Privacy policy
At Cora Loyalty, we are committed to safeguarding the privacy of both personal and corporate data within our systems. To do this, we follow information usage practices based on two beliefs: first, that protecting user privacy is essential to the growth and prosperity of the Internet; second, that a personalized web experience can provide significant benefits to end users if done effectively. In accordance with these beliefs, Cora Loyalty creates results for program managers and fulfilment suppliers in revolutionary ways without compromising individual privacy.
To start, it is important for you to know two definitions that are key to understanding our programs and privacy practices:
Information that can be linked to an identifiable individual person. This type of data includes things like full name, home address, telephone number, or email address. This data is used strictly in the pursuit of fulfilling orders and mitigating fraud.
Information that cannot identify an individual person, such as browser types, operating systems, domain names, access dates and times, referring website addresses, online transactions and browsing and search activity.
Cora Loyalty provides services to clients (“Controllers”) that send information to Cora Loyalty for the purposes of order fulfillment, fraud mitigation and user experience personalization.
Cora Loyalty and its entities are individually and collectively a Processor that use information sent via a Controller to fulfill orders, mitigate fraud and enable user experiences personalization.
This following table summarizes our practices and should be used solely for reference purposes. This table is not an exhaustive description of our privacy practices and should not be construed to define, limit, and/or describe the scope or extent of this Privacy Policy. As a result, we urge you to read the entire Privacy Policy:
This Privacy Policy is primarily intended to provide a description of the ways in which we collect and use information to deliver our services across the Internet.
None of our operations are directed toward or intended for children. We do not collect PII from any person of whom we have knowledge is under the age of 13.
We may collect information from visitors to our website for various purposes, including, but not limited to, providing information about goods and services likely to be of greater interest to those users. We also may automatically collect your information when you first engage with our website. For example, information such as server logs from your browser, including your IP address, device type, unique device identification numbers, browser type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked and information on how you use and interact with the Website.
Such information may include Non-PII through the use of cookies and other technologies provided by third parties, at the request of the Controller. It may also include any PII the Controller chooses to provide when sending orders to our systems. Although we choose our business partners and clients carefully, Cora Loyalty is not responsible for the privacy practices of websites and mobile applications operated by such 3rd parties. Controllers should check the applicable privacy policies of such websites and mobile applications of requested 3rd party systems and tools to determine how they handle any information they collect from users.
Our philosophy on privacy follows the framework of Privacy by Design. We integrate privacy in strategy, product development, and more. We set the tone for privacy protection early and often, proactively working to keep PII out of Cora Loyalty’s systems and only collecting personal information that is required to perform our services. Ensuring the protection of privacy throughout the entire lifecycle of the data is of the utmost importance, and we are careful to protect privacy as data is collected, used, and destroyed responsibly using modern techniques.
Cora Loyalty has developed a strong privacy foundation and has a company culture aimed at the prevention of the unauthorized receipt and use of PII.
On behalf of Controllers, Cora Loyalty collects PII and Non-PII about Controllers’ clients. PII is provided by the Controller. Non-PII will be provided through approved 3rd parties. These 3rd parties may use technologies such as cookies, log files or other similar technologies to collect Non-PII about user browsers or devices, including browsing activity, online transactions, and IP addresses. Some clients contribute PII such as: name, address, email address, and associated transactional information directly to us or to a 3rd party with whom Cora Loyalty has a contractual relationship. This 3rd party may share PII data points and provides Cora Loyalty only essential PII for the purpose of order fulfilment and program enhancements.
Cora Loyalty will only share user information for limited purposes such as those provided in this Privacy Policy. This may include sharing information (1) to enable 3rd party service providers to assist or facilitate in the services we provide; (2) to comply with applicable laws and regulations or to respond to a subpoena, search warrant or other lawful request for information received by us, whether or not a response is required by applicable law; (3) to protect the safety of members of the public and users of the service (4) with vendors, administrative service providers, technology providers, and carefully selected partners for services including, but not limited to, data validation, enhancement, information verification and suppression services; or (5) for any other purpose for which Controllers provide consent. None of this information will include PII except as provided herein. While Cora Loyalty strongly encourages clients and partners to adopt responsible approaches to online activities, Cora Loyalty is not responsible for the information practices of such clients and partners.
The security of user information is important to us. We have implemented appropriate security measures to protect the information in our care, both during transmission and once we receive it. We take physical and technical security measures to protect our data from unauthorized access, as well as unauthorized disclosure or destruction of data.
PII and Non-PII data is retained on a schedule determined by our contractual agreements with Controllers. Aggregate reports generated from program data such as reporting data may be retained for a longer period.
Our commitment to our clients and their users includes compliance with and adherence to applicable laws and policies governing the collection and use of user personal information including PIPEDA (the Personal Information Protection and Electronic Document Act) (Canada), and the General Data Protection Regulation (GDPR) (European Union).