We may modify this Privacy Notice at any time. All changes will be effective immediately upon posting to the Site. Material changes will be conspicuously posted on the Site or otherwise communicated to you.
- Location of servers
- What we collect and how we use it
- Disclosure of personal information
- Disclosure of anonymized information
- Transfer of personal information
- Social network plugins
- Third-party sites
- Choices for email and marketing communications
- Retention and disposal of information or communications preferences
- Data security
- Payment card industry data security standard
- Reviewing or changing your information
- No use by children
- Information security management group
- Cancellation and terminating your account
- California residents
- Contact us
Location of servers
The Site is hosted on servers located in the United States of America and is intended for use by individuals and entities who are United States residents. YOU EXPRESSLY ACKNOWLEDGE AND CONSENT THAT YOUR DATA MAY BE TRANSFERRED TO VARIOUS LOCATIONS AND THIRD-PARTY PROVIDERS, AND MAY BE MAINTAINED AND PROCESSED ON COMPUTERS LOCATED OUTSIDE OF YOUR STATE, PROVINCE, COUNTRY, OR OTHER GOVERNMENTAL JURISDICTION WHERE THE PRIVACY LAWS MAY NOT BE AS PROTECTIVE AS THOSE IN YOUR JURISDICTION.
What we collect and how we use it
We may collect a range of Personal Information. “Personal Information” means information that uniquely identifies, relates to, describes, or is reasonably capable of being associated with or linked to you. You may visit our Site without expressly submitting any Personal Information. However, if you wish to register as a participant in the Program, you will be required to submit Personal Information as further set forth below.
Information we collect
If you register in the Program, the Personal Information we collect may include your name, email, mailing address, phone number, and other information requested on the registration page. We will also collect the primary account number for the eligible credit and/or debit card(s) that you use to enroll in the Program (“Linked Card”). We do not collect your Linked Card’s expiration date or card security code. The primary account number is the full card number that appears on the front of your Linked Card (“Linked Card Number”). We need the Linked Card Number to monitor your Linked Card activity for transactions with participating merchants (“Participating Merchants”) that are eligible for Program rewards. Accordingly, you are authorizing us to obtain and receive information about your Linked Card transactions with Participating Merchants from a payment card network (“Payment Card Network”) such as American Express®, Mastercard®, Visa®, Discover®, or a payment card processor. You are also authorizing us to obtain and receive your Linked Card program identifier, which may be used to determine your eligibility for additional offers.
We may also collect Personal Information about you from Rewards Partner or a bank issuing a credit card on Rewards Partner’s behalf that automatically enrolls you in the Program as a benefit (collectively, “Rewards Partner Information”). If you are automatically enrolled with Rewards Network by Rewards Partner, Rewards Network will only receive, maintain, and use the Rewards Partner Information that Rewards Network needs to operate the Program.
You may need to create a username and password for your Program account with us. We may assign you a unique identification number so that we may more easily identify you and your transactions.
You have the option to also provide us with the month and day of special dates (e.g., birthday, anniversary), dining preferences, and information regarding your personal accounts and/or profiles on third-party social networking sites such as Facebook® and Twitter®, as further described below.
We or Rewards Partner (or a non-affiliated third-party supplier, vendor, or contractor on our behalf or on behalf of the Rewards Partner) use your Personal Information only to operate the Program, including to send you emails, mailings, or other forms of communications (that may be real-time) that relate to the Program, Participating Merchants.
Linked card information and transaction information
We will know when you conduct a transaction with a Participating Merchant. We will collect information about that transaction, including a unique Program identification number, the date and time of your transaction, the amount of your transaction, the name and location of the Participating Merchant, and the Linked Card used for that transaction. We receive this information from Payment Card Networks. We may provide all or a portion of the information collected to a Rewards Partner or a Rewards Partner’s non-affiliated third-party suppliers, vendors, or contractors so that we and/or Rewards Partner can facilitate and administer the Program. Transaction data is only shared with the individual restaurant where the transaction took place and with AAdvantage Dining℠ for reporting purposes. You may receive real-time notification about the sharing of your transaction data. We may also use your transaction information to generate internal financial reporting and analysis regarding our business and for external reporting of anonymized data to market our business and the Program to third parties, including potential Participating Merchants and potential rewards partners.
We use the transaction data that we receive to match your transactions at Participating Merchants with available rewards and otherwise for Program rewards administration. In some cases, a Participating Merchant’s payment card processor may experience a lag time (approximately 24 hours) between when a credit and/or debit card is linked to a Program account and when the payment card processor is able to identify and provide us with the dining transaction data associated with that Linked Card. If you believe that you are eligible for rewards for dining at a Participating Merchant, and those rewards have not registered in your Program account within 10 days of the dine, please contact the Program’s Member Services at (800) 479-5981. We reserve the right to require that you provide a receipt from the Participating Merchant or documents reasonably required by us to evidence an eligible transaction in order to receive your reward.
By enrolling in and participating in the Program, you are authorizing us and Participating Merchants, Payment Card Networks, and payment card processors to obtain, provide, and use transaction information related to your purchases (such as date, time and amount) at Participating Merchants in order to calculate rewards, redeem rewards, and facilitate and make the Program available. You also authorize us to, in our reasonable discretion, collect location data using your device to provide you with recommendations based on your location and past dining activity, analyze your general dining patterns and stores that you visit, and also aggregate this data to help understand general Program member patterns and trends, which we may share with third parties with our discretion.
For certain qualifying purchases, you may be required to complete the survey in order to earn rewards.
All reviews, surveys, comments, feedback, and other information about your dining experiences, Participating Merchants, or participation in the Program that you choose to disclose, submit, or convey via the Site (which we refer to collectively as "Comments") may be reprinted, used, displayed, redistributed, shared, transmitted, excerpted, modified, and/or disseminated (in whole or in part) by us. Your Comments must comply with our Review Guidelines. We reserve the right to remove any Comments that are inappropriate.
Your provision of Comments to us constitutes a nonexclusive, royalty-free, perpetual, irrevocable, and fully sub-licensable right to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, and display such Comments throughout the world in any media.
You warrant that: (i) any use of Comments by us will not violate any right of any third party; and (ii) any Comments are not libelous, unlawful, or obscene.
Personal information we utilize for contests, giveaways, sweepstakes, and other promotions
Linked card updates
We collect IP address information from any visitor to the Site. We log IP addresses for system administrative purposes only. IP addresses are not used for identification. This information helps us determine how often different areas of the Site are visited. We do not link IP addresses to any information that is personally identifiable.
When you visit the Site or click on a link in an e-mail from one of our Participating Merchants, we may collect usage information ("Session Data"). Session Data may include browser type and version, time zone setting, browser plug-in types and versions, operating system, platform, and what Participating Merchants you look at. We may use Session Data for a variety of reasons, including to better understand things like how the Site is navigated, how many visitors arrive at and look at specific pages, and the length and frequency of stays at our Site. We disclose such Session Data to our Participating Merchants to provide proof of attribution metrics.
We may have the ability to collect location data and provide you with push notifications based on your location and past dining activity. We utilize location information to provide you with more relevant location-based restaurant choices, track your general dining patterns and stores that you visit, and also aggregate this data to help understand general Program member patterns and trends, which we may share with third parties in our discretion. You are agreeing that we can collect and use your location data and can continue to do so until you turn off your location settings.
Your device may allow you to disable the collection of location data and push notifications by accessing your device’s application or notification settings. If you do not want us to have access to your location, you may change your location settings. You are agreeing that we can continue to collect location data until you turn off data collection in your device. We have no responsibility or liability for the functions of location settings within any device.
Most Internet browsers automatically accept cookies. However, you can instruct your browser to delete, block, stop accepting cookies or prompt you before accepting a cookie from the sites you visit. If you choose to reject cookies or block device identifiers, some features of the Site may not be available, or some functionality may be limited or unavailable. Please review the help pages of your browser or mobile device for assistance with changing your settings.
To change your preferences with respect to certain online ads or to obtain more information about ad networks and online behavioral advertising, visit National Advertising Initiative Consumer opt-out page or the Digital Advertising Alliance Self-Regulatory Program. Changing your settings with individual browsers or ad networks will not necessarily carry over to other browsers or ad networks. As a result, depending on the opt-outs you request, you may still see our ads. Opting-out of targeted advertising does not opt you out of all ads, just those targeted to you.
Disclosure of personal information
We or Rewards Partner may disclose Personal Information that we may have reasonably necessary to (a) defend and bring legal actions; (b) if required by a government authority or legal process; (c) detect, prevent, or otherwise respond to fraud, security, or technical concerns, (d) support auditing and compliance functions, (e) when we or Rewards Partner believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (f) in the good faith belief that disclosure is otherwise necessary or advisable. We may also disclose Personal Information if and when we are involved in a merger, acquisition, or any form of transfer or sale of some or all of our business, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding. Personal Information may be transferred along with the business. Where legally required we will give you prior notice and if you have a legal right to do so, an opportunity to object to this transfer.
Disclosure of anonymized information
We may share anonymized information about you that is not reasonably identifiable to you with our affiliates, rewards partners, Participating Merchants, and other third parties in our discretion. Such information could be used, for example, to provide us with statistical or other analysis and to market our business, the Program or both. This information is de-identified and cannot reasonably be used to identify you personally. This information is most often aggregated demographic and statistical information (such as information derived from use of our Site or your participation in any Program) and information submitted in connection with restaurant reviews or surveys that you submit to us.
Transfer of personal information
Social network plugins
Choices for email and marketing communications
You may opt out of receiving Program emails from us. However, doing so will affect your eligibility for all or some Program benefits. You may not opt out of receiving administrative emails related to your account except by terminating your Program participation.
If you do not wish to receive email communications from us, you can unsubscribe from the link in the email you received, change your selections within the Account Information section, or indicate your preferences within a direct communication to us. You may also email us if you wish to unsubscribe, but for your security, please do not send credit and/or debit card information via email.
Retention and disposal of personal information
We retain your information as long as we determine it is required for the operation of our business and Program, and to meet legal, regulatory, and other requirements.
We take reasonable steps to ensure that information is disposed of securely when we no longer require such data.
We take commercially reasonable steps to maintain physical, electronic, and procedural safeguards to protect your information. These safeguards may include data encryption, access authorization, firewalls, and physical access control to our data centers. We use industry-standard encryption technologies when transferring and receiving identifiable information. We maintain PCI DSS compliance. You can find our listing on the Visa Global Registry of Service Providers.
We maintain a Service Organization Control (SOC) 3 report. This assessment of our security practices enables you and your stakeholders to validate that we have obtained independent auditor assurance, which attests to our alignment with the American Institute of Certified Public Accountants (AICPA) Security Trust Principles. We may elect in the future to assess our security practices through a standard other than SOC, and we will in any case maintain and routinely test our controls related to the security, integrity, confidentiality, and privacy of the information we collect, store, and process.
Payment card industry data security standard
In order to protect your Personal Information, Rewards Network complies with the security standards (PCI DSS) required by the PCI Security Standards Council.
The Council was founded in 2006 by five prominent payment brands — including American Express®, Discover Financial Services®, JCB International®, Mastercard®, and Visa, Inc.®. This global forum is responsible for the development, management, education, and awareness of security standards for credit and debit cards.
PCI DSS applies to all entities involved in payment card processing. This includes retailers where consumer purchases are made, payment card processors, credit card issuers, and service providers. Rewards Network continually reviews its payment card security practices to ensure that those practices satisfy the requirements of the most current version of the PCI DSS compliance standards.
If you suspect that you have received a phishing or other type of fraudulent communication, you should not: (i) click on any links in the offending email; (ii) open any attachments related to the communication; (iii) call any telephone numbers provided in the communication; or (iv) follow instructions contained in the communication. If the phishing or other fraudulent communication purports to be associated with the Program, you should report the communication to Rewards Network by sending an email to firstname.lastname@example.org. You should attach the unsolicited communication to your email report. If you received the communication by postal mail, rather than by email, you should photograph any mailer, letter, and envelope received and attach those materials to the email report that you send to Rewards Network.
Reviewing or changing your information or communications preferences
You can contact us (by email, telephone, or postal mail) to request access and/or modify any information that we have for you, or otherwise modify your preferences pertaining to our marketing communications. To review, change, or update your information:
- Online: When the Program Site is available, sign in to your account and click on the "Profile" link to change your Personal Information or modify your communication preferences.
- By postal mail: Please include your email address and mail your request to us at Rewards Network Establishment Services Inc., 540 West Madison Street, Suite 2400, Chicago, IL 60661, Attn: Member Services.
- By phone: Members may contact AAdvantage DiningSM Member Services toll-free at (800) 479-5981.
- By email: email@example.com.
To protect your privacy and security, we will take commercially reasonable steps to verify your identity before making corrections or granting access to your information.
No use by children
We do not knowingly collect or solicit any Personal Information from children under the age of 18. In the event that we learn that we have collected Personal Information from a child, we will promptly take steps to delete that information. If you are a parent or legal guardian and think your child has given us their Personal Information, you can email us at firstname.lastname@example.org or contact us using the information listed below.
Information Security Management Group
The following person serves as the contact for the ISMG:
VP, General Counsel & Secretary
540 West Madison Street
Chicago, IL 60661
Cancellation and terminating your account
This Section applies to our collection and use of “Personal Information” if you are a resident of California, as required by the California Consumer Privacy Act of 2018 and its implementing regulations (“CCPA”), as amended by the California Privacy Rights Act (the “CPRA”), where “Personal Information” has the definition set forth in the CCPA. This Section describes (1) the categories of Personal Information, collected and disclosed by us, subject to CCPA, (2) your privacy rights under CCPA, and (3) how to exercise your rights.
If you would like to receive a copy of this Section in an alternate format (e.g., printable) or language, please contact us using the information provided in the Contact Us section below.
Categories of personal information
Rewards Network makes the following disclosures regarding Personal Information collected by us within the preceding 12-month period.
|Category of Personal Information||Category of Source from which Personal Information is Collected||Purpose of Collection||Category of Service Providers to whom Personal Information is Disclosed||Category of Third Parties to whom Personal Information Is Sold or Shared||Retention Period|
|Identifiers, such as your name, address, and email address.||You, and sometimes the Rewards Partner.||To facilitate the program, communicate with you, and accurately award rewards.||Rewards Partner, Credit Card Processor/Payment Card Network, Service Providers who provide email and customer service support.||We do not sell or share this category of Personal Information.||3 years after your last transaction with us.|
|The credit card number used to register for the Program.||You, and depending on the type of card you use, the issuing bank or Rewards Partner.||To facilitate the program and accurately award rewards.||Credit Card Processor/Payment Card Network.||We do not sell or share this category of Personal Information.||3 years after your last transaction with us.|
|Commercial information, relating to transactions you make at restaurants.||The Payment Credit Card Processor/Payment Card Network, Participating Merchants.||To facilitate the program and accurately award rewards.||Restaurant Partners (in the aggregate only), Credit Card Processor/Payment Card Network, Service Providers providing email and customer service support.||We do not sell or share this category of Personal Information.||7 years after your last transaction with us.|
|Internet or other electronic network activity information, including cookies and utilizing Google Analytics Tools.||You, and your activity on the Program websites. Depending on the type of information, sometimes through email communications.||To improve the Program to provide you with the best experience possible, including suggesting restaurants.||Service Providers providing email and customer service support, Service Providers who assist with marketing initiatives.||We do not sell or share this category of Personal Information.||Varies depending on the type of cookie collecting this Personal Information, but no more than 3 years.|
|Geolocation data, including where you are when you open the dining app or website.||You, and the device you use to access the mobile site and website.||To improve the program and make suggestions based on your location.||Service Providers who provide technical support for this functionality.||We do not sell or share this category of Personal Information.||3 years after your last transaction with us.|
If you are a California resident, you have the following rights:
|Notice||The right to be notified of what categories of Personal Information will be collected at or before the point of collection and the purposes for which they will be used and shared.|
|Access||The right to request the categories of Personal Information that we collected in the previous twelve (12) months, the categories of sources from which the Personal Information was collected, the specific pieces of Personal Information we have collected about you, and the business purposes for which such Personal Information is collected and shared. You may also have the right to request the categories of Personal Information which were disclosed for business purposes, and the categories of third parties in the twelve (12) months preceding your request for your Personal Information.|
|Data Portability||The right to receive the Personal Information you have previously provided to us.|
|Erasure||The right to have your Personal Information deleted. However, please be aware that we may not fulfill your request for deletion if we (or our service provider(s)) are required or permitted to retain your Personal Information for one or more of the following categories of purposes: (1) to complete a transaction for which the Personal Information was collected, provide a good or service requested by you, or complete a contract between us and you; (2) to ensure our website integrity, security, and functionality; (3) to comply with applicable law or a legal obligation, or exercise rights under the law (including free speech rights); or (4) to otherwise use your Personal Information internally, in a lawful manner that is compatible with the context in which you provided it.|
|Correction||You have the right to request that we correct any incorrect personal information that we collect or retain about you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see below), we will correct (and direct any of our service providers that hold your data on our behalf to correct) your personal information from our records, unless an exception applies. We may deny your correction request if (a) we believe the personal information we maintain about you is accurate; (b) correcting the information would be impossible or involve disproportionate; or (c) if the request conflicts with our legal obligations.|
|Automated Decision Making||You have the right to request information about the logic involved in automated decision-making and a description of the likely outcome of processes, and the right to opt out. Rewards Network does not currently engage in any automated decision making practices.|
|To Opt Out of Sales or Sharing of Personal Information||We do not sell or share Personal Information. However, if we did, you would have the right to opt out.|
|Limit Use of Sensitive Personal Information||You have the right to limit the use of your sensitive Personal Information to only that which is necessary for providing our Program.|
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your Personal Information. You may also make a request on behalf of your minor child.
You may only make a request for access or data portability twice within a 12-month period. The request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
To submit a request, please complete this form.
- Rewards Network will not discriminate against you in the event you exercise any of the aforementioned rights under CCPA, including, but not limited to, by:
- denying goods or services to you;
- charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- providing a different level or quality of goods or services to you; or
- suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
We must verify your identity before fulfilling your requests. If we cannot initially verify your identity, we may request additional information to complete the verification process. We will only use Personal Information provided in a request to verify the requestor’s identity. If you are an authorized agent making a request on behalf of a California consumer, we will also need to verify your identity, which may require proof of your written authorization or evidence of a power of attorney.
We endeavor to respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing.
We will deliver our written response electronically via e-mail.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us.
We may deny certain requests, or only fulfill some in part, as permitted or required by law. For example, if you request to delete Personal Information, we may retain Personal Information that we need to retain for legal purposes.