Privacy Policy

Online Rewards Privacy Policies


Type of Information We Collect


Registration Information

To make use of certain features on our site (such as requesting a tour or program demo) visitors need to register and to provide certain information as part of the registration process. The information you supply will help us to contact you and to tailor our site tours to your interests and make them more useful to you.


Use of Cookies

We use cookies to help us tailor our site to your needs, to deliver a better, more personalized service. We may use cookies to track the pages on our site visited by our users. We can build a better site if we know which pages our users are visiting and how often. Of course, you can set your browser not to accept cookies, but if you do, you may not be able to take advantage of the personalized features enjoyed by other visitors to our site.


Other Methods of Collecting Information

Our web pages may contain electronic images (called "single-pixel GIFs" or "web beacons") that allow us, and our vendors to count users who have visited pages or to access certain cookies. We may use these tools and other technologies to recognize which pages users visit, and which links they click on.


Browser Level Information and IP Addresses

Our web servers automatically collect limited information about your computer configuration when you visit our site, including the type of browser software you use, the operating system you're running, the resolution of your computer monitor, the website that referred you, and your IP address. (Your IP address is a numerical address that is used by computers connected to the Internet to identify your computer so that data (such as the web pages you want to view) can be transmitted to you. We also use IP address information for systems administration and troubleshooting purposes. Your IP address does not tell us who you are.) We use this information to deliver our web pages to you upon request, to tailor our site to the interests of our users, and to measure traffic within our site.


Disclosure of Information


Use and Transfer to Third Parties (Vendors and Suppliers)

Without your permission, we will not share or sell the personally identifiable information you provide when registering on any of our sites with any of our vendors or suppliers, except as may be required in response to legal requests by public authorities, to meet national security or law enforcement requirements.

The disclosure of any PII in conjunction with Online Rewards’ corporate site or any client program sites is restricted to necessary functions only and is limited to the least amount of information necessary for our vendors and suppliers to perform its role effectively. For example, a program participant’s name and address may be required to be shared with a third-party shipping/fulfillment supplier. Information will not be disclosed to any vendor or supplier unless that third party entity has entered into a written agreement requiring strict privacy and security policies in place with Online Rewards.


Statistical Information

Much of the information we collect is in the form of aggregated statistics, such as the traffic that visits various pages within our sites, and the habits and preferences of our audience. Such aggregated information does not include any information that would identify you personally. We may use such aggregated information and disclose it to third parties as we see fit.


Sites to Which We Link

Our sites may contain links or references to third-party websites, products, or services. Information collected by third parties is governed by their own privacy policies.


Other Disclosures

In the event of reorganization, merger, or sale, we may transfer any and all personal information to the relevant third party.


Client Administrative Access To The System


Clients may provide access to their program site to authorized internal individuals to perform administrative functions which may have access to participant PII. Assigned client program administrators will only have access to their assigned program and will not have any access to any other client’s data. Clients shall be held responsible for ensuring that their assigned program administrators that access the system complete will of Terms and Conditions of use set forth by Online Rewards and the client themselves. Each client may discontinue or suspend access to the system by any individual if discovery is made or there is reason to believe that said individual has violated the Terms and Conditions of Use or is otherwise using the system in an inappropriate manner.


Individual Users Rights


Opt-In / Opt-Out Policies

Upon either completing a ‘Tour Request’ or ‘Contact Us’ online form on our corporate website or registering in one of our client program sites, an individual has the right to ‘opt-in’ to receive email notifications about Online Rewards or information pertaining to the program they are in. Should the individual wish to opt-out after voluntarily electing to receive email notifications, they may do so through the unsubscribe link contained directly within each electronic communication.

Individuals also have the right to ‘opt-out’ of their PII being transferred to third parties as necessary within the client program site, but the experience and/or participation in the program may then become limited.


Individual Access / Right to Change PII

Within client program sites, individuals can access their PII to review, chance or delete portions of their information via their account interface by utilizing their login credentials. Examples of PII that individuals can change may include shipping address information, email address, password, password security question/answer, and communication opt-in/opt-out preferences. Should PII data be communicated to Online Rewards through the client directly (i.e. unique account ID, first name, last name), changes would need to be requested by the individual to the client program administrator.


Storage of Information


Information gathered on our corporate site (through the ‘Tour Request’ or ‘Contact Us’ online forms) is stored within third party database operated by SalesForce.com with servers located solely in the US. For more information, as to SalesForce.com privacy policies, please go to: http://www.salesforce.com/company/privacy/

For hosting of client program websites, Online Rewards uses Amazon Web Services (AWS). AWS’s privacy policies can be found at: https://aws.amazon.com/compliance/data-privacy-faq/ Amazon Web Services data centers are hosted at multiple locations across the US and are ISO 27001 certified and is a PCI DSS Level 1 Service Provider.


Information Security

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data.

Online Rewards recognizes all data for individual client-owned programs are the property of each respective client. All PII is treated as confidential information. All client PII data is stored in its own database, which is only accessible to Online Rewards’ staff that have been trained in accordance with strict security protocols.

Data transmissions in and out of each client program is encrypted, via VPN, over SSL. All data can be encrypted during transmission and stored as encrypted / uniquely contained data, only accessible to each client’s application exclusively. Database backups are encrypted in-transit with TLS/1.2 (see http://tools.ietf.org/html/rfc5246) and at-rest with AES-256 (see http://aesencryption.net/). Backed-up data is stored with Amazon S3/Glacier.

We restrict access to personal information to Online Rewards employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.


Data Integrity

Online Rewards processes personal information only for the purposes for which it was collected and in accordance with this Privacy Policy or any applicable service-specific privacy notice. We review our data collection, storage and processing practices to ensure that we only collect, store and process the personal information needed to provide or improve our services or as otherwise permitted under this Policy. We take reasonable steps to ensure that the personal information we process is accurate, complete, and current, but we depend on our users to update or correct their personal information whenever necessary.


Enforcement

Online Rewards regularly reviews its compliance with this Privacy Policy. Please feel free to direct any questions or concerns regarding this Privacy Policy or Online Rewards' treatment of personal information by email by writing to us-privacy@online-rewards.com , through the client program web site, or in writing sent to:


Online Rewards
Attn.: Policy and Procedures
100 North Central Expressway
Suite 1120
Richardson, TX 75080


When we receive formal written complaints at this address, it is Online Rewards' policy to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that cannot be resolved between Online Rewards and an individual.


Online Rewards’ Privacy Shield Policy


Online Rewards has adopted this Privacy Shield Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that Online Rewards obtains from clients located in the European Union and Switzerland.

Online Rewards complies with the US-EU Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from individual clients in the European Union member countries. Online Rewards has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Privacy Principles, the Privacy Shield Privacy Principles shall govern.

Personal information regarding and/or received from clients is also subject to any specific agreement with, or notice to, the client, as well as additional applicable laws and professional standards.

In accordance to the EU-U.S. Privacy Shield principles, Online Rewards has a liability in cases of onward transfers to third parties and complies with the Notice and Choice principles for all data disclosed or transferred to a third party.

The Federal Trade Commission (FTC) has jurisdiction over Online Rewards’ compliance with the Privacy Shield. Online Rewards submits to being subject to the investigatory and enforcement powers of the Federal Trade Commission, the Department of Transportation, or any other U.S. authorized statutory body with regard to our self-certification and implementation of the principles. Online Rewards acknowledges the possibility, under certain conditions, for individuals to invoke binding arbitration in filing a complaint disputing Online Rewards’ adherence to these principles and practices. Individuals may invoke binding arbitration at no cost to the individual.

In compliance with the Privacy Shield Principles, Online Rewards commits to resolve complaints about privacy and our collection or use of personal information. European Union citizens with inquiries or complaints regarding this privacy policy should first contact Online Rewards at: us-privacy@online-rewards.com.

With respect to any dispute relating to this Privacy Policy or the Principles that cannot be resolved through our internal complaint process, we will cooperate with the competent EU data protection authorities and comply with the advice of such authorities. If we or such authorities determine that we did not comply with this policy, we will take appropriate steps to address any adverse effects and to promote future compliance. Any Online Rewards employee who does not follow this Privacy Policy will be disciplined, as determined by Online Rewards in its sole discretion and in compliance with applicable law.

To learn more about the Privacy Shield program, and to view Online Rewards' certification, please visit http://www.privacyshield.gov


Changes to Our Privacy Policies

Online Rewards reserves the right to change our privacy policies at any time by providing updated information on this page. This policy was last modified on January 4, 2017.

Take a Tour


Interested in seeing how Online Rewards has helped clients create award winning incentive and loyalty marketing programs?




A brief tour with one of our Program Design Consultants will demonstrate how our unique approach helps clients achieve their incentive and loyalty marketing program goals.

 I would like to receive updates on service offerings, industry news, events and best practices from Online Rewards.