Privacy Policy

Updated December 21, 2022

1.1. Purpose of Policy

Bridg, a division of Cardlytics, Inc. (“Bridg,” “we,” “us,” “our” or “Company”) is committed to respecting the privacy rights of its customers, visitors, and other users of the Company Website (www.bridg.com, www.relevantloyalty.net, www.relevantmobile.com) and any affiliated sites (the “Site”) and any services, applications, and software provided by and made available by Bridg (collectively referred to as “Services”). Our affiliates, including our parent company Cardlytics, Inc., have their own privacy policies that apply to data they collect from the products, services, and applications they provide. Any data collected pursuant to this Policy that is disclosed to our affiliates will still be treated consistently with this Policy.

We created this Privacy Policy (this “Policy”) to give you confidence as you visit and use the Services, and to demonstrate our commitment to fair information practices and the protection of privacy. Accordingly, we abide by the following privacy principles for all the personally identifiable information we collect from you.

Bridg may collect, use, and disclose information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (“Personal Information”): 1) in connection with the data processing services, applications, and software solutions (collectively, the “Services”) we offer to our commercial clients and 2) when you access or use our Site.

1.2. Notice Concerning Children

We do not knowingly collect Personal Information from children under the age of 18. If we learn we have collected or received personal information from a child under the age of 18 without verification of parental consent, we will delete that information. If you believe we might have any personal information from or about a child under the age of 18, please contact us at privacy@bridg.com.

2.1 How we Collect, Use, and Disclose Data from Visitors to our Site.

Through our Site, we collect information you choose to provide us, as well as information that is automatically collected, in order to enhance our Site and our Services.

A. Information You Choose to Provide us Through the Site

Bridg offers visitors to our Site the opportunity to reach out to us in various ways, including the opportunity to contact us with questions or comments, or to request information from us about our business. In connection with these opportunities, you may provide – and we will therefore necessarily collect – certain Personal Information, including your name, email address, or phone number.

We will use the information you choose to provide us through our Site for legitimate business purposes, including to:analyze, improve, and customize the Services; send you announcements, newsletters, promotional materials, and other information about the Services; respond to your questions or comments, or to provide you with the requested information.  As a general matter, we will not disclose any of the Personal Information you provide us through our Site to any third parties.  However, we reserve the right to do so when necessary or required by the circumstances, such as (i) to protect or defend the legal rights of Bridg; (ii) to protect against fraud or for risk management purposes; (iii) to comply with applicable law or respond to legal process; or (iv) if Bridg undergoes bankruptcy or dissolution. Additionally, if Bridg sells, merges, or transfers all or part of its business or assets, we may transfer the information you provided us through our Site to the parties involved in that transaction.

Unless otherwise required by applicable law, we will retain the Personal Information you choose to provide us through our Site only for as long as necessary to fulfil the purposes outlined in this Policy. You may opt not to receive newsletters or other promotional emails from us at any time by contacting us or by following the “unsubscribe” instructions in any promotional email you receive from us.

B. Information We Automatically Collect Through our Site

When you visit the Site, we may automatically collect certain information through cookies and similar technologies (including pixels, tags and web beacons) (together “cookies”). Cookies are small text files stored by your browser on your computer, phone, tablet, or other device you use to access our Site. The cookies on our Site collect information related to the device you used to access our website such as the IP address and type of device. The cookies on our Site also may collect the following categories of information (1) IP addresses; (2) domain servers; (3) types of computers accessing the Site; (4) referring/exit websites; (5) operating systems; (6) Internet Service Providers (ISPs); (7) types of web browsers used to access the Site and (8) your geographic location information.

 Cookies allow us to identify visitors, track aggregate behavior, and recognize certain types of information on your computer, such as a cookie number, time and date of a page view, and a description of the page where a cookie is placed. We use information collected via cookies for marketing purposes and for analytics purposes to help us track the efficacy of our Site.

We will use the information we automatically collect through our Site for legitimate business purposes, including to:analyze, improve, and customize the Services and the Site and to market the Services.  As a general matter, we will not disclose any of the Personal Information we collect automatically through our Site to any third parties.  However, we reserve the right to do so when necessary or required by the circumstances, such as (i) to protect or defend the legal rights of Bridg; (ii) to protect against fraud or for risk management purposes; (iii) to comply with applicable law or respond to legal process; or (iv) if Bridg undergoes bankruptcy or dissolution. Additionally, if Bridg sells, merges, or transfers all or part of its business or assets, we may transfer the information we collect automatically through our Site to the parties involved in that transaction.

Unless otherwise required by applicable law, we will retain any Personal Information that we automatically collect through our Site only for as long as necessary to fulfill the purposes outlined in this Policy.

By accessing the Site, you consent to the placement of cookies on your devices as described in this Policy. You have the ability to accept or decline cookies. However, if you do so, certain features of the Site may be limited or may not work at all. Most web browsers automatically accept cookies, but you can modify settings on all major browsers to decline cookies if you prefer. Unless you set your browser settings to refuse all cookies, our systems may issue cookies when you access or use the Site.

Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not currently use technology that recognizes “Do Not Track” signals from your web browser due to lack of standardization regarding how that signal should be interpreted.

2.2 How We Collect and Use Information in Connection with the Services

Bridg allows its restaurant and retail clients (“Clients”) to anonymously individualize purchases, providing them with their customers’ purchase history, demographics, location, spend, and other calculated attributes derived from this data. We call these “Company Features.”

To provide our Services and the Company Features, we utilize (i) Personal Information provided to us by or on behalf of our Clients (“Client Data”), and (ii) Personal Information that we license from third parties (“Licensed Data”).

Client Data

The retail and restaurant businesses who use our services to understand and advertise to their customers may provide us with Client Data when they use our Services. This Client Data is collected from transactions you have made with those businesses or loyalty or purchase accounts you have with those businesses, and may include:

– Identifiers, your name, email, phone number, delivery address, loyalty program number, online order number, and payment or tender details (but not financial account numbers or partial credit card numbers); and

– Commercial Information, such as your historical item level purchase history, store location and spend.

We use this Client Data to identify and understand you as a customer of a particular Client, and to provide our Services to that business. We may combine information received from our Clients with other Licensed Information. Our Clients may use the Services and the Client Data for analytics purposes or for advertising and marketing purposes such as creating audiences of their own in-store customers to provide personalized offers or messages. Our respective Clients do not have the ability to access one another’s data.

Licensed Data

We also collect, license, or otherwise receive information about you from third-party data providers (“Licensed Data”). This information may include:

– Identifiers, such as your name, postal and email address, telephone number, and other contact information, and online identifiers such as device IDs and IP addresses;

– Protected Characteristics, including your race, ethnicity, gender, religious affiliation, and marital status;

– Commercial Information, including your purchase history and data about your purchasing tendencies;

– Internet or Other Network Activity, including information regarding your interaction with a website;

– Geolocation Data for the retail location where purchases were made;

Professional or Employment Information, including your industry sector or segment and salary range;

– Education Information, including your education level; and

– Inferences that have been drawn from the above-listed information, including inferences about your interests, preferences, behavior, attitudes, and characteristics.

We use this Licensed Data to provide our Services to our Clients.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your explicit consent.

2.3 How We Disclose Personal Information in Connection with the Services

With regard to Client Data, we disclose (and during the last 12 months have disclosed) each of the categories of Client Data listed above solely as directed by the applicable Client.

We may share, process and/or store some or all of the Licensed Data and Client Data we collect or receive with third-party service providers, who help us provide our Services, such as cloud computing providers, data analytics providers or marketing service providers in order to execute our Services on behalf of our Clients. These service providers have executed agreements with Bridg and/or our Clients not to access, use, or disclose Bridg data except as specifically authorized and directed by the agreement.

We may allow our Clients to use or benefit from Licensed Data in order to provide our Services, for example by allowing them to segment consumers for marketing or analytics purposes. We have executed agreements with our Clients preventing them from accessing, using, or disclosing our Licensed Data except when legally permitted. We never expose any consumer contact information (name, email, phone number, address) in Licensed Data to Clients.

We may also share your information:

– For legal reasons, including when we must do so to comply with applicable law, legal processes or investigations, to exercise or defend a legal claim, to cooperate with law enforcement, to enforce any applicable terms, or to protect rights belonging to you, the Company, or our Clients;

– In connection with a sale, merger, restructuring, or other corporate transaction; and

– When you permit or direct us to share this information with a third party.

Unless otherwise required by applicable law, we will retain Client Data and Licensed Data only for as long as necessary to provide the Services and to fulfill the purposes outlined in this Policy.

3.1 Security of Personal Information.

We have, and require the service providers with whom we may disclose Personal Information to have, administrative, technical, and physical safeguards in place in our respective physical facilities and in our respective computer systems, databases, and communications networks that are reasonably designed to protect information contained within such systems from loss, misuse, and alteration. The measures we use may include storing Personal Information on secured servers, transmitting Personal Information using encryption technologies, and auditing and reviewing our data collection and storage practices. The Site has security measures in place, including but not limited to the use of a Secure Sockets Layer (SSL) software to prevent the loss, misuse, and alteration of the information that we obtain from you, but we make no assurances about our ability to prevent any such loss, misuse, to you or to any third party arising out of any such loss, misuse, or alteration.

4.1 Third-Party Websites

The Site may contain links to other websites. This Policy is only applicable to the Services and the Site. The information practices or content of other third-party web sites is governed by the privacy policies and statements of other such respective web sites. If you choose to visit other websites, we are not responsible for the privacy practices or content of those other websites, and it is your responsibility to review the privacy policies at those websites to confirm that you understand and agree with their policies.

5.1 State-Specific Information and Rights

If you are a California resident pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2021 (the “CPRA”), or a Virginia resident pursuant to the Virginia Consumer Data Protection Act (“VCDPA”) you may have additional privacy rights in relation to our data processing activities.

5.2 California Residents’ Privacy Rights

If you are a California resident, this section applies to you. For purposes of this section, “Personal Information,” and “Sensitive Personal Information” have the meanings given in the CPRA and do not include information excluded from the CPRA’s scope.

This section does not apply to the extent we process Personal Information in the role of a service provider on behalf of our Clients. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Information in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using our Services or you otherwise believe that a Client uses our Services to process your Personal Information, and you contact us regarding this data, you will be directed to contact the applicable Client for assistance with any requests or questions relating to your Personal Information, including without limitation any requests to access, amend or erase your Personal Information.

In addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared with one of our Clients as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding Licensed Data:

Right to Know. You have the right to know and see what information we have collected about you over the past 12 months, including:

– The categories of Personal Information we have collected about you;

– The categories of sources from which the Personal Information is collected;

– The business or commercial purpose for collecting your Personal Information;

– The categories of third parties with whom we have shared your Personal Information; and

– The specific pieces of Personal Information we have collected about you.

Right to Delete. You have the right to request that we delete the Personal Information we have about you.

Right to Opt-Out. You have the right to opt out of the “selling” or “sharing” of your Personal Information, as those terms are defined by the CPRA. You may do so by Clicking here or by submitting a request through one of the means described below.

Right to Correct. You have the right to request that we correct inaccurate Personal Information.

Right to Limit the Use of Sensitive Personal Information.  You have the right to limit our use and disclosure of your Sensitive Personal information.

Other Rights. You can request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. You also have the right not to be discriminated against for exercising any of the rights listed above.

Exercising Your California Privacy Rights. To request access to or deletion or correction of your Personal Information, to limit the use of your Sensitive Personal Information, to opt out of the sale or sharing of your Personal Information for cross-context behavioral advertising or to exercise any other data rights under California law, please contact us using one of the following methods:

Click here to begin your CPRA Request

– Email: You may email us at privacy@bridg.com to exercise your rights.

Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request. You may also designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof of authorization.

Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.

5.3 Virginia Residents’ Privacy Rights

If you are a Virginia resident, this section applies to you. This section describes the rights you have with respect to your Personal Data under the VCDPA. For purposes of this section, “Personal Data,” and “Sensitive Personal Data” have the meanings given in the VCDPA and do not include information excluded from the VCDPA’s scope.  We do not knowingly collect, share, sell or otherwise maintain or disclose any Sensitive Personal Data associated with Virginia residents.

This section does not apply to the extent we process Personal Data in the role of processor on behalf of our clients. Our Clients are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to such Clients’ use or collection of Personal Data in connection with the use of our Services by individuals with whom our Clients interact. If you are an individual who interacts with a Client using our Services or you otherwise believe that a Client uses our Services to process your Personal Data, and you contact us regarding this data, you will be directed to contact the applicable Client(s) for assistance with any requests or questions relating to your Personal Data, including without limitation any requests to access, amend or erase your Personal Data.

If you are a Virginia resident, in addition to any rights you have directly with the Bridg Clients who collected your data, for example rights regarding data you might have shared as part of a purchase or loyalty program, Bridg extends certain rights and choices to you regarding Licensed Data:

Right to Know. You have the right to know and see what Personal Data we have collected about you.

Right to Delete. You have the right to request that we delete the Personal Data we have collected about you.

Right to Opt-Out. You have the right to opt out of targeting advertising and the sale of your Personal Data (as those terms are defined under Virginia law).

Right to Correct. You have the right to request that we correct inaccurate Personal Data.

Exercising Your Virginia Privacy Rights. To request access to or deletion of your Personal Data or to exercise any other data rights under Virginia law, please contact us using one of the following methods:

Click here to begin your Request

– Email: You may email us at privacy@bridg.com to exercise your rights.

 Verification. When we receive your request, we may need to collect additional information from you to verify your identity and eligibility before processing your request.

Response Timing and Format. We aim to respond to consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.

Appeal If we deny your request, you may appeal our decision by emailing us at privacy@bridg.com with the subject “Appeal of Consumer Rights Request.” You must appeal our decision within 45 days of your receipt of our denial. If you have concerns about the results of an appeal, you may contact the Virginia attorney general.

6.1 Contact Information

If you have any questions about this Policy or our practices relating to our Services, please contact us through one of the methods listed above or at:

Bridg, a division of Cardlytics, Inc.

1849 Sawtelle Blvd., Suite 700

Los Angeles, CA 90025

7.1 Policy Updates and Changes

We reserve the right, at any time, to add to, change, update, or modify this Policy, simply by posting such change, update, or modification on the Site and without any other notice to you. Any such change, update, or modification will be effective immediately upon posting on the Site.