Privacy Policy

1.0 INTRODUCTION

At RewardOps Inc., we provide online merchandising fulfilment and consumer rewards site operational services. To do this, we follow information usage practices based on two beliefs: first, that protecting user privacy is essential to the growth and prosperity of the Internet; second, that a personalized web experience can provide significant benefits to end users if done effectively. In accordance with these beliefs, RewardOps creates results for program managers and fulfilment suppliers in revolutionary ways without compromising individual privacy.

To start, it is important for you to know two definitions that are key to understanding our programs and privacy practices:

1.1 Personally Identifiable Information (“PII”):

Information that can be linked to an identifiable individual person. This type of data includes things like full name, home address, telephone number, or email address. This data is used strictly in the pursuit of fulfilling orders and mitigating fraud.

1.2 Non-Personally Identifiable Information (“Non-PII”):

Information that cannot identify an individual person, such as browser types, operating systems, domain names, access dates and times, referring website addresses, online transactions and browsing and search activity.

1.3 Data Controller (“Controller”):

RewardOps provides services to clients (“Controllers”) that send information to RewardOps for the purposes of order fulfillment, fraud mitigation and user experience personalization.

1.4 Data Processor (“Processor”):

RewardOps is a Processor that uses information sent via a Controller to fulfill orders, mitigate fraud and enable user experiences personalization.


2.0 POLICY BRIEF

This following table summarizes our practices and should be used solely for reference purposes. This table is not an exhaustive description of our privacy practices and should not be construed to define, limit, and/or describe the scope or extent of this Privacy Policy. As a result, we urge you to read the entire Privacy Policy:

Information Collection: PII All PII data is sent to us directly by the Controller
Information Collection: Non-PII The Non-PII we collect may be via 3rd party systems, software or applications, such as Google Analytics. All collection of this information is at the request and with the express permission of the Controller.
How Information is Used Data can be used for order fulfillment, fraud mitigation and user experience personalization. All uses of data are at the request of and with the express permission of the Controller.
Sharing Information Information may be shared with 3rd party service providers with whom we have contracted, our subsidiaries and affiliates, for the purposes set out herein. Data will only be shared with 3rd parties at the request of and with the express permission of the Controller.
Security We use reasonable and appropriate security measures to protect user data. Please reference our Information Security Policy for a comprehensive overview of our security practices.
Changes We may change this Privacy Policy from time to time. All Controllers will be provided reasonable notice before material changes are made to the Privacy Policy.
Contact Us If you have any questions about this Privacy Policy, your information provided to us or the practices discussed herein, please contact our Privacy Officer at: [email protected].


3.0 SCOPE

This Privacy Policy is primarily intended to provide a description of the ways in which we collect and use information to deliver our services across the Internet.

None of our operations are directed toward or intended for children. We do not collect PII from any person of whom we have knowledge is under the age of 13. 

We may collect information from visitors to our website for various purposes, including, but not limited to, providing information about goods and services likely to be of greater interest to those users.  We also may automatically collect your information when you first engage with our website. For example, information such as server logs from your browser, including your IP address, device type, unique device identification numbers, browser type, broad geographic location (e.g. country or city-level location) and other technical information.  We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked and information on how you use and interact with the Website.

Such information may include Non-PII through the use of cookies and other technologies provided by third parties, at the request of the Controller. It may also include any PII the Controller chooses to provide when sending orders to our systems. Although we choose our business partners and clients carefully, RewardOps is not responsible for the privacy practices of websites and mobile applications operated by such 3rd parties. Controllers should check the applicable privacy policies of such websites and mobile applications of requested 3rd party systems and tools to determine how they handle any information they collect from users.

4.0 PRIVACY BY DESIGN

Our philosophy on privacy follows the framework of Privacy by Design. We integrate privacy in strategy, product development, and more. We set the tone for privacy protection early and often, proactively working to keep PII out of RewardOps’ systems and only collecting personal information that is required to perform our services. Ensuring the protection of privacy throughout the entire lifecycle of the data is of the utmost importance, and we are careful to protect privacy as data is collected, used, and destroyed responsibly using modern techniques.

RewardOps has developed a strong privacy foundation and has a company culture aimed at the prevention of the unauthorized receipt and use of PII.

5.0 INFORMATION COLLECTION AND USE

On behalf of Controllers, RewardOps collects PII and Non-PII about Controllers’ clients. PII is provided by the Controller. Non-PII will be provided through approved 3rd parties. These 3rd parties may use technologies such as cookies, log files or other similar technologies to collect Non-PII about user browsers or devices, including browsing activity, online transactions, and IP addresses. Some clients contribute PII such as: name, address, email address, and associated transactional information directly to us or to a 3rd party with whom RewardOps has a contractual relationship. This 3rd party may share PII data points and provides RewardOps only essential PII for the purpose of order fulfilment and program enhancements.

6.0 INFORMATION SHARING

RewardOps will only share user information for limited purposes such as those provided in this Privacy Policy. This may include sharing information (1) to enable 3rd party service providers to assist or facilitate in the services we provide; (2) to comply with applicable laws and regulations or to respond to a subpoena, search warrant or other lawful request for information received by us, whether or not a response is required by applicable law; (3) to protect the safety of members of the public and users of the service (4) with vendors, administrative service providers, technology providers, and carefully selected partners for services including, but not limited to, data validation, enhancement, information verification and suppression services; or (5) for any other purpose for which Controllers provide consent. None of this information will include PII except as provided herein. While RewardOps strongly encourages clients and partners to adopt responsible approaches to online activities, RewardOps is not responsible for the information practices of such clients and partners.

7.0 SECURITY

The security of user information is important to us. We have implemented appropriate security measures to protect the information in our care, both during transmission and once we receive it. We take physical and technical security measures to protect our data from unauthorized access, as well as unauthorized disclosure or destruction of data.

8.0 RETENTION

As a default process, we retain PII and Non-PII data for no more than twenty-four (24) months. Aggregate reports generated from such data may be retained for a longer period, such as reporting data.

9.0 SELF-REGULATION & VOLUNTARY COMPLIANCE

Our commitment to our clients and their users includes compliance with and adherence to applicable laws and policies governing the collection and use of user personal information including PIPEDA (the Personal Information Protection and Electronic Document Act) (Canada), and the General Data Protection Regulation (GDPR) (European Union).