Thank you for choosing to learn more about the privacy policies of Cardlytics, Inc. (“Cardlytics,” “we,” or “us”). Cardlytics knows that you care about how your personal information is used and shared. Privacy is not just a priority for Cardlytics, but an essential part of our business model.
Through the links to the left, you can learn more about the privacy policies related to information that Cardlytics collects directly as well as information that our financial institution clients collect.
INFORMATION WE COLLECT THROUGH OUR WEBSITE
Through our website (www.cardlytics.com, or the “Website”), we collect information you choose to provide us, as well as information that is automatically collected, in order to enhance our website, our products, and our services.
A) Information You Choose To Provide Us Through The Website
Cardlytics offers visitors to the Website the opportunity to reach out to us in various ways, including the opportunity to contact us with questions or comments, to request information from us about our business, or to send us an application in connection with various job postings. In connection with these opportunities, you may provide – and we will therefore necessarily collect – certain personally identifiable information (“PII”) regarding you, such as, without limitation, your name, mailing address, email address, or phone number. You may also choose to provide us certain non-personally identifiable information (“non-PII”), such as web page comments, when you contact us through the Website, and we will also collect that information.
We will use the information you choose to provide us through the Website for legitimate business purposes, such as responding to your questions or comments, providing you with the requested information, or contacting you about the relevant employment opportunity. As a general matter, we will not disclose any PII you provide us through the Website to any third parties. However, we reserve the right to do so when necessary or required by the circumstances, such as (i) to protect or defend the legal rights of Cardlytics; (ii) to protect against fraud or for risk management purposes; (iii) to comply with applicable law or respond to legal process; or (iv) if Cardlytics undergoes bankruptcy or dissolution. Additionally, if Cardlytics sells, merges, or transfers all or part of its business or assets, we may transfer the information you provided us through the Website to the parties involved in that transaction.
The Website is hosted in the United States and is not directed towards individuals under the age of thirteen (13). Cardlytics does not knowingly or intentionally collect PII from individuals under thirteen (13) years of age.
B) Information We Automatically Collect Through The Website
When you visit the Website, we automatically collect certain information, including information related to the device you used to access the Website (such as the IP address and type of device), the URL that referred you to the Website or the search terms that led you to the Website, the date and time of your visit, your behavior on the Website (e.g., paths you take through the Website), and your geographic location information. In connection with this collection, we may use analytics services to help us track the efficacy of the Website.
We automatically collect information through cookies. Cookies are small text files stored by your browser on your computer, phone, tablet, or other device you used to access the Website. Cookies allow us to identify visitors, track aggregate behavior, and enable certain Website features. We also automatically collect certain information through web beacons, which can recognize certain types of information on your computer, such as a cookie number, time and date of a page view, and a description of the page where the web beacon is placed.
C) Links to External Websites
INFORMATION OUR FINANCIAL INSTITUTION CLIENTS COLLECT
The power of Cardlytics is driven by its relationships with financial institutions. Cardlytics’ financial institution clients utilize Cardlytics’ services so that they can provide their customers with targeted, relevant offers or advertisements inside – and in some cases, outside – the banking platform. Cardlytics’ financial institution clients include some of the biggest and best names in banking, including Bank of America, PNC, and Regions. Your financial institution might be one of Cardlytics’ clients.
Cardlytics does not receive, or have access to, any PII from its financial institution clients. As such, we cannot and will not share individual or PII-based transaction data with third parties, including our advertising partners.
OPTING OUT OF A CARDLYTICS PROGRAM
If you are currently participating in and want to opt out of a Cardlytics card-linked marketing program, you can do so through your financial institution. For instance, to opt out of Bank of America’s BankAmeriDeals® program, you can sign into your account and then click on the “Opt Out of BankAmeriDeals®” link here. Every financial institution’s opt-out feature will be slightly different. Cardlytics encourages you to contact your financial institution, or visit your financial institution’s website, for more details.
You can also opt the browser on the device you are using to view this webpage out of targeting by Cardlytics by clicking here.
The security of Cardlytics’ data is critical to our business mission. Cardlytics uses commercially reasonable administrative, technical, personnel, and physical security measures that comply with federal regulations to safeguard all of our data, including without limitation any PII in our possession, against loss, theft, or unauthorized use, disclosure, or modification.
We also regularly conduct risk assessments and audits on our information systems. These security measures help us continually assess our ability to maintain the security of our data. We also maintain strict physical security for our facilities and limit access to critical areas of our business.
PRIVACY IN THE UK
Cardlytics UK Limited is the legal entity that operates Cardlytics’ program in the UK. For information specifically related to Cardlytics UK Limited’s privacy policies in the UK, please click here.
CHANGES TO CARDLYTICS’ PRIVACY POLICIES
We may change Cardlytics’ privacy policies from time to time. We will post any changes on the Website. We encourage you to periodically review the privacy policies for the latest information on our privacy practices.
Cardlytics’ privacy policies were last updated on November 5, 2015.
If you have any questions regarding Cardlytics’ privacy policies, please contact us by email at firstname.lastname@example.org, or by mail to Cardlytics, Inc., Attn: Legal Department, 675 Ponce de Leon Avenue, Suite 6000, Atlanta, GA 30308.
Report corruption, fraud, and other misconduct via the Cardlytics Anti-Corruption Hotline. 678-891-0940, email@example.com
Under what circumstances will Cardlytics’ financial institution clients give my personally identifiable information to Cardlytics?
Cardlytics’ financial institution partners do not provide personally identifiable information about their clients to Cardlytics under any circumstances. Cardlytics only receives transaction data associated with customer identification numbers, which we refer to as “Cardlytics IDs,” that are randomly assigned to financial institutions’ customers and stored by the financial institutions. Cardlytics does not receive information such as names, addresses, phone numbers, email addresses, bank account numbers, credit or debit card numbers, or social security numbers.
Does Cardlytics give my financial information to its advertisers?
No. Cardlytics only provides aggregated information to its advertisers.
How can I opt out of the Cardlytics program?
Please see the “Opting Out of a Cardlytics Program” section of this policy.
Why does Cardlytics collect de-identified financial transaction data?
Cardlytics believes that individuals’ spending history is an excellent indicator of future spending habits and inclinations. By being able to target advertisements or offers based on individuals’ spending history, Cardlytics is able to provide targeted, relevant, and meaningful advertisements and offers, and put its advertisers’ brands in front of the most receptive audience. This benefits you, our financial institution clients, and our advertisers.
What information does Cardlytics use?
Cardlytics utilizes aggregated, de-identified transaction data to provide relevant, meaningful advertising campaigns and measure the efficacy of advertising campaigns. Cardlytics does not receive any PII from its financial institution clients.
How does Cardlytics make money?
Advertisers pay Cardlytics to provide relevant, meaningful advertising and measure the efficacy of advertising. We use the money paid by advertisers to give cardholders cash-back rewards and we share revenue with our financial institution clients.
How do Cardlytics products work?
Cardlytics utilizes aggregated, de-identified transaction data to provide relevant, meaningful advertisements and offers within the online banking platform, mobile banking applications, and over the internet. We also measure the efficacy of ad campaigns delivered over those channels.