Tango Card, Inc. Privacy Notice

Types of information we collect

We provide Services and products to support enterprise Clients’ rewards, loyalty and incentive programs. In that capacity we receive personal information from our Clients or collect it directly from you, and we process that information on behalf of our Clients. In other situations, we receive personal information for our own use. The following provides examples of the type of information that we collect from you.

Information you give us‍

You may provide the following information to us directly:

• Contact information, including name, email address and mobile phone number.
  ‍
• Content you may include in survey responses.
  ‍
• Information contained in your communications to us, including call recordings of customer service calls or transcripts of online chat interactions.
  ‍
• Information you provide when you sign up for or download content from the Services (e.g., when you request a demo or sign up for a webinar), or when you fill out an online form (in which case, you may provide us with information such as your name, email address, phone number, company name, and any other information you choose to provide in the firm).
  ‍
• Information you make available to us via a social media platform.
  ‍
• Information you submit to inquire about or apply for a job with us.
  ‍
• Any other information you submit to us.

Information we collect automatically

We and partners working on our behalf may use log files, cookies, or other digital tracking technologies to collect the following information from the device you use to interact with our Services:

• Device information, including IP address, device identifiers, and details about your web browser. Please note that from your IP address, we are also able to determine your general geolocation.
  ‍
• Analytical information, including details about your interaction with our website, app, and electronic newsletters.
  ‍
• Diagnostic information, including web traffic logs.
  ‍
• Advertising information, including special advertising and other unique identifiers that enable us or third parties working on our behalf to target advertisements to you. Please be aware that our advertising partners may collect information about you when you visit third-party websites or use third-party apps. They may use that information to better target advertisements to you on our behalf.
  ‍
• Business record information, including records of your purchases of products and Services.

We may also create records using the above information when you interact with the Services.

The following is a list of our primary partners who collect information. Please follow the links to find out more information about the partner’s privacy practices.

To learn more about how we use cookies, including for our analytics and marketing purposes, and how to manage cookies, please see our “Cookies Policy” below.

Information we collect from other sources

In addition to the information that we collect from you or from our Clients, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources.

We may collect the following information about you from third-party sources:

• Contact or identity verification information, including names and email addresses, for the purposes of fraud prevention or compliance with regulatory obligations.
  ‍
• Information about your interaction with advertisements on our Services, or ads that we place on third party websites, from online advertising companies.
  ‍
• If you decide to invite others to the Services, we will collect your and the other person’s names, email addresses, and/or phone numbers to send an email or text message and follow up with the other person. You agree that you have obtained the other person’s consent before giving us his or her contact information. You also agree that you will not send us the contact information of a minor. We may inform any other person you invite that you gave us his or her information.
  ‍
• If you are using one of our “open loop” card services, you may have the opportunity to request information about prior purchases on your card and your remaining balance. If you request this information, we will obtain this information from our banking partners on your behalf.

Use and processing of information

We may use the information we collect in the following ways:

• To identify you when you visit our websites and prevent fraud.
  ‍
• To provide products and Services.
  ‍
• To improve our Services and product offerings, including analytics.
  ‍
• To offer you recommendations and tailor the Services to your preferences.
  ‍
• To respond to inquiries related to support, employment opportunities, or other requests.
  ‍
• To communicate with you to protect your account or notify you of suspicious activity.
  ‍
• To send marketing and promotional materials, including information relating to our products, Services, sales, or promotions, to personalize the advertisements you see on our Services and third-party online properties, and to measure the effectiveness of our advertising. We may disclose your information to business partners, online advertising partners, and social media platforms for this purpose.
  ‍
• For internal administrative purposes, accounting, record keeping and legal functions, as well as to manage our relationships.
  ‍
• To protect and secure our Services, assets, network, and business operations, and to detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal.
  ‍
• To comply, in good faith, with legal process, such as warrants, subpoenas, court orders, and lawful regulatory or law enforcement requests and to comply with applicable legal requirements, including “know-your-customer” due diligence and other anti-money laundering or OFAC compliance obligations.

Aggregate/De-Identified/Anonymized Information. We may aggregate, de-identify and/or anonymize any information collected through our Services so that such information can no longer be linked to you or your device. Subject to applicable law, we may use De-Identified/anonymized Information for any purpose, including without limitation for research and marketing purposes, and may also disclose such data to any third parties, including advertisers, partners, and sponsors.

Combined Information. We may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Privacy Notice.

Legal Bases for Processing. The laws in certain jurisdictions (such as those in the European Union and United Kingdom), require us to inform you of the "legal bases" on which we process your information. The legal bases for using your information as set out in this Privacy Notice are as follows:

* For personal information from the EU and UK, the processing is in our legitimate interests to the extent they are not overridden by your interests and fundamental rights. Our legitimate interests include our interests in verifying identify, detecting and preventing fraud and crime, protecting and improving our products and services, in support of our general business operations including the growth of our business, and to comply with our legal obligations.

Disclosures of information

In addition to the specific situations discussed elsewhere in this notice, we disclose information in the following situations:

1. Affiliates and Acquisitions. We may disclose information to our corporate affiliates of the Blackhawk Network group in furtherance of the purposes set out in this Notice; their processing of your personal information is subject to the requirements and limitations contained in this Notice. If another company acquires, or plans to acquire, our company, business, or our assets, we will also disclose information to that company, including at the negotiation stage.‍

2. Other Disclosures with Your Consent. We may ask if you would like us to disclose your information to unaffiliated third parties who are not described elsewhere in this notice.‍

3. Other Disclosures without Your Consent. We may disclose information, where we determine in good faith that such disclosure is necessary, in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also disclose your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third-party intermediary.‍

4. Public. Some of our websites and social media pages may provide the opportunity to post comments or reviews, on a message board or in a public forum. If you decide to submit information on these pages, that information may be publicly available.

5. Service providers. We engage vendors to perform specific business functions on our behalf and they may receive information about you from us or collect information from you directly. These vendors are obligated by contract to use information that we disclose only for the purpose of providing these business functions, which include:

1. ‍‍‍Supporting Service functionality, such as vendors that support event registration, customer service and Client relationship management, subscription fulfillment, freight services, application development, list cleansing, postal mailings, and communications (email, fax).‍
2. Analytics, online advertising, and marketing services, including entities that analyze traffic on our online properties and assist with identifying and communicating with potential Clients.‍
3. Security vendors, such as entities that assist with security incident verification and response, service notifications, and fraud prevention.‍
4. Information technology vendors, such as entities that assist with website design, hosting and maintenance, data and software storage, and network operation.

6. Online advertising partners: We partner with companies that assist us in advertising our Services, including partners that use cookies and online tracking technologies to collect information to personalize, retarget, and measure the effectiveness of our online advertising activities across the web.‍

7. Social media platforms: If you interact with us on social media platforms, the platform may be able to collect information about you and your interaction with us. If you interact with social media objects on our Services (for example, by clicking on a Facebook “like” button), both the platform and your connections on the platform may be able to view that activity. To control this disclosure of information, please review the privacy policy of the relevant social media platform.

8. Clients: Where we process personal information on behalf and in conjunction with our Clients, we process and share your personal information with that entity. When we process personal information on behalf of a Controller, that Controller’s privacy notice will be presented, and their notice will apply instead of this Notice. In certain circumstances, we may operate a site jointly with another entity and both will function as Controllers; in those instances, you will see both the Tango Privacy Notice and the other entity’s privacy notice, and both will apply with respect to the activities of each Controller individually.

International Transfers

The personal information we collect from you may be transferred to, stored at, or processed in other countries, which may not provide equivalent levels of data protection to your home jurisdiction.

We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms, data transfer agreements, and risk assessments where required. The steps we will follow may differ depending on jurisdictions specific requirements, and may include (but are not limited to) the following:

• Tango relies on contractual protections or other means to provide a comparable level of protection for the personal information and by using our site or services, you understand and agree to the transfer of personal information to other jurisdictions such as the US, in accordance with this Privacy Notice;
• For transfers from the EU, or Switzerland, to third countries: Tango relies on adequacy decisions by the EU Commission or standard contractual clauses as approved by the European Commission or another applicable supervisory body;
• For transfers from the United Kingdom (“UK”) to third countries: Tango relies on adequacy decisions by the UK Secretary of State or standard contractual clauses as approved by the Information Commissioner’s Office or another applicable supervisory body; and
• Your explicit consent as required by local law.
  

Your Privacy Rights & Choices

Your Consumer Privacy Rights
‍
Depending on the laws applicable in your jurisdiction of residence, you may be able to make the following choices regarding your personal information:

1. Access To Your Personal Information And Portability. We will grant you, where required by law, reasonable access to the personal information that we have about you, in a machine-readable format, which depending on the information and technical abilities, you may be able to port to third parties.
   ‍
2. Changes To Your Personal Information. We will grant you, where required by law, the ability to request that your information be modified. In some instances, you may be able to update and correct your personal information through your account. If our website
   does not permit you to update or correct certain information, you may contact us to request that your information be modified.
   ‍
3. Deletion Of Your Personal Information. We typically retain personal information that we collect for the period necessary to fulfill the purposes outlined in this notice, unless a longer retention period is required or permitted by law. We will grant, where required by law, your request that we delete your personal information or that we restrict processing of your personal information. You should note that in many situations we may keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
   ‍
4. Revocation Of Consent or Objections. We will grant, where required by law, your request to revoke consent to processing (where our processing is based upon consent), or object to our processing (where our processing is not based upon your consent).  If you revoke your consent or object we may no longer be able to provide you Services. In some cases we may limit or deny your request to revoke consent or object if the law permits or requires us to do so, or if we are unable to adequately verify your identity.
   

To the extent that we are a data processor that is processing your information on behalf of one of our Clients, we encourage you to reach out to that Client to make your request, as we are required to await instructions from the Client as the data controller. If you submit your request directly to us, we may explain how to forward your request to the applicable Client for handling as the data controller.

To exercise your rights as described in this Notice, you may contact us via the following methods:

• Via our Privacy Rights Requests Form found here: https://submit-irm.trustarc.com/services/validation/e0118af2-14b4-4fff-a224-80889caf13ff

• Via the following phone number: 1-877-743-7545.

We will respond to your request in accordance with applicable law, and if we are unable to comply with your request, we will provide information regarding why. We will not discriminate against you for exercising these rights.

Note that we may require you to prove your identity, including by phone call or email. Depending on your request, we will ask for information such as your name, the last item you received or ordered from us, or the date of your last redemption or order from us. We may also ask you to provide a signed declaration confirming your identity.

In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf.  We will require verification that you provided the authorized agent permission to make a request on your behalf.  You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us. If you are an authorized agent submitting a request on behalf of an individual you must attach a copy of the following information to the request:

1. A completed Authorized Agent Designation Form indicating that you have authorization to act on the consumer’s behalf.
   ‍
2. If you are a business, proof that you are registered with the Secretary of State to conduct business in California.

If we do not receive both pieces of information, the request will be denied.

If your request is denied in part or in full, depending on your jurisdiction of residence, you may have the ability to appeal our decision. If an appeal right applies to you, we will let you know in our response to your request.

Marketing Choices

1. Promotional Emails. In accordance with appliable legal obligations, we send promotional communications such as newsletters, surveys, offers, and other marketing materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails by following the unsubscribe instructions in e-mails that you receive or emailing us at the contact information provided below.  If you decide not to receive promotional emails, we may still send you service-related communications, including rewards sent by other Clients.
   ‍
2. Online Tracking. We do not currently recognize automated browser signals regarding tracking mechanisms, which may include “Do Not Track” instructions.

Information Sales and Targeted Advertising Opt Out

Depending on your jurisdiction, you may also have the right to opt out of “sales” of your information and “sharing/processing of your information for targeted advertising.”

As explained in the “Disclosure of Information” section above and as further detailed in our
Cookie Policy, we may allow third-party advertising providers to collect information about your activities on the Services for targeted advertising purposes or use advertising analytics partners to assist us in analyzing use of our Services and our user/customer base. Under applicable law, the disclosure of your personal information to these third parties to assist us in providing these services may be considered a “sale” of personal information or the processing/sharing of personal information for targeted advertising purposes.

If you would like to opt out of the disclosure of your personal information through cookies and similar tools for purposes that could be considered “sales” for those third parties’ own commercial purposes, or “sharing” or processing for purposes of targeted advertising, please visit the following link, which is also available in the footer of our Services: “Do Not Sell or Share My Personal Information.” Note that you will need to opt out on each device you use to access the services. We will honor legally-required browser-based opt out signals in compliance with applicable law.

Right to Lodge a Complaint

If you believe that our processing of your personal information infringes your rights or violates applicable data protection laws, you have a right to lodge a complaint with the relevant supervisory authority. If you are located in the European Union, a list of supervisory authorities is available here. If you are in the United Kingdom, you may contact the Information Commissioner’s Office. If you are in the United States, you may contact the US Federal Trade Commission (residents of California may contact the California Department of Justice). Residents of Canada may contact the Privacy Commissioner of Canada or their provincial data protection commissioner. If you are located in another jurisdiction, you will need to research or contact your local government for further guidance.

How we protect personal information

No method of transmission or electronic storage is fully secure. While we use a variety of efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of any unauthorized access to your personal information, we may notify you electronically, in writing via email, if permitted to do so by law.

Our Services may permit you to create an account and prompt you to create a password.  You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you.  You should notify us of any unauthorized use of your password or account.

Cookie policy

Cookie policy

This Cookie Policy describes how and when we use different types of cookies when you visit our websites, whether accessed through a computer, tablet, smartphone or other device, and our mobile websites.

What are cookies?

A cookie is a small text file that is sent to your internet browser from the websites you visit and stored on your computer’s hard drive or tablet or mobile device. In a similar way to many other websites, we use cookies to help us tailor our Services to your needs so we can deliver a better and more personalized service. It is a cookie, for example, that allows us to deliver to you any personalized information each time you visit our websites. Cookies may be persistent across sessions or they may only last for a single browser session.

Do we use cookies?

Yes, we use first-party and third-party cookies for several reasons. First-party cookies are the cookies served by the owner of the domain and third-party cookies are cookies placed on our domains by trusted partners that we’ve allowed to do so. Some cookies are required for technical reasons – they make our Services work correctly—and other cookies enable us to enhance the experience on our Sites such as through personalization.

The specific types of first and third-party cookies served through our Sites and the purposes they perform are described below.

What types of cookies do we use?

We use a variety of cookie types as described below:

• Strictly Necessary Cookies. Strictly necessary cookies are necessary for our Sites to work and cannot be switched off in our systems. For example, we use these cookies to set up essential functionalities to guarantee the security and efficiency of the Services, like authentication and load balancer requests. Without these cookies, websites will not perform as intended and we may not be able to provide our Sites or certain Services or features you request.
  ‍
• Performance Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and we will not be able to monitor its performance.
  ‍
• Functional Cookies. These cookies enable the Sites to provide enhanced functionality and personalization, but they are not essential to use of the Sites. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these Services may not function properly.
  ‍
• Social Media Cookies. These cookies are set by a range of social media services that we have added to the Sites to enable you to disclose our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these disclosure tools.
  ‍
• Targeting Cookies. These cookies may be set through our Sites by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other Sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

How you can manage cookies

If you wish to manage or opt-out of cookies used by our websites and third-party advertisers, you can take the following steps:

• You may use the link in our footer labeled Do Not Sell or Share My Personal Information to manage your cookie preferences on our Sites. Because we use cookies to support Service functionality, disabling cookies may also disable some elements of our online properties. If you choose not to accept cookies while on our websites, please be aware that our websites may no longer function as intended, and you may be unable to access certain pages. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our websites.
  ‍
• The following industry organizations offer opt-out choices for companies that participate in them: the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative.
  ‍
• You may be able to download an opt-out cookie from the third-party advertiser’s website allowing you to opt-out of cookies. Please visit the third-party advertiser’s websites for more information.
  ‍
• Your web browser may allow you to manage what cookies are accepted or declined or manually view and delete or disable cookies. These settings can usually be found in the preferences, options, and settings menus of your web browser. Your mobile device may give you the option to disable advertising functionality.

If you exercise these options, please be aware that you may still see advertising, but it will not be personalized. Nor will exercising these options prevent other companies from displaying personalized ads to you.

If you delete your cookies, you may also delete your opt-out preferences.

Special information for job applicants

When you apply for a job with us, we may collect information from you, including:

• Information you provide in connection with your application.
  ‍
• Information that you make available in your social media accounts.
  ‍
• Information about you that is available publicly.
  ‍
• Information that you authorize us to collect via third parties, including former employers or references.

In certain circumstances, you may submit your application for employment through a third-party service that displays our job posting. We do not control the privacy practices of these third-party services. Please review their privacy policies carefully prior to submitting your application materials.

Other important information

The following additional information relates to our privacy practices:

• Changes To This Privacy Notice. We may change our privacy notice and practices over time. We will provide notice of such changes by posting the updated policy on this page with the date the changes come into effect, or, where material changes are made, through other notice as otherwise required by law.
   
• ‍Information About Children. The Services are intended for users age 16 and older. We do not knowingly collect information from children under this age. We request that such individuals do not provide personal information through our services. We reserve the right to delete the personal information and terminate the account of anyone violating this age policy.
  ‍‍
• Disclosure of Medical or Health Information. To the extent that we receive protected health information about you, that information is subject to electronic disclosure to the extent permitted by applicable law.‍
  ‍
• Data Retention. It is our policy to retain your information only for as long as is necessary to fulfill the purposes for which it was collected and processed. We will retain your information for as long as your account is active or as needed to provide you services and for as long as may be required to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements. Even if you request for your information to be deleted, laws and regulations may require us to retain a copy of your information in our files for a longer period of time.

Contact information

privacy@tangocard.com

1-877-743-7545

Last revised date: 09/16/2024