Privacy Policy

Effective 06/29/2023

1.1. Purpose of Policy

Bridg, a division of Cardlytics, Inc.(“Bridg,” “we,” “us,” “our” or “Company”) is committed to respecting the privacy rights of its customers, visitors, and other users of the Company Website(www.bridg.com, www.relevantloyalty.net, www.relevantmobile.com) and any affiliated sites (the “Site”) and any services, applications, and software provided by and made available by Bridg (collectively referred to as “Services”). Our affiliates, including our parent company Cardlytics, Inc., have their own privacy policies that apply to data they collect from the products, services, and applications they provide. Any data collected pursuant to this Policy that is disclosed to our affiliates will still be treated consistently with this Policy.  

We created this Privacy Policy (this “Policy”) to give you confidence as you visit and use the Services, and to demonstrate our commitment to fair information practices and the protection of privacy. Accordingly, we abide by the following privacy principles for all the personally identifiable information we collect from you.

Bridg may collect, use, and disclose information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked directly or indirectly, with you or your household (“Personal Information”): 1)in connection with the data processing services, applications, and software solutions (collectively, the “Services”) we offer to our commercial clients and 2) when you access or use our Site.

1.2. Notice Concerning Children

We do not knowingly collect Personal Information from children under the age of 18. If we learn we have collected or received personal information from a child under the age of 18 without verification of parental consent, we will delete that information. If you believe we might have any personal information from or about a child under the age of 18, please contact us at privacy@bridg.com.

2.1 How we Collect, Use, and Disclose Data from Visitors to our Site

Through our Site, we collect information you choose to provide us, as well as information that is automatically collected, in order to enhance our Site and our Services.

A)   Information You Choose to Provide us Through the Site

Bridg offers visitors to our Site the opportunity to reach out to us in various ways, including the opportunity to contact us with questions or comments, or to request information from us about our business. In connection with these opportunities, you may provide – and we will therefore necessarily collect –certain Personal Information, including your name, email address, or phone number.

We will use the information you choose to provide us through our Site for legitimate business purposes, including to: analyze, improve, and customize the Services; send you announcements, newsletters, promotional materials, and other information about the Services; respond to your questions or comments, or to provide you with the requested information.  As a general matter, we will not disclose any of the Personal Information you provide us through our Site to any third parties. However, we reserve the right to do so when necessary or required by the circumstances, such as (i) to protector defend the legal rights of Bridg; (ii) to protect against fraud or for risk management purposes; (iii) to comply with applicable law or respond to legal process; or (iv) if Bridg undergoes bankruptcy or dissolution. Additionally, if Bridg sells, merges, or transfers all or part of its business or assets, we may transfer the information you provided us through our Site to the parties involved in that transaction.

Unless otherwise required by applicable law, we will retain the Personal Information you choose to provide us through our Site only for as long as necessary to fulfill the purposes outlined in this Policy. You may opt not to receive newsletters or other promotional emails from us at any time by contacting us or by following the “unsubscribe” instructions in any promotional email you receive from us.

B)   Information We Automatically Collect Through our Site

When you visit the Site, we may, subject to your opt-out preferences, automatically collect certain information through cookies and similar technologies (including pixels, tags and web beacons) (together “cookies”). Cookies are small text files stored by your browser on your computer, phone, tablet, or other device you use to access our Site. The cookies on our Site collect information related to the device you used to access our website such as the IP address and type of device. Cookies allow us to identify visitors, track aggregate behavior, and recognize certain types of information on your computer, such as a cookie number, time and date of a page view, and a description of the page where a cookie is placed.

The cookies on our Site also may collect the following categories of information (1) IP addresses; (2) domain servers; (3) types of computers accessing the Site; (4) referring/exit websites; (5) operating systems; (6) Internet Service Providers (ISPs); (7) types of web browsers used to access the Site and (8) your geographic location information.

The length of time a cookie will stay on your browser or device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay until they expire or are deleted. The expiration time or retention period applicable to persistent cookies depends on the purpose of the cookie collection and tool used. Unless otherwise required by applicable law, we will retain any Personal Information collected through cookies only for as long as necessary to fulfill the purposes outlined in this Policy.

We will use the information we automatically collect through cookies on our Site for legitimate business purposes, including to: analyze, improve, and customize the Services and the Site and to market the Services.   

We use three types of cookies on our site: 1) strictly necessary cookies, 2) performance and functional cookies and 3) marketing cookies.  

Strictly Necessary

These cookies are required to enable the basic features of our website such as navigating to pages or accessing secure areas. Without these cookies our website cannot function properly. Strictly necessary cookies are always stored on your browser as they are essential for enabling the basic functionalities of our site.

Performance and Functional Cookies 

Performance and functional cookies are served by us and our partners such as Google Analytics, MediaMath, and Bombora. Performance and functional cookies help us understand how you use the Site and how we can provide a better experience. The information collected from these cookies helps us analyze trends in usage of the Site and remember your choices regarding the Site (such as your preferred language and what region you are in) to provide enhanced, personal features.  

For more information on how our partners use the data collected via their services please visit their respective privacy policies: Google, Media Math and Bombora.

Marketing Cookies

This Site uses cookies served by us and our third-party partners such as MediaMath, LinkedIn and Octane11, to help us show relevant advertising to you more effectively and to measure the performance of ads. The information collected via these cookies will be used to show you better and more personal advertisements on the Sites and other sites you visit and analyze traffic to the Site. We may share this information with our advertising partners.

For more information on how our partners use the data collected via their services please visit their respective privacy policies: Octane11, Media Math and LinkedIn.

Your Choices Regarding Cookies

You have the right to choose whether or not to accept all cookies except strictly necessary cookies which are essential for enabling the basic functionalities of this Site.  To manage your choices regarding cookies other than strictly necessary cookies on the Site (the “non-essential cookies”), please visit our Privacy Preference Center . You can also modify the settings on your browser to limit the types of cookies you encounter. Check out the documentation for your browser to learn more.

Please note that if you disable non-essential cookies certain features of the Site maybe limited or may not work at all.

For further information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, you can visit https://www.youradchoices.com/.

Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not currently use technology that recognizes “Do Not Track” signals from your web browser due to lack of standardization regarding how that signal should be interpreted.

2.2  How We Collect and Use Information in Connection with the Services

 Bridg allows its restaurant and retail clients (“Clients”) to anonymously individualize purchases, providing them with their customers’ purchase history, demographics, location, spend, and other calculated attributes derived from this data. We call these “Company Features.”

To provide our Services and the Company Features, we utilize (i) Personal Information provided to us by or on behalf of our Clients (“Client Data”), and (ii) Personal Information that we license from third parties (“Licensed Data”).

Client Data

The retail and restaurant businesses who use our services to understand and advertise to their customers may provide us with Client Data when they use our Services. This Client Data is collected from transactions you have made with those businesses or loyalty or purchase accounts you have with those businesses, and may include:

  • Identifiers, your name, email, phone number, delivery address, loyalty program number,  online order number, and payment or tender details (but not financial account numbers or partial credit card numbers); and
  • Commercial Information, such as your historical item level purchase history, store location and spend.

We use this Client Data to identify and understand you as a customer of a particular Client, and to provide our Services to that business. We may combine information received from our Clients with other Licensed Information. Our Clients may use the Services and the Client Data for analytics purposes or for advertising and marketing purposes such as creating audiences of their own in-store customers to provide personalized offers or messages. Our respective Clients do not have the ability to access one another’s data.

Licensed Data

We also collect, license, or otherwise receive information about you from third-party data providers (“Licensed Data”). This information may include:

  • Identifiers, such as your name, postal and email address, telephone number, and other contact information, and online identifiers such as device IDs and IP addresses;
  • Protected Characteristics, including your race, ethnicity, gender, religious affiliation, and marital status;
  • Commercial Information, including your purchase history and data about your purchasing tendencies;
  • Internet or Other Network Activity, including information regarding your interaction with a website;
  • Geolocation Data for the retail location where purchases were made;
  • Professional or Employment Information, including your industry sector or segment and salary range;
  • Education Information, including your education level; and
  • Inferences that have been drawn from the above-listed information, including inferences     about your interests, preferences, behavior, attitudes, and characteristics.

 We use this Licensed Data to provide our Services to our Clients.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your explicit consent.

2.3  How We Disclose Personal Information in Connection with the Services

With regard to Client Data, we disclose (and during the last 12 months have disclosed) each of the categories of Client Data listed above solely as directed by the applicable Client.  

We may share, process and/or store some or all of the Licensed Data and Client Data we collect or receive with third-party service providers, who help us provide our Services, such as cloud computing providers, data analytics providers or marketing service providers in order to execute our Services on behalf of our Clients. These service providers have executed agreements with Bridg and/or our Clients not to access, use, or disclose Bridg data except as specifically authorized and directed by the agreement.

We may allow our Clients to use or benefit from Licensed Data in order to provide our Services, for example by allowing them to segment consumers for marketing or analytics purposes. We have executed agreements with our Clients preventing them from accessing, using, or disclosing our Licensed Data except when legally permitted. We never expose any consumer contact information (name, email, phone number, address) in Licensed Data to Clients.

We may also share your information:

  • For legal reasons, including when we must do so to comply with applicable law, legal processes or investigations, to exercise or defend a legal claim, to cooperate with law enforcement, to enforce any applicable terms, or to protect rights belonging to you, the Company, or our Clients;
  • In connection with a sale, merger, restructuring, or other corporate transaction; and
  • When you permit or direct us to share this information with a third party.

 Unless otherwise required by applicable law, we will retain Client Data and Licensed Data only for as long as necessary to provide the Services and to fulfill the purposes outlined in this Policy.

3.1 Security of Personal Information

We have, and require the service providers with whom we may disclose Personal Information to have, administrative, technical, and physical safeguards in place in our respective physical facilities and in our respective computer systems, databases, and communications networks that are reasonably designed to protect information contained within such systems from loss, misuse, and alteration. The measures we use may include storing Personal Information on secured servers, transmitting Personal Information using encryption technologies, and auditing and reviewing our data collection and storage practices. The Site has security measures in place, including but not limited to the use of a Secure Sockets Layer (SSL) software to prevent the loss, misuse, and alteration of the information that we obtain from you, but we make no assurances about our ability to prevent any such loss, misuse, to you or to any third party arising out of any such loss, misuse, or alteration.

 4.1  Third-PartyWebsites

The Site may contain links to other websites. This Policy is only applicable to the Services and the Site. The information practices or content of other third-party web sites is governed by the privacy policies and statements of other such respective web sites. If you choose to visit other websites, we are not responsible for the privacy practices or content of those other websites, and it is your responsibility to review the privacy policies at those websites to confirm that you understand and agree with their policies.

 5.1  State-Specific Information and Rights

Depending on what state you reside in, you may have certain rights with regards to your data. For residents of the specific states delineated below, the relevant rights will be available from the date that the state laws and regulations become effective.

5.2 California Residents’ Privacy Rights

If you are a California resident pursuant to the CaliforniaConsumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2021 (the “CPRA”), this section applies to you. For purposes of this section, “Personal Information,” and “Sensitive Personal Information” have the meanings given in the CPRA and do not include information excluded from theCPRA’s scope.

This section does not apply to the extent we process Personal Information in the role of a service provider on behalf of our Clients except as specifically noted below regarding requests to delete. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Information in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using ourServices or you otherwise believe that a Client uses our Services to process your Personal Information, and you contact us regarding this data, you will be directed to contact the applicable Client for assistance with any requests or questions relating to your Personal Information, including without limitation any requests to access, amend or erase your Personal Information.

 In addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared with one of our Clients as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding Licensed Data:

Right to Know. You have the right to know and see what information we have collected about you over the past 12 months, including;

     
  • The categories of Personal Information we have collected about you;
  •  
  • The categories of sources from which the Personal Information is collected;
  •  
  • The business or commercial purpose for collecting your Personal Information;
  •  
  • The categories of third parties with whom we have shared your Personal Information; and
  •  
  • The specific pieces of Personal Information we have collected about you.

Right to Delete. You have the right to request that we delete the Personal Information we have about you. Please note that upon receipt of a valid request to delete from you, we will delete any Personal Information we have about you in our Licensed Data and in our Client Data.

Right to Opt-Out. You have the right to opt out of the “selling” or “sharing” of your Personal Information, as those terms are defined in the CPRA. You may do so by clicking here or by submitting a request through one of the means described below.

Right to Correct. You have the right to request that we correct inaccurate Personal Information.

Right to Limit the Use of Sensitive Personal Information.  You have the right to limit our use and disclosure of your Sensitive Personal information.

Other Rights. You can request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. You also have the right not to be discriminated against for exercising any of the rights listed above.

Exercising Your California Privacy Rights. To request access to or deletion or correction of your Personal Information, to limit the use of your Sensitive Personal Information, to opt out of the sale or sharing of your Personal Information for cross-context behavioral advertising or to exercise any other data rights under California law, please contact us using one of the following methods:

Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request. You may also designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof of authorization.

Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.

5.3 Colorado Residents’ Privacy Rights

Effective July 1, 2023

If you are a Colorado resident pursuant to the Colorado Privacy Act (“CPA”),this section applies to you. This section describes the rights you have with respect to yourPersonal Data under the CPA. For purposes of this section, “Personal Data,” and“Sensitive Personal Data” have the meanings given in the CPA and do not include information excluded from the CPA’s scope. We do not knowingly collect, share, sell or otherwise maintain or disclose any Sensitive Personal Data associated with Colorado residents.

This section does not apply to the extent we process PersonalData in the role of a processor on behalf of our clients except as specifically noted below regarding requests to delete. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Data in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using ourServices or you otherwise believe that a Client uses our Services to process your Personal Data, and you contact us regarding this data, you will be directed to contact the applicable Client(s) for assistance with any request or questions relating to your Personal Data, including without limitation any requests to access, amend or erase your Personal Data.

 If you are a Colorado resident, in addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding LicensedData including the following:

Right to Know. You have the right to know and see what Personal Data we have collected about you.

Right to Delete. You have the right to request that we delete the Personal Data we have collected about you. Please note that upon receipt of a valid request to delete from you, we will delete any Personal Data we have about you in our Licensed Data and in our ClientData.

Right to Opt-OutYou have the right to opt out of targeting advertising and the sale of your Personal Data (as those terms are defined under Colorado law). You also have the right to have an authorized agent opt out on your behalf. We may deny a request from an authorized agent that does not submit adequate proof of authorization.

Right to Correct. You have the right to request that we correct inaccurate Personal Data.

Exercising Your Colorado Privacy RightsTo exercise your data rights under Colorado law, please contact us using one of the following methods:

Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request.

Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.

Appeal. If we deny your request, you may appeal our decision by emailing us at privacy@bridg.com with the subject “Appeal of Consumer Rights Request.” You must appeal our decision within 45 days of your receipt of our denial. If you have concerns about the results of an appeal, you may contact the Colorado attorney general.

5.4 Connecticut Residents’ Privacy Rights

EffectiveJuly 1, 2023

If you are a Connecticut resident pursuant to the Connecticut Data PrivacyAct (“CTDPA”), this section applies to you. This section describes the rights you have with respect to your Personal Data under the CTDPA. For purposes of this section, “Personal Data,” and “SensitivePersonal Data” have the meanings given in the CTDPA and do not include information excluded from the CTDPA’s scope. We do not knowingly collect, share, sell or otherwise maintain or disclose any SensitivePersonal Data associated with Connecticut residents.

This section does not apply to the extent we process PersonalData in the role of processor on behalf of our clients except as specifically noted below regarding requests to delete. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Data in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using ourServices or you otherwise believe that a Client uses our Services to process your Personal Data, and you contact us regarding this data, you will be directed to contact the applicable Client(s) for assistance with any request or questions relating to your Personal Data, including without limitation any requests to access, amend or erase your Personal Data.

If you are a Connecticut resident, in addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding LicensedData:

Right to Know. You have the right to know and see what Personal Data we have collected about you.

Right to Delete. You have the right to request that we delete the Personal Data we have collected about you. Please note that upon receipt of a valid request to delete from you, we will delete any Personal Data we have about you in our Licensed Data and in our ClientData.

Right to Opt-OutYou have the right to opt out of targeting advertising and the sale of your Personal Data (as those terms are defined under Connecticut law). You also have the right to have an authorized agent opt out on your behalf. We may deny a request from an authorized agent that does not submit proof of authorization.

Right to Correct. You have the right to request that we correct inaccurate Personal Data.

Exercising Your Connecticut Privacy RightsTo exercise your data rights under Connecticut law, please contact us using one of the following methods:

Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request.

Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.

Appeal. If we deny your request, you may appeal our decision by emailing us at privacy@bridg.com with the subject “Appeal of Consumer Rights Request.” If you have concerns about the results of an appeal, you may contact the Connecticut attorney general.

5.5 Utah Residents’ Privacy Rights

Effective December 31, 2023

If you are a Utah resident pursuant to the Utah Consumer PrivacyAct (“UCPA”),this section applies to you. For purposes of this section, “Personal Data,” and“Sensitive Personal Data” have the meanings given in the UCPA and do not include information excluded from the UCPA’s scope.

This section does not apply to the extent we process PersonalData in the role of processor on behalf of our clients. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection ofPersonal Data in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using our Services or you otherwise believe that a Client uses our Services to process your Personal Data, and you contact us regarding this data, you will be directed to contact the applicable Client(s) for assistance with any request or questions relating to your Personal Data, including without limitation any requests to access, amend or erase your Personal Data.

If you are a Utah resident, in addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding Licensed Data:

Right to Know. You have the right to know and see what Personal Data we have collected about you.

‍Right to Delete. You have the right to request that we delete any Personal Data that you previously provided to us.

Right to Opt-Out. You have the right to opt out of the processing of your Personal Data for purposes of targeted advertising or the sale of your Personal Data, as those terms are defined by the UCPA. You may do so by clicking here or by submitting a request through one of the means described below.

Right to Limit the Use of Sensitive PersonalData You have the right to limit our use and disclosure of yourSensitive Personal Data.

Exercising Your Utah Privacy Rights. To exercise your data rights under Utah law, please contact us using one of the following methods:

Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request.

Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.

     

5.6 Virginia Residents’ Privacy Rights

If you are a Virginia resident pursuant to the Virginia ConsumerData Protection Act (“VCDPA”), this section applies to you. This section describes the rights you have with respect to your Personal Data under theVCDPA. For purposes of this section, “Personal Data,” and “Sensitive PersonalData” have the meanings given in the VCDPA and do not include information excluded from the VCDPA’s scope. We do not knowingly collect, share, sell or otherwise maintain or disclose any Sensitive Personal Data associated withVirginia residents.

This section does not apply to the extent we process Personal Data in the role of processor on behalf of our clients except as specifically noted below regarding requests to delete. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Data in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using our Services or you otherwise believe that a Client uses our Services to process your Personal Data, and you contact us regarding this data, you will be directed to contact the applicable Client(s) for assistance with any request or questions relating to your Personal Data, including without limitation any requests to access, amend or erase your Personal Data.

 If you are a Virginia resident, in addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding Licensed Data:

Right to Know. You have the right to know and see what Personal Data we have collected about you.

Right to Delete. You have the right to request that we delete the Personal Data we have collected about you. Please note that upon receipt of a valid request to delete from you, we will delete any Personal Data we have about you in our Licensed Data and in our Client Data.

Right to Opt-OutYou have the right to opt out of targeting advertising and the sale of your Personal Data (as those terms are defined under Virginia law).

Right to Correct. You have the right to request that we correct inaccurate Personal Data.

Exercising Your Virginia Privacy Rights. To request access to or deletion of your Personal Data or to exercise any other data rights under Virginia law, please contact us using one of the following methods:

Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request.

Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.

Appeal. If we deny your request, you may appeal our decision by emailing us at privacy@bridg.com with the subject “Appeal of Consumer Rights Request.” You must appeal our decision within 45 days of your receipt of our denial. If you have concerns about the results of an appeal, you may contact the Virginia attorney general.

6.1 Contact Information

If you have any questions about this Policy or our practices relating to our Services, please contact us through one of the methods listed above or at:

Bridg, a division of Cardlytics, Inc.

1849 Sawtelle Blvd, Suite 700

Los Angeles, CA 90025

 7.1 Policy Updates and Changes

We reserve the right, at any time, to add to, change, update, or modify this Policy, simply by posting such change, update, or modification on the Site and without any other notice to you. Any such change, update, or modification will be effective immediately upon posting on the Site.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.