Privacy Policy

Flash Rewards

Privacy and Cookies Policy

Last Modified: May 15, 2023

sets forth the following Privacy and Cookies Policy (Policy) which describes how we will handle your personal information when trading under our corporate names and trading names, including Rewards Giant, RewardFlow, RwdFlow, Rwd Flow, RwdsFlow, RewardGiant, RwdGiant, Flash Rewards, FlashRwds, RZU, Flash Rwd and future trading names used for rewarded sites we own and operate. In this Policy we refer any information relating to an identified or identifiable natural person as Personal Data.

Who We Are

is a US company registered in the State of Delaware with offices at 300 Vesey Street, 9th Floor, New York, NY 10282. We are registered as a data controller with the Information Commissioner's Office (ICO) under registration number ZA663623. If you would like more information about us, please contact our Data Protection Officer, Daniel Barsky, at the address below or at barskydpo@fluncto.com.

Our UK Representative is:

GRCI Law Limited, Unit 3,

Clive Court, Bartholomew’s Walk,

Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA, UK 2:10

ukrep@grcilaw.com

Intro

This Policy explains how and why we collect and process your Personal Data. We collect your Personal Data when you provide it to us on one of our sites and by other means described below. We collect your Personal Data to help us understand your needs and to interact and communicate with you and, subject to your explicit consent, to provide information to you about products and services that are offered by us and our trusted third-party marketing partners (Marketing Partners). We ensure that we have policies and procedures in place to protect the Personal Data you provide when registering on our sites, and we process it in order to provide you with the services you have requested. Where you have given us your permission to do so, we and Marketing Partners will send you information that we think you'll find interesting. We store your Personal Data on our secure servers.

We do so in accordance with the UK General Data Protection Regulation as tailored by the Data Protection Act of 2018 (UK GDPR) and work within the guidelines and advice provided by and made available by the ICO, the regulator of the UK GDPR and abide by the ICO's requirements.

WHAT PERSONAL DATA WE COLLECT ABOUT YOU

When you register on one of our websites and click the Submit or Continue button, your Personal Data is transferred to our database which is stored in servers located in the United States and in the “cloud.” Further information on how your Personal Data is treated when it is exported to the USA can be found below under 'Where is my Personal Data stored?'. Here’s some of the Personal Data we may collect if you grant your consent:

your name, address and other contact details;
your gender;
your date of birth;
certain information about your financial position including your card payment details (but not your card number), an estimate of how much debt you have, the type of debt you have (credit card, student loan etc.) and an estimate of your household income;
information about your use of our website including your log-in information, technical information such as the type of device you are using, your IP address, the web browser, operating system and platform and your time zone settings;
information about how you found our website, the pages you looked at on our website, the website you visited when leaving our website and the date and time of your visit; and
products or services that you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information, and the methods used to browse away from the page.

We may also use your Personal Data to create information that is not identifiable to you such as anonymized data. Anonymized data does not identify you personally but categorises you into groups or sectors. Common examples include demographic information such as age group, gender, marital status, income or the number of people in your household. This may also include information about your lifestyle.

WHY WE NEED YOUR PERSONAL DATA

We need your Personal Data so that:

you can take participate in our rewards program and the other promotions that we offer;
we can reply to any enquiries you make to us, including dealing with any requests you submit regarding our use of your Personal Data and deal with any complaints;
where you have provided your explicit consent to receive such communications we can send information to you about goods and services that we or our Marketing Partners offer, and tailor adverts to you; and
we can administer our website, including troubleshooting, data analysis and help us keep our website safe and secure

We solicit your affirmative consent (i.e., permission) for us to send you communications via media channels including email, direct mail, push notifications, SMS text messages, and telemarketing. Where you have provided your consent:

we can share your Personal Data with our Marketing Partners and including interest-based advertising partners as described below which may be used for direct marketing and interest-based advertising purposes;
we and our Marketing Partners can provide you with email alerts, text/SMS message alerts and push notifications and telemarketing that you have consented to receive or that we are required to send concerning users’ registrations, participation in our rewards program or other promotions, our products or services, or other information;
we can measure the effectiveness of our adverts and tailor them to you; and
you may opt-out of receiving communications from our Marketing Partners by:

clicking the link to a Marketing Partner’s privacy policy (as provided for in our list), accessing their site, and unsubscribing or opting out there;
contacting us here; or
selecting or clicking the unsubscribe option or link included in all marketing communications

OUR LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA

When we process your Personal Data, we do so on the basis that we can rely on a legal basis for such processing. The legal bases on which we rely are:

Contract Performance - for the performance of a contract if you have entered into a contract with us such us when you complete Deals on our website to qualify to earn a reward;
Legitimate Interest - where we process your Personal Data in order to:

manage your (as the registered individual) participation in our rewards program on our websites such as maintaining your registration to our site;
improve and personalise our website to you, and this could be where we may market directly to you about other relevant offers that may be of interest to you;
determine whether any of our Marketing Partners we work with may have services, products and offers that may be of interest to you based on your preferences in which case we may invite you to consent to receive marketing communications from them as set out below;
assess to determine the products and services and marketing campaigns we employ to ensure that we balance the potential impact of your interests with those of ourselves and our Marketing Partners; and

Consent - where you have expressly provided your consent to us processing your Personal Data for certain purposes including sharing it with our third-party service providers who help us host and operate our websites and our Marketing Partners who process Personal Data for marketing-related reasons. Where we process Personal Data on the basis that you have given your consent for us to do so, you can withdraw your consent at any time by clicking the unsubscribe option included in all marketing communications or by clicking here. We will provide you with information in our list of Marketing Partners so you can withdraw your consent to processing by one or more of our Marketing Partners if you do not want to subscribe from all marketing communications.

WHERE DO WE GET THIS PERSONAL DATA FROM?

Forms, online data fields, and survey responses you submit to us;
any of our websites which we own and operate;
other companies in our group of companies who share Personal Data with us on the basis of an agreement which is in place within the group for the provision of intra-group services; and
you or your device and your device browser and through the use of cookies or web beacons (which are single-pixel GIF image files). Additional information about this is provided in the Cookies section below.

WHO DO WE SHARE YOUR PERSONAL DATA WITH AND WHY?

We may share your Personal Data with:

Affiliated and Third-Party Agents and Service Providers:

We may transfer your Personal Data to our affiliated and third-party agents or service providers who perform functions on our behalf including:

other companies which are under common ownership with us and are part of our affiliated group of companies which includes our affiliate Fluent, LLC which provides operational service and other support of our websites in the UK;
third parties which supply us with products and services, such as hosting our websites and databases, optimising our websites, and verifying the Personal Data you provide; and/or
third parties if we are required to do so by law or we have another legal basis for processing, for example our legitimate interest where we believe, in good faith, that it is necessary to protect our rights, property, safety or reputation or the rights, property, safety or reputation of any of our Marketing Partners, service providers or customers or partners.

Third-Party Data Controllers – including Marketing Partners:

In some cases, we may transfer Personal Data to other third-party data controllers. These third-party data controllers do not act as agents or service providers and are not performing functions on our behalf. We may transfer your Personal Data to third-party data controllers for example:

our Marketing Partners for the purpose of receiving marketing communications (a full list of which is available here), but only if you have explicitly agreed to receive marketing communications from those Marketing Partners by giving your consent;
third parties where we are required to do so to comply with our legal obligations or the requirements of a regulatory authority; and/or
third parties if we buy or sell our business or assets (in which case we may need to share Personal Data with the prospective buyer or seller of such business or assets).

We enter into written contracts with our Marketing Partners requiring them to provide the same level of protection for Personal Data as we provide. We also limit their use of your Personal Data so that it is consistent with any consent you have provided and with the notices you have received.

WHAT MAY MARKETING PARTNERS DO WITH MY PERSONAL DATA?

If you provide consent, we will share your Personal Data with the Marketing Partners listed here, who will use it for a variety of direct marketing, targeted advertising, measurement and identity resolution purposes. Marketing Partners may carry out data profiling by combining your Personal Data with data they get from other sources (including public sources) and use it to create predictive models. Marketing Partners use these models to try to predict behaviour and preferences (e.g., how likely you are to sign up for a streaming service) or likely circumstances (e.g., whether you are eligible for a particular credit card).

Marketing Partners will also try to match and then link your data with data that they receive about you from other sources, to make sure that the data they hold about you is correct (e.g., to check whether you have recently moved address).

WHAT HAPPENS IF I DON'T PROVIDE MY PERSONAL DATA?

You are not obligated to provide us with your Personal Data, and if you decide not to:

we won't be able to register you on our website (we need to know who you are) and you won’t be able to participate in our rewards program;
we won't be able to contact you if you have a query (as we won't have your name and contact details);
we will not be able to tailor the adverts, merchandise, gift cards and incentives we offer to you without your gender, age, date of birth, certain financial information; and
our website may not work properly on your device without the information about your visit.

HOW DO I REVOKE MY CONSENT OR OPT-OUT

Users may at any time withdraw their consent or 'opt-out' from receiving future contact from us or a Marketing Partner.

To opt out from email marketing contact customer service, click the “Unsubscribe” link on the bottom of every page or click here or contact a Marketing Partner by following the link in the Marketing Partner list and unsubscribe or opt out there;
Providing consent to telemarketing is not required to qualify for a reward. You may continue to use all other aspects of the website, regardless of whether you elect to consent to telemarketing. Users who elected to provide telemarketing consent but later wish to revoke it can opt out from future telemarketing calls by following prompts to stop individual telemarketing calls on recorded calls, by informing calling parties that they wish to be placed on their do not call list, or by contacting, as appropriate, the Marketing Partner(s) or our customer service team here;
To revoke consent for, or opt-out from, SMS/text messaging, reply STOP to text/SMS messages received or contact customer service here;
To opt out of browser-based push notifications, disable the notifications at the time you receive the notification or disable notifications through your browser’s settings; and
To opt out of Cookies, interest-based advertising and/or third-party analytics, see the section below.

WHERE IS MY PERSONAL DATA STORED?

The Personal Data we collect about you may be transferred to and stored outside the United Kingdom and the European Economic Area (EEA), in particular in the United States of America (USA). It may also be processed by staff operating outside the United Kingdom (UK) or EEA who work for us or for one of the third parties with whom we share Personal Data as outlined above.

We comply with, and ensure that third parties with whom we share Personal Data comply with, the provisions of the UK GDPR and any other relevant data protection legislation to ensure that adequate protection is provided to any Personal Data which is stored or processed outside the UK. You can ask us for a copy of the relevant safeguards implemented in relation to any such transfer outside of the UK.

HOW DO WE KEEP YOUR PERSONAL DATA SECURE?

We maintain reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration or destruction;
All Personal Data you provide to us is stored on our secure servers located in a secure facility operated by Rackspace US, Inc. and located in Ashburn, Virginia, USA and in the cloud under our agreement with Amazon Web Services;
We use industry standard security measures to encrypt your Personal Data;
If we establish password protected accounts, you are responsible for keeping your password confidential;
We will do our best to protect your Personal Data you provide to us via the internet, but such transmission is not completely secure. Subject to our responsibility to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, any transmission of Personal Data over the internet is at your own risk; and
If you follow a link to any of our Marketing Partners' or other linked websites, these websites may have their own privacy policies and we do not accept any responsibility or liability for these policies.

RETENTION

We keep your Personal Data for as long as it is necessary to provide you with the services you have requested.
We may retain your Personal Data for up to six years from when we stop providing our services to you, in accordance with laws in the UK and the USA on legal limitation periods, unless a longer retention period is required or permitted by law.

AUTOMATED DECISION MAKING AND PROFILING

We use automated decision-making and profiling techniques to help us decide which survey questions to ask you, which adverts to show you when you use our website and which of our Marketing Partners to share your Personal Data with. This might be based on your economic situation or your interests. This means that the questions and adverts you are shown, and who your Personal Data is shared with, are determined without human intervention.

WHAT ARE MY PRIVACY RIGHTS UNDER THE GDPR?

As a “data subject” under the UK GDPR, you have a number of rights (detailed below) which you can seek to exercise. If you wish to exercise any rights you should contact us using the ways detailed in this Policy.

If you seek to exercise your rights, we will explain to you whether or not the right applies to you; these rights do not apply in all circumstances and are subject to, for example, our legal obligations, reasons of public interest and defence of legal claims.

Right to withdraw consent. To the extent you provide consent to the processing of your Personal Data, you can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
Right of access to and rectification of your Personal Data. If you would like to request access to, correction, amendment or deletion of your Personal Data, you can submit a written request here. We may request specific information from you to confirm your identify. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access.
Right to erasure (or, “Right to be forgotten”). You can ask us to stop processing and delete your Personal Data in certain circumstances (for example where it was processed on the basis of your consent and you withdraw such consent or where it is no longer necessary for us to process it).
Right to data portability. You can request to receive your Personal Data from us in a machine-readable, commonly used format of our choosing and/or have us transfer your Personal Data directly to another controller.
Right to object to, or restrict processing. Where the processing of your Personal Data is based on consent, contract, or legitimate interests, you may restrict or object, at any time, to the processing of your Personal Data as permitted by applicable law. We may continue to process your Personal Data if it is necessary for the defence of legal claims, or for any other exceptions permitted by applicable law.
Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you, except as allowed under applicable data protection laws.

We will use best efforts to notify the third parties with whom we shared your Personal Data about any request for erasure, rectification or restriction you make to us, unless it proves impossible or involves disproportionate effort. Upon your request, we will share the list of recipients with you.

CONTACT AND COMPLAINTS

If you have any questions, feedback or wish to make a complaint, please contact us using the details below:

contact us here;
log on to our website;
write to our Data Protection Officer, Daniel Barsky, at barskydpo@fluncto.com; or
contact Our UK Representative at:

GRCI Law Limited, Unit 3,

Clive Court, Bartholomew’s Walk,

Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA, UK 2:10

ukrep@grcilaw.com.

You also have the right to lodge a complaint with a supervisory authority (the ICO) by writing to the ICOs Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or calling 0303 123 1113. Further information about how to do this can be found at: www.ico.org.uk.

OUR USE OF COOKIES

We use cookies (a cookie is a small text file which is placed onto your device) and other online tracking devices such as web beacons, and single-pixel gifs on this website. Their use however is limited to those that are strictly necessary. For example, our use of cookies and other tracking technology is necessary for you to use this website, such as a session cookie. Further, we use these technologies to assist with providing the products and services you have requested, including in support of the legal basis for the processing of your Personal Data, the provision of consent, the completion of Deals, your reward status, the claiming of rewards and reward fulfillment.

HOW TO TURN OFF COOKIES

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to the ICO’s webpage on cookies: cookies.

AMENDMENTS

Changes we may make to this Privacy and Cookies Policy in the future will be posted on this page and, where appropriate, sent to you via email.