PRIVACY CENTER

The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years, strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.

Blackhawk Network is committed to its compliance with the EU Data Directive and the EU’s General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. Below is a summary of the steps that Blackhawk Network has completed as well as our continuing efforts to update our practices and procedures to address GDPR requirements.

Transparency

Blackhawk Network will continue to update its privacy notices, and is committed to providing transparency to consumers about how Blackhawk Network collects, uses, shares, stores and destroys personal information.

Blackhawk Network respects the right of individuals to access personal data and will accommodate, deletion and data portability, as required under GDPR.

Controller and Processor Obligations

Whether acting as a controller or processor of personal data, Blackhawk Network is updating its data processing agreements to reflect the GDPR’s specific requirements.

Data Security

Blackhawk Network takes data security seriously. We have reviewed our internal security practices and program for compliance with GDPR principles. We will continue to review and routinely test and update our security standards and program, including through annual security audits conducted by external security firms.

International Transfers

Blackhawk Network understands the importance of protecting personal data, and we agree that personal data should be protected no matter where it is processed or transferred. When we transfer personal data across national borders – whether to our vendors or our affiliated companies – we will follow appropriate transfer mechanisms.

We have certified our adherence to the US-EU Privacy Shield Framework with respect to the collection, use, and retention of personal information transferred from the European Union or Switzerland to the United States. For more information about Blackhawk Network’s compliance with the EU-U.S. Privacy Shield Framework, please click here.

Blackhawk Network subsidiaries and affiliated entities have entered into an intra-group data processing and transfer agreement, which includes the Standard Contractual Clauses applicable to relevant transfers.

Privacy Practices

Blackhawk Network routinely reviews and updates its privacy practices. We have conducted an assessment of its current activities and privacy program against GDPR, and are committed to updating our policies and practices to meet GDPR, as well as applicable global data privacy requirements for the collection, use, sharing, storage, and destruction of individuals’ personal information. As part of this, we are committed to privacy-by-design and privacy-by-default principles.