Privacy Policy
Concierge Connection USA Inc. DBA Perkopolis (“Perkopolis” or “we”) takes your privacy seriously and we know you do too. This Privacy Policy (“Policy”) describes how we collect, process, and share Personal Data, your Rights & Choices, and other important information about how we handle your Personal Data.
SCOPE OF THIS POLICY
This Privacy Policy applies to Personal Data collected through our “Services”, which include:
• Our “Corporate Site” located at perkopolis.com and any other websites where we link to/post this Privacy Policy (including any subdomains or mobile versions); and
• Our “Platform,” which includes our Perkopolis web application and mobile app (“Mobile App”) for registered users of the Perkopolis services, in each case, to the extent we are a controller/business with respect to the operation of the Platform.
Please note: We provide certain services and process information (e.g. employee perks program enrollment and eligibility authentication) on behalf of third parties (e.g. your employer) that have entered into an agreement with us to provide our Services (our “Customers”). Similarly, we may link to third party sites, services, or applications (collectively, the “Publishers”) who publish their perks, discounts, or branded products or services on our through our Platform (“Perks”). This Policy reflects only how we process Personal Data through our Services. This Policy does not apply to information processed by or on behalf of our Customers, the Publishers, or any other third party. Please see the third party’s privacy policy for more information.
HOW TO CONTACT US/CONTROLLER
The controller of your Personal Data under this Policy is Concierge Connection USA Inc., You may contact our Data Privacy Team as follows:
General Inquiries and Data Updates: privacy@perkopolis.com
Regional Data Rights: Visit Your Privacy Choices, or mail to the address below.
Direct Marketing Disclosure Inquiries: mail to the address below or email privacy@perkopolis.com.
Physical Address:
Concierge Connections USA
RE: Perkopolis Privacy
4010-3080 Yonge Street
Toronto, ON M4N 3N1
CATEGORIES AND SOURCES OF PERSONAL DATA
The following describes how we process data relating to identified or identifiable individuals and households (“Personal Data”).
Categories of Personal Data We Process
The categories of Personal Data we process may include:
Audio/Visual Data- Audio or video files and records, such as voicemails, call recordings, and the like.
Biographical Data-Data relating to professional and employment history, qualifications, and similar biographic information.
Transaction Data-Information about the Services we provide to you and about transactions you make with us or other companies and similar information.
Contact Data-Identity Data we can use to contact you, such as email and physical addresses, phone numbers, social media or communications platform usernames/handles.
Device / Network Data-Browsing history, search history, and information regarding your interaction with a website, application, or advertisement (e.g. IP Address, MAC Address, SSIDs, application ID/AdID/IDFA, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies or other device identifiers or persistent identifiers), online user ID, device characteristics (such as browser/OS version), web server logs, application logs, first party cookies, third party cookies, web beacons, clear gifs and pixel tags.
Identity Data-Information such as your name; address; email address; telephone number; gender; date of birth, age and/or age range; account login details, e.g. username and password, avatar, or other account handles/usernames.
Preference Data-Personal Data generated reflecting your preferences, characteristics, predispositions, behavior, demographics, household characteristics, market segments, likes, favorites and other data or analytics.
General Location Data- Non-precise location data, e.g. location information derived from social media tags/posts, or the location of attractions, sports, or other event tickets purchased.
Sensitive Personal Data-Personal Data deemed “sensitive” under California, Washington, or other laws, such as social security, driver’s license, state identification card, or passport number; account log-in and password, financial account, debit card, or credit card number; precise location data; racial or ethnic origin, religious or philosophical beliefs, etc. We collect the following categories of Sensitive Personal Data:
• “Payment Data” Information such as bank account details, payment card information, including similar data protected as Sensitive Data under applicable law, and relevant information in connection with a financial transaction.
• “Precise Location Data” data from GPS, WiFi triangulation, certain localized Bluetooth beacons, or technologies used to locate you at a precise location and time.
User Content-Unstructured/free-form data that may include any category of Personal Data, e.g. data that you give us in free text fields such as comment boxes.
Sources of Personal Data We Process
We collect Personal Data from various sources, which include:
Data you provide us-We receive Personal Data when you provide them to us, when you purchase our products or services, complete a transaction via our Services, or when you otherwise use our Services.
Data we collect automatically-We collect Personal Data about or generated by any device used to access our Services.
Service Providers-We receive Personal Data from Service Providers who transfer Personal Data to us when you interact with our Services and they perform services on our behalf.
Customers-We receive Personal Data from Customers, such as employers, who partner with us to provide you with our Services.
Publishers-We receive Personal Data from Publishers when you purchase or use a perk offered by that Publisher on our Platform or otherwise through our Services.
Social media companies-We receive Personal Data from Meta (e.g. Instagram), LinkedIn, and other social media companies when you interact with that social media company on or in connection with our Services.
Data we create or infer-We, certain partners, social media companies, and third parties operating on our behalf, create and infer Personal Data such as Preference Data or Aggregate Data based on our observations or analysis of other Personal Data processed under this Policy, and we may correlate this data with other data we process about you.
DATA PROCESSING CONTEXTS / NOTICE AT COLLECTION
Note: please click the following links to view information on Data Retention or Regional Data Rights for any of the processing contexts listed below.
Corporate Site
Generally
We automatically collect and process Device/Network Data, Identity Data, General Location Data, and Preference Data when you access and use our Corporate Site.
We use this Personal Data as necessary to operate our Corporate Site, such as delivering pages or content, for our Business Purposes, and our other legitimate interests, such as:
• ensuring the security of our Corporate Site and other technology systems;
• analyzing the use of our Services, including navigation patterns, clicks, etc. to help understand and make improvements to the Services; and
• creating aggregate information about users’ content viewing and usage patterns, which we use to help improve our Services and website content.
We may process Identity Data, Preference Data, and Contact Data for our Commercial Purposes.
Cookies and other tracking technologies
We automatically collect and process Identity Data, Device/Network Data, Inference Data, and General Location Data, in connection with our use of cookies and similar technologies on our Platform. We may collect this data automatically.
We and authorized third parties may use cookies and similar technologies for the following purposes:
• for “essential” purposes necessary for our Platform to operate (such as maintaining user sessions, CDNs, and the like);
• for “functional” purposes, such as to enable certain features of our Corporate Site (for example, to allow a customer to maintain a cart when they are shopping for perks in the online store);
• for “analytics” purposes and to improve our Platform, such as to analyze the traffic to and on our Platform (for example, we can count how many people have looked at a specific page, or see how visitors move around our Corporate Site when they use it, to distinguish unique visits/visitors to our Services, and what website they visited prior to visiting our Corporate Site, and use this information to understand user behaviors and improve the design and functionality of our Services);
We may also process this Personal Data for our Business Purposes. See your Rights & Choices for information regarding opt-out rights for cookies and similar technologies.
Chatbot
We may process Contact Data, Device/Network Data, Identity Data, and User Content when you interact with the support chatbot. We use this Personal Data as necessary to fulfill your request, help you navigate our Services, or for our Business Purposes.
Our Platform
Customer Account Registration
We process Identity data, Biographical Data, Contact Data, Device/Network Data, and User Content when you sign up for an account on our Platform, e.g. when your employer shares a link and log-in directions with you, or where you are an administrator acting on behalf of the employer. We process Payment Data if you associate payment information with your account.
We process this Personal Data as necessary to perform or initiate a contract with you and your employer, to create and maintain your account, and or for our Business Purposes. We may process Identity Data, Preference Data, and Contact Data for our Commercial Purposes. We do not sell or “share” Payment Data or use it for Business Purposes not permitted under applicable law.
Perk Redemptions, Purchases, and other Transactions
We process Transaction Data, Identity Data, Preference Data, and Contact Data when you redeem a Perk, or complete purchase or other transaction through our Platform. If you conduct a paid transactions, we or our third party service provider may also process Payment Data. We do not permanently store your Payment Data, except at your request.
We process this Personal Data as necessary to perform or initiate a transaction with you, process your order, complete payments or refunds, carry out fulfillment and delivery, document transactions, and for our Business Purposes. We may process Identity Data, Transaction Data, Contact Data, and Device/Network Data for Commercial Purposes. We do not sell or “share” Payment Data or use it for Business Purposes not permitted under applicable law.
Third party businesses/controllers may receive your information. When you redeem a Perk or complete a purchase for products and services provided by a Publisher (e.g. an event ticket), we may share your Transaction Data, Identity Data, Preference Data, and Contact Data with the Publisher. Through your purchase or redemption of Perks for third party products or services you are directing us to share information with the Publisher. Publishers that receive your Personal Data in connection with Perk redemption or other transaction will act as a third party controller with respect to that Personal Data, and their processing of Personal Data will be outside the scope of this Privacy Policy. Please review the Publisher’s privacy policy for more information regarding their processing of your Personal Data.
Publisher Listings
We process Identity Data, Biographical Data, and Contact Data if you are a publisher of offers or perks on our Platform. We process this Personal Data as necessary to place your Perk on the Platform and make your offers available for users to view, access, purchase, or redeem, and for our Business Purposes. We may also contact you regarding your Perk, and in connection with Marketing Communications (to the extent permitted by law).
Mobile Apps
If you access our mobile app or other web-based products, we may process Identity Data, Device/Network Data, General Location Data, and, with your consent, Precise Location Data.
We process this Personal Data to provide our mobile apps, for our Business Purposes, and our other legitimate interests, such as:
• to optimize the display and functionality of the Mobile App on your device; and • deliver features that require the use of Precise Location Data, such as to let you know about nearby Perks.
Contact us; Support
We collect and process Identity Data, Contact Data, and User Content when you contact us, e.g. through a contact us form, or for support. If you call us via phone, we may collect Audio/Visual data from the call recording.
We process this Personal Data to respond to your request, and for our Business Purposes. If you consent or if permitted by law, we may use Identity Data and Contact Data to send you Marketing Communications.
Feedback and Surveys
We process Identity Data, Contact Data, and User Content collected in connection with feedback surveys or questionnaires.
We process this Personal Data as necessary to respond to concerns, for our Business Purposes, and other legitimate interests, such as:
• analyzing Customer and employee satisfaction; and
• to allow our partners and service providers to communicate with users.
We may share Feedback/Survey data relating to Customers and Publishers who may use it for their own purposes.
Marketing Communications
We process Device/Network Data, Contact Data, and Identity Data, in connection with marketing emails, SMS/text marketing, push notifications, or similar communications, and when you open or interact with those communications. You may receive marketing communications if you are a user, representative of a Customer, or Publisher, subject to your consent where required by law.
We process this Personal Data to contact you about relevant products or services and for our Business Purposes. We may personalize Marketing Communications based on Personal Data we create or infer, e.g. as part of user Profiles. If consent to is required by law, we will seek your consent. See your Rights & Choices to limit or opt out of marketing communications.
Contests and Promotions
We may collect and process Identity Data, Preference Data, Biographical Data (e.g. of your employer), certain Contact Data, and User Content when you enter a contest/sweepstakes or take part in a promotion.
We process this Personal Data as necessary to provide the contest/promotion, notify you if you have won, or to process delivery of a prize, for our Business Purposes, and other legitimate interests, such as:
• to improve our Services and to create a personalized user experience; and
• to contact you about relevant products or services, and in connection with Marketing Communications.
We may process Identity Data, Contact Data, and User Content information for our Commercial Purposes. Some programs and offers are operated/controlled by our third-party Publishers or their affiliates or partners. We may receive this data from third parties to the extent allowed by the applicable partner; otherwise, this Privacy Policy will not apply to data processed by third parties.
Your Personal Data may be public. If you win a contest/sweepstakes, we may publicly post some of your data. We do not post Personal Information without consent where required by law. See any program agreement(s) for additional details and terms.
PROCESSING PURPOSES
Business Purposes
We and our Service Providers process Personal Data we hold for numerous business purposes, depending on the context of collection, your Rights & Choices, and our legitimate interests. We generally process Personal Data for the following “Business Purposes.”
Service Delivery and Contractual Obligations
We process Personal Data as necessary to provide our Services and the products and services you purchase or request. For example, we process Personal Data to authenticate users and their rights to access the Platform, as otherwise necessary to fulfill our contractual obligations to you, provide you with the information, features, and perks you request, and create relevant documentation.
Internal Processing and Service Improvement
We may use any Personal Data we process through our Services as necessary in connection with our legitimate interests in improving the design of our Service, understanding how our Services are used or function, for customer service purposes, for internal research, technical or feature development, to track service use, QA and debugging, audits, and similar purposes.
Security and Incident Detection
We may process Personal Data in connection with our legitimate interest in ensuring that our Services are secure, identify and prevent crime, prevent fraud, verify or authenticate users/individuals, and ensure the safety of our users. Similarly, we process Personal Data on our Services as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns, and characteristics, maintain and analyze logs and process similar Personal Data in connection with our information security activities.
Personalization
We process certain Personal Data as necessary in connection with our legitimate interest in personalizing our Services. For example, aspects of the Services may change so they are more relevant to you. We may personalize based on Preference Data and your current interactions with the Service. We may also personalize based on Profiles, where permitted by law, e.g. by displaying your name and other appearance or display preferences, to display content that you have interacted with in the past, or to display content that we think may be of interest to you based on your interactions with our Services and other content.
Aggregated Data
We process Personal Data in order to identify trends, including to create aggregated and anonymized data about buying and spending habits, use of our Services, and other similar information (“Aggregated Data”). Aggregated Data that does not contain Personal Data is not subject to this Privacy Policy.
Compliance, Health, Safety, Public Interest
We may also process Personal Data as necessary to comply with our legal obligations, such as where you exercise your rights under data protection law, for the establishment and defense of legal claims, where we must comply with requests from government or law enforcement officials, and as may be required to meet national security or law enforcement requirements or prevent illegal activity. We may also process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent required or permitted under applicable law. Please see the Disclosure/Sharing of Personal Data section for more information about how we disclose Personal Data in extraordinary circumstances.
Commercial Purposes
We and certain third parties process Personal Data to further our commercial or economic interests (“Commercial Purposes,”) depending on the context of collection and your Rights & Choices.
Please Note – We may require your consent, or we may not engage in processing of Personal Data for Commercial Purposes in some jurisdictions. See the “Regional Supplements” section below for more information.
Profiles
In order to understand our users or Publishers preferences, to improve our Publisher marketing operations, to customize our Marketing Communications, and better recommend Perks to our users, we may create a “Profile” by associating and analyzing Personal Data processed in the following contexts:
• Visiting our Corporate Site
• Use of our Platform
• Contest and promotions
• Contact Us; Support
• Feedback and Surveys
We use Profiles for our legitimate interests in market research and statistical analysis in connection with the improvement of our Services. For example, we may analyze the Personal Data of customers who have purchased Perks through the Platform, and then we may direct marketing about that perk to a custom audience with similar demographics. We may also conduct profiling for marketing, e.g. to send direct marketing emails automatically to users, or to build audiences that we use for Publisher marketing activities. Profiles involve processing that is automated, in whole or in part.
DISCLOSURE/SHARING OF PERSONAL DATA
We may share Personal Data with the following categories of third-party recipients and/or for the following reasons:
Affiliates - we will share your Personal Data with our current or future parent or subsidiary companies in order to streamline certain business operations, and in support of our Business Purposes and Commercial Purposes.
Employers- We share your Personal Data with your employer, who is our Customer, as part the Customer relationship and for our Business Purposes.
Publishers- We share your Personal Data with Publishers when you redeem or purchase Perks, or otherwise interact with that Publisher through our Services and for our Business Purposes.
Service Providers- We may share your Personal Data with service providers who provide certain services or process data on our behalf in connection with our general business operations, product/service fulfillment and improvements, to enable certain features, and in connection with our (or our Service Providers’) Business Purposes.
Successors- We may share Personal Data if we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
Lawful Recipients-In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, in the vital interests of us or any person (such as where we reasonably believe the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety) or in such other circumstances as may be required or permitted by law. These disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.
INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
If you are located outside the US, we may transfer or process your Personal Data in the US, Canada, and other jurisdictions where Perkopolis or our service providers operate. Where required by local law, we ensure your data remains protected in connection with any international transfers. See the “Regional Supplements” section below for more information.
YOUR RIGHTS & CHOICES
You may have certain rights and choices regarding the Personal Data we process. Please note, these rights may vary based on the country or state where you reside, and our obligations under applicable law. See the following section for more information regarding your rights/choices in specific regions:
• US States/California
Your Rights
You may have certain rights and choices regarding the Personal Data we process. See the “Regional Supplements” section below for rights available to you in your jurisdiction. To submit a request, contact our Data Privacy Team. We verify your identity in connection with most requests, as described below.
Verification of Rights Requests
If you submit a request, we typically must verify your identity to ensure that you have the right to make that request, reduce fraud, and to ensure the security of Personal Data. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
We may require that you match personal information we have on file in order to adequately verify your identity. If you have an account, we may require that you log into the account to submit the request as part of the verification process. We may not grant access to certain Personal Data to you if prohibited by law.
Your Choices
Marketing Communications
You can withdraw your consent to receive marketing communications by clicking on the unsubscribe link in an email (for email), by responding with “OPT-OUT,” STOP, or other supported unsubscribe message (for SMS), by adjusting the push message settings for our mobile apps using your device operating system (for push notifications), or for other communications, by contacting us using the information below. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.
Withdrawing Your Consent/Opt-Out
You may withdraw any consent you have provided at any time. The consequence of you withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalizing or making relevant certain types of advertising, or other services conditioned on your consent or choice not to opt-out.
Precise Location Data
You may control or limit Precise Location Data that we collect through our Services by changing your preferences in your device’s location services preferences menu, or through your choices regarding the use of Bluetooth, WiFi, and other network interfaces you may use to interact with our Services. Note, we may collect general location data even if you opt out of the collection of Precise Location Data.
Cookies and Similar Technologies
General- If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu or our Manage Cookies page. You may need to opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out.
Do-Not-Track - Our Services do not respond to your browser’s do-not-track request.
DATA SECURITY
We implement and maintain commercially reasonable security measures to secure your Personal Data from unauthorized processing. While we endeavor to protect our Services and your Personal Data unauthorized access, use, modification and disclosure, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.
CHILDREN
Our Services are neither directed at nor intended for use by persons under the age of 18. We do not knowingly collect Personal Data from such individuals. If we learn that we have inadvertently done so, we will promptly delete such Personal Data if required by law. Do not access or use the Services if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.
DATA RETENTION
We retain Personal Data for so long as it is reasonably necessary to achieve the relevant processing purposes described in this Privacy Policy, or for so long as is required by law. What is necessary may vary depending on the context and purpose of processing. We generally consider the following factors when we determine how long to retain data (without limitation):
• Retention periods established under applicable law;
• Industry best practices;
• Whether the purpose of processing is reasonably likely to justify further processing;
• Risks to individual privacy in continued processing;
• Applicable data protection impact assessments;
• IT systems design considerations/limitations; and
• The costs associated continued processing, retention, and deletion.
We will review retention periods periodically and may pseudonymize or anonymize data held for longer periods.
CHANGES TO OUR POLICY
We may change this Policy from time to time. We will post changes on this page. We will notify you of any material changes, if required, via email or notices on our Digital Services. Your continued use of our Services constitutes your acknowledgement of any revised Policy.
REGIONAL SUPPLEMENTS
US States/California
US State & California Privacy Rights & Choices
Under the California Consumer Privacy Act (“CCPA”) and other state privacy laws, residents of certain US states may have the following rights, subject to regional requirements, exceptions, and limitations.
Confirm- Right to confirm whether we process your Personal Data.
Access/Know- Right to request any of following: (1) the categories of Personal Data we have collected, sold/shared, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the purposes for which we collected or sold/shared your Personal Data; (4) the categories of third parties to whom we have sold/shared your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.
Portability- Right to request that we provide certain Personal Data in a common, portable format.
Deletion- Right to delete certain Personal Data that we hold about you.
Correction- Right to correct certain Personal Data that we hold about you.
Opt-Out (Sales, Sharing, Targeted Advertising, Profiling) - Right to opt-out of the following:
• If we engage in sales of data (as defined by applicable law), you may direct us to stop selling Personal Data.
• If we engage in targeted advertising (aka “sharing” of personal data or cross-context behavioral advertising,) you may opt-out of such processing.
• If we engage in certain forms of “profiling” (e.g. profiling that has legal or similarly significant effects), you may opt-out of such processing.
Opt-out or Limit Use and Disclosure of Sensitive Personal Data- If we process Sensitive Personal Data for certain purposes, you may have the right to opt-out of the processing of certain Sensitive Data, or request that we limit certain uses of Sensitive Personal Data. This right does not apply in cases where we only use Sensitive Personal Data where necessary, or for certain business purposes authorized by applicable law.
Non-Discrimination- California residents have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA.
List of Direct Marketers- California residents may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.
Submission of Requests
You may submit requests as follows (please our review verification requirements section). If you have any questions or wish to appeal any refusal to take action in response to a rights request, contact us at [privacy@perkopolis.com]. We will respond to any request to appeal within the period required by law.
|
|
| |
|
Categories of Personal Data Disclosed for Business Purposes
For purposes of the CCPA, we have disclosed to Service Providers for “business purposes” in the preceding 12 months the following categories of Personal Data, to the following categories of recipients:
| Category of Personal Data | Category of Recipients |
| Audio/Visual Data | Affiliates, Employers, Publishers, Service Providers, Successors, Lawful Recipients |
| Biographical Data | |
| Transaction Data | |
| Contact Data | |
| Device/Network Data | |
| Identity Data | |
| General Location Data | |
| User Content | |
| Preference Data | Affiliates, Service Providers, Successors, Lawful Recipients |
| Government ID Data | |
| Payment Data | |
| Precise Location Data |
Categories of Personal Data Sold or Shared
For purposes of the CCPA, we do not “sell” or “share” Personal Data.
Categories of Sensitive Personal Data Used or Disclosed
For purposes of CCPA, we may use or disclose the following categories of Sensitive Personal Data: Payment Data; Precise Location Data. However, we do not sell or share Sensitive Personal Data, or use it for purposes other than those listed in CCPA section 7027(m).