THIS POLICY SETS OUT THE PRACTICES OF JADE FIRES, LLC DBA TREZORO (“TREZORO,” “WE, “US,” OR “OUR”) AND THE RIGHTS AND CHOICES AVAILABLE TO INDIVIDUALS, REGARDING PERSONAL DATA.
- TREZORO and our affiliates own and operate the website www.trezoroloyalty.com and any mobile application associated with such website (collectively, the “Platform”).
- We are the data controller and the data processor. Amazon Web Services, our partner, acts as a sub-processor of data.
THIS POLICY APPLIES TO ALL PLATFORM USERS AND THEIR CLIENTS
- We handle data in our own right and also for and on behalf of Platform users and their clients.
- If, at any time, an individual provides data or other information about someone other than himself or herself, the individual warrants that they have that person's consent to provide such information for the purpose specified.
WE COLLECT PERSONAL AND CONTACT INFORMATION. TOGETHER WITH A VARIETY OF OTHER DATA
- In the course of business it is necessary for us to collect data. This information allows us to identify who an individual is for the purposes of our business, share data as necessary for the operation of the Platform, contact and transact with individuals in the ordinary course of business.
- Without limitation, the type of information we may collect is:
- Personal Information. When you register for an account on the Platform, we may collect such personal data as (including, but not limited to) an individual’s name, email address, IP address, mailing address, telephone number, date of birth, geographical location, gender, preferences, interests and other information that allows us to identify who that individual is.
- Third party accounts. We may link your account with a third party (such as Facebook or Twitter) to enable certain functionality, which allows us to obtain information from those accounts (including your profile picture, friends list or their contacts). The information we may obtain from those services often depends on your settings and/or their privacy policies.
- Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other users;
- Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes; and
- Information an individual sends us. We may collect any communications, feedback, correspondence and contracts that an individual sends us, is created by using the Platform, or that is sent to us by others about the individual’s activities, including activities with our third party partners.
- Transaction History. We may collect transaction data such as date, time, transaction amount, product details, use of discounts, transaction ID and where the transaction was made when you visit one of our merchants.
- We may also collect non-personal data, which does not, on its own, permit direct association with any specific individual; such non-personal data may information with respect to a user’s computer, network and browser.
WE COLLECT INFORMATION WHEN YOU REGISTER AND FROM OTHER SOURCES, INCLUDING BUSINESS PARTNERS
- Most information will be collected in association with an individual’s registration and use of the Platform, an enquiry about the Platform or generally dealing with us or the Platform.
- We may also receive data from other sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners.
- As there are many circumstances in which we may collect information both electronically and physically, we will endeavor to ensure that an individual is always aware of when their data is being collected. We may also collect anonymous data such as traffic and transaction statistics, which may be used and shared on an aggregated and anonymous basis, or to improve our service.
DATA STORAGE AND SECURITY
- Security is our top priority. That’s why we’ve partnered with a first-rate cloud storage provider, Amazon Web Services (“AWS”). AWS is one of the safest and most flexible cloud systems available. The data that we collect from you will be stored on the servers of AWS. Your data is stored and safeguarded by a SSL Encryption which allows for security with a 99.8% uptime. Some data will be stored in EEA for testing purposes.
- For security policies refer to Amazon Web Services Security policy ( https://aws.amazon.com/security/).
- We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
- If we suspect any personal data breach, we will notify you and any applicable regulator of a breach where we are legally required to do so.
- If a user suspects any misuse or loss of, or unauthorised access to, his/her personal data, he/she should let us know immediately.
DATA IS USED IN CONNECTION WITH OPERATION OF THE PLATFORM AND DISCLOSED TO LIMITED THIRD PARTY PARTNERS TO IMPROVE OUR SERVICES, TO REGULATORS AND AS REQUIRED BY LAW
- In general, the primary principle is that we will not use any data other than in connection with the operation of the Platform and for the purpose for which it was collected, except with the individual’s permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
- From time to time we may provide your information to our third party partners (such as Clover, Facebook, SendGrid, and MailChimp) or customer service agencies for research and analysis purposes so that we can monitor and improve the services we provide. The use of your personal data by such third parties are subject to their privacy and security policies. We are not responsible for the privacy or security practices of any third party.
- We may also provide to third parties anonymous data such as traffic, IP addresses and transaction statistics, which may be used and shared on an aggregated and anonymous basis, or to improve our service. Unless with express consent and subject to any opting-out, we will not rent or sell any other data to any third parties under any circumstances.
- It may be necessary for us to disclose an individual’s data to third parties in a manner compliant with the GDPR, CCPA or CalOPPA in the course of our business, including:
- As required by any law, act or regulation (including the GDPR, CCPA or CalOPPA); and/or
- In order to sell our business (as we may transfer data to a new owner).
- We may disclose an individual’s data (including without notice) where we reasonably believe or suspect that an individual may be engaged in fraudulent, deceptive or unlawful activity and shall not be limited from cooperating with any regulatory authority (including if we receive any written demand).
- A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Platform.
- Types of cookie
- ‘Session’ cookies remain in your browser until you leave the website.
- ‘Persistent’ cookies remain in your browser after the session.
- ‘Performance’ cookies are used to improve a website and gather information about your use of the website; they do not collect personally identifiable information, and the information collected is aggregated such that it is anonymous.
- ‘Functionality’ cookies allow a website to remember any choices you make about the website or enable services such as commenting on a blog.
- ‘Targeting cookies’ record your visit to the Platform, the pages you have visited and the links you have followed.
- Cookies in use by Trezoro
Expires: End of session /16 hours
We use this cookie to keep you logged in, after you have completed log in.
Expires: 30 minutes
Standard Functionality cookie.
Expires: 5 minutes
Standard Functionality cookie.
Expires: 24 hours
Standard Functionality cookie.
Expires: 730 days
Standard Performance Cookie.
Expires: 3 months
Standard Performance Cookie.
Expires: End of session
Standard Functionality Cookie.
Expires: 1 month
Standard Functionality Cookie.
Facebook Cookies: fr, wd, datr, c_user, presence, _fbp, sb, xs
Others: _hjTLDTest (Trezoro), 1P_Jar (gstatic.com)
DO NOT TRACK DISCLOSURES
- We track our customers over time and across third party websites and therefore Trezoro (Platform) does not respond to Do Not Track (DNT) requests.
- We may combine the personal information we receive from or about you, including information you provide to us and information we automatically collect through the Platform, as well as information across other computers or devices that you use, with information we collect or receive about you from other online and offline sources, or from other third party sources. In addition, one of the special features of the Platform is that it allows you to integrate various online third-party services, such as social media and social networking services (“Third-Party Services”), directly into your Trezoro experience. To take advantage of this feature, we will ask you to provide us your username and password for the relevant Third-Party Services. By enabling such Third-Party Services, you are allowing us to pass your Third-Party Service log-in information to these Third-Party Services for this purpose. When you add a Third-Party Service account to the Platform, we will collect your Third-Party Service login information and other relevant information necessary to enable the Platform to access that Third-Party Service and your data contained within that Third-Party Service. However, please remember that the Third-Party Services may use, store and disclose your personal information differently, as described in their policies, and Trezoro shall have no liability or responsibility for the privacy practices or other actions of any Third-Party Service.
YOU MAY OPT OUT OF DATA COLLECTION, BUT THIS MAY PREVENT OR LIMIT USE OF THE PLATFORM
- You may opt to not have us collect your data. This may prevent us from offering some or all of our services and may terminate your access to some or all of the services you access through the Platform. You will be aware of this when:
- (a) Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
- (b) Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
- If you believe that you have received information from us that you did not opt in to receive or that you opted out to receive, you should contact us using the contact information below.
YOU MUST UPDATE YOUR INFORMATION AND MAY REQUEST A COPY OF YOUR DATA WE HAVE COLLECTED
- You have the right to request from us the data that we have about you.
- If an individual cannot update his or her own information, we will correct any errors in the data we hold about an individual within 7 days of receiving written notice from him/her about any such errors.
- It is an individual’s responsibility to provide us with accurate and truthful data. We cannot be liable for any information that is provided to us that is incorrect.
WE MAY CHANGE THIS POLICY BY PUBLISHING AN UPDATE ONLINE
- Our Platform does not address anyone under the age of 18 (“Child” or "Children"). We do not knowingly collect personal data from anyone under the age of 18. If you are a parent or legal guardian and you are aware that your Child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a Child without verification of parental consent, we take steps to remove that information from our servers.
YOUR INDIVIDUAL LEGAL RIGHTS
You have a number of rights in relation to your personal data and may exercise them by contacting us at email@example.com
- RECTIFICATION: You can ask us to update any incomplete or incorrect data we hold about you
- ERASURE: You can ask us to delete or remove your personal data
- ACCESS: You can ask us for a copy of the personal data we hold about you
- RESTRICTION: You can ask us to restrict processing of certain personal data of yours
- PORTABILITY: You can ask us to transfer your personal data to another party
- OBJECTION: Where we are processing your personal data based on legitimate interests (or those of a third party) you may challenge this at any time. We may however, be entitled to continue processing your information based on our legitimate interests. You have the right to object to the processing of your personal data for direct marketing purposes.
ANY COMPLAINTS OR DISPUTES SHOULD BE ADDRESSED IN WRITING
- If you have a complaint about our handling of your data, you should first address your complaint in writing to us (use the contact information found below).
- If we have a dispute regarding an individual’s data, we will also attempt to resolve the issue directly together with such individual.
- If we become aware of any unauthorized access to an individual’s data we will inform such individual at the earliest practical opportunity once we have established what was accessed and how it was accessed.
- You also have the right to make a complaint at any time to a supervisory authority (for more information go to https://edpb.europa.eu/about-edpb/board/members_en).
RETENTION OF YOUR PERSONAL DATA
We expect to retain Personal Data for as long as necessary to fulfil the purposes for which it was obtained, subject to our own legal and regulatory obligations. The criteria we may use to determine the retention period for certain categories of data includes:
Contractual or legal obligations that may exist and require us to retain the data for a certain period of time;
Any ongoing legal or financial claim that relates to your relationship with us;
If we believe there is any applicable law, statute, or regulation allows for a specific retention period; and
what the expectation for retention was at the time the data was provided to us.
In general, we may retain an account and personal data for at least five years (and some up to ten years, as required by applicable law) after a merchant account is closed.
- All correspondence with regards to privacy should be addressed to:
- The Data Controller