Blackhawk Network Privacy Notice
Last Updated: Oct 28, 2020
Previous version is available here.
Blackhawk Network Privacy Notice
Blackhawk Network Short-Form Privacy Notice (for customers of Financial Companies in the US)
Third-Party Privacy Notices (from our Banking Partners)
Blackhawk Network Privacy Notice
You should read and understand this Notice because it constitutes the core of our obligations to you when you use this website, when you provide your Personal Information to us either directly or through automated processes. For your convenience we have summarized several of the most important points, which are:
- We collect and process your personal information in order to provide services to you, either as a direct customer of Blackhawk, or as a customer of one of the businesses for whom we provide services.
- We also use your personal information for our own legitimate and lawful business interests, including (but not limited to): improving our websites and services, communicating information about our services through direct advertising (such as email) and indirect advertising (such as ads appearing on other websites), conducting fraud detection and prevention activities, maintaining records and communicating notices that are required by law.
- We do not sell your information.
- We may share your information with the service providers needed to deliver our services to you, but those service providers are bound by law and contract to only use your information for the purposes we specify.
- We may receive your information when we function as a service provider for other companies; we are bound by law and contract to only use your information for the purposes they have specified.
- This Notice applies to websites and mobile applications operated by Blackhawk, and covers your personal information whether provided via those channels as well as any information you might provide to us when you call, email, or send postal mail to our Customer Service.
- For websites and apps that we operate on behalf of other companies, those companies will provide their own privacy notices. If they provide their own privacy notice, that company’s notice will govern how your information is processed. Please be sure to review the notice provided on the site you are using.
- Data protection laws in your jurisdiction may provide you with rights to access or delete your personal information and this policy provides you with instructions on how we do this. For example, if you are a resident of the European Union or the State of California in the United States, laws in those jurisdictions grant you specific rights that are discussed below in the section called “Your Rights.”
You are strongly encouraged to read this Privacy Notice in its entirety, not just the above highlights, so that you will fully understand Blackhawk’s commitment to responsible data governance and the protection of your personal information. Please also note that this Notice may have changed since the last time you read it, so you should make sure that you have familiarized yourself with any terms that may have changed since the last time you read it.
Scope of Practices
This Privacy Notice (“Notice”) applies to the activities of Blackhawk Network Holdings, Inc., and its affiliates (“Blackhawk,” “we,” “us,” or “our”). It applies to our usage of your personal data, whether you are an individual consumer (“business to consumer”) or you are interacting with us as part of your job (“business to business”).
This Notice describes how we collect and process your personal information (which includes “personal data” or “personal information” as defined under applicable data protection laws) and the rights you have regarding such data.
This Notice applies to our collection and processing of personal data about users of our websites, mobile applications, and the services and features therein (together the “Sites”), as well as the data we collect during the course of providing our services (the “Services”). It also applies to those channels through which individuals communicate with us about our Sites and Services, whether in person, by telephone, by postal mail, e-mail, or other means.
On some Sites (including, but not limited to: BlackhawkNetwork.com/ca-en, Giftcards.ca, ThePerfectGift.ca, JokerCard.ca, IncentiveCardStore.ca, HappyCards.ca, LifeExperiences.ca, Cashstar.ca, WaySpa.com, and MyPrepaidCenter.com), we function as a Controller of your data. This means we define the purposes for which your personal information is processed, and we control the means by which your information is processed. When we act as a Data Controller, we bear the primary responsibility to you, the Data Subject, for protecting your information and honoring your rights.
When we act as a Data Processor on behalf of another Data Controller, we collect, use, and disclose certain personal information only under the Controller’s instruction, and our processing of your personal information is subject to their instructions and privacy policies. For any Site operated by us on behalf of another company, their privacy notice will appear on the site and that privacy notice will be the applicable policy.
Some of Blackhawk’s Services are offered through third parties, such as banks or other financial institutions. In those cases, you will see privacy notices provided by those companies alongside the Blackhawk Network Privacy Notice. The Blackhawk Network Privacy Notice will apply to your usage of that Site while the privacy notice provided by the third party will apply to their use of their customers’ personal information in the delivery of their financial services. Please read both notices carefully to understand the differences between the applicability of one policy versus the other.
Personal Information We Collect
We collect personal information directly from you, through third parties, or automatically through our Sites and related to our Services, subject to applicable laws as set out below. Where the personal information we collect is needed to comply with law, or to enter into or perform an agreement with you, we will inform you at the time of such data collection. If we cannot collect this data, we may be unable to register you as a client, to complete certain transactions, or provide products or services to you.
Personal Information We Collect Directly from You
- Contact information, such as name, email address, mailing address, fax or phone number;
- Payment and financial information, such as credit or other payment card information, bank account, or billing address;
- Shipping address and related details;
- Your resume, employment and education history, name and contact details, background details, and references when you apply to job postings or contact us about employment opportunities;
- Company and employment information when you contact us on behalf of your employer or when your employer uses one of our services;
- Subject to applicable local law restrictions, Social Insurance Number or other national tax ID number (for clients and potential clients);
- Unique identifiers such as username, account number, or password;
- Preference information such as product wish lists, order history, or marketing preferences;
- Information about your business such as company name, size, or business type; and
- Demographic information, such as when you provide your age, gender, interests and ZIP or postal code.
Comments, Posts, Chats, and Submissions
When you submit online forms, participate in surveys, contests, promotions, or sweepstakes, join online chat discussions or post on a blog, request customer support, or submit testimonials, we collect your personal information, such as contact information, and other information you choose to share. Some of our Sites offer publicly accessible blogs. Any information you provide in these areas may be read, collected, and used by others who access them.
Some of our Sites make available the ability for you to provide reviews or testimonials. With your consent, we may use your testimonial and your name, e.g., to display personal testimonials of satisfied customers on certain Sites and in print advertisements.
On some Sites we collect geolocation-based information for fraud prevention purposes. With your consent, we may also collect your precise location-based information for purposes such as to help you locate a store offering our products and services in your area. You may withdraw your consent to the processing of location-based information at any time by changing the settings on your device. If you do, you might not be able to use certain features, especially when we use location-based information to prevent fraud.
Personal Information We Collect from Third Parties
Sometimes, we may collect personal information from third-party sources. For example, subject to applicable law, we may confirm your address with the postal service, or we may receive personal information about you from our clients who use our Services to provide you with incentives. Similarly, if our users choose to send a gift to a friend through our Sites, we will ask for the friend’s name and contact details.
Certain websites also may offer a referral service where users may refer other people they know to our Services, subject to restrictions under applicable local laws. If you choose to use our referral service to tell your friends about our Services, we will provide you with a referral code and signup instructions that you can share with your friends. Where permitted by local law, we conduct such referrals on an opt-out basis. If personal information about you has been provided to us and you want us to delete it, you may email us at email@example.com.
Personal Information We Collect Automatically
We and our service providers automatically gather information about your use of the Sites and Services through cookies, web beacons, java script, log files, pixels, and other technologies, which include: your domain name, browser type, browser language preference, device type and operating system, page views and links you click within the Sites, IP address, device ID or other identifier, location information, date and time stamp, and time spent using the Services, referring URL, your activity within the Sites, and device geolocation information (where permitted by your device settings). We also collect information from analytic services, including Google Analytics, to compile and analyze information derived from the use of our Services, such as aggregate usage patterns, user preferences, peak demand times, preferred content and other information. See the “Cookies and Online Tracking” section below for details.
Use of Your Personal Information and Legal Bases
We may use the personal information we collect for the following purposes:
- Provide Our Services: To provide our Services, operate our Sites, respond to your enquiries and fulfill your requests and orders, process your payments, for bug and error reporting and resolution, to perform upgrades and maintenance;
- Customer Service and Support: To send you important information, such as changes to terms, conditions, and policies and/or other administrative information;
- Personalization: To personalize your experience on a Site or using the Services, such as by tailoring the content we send or display to you in order to personalize help and instructions, and to otherwise personalize your experience using the Services;
- Alerts and Required Notices: To send you messages that you have requested such as service-related alerts and any notices required by contract or applicable law;
- Marketing and Promotions: To send you marketing communications you have signed up for;
- Advertising and Referrals: To assist in advertising the Services on third-party websites and to track referrals from partner websites;
- Analytics and Improvement: To better understand how our users access and use the Services, and for other research and analytical purposes, such as to evaluate and improve the Services;
- Verify Identity and Detect Fraud: To verify your identity and/or location in order to allow access to your accounts, conduct online transactions, and secure your personal information, and for risk control, fraud detection and prevention, and compliance with laws and regulations;
- Comply with Legal Obligations: To comply with the law or legal proceedings such as when required to disclose information in response to lawful requests by public authorities, including responding to national security or law enforcement disclosure requirements; and
- General Business Operations: Where necessary to the administration of our general business, accounting, recordkeeping and legal functions.
Aggregated and Anonymized Information
We may also generate aggregated, pseudonymized, and/or anonymized information about users for marketing, advertising, research or similar purposes.
Purpose of Processing
In the table below, we explain the purposes for which we use and process your personal information, as well as the legal bases for such use and processing (such as those permitted under the European Union’s General Data Protection Regulation (“GDPR”) and other applicable laws).
Purposes of Use/Processing
Legal Bases of Processing (where applicable)
To Provide Our Services
Customer Service and Support
- Necessary to enter into or perform a contract with you (upon your request, or as necessary to make the Services available)
- Our legitimate business interests*
Marketing and Promotions
Advertising and Referrals
- Our legitimate business interests*
- With your consent
Analytics and Improvement
- Our legitimate business interests*
Verify Identity and Detect Fraud
Protect Our Legal Rights and Prevent Misuse
Comply with Specific Legal Obligations
- Compliance with applicable laws and regulations
- Establish, defend or protect our legal interests
- Our legitimate business interests*
General Business Operations
- Our legitimate business interests*
- Establish, defend or protect our legal interests
- Compliance with law
* For personal information from the EU, the processing is in our legitimate interests to the extent they are not overridden by your interests and fundamental rights. Our legitimate interests include our interests in verifying identify, detecting and preventing fraud, protecting and improving our products and services, in support of our general business operations, and to comply with our legal obligations. We only send marketing communications to consumers who provide opt-in consent or who are covered by "soft opt-in" exemptions (where allowed by law).
How We Disclose Personal Information We Collect
In this section, we describe the types of disclosures we make and the categories of third parties to whom we may disclose your personal information. All third parties to whom your personal information is disclosed are subject to contractual agreements that govern how your information can be used and must be protected.
Sale of Data
We do not sell your personal information to third parties. Because we do not sell your personal information, we do not provide any further detail regarding such sales, nor do we provide a process for opting out of such sales.
Affiliated Blackhawk Companies
We disclose personal information among our affiliated and subsidiary companies in furtherance of the purposes set out in this Notice; their processing of your personal information is subject to the requirements and limitations contained in this Notice.
We disclose your personal information to certain companies that provide services to us and on our behalf and subject to our written instructions, such as shipping, payment, hosting, and other support services; these companies may be located in the EU, the United States, and other jurisdictions. As noted above, we may also disclose your information to service providers who assist us in the detection or investigation of fraudulent or illegal activities, for verification of identity, and for compliance activities, such as required transaction-related reporting or to verify your address in order to accurately calculate or process tax-related matters.
Clients and Partners
Where we process personal information on behalf of our clients or partners, we process and share your personal information with that entity subject to its instructions. In such cases, the client or partner is the Controller of your personal information and we are a Processor. When we process personal information on behalf of a Controller, that Controller’s privacy notice will be presented, and their notice will apply instead of this Notice. In certain circumstances, we may operate a site jointly with another entity and both will function as Controllers; in those instances, you will see both the Blackhawk Privacy Notice and the other entity’s privacy notice, and both will apply with respect to the activities of each Controller individually.
We offer referral-based commission systems through third-party partners so that publisher websites may refer users to our pages to make purchases. These partners will be identified when you sign up, and we will obtain your consent in jurisdictions where this is required (in which case no other legal bases will apply). Your personal information collected in such cases will be owned and controlled by both Blackhawk and the partner as independent data controllers. This Notice governs only Blackhawk’s use of such data. The partner’s own privacy notice governs its use of the data.
Product Short Notices
Some products offered in conjunction with banks have unique data sharing agreements. Where relevant, Blackhawk will make available to you short-form privacy notices of each product’s sharing policies on that website.
We may also disclose your personal information under the following circumstances:
- As permitted or required by law, such as to comply with a subpoena or court-issued discovery order, a warrant, a government request, or similar legal process;
- When we believe in good faith that disclosure is necessary to respond to claims asserted against us; to protect our rights; to protect your safety or the safety of others; or, to investigate or prevent fraud.
- If Blackhawk is involved in a merger, acquisition, or sale of all or a portion of its assets, or in the event of a bankruptcy or dissolution of our business, your personal information may be transferred to an acquiring business or third party, including in contemplation of or related to due diligence for such business transactions, subject to any applicable restrictions under applicable laws. You will be notified by email and/or by a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
- We may disclose your data to any other third party with your prior consent.
Aggregate and Anonymized Information
We may share aggregate and anonymized information about users with certain third parties, including for marketing, advertising, research or similar purposes.
Cookies and Online Tracking
We and our third-party service providers collect information automatically through cookies, beacons, pixels, tags, scripts, and HTML5, as well as log files. We, or our service providers, may combine this information with other information, including personal information we collect about you, to record your preferences, gather information about the use of our Services, identify when our emails are viewed, personalize content and ads and track information about the performance of our advertisements. We have a detailed Cookie Notice which is incorporated into the Privacy Notice and provides more information about our cookie-related practices and a number of service providers we use for our online targeting activities.
These are small files with a unique identifier that are transferred to your browser through our websites. These technologies allow us to collect information such as browser type, time spent on our Sites, pages visited, language preferences, and your relationship with us. We can use this information to analyze trends, administer the website, track users’ movements around the website, measure the effectiveness of our communications, tailor our advertising to you, and gather demographic information about our user base as a whole. These technologies may provide us with information about devices and networks you utilize to access our Services, and other information regarding your interactions with our Services. For detailed information about the cookies used in the Services and how you can manage your cookie preferences or reject cookies altogether, please read and review our Cookie Notice.
Pixels, Web Beacons, Clear GIFs
These are tiny graphics with a unique identifier, similar in function to cookies that we use to track the online movements of users of our web pages and our Ad Services, and to personalize content, and to identify when our emails are viewed or forwarded. Our third-party partners may use Local Shared Objects, such as Flash cookies, to embed features on our sites. To manage Flash cookies, please click here.
"Do Not Track" Preferences
Our Site does not recognize do-not-track signals; however, we do not use your personal information to track your online activities across different Sites. We only track your activity within a Site to the extent you log into your account. Therefore, our practices remain the same whether or not you enable the "Do Not Track" feature. For more information about do-not-track signals, please click here or see in our Cookie Notice. In addition, some of our advertising partners, may use standard technologies, such as cookies, pixel tags, and web beacons, to collect information about your Internet activities across websites. We do not share your personal information with those services; any information we provide is in an anonymized or de-identified format. You may be able to disable certain third-party cross-site tracking as described here or in greater detail in our Cookie Notice.
Marketing and Targeted Advertising
We partner with third-party ad networks and third-party ad companies to manage our advertising on other sites. Our third-party partners use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you personalized advertising based upon your browsing activities and interests. Please see the “Cookies and Online Tracking” section above or our Cookie Notice for more information.
Marketing and Newsletters
If you subscribe to our newsletters, we will use your name and email address to send them to you. You may choose to stop receiving our newsletter or marketing emails at any time by following the unsubscribe instructions included in these emails or accessing the email preferences in your account.
Third Party Targeting and Custom Audiences
We partner with certain third parties so that we can better target ads and content to our users, and others with similar interests, on these third parties’ platforms or networks (“Custom Audiences”). One such partnership is with Facebook through their Custom Audiences program. Under that program we only share a cryptographically pseudonymized (“hashed”) version of your email address, which Facebook is prohibited from using for any other purpose and may not share with any other party. (More info on Facebook Custom Audience here). Subject to applicable laws, we may disclose certain information (such as your email address) with third parties and we may work with third-party ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others. If you would like to opt-out of being included in our Custom Audiences going forward, email us at firstname.lastname@example.org and we will opt you out of our future Custom Audiences.
For more detailed information about how we partner with third parties for cookie-based ad targeting, please see our Cookie Notice.
Opting Out of Ad Networks
How to opt out. If you wish to not have this cross-site information used for the purpose of serving you targeted ads, you may opt-out of many ad networks by visiting the DAA WebChoices Tool (or if located in the European Union, by visit Your Online Choices). You will continue to receive ads on the sites you visit, but the ad networks from which you have opted out will no longer target ads to you based upon your activities on other sites.
Please note, however, that these opt-out mechanisms are cookie based, so if you delete cookies, block cookies or use another device, your opt-out will no longer be effective.
For more information about Interest Based Advertising, please visit Your Ad Choices.
Social Media Widgets
Our Sites include social media features, such as the Facebook "Like" button, either hosted by a third-party or hosted directly on our website (“Widgets”). Please refer to the privacy policies of the relevant third-party websites or services to find out more about the collection, use, and disclosure of your information through such features. We will comply with any legal obligations placed on the use of these technologies by certain jurisdictions, which may affect how these Widgets function.
The security of your personal information is important to us. We have implemented safeguards designed to protect the personal information submitted to us. Please note that no data transmission over the Internet can be guaranteed to be 100% secure. As a result, we cannot guarantee or warrant the security of any personal information that we process.
It is our policy to retain your information only for as long as is necessary to fulfill the purpose for which it was collected and processed. We will retain your information for as long as your account is active or as needed to provide you services and for as long as may be required to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements. Even if you request for your information to be deleted, laws and regulations may require us to retain a copy of your information in our files for a longer period of time. Unless a specific applicable law requires a different retention period, most data will be retained for no longer than seven (7) years.
Image Submissions and Public Directories
Some of our websites offer you the ability to upload your own image to be used to create a personalized product. You may have the option to make these images available in publicly accessible directories. You should be aware that any information you provide in these areas may be read, collected and used by others who access them. Depending on the website, you may be able to remove that information yourself at any time. If not, you may request removal of your personal information at any time by contacting the Customer Service team for that website.
For EU Residents
The European Union’s General Data Protection Regulation (“GDPR”) gives you certain rights, including: a right to be notified of our data collection practices; the purposes and lawful bases under which we process your data; if our legitimate interests are a basis for processing, what those interests are; the categories of data processed; the categories of third parties with whom data is shared; the details of any data transfers outside of the EU and the safeguards in place; the applicable retention periods or policies; the right to access, correct, and delete (under certain circumstances) your personal information; the right to receive a copy of your information in a “portable” form so that you may transfer it to other services; the right to withdraw consent for processing; the right to lodge a complaint with a data protection authority; the right to be advised of the existence of any automated decision-making, including profiling, and the right to object such decisions; and, the right to withdraw consent without detriment. This Notice provides details on how we honor those rights and the process for exercising them.
For California Consumers
California law gives you certain rights, including: a right to be notified of (and to request more information about) our data collection practices; the categories of data we process; the categories of third parties with whom data is shared; the right to request disclosure (up to twice per year) of the personal information we have about you or have had within the last 12 months: the right to delete that information (under certain circumstances); the right to know if your data is being sold; the right to know what personal information is being sold and to opt-out of such sales (if applicable); the right to receive a copy of your information in a “portable” form so that you may transfer it to other services; and, the right to not be discriminated against for exercising these rights. This Notice provides details on how we honor those rights and the process for exercising them.
For All Customers
Regardless of your location and jurisdiction, Blackhawk may at its sole discretion choose to extend these rights to all individuals, and to comply with reasonable requests in the manner detailed below. We do not charge for these services. Where you are entitled to exercise a right, we will respond to your request within the timeframe set out by applicable law (for EU residents this is typically thirty (30) days, for California residents this is typically forty-five (45) days). Where we provide answers on a voluntary basis, we will provide a response within a reasonable timeframe.
Access, Correction, Portability, and Deletion
You have the right to access, correct (“rectify”), or delete (“erase”) your personal information held by us (“be forgotten”), or may ask for a restriction of processing. You may also have the right to ask for an overview or copy of your personal information or to request that certain of your personal information be exported in a format so that you may take your data to another provider where technically feasible (“data portability”).
On some of our Sites, you may exercise your rights to access, correct, or delete your personal information by making the change directly on your account page. You may also make these requests by sending an email to email@example.com, by using the toll-free number on the back of your card, or by sending your request by postal mail to the address below.
Please note that there are some limitations to these rights. For example, we will not be able to delete your personal information if we are required by law to keep it or if we hold it in connection with a contract with you. Similarly, access to your personal information may be refused if making the information available would reveal personal information about another person or if we are legally prevented from disclosing such information. If we cannot fulfill your request, we will inform you about why we cannot comply with your request.
Withdrawal of Consent
Where we process your personal information based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing that occurred based on your consent before its withdrawal. Please keep in mind that certain services are directly dependent upon our ability to process your personal information, so if you withdraw your consent, request for your information to be deleted, or if you otherwise object to our processing of certain personal information, those services may no longer be functional.
Object to Processing
You have the right to object to processing (including profiling) that occurs based on legitimate interest grounds, where we are relying upon legitimate interests as the primary basis for processing your personal information. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal information for the establishment, exercise or defense of legal claims. Where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
Object to Marketing
You have the right to object to our use of your personal information (including profiling) for direct marketing purposes, such as when we use your personal information to invite you to our promotional events.
Right to Lodge a Complaint
If you believe that our processing of your personal information infringes your rights or violates applicable data protection laws, you have a right to lodge a complaint with the relevant supervisory authority. If you are located in the European Union, a list of supervisory authorities is available here. If you are in the United States, you may contact the US Federal Trade Commission (residents of California may contact the California Department of Justice). Residents of Canada may contact the Privacy Commissioner of Canada or their provincial data protection commissioner. If you are located in another jurisdiction, you will need to research or contact your local government for further guidance.
Exercising your Rights
To exercise your rights as described in this Notice, you may contact us via the following methods:
- Via the Toll-Free Number on the back of your gift card or prepaid card;
- Via email to our Global Privacy Office at firstname.lastname@example.org;
- Via postal mail at:
Blackhawk Network Inc.
ATTN: Privacy Requests
10615 Professional Cir.
Reno, NV 89521 USA
We will respond to your request in accordance with applicable law, and if we are unable to comply with your request, we will provide information regarding why.
When Submitting a Privacy Request
Depending on the nature of your request, we may request further proof of your identity in accordance with applicable law. When sending a request, you can expedite this process by providing the following information with your initial inquiry:
- Full name;
- Email address associated with the relevant transaction(s);
- Postal address associated with your account or transaction;
- Product or service (for example, which Blackhawk website you used); and,
- Only the last four (4) digits of the card associated with the transaction (if applicable).
WARNING: For security reasons NEVER send the full card number, other information contained on the card (such as CVV or expiration date), and NEVER send any sensitive personal or financial information associated with you or the card.
If the nature of your request in unclear we may ask you for further clarification. In the event that we require additional time to process your request (if allowed by applicable law), we will advise you of that. If you are unable to or refuse to provide satisfactory verification information, we may deny your request in accordance with applicable law. If you do not follow the procedures described in this Notice, including failure to lodge your request through the channels or processes specified above, there may be significant delays in responding to your request.
Please note that we will only respond directly to you, or your duly authorized agent (with authority documented in strict accordance with applicable law), in cases where we are the Controller of your personal information. Where we are acting as a Processor on behalf of a client or partner, we will refer you to the client or partner who is the data controller of your personal information. Our agreements with data controllers, as well as applicable laws, require that we process data in strict accordance with the controller’s explicit instructions, therefore any actions we take to access, edit, or delete your data will only be undertaken with their direct authorization and upon their explicit instructions.
Protecting Children’s Privacy Online
Our Sites are not directed to children and we do not knowingly collect personal information from children under the age of sixteen (16). We request that such individuals do not provide personal information through our Sites. We reserve the right to delete the personal information and terminate the account of anyone violating this age policy.
The personal information we collect from you may be transferred to, stored at, or processed in other countries, including the United States or outside the European Economic Area, which may not provide equivalent levels of data protection to your home jurisdiction.
We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements. For transfers from the EU, United Kingdom (“UK”), or Switzerland, to the US, Blackhawk relies on adequacy decisions by the EU Commission or putting in place standard contractual clauses as approved by the European Commission (the form for the standard contractual clauses can be found here: EU Commission Standard Contractual Clauses) or another applicable supervisory body.
Privacy Shield Certification
The Blackhawk Network Holdings, Inc., and the subsidiary companies listed below comply with the EU-US Privacy Shield Framework (“EU Privacy Shield”) and the Swiss-US Privacy Shield Framework (“Swiss Privacy Shield”), as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom (“UK”), and/or Switzerland, to the United States:
- Achievers LLC
- Blackhawk Engagement Solutions (DE), Inc.
- Blackhawk Engagement Solutions (MD), Inc.
- Blackhawk Engagement Solutions, Inc.
- Blackhawk Issued Content, LLC
- Blackhawk Network (Overseas Territories), LLC
- Blackhawk Network California, Inc.
- Blackhawk Network Holdings, Inc.
- Blackhawk Network, Inc.
- CardLab (TX), Inc.
- CardLab, Inc.
- CashStar Inc.
- GiftCardLab, Inc.
- GiftCards.com, LLC
- Global Incentive Solutions, LLC
- IMShopping, Inc.
- Incentec Solutions, Inc.
- Main Street Solutions US Inc.
- Measureprepaid, LLC
- OmniCard, LLC
Blackhawk has certified to the Department of Commerce that the above companies adhere to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Prior to July 16, 2020, Blackhawk relied on its EU-US Privacy Shield certification as one means of demonstrating adequacy and safeguarding transfers of data from the EU. In addition to Privacy Shield, Blackhawk also executed Standard Contractual Clauses with entities involved in such data transfers. As of July 16, 2020, Blackhawk will primarily rely on country-level adequacy decisions or the Standard Contractual Clauses for EU and UK transfers. For transfers occurring prior to July 16, 2020, Blackhawk will continue to be responsible for the processing of EU and UK Personal Information under the EU Privacy Shield Framework and will maintain full compliance with the requirements of that framework until further notice. Subsequent transfers of EU or UK Personal Information to any third-party acting as an agent on our behalf occurring after July 16, 2020, will be under the terms of the EU Commission’s Standard Contractual Clauses.
Prior to September 8, 2020, Blackhawk relied on its Swiss-US Privacy Shield certification as one means of demonstrating adequacy and safeguarding transfers of data from Switzerland. In addition to Privacy Shield, Blackhawk also executed Standard Contractual Clauses with entities involved in such data transfers. As of September 8, 2020, Blackhawk will primarily rely upon country-level adequacy decisions or the Standard Contractual Clauses which will be made applicable by contract to Swiss transfers. For transfers occurring prior to September 8, 2020, Blackhawk will continue to be responsible for the processing of Swiss Personal Information under the Swiss Privacy Shield Framework and will maintain full compliance with the requirements of that framework until further notice. Subsequent transfers of Swiss Personal Information to any third-party acting as an agent on our behalf occurring after September 8, 2020, will be under the terms of the Standard Contractual Clauses.
With respect to Personal Information received or transferred pursuant to the EU or Swiss Privacy Shield Framework, Blackhawk is and will continue to be subject to the regulatory enforcement powers of the U.S. Federal Trade Commission until further notice.
In certain situations, Blackhawk may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. To the best of our knowledge, Blackhawk’s systems are not subject to routine access by government authorities without warrants or appropriate accountability via established legal process (such as subpoenas or court-ordered discovery).
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our US-based third-party dispute resolution provider (free of charge) at: https://feedback-form.truste.com/watchdog/request. We are committed to cooperating in the resolution of disputes with individuals through this process.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Updates to this Notice
This Notice is subject to change, so if this is your first time reading it, please make sure it is not the last. If we make any changes to this Notice, we will post those changes on this page and revise the “Last Updated” date at the top. If we make any changes to the ways in which we process your information that could be reasonably be considered material or substantial, we will make additional efforts to notify you of those changes, either by email or via a prominent notice on this Site prior to the change becoming effective. Where required by law, we will obtain your consent or give you the opportunity to opt out of such changes. Any changes will become effective when we post the revised Notice.
If you have any questions or concerns regarding this Privacy Notice, the ways in which your personal information is being processed, or wish to exercise any of the rights described above, please reach out to us using the contact information below:
Global Privacy Inquiries
You may contact the Blackhawk Network Global Privacy Office at:
Blackhawk Network, Inc.
ATTN: Privacy Requests
10615 Professional Cir.
Reno, NV 89521 USA
For a Toll-Free number pertaining to your service, please see the back of your card (if applicable).
EU Privacy Inquiries
Blackhawk has appointed Data Protection Officers (DPOs) for the EU. You may use the Global Privacy Office contact information shown above, or you may contact the DPO for your region directly via email using the following addresses:
- Blackhawk Network DPO for European Union except Germany, Austria and Switzerland: email@example.com
- Blackhawk Network DPO for Germany, Austria, and Switzerland: firstname.lastname@example.org
Customer Service Inquiries
The Global Privacy Office CANNOT assist you with general Customer Service matters. Non-privacy matters sent to the Global Privacy Office may result in a delay in resolving your Customer Service issue. For the quickest action on card or transaction-related issues, please use the following links:
- Blackhawk Network Corporate Customer Support – https://blackhawknetwork.com/ca-en/customer-support
- GiftCards.ca Customer Support – https://www.giftcards.ca/contact-us
- IncentiveCardStore.ca Customer Support - https://www.incentivecardstore.ca/contact
- Happy Cards Customer Support – https://happycards.ca/faq
- Hawk Incentives Customer Support – https://www.hawkincentives.ca/customer-service-inquiry
- MyPrepaidCenter.com Customer Support – https://www.myprepaidcenter.com/contactus
- OmniCard by Hawk Incentives Customer Support – https://www.omnicard.com/about-us/contact-us
Other Queries or Complaints
If you have any further queries or complaints that we are not able to answer, you are recommended to contact the Data Privacy Supervisory Authority for the country in which you reside. A list of EU/EEA Data Protection Authorities can be found via the European Data Protection Board here. A list of data protection authorities in other countries/regions can be found here.
Blackhawk Network Short-Form Privacy Notice
The following notice is provided only for US cardholders.
WHAT DOES BLACKHAWK NETWORK (“BLACKHAWK”) DO WITH YOUR PERSONAL INFORMATION?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
The types of personal information we collect and share depend on the product or service you have with us. This information can include:
- Social Security number and payment history
- Account balances and account transactions
- Transaction history and purchase history
When you are no longer our customer, we continue to share your information as described in this notice.
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Blackhawk Network chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information
Does Blackhawk share?
Can you limit this sharing?
For our everyday business purposes –
such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
For our marketing purposes –
to offer our products and services to youYesNo
For joint marketing with other financial institutions
For our affiliates’ everyday business purposes –
information about your transactions and experiencesYesNo
For our affiliates’ everyday business purposes –
information about your creditworthinessNoWe don’t share
For our affiliates to market to you
NoWe don’t share
For nonaffiliates to market to you
NoWe don’t share
Visit www.blackhawknetwork.com or email us at email@example.com
WHO WE ARE
Who is providing this notice?
Blackhawk Network, Inc., on behalf of itself and its affiliates: Blackhawk Network California, Inc., and Blackhawk Engagement Solutions, Inc.
WHAT WE DO
How does Blackhawk protect my personal information?
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does Blackhawk collect my personal information?
We collect your personal information, for example, when you:
- open an account or provide account information
- give us your contact information or show us your government issued ID
- use your credit or debit card
We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?
Federal law gives you the right to limit only:
- sharing for affiliates’ everyday business purposes – information about your creditworthiness
- affiliates from using your information to market to you
- sharing for nonaffiliates to market to you
State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.
Companies related by common ownership or control. They can be financial and nonfinancial companies.
- Blackhawk’s affiliates include companies with a Blackhawk name and others, such as OmniCard and Hawk Incentives.
Companies not related by common ownership or control. They can be financial and nonfinancial companies.
- Blackhawk does not share with nonaffiliates so they can market to you
A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
- Blackhawk may partner with nonaffiliated financial companies to jointly market financial products or services to you.
OTHER IMPORTANT INFORMATION
CA residents: Blackhawk will limit sharing with its affiliates to the extent required by California law. Blackhawk will not share your personal information for joint marketing with other financial institutions.
VT residents: If Blackhawk shares your personal information for joint marketing with other financial institutions, it will share only your name, contact information, and information about your transactions.
NV residents: We are providing this notice pursuant to Nevada law.
Third-Party Privacy Notices