Privacy Policy

ampliFI Loyalty Solutions Privacy Policy

Augeo Consumer Engagement Services, LLC (a.k.a. ampliFI Loyalty Solutions; hereafter: “ampliFI”) is dedicated to respecting and defending your personal privacy. This privacy policy explains how we collect, share, use, and protect information when you visit or use any ampliFI website or online platform.

Please read this notice carefully to understand what we do, and how we collect, share and protect your personal information. As you review this privacy policy, here are a few general principles to keep in mind:

• Our online services are not intended for children under the age of 13. We do not knowingly collect personal information from, or market our products and services to children under 13.
• As a member or user of an ampliFI product or service, we will use and share the information that we collect from or about you in accordance with the details below, which provide you with certain options with respect to the use and sharing of your personal information.

INFORMATION WE MAY COLLECT

Personal Information
When you visit our websites, we may collect personal information from or about you when it is entered, including but not limited to your name, portal login credentials, email address, mailing address, telephone number, IP address and transaction details. In certain situations, as a member on an ampliFI platform we may also collect payment card information, social security numbers, employment information or protected health information. We may also receive personal information and information about your transactions directly from your financial institution or a service provider authorized by either ampliFI or your financial institution or payment card network (such as Visa, Mastercard, or other payment card networks) in order to process your rewards or redemption transactions.

Usage and Other Information
In addition to the personal information described above, we may collect certain information about your use of our online services. For example, we may log the IP address of the device you use to connect to our online service, the type of operating system and browser you use, information about the site you came from, the parts of our online service you access, and the site you visit next. We or our third-party partners may also use cookies, web beacons or other technologies to collect and store other information about your visit to, or use of, our online services.

USE OF INFORMATION

We use the information discussed above in a number of ways, such as:

• Processing reward or redemption transactions;
• Verifying your identity (such as when you access your account information);
• Preventing fraud and enhancing the security of your account or our online services;
• Responding to your requests and communicating with you;
• Reporting program activities to our client program owners;
• Managing your program preferences;
• Performing analytics concerning your use of our online services, including your responses to our emails and the pages and
• advertisements you view;
• Providing you tailored content and marketing messages on behalf of our clients and partners;
• Monitoring our site or portal performance;
• Operating, evaluating and improving our business (including developing new products and services, improving existing products and services, performing data analytics, and performing internal functions such as accounting and auditing);
• Complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies; and
• For any other purposes that we may specifically disclose at the time you provide or we collect your information.
  We may also use data that we collect on an aggregate or anonymous basis (such that it does not identify any individual customer, directly or indirectly) for various business purposes, where permissible under applicable laws and regulations.

DATA RETENTION

We will hold your personal information on our systems for as long as is necessary to perform the relevant processing activity, or as long as is set out in any relevant contract you hold with us. This is a case by case determination that depends on things like the nature of the data, why it is collected, why it is processed, and relevant legal or operation retention needs. For example, we may retain your data for as long as you hold a rewards account so that we may process and fulfill your future award transactions. We may also be legally required to hold some types of information to fulfill our statutory obligations. We review our retention periods for personal information on a regular basis. When the relevant processing activity has been completed, we may destroy your data, or alternatively anonymize the data in such a way that you are not personally identifiable, either directly or indirectly.

DISCLOSURE OF INFORMATION

ampliFI may share the information we collect from and about you with our affiliates and other third parties to bring you a range of quality and reliable products and services designed to meet your needs. For example, we may share your information with:

• ampliFI third-party service providers like payment card networks that provide transaction data, merchandise reward fulfillment, travel fulfillment and mailing service suppliers;
• ampliFI affiliated websites and businesses in an effort to bring you improved service across our family of products and services, when permissible under relevant laws and regulations;
• Other companies to bring you co-branded services, products or programs;
• Third parties or affiliates in connection with a corporate transaction, such as a sale, consolidation or merger of ampliFI businesses; and
• Other third parties to comply with legal requirements such as the demands of applicable subpoenas and court orders; to verify or enforce our terms of use, our other rights, or other applicable policies; to address fraud, security or technical issues; to respond to an emergency; or otherwise to protect the rights, property or security of our customers or third parties.

Where appropriate, we will limit sharing of your information in accordance with the options you have selected.

We may share anonymous or aggregated information (such that it does not identify any individual customer, directly or indirectly) with third parties to help deliver products, services, and content that are tailored to the users of our online services and for other purposes.

UNDERSTANDING COOKIES, WEB BEACONS AND OTHER TRACKING TECHNOLOGIES

We, our service providers, and other companies we work with may deploy and use cookies, web beacons, and other tracking technologies for various purposes, such as fraud prevention, monitoring our advertising, and assessing our marketing campaign performance. Some of these tracking tools may detect characteristics or settings of the specific device you use to access our online services.

“Cookies” are small amounts of data a website can send to a visitor’s web browser. They are often stored on the device you are using to help track your areas of interest. Cookies may also enable us, our service providers or other companies we work with to analyze your use of our online services over time to customize your experience. Most web browsers allow you to adjust your browser settings to decline or delete cookies, but doing so may degrade your experience with our online services.

Clear GIFs, pixel tags, web beacons are typically one-pixel, transparent images located on a webpage or in an email or other message. These, or similar technologies may be used on our sites and in some of our digital communications (such as email or other marketing messages). They may also be used when you are served advertisements or you otherwise interact with advertisements outside of our online services. These are principally used to help recognize users, assess traffic patterns and measure site or campaign engagement.

ONLINE ADVERTISING

You may see advertisements when you use some of our online services. These advertisements may be for our own products or services, or for products and services offered by third parties. Which advertisements you see is often determined using the information we, our affiliates, service providers, and other companies that we work with have about you, including information about your relationships with us (e.g., types of accounts held, transaction information, location of activity). To that end, where permitted by applicable law, we may share with others the information we collect from and about you.

LINKING TO THIRD-PARTY WEBSITES

ampliFI may provide links to websites that are owned or operated by other companies (“third-party websites”). When you use a link online to visit a third-party website, you will be subject to that website’s privacy and security practices, which may differ from ours. You should familiarize yourself with the privacy policy, terms of use, and security practices of the linked third-party website before providing any information on that website.

TRANSFERRING YOUR INFORMATION

Because ampliFI is a US-based company, your information may be collected and processed in the United States. If you live or are traveling outside the US and access our online websites or platforms, any information that you provide or that we collect may be transferred to our systems in the US. However, if we transfer your information in this way, we will put in place appropriate protection to make sure your personal data remains adequately protected and is treated in line with this Policy.

SECURITY

The security of your information is our top priority. We use physical, electronic, and procedural safeguards that comply with federal and international standards to protect and limit access to your personal information. ampliFI also actively monitors our systems and your account for suspicious or fraudulent activity.

Managing Employee Conduct
ampliFI has an absolute commitment to integrity, our related values and ethical standards, and the associated business conduct we expect from all our employees. These standards include specific guidelines about how employees must safeguard confidential information, including our customers’ data.

Regulatory Compliance
ampliFI maintains compliance with all required data protection regulations that apply to the information systems and data we collect. ampliFI regularly validates its security, operational, and business practices, both internally and through third party audits.

Online Security
ampliFI uses at minimum 128-Bit Encryption each time you access your account(s) and perform transactions on our portals. Look for website to start with https:// or have a lock symbol.

ampliFI regularly tests the web security of our sites and products.

Fraud Monitoring
ampliFI continuously monitors the registration, login, and activities of accounts to detect fraudulent or unauthorized use of your account.

What Can You Do To Help?

• Help protect yourself by keeping your operating system, browser, and anti-virus software up-to-date so you’ll have the latest security enhancements.
• Regularly monitor your account for suspicious activity.
• Watch out for phishing emails. Use caution when opening links or attachments in emails that you are not expecting.
• Used strong passphrases and change them frequently.
• Use safe practices when on social media.

Please note that information you send to us electronically may not be secure when it is transmitted to us, depending on the systems and communication channels you use. We recommend that you do not use insecure channels to communicate confidential information to us.

LEGAL

United States – California
The California Consumer Privacy Act of 2018 (CCPA), in effect January 1, 2020, provides California residents with several rights regarding their online privacy. ampliFI complies with the CCPA, including the rights of any California resident to:

• Request disclosure of ampliFI’s business data collection and sale practices. Data collection practices are disclosed elsewhere in this policy; ampliFI does not sell consumer data.
• Request a copy of the specific personal information collected. The CCPA allows for up to two personal information requests during any twelve-month period. ampliFI will respond to requests within 45 days. Requests may be made through the toll-free call center number or via email to privacy@amplifiloyalty.com.
• Have such information deleted (with exceptions). ampliFI cannot delete a consumer’s information as long as the consumer is an active user of company services as the personal information is required in order to service the consumer; this continued use is allowed under the CCPA. To stop being an active user of ampliFI services, a consumer may need to opt out of ampliFI’s platform through their participating Financial Institution, ampliFI’s platform, or both.
• Request your personal information not be sold to third parties, if applicable. Note that ampliFI does not resell consumer information.
• Not be discriminated against because you exercised any of the new rights.

Some of these practices, as well as other aspects of the CCPA, are covered throughout this policy and apply to all users of ampliFI’s platform.

Some business processes may involve providing consumer information to a third party. Beyond what is described elsewhere in this policy, those processes may include:

• Auditing legal or regulatory compliance.
• Security services such as anti-fraud measures and data breach detection.
• Account services including point redemption if redemption is performed by a third party.

In all such instances, information is shared only to the extent necessary to fulfill the process.

Europe/European Union
Data protection law in Europe requires a “lawful basis” for collecting and retaining personal information from residents of the European Economic Area. Our lawful bases include:

• Performing the contract we have with you: In certain circumstances, we need your personal data to comply with our contractual obligation to deliver our services, and assist with any questions you may have.
• Legal compliance: Sometimes the law says we need to collect and use your data.
• Legitimate interests: This is a term in data protection law that allows us to process your personal information if we have a fair reason to use your data, and only if we do so in ways which do not hurt your interests and rights. We sometimes require your data to pursue our legitimate interests in running our business, including to process your redemption and purchase transactions, maintain your account, prevent fraud, quality assurance, and for marketing purposes, as long as our use of your data does not materially impact your rights, freedom or interests. This allows us to improve and develop the quality of the online experience we offer all our users.

KNOW YOUR OPTIONS

Users or website visitors residing in certain countries, such as those in the EU, are afforded certain rights regarding their personal information. Except where an exception or exemption applies, these rights may include the ability to access, correct, and request deletion of your personal information. While these rights are not globally applicable, our customers are entitled to access the personal information that we hold, if any, concerning them.

Keeping your account information up-to-date is very important. You may review or update certain account information by logging in and accessing your profile, depending on the ampliFI product or service portal used. If you cannot change the incorrect information online, or you prefer to request changes offline, please contact us as described below. Please note that we may retain and process certain information as required by law or as necessary for our legitimate business purposes.

ampliFI has appointed a Data Protection Officer (DPO) who is responsible for monitoring and ensuring compliance with this Privacy Policy, acting as a point of contact for data protection queries, managing ampliFI’s response to privacy-related incidents, and updating this Policy as necessary. If you have any questions about your rights related to information ampliFI possesses, or if you have any privacy questions or concerns about how ampliFI processes your personal data, please contact our DPO by emailing privacy@amplifiloyalty.com.

If you have contacted ampliFI and have further questions about how to protect yourself, or if you have any concerns about how ampliFI handles or processes your personal information, you may contact the data protection authority for your area:

• U.S. Residents: Visit the Federal Trade Commission Consumer Information website at https://www.ftc.gov.
• E.U. Residents: Visit the European Commission website at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm, and find the data protection authority for your country.

REVISIONS TO THIS ONLINE PRIVACY POLICY

We may change this Online Privacy Policy from time to time. When we do, we will let you know by appropriate means such as by posting the revised policy on this page with a new “Last Updated” date. Any changes to this Online Privacy Policy will become effective when posted unless indicated otherwise. This Privacy Policy was last updated and is effective beginning January 23, 2020.