Privacy Policy
Effective 07/01/2024
1.1. Purpose of Policy
Thank you for choosing to learn more about the privacy policies of Bridg, a division of Cardlytics, Inc. (“Bridg,” “we,” “us,”“our” or “Company”).
This privacy policy (“Privacy Policy”) explains how we may collect, store, use, and disclose information when you access or use: (1) www.bridg.com and all of our other websites to which this Privacy Policy is posted (the “Site”) or (2) any services, applications, and software provided by and made available by Bridg (collectively referred to as “Services”).
Our affiliates, including our parent company Cardlytics, Inc., have their own privacy policies that apply to data they collect from the products, services, and applications they provide. Any data collected pursuant to this Policy that is disclosed to our affiliates will still be treated consistently with this Policy.
Bridg may collect, use, and disclose information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked directly or indirectly, with you or your household (“Personal Information”): 1) in connection with the Services we offer to our commercial clients and 2) when you access or use our Site.
By accessing or using theServices or the Site, you consent to our collection, storage, use, and disclosure of your information as described in this Privacy Policy. The provisions contained in this Privacy Policy supersede all prior notices and statements regarding our privacy practices with respect to the Site or theServices. If you do not agree to every provision of this Privacy Policy, you may not access or use the Site or the Services.
1.2. Notice Concerning Children
We do not knowingly collect Personal Information from children under the age of 16. If we learn we have collected or received personal information from a child under the age of 16 without verification of parental consent, we will delete that information. If you believe we might have any personal information from or about a child under the age of 16, please contact us at privacy@bridg.com.
2.1 How we Collect, Use, and Disclose Data from Visitors to our Site
Through our Site, we collect information you choose to provide us, as well as information that is automatically collected, in order to enhance our Site and our Services.
A) Information You Choose to Provide us Through the Site
Bridg offers visitors to our Site the opportunity to reach out to us in various ways, including the opportunity to contact us with questions or comments, or to request information from us about our business. In connection with these opportunities, you may provide – and we will therefore necessarily collect –certain Personal Information, including your name, email address, or phone number.
We will use the information you choose to provide us through our Site for legitimate business purposes, including to: analyze, improve, and customize the Services; send you announcements, newsletters, promotional materials, and other information about the Services; respond to your questions or comments, or to provide you with the requested information. As a general matter, we will not disclose any of the Personal Information you provide us through our Site to any third parties. However, we reserve the right to do so when necessary or required by the circumstances, such as (i) to protector defend the legal rights of Bridg; (ii) to protect against fraud or for risk management purposes; (iii) to comply with applicable law or respond to legal process; or (iv) if Bridg undergoes bankruptcy or dissolution. Additionally, if Bridg sells, merges, or transfers all or part of its business or assets, we may transfer the information you provided us through our Site to the parties involved in that transaction.
Unless otherwise required by applicable law, we will retain the Personal Information you choose to provide us through our Site only for as long as necessary to fulfill the purposes outlined in this Policy. You may opt not to receive newsletters or other promotional emails from us at any time by contacting us or by following the “unsubscribe” instructions in any promotional email you receive from us.
B) Information We Automatically Collect Through our Site
When you visit the Site, we may, subject to your opt-out preferences, automatically collect certain information through cookies and similar technologies (including pixels, tags and web beacons) (together “cookies”). Cookies are small text files stored by your browser on your computer, phone, tablet, or other device you use to access our Site. The cookies on our Site collect information related to the device you used to access our website such as the IP address and type of device. Cookies allow us to identify visitors, track aggregate behavior, and recognize certain types of information on your computer, such as a cookie number, time and date of a page view, and a description of the page where a cookie is placed.
The cookies on our Site also may collect the following categories of information (1) IP addresses; (2) domain servers; (3) types of computers accessing the Site; (4) referring/exit websites; (5) operating systems; (6) Internet Service Providers (ISPs); (7) types of web browsers used to access the Site and (8) your geographic location information.
The length of time a cookie will stay on your browser or device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay until they expire or are deleted. The expiration time or retention period applicable to persistent cookies depends on the purpose of the cookie collection and tool used. Unless otherwise required by applicable law, we will retain any Personal Information collected through cookies only for as long as necessary to fulfill the purposes outlined in this Policy.
We will use the information we automatically collect through cookies on our Site for legitimate business purposes, including to: analyze, improve, and customize the Services and the Site and to market the Services.
We use three types of cookies on our site: 1) strictly necessary cookies, 2) performance and functional cookies and 3) marketing cookies.
Strictly Necessary
These cookies are required to enable the basic features of our website such as navigating to pages or accessing secure areas. Without these cookies our website cannot function properly. Strictly necessary cookies are always stored on your browser as they are essential for enabling the basic functionalities of our site.
Performance and Functional Cookies
Performance and functional cookies are served by us and our partners such as Google Analytics, MediaMath, and Bombora. Performance and functional cookies help us understand how you use the Site and how we can provide a better experience. The information collected from these cookies helps us analyze trends in usage of the Site and remember your choices regarding the Site (such as your preferred language and what region you are in) to provide enhanced, personal features.
For more information on how our partners use the data collected via their services please visit their respective privacy policies: Google, Media Math and Bombora.
Marketing Cookies
This Site uses cookies served by us and our third-party partners such as MediaMath, LinkedIn and Octane11, to help us show relevant advertising to you more effectively and to measure the performance of ads. The information collected via these cookies will be used to show you better and more personal advertisements on the Sites and other sites you visit and analyze traffic to the Site. We may share this information with our advertising partners.
For more information on how our partners use the data collected via their services please visit their respective privacy policies: Octane11, Media Math and LinkedIn.
Your Choices Regarding Cookies
You have the right to choose whether or not to accept all cookies except strictly necessary cookies which are essential for enabling the basic functionalities of this Site. To manage your choices regarding cookies other than strictly necessary cookies on the Site (the “non-essential cookies”), please visit our Privacy Preference Center . You can also modify the settings on your browser to limit the types of cookies you encounter. Check out the documentation for your browser to learn more.
Please note that if you disable non-essential cookies certain features of the Site may be limited or may not work at all.
For further information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, you can visit https://www.youradchoices.com/.
2.2 How We Collect and Use Information in Connection with the Services
Bridg allows its restaurant and retail clients (“Clients”) to anonymously individualize purchases, providing them with their customers’ purchase history, demographics, location, spend, and other calculated attributes derived from this data. We call these “Company Features.”
To provide our Services and the Company Features, we utilize (i) Personal Information provided to us by or on behalf of our Clients (“Client Data”), and (ii) Personal Information that we license from third parties (“Licensed Data”).
We also utilize deidentified data that cannot reasonably be linked to you in connection with our Services. When such deidentified data is, directly or indirectly, associated or combined with Personal Information, such deidentified data will be considered Personal Information for purposes of this Privacy Policy.
We do not knowingly collect, share, sell or otherwise maintain or disclose any sensitive personal data or protected data, as those terms are defined by applicable state data privacy laws.
Client Data
The retail and restaurant businesses who use our services to understand and advertise to their customers may provide us with Client Data when they use our Services. This Client Data is collected from transactions you have made with those businesses or loyalty or purchase accounts you have with those businesses, and may include:
- Identifiers, your name, email, phone number, delivery address, loyalty program number, online order number, and payment or tender details (but not financial account numbers or full credit card numbers); and
- Commercial Information, such as your historical item level purchase history, store location and spend.
We use this Client Data to identify and understand you as a customer of a particular Client, and to provide our Services to that business. We may combine information received from our Clients with other Licensed Information. Our Clients may use the Services and the Client Data for analytics purposes or for advertising and marketing purposes such as creating audiences of their customers to provide personalized offers or messages. Our respective Clients do not have the ability to access one another’s Client Data.
Licensed Data
We also collect, license, or otherwise receive information about you from third-party data providers (“Licensed Data”). This information may include:
- Identifiers, such as your name, postal and email addresses, telephone number, and other contact information, and online identifiers such as device IDs and IP addresses;
- Characteristics, including information about interests, gender, socioeconomic information, marital status and other lifestyle information;
- Commercial Information, including your purchase history and data about your purchasing tendencies;
- Internet or Other Network Activity, including information regarding your interaction with a website;
- Geolocation Data for the retail location where purchases were made;
- Professional or Employment Information, including your industry sector or segment and salary range;
- Education Information, including your education level; and
- Inferences that have been drawn from the above-listed information, including inferences about your interests, preferences, behavior, attitudes, and characteristics.
We use this Licensed Data to provide our Services to our Clients.
We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your explicit consent.
2.3 How We Disclose Personal Information in Connection with the Services
With regard to Client Data, we disclose (and during the last 12 months have disclosed) each of the categories of Client Data listed above solely as directed by the applicable Client.
We may share, process and/or store some or all of the Licensed Data and Client Data we collect or receive with third-party service providers, who help us provide our Services, such as cloud computing providers, data analytics providers or marketing service providers in order to execute our Services on behalf of our Clients. These service providers have executed agreements with Bridg and/or our Clients not to access, use, or disclose Bridg data except as specifically authorized and directed by the agreement.
We may allow our Clients to use or benefit from Licensed Data in order to provide our Services, for example by allowing them to segment consumers for marketing or analytics purposes. We have executed agreements with our Clients preventing them from accessing, using, or disclosing our Licensed Data except when legally permitted. We never expose any consumer contact information (name, email, phone number, address) in Licensed Data to Clients.
We may also share your information:
- For legal reasons, including when we must do so to comply with applicable law, legal processes or investigations, to exercise or defend a legal claim, to cooperate with law enforcement, to enforce any applicable terms, or to protect rights belonging to you, the Company, or our Clients;
- In connection with a sale, merger, restructuring, or other corporate transaction; and
- When you permit or direct us to share this information with a third party.
Unless otherwise required by applicable law, we will retain Client Data and Licensed Data only for as long as necessary to provide the Services and to fulfill the purposes outlined in this Policy.
3.1 Security of Personal Information
We have, and require the service providers with whom we may disclose Personal Information to have, administrative, technical, and physical safeguards in place in our respective physical facilities and in our respective computer systems, databases, and communications networks that are reasonably designed to protect information contained within such systems from loss, misuse, and alteration. The measures we use may include storing Personal Information on secured servers, transmitting Personal Information using encryption technologies, and auditing and reviewing our data collection and storage practices. The Site has security measures in place, including but not limited to the use of a Secure Sockets Layer (SSL) software to prevent the loss, misuse, and alteration of the information that we obtain from you, but we make no assurances about our ability to prevent any such loss, misuse, to you or to any third party arising out of any such loss, misuse, or alteration.
4.1 Third-Party Websites
The Site may contain links to other websites. This Policy is only applicable to the Services and the Site. The information practices or content of other third-party web sites is governed by the privacy policies and statements of other such respective web sites. If you choose to visit other websites, we are not responsible for the privacy practices or content of those other websites, and it is your responsibility to review the privacy policies at those websites to confirm that you understand and agree with their policies.
5.1 State-Specific Information and Rights
Depending on what state you reside in, you may have certain rights with regards to your data. For residents of the specific states delineated below, the relevant rights will be available from the date that the state laws and regulations become effective.
5.2 California Residents’ Privacy Rights
If you are a California resident pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2021 (the “CPRA”), this section applies to you. For purposes of this section, “Personal Information,” has the meaning given in the CPRA and does not include information excluded from the CPRA’s scope.
This section does not apply to the extent we process Personal Information in the role of a service provider on behalf of our Clients except as specifically noted below regarding requests to delete. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Information in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using our Services or you otherwise believe that a Client uses our Services to process your Personal Information, and you contact us regarding this data, you will be directed to contact the applicable Client for assistance with any requests or questions relating to your Personal Information, including without limitation any requests to access, amend or erase your Personal Information.
In addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared with one of our Clients as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding Licensed Data:
Information Regarding Consumer Data Requests. In 2023, Bridg received:
· 73 of requests to delete;
- Bridg denied none of these requests, complied with all ofthese requests in full.
· 110 of requests to know or access;
- Bridg denied none of these requests, complied with all ofthese requests in full.
· 1650 of requests to opt out; and
- Bridg denied none of these requests, complied with all ofthese requests in full.
· No requests to limit the use of sensitive PersonalInformation.
The median number of days it took Bridg to substantively respond to the above requests is four and the mean number of days it took Bridg to substantively respond to the above requests is seven.
Right to Know. You have the right to know and see what information we have collected about you over the past 12 months, including;
- The categories of Personal Information we have collected about you;
- The categories of sources from which the Personal Information is collected;
- The business or commercial purpose for collecting your Personal Information;
- The categories of third parties with whom we have shared your Personal Information; and
- The right to access the specific pieces of Personal Information we have collected about you in a portable format.
Right to Delete. You have the right to request that we delete the Personal Information we have about you. Please note that upon receipt of a valid request to delete from you, we will delete any Personal Information we have about you in our Licensed Data and in our Client Data.
Right to Opt-Out. You have the right to opt out of the “selling” or “sharing” of your Personal Information, as those terms are defined in the CPRA. You may do so by clicking here or by submitting a request through one of the means described below. You also have the right to have an authorized agent opt out on your behalf. We may deny a request from an authorized agent that does not submit adequate proof of authorization.
Right to Correct. You have the right to request that we correct inaccurate Personal Information.
Other Rights. You can request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. You also have the right not to be discriminated against for exercising any of the rights listed above.
Exercising Your California Privacy Rights. To request access to or deletion or correction of your Personal Information, to opt out of the sale or sharing of your Personal Information for cross-context behavioral advertising or to exercise any other data rights under California law, please contact us using one of the following methods:
- Click here to begin your CPRA Request
- Email: You may email us at privacy@bridg.com to exercise your rights.
Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request. You may also designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof of authorization.
Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.
5.3 Colorado Residents’ Privacy Rights
If you are a Colorado resident pursuant to the Colorado Privacy Act (“CPA”),this section applies to you. This section describes the rights you have with respect to your Personal Data under the CPA. For purposes of this section, “Personal Data,” has the meaning given in the CPA and does not include information excluded from the CPA’s scope.
This section does not apply to the extent we process Personal Data in the role of a processor on behalf of our clients except as specifically noted below regarding requests to delete. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Data in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using our Services or you otherwise believe that a Client uses our Services to process your Personal Data, and you contact us regarding this data, you will be directed to contact the applicable Client(s) for assistance with any request or questions relating to your Personal Data, including without limitation any requests to access, amend or erase your Personal Data.
If you are a Colorado resident, in addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding Licensed Data including the following:
Right to Know. You have the right to know and see what Personal Data we have collected about you in a portable format.
Right to Delete. You have the right to request that we delete the Personal Data we have collected about you. Please note that upon receipt of a valid request to delete from you, we will delete any Personal Data we have about you in our Licensed Data and in our Client Data.
Right to Opt-Out. You have the right to opt out of targeting advertising and the sale of your Personal Data (as those terms are defined under Colorado law). You also have the right to have an authorized agent opt out on your behalf. We may deny a request from an authorized agent that does not submit adequate proof of authorization.
Right to Correct. You have the right to request that we correct inaccurate Personal Data.
Exercising Your Colorado Privacy Rights. To exercise your data rights under Colorado law, please contact us using one of the following methods:
- Click here to begin your Request
- Email: You may email us at privacy@bridg.com to exercise your rights.
Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request.
Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.
Appeal. If we deny your request, you may appeal our decision by emailing us at privacy@bridg.com with the subject “Appeal of Consumer Rights Request.” You must appeal our decision within 45 days of your receipt of our denial. If you have concerns about the results of an appeal, you may contact the Colorado attorney general.
5.4 Connecticut Residents’ Privacy Rights
If you are a Connecticut resident pursuant to the Connecticut Data Privacy Act (“CTDPA”), this section applies to you. This section describes the rights you have with respect to your Personal Data under the CTDPA. For purposes of this section, “Personal Data,” has the meaning given in the CTDPA and does not include information excluded from the CTDPA’s scope.
This section does not apply to the extent we process Personal Data in the role of processor on behalf of our clients except as specifically noted below regarding requests to delete. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Data in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using our Services or you otherwise believe that a Client uses our Services to process your Personal Data, and you contact us regarding this data, you will be directed to contact the applicable Client(s) for assistance with any request or questions relating to your Personal Data, including without limitation any requests to access, amend or erase your Personal Data.
If you are a Connecticut resident, in addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding Licensed Data:
Right to Know. You have the right to know and see what Personal Data we have collected about you in a portable format.
Right to Delete. You have the right to request that we delete the Personal Data we have collected about you. Please note that upon receipt of a valid request to delete from you, we will delete any Personal Data we have about you in our Licensed Data and in our Client Data.
Right to Opt-Out. You have the right to opt out of targeting advertising and the sale of your Personal Data (as those terms are defined under Connecticut law). You also have the right to have an authorized agent opt out on your behalf. We may deny a request from an authorized agent that does not submit proof of authorization.
Right to Correct. You have the right to request that we correct inaccurate Personal Data.
Exercising Your Connecticut Privacy Rights. To exercise your data rights under Connecticut law, please contact us using one of the following methods:
- Click here to begin your Request
- Email: You may email us at privacy@bridg.com to exercise your rights.
Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request.
Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.
Appeal. If we deny your request, you may appeal our decision by emailing us at privacy@bridg.com with the subject “Appeal of Consumer Rights Request.” If you have concerns about the results of an appeal, you may contact the Connecticut attorney general.
5.5 Montana Residents’ Privacy Rights
Effective October 1, 2024
If you are a Montana resident, this section applies to you. This section describes the rights you have with respect to your Personal Data, under Montana’s Consumer Data Privacy Act (“MCDPA”). For purposes of this section, “Personal Data,” has the meaning given in the MCDPA and does not include information excluded from the MCDPA’s scope.
This section does not apply to the extent we process Personal Data in the role of processor on behalf of our clients except as specifically noted below regarding requests to delete. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Data in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using our Services or you otherwise believe that a Client uses our Services to process your Personal Data, and you contact us regarding this data, you will be directed to contact the applicable Client(s) for assistance with any request or questions relating to your Personal Data, including without limitation any requests to access, amend or erase your Personal Data.
If you are a Montana resident, in addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding Licensed Data, including, relevantly:
Right to Know. You have the right to know and see what Personal Data we have collected about you. In addition, for any Personal Data that you previously provided to us, you have the right to access that Personal Data in a portable format.
Right to Delete. You have the right to request that we delete the Personal Data we have collected about you. Please note that upon receipt of a valid request to delete from you, we will delete any Personal Data we have about you in our Licensed Data and in our Client Data.
Right to Opt-Out. You have the right to opt out of targeting advertising and the sale of your Personal Data (as those terms are defined under Montana law). You also have the right to have an authorized agent opt out on your behalf. We may deny a request from an authorized agent that does not submit proof of authorization.
Right to Correct. You have the right to request that we correct inaccurate Personal Data.
Exercising Your Montana Privacy Rights. To exercise your data rights under Montana law, please contact us using one of the following methods:
- Click here to begin your Request
- Email: You may email us at privacy@bridg.com to exercise your rights.
Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request.
Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.
Appeal. If we deny your request, you may appeal our decision by emailing us at privacy@bridg.com with the subject “Appeal of Consumer Rights Request.” If you have concerns about the results of an appeal, you may contact the Montana attorney general.
5.6 Oregon Residents’ Privacy Rights
Effective July 1, 2024
If you are an Oregon resident, this section applies to you. This section describes the rights you have with respect to your Personal Data, under Oregon’s Consumer Privacy Act (“OCPA”). For purposes of this section, “Personal Data,” has the meaning given in the OCPA and does not include information excluded from the OCPA’s scope.
This section does not apply to the extent we process Personal Data in the role of processor on behalf of our clients except as specifically noted below regarding requests to delete. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Data in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using our Services or you otherwise believe that a Client uses our Services to process your Personal Data, and you contact us regarding this data, you will be directed to contact the applicable Client(s) for assistance with any request or questions relating to your Personal Data, including without limitation any requests to access, amend or erase your Personal Data.
If you are an Oregon resident, in addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding Licensed Data, including, relevantly:
Right to Know. You have the right to know and see what Personal Data we have collected about you in a portable format.
Right to Delete. You have the right to request that we delete the Personal Data we have collected about you. Please note that upon receipt of a valid request to delete from you, we will delete any Personal Data we have about you in our Licensed Data and in our Client Data.
Right to Opt-Out. You have the right to opt out of targeting advertising and the sale of your Personal Data (as those terms are defined under Oregon law). You also have the right to have an authorized agent opt out on your behalf. We may deny a request from an authorized agent that does not submit proof of authorization.
Right to Correct. You have the right to request that we correct inaccurate Personal Data.
Exercising Your Oregon Privacy Rights. To exercise your data rights under Oregon law, please contact us using one of the following methods:
- Click here to begin your Request
- Email: You may email us at privacy@bridg.com to exercise your rights.
Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request.
Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.
Appeal. If we deny your request, you may appeal our decision by emailing us at privacy@bridg.com with the subject “Appeal of Consumer Rights Request.” If you have concerns about the results of an appeal, you may contact the Oregon attorney general.
5.7 Texas Residents’ Privacy Rights
Effective July 1, 2024
If you are a Texas resident, this section applies to you. This section describes the rights you have with respect to your Personal Data, under the Texas Data Privacy and Security Act (“TDPSA”). For purposes of this section, “Personal Data,” has the meaning given in the TDPSA and does not include information excluded from the TDPSA’s scope.
This section does not apply to the extent we process Personal Data in the role of processor on behalf of our clients except as specifically noted below regarding requests to delete. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Data in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using our Services or you otherwise believe that a Client uses our Services to process your Personal Data, and you contact us regarding this data, you will be directed to contact the applicable Client(s) for assistance with any request or questions relating to your Personal Data, including without limitation any requests to access, amend or erase your Personal Data.
The entity maintaining this website is a data broker under Texas law. To conduct business in Texas, a data broker must register with the Texas Secretary of State (Texas SOS). Information about data broker registrants is available on the Texas SOS website.[LO1]
If you are a Texas resident, in addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding Licensed Data, including, relevantly:
Right to Know. You have the right to know and see what Personal Data we have collected about you in a portable format. In addition, for any Personal Data that you previously provided to us, you have the right to access that Personal Data in a portable format.
Right to Delete. You have the right to request that we delete the Personal Data we have collected about you. Please note that upon receipt of a valid request to delete from you, we will delete any Personal Data we have about you in our Licensed Data and in our Client Data.
Right to Opt-Out. You have the right to opt out of targeting advertising and the sale of your Personal Data (as those terms are defined under Texas law). You also have the right to have an authorized agent opt out on your behalf. We may deny a request from an authorized agent that does not submit proof of authorization.
Right to Correct. You have the right to request that we correct inaccurate Personal Data.
Exercising Your Texas Privacy Rights. To exercise your data rights under Texas law, please contact us using one of the following methods:
- Click here to begin your Request
- Email: You may email us at privacy@bridg.com to exercise your rights.
Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request.
Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.
Appeal. If we deny your request, you may appeal our decision by emailing us at privacy@bridg.com with the subject “Appeal of Consumer Rights Request.” If you have concerns about the results of an appeal, you may contact the Texas attorney general.
5.8 Utah Residents’ Privacy Rights
If you are a Utah resident pursuant to the Utah Consumer Privacy Act (“UCPA”),this section applies to you. For purposes of this section, “Personal Data,” has the meaning given in the UCPA and does not include information excluded from the UCPA’s scope.
This section does not apply to the extent we process Personal Data in the role of processor on behalf of our clients. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Data in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using our Services or you otherwise believe that a Client uses our Services to process your Personal Data, and you contact us regarding this data, you will be directed to contact the applicable Client(s) for assistance with any request or questions relating to your Personal Data, including without limitation any requests to access, amend or erase your Personal Data.
If you are a Utah resident, in addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding Licensed Data:
Right to Know. You have the right to know and see what Personal Data we have collected about you. In addition, for any Personal Data that you previously provided to us, you have the right to access that Personal Data in a portable format.
Right to Delete. You have the right to request that we delete any Personal Data that you previously provided to us.
Right to Opt-Out. You have the right to opt out of the processing of your Personal Data for purposes of targeted advertising or the sale of your Personal Data, as those terms are defined by the UCPA. You may do so by clicking here or by submitting a request through one of the means described below.
Exercising Your Utah Privacy Rights. To exercise your data rights under Utah law, please contact us using one of the following methods:
- Email: You may email us at privacy@bridg.com to exercise your rights.
Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request.
Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.
5.9 Virginia Residents’ Privacy Rights
If you are a Virginia resident pursuant to the Virginia Consumer Data Protection Act (“VCDPA”), this section applies to you. This section describes the rights you have with respect to your Personal Data under the VCDPA. For purposes of this section, “Personal Data,” has the meanings given in the VCDPA and does not include information excluded from the VCDPA’s scope.
This section does not apply to the extent we process Personal Data in the role of processor on behalf of our clients except as specifically noted below regarding requests to delete. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Data in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using our Services or you otherwise believe that a Client uses our Services to process your Personal Data, and you contact us regarding this data, you will be directed to contact the applicable Client(s) for assistance with any request or questions relating to your Personal Data, including without limitation any requests to access, amend or erase your Personal Data.
If you are a Virginia resident, in addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding Licensed Data:
Right to Know. You have the right to know and see what Personal Data we have collected about you. In addition, for any Personal Data that you previously provided to us, you have the right to access that Personal Data in a portable format.
Right to Delete. You have the right to request that we delete the Personal Data we have collected about you. Please note that upon receipt of a valid request to delete from you, we will delete any Personal Data we have about you in our Licensed Data and in our Client Data.
Right to Opt-Out. You have the right to opt out of targeting advertising and the sale of your Personal Data (as those terms are defined under Virginia law).
Right to Correct. You have the right to request that we correct inaccurate Personal Data.
Exercising Your Virginia Privacy Rights. To request access to or deletion of your Personal Data or to exercise any other data rights under Virginia law, please contact us using one of the following methods:
- Click here to begin your Request
- Email: You may email us at privacy@bridg.com to exercise your rights.
Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request.
Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.
Appeal. If we deny your request, you may appeal our decision by emailing us at privacy@bridg.com with the subject “Appeal of Consumer Rights Request.” You must appeal our decision within 45 days of your receipt of our denial. If you have concerns about the results of an appeal, you may contact the Virginia attorney general.
6.1 Contact Information
If you have any questions about this Policy or our practices relating to our Services, please contact us through one of the methods listed above or at:
Bridg, a division of Cardlytics, Inc.
1849 Sawtelle Blvd, Suite 700
Los Angeles, CA 90025
7.1 Policy Updates and Changes
We reserve the right, at any time, to add to, change, update, or modify this Policy, simply by posting such change, update, or modification on the Site and without any other notice to you. Any such change, update, or modification will be effective immediately upon posting on the Site.