- What information we collect and why we collect it.
- How we use that information.
- The choices we offer, including how to access and update information.
How to contact us
Information We Collect
We collect information in the course of our providing services and products to you and your organization; including when you use our Incentive Services website (“Website”) or our Incentive Services App (“App”). We collect information in the following ways:
- Information you give us. For example, many of our services require you to provide personal information, like your name, physical address, email address, or telephone number to store with your account.
- Information we get from your use of our services when you register, create or modify an online or in-app account with us. We collect information about the services that you use and how you use them, like Reward or Service Award that you ordered.
- Personal Information that your company provides to us.
This information includes:
- Device information
- We collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number).
- Log information
- When you use our services or view content provided by Incentive Services, we automatically collect and store certain information in server logs. This includes:
- Details of how you used our service, such as your search queries.
- Details of the Reward or Service Award ordered along with the shipping information for the Reward or Service Award.
- Internet protocol address.
- Cookies that may uniquely identify your browser.
- Location information
When you use our services, we may collect and process information about your actual location. We use various technologies to determine location, including IP address, GPS, and other sensors that may, for example, provide us with information on nearby devices, Wi-Fi access points and cell towers.
- Unique application numbers
Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to us when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.
- Local storage
We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
- Cookies and similar technologies
We use various technologies to collect and store information when you visit us, and this may include using cookies or similar technologies to identify your browser or device.
How we use information we collect
We use the information we collect from you to:
- Provide you with the available Rewards and Service Awards,
- Provide assistance with Redemption of a Reward or the selection of a Service Award,
- Arrange for delivery of the Reward or Service Award,
- Send you service communications such as notifications of delivery dates and summary of Points Accounts,
- Manage and administer our services and business, including performing our record keeping requirements,
- Maintain the operational availability and reliability of our IT systems with infrastructure backups and testing.
- Confirm your identity and to prevent fraud,
- Improve our products and services; including through statistical analysis and research for program development,
- Share it with the manufacturers/providers of the Rewards and Service Awards.
When you contact us, we keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.
Transparency and choice
People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. For example, you can:
- Review and update your account activity controls to decide what types of data, or past searches, you would like saved with your account when you use our services. You can also visit these controls to manage whether certain activity is stored in a cookie or similar technology on your device when you use our services while signed-out of your account.
- To opt out of first party tracking (that means tracking with cookies placed by Incentive Services) on our Website, you may choose:
- To opt out of third party tracking (that means; tracking with cookies placed by persons other than Incentive Services).
You may also set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it’s important to remember that many of our services may not function properly if your cookies are disabled. For example, we may not remember your language preferences.
App tracking preferences and opt out.
You may opt out of all information collected via the App by uninstalling it. You may use the standard uninstall, application, and data management processes available through your mobile device. Once you have uninstalled the App, all information that is stored in the App is deleted, including any preferences you previously set for location permissions and whether you have allowed Incentive Services to send you push notifications. Once the App is uninstalled and preferences are deleted, push notifications from the App will stop. You may also refrain from using application features that collect specific types of data. You may at any time opt out from allowing the App’s access to your location data by disabling location tracking features as provided in your mobile device settings.
Accessing and updating your personal information
Whenever you use our services, we aim to provide you with access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
Information we share
We do not sell your personal information to third parties, and do not intend to do so in the future.
We may disclose your information:
- To the party providing the service or product when you Redeem Points or order a Service Award (for example Apple, Samsung, MasterCard).
- For legal reasons
We will share personal information with companies, organizations or individuals outside of Incentive Services if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- Meet any applicable law, regulation, legal process (such as pursuant to a subpoena or judicial order) or enforceable governmental request by public authorities, including to meet national security and law enforcement requirements.
- Enforce applicable Terms of Service, including investigation of potential violations.
- Detect, prevent, or otherwise address fraud, security or technical issues.
- Protect against harm to the rights, property or safety of Incentive Services, our users or the public as required or permitted by law.
- We may share with third parties anonymous, aggregated information about all of our users.
- If Incentive Services is involved in a merger, acquisition or asset sale, (“Restructure”) we will continue to ensure the confidentiality of any personal information and give affected uses notice in advance of the Restructure.
We work hard to protect Incentive Services and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:
- We encrypt many of our services using SSL.
- We offer you two step verification when you access your Incentive Services Account.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We restrict access to personal information to Incentive Services employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Compliance and cooperation with regulatory authorities
When we receive formal written complaints, we will contact the person who made the complaint to follow up within 45 days of the day we receive the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
We commit to binding arbitration; if you request it, to address any complaint that have not been resolved by other recourse and enforcement mechanisms.
We are subject to the investigatory and enforcement powers of the FTC, or any other U.S. authorized statutory body.
European Union and Switzerland.
This section applies only to individuals in the European Union and Switzerland and other countries which grant the rights described here. These rights will apply only in certain circumstances.
- Requesting a copy of your information
To the extent you are legally entitled, you can request confirmation of whether or not we process your personal information, and details of the information that we hold about you and how we use it. You also have a right to access your personal information and to be provided with a copy.
- Right to rectification of personal data
If you believe that the personal data we hold about you is inaccurate, you may request that we correct it. You may also request us to complete personal data about you which is incomplete.
- Right to restrict processing of personal data
You have the right to request that we restrict processing of your personal information where one of the following applies:
- You claim that the personal data is not accurate. The restriction will apply until we have taken steps to ensure the accuracy of the personal data.
- The processing is unlawful, but you do not want us to erase the personal data.
- We no longer require the personal data for the purposes of processing, but you still need it in connection with a legal claim.
- You have exercised your right to object to the processing. The restriction will apply until we have taken steps to verify whether we have compelling legitimate grounds to continue processing.
- Right to request deletion of personal data (“right to be forgotten”)
- You may request the erasure of your personal information in certain circumstances. For example, you may request erasure if:
- The personal information is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- You have withdrawn your consent and we have no other legal basis for processing the personal information.
- You have exercised your right to object to processing the personal information, and we have no overriding legitimate grounds to continue processing it.
- Under certain circumstances, we may refuse a request for erasure, for example, where we need to use the personal data to comply with a legal obligation or to establish, make or defend legal claims.
- If you exercise your right to erasure, this will potentially remove records which we hold for your benefit, such as your points account information (including points that may be in your account) and your presence on a marketing suppression list.
- You may request the erasure of your personal information in certain circumstances. For example, you may request erasure if:
- Right to object to processing of personal data
You have a right, at any stage, to object to our using your personal information to send you marketing information. You also have the right to object to our using your personal information where our reason is based on our legitimate interests. We will have to stop processing until we can establish that we have compelling legitimate grounds which override your interests, rights, and freedoms, or that we need to continue using it for the establishment, exercise, or defense of legal claims.
- Right to data portability
This right applies where:
- Our reason for using your personal information is either that you have given consent or that the processing is necessary for us to perform a contract with you; and
- We process the personal information by automated means.
This is a right to receive all the personal information which you have provided to us in a structured, commonly used, and machine-readable format and to transmit this to another controller directly, where this is technically feasible.
- Complaints to regulator
You have a right to complain to a supervisory authority (i.e., a regulator which oversees data protection law compliance), in particular, in the European Union country where you live or work or where you consider we have infringed on your privacy rights.
- Exercising these rights
- We may charge you a small administration fee to respond to your request as allowed by applicable law. In general, we do not charge any fee where the right is based on European Union law. (We can charge an administrative fee for extra copies of your information and in certain exceptional circumstances.)
- Where we receive a request to exercise one of these rights, we will provide information on the action we take on the request without undue delay and in any event within one month of receipt of the request. This time may be extended by a further two months in certain circumstances, for example, where requests are complex or numerous.
- Where we do not carry out your request, we will tell you without delay and in any event within one month of receipt of the request, and we will explain our reasons for not taking the action requested.
- Any request you make must be in writing and include your name and address and any other information that may identify you, such as what company and what program you are associated with. You must also provide a photocopy of your passport or driver’s license so we can verify your identity. Please send your written requests to:
- Data Protection Officer
7667 Cahill Road
Edina, MN 55439, USA
- Privacy Framework Principles
In compliance with the Privacy Framework Principles, Incentive Services commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Framework policy should first contact Incentive Services at:
7667 Cahill Road, Edina, MN 55439, Attn: Data Protection Officer, email [email protected].
In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, Incentive Services commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF to the American Arbitration Association (“AAA”), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of AAA are provided at no cost to you.
Incentive Services is based in Edina, MN, USA and we may transfer personal information in compliance with applicable law to the US and other jurisdictions where Incentive Services provides services. For EU and Swiss Residents: Some of the countries where Incentive Services provides services may not have the equivalent level of data protection laws as those in your location. If we need to transfer personal data outside the EEA or Switzerland, we will take steps to make sure your personal data is protected and safeguarded once it leaves the EEA or Switzerland. In particular, we require third parties to whom we transfer your data to agree to abide by the Model Clauses approved by the European Commission and permitted under Article 46 of the European Union General Data Protection Regulation (“GDPR”). If you would like to obtain the details of such safeguards, you can request them from the Data Protection Officer at Incentive Services. In some limited circumstances, we may also transfer your information outside the EEA and Switzerland if the GDPR (under Article 49) allows this. This includes where it is necessary for the performance of a contract between us and you and where the transfer is necessary in connection with legal proceedings. We will remain liable for the security of your personal information – under the GDPR Principles -unless we prove that we were not responsible for the event giving rise to the damage.