We have created this privacy policy (this “Privacy Policy”), because we know that you care about how information you provide to us is used and shared. This Privacy Policy relates to the information collection and use practices of CorePlus, Inc. (“CorePlus”) when you access and use the Website and when you use your Devices to access and use the Services (as defined in Terms of Use).

By visiting our Website and/or using our Services, you are agreeing to the terms of this Privacy Policy and the accompanying Terms of Use, which are incorporated herein by reference. You also acknowledge and agree that you will be bound by any additional terms and conditions and/or privacy policy that participating Venues (as defined in Terms of Use) may impose, for which CorePlus is not responsible. In such case, you will be provided with such additional terms and conditions and/ or privacy policy and will be required to accept them in order to access and use the Services.

Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Use.

The Information We Collect

1. Personal Information

When you log in to use the Services through one of your Social Networking Accounts, such account will automatically provide us with, or authorize us to access, some personal information about you (collectively, the “Personal Information”). Such Personal Information may include your first and last name, username, profile pictures, unique identifiers and access tokens, e-mail address, and phone numbers. We do not collect any Personal Information from you when you use the Services or the Website unless you provide us with the Personal Information voluntarily or authorize us to access it.

2. Geolocational Information

Certain features and functionalities of the Services are based on your location. In order to provide these features and functionalities after you sign in to the Services at a Venue, we may automatically collect geolocational information from your Device or wireless carrier and/or certain third-party service providers. Such information is collectively called the “Geolocational Information.” Collection of such Geolocational Information occurs only when the Services are running on your Device.

3. Other Information

In addition to the Personal Information and the Geolocational Information, we may collect additional information (collectively, the “Other Information”). Such Other Information may include:

1. From You. Additional information about yourself that you voluntarily provide to us, such as hobbies, personal interests, household income range, number of children, gender, product and service preferences, and other information that does not identify you personally.
2. From Your Activity. Information that we automatically collect when you use the Services or the Website, including, without limitation:
   
   1. When you visit the Website, we may collect your IP address, browser type and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, sections of the Website visited, etc.
   2. When you use the Services, we may manage networks that collect your browsing activity occurring via the Services (collectively, the “Browsing Data”). In those circumstances we may have access to Browsing Data but we do not collect, share, or store Browsing data and we will use our good-faith, reasonable efforts to contractually prohibit the Venues from doing the same.
   3. When you use the Services, we may collect the Venue in which you have authenticated, offers from us and our promotional partners that you have accepted or rejected, and similar information.
   4. When you use the Services, we may collect information regarding the total data transferred or consumed, time logged in, and similar information.
3. About Your Device. We may collect information about your Device, including universally unique ID (“UUID”), MAC address, operating system and version (e.g., iOS, Android or Windows), carrier and country location, hardware and processor information (storage, chip speed, camera resolution, NFC enabled, and network type (Wi-Fi, 3G, 4G, 5G).
4. From Cookies. Information that we collect using “cookie” technology. Cookies are small packets of data that a website stores on your computer’s or Mobile Device’s hard drive so that your computer will “remember” information about your visit. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to help us collect Other Information and to enhance your experience using the Website and/or the Services. If you do not want us to place a cookie on your hard drive, you may be able to turn that feature off on your computer or Mobile Device. Please consult your Internet browser’s documentation for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, the Website or the Services may not function properly.
5. From Other Sources. Information that we collect or receive from Facebook, Twitter, and/or other third-party sites in accordance with their terms of use and privacy policies. For example, when you login into to the Website or use the Services with your Facebook credentials, you will be authorizing us to access, and we will obtain, your basic profile information, your birthday, your “likes,” and user location.

The Information Collected by or Through Third-Party Advertising Companies

We may share Other Information (excluding the Browsing Data as described above) about your activity while using the Website or the Services with third parties for the purpose of tailoring, analyzing, managing, reporting, and optimizing advertising you see on the Website, through the Services, and elsewhere. These third parties may use cookies, pixel tags (also called web beacons or clear gifs), and/or other technologies to collect such Other Information for such purposes. Pixel tags enable us, and these third-party advertisers, to recognize a browser’s cookie when a browser visits the site on which the pixel tag is located in order to learn which advertisement brings a user to a given site.

Communication Preferences

You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of any CorePlus marketing email. We will use commercially reasonable efforts to process such requests in a timely manner. You should be aware, however, that it is not always possible to completely remove or modify information in our databases. However, you cannot opt out of receiving transactional e-mails related to your account, such as emails about your use of the Services or Website and updates to the Terms of Service and this Privacy Policy.

How We Use and Share the Information

We use the Personal Information, the Geolocational Information, and the Other Information to provide and improve the Website and the Services; solicit your feedback; inform you about our products and services and those of our third-party marketing partners (without using Browsing Data, as described above); and administer our rewards, contests, sweepstakes, competitions, and promotional programs. Also, we may share Personal Information, Geolocational Information, and/or Other Information as described below.

1. In order to provide the Services, we may share your Personal Information, Geolocational Information, and Other Information with the applicable Venue. We do not, and will not, knowingly provide Browsing Data to the Venue or any such Venue’s internet service provider if we have access to it, although Venues and such Venue’s internet service provider may independently gain access to such Browsing Data. As mentioned above, we will use our good-faith, reasonable efforts to contractually prohibit the Venues from accessing, using, or sharing your Browsing Data, but in no instances shall we be responsible for any Venue’s or any Venue’s internet service provider’s use of Browsing Data.
2. In order to administer our rewards, contests, sweepstakes, competitions, and promotional programs, we may share your Personal Information, Geolocational Information, and Other Information (excluding the Browsing Data as described above) with our third-party promotional and marketing partners, including, without limitation, businesses participating in our various programs.
3. We may from time to time share Personal Information, Geolocational Information, and/or Other Information (excluding the Browsing Data as described above) with other companies who may provide you information about the products and services they offer. However, to the extent required by law, you will be given the opportunity to opt-out of such sharing.
4. In an ongoing effort to better understand our users and our Website and Services, we might analyze the Other Information and the Geolocational Information in aggregate form in order to operate, maintain, manage, and improve the Services and/or the Website. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, Venues and business partners. We may also disclose aggregated user statistics in order to describe our products, the Website, and Services to current and prospective business partners and to other third parties for other lawful purposes.
5. We may employ other companies and individuals to perform functions on our behalf. Examples may include providing network services, information technology support and customer service. These other companies will have access to the Personal Information, the Geolocational Information, and the Other Information only as necessary to perform their functions and to the extent permitted by law.
6. With your permission, third-party applications or services may access your Personal Information. We use standard OAuth (open authorization) to enable you to give permission to share your Personal Information with other websites and services, such as Facebook and Twitter (e.g., when you agree to a pop-up requesting you to allow another application to access your account information). We also use OAuth to allow us to share information about you that is stored by us without sharing your security credentials.
7. We may share some or all of your Personal Information, Geolocational Information, and Other Information with any of our parent companies, subsidiaries, joint ventures, or other companies under common control with us.
8. As we develop our businesses, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the Personal Information, Geolocational Information, and Other Information may be part of the transferred assets.
9. To the extent permitted by law, we may also disclose Personal Information, Geolocational Information, and Other Information when required by law, court order, or other government or law enforcement authority or regulatory agency, or whenever we believe that disclosing such information is necessary or advisable, for example, to protect the rights, property, or safety of CorePlus or others.

How We Protect Your Information

We take commercially reasonable steps to protect the Personal Information, the Geolocational Information, and the Other Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases or the databases of the third parties with which we may share such information, nor can we guarantee that the information you supply will not be intercepted while being transmitted over the Internet. In particular, e-mail sent to us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.

Important Notice to Non-U.S. Residents

The Website and the Services are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to us will be transferred to the United States, other than information collected in the EU. EU residents, please see EU GDPR compliance below. By using the Website or the Services and/or providing us with any information, you consent to this transfer.

California Residents

Under California Civil Code Section 1798.83, California residents who have an established business relationship with CorePlus may choose to opt out of our sharing your Personal Information with third parties for direct marketing purposes. If you are a California resident and (1) you wish to opt out; or (2) you wish to request certain information regarding our disclosure of your Personal Information to third parties for the direct marketing purposes, please send write to us at:

CorePlus
500 N. Akard Street, Suite 1500
Dallas, TX 75201

Children

We do not knowingly collect Personal Information from children under the age of 13 through the Services or the Website. If you are under 13, please do not use the Services or give us any Personal Information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide us Personal Information without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Information to us, please contact us, and we will use commercially reasonable efforts to delete that information from our databases, though there can be no assurance that we are able to do so.

External Websites

You may use the Services to access third-party websites, and our Website or the advertisements you receive through the Services or the Website may contain links to third-party websites. CorePlus has no control over the privacy practices or the content of any of the third-party websites that you may access using the Services, the Website, or the websites of our business partners, advertisers, sponsors, or other websites to which we provide links. As such, we are not responsible for the content or the privacy policies of those third-party websites. You should check the applicable third-party privacy policy and terms of use when visiting any other websites.

EU GDPR Compliance- For EU Citizens

What is GDPR?

The GDPR is the new European privacy law that replaces the EU Data Protection Directive. The law requires that business protect the privacy and personal data of EU citizens and transactions that occur within EU member states.

What is Personal Data?

Personal data is any data that relates to an identified or identifiable natural person. Examples of personal data include identifiers such as name, location data, and unique online identifiers

Who can we transfer your data to?

Your data can be transferred to only three subjects:

• authorized subjects – our employees and coworkers that are required to have access to the data in order to perform their duties,
• processing entities – other subjects we entrust with data processing,
• subjects allowed to process the data on the basis of applicable law, such as judicial bodies or investigative authorities.

Is your data being sent outside of Europe?

We do not send your personal data outside of the European Economic Area (“EEA”) / third countries when you use the Services. When you use the Website, personal data will be transferred out of the EEA.

What are your (End user) rights in relation to GDPR?

Every person to which the data pertains to has the right to control its processing by the person’s administrator, CorePlus, and in particular:

The right to access the data

The person whom the data pertains to has the right to receive a confirmation from us regarding whether its data is being processed, receive access to the data and receive information about the reasons for processing, personal data categories, receivers or categories of the receivers to whom the data has been or will be revealed, in particular to receivers in other countries or international organizations. The person also has the right to receive information regarding the planned duration of storing the data whenever possible, the criteria for setting the duration if not possible, the right to request modification, removal or limiting of the data’s processing and to object to its processing, and the right to be informed about the possibility of filing a complaint with the supervisory authority, and in case the personal data has not been acquired from the person who the data pertains to – to receive all available information regarding their source.

The right to modify data

The person whom the data pertains to has the right to request immediate modification of personal data that is incorrect or to fill out incomplete personal data.

The right to remove the data (“the right to be forgotten”)

The person whom the data pertains to has the right to request immediate removal of its personal data in any case where the data is no longer necessary for the purposes it was gathered for, as well as in cases where the person retracted consent to personal data processing, filed an objection to processing its data or the data is being processed illegally.

The right to limit processing

The person whom the data pertains to has the right to order us to limit data processing if the person questions the correctness of the data, the processing is performed illegally, the data is no longer necessary for processing purposes or the person has filed an objection to processing.

The right to transfer data

If data processing occurs on the basis of an agreement or a contract and is automated in nature, the person who the data pertains to has the right to order us to convey the data it provided in a machine-readable format to the person in question.

The right to file an objection

The person whom the data pertains to has the right to file an objection regarding the processing of its personal data at any moment, based on our legally justified affairs. In case of filing such an objection we will not be able to further process your personal data, unless we prove the existence of an important and legally justified basis for processing which would override your affairs, rights and liberties.

The right to withdraw consent

The person who the data pertains to can at any moment withdraw its consent. Withdrawal will not affect law compliance of the processing prior to the withdrawal.

In order to exercise the rights mentioned above you can send a written message to our company: CorePlus 500 N. Akard Street, Suite 1500, Dallas, TX 75201.

Changes to This Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time, and will post any changes on the Website as soon as they go into effect. By accessing the Website or using the Services after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please refer back to this Privacy Policy on a regular basis.