Privacy Policy

December 2023

December 2023

December 2023

INTRODUCTION


Badge Group, Inc. (“we”, “us” or “our” as the context may require) respect your privacy and are committed to protecting your personal data. This Privacy Policy (the “Privacy Policy”) applies to information collected through the websites that we operate (collectively, the “Sites”) or online and offline in our wallet-as-a-service platform (collectively, the “Services”) and does not cover any information collected by third parties (unless specifically stated). By accessing or using the Sites or using our Services, you are acknowledging the disclosures made in this Privacy Policy. The Privacy Policy may change from time to time, as set forth below. Your continued use of the Sites or our Services after we make changes is deemed to be your acknowledgment of those changes, so please check the Privacy Policy periodically for updates.


In most cases, we collect and process personal data solely in our capacity as a service provider to businesses who use our Services (collectively, “Business Customers”).  In that context, we receive personal data from our Business Customers and collect information from their customers about you on the Business Customers’ behalf for the business purpose of providing Services to such Business Customer and other legally permitted uses. If you are a customer of one of our Business Customers on whose behalf we have collected or processed your personal data, the rights and choices described below do not apply to personal data collected and processed on behalf of such Business Customer.  If you have questions or wish to exercise your rights or choices relating to such personal data, please contact that Business Customer directly.

This Privacy Policy does not apply to our job applicants, current employees, former employees, or independent contractors (collectively, “Personnel”); however, our California-based Personnel may obtain a separate privacy notice that applies to them by contacting our human resources department.


For purposes of this Privacy Policy, “personal data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.  It does not include information that cannot be used to infer information about, or otherwise be linked to, a particular consumer, such as aggregated data.  Except as restricted by applicable laws, we reserve the right to convert, or permit others to convert, your personal data into deidentified data or aggregate data, and may elect not to treat publicly available information as personal data, to the extent permitted by applicable law.  We will not attempt to reidentify data that we maintain as aggregated or deidentified.  


1. IMPORTANT INFORMATION AND WHO WE ARE


PURPOSE OF THIS PRIVACY POLICY


This Privacy Policy provides you with information on how we collect and process your personal data, including any data provided to us by Business Customers or that you may provide directly to us when you:


  • contact us for information about our Services;

  • purchase products from our Business Customers;

  • work with us in your capacity as an employee or authorized user of our Business Customer; and

  • connect with us via social media (e.g., Facebook).


If you are in the European Union (the “EU”), or if your personal data otherwise may be subject to the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679, or “GDPR”), and other applicable regulations, see “Your Legal Rights- European Economic Area, United Kingdom or Switzerland,” below, for information on how we collect and process your personal data in accordance with these laws.


If you are a U.S. resident, please see “Your Privacy Choices” below for more specific information about your privacy choices.

It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. 

CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

We regularly review our Privacy Policy. We reserve the right to alter, modify, update, add to, subtract from or otherwise change this Privacy Policy at any time. We will use your personal data in a manner consistent with the Privacy Policy in effect at the time we collected your personal data. We will notify you of material changes to this Privacy Policy to the extent required by applicable law; otherwise, you are responsible for periodically visiting the Sites and this Privacy Policy to check for any changes.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting us (see “Contact Information,” below).


THIRD-PARTY WEBSITES


The Sites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our Sites, we encourage you to read the privacy policy of any website you may visit.


2. THE PERSONAL DATA WE COLLECT ABOUT YOU


The categories of personal data we have collected about you in the previous 12 months and the purposes for which we used such personal data are as follows.


Category of Information

Description

Identifiers

Name,  internet protocol address, email address, or other similar identifiers.

Financial Information

Credit card numbers  and other financial information.

Commercial Information

Information about payments to and from you, and your preferences in receiving marketing from us and our third parties and your communication preferences.

Service and Internet Usage Information

Information such as internet protocol (IP) address, your login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, the URL that referred you to our Service; the areas within our Service that you visit and your activities there (including emails, such as whether you open them or click on links within), search history; information from your web browser header, and other technology on the devices you use to access the Sites or our Services.

Geolocation information

Information such as longitude and latitude from your IP address.

Sensory Data (Audio, electronic, visual, or similar information)

Profile pictures, customer testimonials, video recordings, meetings with customers or potential customers,  or audio recordings when you speak with our Customer Service Department.



We also collect, use and share “Aggregated Data” such as statistical or demographic data for any legal purpose. Aggregated Data could be derived from personal data but is not considered personal data under applicable laws, as this data will not directly or indirectly reveal the identity of an individual. For example, we may aggregate personal data to calculate the percentage of users accessing a specific feature of our Sites, Services, or as a consumer of one of our Business Customers through our Services to provide certain data analytics to our Business Customers. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify an individual, we treat the combined data as personal data that will be used in accordance with this Privacy Policy.


3. THE SOURCES FROM WHICH WE COLLECT YOUR PERSONAL DATA


To the extent permitted by applicable law and subject to your consenting to the installation of cookies where applicable, we may use different sources and methods to collect personal data from and about you, including through:


  • Direct interactions. You may give us personal data in our capacity as a service provider or processor to our Business Customers or for our own permitted purposes, by filling in forms or by corresponding with us by mail, phone, email or otherwise. This includes personal data you provide when you:

    • inquire about, purchase or request support for our Services;

    • register for one of our communities;

    • request marketing to be sent to you; 

    • connect with us via social media; 

    • participate in a promotion or survey; or 

    • give us feedback or contact us.

  • Interactions with our Business Customers. We may collect personal data that you provide to our Business Customers, in our capacity as a service provider or processor, when you:

    • Use our Services in your capacity as an authorized user of our Business Customer; or

    • work as an employee of our Business Customer. 

  • Automated technologies or interactions. As you interact with our Sites or our Services, we will automatically collect personal data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may use third party analytics services like Google Analytics to provide us with a clearer picture of how you use the Sites or our Services, including when you view specific pages or take specific actions on the Sites or use certain features or functionality within our Services. If you wish to learn more about our data collection process, please contact us; see “Contact Information” section below. 

  • Third parties or publicly available sources. We may receive personal data about you from various third parties, either in our capacity as a service provider or processor to our Business Customers or for our own permitted purposes, as set out below:

    • from analytics providers;

    • from search information providers;

    • from providers of technical and payment services such as banks;

    • from third-party service providers or processors of our Business Customers that integrate with our Services on behalf of our Business Customers;

    • from data brokers, event sponsors (e.g., tradeshows) or aggregators; and

    • from publicly available sources, such as government and administrative bodies.


4. HOW WE USE YOUR PERSONAL DATA 


We will only use your personal data in accordance with applicable laws and as directed by our Business Customers for which we are acting as a service provider or processor. We will use your personal data for the following purposes:


  1. to provide the Services and to register and administer accounts for Business Customers for use of our Sites and our Services; 

  2. to register and administer accounts for you as a customer of our Business Customer; 

  3. to provide support; diagnose, repair and track service and quality issues with our Services; authenticate your identity; verify eligibility for certain programs offered by our Business Customers; respond to requests, complaints, and inquiries; and otherwise facilitate your relationship with our Business Customers;

  4. for our own internal business purposes, such as to evaluate or audit the usage and performance of the Services; evaluate and improve the quality of the Services and design new products and services; internal research and analytics purposes; catalog your responses to surveys or questionnaires; or maintain internal business records;

  5. to administer and protect the Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data); to deliver relevant content to you on the Sites; to use data analytics to improve the Sites and experiences; 

  6. to make suggestions and recommendations to you about third party products or services that may be of interest to the Business Customer you represent;

  7. to prevent fraud, such as using personal data about you obtained through our Services and from our Business Customers, and for identity verification services to confirm your identity and to detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity; and

  8. for marketing, such as for contextual ad customization or to market the Services or the services of our Business Customers, or other third parties. We may use personal data we collect to send you newsletters, surveys, questionnaires, promotions, or information about events. 


Marketing and Advertising 


We may process personal data for relationship management and marketing, either as a service provider or processor for Business Customers or on our own behalf. This purpose includes sending marketing and promotional communications to individuals who have provided their consent or not objected to receiving such messages as may be appropriate given the nature of the relationship (or who have opted into such messages in those jurisdictions where opt-in consent is required), such as Service marketing, investor communications, Business Customer communications (e.g., product updates, training opportunities and invitations to corporate events), customer satisfaction surveys, supplier communications (e.g., requests for proposals), corporate communications, and Company news. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following ways for you to control your personal data that you have shared with us:


  • Promotional Offers from Us. You will receive marketing communications from us if you or your employer has requested information from us or purchased Services from us and you have provided your consent or not opted out of receiving that marketing.


  • Marketing Messages.  You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt-out of receiving these marketing messages, this will not apply to personal data collected by us from any of the other sources specified in Section 3.



Session Replay


We may use technology to monitor how you interact with our Services. This may include, without limitation, which links you click on, information that you type into our online forms, and about your device or browser. Further, we utilize session replay software to monitor and record mouse clicks and movements, keystrokes, and pages and content viewed by you.


Change of Purpose


We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us (See “Contact Information,” below). If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so, to the extent required under applicable law.


Please note that we may process your personal data without your knowledge or consent, in compliance with this Privacy Policy, where this is required or permitted by law.


Children’s Privacy


We recognize the importance of children’s safety and privacy on the Internet. For this reason, we do not knowingly sell any information, including personal data, from children under 16 years of age. If you think we may have unknowingly collected personal data of an individual under 16 years old, please contact us (See “Contact Information,” below). 


5.  DISCLOSURES OF YOUR PERSONAL DATA 


We may share your personal data with the parties set out below for the purposes set out in Section 4 above.


  • Service providers. Third parties acting as processors who provide services to us, including: (a) IT and system administration services (e.g., hosting); (b) marketing and advertising services; or (c) support, equipment installation or maintenance in connection with our Services and third-party service providers or processors of our Business Customers that integrate with our Services on behalf of our Business Customers.

  • Business Customers. Our customers, for which we act as a service provider or processor in connection with providing the Services.

  • Business Partners.  Resellers of our Services to Business Customers (“Business Partners”).

  • Professional advisers. Third parties acting as processors or joint controllers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

  • Parties to a corporate transaction. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share personal data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your personal data, but only in the manner set out in this Privacy Policy unless you agree otherwise.

  • Law enforcement and other government agencies. We may share information with third parties such as law enforcement or other government agencies to comply with law or legal requirements; to enforce or apply our Website Terms of Use and other agreements; and to protect our, our users’, or third parties’ rights, data, property or safety.


6. DATA SECURITY


We have put in place reasonable security measures to prevent your personal data from being accidentally lost, used or accessed, altered or disclosed without authorization.  However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal data, we cannot guarantee absolute security. If you have reason to believe that your personal data is no longer secure, please contact us immediately at support@trybadge.com.  


7. YOUR LEGAL RIGHTS - EUROPEAN ECONOMIC AREA (EEA), UNITED KINGDOM OR SWITZERLAND.


THIS SECTION ONLY APPLIES TO INDIVIDUALS THAT ARE LOCATED IN THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM OR SWITZERLAND AT THE TIME OF DATA COLLECTION. WE MAY ASK YOU TO IDENTIFY WHICH COUNTRY YOU ARE LOCATED IN WHEN YOU PURCHASE SOME OF OUR SERVICES, OR WE MAY RELY ON YOUR IP ADDRESS TO IDENTIFY YOUR COUNTRY LOCATION.


We are the controller of the personal data that you submit or that we obtain about you through our Sites.  Please do not hesitate to contact us if you have questions (contact information provided below).


We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity (except as required for affirmative action compliance), religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.


If you are in the EEA, United Kingdom or Switzerland, you have the following rights (where applicable):


Access. You have the right to request information and a copy of the personal data we are processing about you;


Rectification. You have the right to have incomplete or inaccurate personal data that we process about you rectified;


Deletion. You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims;


Restriction. You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete such data due to a legal or other obligation or because you do not wish for us to delete it;


Portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) information which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you;


Objection. Where the legal basis for processing your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests, or if we need to continue to process such data for the establishment, exercise, or defense of a legal claim;


Withdrawing  Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes where you wish to opt out from marketing messages.


You can make a request to exercise any of these rights in relation to your information by contacting us (see “Contact Information,” below). For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information. Please note that we may take up to 30 days to fulfill such request. We reserve the right to charge a fee when permitted by law, for instance if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.


You also have the right to lodge a complaint with the local data protection authority (“DPA”) if you believe that we have not complied with applicable data protection laws. A list of local DPAs in European countries is available here.


Legal Basis for Processing 


Processing Activity

Legal basis

  1. Provide the Services and to register and administer accounts for Business Customers for use of our Sites and our Services; 

Our legitimate interests (allowing us to fulfill our contractual obligations with our Business Customers).

  1. Provide support; diagnose, repair and track service and quality issues with our Services; authenticate your identity; verify eligibility for certain Business Customer programs; respond to requests, complaints, and inquiries; and otherwise facilitate your relationship with our Business Customers;

Our legitimate interests (allowing us to fulfill our contractual obligations with our Business Customers, improving our Services, ensuring security and increasing our sales).

  1. For our own internal business purposes, such as to evaluate or audit the usage and performance of the Services; evaluate and improve the quality of the Services and design new products and services; internal research and analytics purposes; catalog your responses to surveys or questionnaires; or maintain internal business records;

Our legitimate interests (design new products and services in line with customer preferences to increase our sales).


  1. To administer and protect the Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data); to deliver relevant content to you on the Sites; to use data analytics to improve the Sites and experiences; 

Our legitimate interests (to protect our company and customers against fraud and any other illicit activities and to design products and services in line with customer preferences to increase our sales).

  1. To make suggestions and recommendations to you about third-party products or services that may be of interest to the Business Customer you represent;

Our legitimate interests (expanding our relations with the Business Customer you represent).

  1. To enable you to participate in surveys;

The execution of a contract.

  1. To prevent fraud, such as using personal data about you obtained through our Services and from our Business Customers, and for identity verification services to confirm your identity and detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity; 

Our legitimate interests (to protect our company and customers against fraud and any other illicit activities and ensure the security of our products and services).

  1. For marketing, such as for contextual ad customization or to market the Services or the services of our Business Customers, or other third parties. We may use personal data we collect to send you newsletters, surveys, questionnaires, promotions, or information about events; 

Our legitimate interests (to promote our brand and increase our sales); or

Consent, as applicable.

  1. We process personal data to anonymize and aggregate information we have collected to use it for any purpose, including for research and product development purposes; 

Our legitimate interest (in designing new products and services that are aligned with our Business Customers’ preferences to increase our profitability).

  1. We process personal data to establish and exercise our legal claims and to defend against legal claims; 

Our legitimate interest (in protecting the commercial and economic interests of our business and stakeholders).

  1. Disclose your personal data to  service providers and business partners;


Our legitimate interests (to organize our business in line with our commercial and economic interests and to design new products and services in line with customer preferences to increase our sales).

Consent.

  1. Disclose your personal data to third parties in connection with the sale, purchase, merger, reorganization, liquidation, or dissolution of the company, or under similar circumstances; and

Our legitimate interests (to organize our business in line with our commercial and economic interests).


  1. Disclose your personal data to law enforcement and other government agencies.

To comply with legal obligations.

Our legitimate interests (to protect our legitimate commercial and economic interests to prevent fraud and any other illicit activities).

  1. Disclose your personal data to Professional advisers.

Our legitimate interests (to protect our legitimate commercial and economic interests or learning on business optimization techniques to increase our sales).


If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data). Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.


You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.


Generally (please see above), we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.


Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.


International Transfers


We share your personal data with our IT, development, consulting, hosting and other services providers within the U.S. and other countries. This will involve a transfer of your data outside the European Economic Area (the “EEA”) to territories which do not provide a level of privacy protection equivalent to that which exists in the EEA. This transfer will be made taking into account all necessary legal safeguards and following a privacy impact assessment of the transfer in question (such safeguards will generally include the conclusion of standard contractual clauses approved by the European Commission and, where necessary, the implementation of additional, usually technical, protection measures, such as encryption of the data). To obtain a copy of the safeguards or for further details about international data transfers, please contact us (See “Contact Information,” below).


No other transfers of personal data will be made to recipients in jurisdictions that do not provide a level of data protection equivalent to that in the EEA, unless expressly stated otherwise in the specific privacy notice applicable to that transfer. 


8. YOUR U.S. PRIVACY CHOICES


This section generally applies to U.S. residents.  If you are not a U.S. resident, the choices described in this section do not apply to you.


In most cases, we collect and process personal data solely in our capacity as a service provider or processor to our Business Customers.  In that context, we receive personal data from a Business Customer or collect information from you on behalf of a Business Customer for the business purpose of providing Services to such Business Customer and other legally permitted uses. If you are a customer of one of our Business Customers on whose behalf we have collected or processed your personal data, the choices described below do not apply to personal data collected and processed on behalf of such Business Customer.  If you have questions or wish to exercise choices relating to such personal data, please contact that Business Customer directly.


This Privacy Policy describes the personal data we collect from you, the sources of such personal data, and the purposes for which we use your personal data. Please see the discussion above under “The Personal Data We Collect About You,” “The Sources from Which We Collect Your Personal Data,” and “How We Use Your Personal Data,” respectively, for more information. 


Summary of Personal Data We Have Sold or Shared 


Below is a summary of the categories of personal data we have collected from consumers in the previous 12 months and the categories of third parties to whom we have sold or shared your personal data.  


Category of Personal Data

Categories of Third Parties to Whom We Sold Personal Data 

Internet Usage Information

Analytics companies, data brokers, third-party advertisers, and other tech companies that offer digital advertising services. 


Summary of Personal Data We Have Disclosed for a Business Purpose


Below is a summary of the categories of personal data we have collected in the previous 12 months and the categories of third parties with whom we have shared such personal data for business purposes.  


Category of Personal Data

Categories of Third Parties to Whom We Disclosed Personal Data for a Business Purposes

Identifiers

  • Service providers, such as providers of accounting services, audit services, IT services, or support services; 

  • Business Customers in connection with the provision of Services and requested transactions; 

  • Business Partners in connection with the provision of Services and requested transactions; and

  • Entities involved in a corporate reorganization, merger, or acquisition and their representatives.

Financial information

  • Service providers, such as providers of accounting services, audit services, IT services, or support services; 

  • Business Customers in connection with the provision of Services and requested transactions; 

  • Business Partners in connection with the provision of Services and requested transactions; and

  • Entities involved in a corporate reorganization, merger, or acquisition and their representatives.

Commercial information

  • Service providers, such as providers of accounting services, audit services, IT services, or support services.

Service and Internet Usage information

  • Service providers, such as providers of marketing services; and

  • Business Customers in connection with the provision of Services and requested transactions. 

Geolocation information

  • Service providers, such as providers of IT services; and

  • Business Customers in connection with the provision of Services and requested transactions. 

Sensory Data (Audio, electronic, visual, or similar information)

  • Service providers, such as providers of marketing services; and

  • Business Customers in connection with the provision of Services and requested transactions. 


Your Privacy Choices


With respect to your personal data, you may contact us through the methods described below in “How to Exercise Your Privacy Choices” and elect to:


  • Access Personal Data. Upon a verifiable request, made through one of the methods provided in the “Contact Information” section below, we will disclose to you the items listed below:

    • The categories of personal data we have collected about you;

    • The categories of sources from which the personal data was collected;

    • The business purpose behind collecting the personal data;

    • The categories of third parties with whom we have shared the information; and

    • The specific personal data we have collected about you.


  • Delete Personal Data. Upon a verifiable request, made through one of the methods provided in the “Contact Information” section below, we will delete personal data we have collected from you and direct our service providers and processors to delete your personal data from their records.  


  • Correct Personal Data. Upon a verifiable request, made through one of the methods provided in the “Contact Information” section below, we will correct inaccurate personal data that we maintain about you. 


  • Opt Out of the Sale of Personal Data. You may choose to opt out of any sales of your personal data.  Third-party digital businesses  including analytics companies, data brokers, third-party advertisers, and other tech companies that offer digital advertising services (“Third-Party Digital Businesses”) may associate cookies and other tracking technologies that collect personal data about you on our Sites, or otherwise collect and process personal data that we make available about you, including digital activity information. These Third-Party Digital Businesses use this information for several purposes, including to track activity across websites, to infer information about visitors, and to provide visitors with personalized content.  


If you want to opt-out of the “sale” or “sharing” of such personal data, exercise a separate opt-out request on our consent management platform (“CMP”) here.  Our CMP enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our Sites you visit, from each browser you use, and on each device that you use.  Because your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective and you will need to enable them again via our CMP. Please also refer to our Cookie Statement for other ways to exercise preferences regarding Third-Party Digital Businesses.  Beware that if you use ad-blocking software, our cookie banner may not appear when you visit our Sites and you may have to use the link above to access the CMP.  


How to Exercise Your Privacy Choices


You may exercise your privacy choices by any of the methods described below in “Contact Information.”  


You may request access to your personal data twice in any 12-month period, measured from the date we receive your first request.  If you submit a request to obtain your personal data more than twice in any 12-month period, we will either: (i) proceed with honoring your request; or (ii) deny your request in writing.


Consistent with our interest in the security of your personal data, we will not deliver to you your Social Security number or other government-issued ID number, financial account number, biometric information, or an account password together with security questions or answers in response to a request.


Verification


In order for you to exercise your privacy rights, we will need to obtain certain information from you to verify your identity.  For a report of the specific personal data we have collected about you, you must provide us with three of the following pieces of information in order for us to verify your identity:   


  • full name;

  • email address;

  • name of employer; or

  • business address.


You also must provide us with a signed declaration, under penalty of perjury, that you are who you say you are.  


For a report of the categories of personal data we have collected about you, for a request to delete your personal data, or for a request to opt out of the sale of your personal data, you must provide us with two of the above-referenced pieces of information in order for us to verify your identity.  


Where necessary, we may request additional information about you so that we can verify your identity. Where we did not already hold that information, we will use it only for the purpose of verifying your identity and to process your request.    


Timing  


We try to respond to requests to exercise privacy choices within 45 calendar days, unless we need more time, in which case we may take up to 90 calendar days total to respond to your request.  


California “Shine the Light” Law


Under California’s “Shine the Light” law, California residents who provide personal data in obtaining products/services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the consumer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of consumer information and the names and addresses of those businesses with which we shared consumer information for the immediately prior calendar year (e.g., requests made in 2024 will receive information regarding 2023 sharing activities).


To obtain this information please send an email message to [insert email] with “Request for California Privacy Information” on the subject line and in the body of your message. We will provide the requested applicable information to you at your e-mail address in response.


Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.


Additional Information for Nevada Residents


Nevada residents have the right to instruct us not to “sell” “covered information” as those terms are defined by Chapter 603A of the Nevada Revised Statutes. Although we do not currently “sell” “covered information” of Nevada residents, as those terms are defined under that law, you may contact us at [insert email] and provide your name, Nevada address, and email address to be verified and exercise your opt-out rights in the event we do sell covered information under that law in the future. If you change your email address or other contact information, contact us in the same manner to update your contact information to help facilitate your opt-out. Changing your contact information elsewhere (e.g., informational requests, account information, etc.) will not update your Nevada opt-out information and we will only use the information provided to our opt-out program for managing opt-outs.  It is your responsibility to keep your opt-out information current. If after opting-out you direct us to share your covered information with others, we will do so regardless of your prior opt-out.

10.  CONTACT INFORMATION


For general questions or comments, use the contact information below:


For EU/UK residents:

Phone: [insert phone number]

Email: [insert email address

Mailing Address: [insert mailing address]

You can contact our Data Protection Officer at: […]

The contact details of our EU representative are: […]


For U.S. residents: 

Phone: [insert phone number]

Mailing Address: [insert mailing address]


If you are seeking to exercise your privacy choices, you may call us at [insert toll free number] or by visiting the Your Privacy Choices webpage [here]. 


If you are having trouble viewing or accessing this Privacy Policy or need it made available to you in an alternative format, please contact us at [insert email]. 



INTRODUCTION


Badge Group, Inc. (“we”, “us” or “our” as the context may require) respect your privacy and are committed to protecting your personal data. This Privacy Policy (the “Privacy Policy”) applies to information collected through the websites that we operate (collectively, the “Sites”) or online and offline in our wallet-as-a-service platform (collectively, the “Services”) and does not cover any information collected by third parties (unless specifically stated). By accessing or using the Sites or using our Services, you are acknowledging the disclosures made in this Privacy Policy. The Privacy Policy may change from time to time, as set forth below. Your continued use of the Sites or our Services after we make changes is deemed to be your acknowledgment of those changes, so please check the Privacy Policy periodically for updates.


In most cases, we collect and process personal data solely in our capacity as a service provider to businesses who use our Services (collectively, “Business Customers”).  In that context, we receive personal data from our Business Customers and collect information from their customers about you on the Business Customers’ behalf for the business purpose of providing Services to such Business Customer and other legally permitted uses. If you are a customer of one of our Business Customers on whose behalf we have collected or processed your personal data, the rights and choices described below do not apply to personal data collected and processed on behalf of such Business Customer.  If you have questions or wish to exercise your rights or choices relating to such personal data, please contact that Business Customer directly.

This Privacy Policy does not apply to our job applicants, current employees, former employees, or independent contractors (collectively, “Personnel”); however, our California-based Personnel may obtain a separate privacy notice that applies to them by contacting our human resources department.


For purposes of this Privacy Policy, “personal data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.  It does not include information that cannot be used to infer information about, or otherwise be linked to, a particular consumer, such as aggregated data.  Except as restricted by applicable laws, we reserve the right to convert, or permit others to convert, your personal data into deidentified data or aggregate data, and may elect not to treat publicly available information as personal data, to the extent permitted by applicable law.  We will not attempt to reidentify data that we maintain as aggregated or deidentified.  


1. IMPORTANT INFORMATION AND WHO WE ARE


PURPOSE OF THIS PRIVACY POLICY


This Privacy Policy provides you with information on how we collect and process your personal data, including any data provided to us by Business Customers or that you may provide directly to us when you:


  • contact us for information about our Services;

  • purchase products from our Business Customers;

  • work with us in your capacity as an employee or authorized user of our Business Customer; and

  • connect with us via social media (e.g., Facebook).


If you are in the European Union (the “EU”), or if your personal data otherwise may be subject to the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679, or “GDPR”), and other applicable regulations, see “Your Legal Rights- European Economic Area, United Kingdom or Switzerland,” below, for information on how we collect and process your personal data in accordance with these laws.


If you are a U.S. resident, please see “Your Privacy Choices” below for more specific information about your privacy choices.

It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. 

CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

We regularly review our Privacy Policy. We reserve the right to alter, modify, update, add to, subtract from or otherwise change this Privacy Policy at any time. We will use your personal data in a manner consistent with the Privacy Policy in effect at the time we collected your personal data. We will notify you of material changes to this Privacy Policy to the extent required by applicable law; otherwise, you are responsible for periodically visiting the Sites and this Privacy Policy to check for any changes.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting us (see “Contact Information,” below).


THIRD-PARTY WEBSITES


The Sites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our Sites, we encourage you to read the privacy policy of any website you may visit.


2. THE PERSONAL DATA WE COLLECT ABOUT YOU


The categories of personal data we have collected about you in the previous 12 months and the purposes for which we used such personal data are as follows.


Category of Information

Description

Identifiers

Name,  internet protocol address, email address, or other similar identifiers.

Financial Information

Credit card numbers  and other financial information.

Commercial Information

Information about payments to and from you, and your preferences in receiving marketing from us and our third parties and your communication preferences.

Service and Internet Usage Information

Information such as internet protocol (IP) address, your login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, the URL that referred you to our Service; the areas within our Service that you visit and your activities there (including emails, such as whether you open them or click on links within), search history; information from your web browser header, and other technology on the devices you use to access the Sites or our Services.

Geolocation information

Information such as longitude and latitude from your IP address.

Sensory Data (Audio, electronic, visual, or similar information)

Profile pictures, customer testimonials, video recordings, meetings with customers or potential customers,  or audio recordings when you speak with our Customer Service Department.



We also collect, use and share “Aggregated Data” such as statistical or demographic data for any legal purpose. Aggregated Data could be derived from personal data but is not considered personal data under applicable laws, as this data will not directly or indirectly reveal the identity of an individual. For example, we may aggregate personal data to calculate the percentage of users accessing a specific feature of our Sites, Services, or as a consumer of one of our Business Customers through our Services to provide certain data analytics to our Business Customers. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify an individual, we treat the combined data as personal data that will be used in accordance with this Privacy Policy.


3. THE SOURCES FROM WHICH WE COLLECT YOUR PERSONAL DATA


To the extent permitted by applicable law and subject to your consenting to the installation of cookies where applicable, we may use different sources and methods to collect personal data from and about you, including through:


  • Direct interactions. You may give us personal data in our capacity as a service provider or processor to our Business Customers or for our own permitted purposes, by filling in forms or by corresponding with us by mail, phone, email or otherwise. This includes personal data you provide when you:

    • inquire about, purchase or request support for our Services;

    • register for one of our communities;

    • request marketing to be sent to you; 

    • connect with us via social media; 

    • participate in a promotion or survey; or 

    • give us feedback or contact us.

  • Interactions with our Business Customers. We may collect personal data that you provide to our Business Customers, in our capacity as a service provider or processor, when you:

    • Use our Services in your capacity as an authorized user of our Business Customer; or

    • work as an employee of our Business Customer. 

  • Automated technologies or interactions. As you interact with our Sites or our Services, we will automatically collect personal data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may use third party analytics services like Google Analytics to provide us with a clearer picture of how you use the Sites or our Services, including when you view specific pages or take specific actions on the Sites or use certain features or functionality within our Services. If you wish to learn more about our data collection process, please contact us; see “Contact Information” section below. 

  • Third parties or publicly available sources. We may receive personal data about you from various third parties, either in our capacity as a service provider or processor to our Business Customers or for our own permitted purposes, as set out below:

    • from analytics providers;

    • from search information providers;

    • from providers of technical and payment services such as banks;

    • from third-party service providers or processors of our Business Customers that integrate with our Services on behalf of our Business Customers;

    • from data brokers, event sponsors (e.g., tradeshows) or aggregators; and

    • from publicly available sources, such as government and administrative bodies.


4. HOW WE USE YOUR PERSONAL DATA 


We will only use your personal data in accordance with applicable laws and as directed by our Business Customers for which we are acting as a service provider or processor. We will use your personal data for the following purposes:


  1. to provide the Services and to register and administer accounts for Business Customers for use of our Sites and our Services; 

  2. to register and administer accounts for you as a customer of our Business Customer; 

  3. to provide support; diagnose, repair and track service and quality issues with our Services; authenticate your identity; verify eligibility for certain programs offered by our Business Customers; respond to requests, complaints, and inquiries; and otherwise facilitate your relationship with our Business Customers;

  4. for our own internal business purposes, such as to evaluate or audit the usage and performance of the Services; evaluate and improve the quality of the Services and design new products and services; internal research and analytics purposes; catalog your responses to surveys or questionnaires; or maintain internal business records;

  5. to administer and protect the Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data); to deliver relevant content to you on the Sites; to use data analytics to improve the Sites and experiences; 

  6. to make suggestions and recommendations to you about third party products or services that may be of interest to the Business Customer you represent;

  7. to prevent fraud, such as using personal data about you obtained through our Services and from our Business Customers, and for identity verification services to confirm your identity and to detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity; and

  8. for marketing, such as for contextual ad customization or to market the Services or the services of our Business Customers, or other third parties. We may use personal data we collect to send you newsletters, surveys, questionnaires, promotions, or information about events. 


Marketing and Advertising 


We may process personal data for relationship management and marketing, either as a service provider or processor for Business Customers or on our own behalf. This purpose includes sending marketing and promotional communications to individuals who have provided their consent or not objected to receiving such messages as may be appropriate given the nature of the relationship (or who have opted into such messages in those jurisdictions where opt-in consent is required), such as Service marketing, investor communications, Business Customer communications (e.g., product updates, training opportunities and invitations to corporate events), customer satisfaction surveys, supplier communications (e.g., requests for proposals), corporate communications, and Company news. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following ways for you to control your personal data that you have shared with us:


  • Promotional Offers from Us. You will receive marketing communications from us if you or your employer has requested information from us or purchased Services from us and you have provided your consent or not opted out of receiving that marketing.


  • Marketing Messages.  You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt-out of receiving these marketing messages, this will not apply to personal data collected by us from any of the other sources specified in Section 3.



Session Replay


We may use technology to monitor how you interact with our Services. This may include, without limitation, which links you click on, information that you type into our online forms, and about your device or browser. Further, we utilize session replay software to monitor and record mouse clicks and movements, keystrokes, and pages and content viewed by you.


Change of Purpose


We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us (See “Contact Information,” below). If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so, to the extent required under applicable law.


Please note that we may process your personal data without your knowledge or consent, in compliance with this Privacy Policy, where this is required or permitted by law.


Children’s Privacy


We recognize the importance of children’s safety and privacy on the Internet. For this reason, we do not knowingly sell any information, including personal data, from children under 16 years of age. If you think we may have unknowingly collected personal data of an individual under 16 years old, please contact us (See “Contact Information,” below). 


5.  DISCLOSURES OF YOUR PERSONAL DATA 


We may share your personal data with the parties set out below for the purposes set out in Section 4 above.


  • Service providers. Third parties acting as processors who provide services to us, including: (a) IT and system administration services (e.g., hosting); (b) marketing and advertising services; or (c) support, equipment installation or maintenance in connection with our Services and third-party service providers or processors of our Business Customers that integrate with our Services on behalf of our Business Customers.

  • Business Customers. Our customers, for which we act as a service provider or processor in connection with providing the Services.

  • Business Partners.  Resellers of our Services to Business Customers (“Business Partners”).

  • Professional advisers. Third parties acting as processors or joint controllers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

  • Parties to a corporate transaction. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share personal data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your personal data, but only in the manner set out in this Privacy Policy unless you agree otherwise.

  • Law enforcement and other government agencies. We may share information with third parties such as law enforcement or other government agencies to comply with law or legal requirements; to enforce or apply our Website Terms of Use and other agreements; and to protect our, our users’, or third parties’ rights, data, property or safety.


6. DATA SECURITY


We have put in place reasonable security measures to prevent your personal data from being accidentally lost, used or accessed, altered or disclosed without authorization.  However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal data, we cannot guarantee absolute security. If you have reason to believe that your personal data is no longer secure, please contact us immediately at support@trybadge.com.  


7. YOUR LEGAL RIGHTS - EUROPEAN ECONOMIC AREA (EEA), UNITED KINGDOM OR SWITZERLAND.


THIS SECTION ONLY APPLIES TO INDIVIDUALS THAT ARE LOCATED IN THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM OR SWITZERLAND AT THE TIME OF DATA COLLECTION. WE MAY ASK YOU TO IDENTIFY WHICH COUNTRY YOU ARE LOCATED IN WHEN YOU PURCHASE SOME OF OUR SERVICES, OR WE MAY RELY ON YOUR IP ADDRESS TO IDENTIFY YOUR COUNTRY LOCATION.


We are the controller of the personal data that you submit or that we obtain about you through our Sites.  Please do not hesitate to contact us if you have questions (contact information provided below).


We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity (except as required for affirmative action compliance), religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.


If you are in the EEA, United Kingdom or Switzerland, you have the following rights (where applicable):


Access. You have the right to request information and a copy of the personal data we are processing about you;


Rectification. You have the right to have incomplete or inaccurate personal data that we process about you rectified;


Deletion. You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims;


Restriction. You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete such data due to a legal or other obligation or because you do not wish for us to delete it;


Portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) information which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you;


Objection. Where the legal basis for processing your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests, or if we need to continue to process such data for the establishment, exercise, or defense of a legal claim;


Withdrawing  Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes where you wish to opt out from marketing messages.


You can make a request to exercise any of these rights in relation to your information by contacting us (see “Contact Information,” below). For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information. Please note that we may take up to 30 days to fulfill such request. We reserve the right to charge a fee when permitted by law, for instance if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.


You also have the right to lodge a complaint with the local data protection authority (“DPA”) if you believe that we have not complied with applicable data protection laws. A list of local DPAs in European countries is available here.


Legal Basis for Processing 


Processing Activity

Legal basis

  1. Provide the Services and to register and administer accounts for Business Customers for use of our Sites and our Services; 

Our legitimate interests (allowing us to fulfill our contractual obligations with our Business Customers).

  1. Provide support; diagnose, repair and track service and quality issues with our Services; authenticate your identity; verify eligibility for certain Business Customer programs; respond to requests, complaints, and inquiries; and otherwise facilitate your relationship with our Business Customers;

Our legitimate interests (allowing us to fulfill our contractual obligations with our Business Customers, improving our Services, ensuring security and increasing our sales).

  1. For our own internal business purposes, such as to evaluate or audit the usage and performance of the Services; evaluate and improve the quality of the Services and design new products and services; internal research and analytics purposes; catalog your responses to surveys or questionnaires; or maintain internal business records;

Our legitimate interests (design new products and services in line with customer preferences to increase our sales).


  1. To administer and protect the Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data); to deliver relevant content to you on the Sites; to use data analytics to improve the Sites and experiences; 

Our legitimate interests (to protect our company and customers against fraud and any other illicit activities and to design products and services in line with customer preferences to increase our sales).

  1. To make suggestions and recommendations to you about third-party products or services that may be of interest to the Business Customer you represent;

Our legitimate interests (expanding our relations with the Business Customer you represent).

  1. To enable you to participate in surveys;

The execution of a contract.

  1. To prevent fraud, such as using personal data about you obtained through our Services and from our Business Customers, and for identity verification services to confirm your identity and detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity; 

Our legitimate interests (to protect our company and customers against fraud and any other illicit activities and ensure the security of our products and services).

  1. For marketing, such as for contextual ad customization or to market the Services or the services of our Business Customers, or other third parties. We may use personal data we collect to send you newsletters, surveys, questionnaires, promotions, or information about events; 

Our legitimate interests (to promote our brand and increase our sales); or

Consent, as applicable.

  1. We process personal data to anonymize and aggregate information we have collected to use it for any purpose, including for research and product development purposes; 

Our legitimate interest (in designing new products and services that are aligned with our Business Customers’ preferences to increase our profitability).

  1. We process personal data to establish and exercise our legal claims and to defend against legal claims; 

Our legitimate interest (in protecting the commercial and economic interests of our business and stakeholders).

  1. Disclose your personal data to  service providers and business partners;


Our legitimate interests (to organize our business in line with our commercial and economic interests and to design new products and services in line with customer preferences to increase our sales).

Consent.

  1. Disclose your personal data to third parties in connection with the sale, purchase, merger, reorganization, liquidation, or dissolution of the company, or under similar circumstances; and

Our legitimate interests (to organize our business in line with our commercial and economic interests).


  1. Disclose your personal data to law enforcement and other government agencies.

To comply with legal obligations.

Our legitimate interests (to protect our legitimate commercial and economic interests to prevent fraud and any other illicit activities).

  1. Disclose your personal data to Professional advisers.

Our legitimate interests (to protect our legitimate commercial and economic interests or learning on business optimization techniques to increase our sales).


If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data). Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.


You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.


Generally (please see above), we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.


Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.


International Transfers


We share your personal data with our IT, development, consulting, hosting and other services providers within the U.S. and other countries. This will involve a transfer of your data outside the European Economic Area (the “EEA”) to territories which do not provide a level of privacy protection equivalent to that which exists in the EEA. This transfer will be made taking into account all necessary legal safeguards and following a privacy impact assessment of the transfer in question (such safeguards will generally include the conclusion of standard contractual clauses approved by the European Commission and, where necessary, the implementation of additional, usually technical, protection measures, such as encryption of the data). To obtain a copy of the safeguards or for further details about international data transfers, please contact us (See “Contact Information,” below).


No other transfers of personal data will be made to recipients in jurisdictions that do not provide a level of data protection equivalent to that in the EEA, unless expressly stated otherwise in the specific privacy notice applicable to that transfer. 


8. YOUR U.S. PRIVACY CHOICES


This section generally applies to U.S. residents.  If you are not a U.S. resident, the choices described in this section do not apply to you.


In most cases, we collect and process personal data solely in our capacity as a service provider or processor to our Business Customers.  In that context, we receive personal data from a Business Customer or collect information from you on behalf of a Business Customer for the business purpose of providing Services to such Business Customer and other legally permitted uses. If you are a customer of one of our Business Customers on whose behalf we have collected or processed your personal data, the choices described below do not apply to personal data collected and processed on behalf of such Business Customer.  If you have questions or wish to exercise choices relating to such personal data, please contact that Business Customer directly.


This Privacy Policy describes the personal data we collect from you, the sources of such personal data, and the purposes for which we use your personal data. Please see the discussion above under “The Personal Data We Collect About You,” “The Sources from Which We Collect Your Personal Data,” and “How We Use Your Personal Data,” respectively, for more information. 


Summary of Personal Data We Have Sold or Shared 


Below is a summary of the categories of personal data we have collected from consumers in the previous 12 months and the categories of third parties to whom we have sold or shared your personal data.  


Category of Personal Data

Categories of Third Parties to Whom We Sold Personal Data 

Internet Usage Information

Analytics companies, data brokers, third-party advertisers, and other tech companies that offer digital advertising services. 


Summary of Personal Data We Have Disclosed for a Business Purpose


Below is a summary of the categories of personal data we have collected in the previous 12 months and the categories of third parties with whom we have shared such personal data for business purposes.  


Category of Personal Data

Categories of Third Parties to Whom We Disclosed Personal Data for a Business Purposes

Identifiers

  • Service providers, such as providers of accounting services, audit services, IT services, or support services; 

  • Business Customers in connection with the provision of Services and requested transactions; 

  • Business Partners in connection with the provision of Services and requested transactions; and

  • Entities involved in a corporate reorganization, merger, or acquisition and their representatives.

Financial information

  • Service providers, such as providers of accounting services, audit services, IT services, or support services; 

  • Business Customers in connection with the provision of Services and requested transactions; 

  • Business Partners in connection with the provision of Services and requested transactions; and

  • Entities involved in a corporate reorganization, merger, or acquisition and their representatives.

Commercial information

  • Service providers, such as providers of accounting services, audit services, IT services, or support services.

Service and Internet Usage information

  • Service providers, such as providers of marketing services; and

  • Business Customers in connection with the provision of Services and requested transactions. 

Geolocation information

  • Service providers, such as providers of IT services; and

  • Business Customers in connection with the provision of Services and requested transactions. 

Sensory Data (Audio, electronic, visual, or similar information)

  • Service providers, such as providers of marketing services; and

  • Business Customers in connection with the provision of Services and requested transactions. 


Your Privacy Choices


With respect to your personal data, you may contact us through the methods described below in “How to Exercise Your Privacy Choices” and elect to:


  • Access Personal Data. Upon a verifiable request, made through one of the methods provided in the “Contact Information” section below, we will disclose to you the items listed below:

    • The categories of personal data we have collected about you;

    • The categories of sources from which the personal data was collected;

    • The business purpose behind collecting the personal data;

    • The categories of third parties with whom we have shared the information; and

    • The specific personal data we have collected about you.


  • Delete Personal Data. Upon a verifiable request, made through one of the methods provided in the “Contact Information” section below, we will delete personal data we have collected from you and direct our service providers and processors to delete your personal data from their records.  


  • Correct Personal Data. Upon a verifiable request, made through one of the methods provided in the “Contact Information” section below, we will correct inaccurate personal data that we maintain about you. 


  • Opt Out of the Sale of Personal Data. You may choose to opt out of any sales of your personal data.  Third-party digital businesses  including analytics companies, data brokers, third-party advertisers, and other tech companies that offer digital advertising services (“Third-Party Digital Businesses”) may associate cookies and other tracking technologies that collect personal data about you on our Sites, or otherwise collect and process personal data that we make available about you, including digital activity information. These Third-Party Digital Businesses use this information for several purposes, including to track activity across websites, to infer information about visitors, and to provide visitors with personalized content.  


If you want to opt-out of the “sale” or “sharing” of such personal data, exercise a separate opt-out request on our consent management platform (“CMP”) here.  Our CMP enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our Sites you visit, from each browser you use, and on each device that you use.  Because your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective and you will need to enable them again via our CMP. Please also refer to our Cookie Statement for other ways to exercise preferences regarding Third-Party Digital Businesses.  Beware that if you use ad-blocking software, our cookie banner may not appear when you visit our Sites and you may have to use the link above to access the CMP.  


How to Exercise Your Privacy Choices


You may exercise your privacy choices by any of the methods described below in “Contact Information.”  


You may request access to your personal data twice in any 12-month period, measured from the date we receive your first request.  If you submit a request to obtain your personal data more than twice in any 12-month period, we will either: (i) proceed with honoring your request; or (ii) deny your request in writing.


Consistent with our interest in the security of your personal data, we will not deliver to you your Social Security number or other government-issued ID number, financial account number, biometric information, or an account password together with security questions or answers in response to a request.


Verification


In order for you to exercise your privacy rights, we will need to obtain certain information from you to verify your identity.  For a report of the specific personal data we have collected about you, you must provide us with three of the following pieces of information in order for us to verify your identity:   


  • full name;

  • email address;

  • name of employer; or

  • business address.


You also must provide us with a signed declaration, under penalty of perjury, that you are who you say you are.  


For a report of the categories of personal data we have collected about you, for a request to delete your personal data, or for a request to opt out of the sale of your personal data, you must provide us with two of the above-referenced pieces of information in order for us to verify your identity.  


Where necessary, we may request additional information about you so that we can verify your identity. Where we did not already hold that information, we will use it only for the purpose of verifying your identity and to process your request.    


Timing  


We try to respond to requests to exercise privacy choices within 45 calendar days, unless we need more time, in which case we may take up to 90 calendar days total to respond to your request.  


California “Shine the Light” Law


Under California’s “Shine the Light” law, California residents who provide personal data in obtaining products/services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the consumer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of consumer information and the names and addresses of those businesses with which we shared consumer information for the immediately prior calendar year (e.g., requests made in 2024 will receive information regarding 2023 sharing activities).


To obtain this information please send an email message to [insert email] with “Request for California Privacy Information” on the subject line and in the body of your message. We will provide the requested applicable information to you at your e-mail address in response.


Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.


Additional Information for Nevada Residents


Nevada residents have the right to instruct us not to “sell” “covered information” as those terms are defined by Chapter 603A of the Nevada Revised Statutes. Although we do not currently “sell” “covered information” of Nevada residents, as those terms are defined under that law, you may contact us at [insert email] and provide your name, Nevada address, and email address to be verified and exercise your opt-out rights in the event we do sell covered information under that law in the future. If you change your email address or other contact information, contact us in the same manner to update your contact information to help facilitate your opt-out. Changing your contact information elsewhere (e.g., informational requests, account information, etc.) will not update your Nevada opt-out information and we will only use the information provided to our opt-out program for managing opt-outs.  It is your responsibility to keep your opt-out information current. If after opting-out you direct us to share your covered information with others, we will do so regardless of your prior opt-out.

10.  CONTACT INFORMATION


For general questions or comments, use the contact information below:


For EU/UK residents:

Phone: [insert phone number]

Email: [insert email address

Mailing Address: [insert mailing address]

You can contact our Data Protection Officer at: […]

The contact details of our EU representative are: […]


For U.S. residents: 

Phone: [insert phone number]

Mailing Address: [insert mailing address]


If you are seeking to exercise your privacy choices, you may call us at [insert toll free number] or by visiting the Your Privacy Choices webpage [here]. 


If you are having trouble viewing or accessing this Privacy Policy or need it made available to you in an alternative format, please contact us at [insert email]. 



INTRODUCTION


Badge Group, Inc. (“we”, “us” or “our” as the context may require) respect your privacy and are committed to protecting your personal data. This Privacy Policy (the “Privacy Policy”) applies to information collected through the websites that we operate (collectively, the “Sites”) or online and offline in our wallet-as-a-service platform (collectively, the “Services”) and does not cover any information collected by third parties (unless specifically stated). By accessing or using the Sites or using our Services, you are acknowledging the disclosures made in this Privacy Policy. The Privacy Policy may change from time to time, as set forth below. Your continued use of the Sites or our Services after we make changes is deemed to be your acknowledgment of those changes, so please check the Privacy Policy periodically for updates.


In most cases, we collect and process personal data solely in our capacity as a service provider to businesses who use our Services (collectively, “Business Customers”).  In that context, we receive personal data from our Business Customers and collect information from their customers about you on the Business Customers’ behalf for the business purpose of providing Services to such Business Customer and other legally permitted uses. If you are a customer of one of our Business Customers on whose behalf we have collected or processed your personal data, the rights and choices described below do not apply to personal data collected and processed on behalf of such Business Customer.  If you have questions or wish to exercise your rights or choices relating to such personal data, please contact that Business Customer directly.

This Privacy Policy does not apply to our job applicants, current employees, former employees, or independent contractors (collectively, “Personnel”); however, our California-based Personnel may obtain a separate privacy notice that applies to them by contacting our human resources department.


For purposes of this Privacy Policy, “personal data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.  It does not include information that cannot be used to infer information about, or otherwise be linked to, a particular consumer, such as aggregated data.  Except as restricted by applicable laws, we reserve the right to convert, or permit others to convert, your personal data into deidentified data or aggregate data, and may elect not to treat publicly available information as personal data, to the extent permitted by applicable law.  We will not attempt to reidentify data that we maintain as aggregated or deidentified.  


1. IMPORTANT INFORMATION AND WHO WE ARE


PURPOSE OF THIS PRIVACY POLICY


This Privacy Policy provides you with information on how we collect and process your personal data, including any data provided to us by Business Customers or that you may provide directly to us when you:


  • contact us for information about our Services;

  • purchase products from our Business Customers;

  • work with us in your capacity as an employee or authorized user of our Business Customer; and

  • connect with us via social media (e.g., Facebook).


If you are in the European Union (the “EU”), or if your personal data otherwise may be subject to the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679, or “GDPR”), and other applicable regulations, see “Your Legal Rights- European Economic Area, United Kingdom or Switzerland,” below, for information on how we collect and process your personal data in accordance with these laws.


If you are a U.S. resident, please see “Your Privacy Choices” below for more specific information about your privacy choices.

It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. 

CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

We regularly review our Privacy Policy. We reserve the right to alter, modify, update, add to, subtract from or otherwise change this Privacy Policy at any time. We will use your personal data in a manner consistent with the Privacy Policy in effect at the time we collected your personal data. We will notify you of material changes to this Privacy Policy to the extent required by applicable law; otherwise, you are responsible for periodically visiting the Sites and this Privacy Policy to check for any changes.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting us (see “Contact Information,” below).


THIRD-PARTY WEBSITES


The Sites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our Sites, we encourage you to read the privacy policy of any website you may visit.


2. THE PERSONAL DATA WE COLLECT ABOUT YOU


The categories of personal data we have collected about you in the previous 12 months and the purposes for which we used such personal data are as follows.


Category of Information

Description

Identifiers

Name,  internet protocol address, email address, or other similar identifiers.

Financial Information

Credit card numbers  and other financial information.

Commercial Information

Information about payments to and from you, and your preferences in receiving marketing from us and our third parties and your communication preferences.

Service and Internet Usage Information

Information such as internet protocol (IP) address, your login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, the URL that referred you to our Service; the areas within our Service that you visit and your activities there (including emails, such as whether you open them or click on links within), search history; information from your web browser header, and other technology on the devices you use to access the Sites or our Services.

Geolocation information

Information such as longitude and latitude from your IP address.

Sensory Data (Audio, electronic, visual, or similar information)

Profile pictures, customer testimonials, video recordings, meetings with customers or potential customers,  or audio recordings when you speak with our Customer Service Department.



We also collect, use and share “Aggregated Data” such as statistical or demographic data for any legal purpose. Aggregated Data could be derived from personal data but is not considered personal data under applicable laws, as this data will not directly or indirectly reveal the identity of an individual. For example, we may aggregate personal data to calculate the percentage of users accessing a specific feature of our Sites, Services, or as a consumer of one of our Business Customers through our Services to provide certain data analytics to our Business Customers. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify an individual, we treat the combined data as personal data that will be used in accordance with this Privacy Policy.


3. THE SOURCES FROM WHICH WE COLLECT YOUR PERSONAL DATA


To the extent permitted by applicable law and subject to your consenting to the installation of cookies where applicable, we may use different sources and methods to collect personal data from and about you, including through:


  • Direct interactions. You may give us personal data in our capacity as a service provider or processor to our Business Customers or for our own permitted purposes, by filling in forms or by corresponding with us by mail, phone, email or otherwise. This includes personal data you provide when you:

    • inquire about, purchase or request support for our Services;

    • register for one of our communities;

    • request marketing to be sent to you; 

    • connect with us via social media; 

    • participate in a promotion or survey; or 

    • give us feedback or contact us.

  • Interactions with our Business Customers. We may collect personal data that you provide to our Business Customers, in our capacity as a service provider or processor, when you:

    • Use our Services in your capacity as an authorized user of our Business Customer; or

    • work as an employee of our Business Customer. 

  • Automated technologies or interactions. As you interact with our Sites or our Services, we will automatically collect personal data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may use third party analytics services like Google Analytics to provide us with a clearer picture of how you use the Sites or our Services, including when you view specific pages or take specific actions on the Sites or use certain features or functionality within our Services. If you wish to learn more about our data collection process, please contact us; see “Contact Information” section below. 

  • Third parties or publicly available sources. We may receive personal data about you from various third parties, either in our capacity as a service provider or processor to our Business Customers or for our own permitted purposes, as set out below:

    • from analytics providers;

    • from search information providers;

    • from providers of technical and payment services such as banks;

    • from third-party service providers or processors of our Business Customers that integrate with our Services on behalf of our Business Customers;

    • from data brokers, event sponsors (e.g., tradeshows) or aggregators; and

    • from publicly available sources, such as government and administrative bodies.


4. HOW WE USE YOUR PERSONAL DATA 


We will only use your personal data in accordance with applicable laws and as directed by our Business Customers for which we are acting as a service provider or processor. We will use your personal data for the following purposes:


  1. to provide the Services and to register and administer accounts for Business Customers for use of our Sites and our Services; 

  2. to register and administer accounts for you as a customer of our Business Customer; 

  3. to provide support; diagnose, repair and track service and quality issues with our Services; authenticate your identity; verify eligibility for certain programs offered by our Business Customers; respond to requests, complaints, and inquiries; and otherwise facilitate your relationship with our Business Customers;

  4. for our own internal business purposes, such as to evaluate or audit the usage and performance of the Services; evaluate and improve the quality of the Services and design new products and services; internal research and analytics purposes; catalog your responses to surveys or questionnaires; or maintain internal business records;

  5. to administer and protect the Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data); to deliver relevant content to you on the Sites; to use data analytics to improve the Sites and experiences; 

  6. to make suggestions and recommendations to you about third party products or services that may be of interest to the Business Customer you represent;

  7. to prevent fraud, such as using personal data about you obtained through our Services and from our Business Customers, and for identity verification services to confirm your identity and to detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity; and

  8. for marketing, such as for contextual ad customization or to market the Services or the services of our Business Customers, or other third parties. We may use personal data we collect to send you newsletters, surveys, questionnaires, promotions, or information about events. 


Marketing and Advertising 


We may process personal data for relationship management and marketing, either as a service provider or processor for Business Customers or on our own behalf. This purpose includes sending marketing and promotional communications to individuals who have provided their consent or not objected to receiving such messages as may be appropriate given the nature of the relationship (or who have opted into such messages in those jurisdictions where opt-in consent is required), such as Service marketing, investor communications, Business Customer communications (e.g., product updates, training opportunities and invitations to corporate events), customer satisfaction surveys, supplier communications (e.g., requests for proposals), corporate communications, and Company news. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following ways for you to control your personal data that you have shared with us:


  • Promotional Offers from Us. You will receive marketing communications from us if you or your employer has requested information from us or purchased Services from us and you have provided your consent or not opted out of receiving that marketing.


  • Marketing Messages.  You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt-out of receiving these marketing messages, this will not apply to personal data collected by us from any of the other sources specified in Section 3.



Session Replay


We may use technology to monitor how you interact with our Services. This may include, without limitation, which links you click on, information that you type into our online forms, and about your device or browser. Further, we utilize session replay software to monitor and record mouse clicks and movements, keystrokes, and pages and content viewed by you.


Change of Purpose


We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us (See “Contact Information,” below). If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so, to the extent required under applicable law.


Please note that we may process your personal data without your knowledge or consent, in compliance with this Privacy Policy, where this is required or permitted by law.


Children’s Privacy


We recognize the importance of children’s safety and privacy on the Internet. For this reason, we do not knowingly sell any information, including personal data, from children under 16 years of age. If you think we may have unknowingly collected personal data of an individual under 16 years old, please contact us (See “Contact Information,” below). 


5.  DISCLOSURES OF YOUR PERSONAL DATA 


We may share your personal data with the parties set out below for the purposes set out in Section 4 above.


  • Service providers. Third parties acting as processors who provide services to us, including: (a) IT and system administration services (e.g., hosting); (b) marketing and advertising services; or (c) support, equipment installation or maintenance in connection with our Services and third-party service providers or processors of our Business Customers that integrate with our Services on behalf of our Business Customers.

  • Business Customers. Our customers, for which we act as a service provider or processor in connection with providing the Services.

  • Business Partners.  Resellers of our Services to Business Customers (“Business Partners”).

  • Professional advisers. Third parties acting as processors or joint controllers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

  • Parties to a corporate transaction. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share personal data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your personal data, but only in the manner set out in this Privacy Policy unless you agree otherwise.

  • Law enforcement and other government agencies. We may share information with third parties such as law enforcement or other government agencies to comply with law or legal requirements; to enforce or apply our Website Terms of Use and other agreements; and to protect our, our users’, or third parties’ rights, data, property or safety.


6. DATA SECURITY


We have put in place reasonable security measures to prevent your personal data from being accidentally lost, used or accessed, altered or disclosed without authorization.  However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal data, we cannot guarantee absolute security. If you have reason to believe that your personal data is no longer secure, please contact us immediately at support@trybadge.com.  


7. YOUR LEGAL RIGHTS - EUROPEAN ECONOMIC AREA (EEA), UNITED KINGDOM OR SWITZERLAND.


THIS SECTION ONLY APPLIES TO INDIVIDUALS THAT ARE LOCATED IN THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM OR SWITZERLAND AT THE TIME OF DATA COLLECTION. WE MAY ASK YOU TO IDENTIFY WHICH COUNTRY YOU ARE LOCATED IN WHEN YOU PURCHASE SOME OF OUR SERVICES, OR WE MAY RELY ON YOUR IP ADDRESS TO IDENTIFY YOUR COUNTRY LOCATION.


We are the controller of the personal data that you submit or that we obtain about you through our Sites.  Please do not hesitate to contact us if you have questions (contact information provided below).


We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity (except as required for affirmative action compliance), religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.


If you are in the EEA, United Kingdom or Switzerland, you have the following rights (where applicable):


Access. You have the right to request information and a copy of the personal data we are processing about you;


Rectification. You have the right to have incomplete or inaccurate personal data that we process about you rectified;


Deletion. You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims;


Restriction. You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete such data due to a legal or other obligation or because you do not wish for us to delete it;


Portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) information which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you;


Objection. Where the legal basis for processing your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests, or if we need to continue to process such data for the establishment, exercise, or defense of a legal claim;


Withdrawing  Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes where you wish to opt out from marketing messages.


You can make a request to exercise any of these rights in relation to your information by contacting us (see “Contact Information,” below). For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information. Please note that we may take up to 30 days to fulfill such request. We reserve the right to charge a fee when permitted by law, for instance if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.


You also have the right to lodge a complaint with the local data protection authority (“DPA”) if you believe that we have not complied with applicable data protection laws. A list of local DPAs in European countries is available here.


Legal Basis for Processing 


Processing Activity

Legal basis

  1. Provide the Services and to register and administer accounts for Business Customers for use of our Sites and our Services; 

Our legitimate interests (allowing us to fulfill our contractual obligations with our Business Customers).

  1. Provide support; diagnose, repair and track service and quality issues with our Services; authenticate your identity; verify eligibility for certain Business Customer programs; respond to requests, complaints, and inquiries; and otherwise facilitate your relationship with our Business Customers;

Our legitimate interests (allowing us to fulfill our contractual obligations with our Business Customers, improving our Services, ensuring security and increasing our sales).

  1. For our own internal business purposes, such as to evaluate or audit the usage and performance of the Services; evaluate and improve the quality of the Services and design new products and services; internal research and analytics purposes; catalog your responses to surveys or questionnaires; or maintain internal business records;

Our legitimate interests (design new products and services in line with customer preferences to increase our sales).


  1. To administer and protect the Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data); to deliver relevant content to you on the Sites; to use data analytics to improve the Sites and experiences; 

Our legitimate interests (to protect our company and customers against fraud and any other illicit activities and to design products and services in line with customer preferences to increase our sales).

  1. To make suggestions and recommendations to you about third-party products or services that may be of interest to the Business Customer you represent;

Our legitimate interests (expanding our relations with the Business Customer you represent).

  1. To enable you to participate in surveys;

The execution of a contract.

  1. To prevent fraud, such as using personal data about you obtained through our Services and from our Business Customers, and for identity verification services to confirm your identity and detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity; 

Our legitimate interests (to protect our company and customers against fraud and any other illicit activities and ensure the security of our products and services).

  1. For marketing, such as for contextual ad customization or to market the Services or the services of our Business Customers, or other third parties. We may use personal data we collect to send you newsletters, surveys, questionnaires, promotions, or information about events; 

Our legitimate interests (to promote our brand and increase our sales); or

Consent, as applicable.

  1. We process personal data to anonymize and aggregate information we have collected to use it for any purpose, including for research and product development purposes; 

Our legitimate interest (in designing new products and services that are aligned with our Business Customers’ preferences to increase our profitability).

  1. We process personal data to establish and exercise our legal claims and to defend against legal claims; 

Our legitimate interest (in protecting the commercial and economic interests of our business and stakeholders).

  1. Disclose your personal data to  service providers and business partners;


Our legitimate interests (to organize our business in line with our commercial and economic interests and to design new products and services in line with customer preferences to increase our sales).

Consent.

  1. Disclose your personal data to third parties in connection with the sale, purchase, merger, reorganization, liquidation, or dissolution of the company, or under similar circumstances; and

Our legitimate interests (to organize our business in line with our commercial and economic interests).


  1. Disclose your personal data to law enforcement and other government agencies.

To comply with legal obligations.

Our legitimate interests (to protect our legitimate commercial and economic interests to prevent fraud and any other illicit activities).

  1. Disclose your personal data to Professional advisers.

Our legitimate interests (to protect our legitimate commercial and economic interests or learning on business optimization techniques to increase our sales).


If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data). Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.


You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.


Generally (please see above), we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.


Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.


International Transfers


We share your personal data with our IT, development, consulting, hosting and other services providers within the U.S. and other countries. This will involve a transfer of your data outside the European Economic Area (the “EEA”) to territories which do not provide a level of privacy protection equivalent to that which exists in the EEA. This transfer will be made taking into account all necessary legal safeguards and following a privacy impact assessment of the transfer in question (such safeguards will generally include the conclusion of standard contractual clauses approved by the European Commission and, where necessary, the implementation of additional, usually technical, protection measures, such as encryption of the data). To obtain a copy of the safeguards or for further details about international data transfers, please contact us (See “Contact Information,” below).


No other transfers of personal data will be made to recipients in jurisdictions that do not provide a level of data protection equivalent to that in the EEA, unless expressly stated otherwise in the specific privacy notice applicable to that transfer. 


8. YOUR U.S. PRIVACY CHOICES


This section generally applies to U.S. residents.  If you are not a U.S. resident, the choices described in this section do not apply to you.


In most cases, we collect and process personal data solely in our capacity as a service provider or processor to our Business Customers.  In that context, we receive personal data from a Business Customer or collect information from you on behalf of a Business Customer for the business purpose of providing Services to such Business Customer and other legally permitted uses. If you are a customer of one of our Business Customers on whose behalf we have collected or processed your personal data, the choices described below do not apply to personal data collected and processed on behalf of such Business Customer.  If you have questions or wish to exercise choices relating to such personal data, please contact that Business Customer directly.


This Privacy Policy describes the personal data we collect from you, the sources of such personal data, and the purposes for which we use your personal data. Please see the discussion above under “The Personal Data We Collect About You,” “The Sources from Which We Collect Your Personal Data,” and “How We Use Your Personal Data,” respectively, for more information. 


Summary of Personal Data We Have Sold or Shared 


Below is a summary of the categories of personal data we have collected from consumers in the previous 12 months and the categories of third parties to whom we have sold or shared your personal data.  


Category of Personal Data

Categories of Third Parties to Whom We Sold Personal Data 

Internet Usage Information

Analytics companies, data brokers, third-party advertisers, and other tech companies that offer digital advertising services. 


Summary of Personal Data We Have Disclosed for a Business Purpose


Below is a summary of the categories of personal data we have collected in the previous 12 months and the categories of third parties with whom we have shared such personal data for business purposes.  


Category of Personal Data

Categories of Third Parties to Whom We Disclosed Personal Data for a Business Purposes

Identifiers

  • Service providers, such as providers of accounting services, audit services, IT services, or support services; 

  • Business Customers in connection with the provision of Services and requested transactions; 

  • Business Partners in connection with the provision of Services and requested transactions; and

  • Entities involved in a corporate reorganization, merger, or acquisition and their representatives.

Financial information

  • Service providers, such as providers of accounting services, audit services, IT services, or support services; 

  • Business Customers in connection with the provision of Services and requested transactions; 

  • Business Partners in connection with the provision of Services and requested transactions; and

  • Entities involved in a corporate reorganization, merger, or acquisition and their representatives.

Commercial information

  • Service providers, such as providers of accounting services, audit services, IT services, or support services.

Service and Internet Usage information

  • Service providers, such as providers of marketing services; and

  • Business Customers in connection with the provision of Services and requested transactions. 

Geolocation information

  • Service providers, such as providers of IT services; and

  • Business Customers in connection with the provision of Services and requested transactions. 

Sensory Data (Audio, electronic, visual, or similar information)

  • Service providers, such as providers of marketing services; and

  • Business Customers in connection with the provision of Services and requested transactions. 


Your Privacy Choices


With respect to your personal data, you may contact us through the methods described below in “How to Exercise Your Privacy Choices” and elect to:


  • Access Personal Data. Upon a verifiable request, made through one of the methods provided in the “Contact Information” section below, we will disclose to you the items listed below:

    • The categories of personal data we have collected about you;

    • The categories of sources from which the personal data was collected;

    • The business purpose behind collecting the personal data;

    • The categories of third parties with whom we have shared the information; and

    • The specific personal data we have collected about you.


  • Delete Personal Data. Upon a verifiable request, made through one of the methods provided in the “Contact Information” section below, we will delete personal data we have collected from you and direct our service providers and processors to delete your personal data from their records.  


  • Correct Personal Data. Upon a verifiable request, made through one of the methods provided in the “Contact Information” section below, we will correct inaccurate personal data that we maintain about you. 


  • Opt Out of the Sale of Personal Data. You may choose to opt out of any sales of your personal data.  Third-party digital businesses  including analytics companies, data brokers, third-party advertisers, and other tech companies that offer digital advertising services (“Third-Party Digital Businesses”) may associate cookies and other tracking technologies that collect personal data about you on our Sites, or otherwise collect and process personal data that we make available about you, including digital activity information. These Third-Party Digital Businesses use this information for several purposes, including to track activity across websites, to infer information about visitors, and to provide visitors with personalized content.  


If you want to opt-out of the “sale” or “sharing” of such personal data, exercise a separate opt-out request on our consent management platform (“CMP”) here.  Our CMP enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our Sites you visit, from each browser you use, and on each device that you use.  Because your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective and you will need to enable them again via our CMP. Please also refer to our Cookie Statement for other ways to exercise preferences regarding Third-Party Digital Businesses.  Beware that if you use ad-blocking software, our cookie banner may not appear when you visit our Sites and you may have to use the link above to access the CMP.  


How to Exercise Your Privacy Choices


You may exercise your privacy choices by any of the methods described below in “Contact Information.”  


You may request access to your personal data twice in any 12-month period, measured from the date we receive your first request.  If you submit a request to obtain your personal data more than twice in any 12-month period, we will either: (i) proceed with honoring your request; or (ii) deny your request in writing.


Consistent with our interest in the security of your personal data, we will not deliver to you your Social Security number or other government-issued ID number, financial account number, biometric information, or an account password together with security questions or answers in response to a request.


Verification


In order for you to exercise your privacy rights, we will need to obtain certain information from you to verify your identity.  For a report of the specific personal data we have collected about you, you must provide us with three of the following pieces of information in order for us to verify your identity:   


  • full name;

  • email address;

  • name of employer; or

  • business address.


You also must provide us with a signed declaration, under penalty of perjury, that you are who you say you are.  


For a report of the categories of personal data we have collected about you, for a request to delete your personal data, or for a request to opt out of the sale of your personal data, you must provide us with two of the above-referenced pieces of information in order for us to verify your identity.  


Where necessary, we may request additional information about you so that we can verify your identity. Where we did not already hold that information, we will use it only for the purpose of verifying your identity and to process your request.    


Timing  


We try to respond to requests to exercise privacy choices within 45 calendar days, unless we need more time, in which case we may take up to 90 calendar days total to respond to your request.  


California “Shine the Light” Law


Under California’s “Shine the Light” law, California residents who provide personal data in obtaining products/services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the consumer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of consumer information and the names and addresses of those businesses with which we shared consumer information for the immediately prior calendar year (e.g., requests made in 2024 will receive information regarding 2023 sharing activities).


To obtain this information please send an email message to [insert email] with “Request for California Privacy Information” on the subject line and in the body of your message. We will provide the requested applicable information to you at your e-mail address in response.


Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.


Additional Information for Nevada Residents


Nevada residents have the right to instruct us not to “sell” “covered information” as those terms are defined by Chapter 603A of the Nevada Revised Statutes. Although we do not currently “sell” “covered information” of Nevada residents, as those terms are defined under that law, you may contact us at [insert email] and provide your name, Nevada address, and email address to be verified and exercise your opt-out rights in the event we do sell covered information under that law in the future. If you change your email address or other contact information, contact us in the same manner to update your contact information to help facilitate your opt-out. Changing your contact information elsewhere (e.g., informational requests, account information, etc.) will not update your Nevada opt-out information and we will only use the information provided to our opt-out program for managing opt-outs.  It is your responsibility to keep your opt-out information current. If after opting-out you direct us to share your covered information with others, we will do so regardless of your prior opt-out.

10.  CONTACT INFORMATION


For general questions or comments, use the contact information below:


For EU/UK residents:

Phone: [insert phone number]

Email: [insert email address

Mailing Address: [insert mailing address]

You can contact our Data Protection Officer at: […]

The contact details of our EU representative are: […]


For U.S. residents: 

Phone: [insert phone number]

Mailing Address: [insert mailing address]


If you are seeking to exercise your privacy choices, you may call us at [insert toll free number] or by visiting the Your Privacy Choices webpage [here]. 


If you are having trouble viewing or accessing this Privacy Policy or need it made available to you in an alternative format, please contact us at [insert email]. 



Get in touch.
If you're building anything wallet-related, we'd love to help.

Talk to sales

We'd love to talk about how we can work together.

Get help & support

Let our support team know how we can help.

Partner with us

We work with agencies, technology partners, leagues, and more.

Get in touch.
If you're building anything wallet-related, we'd love to help.
If you're building anything wallet-related, we'd love to help.

Talk to sales

We'd love to talk about how we can work together.

Talk to sales

We'd love to talk about how we can work together.

Get help & support

Let our support team know how we can help.

Get help & support

Let our support team know how we can help.

Partner with us

We work with agencies, technology partners, leagues, and more.

Partner with us

We work with agencies, technology partners, leagues, and more.

Get in touch.
If you're building anything wallet-related, we'd love to help.
If you're building anything wallet-related, we'd love to help.

Talk to sales

We'd love to talk about how we can work together.

Talk to sales

We'd love to talk about how we can work together.

Get help & support

Let our support team know how we can help.

Get help & support

Let our support team know how we can help.

Partner with us

We work with agencies, technology partners, leagues, and more.

Partner with us

We work with agencies, technology partners, leagues, and more.