Last updated: February 15, 2020
Achievers (“we,” “our,” or “us”) recognizes the importance of privacy in providing our employee recognition and rewards solution (the “Services”) to our business customers (“Customers”). The Services include a platform (the “Platform”) accessible by employees and other authorized users (“Members,” “you,” or “your”) of our Customers. You have been given access to this Platform by one of our Customers (your “Employer”).
This Platform Privacy Notice (the “Platform Privacy Notice” or “Notice”) describes how we collect, use, disclose, and otherwise process personal data about Members related to the Service (the “Member Data”), on behalf of our Customers.
For the purposes of the European Union (EU) data protection laws, Achievers is a Data Processor and our Customers are the Data Controllers of the Member Data. As a Data Processor, Achievers processes Member Data in strict accordance with the requirements set by your Employer. For instances where it is necessary to transfer Member Data outside of the EU to Achievers systems located in the United States, Achievers has certified its compliance to the Privacy Shield Principles which imposes specific requirements on how we process Member Data that we process on behalf of our Customers established in the EU. For more information about our Privacy Shield commitment, refer to the Privacy Shield section below. This Platform Privacy Notice only applies to Achievers; it does not apply to how your Employer may make use of your Member Data, the Platform, or the Services. You should consult with your Employer for more information about your Employer’s privacy policies.
For purposes of California law, Achievers is a service provider to our Customer (your Employer). Member Data is transferred to Achievers solely for a Business Purpose consistent with California law, and any processing or onward transfer of to any sub-processor is solely in furtherance of that Business Purpose. Achievers does not sell data, as that term is defined in California law. As a service provider to your Employer, Achievers is only permitted to process or use your data in strict accordance with the instructions provided to us by your Employer.
If applicable law permits you to request access to, to correct, or to delete your Member Data, please refer to the “Data Subject Rights” section of this Notice for information and instructions.
Information Collected Related to Platform and Services
Achievers recognizes the importance of privacy and principles of data minimization and privacy by design. As noted above, we collect and process Member Data as directed by your Employer (who is the data controller). This means that ultimately, your Employer controls the processing of your Member Data.
Member Data is provided to Achievers by our Customers and by Members. For instance, your employer may provide us with your name, position, business contact details, and other data about you, so that we can make the Platform available to you. Also, you may choose to provide your Member Data to us (e.g., to redeem points for products on the Platform) and Member Data about other Members (e.g., to recognize a colleague for something).
Sensitive Data. Achievers does not wish to receive, nor does it intentionally collect, sensitive Member Data from Customers or Members. If we receive any Member Data that contains sensitive data, we will treat it in accordance with this Platform Privacy Notice and will only process such data on behalf of and under the instructions of your Employer.
Automatically Collected Data. Achievers may automatically collect the following information about the use of the Services through cookies, web beacons, and other technologies: domain name; browser type and operating system; IP address; access time; device ID, name and model; location and language information, the length of time you are logged into the Platform; page views and referring URL; and your activities within the Platform. We may combine this information with other information that we have collected about you, including, where applicable, your user name, name, and other Member Data. Please see the section “Purposes of Use and Processing” below for more information.
Purposes of Use and Processing
Achievers will only collect, use, disclose, and otherwise process Member Data under the instructions of your Employer, as you instruct, or where otherwise permitted or required by law. Achievers does so on behalf of Customers, to provide the Services and as otherwise directed by you or your employer under the terms of our commercial agreement (the “Customer Agreement”). Subject to any requirements or restrictions in our Customer Agreements, we generally process Member Data as follows:
to create an account and profile to enable Members to access and use the Platform;
to provide Members with the information, products or services they have requested from us;
to operate our Platform in accordance with the terms of our relevant Customer Agreement;
to authenticate and verify that Members are authorized to use the Services;
to process, evaluate and complete transactions and as necessary to provide the Services and operate the Platform;
to operate, evaluate, maintain, and develop the Services (including by monitoring and analyzing trends and usage statistics);
to respond to Member and Customer requests;
to provide Members with documentation or communications which Members have requested;
to correspond with Members to resolve their queries or complaints;
to send communications to Members as directed by Customer or other Members;
to manage, protect against and investigate fraud, risk exposure, claims, and other liabilities, including but not limited to violation of our contract terms, laws or regulations, and to protect and prevent misuse of the Platform.
Achievers Connect plugins for productivity platforms like Gmail, Microsoft Outlook, Microsoft Teams, Microsoft Teams, Microsoft SharePoint, Workplace by Facebook require the member’s email address to connect user profiles across the Achievers platform and the target productivity tools.
Cookies. Achievers uses a browser feature called a “cookie” to allow Members to interact with the Platform. A cookie is a small text file that is placed on your computer by a website. Cookies contain a unique session identification number, the IP address of the request origin, and the last access time. You can manage how your browser responds to cookies, including by blocking cookies, notifying you when you receive a cookie, and allowing you to delete certain cookies. However, if you block or disable cookies, you will not be able to use some of the features available on the Platform.
“Do not track” browser setting. The Platform does not respond to web browser “do not track” (DNT) settings or headers. However, Achievers does not track Member Data of Members on the Platform over time, across third-party web sites or online services. Achievers also does not authorize or enable any third party to collect Platform usage Member Data through any advertising technology.
Email. Achievers uses images imbedded in e-mail messages called “web beacons.” Web beacons are clear images that allow Achievers to determine if a message has been opened. It also allows Achievers to determine the IP address of the user that opened it and to access any Achievers cookies. We may use this information in the aggregate to assess and improve our email messages. Email web beacons can be disabled by turning off HTML display and displaying text only or by turning off image display while still using HTML within your email client.
Achievers Connect plugins for productivity platforms like Gmail, Microsoft Outlook, Microsoft Teams, Microsoft SharePoint, Workplace by Facebook require the member’s email address to connect user profiles across the Achievers platform and the target productivity tools. For Gmail and Microsoft Outlook, the Connect plugin uses the To, CC and BCC fields from emails in the Inbox or other folders to identify nominators and nominees for a recognition being posted to the Achievers platform.
DISCLOSURE OF MEMBER DATA
We generally disclose Member Data under the following circumstances:
Affiliated Entities. Achievers is a part of the Blackhawk Network global group of companies, and we may share Member Data with our affiliated businesses (“Affiliates”) who provide services to us or on our behalf, as part of our business operations and administration of the Services. We have executed written agreements with such Affiliates that impose appropriate safeguards for the protection of Member Data in compliance with applicable privacy laws.
Agents and Service Providers. Achievers may share Member Data with selected third parties (“Service Providers”) who provide services to us or on our behalf, subject to our written instructions. For example, we may work with fulfillment partners spanning multiple international jurisdictions who are responsible for the delivery of product redemptions; in that case, the relevant Service Provider is provided with certain Member Data when Members would like to redeem a reward offered in the Platform, which may include Members’ physical mailing address, email, and name.
Achievers has contractual agreements with Service Providers which require them to provide protection as required by the Privacy Shield Principles. Achievers does not transfer Member Data to a third party for its own use. Achievers may be liable under the Privacy Shield Principles if one of its third-party processors processes Member Data in a manner inconsistent with the Privacy Shield Principles if Achievers is responsible for the event giving rise to the damage.
Your Employer. As a processor, Achievers will disclose Member Data to your Employer. Your Employer and its designated administrator(s) may be able to access all information you provide to the Platform, including information you post or send through it, and information regarding any transactions or redemptions you make on the Platform. For example, your employer may need your Member Data for the purpose of calculating, deducting and/or paying income tax in respect taxable benefits in accordance with your Employer’s policies and applicable law. Achievers has no control and is not responsible for how your Employer may access, use and disclose Member Data. For more information on how your Employer may collect, use, disclose, or otherwise process your Member Data, please contact your Employer.
Public Areas: Some areas of our Platform may allow you to upload or publish your own content to an area of the Platform that may be viewed by all other Members who have access to your Employer’s Platform, such as your colleagues (“Posting”). You may also make Postings external to the Platform (e.g., social media). Such Postings may be associated with your name and any Member Data that you choose to include in such Posting. Achievers cannot control, and is not responsible for how any third parties, including your colleagues and/or your Employer, may use such information. If you choose to include Member Data in a Posting you post on the Platform, you consent to the disclosure of that Member Data. If you do not wish to publish your Member Data in this manner, please do not include it in a Posting you post to any area of the Platform that may be viewed by other users. You may not include the Member Data of any other individual in your Postings unless you have their consent.
Other Disclosures. Achievers reserves the right to transfer any Member Data in the event that we merge with or are acquired by a third party. Achievers may also use, or disclose Member Data to third parties if Achievers has reason to believe that using or disclosing such information is necessary to: (i) conduct investigations of possible breaches of law; (ii) identify, contact, or bring legal action against someone who may be violating an agreement they have with us; (iii) investigate security breaches or cooperate with government authorities pursuant to a legal matter; or (iv) to protect our rights, safety or property, and/or the rights, safety, and property of our Customers, Members of our Platform, and any other persons. Lastly, we may disclose Member Data for any other purpose to which you have provided your Employer with consent.
Achievers’ Services are provided to employers (our Customers) an,d their employees (the Members) and are not directed towards children or the general public. The Platform is not designed for or intended to be used by children under sixteen (16) years old.
The security of your Member Data is important to us. Our agreement with your Employer establishes the detailed security requirements applicable to how we process your Member Data, and to fulfill those requirements we have implemented a number of safeguards to protect the Member Data that is submitted to us. This may include encryption of data, both during transmission and once it is received, and other measures to prevent unauthorized access to the data in our systems. If you have any questions about the security of your Member Data, you can contact us at [email protected]
DATA INTEGRITY AND PURPOSE LIMITATION
Achievers will take steps to keep your Member Data accurate, complete and up-to-date. Members will have the ability to review much of the Member Data we have collected about them on the Platform. To make a request (e.g., access or correction of your Member Data), please see the “Data Subject rights” section below.
Your Member Data will be retained when you are a Member or for a reasonable time thereafter, or as required by applicable law or contractual requirements. When Achievers is no longer required to retain your Member Data, we will securely destroy your Member Data based on our data disposal policies and applicable law, or return the data to your Employer for destruction at its request.
DATA SUBJECT RIGHTS
Members have the rights to access Member Data about them and to limit use and disclosure of their Member Data. Pursuant to applicable data protection laws, Achievers’ internal policies and practices, and our Privacy Shield certification, Achievers has committed to respecting those rights. You may review much of your Member Data in the Platform. If you would like to exercise your rights under EU or other applicable privacy laws to access, amend, or request deletion of your Member Data, or make other requests regarding your Member Data, you should contact your Employer and, we will work with your Employer, as needed, to assist them with information that they may need to respond to your requests. Your Employer will be responsible for conducting any authentication or verification regarding such requests as may be required by applicable law. Achievers will then act according to the instructions received from your Employer in accordance with our obligations and limitations as a Data.
Achievers will only refuse access to information about you in those circumstances permitted or required by applicable privacy laws. If Achievers refuses access to you, it will provide you with the reasons for its refusal upon request. Exceptions may include information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege. Achievers will respond to your requests for access in accordance with applicable privacy laws.
ENFORCEMENT AND DISPUTE RESOLUTION
Achievers will conduct periodic assessments to validate its continued adherence to this Platform Privacy Notice. If you have a question or dispute about our handling of your Member Data, please contact us at using the information in the “Contact Us” section below.
Achievers will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of Member Data in accordance with the principles contained in this Platform Privacy Notice.
Achievers agrees to cooperate with data protection authorities located in the European Union or authorized representatives for disputes received from the European Union. All other disputes that cannot be resolved between Achievers and the complainant will be handled in accordance with applicable dispute resolution procedures through our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions (more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint), binding arbitration may be an option when other dispute resolution procedures have been exhausted.
Subject to our Customer Agreements, the Member Data that we collect from you may be transferred to, processed, or stored at a location outside the local jurisdiction. This means that Achievers may be required to disclose your Member Data in response to lawful requests by public authorities, including by the U.S. Federal Trade Commission, the courts, law enforcement, or national security authorities in that other jurisdiction.
We will take steps to ensure that your Member Data receives an equivalent level of protection as required by laws of that jurisdiction, including by entering into data transfer agreements, using the European Commission-approved standard contractual clauses for transfers to processors in third countries (“SCCs”), or by relying on other mechanisms approved by the European Commission, such as the EU-US Privacy Shield. For transfers to our Affiliates in the United States and other jurisdictions that the European Commission does not consider to provide adequate protection to Member Data, we have put in place the SCCs and other measures where required by Customers. For UK data, we will continue to abide by the requirements of the EU-US Privacy Shield Framework and/or the EU SCCs, as applicable, until such time as the UK may establish post “Brexit” alternatives to either transfer mechanism.
EU-US PRIVACY SHIELD
Achievers participates in and has certified its compliance with the EU-US and Swiss-US Privacy Shield Framework. Achievers is committed to processing all Member Data received from EU member countries, or the UK, in accordance with the Privacy Shield Framework and the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the US Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.
Achievers is responsible for the processing of your Member Data according to the Privacy Shield Framework including any subsequent transfers to a Service Provider. Achievers complies with the Privacy Shield Principles for all onward transfers of Member Data from the EU or the UK, including the onward transfer liability provisions.
If you have any questions or concerns about your Member Data held by Achievers or about the compliance by Achievers with Achievers Platform Privacy Notice, please contact our Privacy Office or contact your Program Administrator.
By Regular Mail:
Attn: Privacy Office
6220 Stoneridge Mall Road
Pleasanton, CA 94588
Achievers reserves the right to change this Platform Privacy Notice from time to time. Achievers will provide notification of any material changes to this Platform Privacy Notice through the Achievers Platform in the form of a banner, pop-up or other methods of notification.
Updated 11 months ago