Built with privacy-by-design.
- Information We Collect Through Our Website
- Links to External Websites
- Information Our Financial Institutions Share
- Opting Out of a Cardlytics Program
- Social Media Postings
- Data Security
- California Residents’ Additional Privacy Rights
- Virginia Residents’ Additional Privacy Rights
- Modern Slavery Policy
- Changes to Cardlytics Privacy Policies
- Contact Us
- Anti-Corruption Hotline
Thank you for choosing to learn more about the privacy policies of Cardlytics, Inc. (“Cardlytics,” “we,” “us,” “our”). Cardlytics knows that you care about how your personal information is used and shared. Privacy is not just a priority for Cardlytics, but an essential part of our business model.
Our corporate affiliates have their own privacy policies that apply to data they collect from the products, services, and applications they provide. Any data collected pursuant to this Policy that is disclosed to our affiliates will still be treated consistently with this Policy.
Through the links on this page, you can learn more about the privacy policies related to information that Cardlytics collects directly as well as information that our financial institution clients collect.
Information We Collect Through Our Website
A) Information You Choose To Provide Us Through Our Website
Cardlytics offers visitors to our website the opportunity to reach out to us in various ways, including the opportunity to contact us with questions or comments, or to request information from us about our business. In connection with these opportunities, you may provide – and we will therefore necessarily collect – certain Personal Information, including your name, mailing address, email address, or phone number.
We will use the information you choose to provide us through our Website for legitimate business purposes, including to: analyze, improve and customize the Services; send you announcements, newsletters, promotional materials, and other information about the Services; respond to your questions or comments, or provide you with the requested information. As a general matter, we will not disclose any of the Personal Information you provide us through our website to any third parties. However, we reserve the right to do so when necessary or required by the circumstances, such as (i) to protect or defend the legal rights of Cardlytics; (ii) to protect against fraud or for risk management purposes; (iii) to comply with applicable law or respond to legal process; or (iv) if Cardlytics undergoes bankruptcy or dissolution. Additionally, if Cardlytics sells, merges, or transfers all or part of its business or assets, we may transfer the information you provided us through our Website to the parties involved in that transaction.
B) Information We Automatically Collect Through Our Website
When you visit our Website, we may automatically collect certain information through cookies and similar technologies (including pixels, tags and web beacons) (together “cookies”). Cookies are small text files stored by your browser on your computer, phone, tablet, or other device you use to access our Website. The cookies on our Website collect information related to the device you used to access our website such as the IP address and type of device. The cookies on our website also may collect the date and time of your visit to our Website, your behavior on our Website (e.g., paths you take through Website), and your geographic location information. Cookies allow us to identify visitors, track aggregate behavior, and recognize certain types of information on your computer, such as a cookie number, time and date of a page view, and a description of the page where a cookie is placed. We use information collected via cookies for marketing purposes and for analytics purposes to help us track the efficacy of our Website.
Links to External Websites
Information Our Financial Institutions Share
The power of Cardlytics is driven by its relationships with financial institutions. Cardlytics’ financial institution clients utilize Cardlytics’ services so that they can provide their customers with targeted and relevant offers or advertisements inside the banking platform. Cardlytics’ financial institution clients provide Cardlytics with deidentified spend data to make these targeted and relevant offers possible. Additionally, Cardlytics may in certain circumstances use the deidentified spend data to determine the efficacy of advertisements both inside and outside the banking platform as well as craft other spend-based insights. Cardlytics’ financial institution clients include some of the biggest and best names in banking. Your financial institution might be one of Cardlytics’ clients.
Cardlytics does not receive, or have access to, any Personal Information from its financial institution clients. As such, we cannot and will not use or share Personal Information with third parties, including our advertising partners.
Opting Out of a Cardlytics Program
If you are currently participating in and want to opt out of a Cardlytics card-linked marketing program, you can do so through your financial institution. Every financial institution’s opt-out feature will be slightly different. Cardlytics encourages you to contact your financial institution, or visit your financial institution’s website, for more details. Opting out of a Cardlytics card-linked marketing program will also opt you out of Cardlytics’ other programs and products.
Social Media Postings
In connection with your selection or redemption of an offer through the online banking website or mobile In connection with your selection or redemption of an offer through the online banking website or mobile application of one of our financial institution clients, you may be presented with the opportunity to post about your selection or redemption of an offer, or overall participation in our program, via your social media account, such as Facebook or Twitter. A social media post will only be made at your specific direction and with your express consent. Cardlytics does not collect any Personal Information, such as your social media username or password, your email address, or your name, in connection with any such social media posting. Cardlytics may collect Anonymous Information regarding the posting for Cardlytics’ internal analyses.
The security of Cardlytics’ data is critical to our business mission. Cardlytics uses commercially reasonable administrative, technical, personnel, and physical security measures that comply with federal regulations to safeguard all of our data against loss, theft, or unauthorized use, disclosure, or modification.
We also regularly conduct risk assessments and audits on our information systems. These security measures help us continually assess our ability to maintain the security of our data. We also maintain strict physical security for our facilities and limit access to critical areas of our business.
California Residents’ Additional Privacy Rights
If you are a California resident, this section applies to you. This section describes how we collect, use, and share your Personal Information in our capacity as a “business” under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2021 (the “CPRA”), and the rights you have with respect to your Personal Information. For purposes of this section, “Personal Information,” has the meaning given in the CPRA and does not include information excluded from the CPRA’s scope. Under the CPRA, subject to exceptions, California residents have the following rights regarding their data:
· The right to know the categories of Personal Information we’ve collected and the categories of sources from which we got the information (see INFORMATION WE COLLECT THROUGH OUR WEBSITE);
· The right to know the business purposes for collecting or sharing your Personal Information (see INFORMATION WE COLLECT THROUGH OUR WEBSITE );
· The right to know the categories of third parties with whom we’ve disclosed Personal Information (see INFORMATION WE COLLECT THROUGH OUR WEBSITE);
· The right to access the specific pieces of Personal Information we’ve collected about you;
· The right to opt out of the selling or sharing of your Personal Information;
· The right to request the deletion of the Personal Information we have collected about you; and
· The right to request the correction of inaccurate Personal Information.
California Law also permits California residents to request certain information once per year regarding disclosure of any “personal information” (as that term is defined under California’s “Shine the Light” law) disclosed to third parties for such third parties’ direct marketing purposes. We do not currently disclose personal information protected under California’s “Shine the Light” law with third parties for their direct marketing purposes.
California residents have the right to not be discriminated against if they choose to exercise their privacy rights.
You may exercise your data rights under California law by emailing us at email@example.com. We may require you to verify your identity prior to processing your request. You may also designate an authorized agent to make a request to know or a request to delete. We may deny a request from an authorized agent that does not submit proof of authorization.
Virginia Residents’ Additional Privacy Rights
If you are a Virginia resident, this section applies to you. This section describes the rights you have with respect to your Personal Data, under Virginia’s Consumer Data Protection Act (“VCDPA”). For purposes of this section, “Personal Data,” has the meaning given in the VCDPA and does not include information excluded from the VCDPA’s scope. Under the VCDPA, subject to exceptions, Virginia residents have certain rights regarding their data, including:
· The right to access the specific pieces of Personal Data we’ve collected about you;
· The right to request the deletion of the Personal Data we have collected about you;
· The right to request that we correct inaccurate Personal Data; and
· The right to opt out of targeting advertising and the sale of your Personal Data (as those terms are defined under the VCDPA).
You may exercise your data rights under Virginia law by emailing us at firstname.lastname@example.org. We may require you to verify your identity prior to opting you out or accessing, correcting, deleting your information. Virginia residents have the right to not be discriminated against if they choose to exercise their privacy rights.
If we deny your request, you may appeal our decision by emailing us at email@example.com with the subject “Appeal of Consumer Rights Request.” You must appeal our decision within 45 days of your receipt of our denial. If you have concerns about the results of an appeal, you may contact the Virginia attorney general.
On May 25, 2018, the GDPR came into effect in the EU. Read Cardlytics’ external privacy notice here.
Modern Slavery Policy
Read Cardlytics’ Modern Slavery Policy here.
Changes to Cardlytics’ Privacy Policies
We may change Cardlytics’ privacy policies from time to time. We encourage you to periodically review this page for the latest information on our privacy practices.
Cardlytics’ privacy policies were last updated on December 22, 2023.
If you have any questions regarding Cardlytics’ privacy policies, please contact us by email at firstname.lastname@example.org.
Report corruption, fraud, and other misconduct via the Cardlytics Anti-Corruption Hotline by phone (866-269-1020) or email CDLX@openboard.info).