The purpose of this Policy is to inform you of the data relating to you that we collect and use in connection with our Platform and the uses (including disclosures to third parties) we make of such data.
We are not responsible for the content or privacy practices of any Amplify Partners who feature on our platform.
If you have any questions about our use of your personal data, please contact us at firstname.lastname@example.org.
For the purpose of the General Data Protection Regulation (GDPR), Amplify will be the data controller of any information which you submit to us or which we collect through your use of the Platform. We treat your privacy with the utmost importance and will at all times act in a manner which is compliant with GDPR and with the best practices of data protection.
1. Personal Data that we Collect and Process
We collect and process personal data relating to you in connection with your use of the Amplify Platform and our relationship with you. This personal data may include:-
- Your name, age, gender, country of residence, email address;
- Authentication and identification information (e.g. your name, email address, and password and phone number for user security authentication);
- Information about your communication with Amplify (e.g. emails);
- Financial Data including transactional information with our technology partner (Fidel) and brand partners and your linked bank card details. Please see section (2) ‘Card Linking and Opt-Out Process’
- Profile Data including your username and password, feedback, selected Climate Cause Partner for donations, and donation history; and
- Communications and Marketing Data including your preferences in receiving marketing emails from us and our third parties and our communication preferences.
Certain personal data will also automatically be collected when you interact with the Platform through your computer, mobile telephone, or other mobile device. This data will be collated and analysed in order to help us improve the service that we provide to you. This personal data includes the following:-
- Analytics Information, which may include data collected from cookies and other types of device identifiers;
- Profile Activity (e.g. your usage data, including the location and time when you have used the Platform); and
- Device Address Information (e.g. your IP address, browser type and version, and operating platform).
You have no obligation to provide us with any personal data, however, in order to use the Platform you must provide us with the following minimum information during the account setup process:-
- Your first name;
- An email address;
- Phone number
- Country of residence;
- Your date of birth;
- An account password;
- A linked bank card(s); and
- Your chosen Climate Cause Partner for donations.
If you do not provide us with the above information, we will unfortunately not be able to make the functionality of the Platform available to you.
2. Card Linking and Opt-Out Process
Our card linking technology partner (Fidel), encrypts the User card’s details with bank-level security encryption. That encryption — or tokenization — replaces each User’s details with a token ID, in order for Visa, Mastercard or Amex to inform Amplify when a consenting User has made a transaction.
Fidel does not store the card data of any User’s card, each card is tokenized, which is meaningless outside of this environment. There is no ability to charge the card as we never ask for the card CVV or CSV.
Fidel is PCI Level 1 compliant, meaning they have been approved by an independent Qualified Security Assessor (QSA) to safely and securely handle cardholder data during credit card transactions. The Payment Card Industry Data Security Standard (PCI DSS – 2006) is an industry-wide standard created by the five largest card networks to ensure that card payment processors safely and securely accept, store, process, and transmit cardholder data. This ensures that any personal information held is protected from misuse, interference, loss, unauthorised access, modification or disclosure through various methods including access limitation, and industry-standard Secure Socket Layer (SSL) encryption technology.
Any Amplify User can opt out or unlink their card(s) at any time. This is accessed through the “My Account” section of User’s profile (in the dropdown menu), under the “Linked cards” section they can choose to remove a card or card(s) by clicking the remove button beside the linked card(s) they wish to remove. Once the User confirms removal, the card will be unlinked from the User’s Account and all transaction monitoring will be ceased.
A User may delete their Account at any time. This is accessed through the “My Account” section of User’s profile (in the dropdown menu), under the “Account Settings” section they can delete their account by clicking the “Delete Account” button.
3. How We Use and Process your Personal Data
We will only use and process your personal data for a specific purpose, and then we will only process your data to the extent necessary to achieve that purpose. In addition to any other purposes identified in this Policy, we will use personal data relating to you for the purposes of:-
- Providing Platform services to you;
- Developing and Improving our Platform;
- Generating and analysing statistical data regarding usage of the Platform (where possible, personal data will be anonymised before being used for this purpose);
- Carrying out market research and customer satisfaction surveys;
- Sending you promotional and marketing materials, subject to any preferences that you express when we collect your contact details or subsequently. You can opt out of receiving promotional and marketing materials from us at any time by contacting email@example.com;
- Fraud prevention, investigation and detection; and
- Establishing, exercising, or defending legal claims.
We may also create a marketing profile for you based on the personal data you provide to us or that is collected about you. The contents of that profile may include your purchase history and your personal demographic information.
4. The Legal Basis of our Processing
We will only ever process your personal data where we have legal justification for doing so. The legal bases upon which we will process your personal data are:-
- Where you have consented to our processing of your personal data;
- To take steps at your request prior to entering into a contract with you or to perform a contract with you;
- To facilitate our legitimate interests in conducting our business in a responsible and commercially prudent manner; and
- Where it is necessary to comply with our legal and regulatory obligations.
5. Your Consent
Where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal. You can withdraw your consent by contacting us at firstname.lastname@example.org.
6. How we Share your Data
We will never sell, transfer, share, or otherwise disclose your personal data otherwise than as indicated in this Policy. In order to continue to provide our Platform to you and in furtherance of our legitimate business interests, we may from time to time need to disclose some of your personal data to other partners in connection with the below purposes, including to the following:-
- Brand Partners featured on our Platform. When a user completes a transaction with one of our Brand Partners, the sale data and transaction confirmation is shown anonymously to that Partner in order to facilitate the Climate Cause Partner donation and payment to Amplify. In this context as a User of our Platform you will always remain anonymous and personal information such as your name and email will never be shared;
- Third parties who we engage to provide services to us in connection with the Platform, such as outsourced service providers, IT services providers, and auditors;
- Third parties, their agents and professional advisors, subject to confidentiality obligations, for the purpose of a due diligence exercise by third parties in connection with any proposed merger, acquisition, re-organisation or transfer of our business and to any person proposing to participate in, or to promote or to underwrite or to manage any such arrangement;
- Any subsequent owner or co-owner or operator of the Platform;
- Competent regulatory authorities and bodies as requested or required by law; and
- Our technology partner Fidel. By registering a payment card in connection with transaction monitoring, you authorize Amplify to share your payment card information with Mastercard, Visa, AMEX (the “Payment Networks”) so it knows you are enrolled on the Amplify Platform. You authorise the Payment Networks to monitor transactions on your registered card(s) to identify qualifying purchases in order to determine whether you have qualified for or earned an offer linked to your payment card, and for the Payment Networks to share such transaction details with Amplify to enable your card-linked offer(s) and target offers that may be of interest to you. You may opt-out of transaction monitoring on the payment card(s) you have registered by navigating to your settings menu to remove your linked card(s)
- To use transaction data such as transaction amount, transaction time and merchant location to confirm a Qualifying Purchase or return to match transactions to confirm whether you qualify for donations;
- To share transaction data with the participating merchant where a transaction occurred as needed for the merchant to confirm a specific transaction occurred. For example, the date and amount of your purchase and the last 4 digits of your card number so the merchant can verify your purchase with its records if there is a missing or disputed transaction;
- To provide participating merchants or Third Party Service Providers aggregated and anonymised information relating specifically to registered card activity solely to allow participating merchants and Third Party Service Providers to assess the results of their campaign;
- To create a record of the transaction data and thereafter maintain and use data in connection with operating the Platform;
- To provide information in order to respond to a request from government authority or a payment organization involved in a transaction with you or a merchant. You authorise the sharing, exchange and use of transaction data described above and herein by and among Amplify and Amplify’s Third Party Service Providers, applicable Payment Card Networks and applicable Merchants.
7. Retention of your Personal Data
We will not hold your personal data for any longer than is necessary. We retain your personal data for as long as we need it for the purposes described in this Policy, or to comply with our obligations under applicable law and, if relevant, to deal with any legal claim or dispute that might arise.
8. Your Rights
You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:-
- The right to access your personal data;
- The right to request the rectification and/or erasure of your personal data;
- The right to restrict the use of your personal data;
- The right to object to the processing of your personal data; and
- The right to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format or to require us to transmit that data to another controller.
If you wish to exercise any of the rights set out above, please contact us at email@example.com.
9. Changes to this Policy
10. Transfer of your Personal Data Outside of the EU
It may be the case that some of your personal data is transferred outside of the EU, for example to any of our Partners or Third Party Providers. Where any of your personal data is transferred internationally, it may be to a country which has different data protection laws to the country from which you submitted your personal data. Where local data protection laws so require, we have put in place security and privacy measures for the transfer of your personal data to another jurisdiction. Where local data protections laws so require, we have put in place contractual obligations with the receiving parties that your personal data will only be processed in compliance with the EU GDPR.
Where data is transferred out of the EU or the EEA, we will adopt the European Commission Model Clauses which provide a safeguard for personal data which is transferred outside of Europe. If you would like further information on the potential international transfer of your personal data, please contact us by email at firstname.lastname@example.org.
11. Contact and Complaints
We take your data privacy seriously, and we are committed to working with you to reach a fair and transparent resolution to any problem which you may have with regard to how we collect, handle, share, and process your information. If you are experiencing a difficulty, you can contact us by email at email@example.com. If for any reason you are not happy with the way we have used your personal data or how we facilitate your rights or comply with our obligations under applicable data protection law, you have the right to make a complaint to the Data Protection Commission (www.dataprotection.ie) or by email at firstname.lastname@example.org.