POINTSMITH PRIVACY STATEMENT
POINTSMITH, LLC (“POINTSMITH” or “We”) takes measures to ensure that the use and disclosure of your private personal information is consistent with applicable law.
This Privacy Statement explains what personal data we collect, why we collect it, how we protect it, how we use it, and how and why, in certain cases, we share such information with other parties. Our Privacy Statement is effective May25, 2018, and may be amended from time to time.
Our Privacy Statement applies to personal data collected or used by our website and when we offer products or services to our customers.
POINTSMITH also provides systems and services to customers who may also collect your information as needed for them to provide their services to you. In such circumstances, this statement does not directly apply and you should review that customer’s privacy statement.
By accessing or using any of the services provided by POINTSMITH, and affirmatively giving consent to process your personal data, you are affirmatively “opting-in” and giving us consent to the use or process your personal information. If you are providing any data from data subjects from the European Union that is regulated under the General Data Protection Regulation (“GDPR”), you must receive consent from that data subject to process their information before sending it to POINTSMITH for processing (“Data Subject Consent”). Client shall indemnify and hold POINTSMITH harmless for any claims related to failure to provide proof of Data Subject Consent, or from claims from any data protection regulatory authority enforcing GDPR compliance related to consent. At any time, you can opt-out of consent to the use or processing of your personal information by notifying POINTSMITH at email@example.com, at which time your personal information will be deleted from POINTSMITH’s systems.
INFORMATION THAT WE COLLECT AND MAY DISCLOSE
We collect information from and about you in order to comply with applicable laws and to provide the superior level of service that you expect. Personal data may include: names, addresses, phone numbers, e-mail addresses, IP addresses, web cookies, social security number; driver’s license information; income tax documents for you and your family; bank statements; and investment records.
Specific examples of personal information that we collect and may disclose to affiliates and certain third parties may include:
- Information we receive from you on new account and service request
- Information about your transactions with us, our affiliates, and others such as account balances, payment history, account activity and statements.
- If you visit our Internet web site, pointsmith.com (the “website”), information you may submit to us on our website forms and information we may collect from your web browser and through “cookies” (explained below).
- If you use any of our services, we may collect your IP address and other identifying information as part of the normal operations of those services.
HOW WE USE YOUR INFORMATION
POINTSMITH and third-party service providers may work together to provide a variety of services, and these providers may need to share your personal data to maintain an efficient and effective level of service.
The responsible use and disclosure of the personal data we collect is crucial to our ability to provide you with the services that you expect, and may occur under a variety of different circumstances. For example, we may:
- Use personal data internally for the purposes of furthering our business, which may include analyzing information we receive from you, matching that information with the information of others, processing services, maintaining accounts, resolving disputes, preventing fraud, and verifying your identity.
- Disclose personal data when required by law, such as requests for personal data in connection with a judicial, administrative or investigative matter.
- Use and disclose personal data on an aggregate basis. This means that we may combine parts of your information with parts of the information from our other users without including other identifying components of that information, such as name, complete telephone number, complete e-mail address or your street address, in the combination.
We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of POINTSMITH’s services.
SHARING WITH NONAFFILIATED SERVICE PROVIDERS
We may disclose personal data to nonaffiliated service providers who perform business functions on our behalf, which may include marketing of our products and services, check printing, and data processing. Nonaffiliated third-party service providers often aid us in the efficient and effective delivery of services and there may be circumstances where it is necessary to disclose personal data we collect to such parties. However, before we disclose personal data to a nonaffiliated party, we require them to agree to keep that information confidential and secure and to use it only as authorized by us. Also, we will only share your nonpublic information with nonaffiliated third parties where permitted by applicable law. All data shared with nonaffiliated service providers is kept to the minimum elements needed for the service provider to provide service.
POINTSMITH does not share, sell, or rent personal data with outside marketers.
Information about your POINTSMITH purchases are maintained in association with your profile account. The personal data that POINTSMITH collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal data for any purpose other than cloud storage and retrieval. On occasion, POINTSMITH engages third parties to mail information to you.
HOW WE PROTECT YOUR INFORMATION
To help protect your privacy and any personal data received by POINTSMITH, we maintain a comprehensive information security program designed, overseeing the security and confidentiality of your personal data, protecting it against threats or hazards to the security of such information, and preventing unauthorized access. This program includes:
- Procedures and specifications for administrative, technical and physical safeguards.
- Security procedures related to the processing, storage, retention and disposal of confidential information.
- Programs to detect, prevent and when necessary respond to attacks, intrusions or unauthorized access to confidential information.
- Restricting access to your personal data to employees who need to know that information to provide products and services to you, and appointing specific employees to oversee our information security program.
- Employee training programs to ensure that all employees are trained regarding our information security program, the confidentiality of your information, and the laws applicable to the proper safeguarding and disposal of your personal data.
- Updating and testing our security technology on an ongoing basis.
- A commitment to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
However, we cannot and do not guarantee that unauthorized, inadvertent disclosure never may occur.
DISPOSAL OF BUSINESS RECORDS
POINTSMITH disposes of all business records containing personal data in accordance with applicable state and federal laws.
COMMUNICATIONS FROM POINTSMITH
Based upon any personal data you may provide to us, we may occasionally send you some or all of the following promotional communications:
- Information on products, services, special deals, promotions
- POINTSMITH newsletters
Out of respect for your privacy, we provide you a way to unsubscribe from these communications. Please see the “Choice and Opt-out” section.
In addition, however, based upon any personal data we receive from you as a result of an account you create or products or services you request from us, we also may occasionally send you some or all of the following:
- service-related announcements, on rare occasions when it is necessary to do so (for instance, if our service is temporarily suspended for maintenance, we might send you an email)
- communications in response to inquiries, service requests, and account management
Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account, subject to any contractual obligations.
CHOICE AND OPT-OUT
If you no longer wish to receive any promotional communications from us, you may opt- out of receiving them by following the instructions included in each newsletter.
Log files are collected directly and indirectly by POINTSMITH, and your personal data may be stored with either approach.
Direct collection consists of the POINTSMITH website and email systems, which gather certain user information automatically, storing it in log files. This information may include, among other things, internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, sending servers, operating system, date/time stamp, and clickstream data. We may use this information to analyze trends, to administer the site, to track users’ movements around the site, perform spam filtering, and to gather demographic information about our user base as a whole.
Indirect data collection may occur automatically through the services we provide to our customers, such as hosted email services, hosted application servers, and management of customer systems. This data is controlled by our customers, not by POINTSMITH, and is managed following their privacy policies.
We may use both session cookies and persistent cookies. A session cookie expires when you close your browser. We use session cookies to simplify your use of our site. A persistent cookie remains on your hard drive for an extended period of time. We may set a persistent cookie to store your identity, so you don’t have to enter your username and password more than once. We may also use persistent cookies to enable us to track and target the interests of our users and to enhance your experience on the website. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file.
If you reject cookies, you may still use the website, but your ability to use some areas of the website, such as contests or surveys, may be limited.
Web beacons (sometimes called transparent GIFs, clear GIFs, or web bugs) are small strings of code that provide a way for us to deliver a small graphic image (usually invisible) on a web page or in an email. Web beacons can recognize certain types of information on your computer such as cookies, the time and date a page is viewed, and a description of the page where the web beacon is placed.
Web beacons are used to improve your experience on our Services, including helping provide you with content customized to your interests. They also help us to understand whether users read email messages and click on the links contained within those messages so that we can deliver relevant content. Our web beacons may collect some contact information (e.g., the email address associated with an email message that contains a web beacon).
POINTSMITH uses third-party web beacons from Google to help analyze where visitors go and what they do while visiting our website. Yahoo! may also use anonymous information about your visits to this and other websites in order to improve its products and services and provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by Google.
OTHER SITES AND SERVICES
The website may contain links to other sites that are not owned or controlled by POINTSMITH. POINTSMITH is not responsible for the privacy practices of such other sites. Similarly, POINTSMITH provides services to customers who may hold a relationship with you separate from POINTSMITH. While POINTSMITH may process such data, POINTSMITH does not control it.
If you have concerns regarding the privacy practices of other sites, you should read the privacy statements available at those sites.
This privacy statement applies only to information collected by the POINTSMITH website and services that POINTSMITH controls.
TRANSFER OF CUSTOMER INFORMATION
Customer lists and other information provided to us are our business assets. If we merge with another entity or if we sell our assets to another entity, such information, including personal data provided us, may be included among the assets to be transferred.
Transferring personal data from the EU to the US
POINTSMITH has its headquarters in the United States. Information we collect from you will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the General Data Protection Regulation (“GDPR”). POINTSMITH relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, POINTSMITH collects and transfers to the U.S. personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of POINTSMITH in a manner that does not outweigh your rights and freedoms. POINTSMITH endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with POINTSMITH and the practices described in this Data Privacy Statement. POINTSMITH also minimizes the risk to your rights and freedoms by not collecting or storing sensitive information about you.
Where POINTSMITH serves as a processor, facilitating the transfer of personal data on behalf of our customers, the customers’ privacy policies apply but do not override the requirements on both POINTSMITH and POINTSMITH’s customers under applicable law.
Data subject rights
To the extent that GDPR applies to the processing of your personal data, this Data Privacy Statement is intended to provide you with information about what personal data POINTSMITH collects about you and how it is used. If you have any questions, please contact us at firstname.lastname@example.org.
If you wish to confirm that POINTSMITH is processing your personal data, or to access the personal data POINTSMITH may have about you, please contact us at email@example.com.
Security of your information
To help protect the privacy of data and personal data you transmit through use of this Web site, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
Data storage and retention
Your personal data is stored by POINTSMITH on its servers, and on the servers of the cloud-based database management services POINTSMITH engages, located in the United States. POINTSMITH retains data for the duration of the customer’s business relationship with POINTSMITH. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact our data protection officer (contact information is below).
Protection of minors’ personal information
Our products and services are primarily designed for adults. Anyone who is identified to be a minor customer under the laws of the country in which he or she is located must obtain the consent of his or her parents or guardians before using our products and services upon purchase.
We value the privacy protection of minors and encourage parents to always play an active role in their child’s online experience.
We are not responsible for how third-parties collect, use, share, transfer and protect user’s personal information, and cannot control how it is processed.
Data storage and retention
Your personal data is stored by POINTSMITH on its servers, and on the servers of the cloud-based database management services POINTSMITH engages, located in the United States. POINTSMITH retains data for the duration of a customer’s business relationship with POINTSMITH. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact our data protection officer at firstname.lastname@example.org.
CHANGES IN THIS PRIVACY STATEMENT
We reserve the right to modify this privacy statement at any time, so please review it frequently.
If we decide to change our Privacy Statement, we will post those changes on the website so our users and investors are always aware of what information we collect, use and disclose. If at any point we decide to use or disclose personal data received from you in a manner different from that stated at the time it was collected, we will notify you in writing. We will otherwise use and disclose personal data in accordance with the Privacy Statement that was in effect when such information was collected.
We may e-mail periodic reminders of our notices and terms and conditions and will e-mail of material changes thereto, but you should check the Web site frequently to see the current Data Privacy Statement that is in effect and any changes that may have been made to it.
DATA PROTECTION OFFICER
POINTSMITH is headquartered in Texas, in the United States. POINTSMITH has appointed an internal data protection officer for you to contact if you have any questions or concerns about the POINTSMITH’s personal data policies or practices. POINTSMITH’s data protection officer’s name and contact information are as follows:
21202 Park Row Dr.
Katy, TX 77479
AVAILABILITY OF OUR PRIVACY STATEMENT
The most up-to-date Privacy Statement is posted on the website at www.pointsmith.com/legal, or you may call us at 281-599-5900 to request a copy.