Updated March 9, 2021
Loyalty Gator provides customizable loyalty program solutions for businesses of all sizes (“clients”). We enable our clients to run customer and employee loyalty programs and administer customized gift card programs (our “services”). Our website, customer web portals, and Loyalty Dashboard are the primary tools through which we connect our clients and their customers to these services.
What Personal Data Does Loyalty Gator Gather, and Why?
The information that Loyalty Gator gathers from clients allows us to run our business. For example, it allows us to set up a client account, communicate with clients, provide support, and enable payments.
Information Our Clients Provide
We receive and store the information our clients supply to us when they create an account and when they communicate with us by email, virtual chat, telephone, or social media. We also receive and store information that potential clients supply when they communicate with us via our web portal. This information includes, for example, first and last name, company name, email address, and location. We also enable clients to create a login and password, which allows us to ensure that they can securely use our services.
Loyalty Gator requests credit card numbers in order to process online payments. We receive these numbers and process payments via DocuSign and Stripe, PCI-compliant third-party platforms. Loyalty Gator does not store credit card information on its own systems.
Automatic Information Collected from Clients
In order to provide you with services that are optimized for your particular location, we may collect information about your location and your mobile device, including a unique identifier for the device. Other information we collect and analyze includes the Internet Protocol (IP) address used to connect your computer to the Internet, computer and connection information such as browser type, version, language, and time zone setting, browser plug-in type and version, screen resolution, and operating system and platform. This information is stored in log files and is collected automatically. We collect this technical information to better understand user needs and provide clients with an optimal online experience.
We also collect aggregate usage data for our website, which may include browsing patterns, to enable us to understand how our website is being used and to develop and refine it to better serve our clients. We may also aggregate usage information across customers to enable particular features.
Processing Data on Behalf of Our Clients
Loyalty Gator enables its clients to set up and administer their own customer and employee loyalty point programs. In doing so, Loyalty Gator empowers its clients to determine what data they will collect from their customers or employees, the purposes for which they will collect it, and the means of processing it. When a client sets up a loyalty program, the client acts as the data controller and Loyalty Gator processes and stores personal data on its behalf, as a data processor.
Loyalty Gator sets out its privacy and security responsibilities, and the respective privacy and security responsibilities of its clients, in a Terms of Service. This includes the need for clients to comply with privacy obligations as data controllers. Loyalty Gator has taken a number of steps to help its clients fulfill their privacy obligations, including the preparation of template privacy policies, terms of service, and “rules and regulations” that clients are asked to modify to suit their particular situation. However, it is the responsibility of the client, as the controller of the data, to ensure that it has met its respective privacy obligations.
Our Legal Bases for Processing Personal Information
For personal data under the control of Loyalty Gator, we rely on three bases to lawfully obtain and process personal information. First, where clients have given us valid consent to use their data in certain ways, we rely on that consent.
Second, in some instances we process personal information in accordance with a contract between clients and ourselves: our Terms of Service.
Third, as described in more detail below, in certain cases we may process information where this is necessary to meet legal obligations, such as compliance with law enforcement subpoenas or warrants, and/or further legitimate interests, so long as any such legitimate interests are not overridden by your rights or interests.
How and When Do We Share Information?
Loyalty Gator is not in the business of selling your information. As set out below, we only share information on a limited basis in order to enable us to offer our services. We do not otherwise make customer data available to third parties.
Service Providers: We employ other organizations and service providers to perform certain functions on our behalf. This includes: operating our support ticket system, scheduling, invoicing and client account management, bookkeeping, marketing and customer service assistance, processing payments, and legal document management.
These third parties have only limited access to your information, may use your information only to perform these tasks on our behalf, and are obligated to Loyalty Gator not to disclose or use your information for other purposes.
If you have any questions about the specific service providers we currently use, please contact our Privacy Compliance Officer by using the contact information set out at bottom.
Legal Compliance / Protection of the Public and Our Business/Legitimate Interests
We will release personal and account information in response to lawful requests by public authorities, including to meet legitimate national security or law enforcement requirements; to protect, establish, or exercise our legal rights or defend against legal claims, including to collect a debt; to comply with a subpoena, court order, legal process, or other legal requirement; or when we believe in good faith that such disclosure is necessary to comply with the law, prevent imminent physical harm or financial loss, or investigate, prevent, or take action regarding illegal activities, suspected fraud, threats to our property, or violations of our Terms of Service.
In limited circumstances, we may also exchange certain information with other companies and organizations for the specific purpose of fraud protection. However, this does not include selling, renting, sharing, or otherwise disclosing personally identifiable information from customers for commercial purposes in violation of the commitments set forth here.
We may also share your information during a corporate transaction like a merger, or sale of our assets. If a corporate transaction occurs, we will provide notification of any changes to control of your information, as well as choices you may have.
Our Services are not designed for, and are not marketed to, people under the age of 18 (“minors”). We do not knowingly collect or ask for information from minors, and we do not knowingly allow minors to use our services. By using our services or accessing our website, clients represent that they are at least the age of majority in their country, state and/or province of residence.
Loyalty Gator is based in Canada, processes some of its data in the United States and Ireland, and makes its services available around the world. Canada, the United States, Member States of the European Economic Area (“EEA”), and other countries are governed by different laws. When your data is moved from its home country to another country, the laws and rules that protect your personal information in the country to which your information is transferred may be different from those in the country where you reside. For example, the legal requirements for law enforcement to gain access to personal information may vary between countries. If your personal data is in the United States, it may be accessed by government authorities in accordance with American law.
Loyalty Gator provides voluntary services and you can choose whether or not you wish to use them. In order to make our website and loyalty services work as they do, and to enable basic functionality, we ask clients to agree to our Terms of Service, which sets out the contract between Loyalty Gator and our clients. Because we offer our services to people in different countries and use technical infrastructure based in Canada and the United States, we need to transfer your personal information across borders in order to deliver our services. When you sign up for an account to use our services, we ask for your consent to the transfer of your personal data abroad, including to Canada and the United States, so that we can process your information and provide our services in accordance with this policy.
How Secure Is Your Information?
We maintain administrative, technical and physical safeguards designed to protect the privacy and security of the information we maintain about you. When you provide us with personal information, the connection between your computer and our server is encrypted using Secure Sockets Layer (SSL) software that encrypts that information. We use a Digital Certificate and secure pages will be identified by a padlock sign and “https://” in the address bar. We store our data in protected databases on secured servers with restricted access. We also use hardware and software firewalls, screen for viruses and malware, and utilize monitoring services to mitigate threats. However, no method of transmission or storage is 100% secure.
Client accounts are protected by a password of the client’s choice. It is very important for clients to protect against the theft or unauthorized access of this login and password.
What Are Your Rights?
Upon request, Loyalty Gator will provide clients with information about whether we hold any of their personal information. In certain cases, subject to relevant legal rights, clients have the right to object to the processing of their personal information, to request changes, corrections, or the deletion of their personal information, and to obtain a copy of their personal information in an easily accessible format. In order to do this, clients can contact our Privacy Compliance Officer by using the information provided below. We will respond to every request within a reasonable timeframe and may need to take reasonable steps to confirm identity before proceeding.
You may withdraw your consent to our processing of your information and the use of our services at any time. This can be done by contacting our Privacy Compliance Officer via the contact information below, at any time to request that your personal information be deleted. You may also fill out the Account Cancellation Form found in our Support Portal to have your account deleted. If you withdraw your consent to the use or sharing of your personal information for the purposes set out in this policy, we may not be able to provide you with our services. Please note that in certain cases we may continue to process your information after you have withdrawn consent and requested that we delete your information if we have a legal basis to do so.
We offer our clients the opportunity to receive information about our company and products that we think may be of interest to them. If clients no longer wish to receive such information then we will stop sending it. Any of these emails that we send contain an obvious means of unsubscribing from further messages, with a link appearing at the bottom of the email.
Enabling the Data Rights of Your Loyalty Customers or Employees
Our clients are the data controllers of the personal data they collect for the loyalty programs they administer. They are therefore responsible for enabling the data rights of their customers or employees. Depending on the relevant legal rights of those customers, including the applicability of the GDPR for EU data subjects, this may include the right for customers or employees to object to the processing of their personal information, to request changes, corrections, or the deletion of their personal information, and to obtain a copy of their personal information in an easily accessible format. In certain circumstances, such as the use of employee incentive programs to analyse or predict performance at work, this may also include the need to provide meaningful information about the analysis being made and the envisaged consequences of such processing.
Loyalty Gator addresses this issue with clients in our Terms of Service and can assist clients in discharging these obligations upon request. If you have any questions about these obligations, or if we can assist you in this respect, please contact our Privacy Compliance Officer by using the contact information below.
For personal data under its control, Loyalty Gator will retain such data only for as long as is necessary for the purposes set out in this policy, for as long as the client account remains open (i.e., for the lifetime of the account), or as needed to provide clients with our services. If a client no longer wishes to use our services then it may close its account at any time with 30 days notice. When a client deletes their account we delete all the account’s data. We will, however, continue to store the client’s business contact information in order to communicate with the client, answer questions, or provide support.
Notwithstanding the above, Loyalty Gator will retain and use client information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, and enforce our agreements. We may also retain log files for the purpose of internal analysis, for site safety and security, to improve site functionality, or where we are legally required to retain them for longer time periods.
Clients are responsible for determining their own retention periods in relation to the personal data they process for their loyalty programs. If we can assist clients in discharging this obligation, we invite them to contact our Privacy Compliance Officer by using the contact information below.
If you have any questions, comments or suggestions about how we handle personal information you can contact Loyalty Gator and/or contact our Privacy Compliance Officer by using the contact information below. You can also write to us at the following address:
Attn: Jennifer Thorndyke
18 King Street East, Suite 1400
Toronto, ON M5C 1C4