Updated March 25, 2020
Our Site, App, and Services are not intended for individuals under the age of majority. We do not knowingly collect personal information from such individuals.
Information we collect
We may collect the following categories of information in connection with your use of our Site, App, and Services, about you which are described in more detail below. All of the information listed is hereinafter referred to as "Information."
Registration Information: When you register for the Services, you will be asked for basic registration Information, such as an email address and password.
Identification Information: You may also be asked to provide identification Information upon registration, including your first and last name, gender and date of birth.
Third-party credentials: You may also provide Drop with certain credentials for third party payment services (“Third-Party Sites”) when you authorize us to connect to them on your behalf.
Information from Third-Party Sites: When you agree to have Drop connect to any Third-Party Sites on your behalf, in order to provide you with personalized Drop rewards, we will collect transaction-level data from the Third Party Sites via our Services. For example, if you register your chequing account or credit card account with us, we will collect the transaction details from your chequing account or credit card account in order to personalize rewards and determine for which transactions you are eligible to receive Drop points.
Contests and surveys: From time to time, you may be offered an opportunity to participate in a contest, survey, or other promotion. We may collect or you may submit Information in connection with one of these promotions, such as your first and last name, contact information and any other required information.
Technical, device and navigational information: We may collect information about your interaction with our Site, App, or Services such as computer browser type, pages visited, average time spent on our Site, App, or Services, IP address, unique identifier of the device, device advertising identifier, operating system version and app version.
Location Information: If you choose to use a location enabled aspect of the Services, we may collect location Information from your device and will notify you of this collection. You may control or disable the sharing of location Information via your device setting and/or the Services.
Social network Information. You also may log in to the Services through your Facebook account. If you log in through your Facebook account, you will be asked to enter your Facebook login credentials and we will ask that you grant us permission to (i) access and collect your basic profile information, including your name, email address, and age, and (ii) access your friend list to identify other members. If you allow us to have access to this Information, then we will have access to this Information even if you have chosen not to make that Information public through your Facebook settings. Any third-party social networking site controls the information it collects from you. For information about how they may use and disclose your Information, including any Information you make public, please consult their respective privacy policies. We have no control over how any third-party site uses or discloses the personal Information it collects about you.
Career Information: You may provide Information when submitting your resume or applying for a specific job on our Site such as your career history and educational background.
Additional Information as otherwise described to you at the point of collection or pursuant to your consent.
How we use the Information we collect
We use and process your Information for things that may include, but are not limited to, the following:
issuing the promised rewards based on your spending with Drop partners;
offering and improving the Site, App, and the Services, including creating and personalizing offers and rewards;
responding to your inquiries about our Site, App, and Services;
analyzing usage of our Site, App and Services;
alerting you to software compatibility issues;
delivering any administrative notices or alerts and communications relevant to your use of the Services;
for marketing and advertising purposes, including sending you promotional material or special offers on our behalf or on behalf of our marketing partners and/or their respective affiliates and subsidiaries and other third parties, provided that you have not already opted-out of receiving such communications;
to fulfill contracts we have with you;
offering you other products, programs, or services that we believe may be of interest;
performing market research, project planning, product development, troubleshooting problems, and analysis of user behavior;
to manage, improve and foster relationships with third-party service providers, including vendors, suppliers, and parents, affiliates, subsidiaries, and business partners;
conducting anonymized user analytics and industry benchmarking;
to comply with any applicable laws and regulations and respond to lawful requests;
for any other purposes disclosed to you at the time we collect your Information and/or pursuant to your consent;
a transaction in connection with a merger, sale, of substantially all of our assets, or a corporate reorganization.
In order to allow you to use our Site, App, or Services, we may be required to verify your identity. To do so, we may, directly or through our service providers, use Information you provide and verify it against our service providers’ databases or through other sources. We may use your Information to verify your identity in the event you contact us for assistance with the Site, App, or Services. We may also use your Information to pre-fill form fields on the Services for your convenience.
When you use the App or mobile versions of our Site, we may collect the unique device identifier assigned to that device by phone makers, carriers, or makers of the operating system (the “Device ID”). Device IDs allow app developers, advertisers, and others to uniquely identify your device for purposes of storing application preferences and other data.
We may use your Device ID to contact you directly through push notifications. Additionally, we may use Device IDs to monitor suspicious activity. For example, if we detect that a single account on a Site or App is being accessed from multiple devices, as determined by tracking the Device IDs that access an account, we may contact the user to ensure that such access has been authorized by the user.
How we disclose the Information we collect
We may share your Information with our affiliates and subsidiaries for the purposes of providing the Services. In connection with the delivery to you of any Drop Rewards that you may redeem, we may share some of your Information with third parties in order to process the transaction you have requested.
We may share your Information with our service providers to enable them to assist in fulfilling the requests you make or the transactions you conduct via the Site and App, including the operation of certain Site and App functions and the Services.
Drop and its service providers, may provide your Information in response to a search warrant or other legally valid inquiry or order, or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required or permitted by applicable Canadian, US or other law. We may also disclose information where necessary for the establishment, exercise or defense of legal claims and to investigate or prevent actual or suspect loss or harm to persons or property.
We may transfer any Information we have about you as an asset in connection with a proposed or actual merger, sale, investment, or financing (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Drop or as part of a corporate reorganization or sale or other change in corporate control.
We may license, share or otherwise disclose aggregate, de-identified or anonymous information about users or users’ engagement with the Services with third parties for marketing, advertising, analytics, research or similar purposes. For example, we may provide participating merchants or third-parties with aggregated or anonymized information relating to users’ engagement with the Services to allow participating merchants and other third parties to assess the results of their campaigns.
How we protect the Information we collect
We take the security of your Information seriously. We use technical, physical and administrative safeguards, such as, but not limited to, firewalls, encryption techniques and authentication procedures to maintain the security of your Information. Unfortunately, no collection or transmission of information over the Internet or other publicly accessible communications networks can be guaranteed to be 100% secure, and therefore, we cannot warrant the security of any such information. We are not responsible for the circumvention of any privacy settings or security features. You agree that we will not have any liability for misuse, access, acquisition, deletion, or disclosure of your Information. More information on how we protect your Information can be found on the Drop security page.
Your online access may be protected with a password you select. We strongly recommend that you do not disclose your password to anyone. We will never ask you for your password in any unsolicited communication (such as letters, phone calls or email messages).
You have the option of receiving periodic Site, App, or Services related alerts, weekly summaries, notifications, newsletters, promotions, or other information via email. You may choose to sign-up or stop receiving alerts, summaries, newsletters and promotions by indicating your preference in your account profile or settings. You may also follow the unsubscribe instructions in the email you receive. Please note that certain Service-related messages that we send are necessary for the proper functioning and use of the Services and you may not have the ability to opt-out of those messages.
Third-party offers, advertisements, and data collection
As a user of our Site, App, and Services, you grant our service providers, including, but not limited to Plaid and Finicity, the right, power, and authority to access and transmit your data as reasonably necessary to provide the Services. In addition, you acknowledge and agree that your personal Information will be treated in accordance with the privacy policies of these service providers. You furthermore expressly grant our service providers the right, power and authority to (acting on your behalf) access and transmit your Information, including personal Information, as reasonably necessary to provide the Service to you and Drop.
To help operate the Site, App, or Services, enhance you experience, and collect information about online activity, we may place small data files on your computer or other device. These data files may be in the form of cookies, pixel tags, local shared objects, or other similar technologies. Cookies and similar technologies enable us to personalize our Site and Services for you. These technologies allow us to store and manage your preferences and settings, measure and analyze how you use our Site and effectiveness of our communications, offer targeted products, programs and services, and help us improve our products, services, and security. Information collected includes internet protocol address, operating system, browser specifics of your device, device characteristics, user ID, and specifics regarding your interactions with (i.e., the path you take through) our Site and Services.
Most browsers provide you with the ability to block, delete, or disable these technologies. If you choose to reject cookies or similar technologies, some Services may not be available or some functionality may be limited or unavailable. Please review your browser manufacturer’s help pages for assistance with changing your settings. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your device’s hard drive, clear GIFs are embedded invisibly on Site or App pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Site and App to, among other things, track the activities of Site visitors and App users, help us manage content, and compile statistics about usage of our Site and App. We and our third-party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Users in the United States may opt out of many third-party ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page for information about opting out of interest-based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page for information about opting out of interest-based advertising and their choices regarding having Information used by NAI members.
Opting out from one or more companies listed on the DAA Consumer
Choice Page or the NAI Consumer Opt-Out Page will opt you out from those companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Site or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt out on the DAA or NAI websites, your opt out may not be effective. Additional information is available on the DAA’s website at www.aboutads.info or the NAI’s website at www.networkadvertising.org.
Our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies); you also may opt-out of targeted advertising by following the instructions above.
Access to your personal Information
You have the right to access, update, and correct inaccuracies in your personal Information in our custody and control, subject to certain exceptions, limitations and applicable laws. To the extent other state laws provide users with additional data subject rights, we will honor those rights following proper authentication and verification.
You may request access, updating and corrections of inaccuracies in other personal Information we have in our custody or control by emailing or writing to us at the contact information set out below. We may request certain personal Information for the purposes of verifying the identity of the individual seeking access to their personal Information records.
You may also access, review, and update much of the Information you have submitted to us at any time via the Site, App, or Services. You may also choose to close or request that we delete your account for the Services at any time.
Notice to California residents
I. Data Subject Requests
If you would like to submit a Data Subject Request, you can complete one online at https://www.joindrop.com/ccpa_consumer_request. You can also call us at 1-866-I-OPT-OUT and entering Service Code 732.
If you complete our online form, it must be completed accurately and completely before we can respond. If you choose to submit a Data Subject Request, you must provide us with enough Information to identify you and enough specificity on the requested data. We will only use the Information we receive for verification. We will not be able to disclose Information if it cannot verify that the person making the Data Subject Request is the person about whom we collected Information, or someone authorized to act on such person’s behalf.
If you are a California resident, you may submit a Data Subject Request to receive information about our data collection practices as it relates to your data. By submitting this request, you are declaring that you are a California resident availing yourself of the rights afforded to you under the California Consumer Privacy Act (CCPA).
You may request information on the categories of personal Information (as defined by California law) we have collected about you; the categories of data collection sources; any business or commercial purpose for collecting or selling personal Information; the categories of third parties with whom we share personal Information, if any; and the specific pieces of personal Information we have collected about you. If you would like to also receive information about our data disclosure for business purposes, then please include that in the Data Subject Request. We will clarify whether the Information was collected and disclosed or simply collected and kept internally.
II. The “Sale” of Personal Information under the California Consumer Protection Act
The California Consumer Protection Act gives California residents the right to stop the “sale” of their personal information through a mechanism called “Do Not Sell My Personal Information” button or hyperlink.
While there are many positive impacts of this requirement, California’s definition of “sale” also captures the transfer of data between corporate affiliates (that is, companies that share common ownership) and other transfers that ordinarily may not be thought of as a “sale” in the traditional sense of the word. At Drop, we may share your personal information with our partners to provide you with the rewards, coupons and benefits that are a core mission of our App. Because the CCPA has defined some of these transfers as “sales,” we are unable to offer all of our services to our Users that ask us not to “sell” their Personal Data.
California residents may utilize the “Do Not Sell My Personal Information” hyperlink located on our Services to facilitate their opt-out of the sale of certain personal Information. However, if you opt to request that we do not “sell” your personal Information you may not be able to use any service we offer that requires our continued use of your email address. Accordingly, users who direct us to stop “selling” their personal Information may be asked to delete their account with Drop and their associated personal Information. Users who make this request will still be able to access our website and explore our Services that are available to non-account holders.
Please note that we will attempt to verify your identity via the email address and/or telephone number associated with your request prior to fulfilling it. If you authorize another person to make this request on your behalf, in addition to verifying your identity we will also require proof that the person is authorized to act on your behalf.
You may request that we delete your personal Information. Your deletion request should be submitted through a Data Subject Request. Subject to certain exceptions set out below we will, on receipt of a verifiable Data Subject Request, delete your personal Information from our records and direct any service providers to do the same.
Please note that we may not delete your personal Information if it is necessary to:
complete the transaction for which the personal Information was collected;
provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
detect security incidents, protect against malicious, deceptive activity, and take all necessary and appropriate steps to mitigate current and future risk;
debug and repair internal information technology as necessary;
undertake internal research for technological development and demonstration;
exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
comply with the California Electronic Communications Privacy Act;
engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the Information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
comply with an existing legal obligation; or
otherwise use your personal Information, internally, in a lawful manner that is compatible with the context in which you provided the Information.
We may not, and will not, treat you differently because you of your Data Subject Request activity. As a result of your Data Subject Request activity, we may not and will not deny goods or services to you, charge different rates for goods or services, provide a different level quality of goods or services, or suggest any of the preceding will occur. However, we can and may charge you a different rate, or provide a different level of quality, if the difference is reasonably related to the value provided by your personal Information.
In addition, if you are a California resident under the age of 18 and are a registered user, you may request us to remove content or Information posted on our websites or stored on our servers by (a) submitting a request in writing to insert email, and (b) clearly identifying the content or Information you wish to have removed and providing sufficient information to allow us to locate the content or Information to be removed. However, please note that we are not required to erase or otherwise eliminate content or Information if (i) other state or federal laws require us or a third party to maintain the content or Information; (ii) the content or Information was posted, stored, or republished by another user; (iii) the content or Information is anonymized so that the minor cannot be individually identified; (iv) the minor does not follow the instructions posted in this Policy on how to request removal of such content or Information; and (v) the minor has received compensation or other consideration for providing the content. Further, nothing in this provision shall be construed to limit the authority of a law enforcement agency to obtain such content or Information.
III. Accessibility of Privacy Notice
We do not knowingly attempt to solicit or receive information from children on the Services. If we become aware that a user is under 13 (or a higher age threshold where applicable) and has provided us with Information, we will take steps to comply with any applicable legal requirement to remove such Information. Contact us if you believe that we have mistakenly or unintentionally collected Information from a child under the age of thirteen (13).