by Love2shop. Once the account is open, the client will have access to our SelfServe area where they will be able to view, order and purchase all products. All documentation will be provided to the client.
• Service documentation: No
• End-of-contract data extraction: Love2shop provide a unique extract for the specific client as agreed in contract
• End-of-contract process: System access is revoked and customers can no longer buy through the framework.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Both accessed via web browser
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The Love2shop API delivers both the physical and digital Love2shop gift cards. Digital e-gift cards are able to be delivered in real-time to the customer whilst the physical gift card will be fulfilled to the customer as requested.; The API also enables any of the Love2shop products to be topped up in value.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Gift cards and platforms can be branded to the client and retailers

Scaling

• Independence of resources: Through network layer load balancing. In addition, our API layer has the ability to throttle traffic providing further resilience of service

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: For orders of digital e-gift cards outside of the API integration, those that are direct via our SelfServe platform,will be able to be exported direct from the SelfServe platform delivering the codes to clients in CSV format.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our SelfServe platform is available 24/7 for clients to place orders for any of our products as and when required. ; Our SLA's include:; - Answer calls within 15 seconds; - Be available to answer calls 95% of the time; - To only put clients on hold for a maximum of 1 minute; ; With regards to our API integration, we are targeting 99.99% up-time (aside from any scheduled down time).; Clients will receive a response in 30 seconds or the request will be timed out
• Approach to resilience: High availability servers with load balanced capabilities
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Role based access control
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The Audit People
• ISO/IEC 27001 accreditation date: 23/01/2024
• What the ISO/IEC 27001 doesn’t cover: Current certification supports our Love2shop products and will be extending to company wide Dec 2024
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: SAQ D
• PCI DSS accreditation date: 12/12/2023
• What the PCI DSS doesn’t cover: PCI DSS only covers the card payment areas of the business, however the controls that are applied for these areas are also in use for other areas that are not directly impacted by card payments.
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Overarching information security policy supported by a number of policies under the ISMS- and are audited externally annually

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to systems undergo a number of controls to maintain stability and security.; -All changes are developed following a formal secure development framework aligned with OWASP principles. This includes peer reviews and management control signoffs to ensure adherence with standards ; -Where appropriate changes are automatically scanned by 3rd party tools for security vulnerabilities and hotspots ; -There is a formal testing and QA process, covering functional and non-functional elements of changes. ; -Following ITIL guidelines, changes require CAB approval prior to implementation to production. This approval is recorded within out ITSM tool. ; -Security Operations proactively scans all application sets for new/emerging threats
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerability scanning tools include InsightVM, Nessus, AppCheck and Invicti. Notifications are received from these plus other vendors about new threats which are analysed. Patches are deployed based on their criticality or as part of regular patching depending which is sooner.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Alerts are raised within Sentinel where they are analysed by 24x7x365 operations. Response would depend on incident but measures taken could include taking machine and applications offline whilst investigating entry and any potential lateral movement.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management processes revolve around detection, containment, investigation, remediation and recovery. Users can report incidents by phone or email. Incident reports provided to relevant parties.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity

  Fighting climate change

  Love2shop / Paypoint Plc is a low-impact, low- carbon-intensive business that aims to reduce its environmental impact by reducing carbon emissions, waste and considering environmental and sustainability issues.; Climate change; We aim to reduce emissions and maximise the resource efficiencies of our operations. We have moved to a new hybrid way of working, reducing commuting journeys and engaging with our people to encourage sustainability at home as well as in the office. During the year we published guidance to our employees to help them consider how to reduce energy consumption at home.; Natural resources - Water; We use water for domestic purposes such as washroom facilities. Our current measures to reduce usage include time-controlled taps and dishwashers and reduced-flush toilets. With the transition to hybrid working, we expect our water consumption will not revert to previous levels and we will be actively working with our people to reduce their water usage at home.; Waste management; We recycle wherever possible, including paper, cans, plastic, cardboard, computer equipment and Love2shop / Paypoint Plc terminals. New recycling bins have been implemented in our offices to make this as simple as possible for our people. Plans are to be resurrected to recycle batteries, glasses, specialised clothing and mobile phones.; Redundant equipment is recycled by ISO 27001 accredited firms which are certified by the Asset Disposal and Information Security Alliance (‘ADISA’). ADISA recycles as much of the equipment as possible. Any parts which are not recyclable are disposed of in line with the Waste Electric and Electronic Equipment Regulations 2013 (‘WEEE’). ; ; Commitment to achieving Net Zero - Love2shop / Paypoint Plc PLC is committed to achieving Net Zero emissions by 2040.

  Covid-19 recovery

  During the past few years with the Covid 19 pandemic, continued access to PayPoint stores to pay bills, top-up or redeem credit vouchers was more important to customers than ever. Our network coverage remained fully accessible, and our store locator was updated regularly to show all available stores in a given area. ; ; PayPoint’s network is so strong that significant suspensions or mass exits really do not affect coverage. This was particularly evident when the UK was generally impacted so badly by the Covid 19 pandemic. During this time we monitored our network very closely, and saw little impact. ; ; Future plans:; • Our company purpose remains forefront of our minds and our efforts to ensure the best possible coverage levels across all communities, for all clients, while being compassionate to our retailers continues.; • Covid19 has re-enforced our community focus and has been an opportunity to overhaul the monitoring of our network and the data sets that we use for reporting.; • We are committed to a single version of the truth for all numbers and a common language for describing our estate.; • We have re-configured our reporting suite to focus on the number of unique transacting sites for each product which means intermittent non-transactors, who therefore may be struggling retailers, are easier to spot.; • We have established the Network Performance Taskforce - we will use their insight to evolve our customer journey and to drive adoption of our retail services (especially Epos).; • In addition, we will continue to monitor the competitor landscape with a robust repository (Salesforce) to now store this information within.

  Equal opportunity

  Love2shop is committed to treating applicants with disabilities equally and supporting people who become disabled during their career with the Company. This includes making reasonable adjustments both to the recruitment process for applicants and to the working environment, including offering appropriate training, in order that disabled employees can achieve their full potential.; Love2shop is committed to building a diverse and inclusive business where all of our people are treated fairly and with respect, and where the contributions of everyone are recognised and valued. This commitment is captured in our vision to create a dynamic place to work, with a positive and inclusive environment where everyone can learn, grow and shine. ; ; We focus on the below key areas:; Diversity - referring to the range of people at work and can be found in any social identity, such as gender, age, culture, nationality, ethnicity, physical abilities, political and religious beliefs, sexual orientation. ; Equity - giving people what they need, in order to make things fair. It is about giving more to those who need it, which is proportionate to their own circumstances to ensure that everyone has the same opportunities. For example; implementing reasonable adjustments at work for someone with a disability, to help them do their job as well as someone without a disability. This is different to equality which is about ensuring that everyone receives the same treatment and support. ; Inclusion - the process of involving, accepting, and valuing everyone in the workplace regardless of their differences and social identity. At Love2shop we are an inclusive workplace supporting its people, regardless of their background or circumstance, to thrive at work.

Pricing

• Price: £0.00 to £0.00 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Our platform with access to our products is free of charge, however customers will pay for any products ordered via the SelfServe platform or via API.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@love2shop.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.