Rev. 11/2017
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
The types of personal information we collect and share depend on the product or service you have with us. This information can include:
  • Social Security number and payment history
  • account balances and account transactions
  • transaction history and purchase history
When you are no longer our customer, we continue to share your information as described in this notice.
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Cardpool chooses to share; and whether you can limit this sharing.
Reasons we can share your personal information Does Cardpool Share? Can you limit this sharing?
For our everyday business purposes -
such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus
Yes No
For our marketing purposes –
to offer our products and services to you
Yes No
For joint marketing with other financial institutions
Yes No
For our affiliates' everyday business purposes –
information about your transactions and experiences
Yes No
For our affiliates' everyday business purposes –
information about your creditworthiness
No We don't share
For our affiliates to market to you
No We don't share
For nonaffiliates to market to you
No We don't share
Questions? Contact:
Who we are
Who is providing this notice? Cardpool, Inc. ("Cardpool")
What we do
How does Cardpool protect my personal information? To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does Cardpool collect my personal information?
We collect your personal information, for example, when you:
  • pen an account or provide account information
  • give us your contract information or show us your government-issued ID
  • use your credit or debit card
We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can't I limit all sharing?
Federal law gives you the right to limit only:
  • sharing for affiliates’ everyday business purposes – information about your creditworthiness
  • affiliates from using your information to market to you
  • sharing for nonaffiliates to market to you
State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.
Companies related by common ownership or control. They can be financial and nonfinancial companies.
Companies not related by common ownership or control. They can be financial and nonfinancial companies.
  • Cardpool does not share with nonaffiliates so they can market to you.
Joint Marketing
A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
  • Cardpool may partner with nonaffiliated financial companies to jointly market financial products or services to you.
Other important information
CA residents: Cardpool will limit sharing with its affiliates to the extent required by California law. Cardpool will not share your personal information for joint marketing with other financial institutions.
VT residents: If Cardpool shares your personal information for joint marketing with other financial institutions, it will share only your name, contact information, and information about your transactions.
NV residents: We are providing this notice pursuant to Nevada law.

Cardpool Consumer Privacy Policy

Last Updated: Feb 1, 2019

Introduction and Scope of Practices.

Cardpool cares about your personal information. This Privacy Policy ("Policy") describes the personal data we collect, how we use this data, with whom we share it, and the choices individuals have about our use of this data. The Policy applies to the personal data Cardpool collects about users of our websites (including mobile applications, and the services and features therein (together the "Sites"), as well as the data we collect in providing our services (the "Services") and when individuals communicate with us about our Sites and Services, whether in person, by telephone, by mail, or other means, unless you are notified at the time we collect your personal data that a different privacy policy applies. When we act as a data processor on behalf of another controller, we collect, use, and disclose certain personal data only under the controller’s instruction, and their privacy policy will apply to how they (and we on their behalf) process your personal data.

This Policy explains:

  • How we collect, use, and share information from or about you;
  • How our online advertisements (such as banner ads) on third party sites treat data;
  • Your choices about our use of your personal data;
  • How you can access and update your information; and
  • How you can exercise your rights

Sometimes, we appear on a site owned by a third party (like a Cardpool page or handle on a social media site) or link to a third party site. When we do, that third party's privacy policies and terms of use, not ours, will apply unless you are told otherwise. Also, some of Cardpool's services ("Services") are offered through banks or other financial institutions. In those cases, the third parties' policies will govern their use of consumer data.

How We Collect Personal Data

"Personal Data" means any information relating to an identified or identifiable natural person or a combination of information that can be used to identify, contact, or locate a specific person. We may collect Personal Data directly from you, when you provide it to us. This can occur when you fill out applications, create accounts, complete a purchase, add money to your account, send in forms, take surveys, or fill in various online fields on our Sites. We also collect Personal Data when you contact us with inquiries, customer support requests, or employment applications. You do not have to provide us with your Personal Data. However, if you choose not to disclose certain information, we may not be able to provide you with certain services, such as retaining shopping cart choices.

We may also collect the Personal Data of third parties when you provide it to us. For example, if you choose to use our service to send a gift to a friend or register a family member for an account, we will ask you for their name and address or email address. In addition, we may collect third party Personal Data through our "Refer a Friend" program. Cardpool stores this information for the sole purpose of completing the transaction. If you provide Personal Data of a friend or family member and they want us to delete this information, they should contact us at We may not always be able to remove their Personal Data and we will let them know if we cannot do so and why.

Types of Personal Data We Collect

Information You Provide Us
We may collect the following types of Personal Data from you through our Sites and related to our Services, subject to applicable laws

  • Contact information, such as name, email address, mailing address, fax or phone number;
  • Payment and financial information, such as credit or other payment card information, bank account, or billing address;
  • Shipping address and related details;
  • Your resume, employment and education history, name and contact details, background details, and references when you apply to job postings or contact us about employment opportunities;
  • Company and employment information;
  • Social Security Number or other national tax ID number (for clients and potential clients)
  • Device geolocation (geographical location)
  • Device identifiers such as IP address
  • Unique identifiers such as user name, account number, or password; and,
  • Preference information such as product wish lists, order history, or marketing preferences;
  • Information about your business such as company name, company size, or business type; and
  • Demographic information, such as age, gender, interests and ZIP code.

Where the Personal Data we collect is needed to comply with law, or to enter into or perform an agreement with you, we will inform you accordingly at the time of such data collection. If we cannot collect this data, we may be unable to on-board you as a client or provide products or services to you.

Comments, Posts and Submissions
When you submit online forms, participate in surveys, contests, promotions, or sweepstakes, join online chat discussions, request customer support, submit testimonials, we collect your Personal Data, such as contact information, and other information you choose to share. Some of our Sites offer publicly accessible blogs. Any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Data from our blog or community forum, contact us at . If we are unable to remove your Personal Information, we will let you know why.

We display personal testimonials of satisfied customers on some of our Sites and in print advertisements. With your consent, we may use your testimonial and your name. If you wish to update or delete your testimonial, you can contact us at .

Other Communications and Support
We collect Personal Data when you communicate with us relating to the Services, including during phone calls (and call recordings), chats, or over email. Personal Data gathered may include contact information, employment details, user preferences, and any other information you choose to share. Please only provide us Personal Data that we need in order to respond to your request.

With your consent, we may collect your location-based information such as to help you locate a store offering our products and services in your area. On some Sites we collect location-based information for fraud prevention purposes. You may opt out of location-based services at any time by changing the settings on your device. If you do, you might not be able to use certain features, especially when we use location-based information to prevent fraud.

Information We Collect from Third Parties
Sometimes, we may collect Personal Data from third party sources. For example, subject to applicable law, we may confirm your address with the postal service or verify your Personal Data with a credit-reporting agency. We may also receive Personal Data about you from our clients who use our Services.

Information We Collect Automatically
We automatically gather information about your use of the Sites and Services through cookies, web beacons, java script, log files, pixels, and other technologies, which may include: your domain name, browser type, browser language preference, device type and operating system, page views and links you click within the Sites, IP address, device ID or other identifier, location information, date and time stamp, and time spent using the Services, referring URL, and your activity within the Sites. See “Use of Cookies, Tracking Technologies” section for details.

Purposes and Legitimate Interests for Use of Personal Data

How We Use Personally Data We Collect
We may use the Personal Data we collect for the following purposes:

  • Provide Services: To provide our Services, operate our Sites, respond to your inquiries and fulfill your requests and orders, process your payments, for bug and error reporting and resolution, to perform upgrades and maintenance;
  • Customer Service and Support: To send you important information, such as changes to terms, conditions, and policies and/or other administrative information;
  • Personalization: To personalize your experience on a Site or using the Services, such as by tailoring the content we send or display to you in order to personalize help and instructions, and to otherwise personalize your experience using the Services (“profiling” under EU data privacy law);
  • Marketing: To send you marketing communications you have signed up for; and
  • Advertising and Referrals: To assist in advertising the Services on third party websites and to track referrals from partner websites.
  • Analytics and Improvement: To better understand how users access and use the Services, and for other research and analytical purposes, such as to evaluate and improve the Services.
  • Verify Identity and Detect Fraud: To verify your identity and/or location in order to allow access to your accounts, conduct online transactions, and secure your Personal Data, and for risk control, fraud detection and prevention, and compliance with laws and regulations;
  • Protect Our Legal Rights and Prevent Misuse: To protect the Services, prevent unauthorized access and other misuse, and where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Use or this Privacy Policy.
  • Comply with Legal Obligations: To comply with the law or legal proceedings such as when required to disclose information in response to lawful requests by public authorities, including responding to national security or law enforcement disclosure requirements.
  • General Business Operations: Where necessary to the administration of our general business, accounting, recordkeeping and legal functions.

Aggregate and Anonymized Information
We may also generate aggregate and/or anonymized information about users for marketing, advertising, research or similar purposes. This information is not Personal Data

Legitimate Interests under the EU’s GDPR

Purposes of Use (see above) Legal Bases of Processing (EU Users)
Provide Our Services
Customer Service and Support
  • Necessary to Enter into or Perform a Contract with You (upon your request, or as necessary to make the Services available)
  • Our Legitimate Business Interests*
Advertising and Referrals
  • Our Legitimate Business Interests*
  • With Your Consent
Analytics and Improvement
  • Our Legitimate Business Interests*
  • With Your Consent
Protect Our Rights and Prevent Misuse
Verify Identity and Detect Fraud
Comply with Legal Obligation
  • Compliance with law
  • Establish, defend or protect of legal interests
General Business Operations
  • Our Legitimate Business Interests*
  • Compliance with law
  • Establish, defend or protect of legal interests

* For the Personal Data from the EU that we process, this column describes the relevant legal bases for such processing under GDPR (and local implementing laws of EU member states); this does not limit or modify the obligations, rights and requirements under the privacy laws of non-EU jurisdictions.

** For Personal Data from the EU, the processing is in our legitimate interests, which are not overridden by your interests and fundamental rights. We only market to EU consumers following opt-in consent.

How We Share Personal Data We Collect

We do not sell your Personal Data to third parties.

To the extent permitted by law, we may provide information about your transactions and experiences with other affiliated Cardpool entities, including parent companies and subsidiaries, whose use and disclosure of your personal information is subject to this Privacy Policy. Where processing of personal data is undertaken by our affiliated companies, they are joint controllers with us for your personal data. The list of affiliate controllers is available upon request at

Service Providers
We may provide your Personal Data to companies that provide services to us, such as shipping your order or offering customer service, payment processors, hosting providers, and other support providers. These companies are authorized to use your Personal Data only as necessary to provide these services and subject to our written instructions.

Referral Partners
We offer referral-based commission systems through third party partners so that publisher websites may refer users to our pages to make purchases. The third party partner will be identified when you sign up, and we will obtain your consent in jurisdiction where this is required. Your Personal Data collected in such cases will be owned and controlled by both Cardpool and the partner as independent data controllers. This Policy governs Cardpool’s use of the data. The third party’s privacy policy governs its use of the data.

Product Short Notices
Some products offered in conjunction with banks have unique data sharing agreements. Cardpool will make available to you short privacy notices of each product’s sharing policies on its website.

Additional Disclosures
We may also disclose your Personal Data in the event of the situations below.

  • As permitted or required by law, such as to comply with a subpoena, or similar legal process;
  • When we believe in good faith that disclosure is necessary to respond to claims asserted against us, protect our rights, protect your safety or the safety of others, investigate fraud, comply with legal process (e.g., subpoenas or warrants), or respond to a government request;
  • If Cardpool is involved in a merger, acquisition, or sale of all or a portion of its assets. You will be notified by email and/or by a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your Personal Data;
  • To any other third party with your prior consent.

Aggregate and Anonymized Information
We may share aggregate or anonymized information about users with third parties for marketing, advertising, research or similar purposes.

Cookies and Tracking

We and our third party service providers may collect information automatically when you use the Site or Services, or read our emails, including through cookies, beacons, pixels, tags, scripts, and HTML5, as well as log files.

Log files
Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files. We may link this data to Personal InformationPersonal Information we have collected about you.

These are small files with a unique identifier that are transferred to your browser through our websites. These technologies allow us to collect information such as browser type, time spent on our Sites, pages visited, language preferences, and your relationship with us. We can use this information to analyze trends, administer the website, track users’ movements around the website, measure the effectiveness of our communications, tailor our advertising to you, and gather demographic information about our user base as a whole. These technologies may provide us with information about devices and networks you utilize to access our Services, and other information regarding your interactions with our Services. For detailed information about the cookies in the Services, please read and review our consumer_privacy_policy_section_six_contents.cookiePolicyLink.text

You can refuse to accept cookies. You will need to manage your cookie settings for each device and browser you use. However, if you elect not to accept cookies, your use of the features on our Sites may be limited or impaired, and you may not be able to access certain features of our Sites at all. For more detailed information about these mechanisms and how we collect activity information, see our consumer_privacy_policy_section_six_contents.cookiePolicyLink.text

Pixels, Web Beacons, Clear GIFs
These are tiny graphics with a unique identifier, similar in function to cookies that we use to track the online movements of users of our web pages and our Ad Services, and to personalize content. We also use these in our emails to let us know when they have been opened or forwarded, so we can indicate the effectiveness of our communications.

Our third party partners use Local Shared Objects, such as Flash cookies, to embed features on our sites. To manage Flash cookies, please click here:

"Do Not Track" Preferences"
Many browsers provide you an option to request that a web application disable either its tracking and/or cross site user tracking of an individual user. We do not track your online activities across different Sites, and we only track your activity within a Site to the extent you log into your account. Therefore, our practices remain the same whether or not you enable the "Do Not Track" feature. You may, however, disable certain tracking by third-parties as discussed in our consumer_privacy_policy_section_six_contents.cookiePolicyLink.text

Third-Party Analytics
We also use automated devices and applications, such as Google Analytics (more info here) to evaluate use of our Services. We use these tools to gather non-personal data about users to help us improve our Services and user experiences. These analytics providers may use cookies and other technologies to perform their services, and may combine the information they collect about you on our Sites with other information they have collected for their own purposes. This Policy does not cover such uses of data by third parties.

Targeted Advertising

We partner with third party ad networks to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you personalized advertising based upon your browsing activities and interests

Custom Audiences
We may share your email address or other information with our advertising partners to assist us in reaching you with more relevant ads outside of the Sites; they are not permitted to use this information for their own or third party marketing purposes.

Opting Out of Ad Networks
If you wish to not have this cross-site information used for the purpose of serving you targeted ads, you may opt-out of many ad networks by clicking here (or if located in the European Union, click here). You will continue to receive ads on the sites you visit, but the ad networks from which you have opted out will no longer target ads to you based upon your activities on other sites. Please note, however, that these opt-out mechanisms are cookie based; so, if you delete cookies, block cookies or use another device, your opt-out will no longer be effective. For more information, go to

consumer_privacy_policy_section_seven_contents.p6consumer_privacy_policy_section_seven_contents.cookiePolicyLink.text Note, if you delete cookies or change devices, your opt out may no longer be effective.

Social Media Widgets

Our Sites include social media features, such as the Facebook "Like" button. These features may collect your IP address, identify the page you are visiting on our website, and set a cookie to enable the feature to function properly. Social Media Widgets are either hosted by a third party or hosted directly on our website. The privacy statement of the company providing it governs your interactions with these Widgets. We will comply with any legal obligations placed on the use of these technologies by certain jurisdictions, which may affect how these Widgets function.


The security of your personal information is important to us. We have implemented safeguard to protect the personal information submitted to us, both during transmission and once it is received, including encrypting the transmission of any sensitive information, such as payment card information. If you have any questions about the security of your personal information, you can contact us at


We will retain your information for as long as your account is active or as needed to provide you services and up to a period of no longer than seven years thereafter. If you delete your account, to the extent permitted by applicable law, we may retain and use your Personal Data only as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements.

Image Submissions and Public Directories

Some of our websites offer you the ability to upload your own image to be used to create a personalized product. You may have the option to make these images available in publicly-accessible directories. You should be aware that any information you provide in these areas may be read, collected and used by others who access them. You may request removal of your Personal Information at any time. To request removal of your Personal Data from these public forums, please email us at or contact us by postal mail at the contact information listed below. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

Your Choices

Marketing and Newsletters
If you subscribe to our newsletters, we will use your name and email address to send them to you. You may choose to stop receiving our newsletter or marketing emails at any time by following the unsubscribe instructions included in these emails or accessing the email preferences in your account or by contacting us at

Access and Correction
Upon your request Cardpool will provide you with information about whether we hold any of your Personal Data. You may access, correct, update, amend, remove, ask to have it removed from a public forum, directory or testimonial on our site or deactivate it by making the change on your account page, emailing us at or by contacting us by postal mail at the contact information listed below at any time. We will endeavor to respond to your request within a reasonable time.

You may contact Cardpool Global Privacy Office as set forth below to access or amend your personal data, to request that we rectify, delete or stop processing your personal data, to withdraw your consent to our processing, and, if you are an EEA resident, to exercise your opt-out rights or place a data portability request. We do not charge for these service but do require evidence of your identity. Once we have received evidence of your identity we will commence fulfillment of your request and respond within no more than thirty (30) days.

Where we are acting as a data processor, we will direct individuals who seek access, or to correct, amend, or delete inaccurate data, to direct their query to Cardpool’s partner or client who has the direct relationship (the data controller).

EU Data Subject Rights

EU individuals have the following rights (when we are acting as a processor, individuals must exercise these rights with the data controller):

Access, Rectification, Portability and Deletion
You have the right to access your Personal Data held by us. You may do so by sending an email to . In addition, you may also have the right to request that certain Personal Data be exported to another provider where technically feasible, and under certain conditions to object to or restrict our use of certain Personal Data.

Withdraw Consent
Where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Object to Processing
You have the right to object to processing (including profiling) based on legitimate interest grounds, where we are relying upon legitimate interests to process Personal Information. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal data for the establishment, exercise or defence of legal claims. Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.

Object to Marketing
You have the right to object to our use of your Personal Information (including profiling) for direct marketing purposes, such as when we use your personal data to invite you to our promotional events.

Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority.

Any requests in relation to your rights should be directed to (or at the Contact Us information shown below). Please keep in mind that certain services will not be available if you withdraw your consent, or otherwise delete or object to our processing of certain Personal Data. We will respond to your request in accordance with applicable law, and we will inform you if we do not intend to comply with your request.

Protecting Children’s Privacy Online

Our Sites are not directed to children and we do not knowingly collect information from children under 16, and we request that such individuals do not provide Personal Data through our Sites.

International Transfer

If you live in the European Economic Area ("EEA") or in Canada, the data that we collect from you may be transferred to, or accessed in, and stored at a location outside the EEA and Canada that may not provide equivalent levels of data protection as your home jurisdiction. When Cardpool stores personal data outside the EEU, the data will be stored in the United States. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements, by putting in place standard contractual clauses as approved by the European Commission (the form for the standard contractual clauses can be found here: EU Commission Standard Contractual Clauses ) or where there is an adequacy decision by the EU Commission.. It may also be processed by staff operating outside the EEA and Canada who work for us or for one of our service providers. Among other things, such staff may process and store your information and provide support services. By submitting your Personal Data, you agree to this transfer, storing or processing. We will ensure that your Personal Data is treated securely and in accordance with this Policy.

Updates to This Policy

This Policy may be subject to change. Please review it from time to time. If we make material changes to this Policy about how we process your Personal Information, we will post those changes on this page and revise the "Last Updated" date at the top. Any changes will become effective when we post the revised Policy. If we make any material changes, we will notify you by email or by means of a prominent notice on this Site prior to the change becoming effective, and where required by law, we will obtain your consent or give you the opportunity to opt out of such changes.

Contact Information

If you have any questions or concerns regarding the way in which your personal data is being processed or you want to exercise your rights above, please reach out to us using the contact information below:

Chief Privacy Officer

Where we act as joint controllers with our affiliates, you may contact Cardpool, LLC. or our EU Data Protection Officer, and we will work with our affiliates to properly respond to your inquiry or request.

EU Inquiries
If you are an EU individual and have any further queries or complaints that we are not able to answer, you should contact the Data Privacy Supervisory Authority for the country in which you reside:

Austria: Austrian Data Protection Authority

Germany: Federal Commissioner for Data Protection and Freedom of Information

Republic of Ireland: Irish Data Protection Commissioner

Netherlands: Dutch Data Protection Authority

United Kingdom: Information Commissioner's Office