This Privacy Notice is effective July 26, 2022. It was last updated July 26, 2022.
Our organization takes great care to respect the privacy of the personal and corporate data contained within its systems. For this reason, we collect and process data only for reasons and ways needed to provide our services to you. Your personal data includes information such as:
Our Privacy Notice is intended to describe to you how and what data we collect, and how and why we use your personal data. It also describes options we provide for you to access, update or otherwise take control of your personal data that we process.
If you have questions about our policies or processes described below, you may contact our privacy team by emailing privacy@carltonone.com or privacy@globalrewardsolutions.com. These inboxes are actively monitored and someone will contact you quickly to answer your questions.
We collect information so that we are able to deliver the best possible user experience on our platform(s). Much of this information is collected in the following ways:
The information collected is structured to be at the bare minimum required to provide adequate services to our clients and users. Additionally, we do have other forms of data collection that may not be obvious:
Cookies
These allow us to track browsing behavior on our platforms. We make use of Google Analytics to provide us insight into site usage and overall performance from the end user's perspective. No personal data is transferred to Google in this way and we do not make use of tracking beyond our platform(s); all cookies are first-party cookies.
We additionally make use of cookies to manage user authentication against our platforms. These cookies are essential for the proper operation of the application.
Service Usage
Usage logs are automatically generated through all interactions with our services. These logs contain specific service usage, source IP addresses, site referral URLs, system performance, as well as browser, operating system, and device information.
Supplemental Data
Upon enrollment, your account may have been configured with additional details regarding your account and role within the enrolled program. This data is typically provided by the enrolling organization and typically consists of a job title and department. The information provided is typically pertinent to the type of program your organization is operating on our platform. Inquiries regarding this type of data should be forwarded to your own organization.
While we collect a minimum amount of data on our users, we strictly process this data solely for the purposes of providing contracted services to the end user and client. Data is only used for purposes that:
These uses include delivering, improving, updating and enhancing the Services we provide to you. We collect various types of information relating to your use and/or interactions with our Services.
We use this information to:
Often, much of the data collected is aggregated or statistical data about how individuals use our Services, and is not linked to any personal data, but to the extent it is itself personal data, or is linked or linkable to personal data, we treat it accordingly.
We may share your information with the following entities in order to provide you with service:
In all cases, we ensure that our sub-processing partners provide the same level of security and privacy to your personal data that we provide.
Data Access
You are permitted to request a report of the personal data contained in our platforms. To request a report, you may do any of the following:
Data Editing
You are permitted to update your user profile information at any time using the provided tools on our platform(s). If you are unable to do so, please contact your local program administrator.
Data Deletion
You are permitted to request to delete your personal information from our platform. After doing so, we will be unable to provide any additional service to you as a customer. This will have the following consequences:
Similarly to personal data reports, you may request to have your personal data removed from our platform(s) in any of the following ways:
Data Security
We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including the utilization of encryption where appropriate.
Data Storage
Data is stored securely at multiple locations, in conjunction with our technology partners.
Region: ca-central-1
Services: Compute, Storage, DNS, DRaaS
Data Retention
We retain personal data only for as long as necessary to provide services and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
If you have any questions about the security or retention of your personal data, you can contact us at privacy@carltonone.com or privacy@globalrewardsolutions.com.
International Transfers of Collected Information
If you use our Services from a country other than the country where our servers are located, your communications with us may result in transferring your personal data across international borders. Also, when you call us or initiate a chat, we may provide you with support from one of our global locations outside your country of origin. In these cases, your personal data is handled according to this Privacy Notice.
International Transfers to Third Parties
Some of the third parties described in this privacy notice, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information of customers in the European Economic Area, the UK, or Switzerland, we will make use of the following:
Compliance with Legal, Regulatory, and Law Enforcement Requests
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (such as subpoena requests), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.
To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide your personal information to third parties as part of legal process.
‘Do Not Track’ Notifications
Some browsers allow you to automatically notify websites you visit not to track you using a “Do Not Track” signal. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” you may visit www.allaboutdnt.com.
Age Restrictions
Our Services are available for purchase only for those over the age of 16. Our Services are not targeted to, intended to be consumed by or designed to entice individuals under the age of 16. If you know of or have reason to believe anyone under the age of 16 has provided us with any personal data, please contact us at privacy@carltonone.com or privacy@globalrewardsolutions.com.
Sub-Processor |
Description/Purpose |
Location |
AWS Canada |
Hybrid-cloud services (compute and storage); storage of replicated backups; on-premises DR landing zone; DNS services |
Region: ca-central-1 |
eStruxture Data Centers |
Colocation; houses our production environment and primary data center |
Toronto, Canada |
Freshworks |
Customer service ticketing solution. System manages the inbound/outbound communication between CarltonOne and the end-user help requests |
California, USA (AWS Region: us-east-1) |
HubSpot |
Customer Relationship Management system. System manages the client-service related communications between CarltonOne and clients |
Massachusetts, USA (AWS Region: us-east-1) |
MicroSourcing |
Outsourced customer call center. Order Processing Coordinators and Customer Service Representatives may have access to limited customer data in order to provide contracted end-user support services |
Manila, Philippines |
We reserve the right to modify this Privacy Notice at any time. If we decide to change our Privacy Notice, we will post those changes to this documentation and any other places we deem appropriate, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
This Privacy Notice was last updated July 26, 2022.