Blackhawk Short‑Form Privacy Notice
| WHAT DOES BLACKHAWK DO |
WITH YOUR PERSONAL INFORMATION?
| Why? || Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do. |
| What? || The types of personal information we collect and share depend on the product or service you have with us. This information can include: |
When you are no longer our customer, we continue to share your information as described in this notice.
- Social Security number and payment history
- account balances and account transactions
- transaction history and purchase history
| How? || All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Blackhawk chooses to share; and whether you can limit this sharing. |
| Reasons we can share your personal information || Does Blackhawk share? || Can you limit this sharing? |
| For our everyday business purposes – |
such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
| For our marketing purposes – |
to offer our products and services to you
| For joint marketing with other financial institutions || Yes || No |
| For our affiliates’ everyday business purposes – |
information about your transactions and experiences
| For our affiliates’ everyday business purposes – |
information about your creditworthiness
We don’t share
| For our affiliates to market to you || No || We don’t share |
| For nonaffiliates to market to you || No || We don’t share |
| Questions? || Call 888-633-9432 |
| Who we are |
| Who is providing this notice? || Blackhawk Network, Inc. (“Blackhawk”) |
| What we do |
| How does Blackhawk protect my personal information? || To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. |
| How does Blackhawk collect my personal information? || We collect your personal information, for example, when you: |
- open an account or provide account information
- give us your contract information or show us your government‑issued ID
- use your credit or debit card
- We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
| Why can’t I limit all sharing? || Federal law gives you the right to limit only: |
State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.
- sharing for affiliates’ everyday business purposes – information about your creditworthiness affiliates from using your information to market to you
- sharing for nonaffiliates to market to you
| Definitions |
| Affiliates || Companies related by common ownership or control. They can be financial and nonfinancial companies. |
Blackhawk’s affiliates include companies with a Blackhawk name and others, such as Cardpool, Inc. and CardLab, Inc.
| Nonaffiliates || Companies not related by common ownership or control. They can be financial and nonfinancial companies. |
Blackhawk does not share with nonaffiliates so they can market to you.
| Joint Marketing || A formal agreement between nonaffiliated financial companies that together market financial products or services to you. |
Blackhawk may partner with nonaffiliated financial companies to jointly market financial products or services to you.
| Other Important Information |
| CA residents: Blackhawk will limit sharing with its affiliates to the extent required by California law. Blackhawk will not share your personal information for joint marketing with other financial institutions. |
VT residents: If Blackhawk shares your personal information for joint marketing with other financial institutions, it will share only your name, contact information, and information about your transactions.
NV residents: We are providing this notice pursuant to Nevada law.
Last Updated: 09/29/2016
Introduction and Scope of Practices.
This Policy explains:
· how we collect, use, and share information from or about you;
· how our online advertisements (such as banner ads) on third‑party sites treat data;
· your choices about our use of your personal information; and
· how you can access and update your information.
Types of Information We Collect
Personally Identifiable Information (“PII”). PII means information or a combination of information that can be used to identify, contact, or locate a specific person. We may collect the following types of PII from you:
· Contact information, such as name, email address, mailing address, fax or phone number;
· Payment and financial information, such as credit or other payment card information, bank account, or billing address;
· Social Security Number or other national tax ID number
· Device geolocation (geographical location)
· Unique identifiers such as user name, account number, or password; and,
· Preference information such as product wish lists, order history, or marketing preferences.
Sometimes, we may combine PII you provide with information from third-party sources. For example, we may confirm your address with the postal service or verify your personal information with a credit-reporting agency. We will treat the combined information in accordance with the terms of this Policy.
Other Information (“OI”). OI is any information other than PII that does not reveal your identity or directly relate to a person. We may collect the following OI from you:
- Information about your business such as company name, company size, or business type;
- Demographic information, such as age, gender, interests and ZIP code;
- Device and other tracking information, such as browser information, device identifiers, operating system, or information gained from cookies, pixels or other tracking technologies.
OI may also include PII we have de‑identified or aggregated to the point where it no longer identifies a particular individual. If we ever combine OI with any PII, we treat it as PII is treated under this Policy. In some jurisdictions, some OI may be considered PII by law. In those cases, we will treat the information as PII is treated under this Policy.
How We Collect Personally Identifiable Information
We collect PII when you provide it to us. This can occur when you fill out applications, create accounts, complete a purchase, add money to your account, send in forms, take surveys, or fill in various online fields on our Sites. We also collect PII when you contact us with inquiries, customer support requests, or employment applications.
We may also collect the PII of third parties when you provide it to us. For example, if you choose to use our service to send a gift to a friend or register a family member for an account, we will ask you for your their name and address or email address. In addition, we may collect third party PII through our “Refer a Friend” program. Blackhawk stores this information for the sole purpose of completing the transaction. If you provide PII of a friend or family member and they want us to delete this information, they should contact us at firstname.lastname@example.org. We may not always be able to remove their PII. We will let them know if we cannot do so and why.
How We Use Personally Identifiable Information We Collect
We may use PII we collect for the following purposes:
· to provide you with the Services you requested;
· to verify your identity and/or location in order to allow access to your accounts, conduct online transactions, and secure your PII;
· to send you important information, such as changes to terms, conditions, and policies and/or other administrative information;
· to respond to your inquiries and fulfill your requests;
· to track referrals from partner websites;
· to personalize your experience on a Site by presenting content or offers tailored to you;
· to send you marketing communications you have signed up for or that we believe may be of interest to you;
· to allow you to use various Site features.
o Please note that some features require that you provide PII in order to use them (e.g., many of the features at www.paypower.com) whereas other tools do not. You may request that certain information that you enter into our Sites be stored for future access and use. You have the option not to save the information;
· to assist in verifying your identity and account status when we deal with you through our social media pages . We may combine this information with information we already have;
· to enable you to post your resume, search job postings, and contact or be contacted by Blackhawk for prospective employment;
· for business purposes, including data analysis, audits, developing and improving products and services, enhancing our Sites, identifying usage trends and determining the effectiveness of promotional campaigns; and.
· for risk control, fraud detection and prevention, and compliance with laws and regulations.
Blogs: Some of our Sites offer publicly accessible blogs. Any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at email@example.com. We may not always be able to remove your personal information. We will let you know if we cannot do so and why.
Newsletters: If you subscribe to our newsletters, we will use your name and email address to send them to you. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or accessing the email preferences in your account.
Testimonials: We display personal testimonials of satisfied customers on some of our Sites and in print advertisements. With your consent, we may use your testimonial and your name. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
Geolocation: We may collect your location-based information to help you locate a store offering our products and services in your area. We will only share this information with our mapping provider for the sole purpose of providing you this service.
On some Sites (for example, www.reloadit.com), we collect location-based information for fraud prevention purposes.
You may opt out of location-based services at any time by changing the settings on your device. If you do, you might not be able to use certain features, especially when we use location-based information to prevent fraud.
How We Share Personally Identifiable Information We Collect
Affiliates: To the extent permitted by law, we may provide information about your transactions and experiences with other affiliated Blackhawk entities, including parent companies and subsidiaries.
Service providers: We may provide your PII to companies that provide services to help us with our business activities, such as shipping your order or offering customer service. These companies are authorized to use your PII only as necessary to provide these services.
Product short notices: Some products offered in conjunction with banks have unique data sharing agreements. Blackhawk will make available short privacy notices of each product’s sharing policies on its website.
Additional Disclosure: We may also disclose your PII:
· As permitted or required by law, such as to comply with a subpoena, or similar legal process;
· When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
· If Blackhawk is involved in a merger, acquisition, or sale of all or a portion of its assets. You will be notified by email and/or by a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your PII;
· to any other third party with your prior consent.
How We Collect And Use Other Information
We and certain third‑party service providers with whom we have agreements may collect OI in a variety of ways, including:
Log files: Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files. We may link this data to PII we have collected about you.
You can refuse to accept cookies. Most devices and browsers offer their own privacy settings for cookies and HTML5 local storage. You will need to manage your cookie settings for each device and browser you use. However, if you elect not to accept cookies, your use of the features on our Sites may be limited or impaired, and you may not be able to access certain features of our Sites at all.
Our third party partners use Local Shared Objects, such as Flash cookies, to embed features on our sites. To manage Flash cookies, please click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
Advertising: We partner with a third party to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests. Please note this does not opt you out of being served ads. You will continue to receive generic ads.
Social Media Widgets: Our Sites include social media features, such as the Facebook “Like” button. These features may collect your IP address, identify the page you are visiting on our website, and set a cookie to enable the feature to function properly. Social Media Widgets are either hosted by a third party or hosted directly on our website. The privacy statement of the company providing it governs your interactions with these Widgets. We will comply with any legal obligations placed on the use of these technologies by certain jurisdictions, which may affect how these Widgets function.
Security and Retention
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received, including encrypting the transmission of any sensitive information, such as payment card information. If you have any questions about the security of your personal information, you can contact us at email@example.com.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Image Submissions and Public Directories
Some of our websites offer you the ability to upload your own image to be used to create a personalized product. You may have the option to make these images available in publicly-accessible directories. You should be aware that any information you provide in these areas may be read, collected and used by others who access them. To request removal of your personal information from these public forums, please email us at firstname.lastname@example.org or contact us by postal mail at the contact information listed below. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
User Access and Choice
Upon request Blackhawk will provide you with information about whether we hold any of your personal information. You may access, correct, update, amend, remove, ask to have it removed from a public forum, directory or testimonial on our site or deactivate it by making the change on your account page, emailing us at email@example.com or by contacting us by postal mail at the contact information listed below. We will respond to your request within a reasonable time.
Blackhawk acknowledges that you have the right to access your personal information. Blackhawk may have no direct relationship with some individuals whose personal data it processes. In those situations, an individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to Blackhawk’s partner who has the direct relationship (the data controller). If requested to remove data we will respond within a reasonable timeframe.
“Do Not Track” Preferences
Many browsers provide you an option to request that a web application disable either its tracking and/or cross‑site user tracking of an individual user. We do not track your online activities across different Sites, and we only track your activity within a Site to the extent you log into your account.
Therefore, our practices remain the same whether or not you enable the “Do Not Track” feature.
Protecting Children’s Privacy Online
Our Sites are not directed to individuals under the age of thirteen (13), and we request that such individuals do not provide PII through our Sites. We do not knowingly collect information from children under 13.
If you live in the European Economic Area (“EEA”) or in Canada, the data that we collect from you may be transferred to and stored at a location outside the EEA and Canada. It may also be processed by staff operating outside the EEA and Canada who work for us or for one of our service providers. Among other things, such staff may process and store your information and provide support services. By submitting your personal data, you agree to this transfer, storing or processing. We will ensure that your data is treated securely and in accordance with this Policy.
EU-U.S. Privacy Shield
Blackhawk (and its subsidiary companies Blackhawk Network, Inc., Blackhawk Network California, Inc., Blackhawk Engagement Solutions, Inc., Cardpool, Inc., CardLab, Inc., and Omni Prepaid, LLC) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Blackhawk is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov/list]
Blackhawk is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Blackhawk complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Blackhawk is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Blackhawk may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
U.S. - Swiss Safe Harbor Framework
Blackhawk complies with the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from Switzerland. Blackhawk has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Blackhawk’s certification, please visit https://safeharbor.export.gov/swisslist.aspx.
Updates to This Policy
This Policy is subject to change. Please review it from time to time. If we make changes, we will revise the “Late Updated” date at the top. Any changes will become effective when we post the revised Policy. If we make any material changes we will notify you by email or by means of a notice on this Site prior to the change becoming effective.
Chief Privacy Officer
Blackhawk Network, Inc.
6220 Stoneridge Mall Road
Pleasanton CA 94588