ACHIEVERS PLATFORM PRIVACY STATEMENT
Last updated: April 1, 2019
Achievers (“we,” “our,” or “us”) recognizes the importance of privacy in providing our employee recognition and rewards solution (the “Services”) to our business customers (“Customers”). The Services include a platform (the “Platform”) accessible by employees and other authorized users (“Members,” “you,” or “your”) of our Customers. You have been given access to this Platform by one of our Customers (your “Employer”).
This Platform Privacy Statement (the “Platform Privacy Statement”) describes how we collect, use, disclose, and otherwise process personal information about Members related to the Service (the “Member Data”), on behalf of our Customers.
For the purposes of European Union (“EU”) or United Kingdom (“UK”) data protection laws, Achievers is a data processor and our Customers are the data controllers of the Member Data. Achievers has certified its compliance to the Privacy Shield Principles (the “Principles”) with respect to the Member Data that we process on behalf of our Customers established in the European Union, United Kingdom and Switzerland. For more information about our Privacy Shield commitment, refer to the EU-U.S Privacy Shield section below. This Platform Privacy Statement only applies to Achievers; it does not apply to your Employer, nor to its activities with respect to Member Data, the Platform, or the Services. You should consult with your Employer for more information about your Employer’s privacy policies.
INFORMATION COLLECTED RELATED TO PLATFORM AND SERVICES
Achievers recognizes the importance of privacy and principles of data minimization and privacy by design. As noted above, we collect and process Member Data as directed by your Employer (who is the data controller). This means that ultimately, your Employer controls the processing of your Member Data.
Member Data is provided to Achievers by our Customers and by Members. For instance, your Employer may provide us with your name, position, business contact details, and certain other relevant data about you, so that we can make the Platform available to you. Also, you may choose to provide your Member Data to us (e.g., to redeem points for products on the Platform) and Member Data about other Members (e.g., to recognize a colleague for something).
Sensitive Data. Achievers does not wish to receive, nor does it intentionally collect, sensitive Member Data from Customers or Members. If we receive any Member Data that contains sensitive Member Data, we will treat it in accordance with this Platform Privacy Statement and will only process such data on behalf of and under the instructions of your Employer.
Automatically Collected Data. Achievers may automatically collect the following information about the use of the Services through cookies, web beacons, and other technologies: domain name; browser type and operating system; IP address; access time; device ID, name and model; location and language information, the length of time you are logged into the Platform; page views and referring URL; and your activities within the Platform. We may combine this information with other information that we have collected about you, including, where applicable, your user name, name, and other Member Data. Please see the section Purposes of Use and Processing” below for more information.
PURPOSES OF USE AND PROCESSING
Achievers will only collect, use, disclose, and otherwise process Member Data under the instructions of your Employer, as you instruct, or where otherwise permitted or required by law. Achievers does so on behalf of Customers, to provide the Services and as otherwise directed by you or your Employer under the terms of our commercial agreement (the “Customer Agreement”). Subject to any requirements or restrictions in our Customer Agreements, we generally process Member Data as follows:
Cookies. Achievers website uses a browser feature called a “cookie” to allow Members to interact with the Platform. A cookie is a small text file that is placed on your computer by a website. Cookies contain a unique session identification number, the IP address of the request origin, and the last access time. You can manage how your browser responds to cookies, including by blocking cookies, notifying you when you receive a cookie, and allowing you to delete certain cookies. However, if you block or disable cookies, you will not be able to use some of the features available on the Platform.
“Do not track” browser setting. The Platform does not respond to web browser “do not track” (DNT) settings or headers. However, Achievers does not track Member Data of Members on the Platform over time, across third party web sites or online services. Achievers also does not authorize or enable any third party to collect Platform usage Member Data through any advertising technology.
Web Beacon. Achievers uses images embedded in e-mail messages called “web beacons”. Web beacons are clear images that allow Achievers to determine if a message has been opened. It also allows Achievers to determine the IP address of the user that opened it and to access any Achievers cookies. We may use this information in the aggregate to assess and improve our email messages. Email web beacons can be disabled by turning off HTML display and displaying text only or by turning off image display while still using HTML within your email client.
DISCLOSURE OF MEMBER DATA
We generally disclose Member Data under the following circumstances:
Affiliated Entities. Achievers is part of the Blackhawk global group of companies, and we may share Member Data with our affiliated businesses (“Affiliates”) who provide services to us or on our behalf, as part of our business operations and administration of the Services. Where relevant, we have executed written agreements with such Affiliates that impose appropriate safeguards for the protection of Member Data in compliance with applicable privacy laws.
Agents and Service Providers. Achievers may share Member Data with selected third parties (“Service Providers”) who provide services to us or on our behalf, subject to our written instructions. For example, we may work with fulfillment partners spanning multiple international jurisdictions who are responsible for the delivery of product redemptions; in that case, the relevant Service Provider is provided with certain Member Data when Members would like to redeem a reward offered in the Platform, which may include Members’ physical mailing address, email and name.
Where relevant, Achievers has contractual agreements with Service Providers, which require them to provide protection as required by the Privacy Shield Principles. Achievers does not transfer Member Data to a third party for the third party’s own use. Achievers may be liable under the Principles if one of its third party processors processes Member Data in a manner inconsistent with the Principles, if Achievers is responsible for the event giving rise to the damage.
Your Employer. As a processor, Achievers will disclose Member Data to your Employer. Your Employer and its designated administrator(s) may be able to access all information you provide to the Platform, including information you post or send through it, and information regarding any transactions or redemptions you make on the Platform. For example, your Employer may need your Member Data for the purpose of calculating, deducting and/or paying income tax in respect taxable benefits in accordance with your Employer’s policies and applicable law. Achievers has no control, and is not responsible for how your Employer may access, use and disclose Member Data. For more information on how your Employer may collect, use, disclose, or otherwise process your Member Data, please contact your Employer.
Member Content: Some areas of our Platform may allow you to upload or publish your own content to an area of the Platform that may be viewed by some or all other Members who have access to your Employer’s Platform, such as your colleagues (“Posting”). You may also make Postings external to the Platform (e.g., on social media). Such Postings may be associated with your name and any Member Data that you choose to include in such Posting. Achievers cannot control, and is not responsible for how any third parties, including your colleagues and/or your Employer, may use such information. If you choose to include Member Data in a Posting you post on the Platform, you consent to the disclosure of that Member Data. If you do not wish to publish your Member Data in this manner, please do not include it in a Posting you post to any area of the Platform that may be viewed by other users. You may not include the Member Data of any other individual in your Postings unless you have their consent.
Other Disclosures. If Achievers is involved in a merger, acquisition, or sale of all or a portion of its assets, or in the event of a bankruptcy or dissolution of our business, your personal information may be transferred to an acquiring business or third party, including in contemplation of or related to due diligence for such business transactions, subject to any applicable restrictions under applicable laws. Achievers may also use, or disclose Member Data to third parties, if Achievers has reason to believe that using or disclosing such information is necessary to: (i) conduct investigations of possible breaches of law; (ii) identify, contact, or bring legal action against someone who may be violating an agreement they have with us; (iii) investigate security breaches or cooperate with government authorities pursuant to a legal matter; or (iv) to protect our rights, safety or property, and/or the rights, safety, and property of our Customers, Members of our Platform, and any other persons. Lastly, we may disclose Member Data for any other purpose to which you have provided your Employer with consent.
Achievers’ Services are provided to employers – our Customers – and their employees – the Members – and are not directed towards children. The Platform is not designed for or intended to be used by children under sixteen (16) years old (“minors”) and we do not knowingly collect data from minors.
The security of your Member Data is important to us. We have implemented safeguards designed to protect the Member Data submitted to us, both during transmission and once it is received, including encrypting the transmission information (where appropriate). However, please note that no transmission over the Internet is 100% secure. If you have any questions about the security of your Member Data, you can contact us at firstname.lastname@example.org.
DATA INTEGRITY AND PURPOSE LIMITATION
Achievers will take steps to keep your Member Data accurate, complete and up-to-date. Members will have the ability to review much of the Member Data we have collected about them on the Platform. To make a request (e.g., access or correction of your Member Data), please see the “Your Rights” section below.
Members have rights to access and review Member Data about them, and in some cases to limit use and disclosure of their Member Data. Pursuant to applicable data protection laws, Achievers’ internal policies and practices, and our Privacy Shield certification, Achievers has committed to respecting those rights. You may review much of your Member Data in the Platform. If you would like to exercise your rights under applicable privacy laws to access, amend, or request deletion of your Member Data, or make other requests regarding your Member Data, you should contact your Employer and we will work with your Employer, as needed, to assist them with information that they may need to respond to your requests.
Achievers will only refuse access to information about you where permitted or required by applicable privacy laws. If Achievers refuses access to you, it will provide you with the reasons for its refusal upon request. Exceptions may include information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege. Achievers will respond to your requests for access in accordance with applicable privacy laws.
ENFORCEMENT AND DISPUTE RESOLUTION
Achievers will conduct periodic assessments to validate its continued adherence to this Platform Privacy Statement. If you have a question or dispute about our handling of your Member Data, please contact us at using the information in the “Contact Us” section below.
Achievers will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of Member Data in accordance with the principles contained in this Platform Privacy Statement. Achievers agrees to cooperate with data protection authorities located in the European Union or authorized representatives for disputes received from the European Union. All other disputes that cannot be resolved between Achievers and the complainant will be handled in accordance with applicable dispute resolution procedures through our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, binding arbitration may be an option when other dispute resolution procedures have been exhausted.
Subject to our Customer Agreements, the Member Data that we collect from you may be transferred to, processed, or stored at a location outside the local jurisdiction. This means that Achievers may be required to disclose your Member Data in response to lawful requests by public authorities, including by the U.S. Federal Trade Commission, the courts, law enforcement, or national security authorities in that other jurisdiction.
We will take steps to ensure that your Member Data receives an equivalent level of protection as required by laws of that jurisdiction, including by entering into data transfer agreements, using the European Commission-approved standard contractual clauses for transfers to processors in third countries (“SCCs”), or by relying on other mechanisms approved by the European Commission, such as the EU - US Privacy Shield. For transfers to our Affiliates in the United States and other jurisdictions that the European Commission does not consider to provide adequate protection to Member Data, we have put in place the SCCs and other measures where required by Customers.
EU-U.S PRIVACY SHIELD
Blackhawk Network, Inc. and the subsidiary companies listed below, including Achievers complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information, including Member Data, transferred from the European Union and the United Kingdom and/or Switzerland to the United States in reliance on Privacy Shield.
Achievers and the above companies have certified to the Department of Commerce that they adhere to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this Platform Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Achievers is responsible for the processing of your personal information that it receives under the Privacy Shield Framework and subsequently transfers to a Service Provider. Achievers complies with the Privacy Shield Principles for all onward transfers of personal information from the EU, the United Kingdom, and/or Switzerland, including the onward transfer liability provisions. To learn more about the Privacy Shield program, and to view our certification, please click here.
With respect to personal information received or transferred pursuant to the Privacy Shield Framework, Blackhawk is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Blackhawk may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. We are committed to cooperating in the resolution of disputes with individuals through this process.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
If you have any questions or concerns about your Member Data held by Achievers or about the compliance by Achievers with Achievers Platform Privacy Statement, please contact our Privacy Office or contact your Program Administrator as indicated below.
By Regular Mail:
Attn: Privacy Office
6220 Stoneridge Mall Road
Pleasanton, CA 94588
Achievers reserves the right to change this Platform Privacy Statement from time-to-time. Achievers will provide notification of any material changes to this Platform Privacy Statement through the Achievers Platform in the form of a banner, pop-up, or other methods of notification.