If you have any financial product or service with us, including a Petal Card (defined below), we will use and share any Non-Public Information (“NPI”) as defined by the Gramm-Leach-Bliley Act (“GLBA”) that we collect from or about you related to your use of that product or service in accordance with our GLBA Privacy Notice.
Furthermore, you acknowledge that the use of any credit card offered by WebBank, Member FDIC (“WebBank”), through Petal (a “Petal Card”) is governed by the Cardholder Agreement that is provided to you. View the WebBank GLBA Privacy Notice.
When Petal shares your personal information with vendors and other third party service providers (“Third Party Service Providers”) who perform functions on our behalf, we require the security and confidentiality of your information, as well as limiting their use of the information to what is reasonable and necessary to carry out their work with us and comply with applicable laws and regulations.
What Information Do We Collect and How Do We Use the Information?
The information we gather enables us to personalize, improve and continue to operate the Petal Services. Below we describe in more detail the type of information we collect and how we use it.
Bank Account Information:
Registered users of Petal Services may provide us with access credentials (for example, username and password) that allow us to gain online access to one or more accounts that you maintain with a third-party financial institution and that you choose to designate for use in connection with Petal Services (each, an “Authorized Bank Account”). We work with one or more Third Party Service Providers that will securely store pursuant to industry standards any Authorized Bank Account access credentials that you provide on Petal Services and will access your Authorized Bank Accounts for the purposes of providing and improving Petal Services. You may only provide account access credentials for and authorize us to access valid accounts that you hold in your own name. You may not provide access credentials for an account that is held by a third person. You must update your Petal account information to reflect any change to the username or password that is associated with any Authorized Bank Account.
Sources of Personal Information:
If you create an Account, sign up to receive our newsletter, apply for a Petal Card or otherwise provide your contact information to us, you will provide us with Personal Information that may include your name, username, password, email address, home address and phone number. By providing us with your phone number, you authorize us to contact you via text message (SMS) at that phone number, and you thereby consent to the receipt of such messages. You may opt-out of receiving most of these messages at any time by sending us a request at firstname.lastname@example.org or by responding “STOP” to any text message. You acknowledge that opting out of receiving text messages may impact your use of the Petal Services. More generally, we may use your contact information to send you messages about the Petal Services. You may unsubscribe from some of these messages through your Account settings, although we reserve the right to contact you when we believe it is necessary, such as for account recovery purposes. In addition, as part of the Petal Card application process, you may be asked to provide additional information such as your social security number, date of birth and employment, address and income history.
Web Browser Information:
We automatically receive and record information from your web browser when you go on our website, including your IP address and cookie information. We use this information to fight fraud (including spam or malware) and also to analyze your interaction with the Petal Services (e.g., what links you click on).
Generally, the Petal Services automatically collect usage information, such as the number and frequency of visits to the Petal Services. We may use this data in aggregate form, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to determine how often individuals use parts of the Petal Services so that we can analyze and improve those services.
Petal Offers; Transaction Data:
• To confirm a specific transaction occurred or discounts should be awarded with a participating merchant; for example, the date and amount of your purchase and the last 4 digits of your card number so the merchant can verify your purchase with its records if there is a missing or disputed transaction;
• To provide participating merchants or Third Party Service Providers with aggregated and anonymized information relating specifically to registered card activity solely to allow participating merchants and Third Party Service Providers to assess the results of their campaign;• To create a record of the Transaction Data and thereafter maintain and use data in connection with operating the Petal Offers Program;
• To conduct analysis for the improvement and optimization of Petal Offers; and
• To respond to a request from a government or other regulatory authority or a payment organization involved in a transaction with you or a merchant
By being enrolled in Petal Offers, you authorize the sharing, exchange and use of Transaction Data described above and herein by and among Petal, Third Party Service Providers, payment card networks, and merchants.
Email, SMS, and Push Notification Communications:
We may communicate with you about our products and services using email, SMS or other text messages (collectively, “Text Messages”) or push notifications. When we communicate with you via email, Text Message or push notifications, we may collect information regarding such communications, such as confirmation when you open an email, read a text message or receive a push notification. We use this information to operate and improve our customer service and other Petal Services. Some services such as near real-time alerts from Petal Offers require notifications to be enabled. If at any time you do not wish to receive the benefit of such services, you can turn off notifications using the functionality made available in the browser, application or device settings. Please note that turning off notifications may impact your Petal Offers experience.
Information We Receive from Third Parties:
We may collect information about you from third parties that perform services and analytics for us. Such companies may include credit bureaus, data providers, fraud detection services and data analytics providers., as well as certain of our Third Party Service Providers and their partners. For example, as part of the management of Petal Offers, DOSH provides us with data elements for each transaction that is a redemption of an offer, such as: (i) token to identify you, (ii) the transaction amount, and (iii) the transaction date.
Information We Receive from Browsers:
Most browsers have an option for turning off the cookie feature, which, depending on your browser, may prevent your browser from accepting new cookies or allow you to choose whether to accept each new cookie. We recommend that you leave cookies active, because they enable you to take full advantage of the Petal Services’ features.
Information Related to Advertising and the Use of Web Beacons; Interest-Based Advertisements:
We may serve advertisements, and also allow third party digital marketing partners, including third party advertising servers, advertising agencies, advertising networks, advertising exchanges, advertising vendors and research firms, to serve advertisements through the Petal Services. These advertisements, which may be both for our own products and services and for third party products and services that we think might be of interest to you, may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”). Information for Internet-Based Ads (including Personal Information) may be provided to us by a user, or derived from the usage patterns of particular users on the Petal Services and/or services of Third Party Service Providers. Such information may be gathered through tracking users’ activities across time and unaffiliated properties. To accomplish this, we or our service providers may deliver a pixel (known as a “web beacon”) from a digital marketing partner to you through the Petal Services. Web beacons allow our digital marketing partners to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable our digital marketing partners to serve targeted advertisements to you when you visit other websites, and to view, edit or set their own cookies on your browser, just as if you had requested a web page from their site.
To the extent that Petal engages in any Interest-Based Advertising, more information can be found here petalcard.com/privacy-policy/interest-based-advertising.
Through the Digital Advertising Alliance (“DAA”) and Network Advertising Initiative (“NAI”), several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of and greater control over ads that are customized based on their online behavior across different websites. To make choices about Interest-Based Ads from participating third parties, including to opt out of receiving behaviorally targeted advertisements from participating organizations, please visit the DAA’s or NAI’s consumer opt out pages, which are located at http://www.networkadvertising.org/choices/ and www.aboutads.info/choices, respectively.
Aggregate and De-identified Information:
We collect statistical information about both unregistered and registered users that is not Personal Information and cannot be tied back to you, your Account or your web browser (“Aggregate and De-identified Information”). Some of this information is derived from Personal Information. We may use Aggregate and De-identified Information for various business purposes where permissible under applicable laws and regulations, including for analytics or to develop or improve our services and marketing. We may share this Aggregate and De-identified Information with Third Party Service Providers for their business purposes. Third Party Service Providers may also share with us non-private, aggregated or otherwise non-Personal Information about you that they have independently developed or acquired.
We may also use and share Aggregate and De-identified Information for research, including research conducted by government entities, non-profit entities, and academic institutions. This may involve publishing findings or combining Aggregate and De-identified Information with other data sets, but such information will not be shared in a way that allows you or any other person to be personally identified.
How, and With Whom, Is My Information Shared?
Information Disclosed for Our Everyday Business Purposes
We share information about you for our everyday business purposes, such as to process your application, assist in underwriting, process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus.
Information Disclosed for Petal Offers:
If you are enrolled in Petal Offers, we may provide Transaction Data and other information to DOSH, the payment card networks, merchants and other partners for use in connection with the program. This information may be Personal Information and NPI, such as your primary account number and purchase history.
Information Disclosed for Our Marketing Purposes:
We share information about you for our marketing purposes to offer products and services to you.
Information Disclosed Pursuant to Business Transfers:
If we decide to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if we (or substantially all of our assets) were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that may be transferred or acquired by a third party. Any acquirer of us or our assets may continue to use your Personal Information as set forth in and in accordance with this policy.
Information Disclosed for Our Protection and the Protection of Others:
Information We Share With Your Consent:
We do not sell or share your Personal Information with third parties for their own commercial uses without your consent, except as set forth in the “Information Disclosed Pursuant to Business Transfers” section above.
Is Information About Me Secure?
We protect your personal information from unauthorized access and use by maintaining physical, electronic and procedural safeguards in compliance with applicable law. These measures include computer safeguards and secured files and buildings. We authorize our employees to access your information only when they need it to do their work, and we require companies that work for us to protect your information. However, we cannot guarantee the security of any information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
What Information of Mine Can I Access?
If you are a registered user, you can view information associated with your Account by logging into your Account or by contacting us at email@example.com. In addition, you can access and delete cookies through your web browser settings, as detailed above.
This section applies to any California residents about whom we have collected personal information from any source, including through your use of our Website(s), products or services, or by communicating with us electronically, in paper correspondence, or in person (collectively, for purposes of this section only, “you”). This section explains how Petal may collect, use, and disclose personal information subject to the California Consumer Privacy Act and California Privacy Rights Act (together, the “CCPA”). It also describes the privacy rights of California residents under the CCPA and how they can exercise those rights.This section applies solely to California residents and supplements any other privacy policies or notices applicable to Petal’s Website, Services, or products that you visit or use.
What Personal Information is Covered by the CCPA?
Under the CCPA “personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer/resident or household. Personal information does not include publicly available information, or lawfully obtained, truthful information that is a matter of public concern, information that has been de-identified, aggregate consumer information, or information that does not fall within the definition of personal information above.
Similarly, this section does not apply to information we collect in the context of a person’s role as a job applicant, employee, associate, contractor, or other member of Petal’s workforce, which is subject to Petal’s California Employment Information Privacy Statement. For our California Employment Information Privacy Statement, please click here.
Categories of Personal Information We Collect
In the past 12 months, we have collected the following categories of personal information, as defined in the CCPA, relating to California residents. The categories of personal information that we collect, use, and disclose about a California resident will depend on our specific relationship or interaction with that individual. The examples provided in each category below include both financial and non-financial information and are for illustrative purposes only.
Please note that because of the overlapping nature of certain of the categories of personal information identified above, which are required by state law, some of the personal information we collect may be reasonably classified under multiple categories.
The personal information of California residents that we collect or use will be retained for the length of time as required by applicable state or federal laws or regulations, or in accordance with an applicable Petal policy.
Sensitive personal information. Certain of the above personal information is considered “sensitive personal information” under California law. This includes:
Petal will not retain any information we collect from you for longer than is reasonably necessary for the disclosed purpose of using such information. Our determination of precise retention periods will be based on (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Categories of Sources of Personal Information
In the past 12 months, we have collected personal information relating to California residents from the following sources:
Purposes for which we use personal information
Most of the information we use is in the context of providing financial products and services, and is therefore not subject to the CCPA. We may use personal information relating to California residents for one or more of the following business or commercial purposes:
Disclosure of Personal Information
In the past 12 months, we have disclosed each of the above-listed categories of personal information concerning California residents for the business purposes identified above to one or more of the following categories of third parties and service providers:
In the past 12 months, we have not shared or sold personal information or sensitive personal information relating to California residents in a manner that we consider “sharing” or “selling” as those terms are defined by the CCPA.
Privacy Rights Under the CCPA
If you are a California resident, you have the following rights under California law with respect to the personal information described above, to the extent such information (i) was collected during the 12-month period immediately preceding your request and (ii) is not already subject to privacy and security measures applied under federal law:
• Right to Know. You have the right to request the following information from us about our use of your personal information: (1) the specific pieces of personal information that we have collected about you; (2) the categories of personal information we have collected about you; (3) the categories of sources from which your personal information was collected; (4) the categories of personal information that we have, shared, sold or disclosed; (5) the categories of third parties to whom we have, shared, sold or disclosed your personal information; and (6) the purpose for collecting, sharing, or selling your personal information.
• Right to Correct Inaccurate Personal Information. You have the right to request the correction of your personal information that is inaccurate.
• Right to Delete. You have the right to submit a request for deletion of personal information under certain circumstances, although there may be legal or other reasons that Petal will retain your information.
• Right to Opt-Out of Sale/Sharing. You have the right to opt-out of the sale/sharing of your personal information by us, as those terms are defined by the CCPA. However, as stated above, we do not sell/share your personal information.
• Right to Limit Use and Disclosure. You have the right to limit the use or disclosure of your sensitive personal information to only the uses necessary for Petal to provide our products and services to you, or for certain other authorized purposes.
• Right to Non-Discrimination. You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above.
These rights are subject to various exclusions and exceptions under applicable laws and are also subject to our being able to reasonably verify your identity and authority to make a request. To facilitate this verification, you must provide us with your full legal name and mailing address, and we may need to request further information.
You may designate an authorized agent to make a CCPA request on your behalf by completing the Consumer Request form and also submitting the California Authorized Agent Designation form. If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child. As the Petal Card is intended only for individuals ages 18 or older, we do not intentionally collect information about minors.
If you are a California resident and wish to seek to exercise the California privacy rights set forth above, please contact us at firstname.lastname@example.org or click here to submit a request through our interactive form.
Under California Civil Code sections 1798.83-1798.84, California residents are also entitled to ask us for a notice identifying the categories of personal customer information that we share with affiliates and/or third parties for their own direct marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to Petal Card, Inc., MSC – 166931, P.O Box 105168, Atlanta, GA 30348-5168.
For our California employment information privacy statement, please click here.
We will continue to update our business practices as direct regulatory guidance becomes available.
We may change or update this California Privacy Rights section in the future. When we do, we will post the revised section on our website. This section was last updated and became effective on the date posted at the top of this page.
How Can I Delete My Account?
What Choices Do I Have Regarding My Information?
• You can always choose not to disclose certain information to us, but please note that certain information is required for use of Petal Services.
• You may request that we remove your bank and financial information, although this may negatively impact your ability to use Petal Services.
• You can delete your Account. Please note that we will need to verify that you have the authority to delete the Account, and we will continue to store and use information we collected in connection with your past Account activity.
• You can opt out of certain cookies and tracking technologies. You can learn more about this in the “Information Collected Using Cookies” and “Information Related to Advertising and the Use of Web Beacons; Interest-Based Advertisements” sections above.
• Your browser may offer you a “Do Not Track” or “DNT” option, which allows you to opt out of certain of your online activities over time and across different websites. Petal does not support Do Not Track requests at this time, which means that we may collect information about your online activity both while you are using the Petal Services and after you leave our properties, as we describe above.
The Petal Services are not intended for use by children. We do not knowingly collect personal information from children under the age of 13 years. If we become aware that a child under 13 has opened an account or otherwise provided us with Personal Information, we take steps to terminate the child’s account and delete such information.
WHAT DOES PETAL DO WITH YOUR PERSONAL INFORMATION?
The types of personal information we collect and share depend on the product or service you have through us. This information can include:
• Social Security number and transaction history
• Account balances and payment history
• Credit history and credit scores
When you are no longer our customer, we continue to share your information as described in this notice.
A formal agreement between non-affiliated financial companies that together market financial products or services to you.
• Our joint marketing partner includes categories of companies that issue consumer credit.