ACHIEVERS PRIVACY NOTICE
Last Updated: October 2, 2020
Previous version is available here.
This Privacy Notice does not include within its scope the Achievers Platform. If you are a Member of the Achievers Platform, any data collected and processed is governed by our agreement with your employer and the Achievers Platform Privacy Notice.
You should read and understand this Privacy Notice because it constitutes the core of our obligations to you when you use this website and when you provide your Personal Information to us, either directly or through automated processes. For your convenience we have summarized several of the most important points, which are:
- We collect and process your personal information in order to provide services to you, either as a direct customer of Achievers, or as a customer of one of the businesses for whom we provide services.
- We also use your personal information for our own legitimate and lawful business interests, including (but not limited to): improving our websites and services, communicating information about our services through direct advertising (such as email) and indirect advertising (such as ads appearing on other websites), conducting fraud detection and prevention activities, maintaining records and communicating notices that are required by law.
- We do not sell your information.
- Data protection laws in your jurisdiction may provide you with rights to access or delete your personal information and this Notice provides you with instructions on how we do this. For example, if you are a resident of the European Union or the State of California in the United States, laws in those jurisdictions grant you specific rights that are discussed below in the section called “Your Rights.”
- We may share your information with service providers, such as those needed to deliver our services to you, and those that provide marketing services and event communications to you , but such service providers are bound by law and contract to only use your information for the purposes we specify.We may receive your information when we function as a service provider for other companies; we are bound by law and contract to only use your information for the purposes they have specified.
- We may receive your information when we function as a service provider for other companies; we are bound by law and contract to only use your information for the purposes they have specified.
- This Notice applies to the Sites operated by Achievers, and covers your personal information whether provided via those channels as well as any information you might provide to us when you call, email, or send postal mail to our Customer Service.
You are strongly encouraged to read this Privacy Notice in its entirety, not just the above highlights, so that you will fully understand our commitment to responsible data governance and the protection of your personal information. Please also note that this Notice may have changed since the last time you read it, so you should make sure that you have familiarized yourself with any terms that may have changed since the last time you read it.
SCOPE OF THIS NOTICE
This Privacy Notice applies to the activities of Achievers. It applies to our usage of your personal data, whether you are an individual consumer (“business to consumer”) or you are interacting with us as part of your job (“business to business”).
This Notice describes how we collect and process your personal information (which includes “personal data” or “personal information” as defined under applicable data protection laws) and the rights you have regarding such data.
This Notice applies to our collection and processing of personal data about users of our Sites, as well as the data we collect during the course of providing our services (the “Services”). It also applies to those channels through which individuals communicate with us about our Sites and Services, whether in person, by telephone, by postal mail, email, or other means.
This Notice only applies to your activities on the Sites. In these instances, we may function as a Controller of your data. This means we define the purposes for which your personal information is processed, and we control the means by which your information is processed. When we act as a Data Controller, we bear the primary responsibility to you, the Data Subject, for protecting your information and honoring your rights.
When we act as a Data Processor on behalf of another Data Controller (such as your employer), we collect, use, and disclose certain personal information only under the Controller’s instruction, and our processing of your personal information is subject to their instructions and privacy policies. If you are a Member of the Achievers Platform, your employer’s privacy policies and our Achievers Platform Privacy Notice apply to our processing of your data.
PERSONAL INFORMATION WE COLLECT
Achievers collects and uses your Personal Information primarily for the purpose of providing you with the information, products and services you have requested from us.
Personal Information is collected by Achievers when you specifically choose to provide it to us, such as when you request to receive program information, register for events, or engage in a service offering provided by Achievers. We also collect information automatically through our Sites and related to the services we provide, subject to applicable laws, as set out below.
Personal Information We Collect Directly from You
We may collect the following information from you:
- Contact information, such as name, email address, mailing address, fax or phone number;
- Your resume, employment and education history, name and contact details, background details, and references when you apply to job postings or contact us about employment opportunities;
- Company and employment information;
- Information about your business such as company name, size, or business type; and
- Demographic information, such as age, gender, interests and ZIP or postal code.
Comments, Posts and Submissions
When you submit online forms, participate in surveys, contests, promotions, or sweepstakes, join online chat discussions or post on a blog, request customer support, or submit testimonials, we collect your personal information, such as contact information, and other information you choose to share. Any information you provide in a blog may be read, collected, and used by others who access it. With your consent, we may use your testimonial and your name, e.g., to display personal testimonials of satisfied customers on certain Sites and in print advertisements.
Personal Information We Collect Automatically
When you visit any Achievers Sites, we may automatically gather information about your use of the Sites through cookies, web beacons, java script, log files, pixels and other technologies which include: your domain name, browser type, browser language preference, device type and operating system, page view and links you click within the Sites, IP address, device ID or other identifier, location information, date and time stamp, and time spent on the Sites, referring URL, your activity within the Sites and device geolocation information (where permitted by your device settings). You may withdraw your consent to the processing of location-based information at any time by changing the settings on your device.
We also collect information from analytic services, to compile and analyze information derived from the use of our Services, such as aggregate usage patterns, user preferences, peak demand times, preferred content and other information.
Protecting Children’s Privacy Online
Achievers products, services and Sites are provided to employers and their employees. Our Sites are not directed to children and we do not knowingly collect personal information from children under the age of thirteen (13). We request that such individuals do not provide personal information through our Sites.
USE OF YOUR PERSONAL INFORMATION
Achievers will only collect, use, disclose, and otherwise process Personal Information for the following purposes, based on our legitimate business interests and/or compliance with law:
- Provide Our Services: To provide our services, operate our Sites, respond to your enquiries, for bug and error reporting and resolution, to perform upgrades and maintenance;
- Customer Service and Support: To send you important information, such as changes to terms, conditions, and policies and/or other administrative information;
- Personalization: To personalize your experience on a Site or using the services, such as by tailoring the content we send or display to you in order to personalize help and instructions, and to otherwise personalize your experience using the Services;
- Alerts and Required Notices: To send you messages that you have requested, such as service-related alerts and any notices required by contract or applicable law;
- Marketing and Promotions: To send you marketing communications, such as information about our services and events, you have signed up to receive;
- Advertising and Referrals: To assist in advertising the services on third-party websites ; to track referrals from partner websites; and share leads with referral partners;
- Analytics and Improvement: To better understand how our users access and use the services, and for other research and analytical purposes, such as to evaluate and improve the services;
- Aggregated and Anonymized Information: We may also generate aggregated, pseudonymized and/or anonymized information about users of our sites and apps for statistical purposes, research, for marketing, advertising, or similar purposes.
- Verify Identity and Detect Fraud: To verify your identity and/or location in order to allow access to your accounts, conduct online transactions, and secure your personal information, and for risk control, fraud detection and prevention, and compliance with laws and regulations;
- Comply with Legal Obligations: To comply with the law or legal proceedings such as when required to disclose information in response to lawful requests by public authorities, including responding to national security or law enforcement disclosure requirements; and
- General Business Operations: Where necessary to the administration of our general business, accounting, recordkeeping and legal functions.
PURPOSE OF PROCESSING
In the table below, we explain the purposes for which we use and process your personal information, as well as the legal bases for such use and processing (such as those permitted under the European Union’s General Data Protection Regulation (“GDPR”) and other applicable laws).
|Purpose of Use (see list above)||Legal Bases of Processing (where applicable)|
|Provide Our services||Necessary to enter into or perform a contract with you (upon your request, or as necessary to make the Services available)|
|Customer Service and Support||Our legitimate business interest*|
|Personalization||Our legitimate business interest*|
|Marketing and Promotions||Our legitimate business interest* with your consent|
|Analytics and Improvement||Our legitimate business interest*|
|Aggregated and Anonymized Information||Our legitimate business interest*|
|Verify Identity and Detect Fraud||Compliance with applicable laws and regulations|
|Protect Our Legal Rights and Prevent Misuse||Establish, defend or protect legal interests|
|Comply with Legal Obligations||Our legitimate business interest*|
|General Business Operations||Establish, defend or protect legal interests Compliance with law|
* For personal information from the EU, the processing is in our legitimate interests to the extent they are not overridden by your interests and fundamental rights. Our legitimate interests include our interests in verifying identity, detecting and preventing fraud, protecting and improving our products and services, in support of our general business operations, and to comply with our legal obligations. We only send marketing communications to individuals who provide opt-in consent or who are covered by “soft opt-in” exemptions (where allowed by law).
HOW WE DISCLOSE PERSONAL INFORMATION WE COLLECT
In this section, we describe the types of disclosures we make and the categories of third parties to whom we may disclose your personal information. All third parties to whom your personal information is disclosed are subject to contractual agreements that govern how your information can be used and must be protected.
Sale of Data
Achievers does not sell your personal information to third parties. Because we do not sell your personal information, we do not provide any further detail regarding such sales, nor do we provide a process for opting out of such sales.
Achievers may disclose personal information among our affiliated and subsidiary companies (“Affiliates”) who provide services to us or on our behalf, as part of our business operations and administration of the Services in furtherance of the purposes set out in this Notice. Any Affiliate’s processing of your personal information is subject to this Notice.
To ensure that we efficiently provide the information, products or services you have requested from us, Achievers may share your Personal Information with selected Service Providers who are acting on our behalf to assist us in carrying out the purposes identified in this Notice. Service Providers may be located in the EU, United States, Canada, and other jurisdictions. For example, we may work with Service Providers to track and manage the request that you have made on the Website for white papers, demos, information about Achievers Service offering, etc. Such Service Providers are provided only with information as is necessary to perform their function, which may include your physical mailing address, email address and name. Information provided to Service Providers may be used only for the purpose stipulated and is subject to strict terms of confidentiality.
Achievers represents that any third party for which Personal Information may be disclosed by Achievers is in compliance with GDPR (the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), California Consumer Privacy Act (CCPA), and other applicable laws or contractual provisions requiring the same level of privacy protection.
We may also disclose your Personal Information in the event of the situations below:
- As permitted or required by law, such as to comply with a subpoena, court-ordered discovery, a warrant, a government request, or similar legal process;
- If Achievers is involved in a merger, acquisition or sale of all or a portion of its assets, or in the event of bankruptcy or dissolution of our business, your Personal Information may be transferred to an acquiring business or third party, including contemplation of or related to due diligence for such business transactions, subject to any applicable restrictions under applicable laws. You will be notified by email and/or by a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
- When we believe in good faith that disclosure is necessary to respond to claims asserted against us; to protect our rights; to protect vital interests including your safety or the safety of others; or, to investigate or prevent fraud.
- Achievers may also use, or disclose your Personal Information to third parties, if Achievers has reason to believe that using or disclosing such information is necessary to: (i) conduct investigations of possible breaches of law; (ii) identify, contact, or bring legal action against someone who may be violating an agreement they have with us; (iii) investigate security breaches or cooperate with government authorities pursuant to a legal matter; or (iv) to protect our rights, safety or property, and/or the rights, safety, and property of our clients, users of our platform, and any other persons.
- We may disclose your Personal Information for any other purpose to which you consent.
Cookies and Online Tracking
A cookie is a small text file that is placed on your hard disk by a Website. Cookies contain a unique identification number that identifies your browser, but not you, to our systems each time you visit one of our Websites. Cookies tell us which pages of our Websites are visited and by how many people. Achievers does not collect any Personal Information about you through cookies nor can a cookie carry a damaging payload (such as malware).
There are two types of cookies in use with Achievers Websites which include:
- Session based cookies – Only used for the length of time you remain on the Website and expire when you leave the Website.
- Persistent based cookies – Are more permanent in nature and can re-used when you return to the Website from the same computer.
“Do Not Track” Browser Setting
Achievers does not respond to web browser “do not track” (DNT) settings or headers with respect to Achievers public Websites. For more information about do-not-track signals, please click here (http://www.allaboutdnt.com/). Currently no common industry standard for DNT has been adopted and there is also no consistent standard of interpreting user intent when the DNT setting is enabled. Achievers takes privacy seriously will continue to monitor policy advocates, technical experts, regulators and companies attempting to create a consensus interpretation around DNT browser technology and the implementation of a standard.
When you send us an email or when you ask us to respond to you by email, we collect your exact email address and any information you have included in the email message.
We use your email address to acknowledge your comments and/or reply to your questions, and we will store your communication and our reply in case we correspond further. We may use your email address to send you information about offers on products or special promotions that we believe may be of interest to you. You may choose to stop receiving our marketing emails at any time by following the unsubscribe instructions included in these emails.
If you use any of our services that allow you to send online recognitions to other people, we may use your email address to send you information about our products. When you provide us with someone else’s email address, we will only use it to send them the recognitions that you have requested. The emails we send may contain web beacons (described below).
Achievers uses images imbedded in email messages called “web beacons.” Web beacons are clear images that allow Achievers to determine if a message has been opened. It also allows Achievers to determine the IP address of the user that opened it and to access any Achievers cookies. We may use this information in the aggregate to assess and improve our email messages.
Email web beacons can be disabled by turning off HTML display and displaying text only or by turning off image display while still using HTML within your email client.
Achievers is committed to protecting your privacy. We have implemented safeguards designed to protect the personal information submitted to us. Achievers employees have been trained to respect your privacy and those employees with access to your Personal Information shall use your Personal Information strictly in accordance with the Achievers Privacy Notice and the laws applicable to Achievers business. Please note that data transmission over the Internet cannot be guaranteed to be 100% secure. As a result, we cannot guarantee or warrant the security of any Personal Information while in transit.
Achievers will take steps to keep your Personal Information accurate, complete, and up-to-date, to the extent reasonable possible within the context of the data we have and how we obtained it. You have the right to request and review the Personal Information we hold about you and you have a right to request correction of any inaccurate information. If for any reason we are unable to comply with such a request, we will advise you regarding the reason(s) why.
It is our policy to retain your information only for as long as is necessary to fulfill the purpose for which it was collected and processed. We will retain your information for as long as your account is active or as needed to provide you services and for as long as may be required to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements. Even if you request for your information to be deleted, laws and regulations may require us to retain a copy of your information in our files for a longer period of time. Unless a specific applicable law requires a different retention period, most data will be retained for no longer than seven (7) years.
For EU Residents
The European Union’s General Data Protection Regulation (“GDPR”) gives you certain rights, including: a right to be notified of our data collection practices; the purposes and lawful bases under which we process your data; if our legitimate interests are a basis for processing, what those interests are; the categories of data processed; the categories of third parties with whom data is shared; the details of any data transfers outside of the EU and the safeguards in place; the applicable retention periods or policies; the right to access, correct, and delete (under certain circumstances) your personal information; the right to receive a copy of your information in a “portable” form so that you may transfer it to other services; the right to withdraw consent for processing; the right to lodge a complaint with a data protection authority; the right to be advised of the existence of any automated decision-making, including profiling, and the right to object such decisions; and, the right to withdraw consent without detriment. This Notice provides details on how we honor those rights and the process for exercising them.
For California Consumers
California law gives you certain rights, including: a right to be notified of (and to request more information about) our data collection practices; the categories of data we process; the categories of third parties with whom data is shared; the right to request disclosure (up to twice per year) of the personal information we have about you or have had within the last 12 months: the right to delete that information (under certain circumstances); the right to know if your data is being sold; the right to know what personal information is being sold and to opt-out of such sales (if applicable); the right to receive a copy of your information in a “portable” form so that you may transfer it to other services; and, the right to not be discriminated against for exercising these rights. This Notice provides details on how we honor those rights and the process for exercising them.
For All Consumers
Regardless of your location and jurisdiction, Achievers may at its sole discretion choose to extend these rights to all individuals, and to comply with reasonable requests in the manner detailed below. We do not charge for these services. Where you are entitled to exercise a right, we will respond to your request within the timeframe set out by applicable law (for EU residents this is typically thirty (30) days, for California residents this is typically forty-five (45) days). Where we provide answers on a voluntary basis, we will provide a response within a reasonable timeframe.
ACCESS, CORRECTION, PORTABILITY, AND DELETION
You have the right to access, correct (“rectify”), or delete your Personal Information held by us or may ask for a restriction of processing. You may also have the right to ask for an overview or copy of your Personal Information or to request that certain of your personal information be provided to you or to another provider in a machine-readable format where technically feasible (data portability).
You can exercise these rights by sending an email to Privacy.
Except in limited circumstances, as specifically provided by applicable privacy legislation, Achievers can tell you whether we hold Personal Information about you.
Please note that there are some limitations to these rights. For example, we will not be able to delete your personal information if we are required by law to keep it or if we hold it in connection with a contract with you. Similarly, access to your personal information may be refused if making the information available would reveal personal information about another person or if we are legally prevented from disclosing such information.
Achievers will only refuse access to your Personal Information in those circumstances permitted and required by applicable laws or regulations. If we cannot fulfill your request, we will inform you about why we cannot comply with your request.
WITHDRAWAL OF CONSENT
Where we process your personal information based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Applicable law may also give you the right to object to certain elements of our processing or to lodge a complaint.
Object to Processing
You have the right to object to processing (including profiling) based on legitimate interest grounds, where we are relying upon legitimate interests to process personal information. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal information for the establishment, exercise or defense of legal claims. Where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
Object to Marketing
You have the right to object to our use of your personal information (including profiling) for direct marketing purposes, such as when we use your personal information to invite you to our promotional events.
Right to Lodge a Complaint
You have the right to lodge a complaint with your supervisory authority, if you consider that the processing of your personal information infringes applicable law.
Achievers will conduct periodic assessments to validate its continued adherence to this Notice.
Where Achievers has knowledge that one of Achievers employees or Service Providers is using or disclosing Personal Information in a manner contrary to this Notice, Achievers will take reasonable steps to prevent or stop the use or disclosure. Achievers holds its employees and Service Providers accountable for maintaining the trust that employers and users place in our company.
The personal information we collect from you may be transferred to, stored at or processed in other countries, including the United States or other locations outside the European Economic Area, which may not provide equivalent levels of data protection to your home jurisdiction.
We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements. For transfers from the EU, United Kingdom (“UK”) or Switzerland to the US, Achievers relies on adequacy decisions by the EU Commission or putting in place standard contractual clauses as approved by the European Commission (the form for the standard contractual clauses can be found here: EU Commission Standard Contractual Clauses) or another applicable supervisory body.
Achievers, through its US affiliate Achievers LLC, complies with the EU-US Privacy Shield Framework (“EU Privacy Shield”) and the Swiss-US Privacy Shield Framework (“Swiss Privacy Shield”) as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom (“UK”) and Switzerland to the United States.
As part of the certification made via its prior affiliate, Blackhawk Network Inc., Achievers has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit: https://www.privacyshield.gov/.
Prior to July 16, 2020, Achievers relied on its EU Privacy Shield and Swiss Privacy Shield certifications as one means of demonstrating adequacy and safeguarding transfers of data from the EU and Switzerland. In addition to Privacy Shield, Achievers also executed Standard Contractual Clauses with entities involved in such data transfers. As of July 16, 2020, Achievers will primarily rely on country-level adequacy decisions or the Standard Contractual Clauses for EU, UK, and Swiss transfers. For transfers occurring prior to July 16, 2020, Achievers will continue to be responsible for the processing of EU, UK, and Swiss Personal Information under the EU Privacy Shield Framework and will maintain full compliance with the requirements of that framework until further notice. Subsequent transfers of EU, UK, and Swiss Personal Information to any third-party acting as an agent on our behalf occurring after July 16, 2020, will be under the terms of the EU Commission’s Standard Contractual Clauses.
With respect to Personal Information received or transferred pursuant to the EU or Swiss Privacy Shield Framework, Achievers is and will continue to be subject to the regulatory enforcement powers of the U.S. Federal Trade Commission until further notice.
In certain situations, Achievers may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. To the best of our knowledge, Achievers’ systems are not subject to routine access by government authorities without warrants or appropriate accountability via established legal process.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Achievers will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of Personal Information in accordance with the principles contained in this Notice.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
CHANGES TO THIS PRIVACY NOTICE
This Notice is subject to change, so if this is your first time reading it, please make sure it is not the last. If we make any changes to this Notice, we will post those changes on this page and revise the “Last Updated” date at the top. If we make any changes to the ways in which we process your information that could be reasonably be considered material or substantial, we will make additional efforts to notify you of those changes, either by email or via a prominent notice on this Site prior to the change becoming effective. Where required by law, we will obtain your consent or give you the opportunity to opt out of such changes. Any changes will become effective when we post the revised Notice.
QUESTIONS OR CONCERNS
If you have any questions or concerns about your Personal Information held by Achievers or about the compliance by Achievers with this Notice, please contact our Privacy Office. If you are a Member of the Achievers Platform, please review the Achievers Platform Privacy Notice or contact your employer’s Program Administrator.
By Regular Mail
c/o Achievers Solutions Inc.
99 Atlantic Ave., Suite 700
Toronto, Ontario, M6K 3J8, Canada
Other Queries or Complaints
If you have any further queries or complaints that we are not able to answer, you are recommended to contact the Data Privacy Supervisory Authority for the country in which you reside. A list of EU/EEA Data Protection Authorities can be found via the European Data Protection Board here. A list of data protection authorities in other countries/regions can be found here.