ACHIEVERS PLATFORM PRIVACY STATEMENT
Last updated: May 25, 2018
Achievers (“we,” “our,” or “us”) recognizes the importance of privacy in providing our employee recognition and rewards solution (the “Services”) to our business customers (“Customers”). The Services include a platform (the “Platform”) accessible by employees and other authorized users (“Members,” “you,” or “your”) of our Customers. You have been given access to this Platform by one of our Customers (your “Employer”).
This Platform Privacy Statement (the “Platform Privacy Statement”) describes how we collect, use, disclose, and otherwise process personal data about Members related to the Service (the “Member Data”), on behalf of our Customers.
For the purposes of EU data protection laws, Achievers is a data processor and our Customers are the data controllers of the Member Data. Achievers has certified its compliance to the Privacy Shield Principles (the “Principles”) with respect to the Member Data that we process on behalf of our Customers established in the European Union. For more information about our Privacy Shield commitment, refer to the Privacy Shield section below. This Platform Privacy Statement only applies to Achievers; it does not apply to your Employer, nor to its activities with respect to Member Data, the Platform, or the Services. You should consult with your Employer for more information about your Employer’s privacy policies.
Information Collected Related to Platform and Services
Achievers recognizes the importance of privacy and principles of data minimization and privacy by design. As noted above, we collect and process Member Data as directed by your Employer (who is the data controller). This means that ultimately, your Employer controls the processing of your Member Data.
Member Data is provided to Achievers by our Customers and by Members. For instance, your Employer may provide us with your name, position, business contact details, and other data about you, so that we can make the Platform available to you. Also, you may choose to provide your Member Data to us (e.g., to redeem points for products on the Platform) and Member Data about other Members (e.g., to recognize a colleague for something).
Sensitive Data. Achievers does not wish to receive, nor does it intentionally collect, sensitive Member Data from Customers or Members. If we receive any Member Data that contains sensitive Member Data, we will treat it in accordance with this Platform Privacy Statement and will only process such data on behalf of and under the instructions of your Employer.
Automatically Collected Data. Achievers may automatically collect the following information about the use of the Services through cookies, web beacons, and other technologies: domain name; browser type and operating system; IP address; access time; device ID, name and model; location and language information, the length of time you are logged into the Platform; page views and referring URL; and your activities within the Platform. We may combine this information with other information that we have collected about you, including, where applicable, your user name, name, and other Member Data. Please see the section Purposes of Use and Processing” below for more information.
Purposes of Use and Processing
Achievers will only collect, use, disclose, and otherwise process Member Data under the instructions of your Employer, as you instruct, or where otherwise permitted or required by law. Achievers does so on behalf of Customers, to provide the Services and as otherwise directed by you or your Employer under the terms of our commercial agreement (the “Customer Agreement”). Subject to any requirements or restrictions in our Customer Agreements, we generally process Member Data as follows:
Cookies. Achievers uses a browser feature called a “cookie” to allow Members to interact with the Platform. A cookie is a small text file that is placed on your computer by a website. Cookies contain a unique session identification number, the IP address of the request origin, and the last access time. You can manage how your browser responds to cookies, including by blocking cookies, notifying you when you receive a cookie, and allowing you to delete certain cookies. However, if you block or disable cookies, you will not be able to use some of the features available on the Platform.
“Do not track” browser setting. The Platform does not respond to web browser “do not track” (DNT) settings or headers. However, Achievers does not track Member Data of Members on the Platform over time, across third party web sites or online services. Achievers also does not authorize or enable any third party to collect Platform usage Member Data through any advertising technology.
Email. Achievers uses images imbedded in e-mail messages called “web beacons”. Web beacons are clear images that allow Achievers to determine if a message has been opened. It also allows Achievers to determine the IP address of the user that opened it and to access any Achievers cookies. We may use this information in the aggregate to assess and improve our email messages. Email web beacons can be disabled by turning off HTML display and displaying text only or by turning off image display while still using HTML within your email client.
DISCLOSURE OF MEMBER DATA
We generally disclose Member Data under the following circumstances:
Affiliated Entities. Achievers is a part of the Blackhawk global group of companies, and we may share Member Data with our affiliated businesses (“Affiliates”) who provide services to us or on our behalf, as part of our business operations and administration of the Services. We have executed written agreements with such Affiliates that impose appropriate safeguards for the protection of Member Data in compliance with applicable privacy laws.
Agents and Service Providers. Achievers may share Member Data with selected third parties (“Service Providers”) who provide services to us or on our behalf, subject to our written instructions. For example, we may work with fulfillment partners spanning multiple international jurisdictions who are responsible for the delivery of product redemptions; in that case, the relevant Service Provider is provided with certain Member Data when Members would like to redeem a reward offered in the Platform, which may include Members’ physical mailing address, email and name.
Achievers has contractual agreements with Service Providers which require them to provide protection as required by the Privacy Shield Principles. Achievers does not transfer Member Data to a third party for its own use. Achievers may be liable under the Principles if one of its third-party processors processes Member Data in a manner inconsistent with the Principles, if Achievers is responsible for the event giving rise to the damage.
Your Employer. As a processor, Achievers will disclose Member Data to your Employer. Your Employer and its designated administrator(s) may be able to access all information you provide to the Platform, including information you post or send through it, and information regarding any transactions or redemptions you make on the Platform. For example, your Employer may need your Member Data for the purpose of calculating, deducting and/or paying income tax in respect taxable benefits in accordance with your Employer’s policies and applicable law. Achievers has no control, and is not responsible for how your Employer may access, use and disclose Member Data. For more information on how your Employer may collect, use, disclose, or otherwise process your Member Data, please contact your Employer.
Public Areas: Some areas of our Platform may allow you to upload or publish your own content to an area of the Platform that may be viewed by all other Members who have access to your Employer’s Platform, such as your colleagues (“Posting”). You may also make Postings external to the Platform (e.g., social media). Such Postings may be associated with your name and any Member Data that you choose to include in such Posting. Achievers cannot control, and is not responsible for how any third parties, including your colleagues and/or your Employer, may use such information. If you choose to include Member Data in a Posting you post on the Platform, you consent to the disclosure of that Member Data. If you do not wish to publish your Member Data in this manner, please do not include it in a Posting you post to any area of the Platform that may be viewed by other users. You may not include the Member Data of any other individual in your Postings unless you have their consent.
Other Disclosures. Achievers reserves the right to transfer any Member Data in the event that we merge with or are acquired by a third party. Achievers may also use, or disclose Member Data to third parties, if Achievers has reason to believe that using or disclosing such information is necessary to: (i) conduct investigations of possible breaches of law; (ii) identify, contact, or bring legal action against someone who may be violating an agreement they have with us; (iii) investigate security breaches or cooperate with government authorities pursuant to a legal matter; or (iv) to protect our rights, safety or property, and/or the rights, safety, and property of our Customers, Members of our Platform, and any other persons. Lastly, we may disclose Member Data for any other purpose to which you have provided your Employer with consent.
Achievers’ Services are provided to employers – our Customers – and their employees – the Members – and are not directed towards children or the general public. The Platform is not designed for or intended to be used by children under sixteen (16) years old.
The security of your Member Data is important to us. We have implemented safeguards to protect the Member Data submitted to us, both during transmission and once it is received, including encrypting the transmission information (where appropriate). If you have any questions about the security of your Member Data, you can contact us at email@example.com.
DATA INTEGRITY AND PURPOSE LIMITATION
Achievers will take steps to keep your Member Data accurate, complete and up-to-date. Members will have the ability to review much of the Member Data we have collected about them on the Platform. To make a request (e.g., access or correction of your Member Data), please see the “Data Subject Rights” section below.
Your Member Data will be retained when you are a Member or for a reasonable time thereafter, or as required by applicable law or contractual requirements. When Achievers is no longer required to retain your Member Data, we will securely destroy your Member Data based on our data disposal policies and applicable law, or return the data to your Employer for destruction at its request.
DATA SUBJECT RIGHTS
Members have rights to access Member Data about them, and to limit use and disclosure of their Member Data. Pursuant to applicable data protection laws, Achievers’ internal policies and practices, and our Privacy Shield certification, Achievers has committed to respecting those rights. You may review much of your Member Data in the Platform. If you would like to exercise your rights under EU or other applicable privacy laws to access, amend, or request deletion of your Member Data, or make other requests regarding your Member Data, you should contact your Employer and we will work with your Employer, as needed, to assist them with information that they may need to respond to your requests.
Achievers will only refuse access to information about you in those circumstances permitted or required by applicable privacy laws. If Achievers refuses access to you, it will provide you with the reasons for its refusal upon request. Exceptions may include information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege. Achievers will respond to your requests for access in accordance with applicable privacy laws.
ENFORCEMENT AND DISPUTE RESOLUTION
Achievers will conduct periodic assessments to validate its continued adherence to this Platform Privacy Statement. If you have a question or dispute about our handling of your Member Data, please contact us at using the information in the “Contact Us” section below.
Achievers will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of Member Data in accordance with the principles contained in this Platform Privacy Statement. Achievers agrees to cooperate with data protection authorities located in the European Union or authorized representatives for disputes received from the European Union. All other disputes that cannot be resolved between Achievers and the complainant will be handled in accordance with applicable dispute resolution procedures through our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, binding arbitration may be an option when other dispute resolution procedures have been exhausted.
Subject to our Customer Agreements, the Member Data that we collect from you may be transferred to, processed, or stored at a location outside the local jurisdiction. This means that Achievers may be required to disclose your Member Data in response to lawful requests by public authorities, including by the U.S. Federal Trade Commission, the courts, law enforcement, or national security authorities in that other jurisdiction.
We will take steps to ensure that your Member Data receives an equivalent level of protection as required by laws of that jurisdiction, including by entering into data transfer agreements, using the European Commission-approved standard contractual clauses for transfers to processors in third countries (“SCCs”), or by relying on other mechanisms approved by the European Commission, such as the EU - US Privacy Shield. For transfers to our Affiliates in the United States and other jurisdictions that the European Commission does not consider to provide adequate protection to Member Data, we have put in place the SCCs and other measures where required by Customers.
EU-U.S PRIVACY SHIELD
Achievers participates in and has certified its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Framework. Achievers is committed to subjecting all Member Data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.
Achievers is responsible for the processing of your Member Data that it receives under the Privacy Shield Framework and subsequently transfers to a Service Provider. Achievers complies with the Privacy Shield Principles for all onward transfers of Member Data from the EU, including the onward transfer liability provisions.
If you have any questions or concerns about your Member Data held by Achievers or about the compliance by Achievers with Achievers Platform Privacy Statement, please contact our Privacy Office or contact your Program Administrator.
By Regular Mail:
Attn: Privacy Office
6220 Stoneridge Mall Road
Pleasanton, CA 94588
Achievers reserves the right to change this Platform Privacy Statement from time-to-time. Achievers will provide notification of any material changes to this Platform Privacy Statement through the Achievers Platform in the form of a banner, pop-up or other methods of notification.