security_page_thumbnail.jpeg
security_page_thumbnail.jpeg

Providing the highest level of security is paramount.


SCROLL DOWN

Providing the highest level of security is paramount.


Affinity Solutions Data Privacy Notice

At Affinity Solutions we know data, and safe handling of data is paramount to us.

For more than a decade, we have been conscientiously working with purchase data received directly from bank partners, processing and providing services based on it.

Our business, our partners and our customers rely on our choices to deploy best practices for keeping data secure and utilized only in accordance to standards set by privacy regulation and industry governance.

We are proud to maintain our commitment to privacy and this notice serves to describe how we receive and manage data, including the products and services we provide.

WHAT WE DO and WHAT DATA WE RECEIVE

Affinity Solutions, Inc. (“Affinity” or “We”, “Us”, or “Our”) is a back-office provider of technology, analytics, data-processing and business services for Financial Institutions. Affinity’s primary focus is running reward programs (i.e., point-accrual or cash-back programs) that bring value to the relationship between a payment card holder and their issuing Financial Institution (i.e., bank or credit union, etc.) (“FI”).

We receive card holder account and transaction data from Our FI partners in order to run and deliver value through the reward programs. This data may include account numbers; cardholder data including name, postal address, email address; and card transaction data including date, dollar amount, and merchant identification information.

WHAT ARE THE BENEFITS TO CARD HOLDERS?

Payment card issuers that contract with (and thus share data with) Affinity are able to provide their customers with reward programs, and value delivered through them. These programs provide critical benefits that card holders receive from their credit and debit card relationships. Examples of programs include:

  1. Point Programs – Affinity manages “point accrual” programs that allow card holders to earn points when they make purchases and then redeem those points for cash, travel, merchandise and gift cards.

  2. Cash Back Programs – Many of the programs Affinity operates facilitate the delivery of immediate “cash back” for card holders when they use their debit or credit cards.

  3. Merchant Funded Offers – By maintaining a network of participating merchants, Affinity’s services also enable a critical business benefit by sourcing additional funds from retailers to pay for the points and cash back being earned by the card holders.

HOW WE PROTECT THE DATA WE RECEIVE

We protect this data with strict security standards and a robust company-wide security program that is fully integrated and supported at all levels of the company. We are PCI 3.2 Level 1 certified by independent audit.

We are SSAE 16 audited by an independent third party for secure operation controls, and we routinely participate in audits with Affinity’s FI partners to ensure that all consumer (“Consumer”, “You”, or “Your”) data is protected and used only for approved purposes. Our personnel are regularly trained on security measures as well as privacy protection guidelines.

WHAT WE USE THE DATA FOR: Reward Program Servicing

As a back-office service provider to FIs, use of personally identifiable data provided to Us is strictly limited to supporting and delivering the reward program services as specified in contracts with Affinity’s FIs and issuing processor partners.

These FI-branded, reward program services may include:

  • sending emails with reward program offers to card holders,

  • hosting web-sites to deliver reward program offers,

  • authentication of reward program members when they interact with offers,

  • data processing of transaction data to determine point or cash-back awards,

  • data analysis of merchant data to identify transactions as occurring at to specific retailers,

  • data analysis to match specific retailer offers to card holders to improve card holder relevance,

  • data analysis to create reward-program experiences (such as timely messaging and/or experiential benefits) that highly relevant and appealing to card holders; and/or,

  • appending of third-party data (e.g., demographics) to cardholder records to further improve the relevance and appeal of retailer offers. Affinity does not use its FI-provided personally identifiable data for any purpose other than directly providing the contracted, FI-branded, reward program services.

WHAT WE USE DEPERSONALIZED DATA FOR

With authorization from Affinity’s FI partners, Affinity may use the data it receives from them to derive depersonalized data sets that do not contain personal identifiers and are maintained in separate systems. This data may be used to create additional products and solutions to provide retailers, their agents and other entities with insights into merchant and/or aggregate consumer trends and behaviors. These commercial activities generate additional funding used in part to supplement card-holder rewards, as part of the rewards programs, under agreement with Affinity’s FI partners.

Protecting the privacy of cardholder personal data is critically important to Our business. The depersonalization and aggregation of the derivative analytic solutions, including the privacy protections thus created, are the fundamental drivers of Affinity’s system architecture. This architecture is further enhanced with differential privacy techniques such as perturbation and salting, and by way of client/end-user and partner auditing, all under well-defined and strong governance processes.

UNDER WHAT CIRCUMSTANCES DOES AFFINITY SHARE YOUR DATA?

In our role of servicing reward programs, Affinity has no rights to share – and does not share – Your personal data with anyone other than what Your FI may authorize as necessary to support its reward program functions. For example, if a cardholder earns a bonus reward by conducting a transaction at a specific participating merchant, Affinity may provide a copy of that transaction (date, dollar amount, last 4 digits of card) with no personal data, as a means of audit for when invoicing reward funds from that merchant.

HOW LONG DOES AFFINITY RETAIN DATA?

Data is retained for the duration of Our contracted relationship with the particular FI for its reward program.

CAN I OPT OUT?

As a back-office service provider to FIs, Affinity does not have a direct brand relationship with Consumers. The Consumer interacts directly with the FI. The privacy notices that govern Our use of the data we receive from FIs, and the associated opt-out mechanisms, are provided to card holders via their banking relationship. If a Consumer opts out of the FIs’ reward program, Affinity will no longer receive the data for that Consumer from the applicable FI.

WHAT IF I HAVE QUESTIONS?

If You have questions about how we handle your personal data for our FI partners, please contact us at Affinity Solutions, 876 6th Ave, Fl. 21 New York, NY 10001 ATT: Privacy Officer.