The purpose of this document is to inform you as to how The U Group & Co Limited ACN 610 817 831 (ReceiptJar, “us” or “we” or “our”) manages, collects, uses, and discloses personal information relating to you and other users of our website, extension for desktop web browsers, software applications, mobile applications, online services, and other platforms (the “Service”).  We conduct our business in compliance with relevant data protection legislation applicable to our business around the world and have implemented additional measures to protect your personal information.  This Privacy Policy applies to your use of any online services that posts a link to this Privacy Policy, regardless of how you access or use it.  By visiting and otherwise using our Service, you consent to the Service’s Terms & Conditions, which governs your use of the Service, and our Privacy Policy and any additional privacy statements that may be posted on an applicable part of the Service which provide information regarding our collection, use and sharing of your information and data, and other activities, as described below.  If you do not agree or consent, please discontinue use of the Service, and uninstall Service downloads and applications.

We are in the business of operating, administering, and providing Shopper Receipt Panels, Market Research and Rewards Programs to help consumers when they shop online and offline, and to help brands and retailers better understand consumer behaviours, needs and trends. 

ReceiptJar respects your privacy and is committed to protecting your personal information. We recognise that you should have the right to know what data we collect about you, how we use the collected data and what controls you have over that data.

Specific Information for United States Users

U.S. residents have certain privacy rights detailed here. The general provisions of this Privacy Policy apply to all users, including those located within the United States. However, if you are located within the United States, you should refer the detailed disclosures concerning U.S privacy law contained in the U.S State Privacy Notice section. To the extent that there is a conflict between the general terms of this Privacy Policy and the U.S. State Privacy Notice, the U.S. State Privacy Notice will prevail to the extent of any inconsistency for users located in the United States.

About Ads and Tracking

Learn more about certain choices you have regarding Tracking Technologies, including certain sharing of activities for interest-based advertising, including Location-Based Advertising and Cross-Device Matching here.

Please read this Privacy Policy carefully and contact our Privacy Officer at hello@receiptjar.com if you have any questions or concerns. 

WHAT INFORMATION DO WE COLLECT AND PROCESS ABOUT YOU?

How we use data is summarised on our How We Use Data information page.  We collect receipt data and aggregate and anonymise this data with millions of other receipt data to facilitate consumer insights and market research. In order to develop and create these aggregated and anonymised data sets, we collect receipt data and related information from you. Before we anonymise and aggregate this data, such information is personal information for the purposes of applicable privacy laws.

Receipt Data

We collect receipt data, transaction data and other information about your purchase history and consumer transactions either through:

• the receipts that you directly upload to your Receipt Jar account (Account) through our website or mobile applications; or

• the receipts and transaction history data that we are able to scrape from third party marketplace accounts that you connect to your Account through our website or mobile applications, including Google Gmail, Amazon and other online stores and email providers.

More detail regarding the personal information that we collect is set out below, including personal information that we may collect outside of the receipt and transaction data highlighted above. 

We may collect and process the following types of information:

Information You Provide

ReceiptJar, and/or its Service Providers (defined below), may collect information you provide directly to ReceiptJar and/or its Service Providers via the Service.  For example, as highlighted above, we receive and store the information you enter on our websites or mobile applications (such as information contained in receipts that you upload into our mobile application), or you otherwise provide us in any other way.  In addition, when you interact with Third-Party Services (defined below), you may be able to provide information to those third parties.  For more information on Third-Party Services’ data collection and practices click here.  For more information on Service Provider data collection and practices click here.

Information ReceiptJar, its Service Providers and/or Third-Party Services may collect include: (1) personally identifiable information, which is information that identifies you personally, such as your first and last name, and e-mail address (“Personally Identifiable Information” or “PII”); and (2) demographic information, such as your gender, age, ZIP code, race or ethnicity, household information, interests, and recent and upcoming purchases (“Demographic information”).  

Connected Accounts

As highlighted above, when using ReceiptJar, you may elect to connect your Account to other online accounts, such as your email account or online marketplace accounts, including Google Gmail and Amazon. When you do this, your receipts for transactions made to that email address or through those marketplaces are automatically collected by our service and your receipt data is collected via our data collecting machine protocols. You can manage whether your ReceiptJar Account is connected with these third-party accounts through our platform, or you can seek help by contacting us at legal@receiptjar.com any time, or via the Help Centre & live chat. 

Information Collected Automatically

ReceiptJar, its Service Providers, and/or Third-Party Services may also automatically collect certain information about you when you access or use the Service (“Usage Information”).  Usage Information may include IP address, device identifier, browser type, operating system information about your use of the Service, and data regarding network connected hardware (e.g., computer or mobile device) and various other types of information.  The methods that may be used on the Services to collect Usage Information are summarised in further detail in the ‘Types of Usage Information’ section below. 

Third-Party Platform Logins

ReceiptJar allows you to create a new Account with us, and sign in, using your Facebook, Google or Apple account. If you create an Account using these third-party providers, those platforms will get your permission to share certain information from your Facebook, Google or Apple account (as applicable) with us. This could include your user ID, first name, last name, email address, gender, date of birth, location, timezone and profile picture. This information is collected by those third parties and is provided to us under the terms of each entity’s Privacy Policy. You can manage the information that we receive from these platforms using the privacy and data settings in your Facebook, Google or Apple account (as applicable). If you created an Account using these platforms by mistake, you can delete your Account by contacting us via legal@receiptjar.com any time, or you can contact us via the Help Centre & live chat.

Emails

If you decide to submit your online receipts to ReceiptJar via email, you can forward them to r@unocart.com or any other email we provide you from time to time. We will obtain information from the email receipts you forwarded to us regarding your online purchases including details of what was purchased, the vendor information, the total amount spent and the purchase date & time. We attempt to use machine protocols to extract personal information provided by our users at all times in order to limit the number of individuals within our organisation who have access to personal information. However, please note that when information is provided via email or otherwise in the form of an offline receipt, such data collecting machine protocols may not function as intended and we may need to have a member of our staff review that information in order to provide our services. 

You should forward such email receipts only if you are comfortable with sharing the information with us. 

Surveys

The ReceiptJar mobile application may request permission to send you emails or push notifications containing links to surveys in which we would like you to participate, and may also present you with surveys within the application itself. If you participate in these surveys, we will collect and store your answers to the surveys. We will provide further information regarding the purpose of these surveys, including how we use and disclose personal information collected in connection with them, specifically for each survey we provide. 

Third-Party Data

Information about you from third party connected-accounts that is publicly available, such as personal information and estimated demographic information. If you connect your Account to the third party and grant the Site permission to access this information, you provide your consent to collect this information from these sources. 

We will collect Receipt Information from the merchants in the cases where you have provided us with access to an online account.

We may receive information about you from third-party companies that specialise in collecting publicly available information. This may include estimated demographic information and information from public registers, such as the electoral register. When you register for an Account, you consent to the collection of such publicly available information concerning you. 

We may receive information about you from other sources. This may include demographic information from data collection companies and others in order for us to offer anonymous market research reports to clients and partners.

Any such information obtained from third party sources will be used in accordance with the terms and on the basis that that information is provided to us.  Notwithstanding anything to the contrary, except to the extent such data is combined by or on behalf of ReceiptJar with personal information that we have otherwise collected, this Privacy Policy is not intended to limit ReceiptJar’s activities regarding such third-party-sourced, or non-Service-sourced information (including PII).  Except as otherwise required by law, ReceiptJar is not responsible or liable for the accuracy of the information provided by third parties or for third party policies or practices. 

We may link information about you that we collect from these third parties with other information that we collect about you.

Other

We may collect other information that may be considered personal information under certain applicable privacy laws, which may include inferences we have drawn from any of the information listed above. 

TYPES OF USAGE INFORMATION

The methods that may be used on the Services to collect Usage Information include: 

Information from cookies and other tracking technologies

When you use one of our websites or click on a banner advertisement on a third party's website, we may send one or more cookies or similar technologies, such as web beacons (also known as “tracking pixels”), embedded scripts, location-identifying technologies, device recognition technologies, in-app tracking methods, device and activity monitoring and other tracking technologies now and herafter developed (“Tracking Technologies”) to your computer or other device from which you accessed the website or advertisement.  We may use information from these Tracking Technologies to collect information about interactions with the Service or e-mails, including information about your browsing and purchasing behaviour.  Third parties may also share information with us (for example, that you have been shown a particular advertisement) based on cookies that they send to your computer or other device when you visit other websites.

Cookies

A "cookie" is a small file containing a string of characters that is sent to your computer when you visit a website.  When you visit the website again, the cookie allows that site to recognise you from previous visits.  Cookies may store user preferences and other information, and may be session ID cookies or tracking cookies.  Session cookies make it easier for you to navigate the Service and expire when you close your browser. Tracking cookies remain longer and help in understanding how you use the Service and enhance your user experience.  Cookies may remain on your hard drive for an extended period.  If you use your browser’s method of blocking or removing cookies, some but not all types of cookies may be deleted and/or blocked and as a result some features, and functionalities of the Service may not work. 

Web Beacons (“Tracking Pixels”)

Web beacons are small graphic images, also known as “Internet tags” or “clear gifs,” embedded in web pages and e-mail messages. Web beacons may be used, without limitation, to count the number of visitors to the Service, to monitor how users navigate the Service, and to count content views.

Embedded Scripts

An embedded script is programming code designed to collect information about your interactions with the Service. It is temporarily downloaded onto your computer from ReceiptJar’s web server, or from a third party with which ReceiptJar works and is active only while you are connected to the Service and deleted or deactivated thereafter. 

Location-Identifying Technologies

GPS (global positioning systems) software, geo-filtering and other location-aware technologies locate you (sometimes precisely), or make assumptions about your location, for purposes such as verifying your location and delivering or restricting content based on your location.  If you have enabled GPS or use other location-based features on the Service, your device location may be tracked by us and third parties.  

Device Recognition Technologies

Technologies, including application of statistical probability to data sets, as well as linking a common unique identifier to different device use (e.g., Facebook ID), which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user or household) (“Cross-device Data”).

Right to withdraw consent

To the extent that your consent is required for us to collect, use or disclose your personal information in accordance with this Privacy Policy and under applicable privacy law, you may withdraw your consent to certain uses or disclosures of your personal information. 

In-App Tracking Methods

There are a variety of Tracking Technologies that may be included in mobile applications, and these are not browser-based like cookies and cannot be controlled by browser settings.  Some use device identifier, or other identifiers such as “Ad IDs,” or may use “SDKs,” to associate app user activity to a particular app and to track user activity across apps and/or devices. SDKs are blocks of code that may be installed in our mobile application by third party companies with which we work. SDKs help us understand how you interact with our mobile application and collect certain information about the device and network you use to access our application, such as the advertising identifier associated with your device and information about how you interact with our application.

Device and Activity Monitoring

Technologies that monitor, and may record, certain of your interactions with the Service, and/or collect and analyse information from your device, such as, without limitation, your operating system, plug-ins, system fonts, and other data, for purposes such as identification, security, fraud prevention, troubleshooting, tracking and/or improving the Services and customizing or optimizing your experience on the Services.  This may also include technologies that monitor and record usage sessions to help us better understand, track, and improve the usage of our Services.

Log and other information

When you access one of our websites, emails, advertisements, or other content served by us or on behalf of us on third party websites or mobile applications, our servers automatically record information that your browser sends during your access to that content. These server logs typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser or your Account to us. Other actions, such as interactions with advertisements, including the fact you have been shown certain advertisements, and the Advertising ID (or Advertising Identifier) of your device may also be included in our server logs. During some visits to our websites we may use software tools such as JavaScript to measure and collect session information, including page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Some information about your use of the Service and certain other online services may be collected using Tracking Technologies across time and services and used by ReceiptJar and third parties for purposes such as to associate different devices you use and deliver relevant ads and/or other content to you on the Service and certain other online services.

Mobile Device Data

Device information, such as your mobile device ID, model, and manufacturer, and information about the location of your device, if you access the App from a mobile device.

HOW DO WE COLLECT YOUR PERSONAL INFORMATION? 

How we collect your personal information is often dependent upon the type of information that we collect. As such, descriptions of how we collect your personal information are included on an information-type-by-information-type basis in the sections above. That being said, the sources of personal information that we collect can be generally summarised as follows:

• directly from you when you use our App or other aspects of our platform or otherwise use your Account to provide information to us; 

• from your connected accounts, such as Amazon or Google Gmail which you connect to your Account and allow us to access for the purpose of cumulating receipt data;

• from your devices, through interaction between your device and our platform or third parties’ platforms and associated cookies; 

• from third party service providers who provide services on our behalf; 

• social networks or device platforms such as Facebook, Google and Apple; 

• online advertising services and advertising networks;

• operating systems and platforms; and

• data brokers or analytics providers. 

HOW DO WE USE YOUR INFORMATION?

ReceiptJar may use information about you for any purpose not inconsistent with ReceiptJar’s statements under this Privacy Policy, or otherwise made by us in writing at the point of collection, and not prohibited by applicable law.  The following are examples of the primary ways in which we may use your personal information:

Enhance the services we provide you and contact you.

We use your personal information to investigate complaints, claims, and disputes. We also use your personal information to improve site and service performance and the delivery of our services, such as when you make inquiries into and provide feedback on our quality of service. We may also use personal information relating to you to understand your preferences, develop new products and features, or personalise and improve the products we offer you. 

We may also use this information to keep you updated of new features (subject to our compliance with applicable anti-spam laws). We will do so by sending you emails and sending you in-application push notifications.

For market research purposes

When you upload receipts to ReceiptJar, we aggregate this receipt information with millions of other receipts and de-identify your receipts so that it does not contain any specific personally identifiable information. This aggregated information is then used to provide clients with anonymous market research reports, consumer insights and trends.

We collect information about you when you sign up as a Receipt Shopper Panel Member, when you complete surveys and upload your shopping receipts as a Receipt Shopper Panel Member. The information we collect about you and your household will only be used for market research purposes and to prepare reports to present to clients. The data will only be analysed in aggregate and never at the individual level. Our clients never see any single individual’s personally identifiable information.

We may disclose the information we collect about you and your household to third parties to outsource certain tasks, such as to companies who complete more data analysis, or for online surveys. We may also disclose the information we collect about you and your household to related third parties that are located in Australia and overseas. 

In certain situations, data regarding your purchase habits and shopping preferences that you have provided to ReceiptJar may be de-identified and provided to third parties for market research or data analytics purposes. While this data may not be aggregated, our systems de-identify this information to ensure that all personally identifying information is removed before it is provided to third parties. You consent to us disclosing your information in this manner by using our App or our platform, and we reward you for doing so through your participation in our various reward programs. For further information regarding this process, please refer to the ‘Sale of Personal Information’ section below. You may opt-out of the transfer of your information in this manner at any time through our platform or by contacting legal@receiptjar.com. 

Where we do provide your information to third parties we will always take reasonable steps to ensure that your privacy is protected, as further described below.

To deliver personalised advertisements and other information to you

We may use the information that we collect and the Advertising ID (or Advertising Identifier) on your mobile device to show you advertisements about our products and services in other marketing channels. For example, we may use the purchase information we collect about you from your emails or Facebook to deliver to you, via one or more of those channels, advertisements that we are promoting or think may be of interest to you. We may also engage third party advertising networks to deliver these advertisements. These networks use cookies and similar technologies to personalise the advertising content you see and to measure the effectiveness of the advertisements they deliver. These companies are authorised to use the information that we provide and they collect when you navigate to a website within the ad network to provide this service to us.

Protect our rights or property or our Registered Users

We also may use the information we collect to the extent we believe it is appropriate to enforce or apply our rights under our Terms & Conditions, and/or to protect the rights, property or safety of ReceiptJar, our registered users and others.

This may include using personal information to detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity and prosecuting such individuals at our discretion, debugging activities to identify and repair error in our services or platform and other internal research and verification activities. 

Fulfil legal and regulatory requirements

We may use the information we collect to comply with federal, state, provincial or other applicable laws and regulations.

Additional Uses

In addition to the uses set forth above, we may also use the information we collect to:

• allow you to participate in features we offer on the Service;

• facilitate, manage, personalize, and improve your online experience;

• process your registration and manage your account.

• transact with you, provide services or information you request, respond to your comments, questions and requests, and send you notices;

• fulfill other purposes disclosed at the time you provide personal information or otherwise where we are legally permitted or are required to do so;

• determine your location and manage digital content rights (e.g., territory restrictions); and 

• prevent and address fraud, breach of policies or terms, and threats or harms.

De-identified information 

Please note any personal information that we collect may be “de-identified” (i.e., the removal or modification of the personally identifiable elements, or the extraction of non-PII elements), such as through anonymisation, pseudonymisation, and/or hashing, is not considered personal information for the purposes of applicable privacy law and may be used and/or shared without obligation to you, except as prohibited by applicable law.  

Without limiting the generality of the foregoing, we and third parties may convert your personal information (including PII) to non-Personally Identifiable Information, including without limitation through hashing it or substituting a unique identifier for the PII and we and third parties may use and share that data as permitted by applicable law, including to match data attributes to and from other sources. Any such third-party activities are subject to their privacy policies and practices.

HOW DO WE SHARE YOUR INFORMATION?

We may share personal information that we collect about you with third parties for the purpose for which that personal information was collected, in connection with the uses of your personal information as described above and for certain secondary or related purposes as permitted by applicable privacy laws. In particular, we may share your personal information with third parties for the following purposes:

Marketing 

Subject to your communications choices, we may use your personal information to send you marketing communications.  Absent your consent (which may be by means of opt-in, your election not to opt-out, or a third party interaction described bewlo), however, ReceiptJar will not share personal information that we collect directly from you with third parties, other than ReceiptJar Affiliates, for their own direct marketing purposes, except in connection with Corporate Transactions (defined below).

Your Disclosure or Consent

Your activities on the Service may, by their nature, result in the sharing of your personal information with third parties and by engaging in these activities you consent to that and further sharing and disclosure to third parties.  Such third-party data receipt and collection is subject to the privacy and business practices of that third party, not ReceiptJar.

Contests, Monthly Draws and Surveys

We may promote or offer contests, monthly draws, similar promotional offers or surveys that may be co-sponsored by us and one or more other companies, or may be sponsored by other companies. Some or all of your information collected through these offers or surveys may be shared with the sponsor(s) or other companies indicated on the entry form, in the governing rules or on the survey, as applicable. The collection, use and disclosure of your personal information by such sponsor(s) or other companies is subject to the privacy policies and practices of those third parties as indicated on the contest, draw or promotional offer entry form and we are not responsible or liable for any such collection, use or disclosure.  By entering, you are agreeing to the official rules that govern that contest, monthly draw, and/or survey, which may include consent to additional or differing data practices from those contained in this Privacy Policy.  Please review those rules carefully. 

Agents and Service Providers

We engage other companies and individuals to perform certain services and functions on our behalf (“Service Providers”). For example, we may engage third parties to send email and postal mail, analyse data, provide marketing services, process applications and provide customer service.  Where we use Service Providers who might have access to your personal information, we select them carefully and require them to have privacy and security standards that are comparable to ours.  We use contracts and other measures with our service providers to ensure that they maintain the confidentiality and security of your personal information and are allowed to access and use such information only as needed to perform their functions and for no other purposes, provided however, ReceiptJar does not authorize its Service Providers to use personal information that we have collected and provided to the Service Providers to send you direct marketing messages other than related to ReceiptJar and ReceiptJar Affiliates, absent your consent.

Corporate Transactions

In addition, ReceiptJar may share your personal information, in connection with or during negotiations of any proposed or actual financing of our business, or merger, purchase, sale, joint venture, or any other type of acquisition or business combination of all or any portion of ReceiptJar assets, or transfer of all or a portion of ReceiptJar’s business to another company, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding (“Corporate Transactions”).

Protection of ReceiptJar and Others

We may disclose information about you to third parties when we believe such disclosure is appropriate to comply with a legal requirement, such as a law, regulation, court order, subpoena or search warrant, or in the course of a legal proceeding. We may also disclose your information as we believe appropriate to enforce or apply our rights under our Terms and Conditions, or to protect the rights, property or safety of ReceiptJar, our related bodies corporate, our registered users and others, including exchanging information for fraud protection and credit risk reduction.

SALE OF PERSONAL INFORMATION  

While we do not ‘sell’ your personal information to unrelated third parties, we do strategically engage with third party service providers and affiliates that we consider may align with our business practices or which may otherwise offer services that are beneficial to you. Under certain applicable privacy laws, these practices are considered to be the ‘sale’ of your personal information to third parties for monetary or other valuable consideration. Under this definition, we may sell your personal information in the following ways:

• (Market Data) We may share data related to your purchasing habits, receipts or survey responses with clients or third parties for market research or data analytics purposes. The data we share with third parties in this manner is de-identified, such that it may contain information about your purchasing habits and responses but no information that is likely to personally identify you. Such information generally is not personal information for the purposes of applicable privacy laws, however there may be circumstances where such data inadvertently includes your personal information or is otherwise specifically considered to be personal information at law (despite that it does not otherwise identify you). As such, and to ensure your data privacy is taken seriously, we only share this data with your consent, which you provide when using our App or otherwise engage with our services. Common third parties with whom we provide market data include 84.51 LLC, Nielsen Consumer LLC and NielsenIQ and its related bodies corporate, although we may engage other third parties in connection with your market data from time to time. 

• (Advertising Data) We may permit certain third party online advertising services to collect personal information about you through our App or on any of our platforms via automated technologies, such as cookies. These advertising providers may use personal information such as your online and device identifiers and your activity in connection with our services for online advertising purposes to place ads that are relevant or beneficial to you. 

You have the right to opt out of these disclosures of your personal information as described further below.

INFORMATION YOU DISCLOSE PUBLICLY OR TO OTHERS

Third-Party Content, Third-Party Services, Social Features, Advertising and Analytics

The Service may include or link to third-party websites, apps, locations, platforms, code (e.g., plug-ins, application programming interfaces (“API”), and software development kits (“SDKs”)) or other services (“Third-Party Service(s)”).  These Third-Party Services may use their own cookies, web beacons, and other Tracking Technology to independently collect information about you and may solicit personal information from you.  

Certain functionalities on the Service permit interactions that you initiate between the Service and certain Third-Party Services, such as third party social networks (“Social Features”).  Examples of Social Features include: enabling you to send content such as contacts and photos between the Service and a Third-Party Service; “liking” or “sharing” ReceiptJar’s content; logging in to the Service using your Third-Party Service account (e.g., using Facebook Connect to sign-in to the Service); and to otherwise connect the Service to a Third-Party Service (e.g., to pull or push information to or from the Service).  If you use Social Features, and potentially other Third-Party Services, information you post or provide access to may be publicly displayed on the Service or by the Third-Party Service that you use. Similarly, if you post information on a Third-Party Service that references the Service (e.g., by using a hashtag associated with ReceiptJar or other ReceiptJar Affiliates in a tweet or status update), your post may be used on or in connection with the Service or otherwise by ReceiptJar or other ReceiptJar Affiliates.  Also, both ReceiptJar and the third party may have access to certain information about you and your use of the Service and any Third-Party Service. 

ReceiptJar may engage and work with Service Providers and other third parties to serve advertisements on the Service and/or on other online services.  Some of these ads may be tailored to your interest based on your browsing of the Service and elsewhere on the Internet, which may include use of precise location and/or Cross-device Data, sometimes referred to as “interest-based advertising” and “online behavioral advertising” (“Interest-based Advertising”), which may include sending you an ad on another online service after you have left the Service (i.e., “retargeting”).  

ReceiptJar may use Google Analytics, Adobe Analytics or other Service Providers for analytics services.  These analytics services may use cookies and other Tracking Technologies to help ReceiptJar analyze Service users and how they use the Service.  Information generated by these analytics services (e.g., your IP address and other Usage Information) may be transmitted to and stored by these Service Providers on servers in the U.S. (or elsewhere) and these Service Providers may use this information for purposes such as evaluating your use of the Service, compiling statistic reports on the Service’s activity, and providing other services relating to Service activity and other Internet usage.  

ReceiptJar is not responsible for, and makes no representations regarding, the policies or business practices of any third parties, including, without limitation, analytics Service Providers and Third-Party Services associated with the Service, and encourages you to familiarize yourself with and consult their privacy policies and terms and conditions.  

HOW DO WE SECURE, RETAIN AND LIMIT YOUR INFORMATION?

Security of Your Account

We will take reasonable steps to protect the personal information we collect from loss, misuse, unauthorised access, disclosure, alteration, and destruction. We have put in place appropriate physical, electronic and managerial procedures to safeguard and secure your personal information from misuse and unauthorised access, disclosure, alteration or destruction, however you are responsible for maintaining the secrecy of your unique password and Account information, and for controlling access to emails between you and ReceiptJar, at all times. We are not responsible for the functionality, privacy, or security measures of any other organisation.

Collection of Information from Children

All of our products or services are not intended for use or purchase by users under the age of 18. ReceiptJar does not knowingly collect or solicit any information from anyone under the age of 18 or knowingly allows such persons to register for the Service. The Service and its content are not directed at children under the age of 18. ReceiptJar does not intend to collect personal information as defined by the U.S. Children’s Online Privacy Protect Act (“COPPA”) (“Children’s Personal Information”) in a manner not permitted by COPPA.  In the event that we learn that we have collected Children’s Personal Information or personal information from a person under age 18 without parental consent, we will delete that information to the extent required by applicable law. If you believe that we might have any Children’s Personal Information or information from or about a person under 18, please contact us at legal@receiptjar.com. 

Where your information is stored or disclosed

ReceiptJar is based in Australia and the information ReceiptJar and its Service Providers collect is governed by the laws of Western Australia and Australia.  ReceiptJar offers services in Australia, Canada, and the United States.  If you are located in the European Union (EU), European Economic Area (EEA), United Kingdom, and/or Switzerland, please note that ReceiptJar does not intend to offer goods and services (including the Services) to EU, EEA, UK, or Swiss individuals.  If you are accessing the Service from outside of Australia, please be aware that information collected through the Service may be transferred to, processed, stored, and used in Australia, Canada, Singapore, and the United States.  Data protection laws in these jurisdictions may be different from those of your country of residence.  We ensure that we do not send your personal information to third party recipients overseas without first taking reasonable steps to ensure that the recipient complies with applicable privacy laws and this Privacy Policy or without obtaining your consent or otherwise complying with all applicable privacy law. Your use of the Service or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of your information, including personal information, to overseas recipients as set forth in this Privacy Policy.

Retaining Your Personal Information

We will only retain your personal information as long as is necessary for the fulfillment of the purposes for which it was collected or as required by law. Your personal information is securely stored until such time as it is no longer required, after which it is destroyed or rendered such that it is unable to identify you.

YOUR RIGHTS UNDER APPLICABLE PRIVACY LAW

Depending upon your jurisdiction and the jurisdictions in which we operate, you may have various rights under applicable privacy laws, notably including the Australian Privacy Act 1998 (Cth), the U.S. Privacy Laws (as defined in the US Privacy Notice section and various Canadian privacy laws including the Personal Information Protection and Electronic Documents Act. For consistency across our operations and as a commitment to providing the best service to our users, we provide the following rights to all of our users, regardless of the jurisdiction in which you are located. 

Please note, to the extent your exercise of any rights provided below impacts our ability to provide Shopper Receipt Panels, Market Research and Rewards Programs, we reserve the right to cease offering certain aspects of our Services to you at our discretion. 

Your Rights

Access

You are entitled to access the personal information we hold about you and may request that we correct any errors in the information we hold. We will take reasonable steps to allow you to access your personal information unless reasonable circumstances exist that would prohibit us from doing so. 

Correction

We will correct your personal information where we are satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading. If we correct any personal information that we have disclosed to third parties we will take reasonable steps to notify those parties of the change or update. 

Deletion

You have the right to request deletion of your personal information that we have collected about you, subject to certain exceptions. 

Opt-out of Sale

You have the right to opt-out of the sale or sharing of your personal information, and targeted advertising, subject to certain exceptions. We may be unable to offer you certain aspects of our services to the extent you opt-out of the sale of your personal information in this manner.  

Right to Know

You may request that we disclose to you what personal information we have specifically collected, used, shared or sold about you and why we have done so, subject to certain exceptions. While this Privacy Policy sets out these details on a general basis, you may request that we provide this information on a specific basis concerning your personal information. 

Right to withdraw consent

To the extent that your consent is required for us to collect, use or disclose your personal information in accordance with this Privacy Policy and under applicable privacy law, you may withdraw your consent to certain uses or disclosures of your personal information. 

You may exercise any of the above rights by by logging into the App and contacting us through our support channels or contacting our Privacy Officer at hello@receiptjar.com. In certain circumstances, we may need to verify your identity, including (in some circumstances) by verifying it with third parties before providing these rights to you and to continue providing our services to you. 

We will not engage in discriminatory conduct regarding you for exercising any of your rights under this Privacy Policy or as applicable at law. 

Depending on your location, you may have additional rights available under foreign privacy laws and regulations, to the extent those regulations apply to us. We will comply with any such rights upon reasonable request. The rights afforded to Consumers in the US are more fully outlined in subsection 2 of the U.S. State Privacy Notice.

If you are concerned that we may have breached applicable privacy law, please contact us immediately at the contact details set out above. We will undertake a reasonable and expeditious assessment of the concern and suggest relevant resolution processes. If you are unsatisfied with our response to, or resolution of, your complaint you may contact your local privacy regulator, including, in Australia, the Office of the Australian Information Commissioner. 

CHOICES: TRACKING AND COMMUNICATIONS OPTIONS

Tracking Technologies Generally

Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings.  Browsers offer different functionalities and options, so you may need to set them separately.  Also, tools from commercial browsers may not be effective with regard to HTML5 cookies, or other Tracking Technologies.  Please be aware that if you disable or remove these technologies, some parts of the Service may not work and that when you revisit the Service your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations.  

Some App-related Tracking Technologies in connection with non-browser usage (e.g., most functionality of a mobile app) can only be disabled by uninstalling the app.  To uninstall an app, follow the instructions from your operating system or handset manufacturer.  Apple and Google mobile device settings have settings to limit ad tracking, and other tracking, but these may not be completely effective. 

Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit.  Note, however, there is no consensus among industry participants as to what “Do Not Track” means in this context.  Like many online services, ReceiptJar currently does not alter ReceiptJar’s practices when ReceiptJar receives a “Do Not Track” signal from a visitor’s browser. Some third parties, however, may offer you choices regarding their Tracking Technologies. For specific information on some of the choice options offered by third party analytics and advertising providers, see the next section. We may, from time-to-time, and in certain jurisdictions, offer or point you to tools that allow you to exercise certain preferences regarding cookies and other Tracking Technologies associated with the Services, but such tools rely on third parties and third party information so we do not guaranty that the tools will provide complete and accurate information or be completely effective.  

We do not represent that these third-party tools, programs or statements are complete or accurate. You will need to do this on each browser that you use to access our Services, and clearing cookies on your browser(s) may disable your preference settings.  Also, our Services may not function properly or as intended if you block all or even certain cookies.  Accordingly, you may want to consider the more limited opt-out choices noted in the next section.

Analytics and Advertising Tracking Technologies

You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on.  You may exercise choices regarding the use of cookies from Adobe Analytics by going to http://www.adobe.com/privacy/opt-out.html under the section labeled “Tell our customers not to measure your use of their web sites or tailor their online ads for you.”

You may choose whether to receive some Interest-based Advertising by submitting opt-outs.  Some of the advertisers and Service Providers that perform advertising-related services for us and third parties may participate in the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Program for Online Behavioral Advertising.  To learn more about how you can exercise certain choices regarding Interest-based Advertising, including use of Cross-device Data for serving ads, visit http://www.aboutads.info/choices/, and http://www.aboutads.info/appchoices for information on the DAA’s opt-out program specifically for mobile apps (including use of precise location for third party ads).  Some of these companies may also be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, see http://www.networkadvertising.org/choices/.  Please be aware that, even if you are able to opt out of certain kinds of Interest-based Advertising, you may continue to receive other types of ads.  Opting out only means that those selected members should no longer deliver certain Interest-based Advertising to you but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks).  Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser or use a non-browser-based method of access (e.g., mobile app), your NAI / DAA browser-based opt-out may not, or may no longer, be effective.  ReceiptJar supports the ad industry’s Self-regulatory Principles for Online Behavioral Advertising and expects that ad networks ReceiptJar directly engages to serve you Interest-based Advertising will do so as well, though ReceiptJar cannot guaranty their compliance. 

We may also use Google Ad Services. To learn more about the data Google collects and how your data is used by it and to optout of certain Google browser Interest-Based Advertising, please visit here.

ReceiptJar is not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.

Mobile Apps

With respect to ReceiptJar’s mobile apps (“apps”), you can stop all collection of data generated by use of the app by: first, if you have used the app to connect to any third party accounts, such as Google or Amazon, by disconnecting those accounts through the app, and second by uninstalling the app.  Also, you may be able to exercise specific privacy choices, such as enabling or disabling certain features (e.g., tracking across apps and websites owned by other online services, location-based services, push notifications, accessing calendar/contacts/photos, etc.), by adjusting the permissions in your mobile device and/or the app’s settings. For example, to limit receiving Interest-based Advertising on your mobile device, for iOS 14, go to “Settings,” select “Privacy,” select “Tracking,” and then toggle off “Allow Apps to Request to Track.” For earlier versions of iOS dating back to iOS 6, go to “Settings,” select “Privacy,” select “Advertising,” and toggle on “Limit Ad Tracking.” For Android, go to “Settings,” select “Privacy,” select “Ads,” and then toggle on “Opt out of Ads Personalization.” Beware that if GPS precise location services are disabled, other means of establishing or estimating location (e.g., connecting to or proximity to wi-fi, Bluetooth, beacons, or our networks) may persist. 

To learn more about how you can control location permissions using your mobile device’s operating system settings, please visit the following links depending on which device you use:

Android:
For Android 6.0 and above:
- https://support.google.com/googleplay/answer/6270602?hl=en
For earlier versions of Android:
- https://support.google.com/googleplay/answer/6014972 

iOS: - https://support.apple.com/en-us/HT207056 

Communications

Where we use your personal information to send you marketing and promotional information you will be provided with the opportunity to opt-out of receiving such information. Unless you exercise your right to opt-out of such communication, you will be taken to have consented to receive similar information and communications in the future.

You can opt out of receiving certain promotional communications (emails or text messaging) from ReceiptJar at any time by (i) for promotional e-mails, following the instructions provided in emails to click on the unsubscribe link, or if available by changing your communication preferences by logging onto your account; (ii) for text messages, following the instructions provided in text messages from ReceiptJar to text the word, “STOP”; and (iii) for app push notifications turn off push notifications on the settings of your device and/or the app, as applicable.  Please note that your opt-out is limited to the e-mail address or phone number used and will not affect subsequent subscriptions.  If you opt-out of only certain communications, other subscription communications may continue.  Even if you opt out of receiving promotional communications, ReceiptJar may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or ReceiptJar’s ongoing business relations.  

Cross-Device Data

To learn more about how you can exercise certain choices regarding Cross-device data for Interest-based Advertising, see the prior section regarding the DAA’s Interest-based Advertising choices.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time in our sole discretion. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on the App. Please be sure to periodically check this page to ensure that you are aware of any changes to this Privacy Policy. Any material changes to this Privacy Policy will be communicated to registered users by a notification to their Account. Your continued access to or use of the Platform after the effective date of such changes will be subject to the revised Privacy Policy. This Privacy Policy states, at the top of the page, the date on which it was last updated.

Unsubscribe

To unsubscribe from all future emails, click the unsubscribe link in the welcome email or any subsequent email from us. You may also email or write to us using the details set out below.

Contacting us

If you have any questions or concerns about this Privacy Policy, including our use of service providers outside of your jurisdiction of residence, you can email our Privacy Officer at legal@receiptjar.com

U.S STATE PRIVACY NOTICE

This U.S. State Privacy Notice (“Notice”) applies to “Consumers” as defined under the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (together, the “CCPA”), the Colorado Privacy Act, the Virginia Consumer Data Protection Act, the Utah Consumer Privacy Act, Connecticut’s Act Concerning Personal Data Privacy and Online Monitoring, Chapter 603A of the Nevada Revised Statutes, and all laws implementing, supplementing or amending the foregoing, including regulations promulgated thereunder (collectively, “U.S. Privacy Laws”).

We do not believe that the U.S. Privacy Laws are currently applicable to us, however we are offering Consumers the rights afforded under the U.S. Privacy Laws. This Notice is designed to meet some of our obligations under U.S. Privacy Laws and supplements the general policies of ReceiptJar or including, without limitation, this Website Privacy Policy.  In the event of a conflict between any other ReceiptJar policy, notice, or statement and this Notice, this Notice will prevail as to Consumers unless stated otherwise.

Applicability:

• Section 1 of this Notice provides notice of our data practices, including our collection, use, disclosure, and sale of Consumers’ Personal Information or Personal Data (collectively, “PI”).

• Sections 2-5 of this Notice provide information regarding Consumer rights and how you may exercise them.

• Section 6 of this Notice provides additional information for California residents.

For California residents the term “Consumer” is not limited to data subjects acting as individuals regarding household goods and services and includes data subjects in a business-to-business context.  This is not the case in other states.

Non-Applicability, Human Resources:  This Notice does not apply to our job applicants, current employees, former employees, or independent contractors (collectively, “Personnel”).  As of the date Last Updated date, ReceiptJar does not have any U.S.-based Personnel.

1. Notice of Data Practices

The description of our data practices in this Notice covers the twelve (12) months prior to the Last Updated date and will be updated at least annually.  Our data practices may differ between updates, however, if materially different from this Notice, we will provide supplemental pre-collection notice of the current practices, which may include references to other privacy policies, notices, or statements.  Otherwise, this Notice serves as our notice at collection.

We may Collect your PI directly from you (e.g., when you register for an account); your devices; our affiliates; service providers; public sources of data; credit reporting agencies; or other businesses or individuals.

Generally, we Process your PI to provide you services and as otherwise related to the operation of our business, including for one or more of the following Business Purposes: Performing Services; Managing Interactions and Transactions; Security; Debugging; Advertising & Marketing; Quality Assurance; Processing Interactions and Transactions; and Research and Development.  We may also use PI for other Business Purposes in a context that is not a Sale or Share under U.S. Privacy laws, such as disclosing it to our Service Providers, Contractors, or Processors that perform services for us (“Vendors”), to the Consumer or to other parties at the Consumer’s direction or through the Consumer’s action; for the additional purposes explained at the time of collection (such as in the applicable privacy policy or notice); as required or permitted by applicable law; to the government or private parties to comply with law or legal process or protect or enforce legal rights or obligations or prevent harm; and to assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”) (“Additional Business Purposes”).  Subject to restrictions and obligations under U.S. Privacy Laws, our Vendors may also use your PI for Business Purposes and Additional Business Purposes, and may engage their own vendors to enable them to perform services for us.

We may also use and disclose your PI under this Notice for Commercial Purposes, which may be considered a “Sale” or “Share” under applicable U.S. Privacy Laws, such as when Third-Party Digital Businesses (defined below) Collect your PI via third-party cookies, and when we Process PI for certain advertising purposes.

We provide more detail on our data practices in the two charts that follow.

a. PI Collection, Disclosure, and Retention – By Category of PI

We collect, disclose, and retain PI as follows:

There may be additional information we Collect that meets the definition of PI under applicable U.S. Privacy Laws but is not reflected by a category above, in which case we will treat it as PI as required but will not include it when we describe our practices by PI category.  As permitted by applicable law, we do not treat deidentified or aggregate consumer information as PI and we reserve the right to convert, or permit others to convert, your PI into deidentified data or aggregate consumer information, and may elect not to treat publicly available information as PI.  We will not attempt to reidentify data that we maintain as deidentified.  Because there are numerous types of PI in each category, and various uses for each PI type, actual retention periods vary.  We retain specific PI pieces based on how long we have a legitimate purpose for the retention, which varies based on the type of data at issue, but can be up to two years or more. 

b. PI Use and Disclosure – By Processing Purpose

We use and disclose PI for the processing purposes described below:

We will not collect additional categories of PI or use the PI we collected for material different, unrelated, or incompatible purposes without providing you notice.

2. Your Consumer Rights and How to Exercise Them

As described more below, subject to meeting the requirements for a Verifiable Consumer Request (defined below) and limitations permitted by applicable laws, ReceiptJar provides Consumers in the United States the privacy rights described in this section.

To submit a request to exercise your Consumer privacy rights, or to submit a request as an authorized agent, please log into the App and contact us through our support channels, by email at hello@receiptjar.com, or use our Consumer Rights Request Portal.

a. Right to Limit Sensitive PI Processing

We only Process Sensitive PI for purposes that are exempt from Consumer choice under U.S. Privacy Laws, such as, for example, to perform the services or provide goods you requested, to detect and remediate security incidents, or to comply with federal, state and local law.

b. Right to Know/Access

US Consumers are entitled to access PI up to twice in a 12-month period.  

i. Categories

U.S. Consumers have a right to submit a request for any of the following for the period that is 12-months prior to the request date:

• The categories of PI we have Collected about you.

• The categories of sources from which we Collected your PI.

• The Business Purposes or Commercial Purposes for our Collecting, Selling, or Sharing your PI.

• The categories of Third Parties to whom we have disclosed your PI.

• A list of the categories of PI disclosed for a Business Purpose and, for each, the categories of recipients, or that no disclosure occurred.

• A list of the categories of PI Sold or Share about you and, for each, the categories of recipients, or that no Sale or Share occurred.  

ii. Specific Pieces

You may request to confirm if we are Processing your PI and, if we are, to obtain a transportable copy, subject to applicable request limits, of your PI that we have collected and are maintaining.  For your specific pieces of PI, as required by applicable U.S. Privacy Laws, we will apply the heightened verification standards as described below.  We have no obligation to re-identify information or to keep PI longer than we need it or are required to by applicable law to comply with access requests.

c. Do Not Sell/Share/Target

Under the various U.S. Privacy Laws there are broad and differing concepts of “Selling” PI for which an opt-out is required. California also has an opt-out from “Sharing” for Cross-Context Behavioral Advertising (use of PI from different businesses or services to target advertisements). Other states have an opt-out of “Targeted Advertising” (defined differently but also addressing tracking, profiling, and targeting of advertisements). We may Sell or Share your PI and/or use your PI for Targeted Advertising, as these terms apply under U.S. Privacy Laws. However, we provide U.S. Consumers an opt out of Sale/Sharing/Targeting that is intended to combine all of these state opt-outs into a single opt-out available regardless of state of residency.

Third-Party digital businesses (“Third-Party Digital Businesses”) may associate cookies and other tracking technologies that Collect PI about you on our services, or otherwise Collect and Process PI that we make available about you, including digital activity information. We understand that giving access to PI on our services, or otherwise, to Third-Party Digital Businesses could be deemed a Sale and/or Share under some state laws and thus we will treat such PI (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) collected by Third-Party Digital Businesses, where not limited to acting as our Service Provider (or Contractor or Processor), as a Sale and/or Share and subject to a Do Not Sell/Share/Target opt-out request. We will not Sell your PI, Share your PI for Cross-Context Behavioral Advertising, or Process your PI for Targeted Advertising if you make a Do Not Sell/Share/Target opt-out request. 

Opt-out for non-cookie PI: If you want to limit our Processing of your non-cookie PI (e.g., your email address) for Targeted Advertising, or opt-out of the Sale/Sharing of such data, make an opt-out request here.  

Opt-out for cookie PI: If you want to limit our Processing of your cookie-related PI for Targeted Advertising, or opt-out of the Sale/Sharing of such PI, you need to exercise a separate opt-out request on our cookie management tool here. This is because we have to use different technologies to apply your opt-out of cookie PI and to non-cookie PI. Our cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device. A similar tool is available for our app, which you can access via the Do Not Sell/Share/Target option in the settings menu. You must exercise your preferences on each of our websites and apps you visit, from each browser you use, and on each device that you use.  Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective and you will need to enable them again via our cookie management tool.  Please also refer to our Section 8 for other ways to exercise preferences regarding Third-Party Digital Businesses.  Beware that if you use ad blocking software, our cookie banner may not appear when you visit our services and you may have to use the link above to access the tool.  

Opt-out preference signals (also known as global privacy control or GPC): Some of the U.S. Privacy Laws require businesses to process GPC signals, which is referred to in California as opt-out preference signals (“OOPS”), which are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of the Sale and Sharing of personal information. To use an OOPS/GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the OOPS/GPC.  We have configured the settings of our consent management platform to receive and process GPC signals on our website, which is explained by our consent management platform. We process OOPS/GPC with respect to Sales and Sharing that may occur in the context of Collection of cookie PI by tracking technologies online by Third-Party Digital Businesses, discussed above, and apply it to the specific browser on which you enable OOPS/GPC. We currently do not, due to technical limitations, process OOPS/GPC for opt-outs of Sales and Sharing in other contexts (e.g., non-cookie PI).  [We do not: (1) charge a fee for use of our service if you have enabled OOPS/GPC; (2) change your experience with any product or service if you use OOPS/GPC; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the OOPS/GPC.] or [We do not: (1) charge a fee for use of our service if you have enabled OOPS/GPC; or (2) change your experience with any product or service if you use OOPS/GPC; however, if you have previously accepted optional cookies we will display a notification indicating a conflict with the OOPs signal and confirming your choice.]

We do not knowingly Sell or Share the PI of Consumers under 16, unless we receive affirmative authorization (“opt-in”) from either the Consumer who is between 13 and 16 years old, or the parent or guardian of a Consumer who is less than 13 years old. If you think we may have unknowingly collected PI of a Consumer under 16 years old, please Contact Us.

We may disclose your PI for the following purposes, which are not a Sale or Share:  (i) if you direct us to disclose PI; (ii) to comply with a Consumer rights request you submit to us; (iii) disclosures amongst the entities that constitute Company as defined above, or as part of a Corporate Transaction; and (iv) as otherwise required or permitted by applicable law.

d. Right to Delete

Except to the extent we have a basis for retention under applicable law, you may request that we delete your PI. Our retention rights include, without limitation:

• to complete transactions and services you have requested;

• for security purposes;

• for legitimate internal Business Purposes (e.g., maintaining business records);

• to comply with law and to cooperate with law enforcement; and

• to exercise or defend legal claims.

Please also be aware that making a deletion request does not ensure complete or comprehensive removal or deletion of PI or content you may have posted.

Note also that, depending on where you reside (e.g., California and Utah), we may not be required to delete your PI that we did not Collect directly from you.

e. Correct Your PI

Consumers may bring inaccuracies they find in their PI that we maintain to our attention and we will act upon such a complaint as required by applicable law. 

f. Automated Decision Making / Profiling

We only engage in Automated Decision Making or Profiling in ways that are exempt from Consumer choice under U.S. Privacy Laws.

g. How to Exercise Your Consumer Privacy Rights

As noted above, to submit a request to exercise your Consumer privacy rights, or to submit a request as an authorized agent, please log into the App and contact us through our support channels or contacting our Privacy Officer at hello@receiptjar.com, or use our Consumer Rights Request Portal, and respond to any follow-up inquiries we make.  Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media, etc.).

i. Your Request Must be a Verifiable Consumer Request

As permitted or required by applicable U.S. Privacy Laws, any request you submit to us must be a Verifiable Consumer Request, meaning when you make a request, we may ask you to provide verifying information, such as your name, e-mail, phone number and/or account information. We will review the information provided and may request additional information (e.g., transaction history) via e-mail or other means to ensure we are interacting with the correct individual.  We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces), Right to Delete, or Right to Correction request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI.  We do not verify opt-outs of Sell/Share/Target or Limitation of Sensitive PI requests unless we suspect fraud. 

You are not required to create a password-protected account with us to make a Verifiable Consumer Request, but you may use your password-protected account to do so. If we suspect fraudulent or malicious activity on or from the password-protected account, we may decline a request or request that you provide further verifying information.

We verify each request as follows:

• Right to Know (Categories):  We verify your Request to Know Categories of PI to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you.  If we cannot do so, we will refer you to this Notice for a general description of our data practices. 

• Right to Know (Specific Pieces):  We verify your Request To Know Specific Pieces of PI to a reasonably high degree of certainty, which may include matching at least three data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you together with a signed declaration under penalty of perjury that you are the Consumer whose PI is the subject of the request. If you fail to provide requested information, we will be unable to verify you sufficiently to honor your request, but we will then treat it as a Right to Know Categories Request. 

• Do Not Sell/Share/Target & Limit SPI:  No specific verification required unless we suspect fraud.

• Right to Delete:  We verify your Request to Delete to a reasonable degree of certainty, which may include matching at least two reliable data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three reliable data points provided by you with data points maintained by us, depending on the sensitivity of the PI and the risk of harm to the Consumer posed by unauthorized deletion.  If we cannot verify you sufficiently to honor a deletion request, you can still make a Do Not Sell/Share/Target and/or Limit SPI request.

• Correction:  We verify your Request to Correct PI to a reasonable degree of certainty, which may include matching at least two reliable data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three reliable data points provided by you with data points maintained by us, depending on the sensitivity of the PI and the risk of harm to the Consumer posed by unauthorized correction.

To protect Consumers, if we are unable to verify you sufficiently we will be unable to honor your request. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

ii. Agent Requests

You may use an authorized agent to make a request for you, subject to our verification of the agent, the agent’s authority to submit requests on your behalf, and of you.  You can learn how to do this by visiting the agent section of our Consumer Rights Request Portal.  Once your agent’s authority is confirmed, they may exercise rights on your behalf subject to the agency requirements of applicable U.S. Privacy Laws.

iii. Appeals

U.S. Consumers may appeal Company’s decision regarding a request as will be described in our response to your request. 

h. Our Responses

Some PI that we maintain is insufficiently specific for us to be able to associate it with a verified Consumer (e.g., clickstream data tied only to a pseudonymous browser ID). We do not include that PI in response to those requests.  If we deny a request, in whole or in part, we will explain the reasons in our response.  

We will make commercially reasonable efforts to identify Consumer PI that we Process to respond to your Consumer request(s).  In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest you receive the most recent or a summary of your PI and give you the opportunity to elect whether you want the rest.  We reserve the right to direct you to where you may access and copy responsive PI yourself.  We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome.  If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision.  You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

Consistent with applicable U.S. Privacy Laws and our interest in the security of your PI, we will not deliver to you your Sensitive PI (e.g., financial account number, account password, etc.) in response to a Consumer privacy rights request; however, you may be able to access some of this information yourself through your account if you have an active account with us.

3. Non-Discrimination / Non-Retaliation

We will not discriminate or retaliate against you in a manner prohibited by applicable U.S. Privacy Laws for your exercise of your Consumer privacy rights. We may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable PI.

4. Notice of Financial Incentives Programs

We may offer discounts or other rewards (“Incentives”) from time-to-time to Consumers that provide us with PI, such as name, phone number, e-mail address, IP address, or location. You may opt-in to Incentives by using our service, and opting-in to any other loyalty and Incentive programs we may offer from time-to-time (“Program(s)”). Each Program may have additional terms, available on the Program page or at Program sign-up. The Incentives will be described in the Program page, or at Program sign-up. We measure the value your PI collected in Programs by the cost of operating the applicable Program (excluding Incentive costs) and/or the cost of providing the Incentive. We deem the value of the PI to be reasonably related to the value of the Incentive, and by subscribing to these Programs you indicate you agree. If you do not, do not subscribe to the Programs. If you subsequently wish to withdraw from the Programs, the method for doing so will be explained in the Program terms.

5. Our Rights and the Rights of Others

Notwithstanding anything to the contrary, we may collect, use and disclose your PI as required or permitted by applicable law and this may override your rights under U.S. Privacy Laws. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.

6. Additional Notice for California Residents

In addition to the CCPA, certain Californians are entitled to certain other notices, as follows: 

This Notice provides information on our online practices and your California rights specific to our online services. Without limitation, Californians that visit our online services and seek to acquire goods, services, money or credit for personal, family or household purposes are entitled to the following notices of their rights:

a. California Minors

Although our services are intended for an audience over the age of majority, any California residents under the age of eighteen (18) who have registered to use our services, and posted content on the service, can request removal by contacting us, detailing where the content is posted and attesting you posted it. We will then make reasonably good faith efforts to remove the post from prospective public view or anonymize it, so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines we do not control.

b. Shine the Light

We may disclose “personal information,” as defined by California’s “Shine the Light” law, to third parties for such third parties own direct marketing purposes. California residents may opt-out of this sharing by contacting us at legal@receiptjar.com or The U Group & Co, c/o WeWork,152 St Georges Terrace, Perth WA 6000 (Attn: Privacy). You must put the statement “Shine the Light Request” in the body of your correspondence. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. This right is different than, and in addition to, CCPA rights, and must be requested separately. However, a Do Not Sell/Share/Target opt-out is broader and will limit our disclosing to third parties for their own direct marketing purposes without the need for making a separate Shine the Light request. We will not accept Shine the Light requests by telephone or by fax, and are not responsible for requests not labeled or sent properly, or that are incomplete.