At RewardOps Inc., we provide online merchandising fulfilment and consumer rewards site operational services. To do this, we follow information usage practices based on two beliefs: first, that protecting user privacy is essential to the growth and prosperity of the Internet; second, that a personalized web experience can provide significant benefits to end users if done effectively. In accordance with these beliefs, RewardOps creates results for program managers and fulfilment suppliers in revolutionary ways without compromising individual privacy.
To start, it is important for you to know two definitions that are key to understanding our programs and privacy practices:
1.1 Personally Identifiable Information (“PII”):
Information that can be linked to an identifiable individual person. This type of data includes things like full name, home address, telephone number, or email address. This data is used strictly in the pursuit of fulfilling orders and mitigating fraud.
1.2 Non-Personally Identifiable Information (“Non-PII”):
Information that cannot identify an individual person, such as browser types, operating systems, domain names, access dates and times, referring website addresses, online transactions and browsing and search activity.
1.3 Data Controller (“Controller”):
RewardOps provides services to clients (“Controllers”) that send information to RewardOps for the purposes of order fulfillment, fraud mitigation and user experience personalization.
1.4 Data Processor (“Processor”):
RewardOps is a Processor that uses information sent via a Controller to fulfill orders, mitigate fraud and enable user experiences personalization.
2.0 POLICY BRIEF
None of our operations are directed toward or intended for children. We do not collect PII from any person of whom we have knowledge is under the age of 13.
We may collect information from visitors to our website for various purposes, including, but not limited to, providing information about goods and services likely to be of greater interest to those users. We also may automatically collect your information when you first engage with our website. For example, information such as server logs from your browser, including your IP address, device type, unique device identification numbers, browser type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked and information on how you use and interact with the Website.
4.0 PRIVACY BY DESIGN
Our philosophy on privacy follows the framework of Privacy by Design. We integrate privacy in strategy, product development, and more. We set the tone for privacy protection early and often, proactively working to keep PII out of RewardOps’ systems and only collecting personal information that is required to perform our services. Ensuring the protection of privacy throughout the entire lifecycle of the data is of the utmost importance, and we are careful to protect privacy as data is collected, used, and destroyed responsibly using modern techniques.
RewardOps has developed a strong privacy foundation and has a company culture aimed at the prevention of the unauthorized receipt and use of PII.
5.0 INFORMATION COLLECTION AND USE
On behalf of Controllers, RewardOps collects PII and Non-PII about Controllers’ clients. PII is provided by the Controller. Non-PII will be provided through approved 3rd parties. These 3rd parties may use technologies such as cookies, log files or other similar technologies to collect Non-PII about user browsers or devices, including browsing activity, online transactions, and IP addresses. Some clients contribute PII such as: name, address, email address, and associated transactional information directly to us or to a 3rd party with whom RewardOps has a contractual relationship. This 3rd party may share PII data points and provides RewardOps only essential PII for the purpose of order fulfilment and program enhancements.
6.0 INFORMATION SHARING
The security of user information is important to us. We have implemented appropriate security measures to protect the information in our care, both during transmission and once we receive it. We take physical and technical security measures to protect our data from unauthorized access, as well as unauthorized disclosure or destruction of data.
As a default process, we retain PII and Non-PII data for no more than twenty-four (24) months. Aggregate reports generated from such data may be retained for a longer period, such as reporting data.
9.0 SELF-REGULATION & VOLUNTARY COMPLIANCE
Our commitment to our clients and their users includes compliance with and adherence to applicable laws and policies governing the collection and use of user personal information including PIPEDA (the Personal Information Protection and Electronic Document Act) (Canada), and the General Data Protection Regulation (GDPR) (European Union).