Personal information (also referred to as “personal data” in some jurisdictions) is any information, or a combination of pieces of information, that can be used to identify you or that we can link to you, including but not limited to a name, address, email address or telephone number.
Our primary activity is assisting our clients in relation to their own loyalty and rewards programs and other customer related marketing functions (together, “Programs“). Where you are a member of, or otherwise participate in a Program, or are interested in or eligible to become a member of a Program, we may have access to your personal information. We Process this personal information on behalf of our clients, and our clients are responsible for its collection and use. Where European data protection law applies, Aimia entities are ‘processors’ of this personal information and, where they are required to by applicable data protection law, our clients will explain more about how personal information is used in their Programs.
- programs in which Aimia has investments, such as Cardlytics and Club Premier – you can find out more about how personal information is used in these programs by visiting their respective websites; or
- collection and use of information relating to our staff (including our employees, interns, consultants, and independent contractors). These individuals can obtain further information about the Processing of their personal information by contacting their local Talent & Culture department; or
- collection and use of personal information during our recruitment processes. Further information about the Processing of personal information during the recruitment process can be obtained by contacting your local Talent & Culture department.
1. Collection of personal information
1.1 We will collect personal information about you for our own use from a variety of sources, including directly from you and from other sources, as described below.
1.2 We collect personal information directly from you when you:
- enquire about, access or use our services;
- contact us with questions, requests or comments;
- submit requests for brochures, to join a mailing list or to be contacted for further information about our products or services;
- enter competitions or trade promotions conducted by us or on our behalf;
- contact our call centres or otherwise request support from us; respond to surveys or research conducted by us or on our behalf.
1.3 The types of personal information we will collect and Process will depend on the circumstances, and may include:
- contact details (e.g., your name, address, email, phone numbers);
- in some cases, information required for you to do business with us, including bank account details, and any other relevant financial information;
- information on prior dealings with Aimia;
- age and information on personal lifestyle preferences;
- information that you have provided to us, for example, details of a question or request; and
1.4 Where permitted by applicable law, we may also collect and Process personal information from other sources for our own use, including but not limited to information from:
- social media platforms (for example, when you interact with us on those platforms or access our social media content); and
- publicly available or publicly accessible sources.
1.5 The categories of information that we collect about you from other sources may include:
- personal details (e.g. name, date of birth); and
- contact details (e.g., your address, email, phone numbers).
- commercial information (e.g., your employer, position, experience)
1.6 Please note that we may be required by law or as a result of a contractual or other relationship we have with you to collect certain personal information about you. Failure to provide this information may prevent or delay the fulfilment of these obligations. Where required by law, we will inform you at the time your information is collected whether its provision is compulsory and of the consequences of the failure to provide such information.
1.7 Our websites are not directed toward individuals under the age of 16 and we do not knowingly or intentionally collect or process personal information from individuals under the age of 16.
2. Use and disclosure of personal information
2.1 We Process your personal information to:
- supply products or services to you and our clients;
- obtain products and services from our suppliers;
- respond to enquiries from existing or prospective clients seeking information about our products or services;
- facilitate the transactions that you have or may have with Aimia;
- maintain our internal records and the security of our systems, services and premises;
- enforce agreements between you and Aimia;
- undertake research, conduct surveys and analyse statistical information, including about the use of our websites;
- conduct competitions and trade promotions;
- comply with legislative and our policy requirements, including in relation to occupational health and safety and environmental matters;
- respond to the enquiries, questions or requests you have contacted us with; and
- where permitted by applicable law, contact you with or display marketing and offers relating to products and services offered by us, and personalise the marketing messages we send you to make them more relevant and interesting.
2.2 We may automatically Process your personal information to evaluate personal aspects and predict outcomes. For example, we may make automated decisions about you based on your personal information to show tailored content on our websites. These types of decisions will not have legal or similar effects for you, but you can still contact us for further information.
2.3 European data protection law requires us to have a legal basis to Process your personal information. In most cases where we need a legal basis, it will be one of the following:
- to fulfil our contractual obligations to you, for example to provide the services you have requested. Failure to provide this information may prevent or delay the fulfilment of these contractual obligations;
- to comply with our legal obligations; or
- to meet our legitimate interests, for example to understand how you use our services and to enable us to derive knowledge from that information to develop new services. When we Process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
2.5 In carrying out our business, it may be necessary to share information about you with third parties, For example:
- Aimia group companies: we may share certain information, including for example, information relating to your inquiry about our services, between entities in the Aimia group (a list of which can be found here).
- Service providers: like most large organisations we use a range of service providers to help us maximise the quality and efficiency of our services and our business operations. This means that individuals and organisations outside of Aimia, such as primary and secondary research providers, analytics, insight and consultancy providers, reward fulfilment suppliers and mail houses, will sometimes have access to personal information held by us and may use it on our behalf.
- Law enforcement agencies, courts, regulators, government authorities or other third parties: we may share personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
3. Transferring personal information outside the jurisdiction in which it was collected
3.1 We may disclose personal information to destinations outside the jurisdiction from which it was collected.
3.2 In the conduct of our business, we disclose to, hold or access personal information from various countries including without limitation Australia, Bahrain, Canada, Hong Kong, Malaysia, Singapore, Qatar, United Arab Emirates, United Kingdom, and the United States of America.
3.3 The privacy laws of the countries to which we transfer personal information may not provide the same level of protection as the privacy laws of the country from which the personal information was collected or be regarded as ensuring an adequate level of protection for personal information under European data protection law. However, this does not change our commitments to safeguard your privacy and we will put in place appropriate safeguards in accordance with applicable legal requirements to ensure that your personal information is adequately safeguarded. For more information on the appropriate safeguards in place, please contact us using the details below.
4. Buttons and Links to other websites
5. Your Rights Regarding your Personal Information
5.1 Subject to local applicable law, you have a number of rights in relation to your personal information, including the right to:
- access your personal information;
- rectify the personal information we hold about you;
- erase your personal information;
- restrict our use of your personal information;
- object to our use of your personal information;
- receive your personal information in a usable electronic format and transmit it to a third party (this is known as the ‘right to data portability’); and
- lodge a complaint with your local data protection supervisory authority.
5.2 If you would like to discuss or exercise such rights, please contact us at the details below.
5.3 We encourage you to contact us to update or correct your personal information if it changes or if the personal information we hold about you is inaccurate.
5.4 We will contact you if we need additional information from you in order to honour your requests.
6. Security of your Personal Information
6.1 We will endeavour to take all reasonable steps to keep secure any personal information which we hold about you, and to keep this personal information accurate, up to date and complete. We require our employees and service providers to respect the confidentiality of any personal information held by us, and implement appropriate safeguards as required under local applicable law.
7. Retention of personal information
7.1 We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:
- maintain business records for analysis and/or audit purposes;
- comply with record retention requirements under applicable law;
- defend or bring any existing or potential legal claims; and
- deal with any complaints regarding the products and services we provide.
7.2 We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the information.
8. Contacting Us
8.2 Aimia has appointed a data protection officer. The data protection officer can be contacted at: DPO@aimia.com.
8.3 Subject to local applicable law you also have the right to lodge a complaint with your data protection supervisory authority. For individuals in Europe, the relevant data protection supervisory authority will be that in the European country where you work, reside or where the subject-matter of your complaint arises.