Reviewed and effective as of 1/1/2021
PLEASE READ THIS PRIVACY DISCLOSURE CAREFULLY BEFORE USING THIS SITE
Location of servers
The Site is hosted on servers located in the United States of America and is intended for use by individuals and entities who are United States residents. YOU EXPRESSLY ACKNOWLEDGE AND CONSENT THAT YOUR DATA MAY BE TRANSFERRED TO VARIOUS LOCATIONS AND THIRD-PARTY PROVIDERS, AND MAY BE MAINTAINED AND PROCESSED ON COMPUTERS LOCATED OUTSIDE OF YOUR STATE, PROVINCE, COUNTRY, OR OTHER GOVERNMENTAL JURISDICTION WHERE THE PRIVACY LAWS MAY NOT BE AS PROTECTIVE AS THOSE IN YOUR JURISDICTION.
What we collect and how we use it
You may visit our Site without expressly submitting any information that can be used to identify you (“Personal Information”). However, if you wish to register as a participant in the Program, you will be required to submit Personal Information as further set forth below.
Information we collect
If you register in the Program, the Personal Information we collect may include your name, email, mailing address, phone number, and other information requested on the registration page. We will also collect the primary account number for the eligible credit and/or debit card(s) that you use to enroll in the Program (“Linked Card”). We do not collect your Linked Card’s expiration date or card security code. The primary account number is the 14, 15, or 16 digit number that appears on the front of your Linked Card (“Linked Card Number”). We need the Linked Card Number to monitor your Linked Card activity for transactions with participating merchants (“Participating Merchants”) that are eligible for Program rewards. Accordingly, you are authorizing us to obtain and receive information about your Linked Card transactions with Participating Merchants from a payment card network (“Payment Card Network”) such as American Express®, Mastercard®, Visa®, Discover®, or a payment card processor.
We may also collect Personal Information about you from Rewards Partner or a bank issuing a credit card on Rewards Partner’s behalf that automatically enrolls you in the Program as a benefit (collectively, “Rewards Partner Information”). If you are automatically enrolled with Rewards Network by Rewards Partner, Rewards Network will only receive, maintain and use the Rewards Partner Information that Rewards Network needs to operate the Program.
You may need to create a user name and password for your Program account with us. We may assign you a unique identification number so that we may more easily identify you and your transactions.
You have the option to also provide us with the month and day of special dates (e.g., birthday, anniversary), dining preferences, and information regarding your personal accounts and/or profiles on third-party social networking sites such as Facebook® and Twitter®, as further described below.
We or Rewards Partner (or a non-affiliated third-party supplier, vendor, or contractor on our behalf or on behalf of the Rewards Partner) use your Personal Information only to operate the Program, including to send you emails, mailings, or other forms of communications (that may be real-time) that relate to the Program, Participating Merchants.
Linked card information and transaction information
We will know when you conduct a transaction with a Participating Merchant. We will collect information about that transaction, including a unique Program identification number, the date and time of your transaction, the amount of your transaction, the name and location of the Participating Merchant, and the Linked Card used for that transaction. We receive this information from Payment Card Networks. We may provide all or a portion of the information collected to a Rewards Partner or a Rewards Partner’s non-affiliated third-party suppliers, vendors, or contractors so that we and/or Rewards Partner can facilitate and administer the Program. You may receive real-time notification about the sharing of your transaction data. We may also use your transaction information to generate internal financial reporting and analysis regarding our business and for external reporting of anonymized data to market our business and the Program to third parties, including potential Participating Merchants and potential rewards partners.
We use the transaction data that we receive to match your transactions at Participating Merchants with available rewards and otherwise for Program rewards administration. In some cases, a Participating Merchant’s payment card processor may experience a lag time (approximately 24 hours) between when a credit and/or debit card is linked to a Program account and when the payment card processor is able to identify and provide us with the dining transaction data associated with that Linked Card. If you believe that you are eligible for rewards for dining at a Participating Merchant, and those rewards have not registered in your Program account within 10 days of the dine, please contact the Program’s Member Services at (800) 479-5981. We reserve the right to require that you provide a receipt from the Participating Merchant or documents reasonably required by us to evidence an eligible transaction in order to receive your reward.
By enrolling in and participating in the Program, you are authorizing us and Participating Merchants, Payment Card Networks, and payment card processors to obtain, provide, and use transaction information related to your purchases (such as date, time and amount) at Participating Merchants in order to calculate rewards, redeem rewards, and facilitate and make the Program available. You also authorize us to, in our reasonable discretion, collect location data using your device to provide you with recommendations based on your location and past dining activity, analyze your general dining patterns and stores that you visit, and also aggregate this data to help understand general Program member patterns and trends, which we may share with third parties with our discretion.
For certain qualifying purchases, you may be required to complete the survey in order to earn rewards.
All reviews, surveys, comments, feedback, and other information about your dining experiences, Participating Merchants, or participation in the Program that you choose to disclose, submit, or convey via the Site (which we refer to collectively as "Comments") may be reprinted, used, displayed, redistributed, shared, transmitted, excerpted, modified, and/or disseminated (in whole or in part) by us. Your Comments must comply with our Review Guidelines. We reserve the right to remove any Comments that are inappropriate.
Your provision of Comments to us constitutes a nonexclusive, royalty-free, perpetual, irrevocable, and fully sub-licensable right to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, and display such Comments throughout the world in any media.
You warrant that: (i) any use of Comments by us will not violate any right of any third party; and (ii) any Comments are not libelous, unlawful, or obscene.
Personal information we utilize for contests, giveaways, sweepstakes, and other promotions
Linked card updates
We collect IP address information from any visitor to the Site. We log IP addresses for system administrative purposes only. IP addresses are not used for identification. This information helps us determine how often different areas of the Site are visited. We do not link IP addresses to any information that is personally identifiable.
Usage information and session data
When you visit the Site or click on a link in an e-mail from one of our Participating Merchants, we may collect usage information ("Session Data"). Session Data may include browser type and version, time zone setting, browser plug-in types and versions, operating system, platform, and what Participating Merchants you look at. We may use Session Data for a variety of reasons, including to better understand things like how the Site is navigated, how many visitors arrive at and look at specific pages, and the length and frequency of stays at our Site. We disclose such Session Data to our Participating Merchants to provide proof of attribution metrics.
We may have the ability to collect location data and provide you with push notifications based on your location and past dining activity. We utilize location information to provide you with more relevant location-based restaurant choices, track your general dining patterns and stores that you visit, and also aggregate this data to help understand general Program member patterns and trends, which we may share with third parties in our discretion. You are agreeing that we can collect and use your location data and can continue to do so until you turn off your location settings.
Your device may allow you to disable the collection of location data and push notifications by accessing your device’s application or notification settings. If you do not want us to have access to your location, you may change your location settings. You are agreeing that we can continue to collect location data until you turn off data collection in your device. We have no responsibility or liability for the functions of location settings within any device.
- Session cookies track the user's progression through the Site and session data for a single visit. These cookies enable us to follow the user as they progress from one page to another. Your session cookies expire at the end of your browser session. In addition, if you leave your browser open for a prolonged period, they are set to automatically expire.
- Persistent cookies are stored on your device between browser sessions, allowing us to remember you and your preferences on the Site. We may use a persistent cookie to remember such information as your user name, name, preferred dining area, favorite restaurants, and Session Data.
Most Internet browsers automatically accept cookies. However, you can instruct your browser to stop accepting cookies or prompt you before accepting a cookie from the sites you visit.
We use Google Analytics in order to analyze traffic and performance related to the Site. To learn how Google uses data when you use our Site, visit www.google.com/policies/privacy/partners/.
Disclosure of personal information
We or Rewards Partner may disclose information that we may have, identifiable or not, as necessary for defending and bringing legal actions; if required by a government authority or legal process; when we or Rewards Partner believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or in the good faith belief that disclosure is otherwise necessary or advisable.
Disclosure of anonymized information
We may share anonymized information about you that is not reasonably identifiable to you with our affiliates, rewards partners, Participating Merchants, and other third parties in our discretion. Such information could be used, for example, to provide us with statistical or other analysis and to market our business, the Program or both. This information is de-identified and cannot reasonably be used to identify you personally. This information is most often aggregated demographic and statistical information (such as information derived from use of our Site or your participation in any Program) and information submitted in connection with restaurant reviews or surveys that you submit to us.
Transfer of personal information
Social network plugins
Choices for email and marketing communications
You may opt out of receiving Program emails from us. However, doing so will affect your eligibility for all or some Program benefits. You may not opt out of receiving administrative emails related to your account except by terminating your Program participation.
If you do not wish to receive email communications from us, you can unsubscribe from the link in the email you received, change your selections within the Account Information section, or indicate your preferences within a direct communication to us. You may also email us if you wish to unsubscribe, but for your security, please do not send credit and/or debit card information via email.
Do not track
Because there is not an industry or legal standard for recognizing or honoring Do Not Track (“DNT”) signals, we do not respond to them at this time.
Retention and disposal of information
We retain your information as long as we determine it is required for the operation of our business and Program, and to meet legal, regulatory, and other requirements.
We take reasonable steps to ensure that information is disposed of securely when we no longer require such data.
We take commercially reasonable steps to maintain physical, electronic, and procedural safeguards to protect your information. These safeguards may include data encryption, access authorization, firewalls, and physical access control to our data centers. We use industry-standard encryption technologies when transferring and receiving identifiable information. We maintain PCI DSS compliance. You can find our listing on the Visa Global Registry of Service Providers.
We maintain a Service Organization Control (SOC) 3 report. This assessment of our security practices enables you and your stakeholders to validate that we have obtained independent auditor assurance, which attests to our alignment with the American Institute of Certified Public Accountants (AICPA) Security Trust Principles. We may elect in the future to assess our security practices through a standard other than SOC, and we will in any case maintain and routinely test our controls related to the security, integrity, confidentiality, and privacy of the information we collect, store, and process.
Securing your personal information
Rewards Network and the Program will never ask you for personal information, including financial information, via unsolicited telephone calls, emails, postal mailers, or fax transmissions.
Specifically, Rewards Network and the Program will never send you unsolicited requests for the following types of Personal Information: (i) username or password; (ii) email address; (iii) social security number; (iv) credit and/or debit card number; (v) credit card expiration date or card security code; (vi) bank account numbers; or (vii) names of your family members. This list is provided for illustrative purposes only and is not intended to include all categories of information that may be the subject of an unsolicited request for Personal Information.
Any request for personal information of this nature in a conversation not initiated by you should be considered suspicious, even if the communication includes Rewards Network or the Program logos, links to websites that look “like” the Program, or a request for you to take immediate action, such as verifying your account information. Unsolicited communications of this type are often fraudulent “phishing” communications, and could be an attempt to acquire your sensitive personal information for malicious reasons.
Payment card industry data security standard
In order to protect your Personal Information, Rewards Network complies with the security standards (PCI DSS) required by the PCI Security Standards Council.
The Council was founded in 2006 by five prominent payment brands — including American Express®, Discover Financial Services®, JCB International®, Mastercard®, and Visa, Inc.®. This global forum is responsible for the development, management, education, and awareness of security standards for credit and debit cards.
PCI DSS applies to all entities involved in payment card processing. This includes retailers where consumer purchases are made, payment card processors, credit card issuers, and service providers. Rewards Network continually reviews its payment card security practices to ensure that those practices satisfy the requirements of the most current version of the PCI DSS compliance standards.
If you suspect that you have received a phishing or other type of fraudulent communication, you should not: (i) click on any links in the offending email; (ii) open any attachments related to the communication; (iii) call any telephone numbers provided in the communication; or (iv) follow instructions contained in the communication. If the phishing or other fraudulent communication purports to be associated with the Program, you should report the communication to Rewards Network by sending an email to firstname.lastname@example.org. You should attach the unsolicited communication to your email report. If you received the communication by postal mail, rather than by email, you should photograph any mailer, letter, and envelope received and attach those materials to the email report that you send to Rewards Network.
Reviewing or changing your information
You can contact us (by email, telephone, or postal mail) to request access and/or modify any information that we have for you, or otherwise modify your preferences pertaining to our marketing communications. To review, change, or update your information:
- Online: When the Program Site is available, sign in to your account and click on the "Profile" link to change your Personal Information or modify your communication preferences.
- By postal mail: Please include your email address and mail your request to us at Rewards Network Establishment Services Inc., 540 West Madison Street, Suite 2400, Chicago, IL 60661, Attn: Member Services.
- By phone: Members may contact AAdvantage DiningSM Member Services toll-free at (800) 479-5981.
- By email: email@example.com.
To protect your privacy and security, we will take commercially reasonable steps to verify your identity before making corrections or granting access to your information.
Information Security Management Group
The following person serves as the contact for the ISMG:
540 West Madison Street
Chicago, IL 60661
Cancellation and terminating your account
Your California privacy rights
Pursuant to applicable California law, including the California Consumer Privacy Act (CCPA), Rewards Network makes the following disclosures regarding personal information collected and/or sold by us:
|Category of personal information||Category or source from which data is collected||Purpose of collection||Category of Service Providers to whom data is disclosed||Category of Third Parties to whom data is sold|
|Identifiers, such as your name, address, and email address.||You, and sometimes the Rewards Partner.||To facilitate the program, communicate with you, and accurately award rewards.||Rewards Partner, Credit Card Processor/Payment Card Network, Service Providers who provide email and customer service support.||Your personal information is never sold.|
|The credit card number used to register for the Program.||You, and depending on the type of card you use, the issuing bank or Rewards Partner.||To facilitate the program and accurately award rewards.||Credit Card Processor/Payment Card Network.||Your personal information is never sold.|
|Commercial information, relating to transactions you make at restaurants.||The Payment Credit Card Processor/Payment Card Network, Participating Merchants.||To facilitate the program and accurately award rewards.||Restaurant Partners (in the aggregate only), Credit Card Processor/Payment Card Network, Service Providers providing email and customer service support.||Your personal information is never sold.|
|Internet or other electronic network activity information, including cookies and utilizing Google Analytics Tools.||You, and your activity on the Program websites. Depending on the type of information, sometimes through email communications.||To improve the Program to provide you with the best experience possible, including suggesting restaurants.||Service Providers providing email and customer service support, Service Providers who assist with marketing initiatives.||Your personal information is never sold.|
|Geolocation data, including where you are when you open the dining app or website.||You, and the device you use to access the mobile site and website.||To improve the program and make suggestions based on your location.||Service Providers who provide technical support for this functionality.||Your personal information is never sold.|
If you are a California resident, then pursuant to the California Consumer Privacy Act (CCPA), you have the right to request:
- the categories of personal information Rewards Network has collected about you;
- the categories of sources from which your personal information is collected;
- the business or commercial purpose of collecting or selling your personal information;
- the categories of Third Parties with whom Rewards Network shares your personal information;
- the specific pieces of personal information Rewards Network has collected about you;
- the categories of personal information that Rewards Network has sold about you and the categories of Third Parties to whom the personal information was sold, if applicable;
- deletion of your personal information; and
- an opt out of having your personal information disclosed or sold to Third Parties.
To submit a request, please complete this form or contact us at (877) 737-3787.
However, Rewards Network will not be required to comply with your request to delete your personal information if it is necessary for us to maintain your personal information in order to:
- complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of Rewards Network’s ongoing business relationship with you, or otherwise perform a contract between you and Rewards Network;
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- debug to identify and repair errors that impair existing intended functionality;
- exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
- comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when Rewards Network’s deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent;
- to enable solely internal uses that are reasonably aligned with your expectations based on your relationship with Rewards Network;
- comply with a legal obligation; or
- otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Rewards Network will not discriminate against you in the event you exercise any of the aforementioned rights under CCPA, including, but not limited to, by:
- denying goods or services to you;
- charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- providing a different level or quality of goods or services to you; or
- suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Do we collect information from children?
Our Site is not intended for children under 18 years of age. No one under age 18 may provide any information to or on the Site. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on the Site or on or through any of its features, including your name, address, telephone number, e-mail address or any username you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at firstname.lastname@example.org.
Pursuant to CCPA, we will not sell the personal information of any consumer less than 18 years of age.