This Privacy Policy is effective immediately for new users, and from 01/07/2023 for existing users.
Petal Card, Inc. General Privacy Policy
This General Privacy Policy describes the ways Petal Card, Inc. and its affiliates (“Petal,” “we,” “our” or “us”) may collect, use, and disclose your personal information in connection with products and services offered through Petal (collectively, the “Petal Services”). You accept this policy by using Petal Services on our website or by any other means.
If you have any financial product or service with us, including a Petal Card (defined below), we will use and share any Non-Public Information (“NPI”) as defined by the Gramm-Leach-Bliley Act (“GLBA”) that we collect from or about you related to your use of that product or service in accordance with our GLBA Privacy Notice.
Furthermore, you acknowledge that the use of any credit card offered by WebBank, Member FDIC (“WebBank”), through Petal (a “Petal Card”) is governed by the Cardholder Agreement that is provided to you. View the WebBank GLBA Privacy Notice.
If you have any questions about our General Privacy Policy or how it applies to specific data, please contact us at support@petalcard.com. We will make every effort to resolve your concerns.
What Does This General Privacy Policy Cover?
This General Privacy Policy covers the treatment of personally identifiable information (“Personal Information”) we gather when you use or access the Petal Services, and any Personal Information shared between us and any third party, including WebBank or service providers (collectively, “Third Parties”) for use in connection with Petal Services. By using Petal Services, you hereby authorize us to review and share your information (including Personal Information) with Third Parties.
When Petal shares your personal information with vendors and other third party service providers (“Third Party Service Providers”) who perform functions on our behalf, we require the security and confidentiality of your information, as well as limiting their use of the information to what is reasonable and necessary to carry out their work with us and comply with applicable laws and regulations.
This General Privacy Policy does not apply to Third Party Service Providers that you elect to access through the Petal Services or that you share information with directly. While we attempt to facilitate access only to those Third Party Service Providers that share our respect for your privacy, we cannot take responsibility for the content or privacy policies of those Third Party Service Providers. We encourage you to carefully review the privacy policies of any Third Party Service Providers you access
What Information Do We Collect and How Do We Use the Information?
The information we gather enables us to personalize, improve and continue to operate the Petal Services. Below we describe in more detail the type of information we collect and how we use it.
Bank Account Information:
Registered users of Petal Services may provide us with access credentials (for example, username and password) that allow us to gain online access to one or more accounts that you maintain with a third-party financial institution and that you choose to designate for use in connection with Petal Services (each, an “Authorized Bank Account”). We work with one or more Third Party Service Providers that will securely store pursuant to industry standards any Authorized Bank Account access credentials that you provide on Petal Services and will access your Authorized Bank Accounts for the purposes of providing and improving Petal Services. You may only provide account access credentials for and authorize us to access valid accounts that you hold in your own name. You may not provide access credentials for an account that is held by a third person. You must update your Petal account information to reflect any change to the username or password that is associated with any Authorized Bank Account.
If you choose to link your Authorized Bank Account, you authorize the use of this information to provide you with Petal Services. This authorization will remain in effect until you notify us that you wish to revoke this authorization, which may affect your ability to receive the Petal Services. The Third Party Service Providers that we work with includes Plaid Inc. (“Plaid”). By using our Services, you grant us, WebBank, and Plaidthe right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid Privacy Policy (https://plaid.com/legal/) .
Sources of Personal Information:
If you create an Account, sign up to receive our newsletter, apply for a Petal Card or otherwise provide your contact information to us, you will provide us with Personal Information that may include your name, username, password, email address, home address and phone number. By providing us with your phone number, you authorize us to contact you via text message (SMS) at that phone number, and you thereby consent to the receipt of such messages. You may opt-out of receiving most of these messages at any time by sending us a request at support@petalcard.com or by responding “STOP” to any text message. You acknowledge that opting out of receiving text messages may impact your use of the Petal Services. More generally, we may use your contact information to send you messages about the Petal Services. You may unsubscribe from some of these messages through your Account settings, although we reserve the right to contact you when we believe it is necessary, such as for account recovery purposes. In addition, as part of the Petal Card application process, you may be asked to provide additional information such as your social security number, date of birth and employment, address and income history.
Payment Information:
When you make payments through the Petal Services, we or i2c, our third party payment processor, may collect information related to your payments, such as your payment method, account number, type, or expiration date. The use and storage of such information is governed by this General Privacy Policy and i2c’s privacy policy, available at http://www.i2cinc.com/privacy-policy.
Web Browser Information:
We automatically receive and record information from your web browser when you go on our website, including your IP address and cookie information. We use this information to fight fraud (including spam or malware) and also to analyze your interaction with the Petal Services (e.g., what links you click on).
Generally, the Petal Services automatically collect usage information, such as the number and frequency of visits to the Petal Services. We may use this data in aggregate form, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to determine how often individuals use parts of the Petal Services so that we can analyze and improve those services.
Petal Offers; Transaction Data:
Notwithstanding anything to the contrary in the Petal Perks Program Rules or Petal’s Privacy Policy, if you are enrolled in Petal Offers, Petal and its Third Party Service Providers (including Visa and DOSH Holdings LLC ("DOSH")) may use and share information about the Petal Offers transactions you conduct using your Petal Card (“Transaction Data”) solely as follows:
• To confirm a specific transaction occurred or discounts should be awarded with a participating merchant; for example, the date and amount of your purchase and the last 4 digits of your card number so the merchant can verify your purchase with its records if there is a missing or disputed transaction;
• To provide participating merchants or Third Party Service Providers with aggregated and anonymized information relating specifically to registered card activity solely to allow participating merchants and Third Party Service Providers to assess the results of their campaign;• To create a record of the Transaction Data and thereafter maintain and use data in connection with operating the Petal Offers Program;
• To conduct analysis for the improvement and optimization of Petal Offers; and
• To respond to a request from a government or other regulatory authority or a payment organization involved in a transaction with you or a merchant
By being enrolled in Petal Offers, you authorize the sharing, exchange and use of Transaction Data described above and herein by and among Petal, Third Party Service Providers, payment card networks, and merchants.
Email, SMS, and Push Notification Communications:
We may communicate with you about our products and services using email, SMS or other text messages (collectively, “Text Messages”) or push notifications. When we communicate with you via email, Text Message or push notifications, we may collect information regarding such communications, such as confirmation when you open an email, read a text message or receive a push notification. We use this information to operate and improve our customer service and other Petal Services. Some services such as near real-time alerts from Petal Offers require notifications to be enabled. If at any time you do not wish to receive the benefit of such services, you can turn off notifications using the functionality made available in the browser, application or device settings. Please note that turning off notifications may impact your Petal Offers experience.
Information We Receive from Third Parties:
We may collect information about you from third parties that perform services and analytics for us. Such companies may include credit bureaus, data providers, fraud detection services and data analytics providers., as well as certain of our Third Party Service Providers and their partners. For example, as part of the management of Petal Offers, DOSH provides us with data elements for each transaction that is a redemption of an offer, such as: (i) token to identify you, (ii) the transaction amount, and (iii) the transaction date.
Information We Receive from Browsers:
Cookies are pieces of text that are stored on your computer or device when you access a website. Your browser stores cookies in a manner associated with each website you visit. We use cookies to enable our servers to recognize your web browser and tell us how and when you visit and use the Petal Services.
Most browsers have an option for turning off the cookie feature, which, depending on your browser, may prevent your browser from accepting new cookies or allow you to choose whether to accept each new cookie. We recommend that you leave cookies active, because they enable you to take full advantage of the Petal Services’ features.
Information Related to Advertising and the Use of Web Beacons; Interest-Based Advertisements:
We may serve advertisements, and also allow third party digital marketing partners, including third party advertising servers, advertising agencies, advertising networks, advertising exchanges, advertising vendors and research firms, to serve advertisements through the Petal Services. These advertisements, which may be both for our own products and services and for third party products and services that we think might be of interest to you, may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”). Information for Internet-Based Ads (including Personal Information) may be provided to us by a user, or derived from the usage patterns of particular users on the Petal Services and/or services of Third Party Service Providers. Such information may be gathered through tracking users’ activities across time and unaffiliated properties. To accomplish this, we or our service providers may deliver a pixel (known as a “web beacon”) from a digital marketing partner to you through the Petal Services. Web beacons allow our digital marketing partners to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable our digital marketing partners to serve targeted advertisements to you when you visit other websites, and to view, edit or set their own cookies on your browser, just as if you had requested a web page from their site.
We do not provide Personal Information to any digital marketing partners for use outside of the Petal Services. We may use analytics service providers to analyze how you interact and engage with the Petal Services and our advertisements, so we can learn and make enhancements to offer you a better experience. Some of these entities may use cookies, web beacons and other technologies to collect information about your use of the Petal Services and other websites, which may include tracking activity across time and unaffiliated properties, including your IP address, web browser, pages viewed, time spent on pages, links clicked and conversion information. Information from analytics service providers may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests in the Petal Services and other websites and better understand your online activity. For example, Google, Inc. (“Google”) uses cookies in connection with its Google Analytics services. Google’s ability to use and share information collected by Google Analytics about your visits to the Petal Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt out of Google's use of cookies by visiting the Google advertising opt-out page at www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.
To the extent that Petal engages in any Interest-Based Advertising, more information can be found here petalcard.com/privacy-policy/interest-based-advertising.
Through the Digital Advertising Alliance (“DAA”) and Network Advertising Initiative (“NAI”), several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of and greater control over ads that are customized based on their online behavior across different websites. To make choices about Interest-Based Ads from participating third parties, including to opt out of receiving behaviorally targeted advertisements from participating organizations, please visit the DAA’s or NAI’s consumer opt out pages, which are located at http://www.networkadvertising.org/choices/ and www.aboutads.info/choices, respectively.
Aggregate and De-identified Information:
We collect statistical information about both unregistered and registered users that is not Personal Information and cannot be tied back to you, your Account or your web browser (“Aggregate and De-identified Information”). Some of this information is derived from Personal Information. We may use Aggregate and De-identified Information for various business purposes where permissible under applicable laws and regulations, including for analytics or to develop or improve our services and marketing. We may share this Aggregate and De-identified Information with Third Party Service Providers for their business purposes. Third Party Service Providers may also share with us non-private, aggregated or otherwise non-Personal Information about you that they have independently developed or acquired.
We may also use and share Aggregate and De-identified Information for research, including research conducted by government entities, non-profit entities, and academic institutions. This may involve publishing findings or combining Aggregate and De-identified Information with other data sets, but such information will not be shared in a way that allows you or any other person to be personally identified.
How, and With Whom, Is My Information Shared?
Information Disclosed for Our Everyday Business Purposes
We share information about you for our everyday business purposes, such as to process your application, assist in underwriting, process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus.
Information Disclosed for Petal Offers:
If you are enrolled in Petal Offers, we may provide Transaction Data and other information to DOSH, the payment card networks, merchants and other partners for use in connection with the program. This information may be Personal Information and NPI, such as your primary account number and purchase history.
Information Disclosed for Our Marketing Purposes:
We share information about you for our marketing purposes to offer products and services to you.
Information Disclosed Pursuant to Business Transfers:
If we decide to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if we (or substantially all of our assets) were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that may be transferred or acquired by a third party. Any acquirer of us or our assets may continue to use your Personal Information as set forth in and in accordance with this policy.
Information Disclosed for Our Protection and the Protection of Others:
We reserve the right to access, read, preserve and disclose any information as we reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce this General Privacy Policy and our Terms of Use, including investigation of potential violations hereof, (iii) detect, prevent or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or (v) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
Information We Share With Your Consent:
In addition to the disclosures described in this General Privacy Policy, we may also share your information, which may include your Personal Information, in additional ways, if you consent.
We do not sell or share your Personal Information with third parties for their own commercial uses without your consent, except as set forth in the “Information Disclosed Pursuant to Business Transfers” section above.
Is Information About Me Secure?
We protect your personal information from unauthorized access and use by maintaining physical, electronic and procedural safeguards in compliance with applicable law. These measures include computer safeguards and secured files and buildings. We authorize our employees to access your information only when they need it to do their work, and we require companies that work for us to protect your information. However, we cannot guarantee the security of any information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
What Information of Mine Can I Access?
If you are a registered user, you can view information associated with your Account by logging into your Account or by contacting us at support@petalcard.com. In addition, you can access and delete cookies through your web browser settings, as detailed above.
This section applies to any California residents about whom we have collected personal information from any source, including through your use of our Website(s), products or services, or by communicating with us electronically, in paper correspondence, or in person (collectively, for purposes of this section only, “you”). This section explains how Petal may collect, use, and disclose personal information subject to the California Consumer Privacy Act and California Privacy Rights Act (together, the “CCPA”). It also describes the privacy rights of California residents under the CCPA and how they can exercise those rights.This section applies solely to California residents and supplements any other privacy policies or notices applicable to Petal’s Website, Services, or products that you visit or use.
What Personal Information is Covered by the CCPA?
Under the CCPA “personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer/resident or household. Personal information does not include publicly available information, or lawfully obtained, truthful information that is a matter of public concern, information that has been de-identified, aggregate consumer information, or information that does not fall within the definition of personal information above.
The CCPA does not apply to certain information that is already regulated by federal or state privacy laws, such as information subject to the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), and certain other state or federal privacy laws. For example, this California Privacy Rights section does not apply to information that we collect about individuals who seek, apply for, or obtain our financial products and services for personal, family, or household purposes, which is subject to our U.S. Consumer Privacy Notice, or other financial privacy notice applicable to the Petal Website, Services, or products that you visit or use. As such, most of the personal information about you that we may collect and use is protected by the privacy rules of the GLBA and exempt from the CCPA, with potentially only a relatively small dataset of personal information being subject to the CCPA. Please note that the disclosures below may pertain to information that is regulated by GLBA, FCRA, or other laws, and Petal does not waive any applicable CCPA exemptions as to that information by including such disclosures in this Privacy Policy.
Similarly, this section does not apply to information we collect in the context of a person’s role as a job applicant, employee, associate, contractor, or other member of Petal’s workforce, which is subject to Petal’s California Employment Information Privacy Statement. For our California Employment Information Privacy Statement, please click here.
Categories of Personal Information We Collect
In the past 12 months, we have collected the following categories of personal information, as defined in the CCPA, relating to California residents. The categories of personal information that we collect, use, and disclose about a California resident will depend on our specific relationship or interaction with that individual. The examples provided in each category below include both financial and non-financial information and are for illustrative purposes only.
Please note that because of the overlapping nature of certain of the categories of personal information identified above, which are required by state law, some of the personal information we collect may be reasonably classified under multiple categories.
The personal information of California residents that we collect or use will be retained for the length of time as required by applicable state or federal laws or regulations, or in accordance with an applicable Petal policy.
Sensitive personal information. Certain of the above personal information is considered “sensitive personal information” under California law. This includes:
Petal will not retain any information we collect from you for longer than is reasonably necessary for the disclosed purpose of using such information. Our determination of precise retention periods will be based on (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Categories of Sources of Personal Information
In the past 12 months, we have collected personal information relating to California residents from the following sources:
Purposes for which we use personal information
Most of the information we use is in the context of providing financial products and services, and is therefore not subject to the CCPA. We may use personal information relating to California residents for one or more of the following business or commercial purposes:
Disclosure of Personal Information
In the past 12 months, we have disclosed each of the above-listed categories of personal information concerning California residents for the business purposes identified above to one or more of the following categories of third parties and service providers:
In the past 12 months, we have not shared or sold personal information or sensitive personal information relating to California residents in a manner that we consider “sharing” or “selling” as those terms are defined by the CCPA.
Privacy Rights Under the CCPA
If you are a California resident, you have the following rights under California law with respect to the personal information described above, to the extent such information (i) was collected during the 12-month period immediately preceding your request and (ii) is not already subject to privacy and security measures applied under federal law:
• Right to Know. You have the right to request the following information from us about our use of your personal information: (1) the specific pieces of personal information that we have collected about you; (2) the categories of personal information we have collected about you; (3) the categories of sources from which your personal information was collected; (4) the categories of personal information that we have, shared, sold or disclosed; (5) the categories of third parties to whom we have, shared, sold or disclosed your personal information; and (6) the purpose for collecting, sharing, or selling your personal information.
• Right to Correct Inaccurate Personal Information. You have the right to request the correction of your personal information that is inaccurate.
• Right to Delete. You have the right to submit a request for deletion of personal information under certain circumstances, although there may be legal or other reasons that Petal will retain your information.
• Right to Opt-Out of Sale/Sharing. You have the right to opt-out of the sale/sharing of your personal information by us, as those terms are defined by the CCPA. However, as stated above, we do not sell/share your personal information.
• Right to Limit Use and Disclosure. You have the right to limit the use or disclosure of your sensitive personal information to only the uses necessary for Petal to provide our products and services to you, or for certain other authorized purposes.
• Right to Non-Discrimination. You have the right not to receive discriminatory treatment by us for the exercise of the privacy rights described above.
These rights are subject to various exclusions and exceptions under applicable laws and are also subject to our being able to reasonably verify your identity and authority to make a request. To facilitate this verification, you must provide us with your full legal name and mailing address, and we may need to request further information.
You may designate an authorized agent to make a CCPA request on your behalf by completing the Consumer Request form and also submitting the California Authorized Agent Designation form. If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child. As the Petal Card is intended only for individuals ages 18 or older, we do not intentionally collect information about minors.
If you are a California resident and wish to seek to exercise the California privacy rights set forth above, please contact us at support@petalcard.com or click here to submit a request through our interactive form.
Under California Civil Code sections 1798.83-1798.84, California residents are also entitled to ask us for a notice identifying the categories of personal customer information that we share with affiliates and/or third parties for their own direct marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to Petal Card, Inc., MSC – 166931, P.O Box 105168, Atlanta, GA 30348-5168.
For our California employment information privacy statement, please click here.
We will continue to update our business practices as direct regulatory guidance becomes available.
We may change or update this California Privacy Rights section in the future. When we do, we will post the revised section on our website. This section was last updated and became effective on the date posted at the top of this page.
How Can I Delete My Account?
If you decide to delete your Account, you can do so by emailing support@petalcard.com. If you terminate your Account, any association between your Account and information we store will no longer be accessible through your Account. We will continue to store, access, and use information about you and your Account in compliance with this General Privacy Policy and as required by any applicable legal or regulatory obligations.
What Choices Do I Have Regarding My Information?
• You can always choose not to disclose certain information to us, but please note that certain information is required for use of Petal Services.
• You may request that we remove your bank and financial information, although this may negatively impact your ability to use Petal Services.
• You can delete your Account. Please note that we will need to verify that you have the authority to delete the Account, and we will continue to store and use information we collected in connection with your past Account activity.
• You can opt out of certain cookies and tracking technologies. You can learn more about this in the “Information Collected Using Cookies” and “Information Related to Advertising and the Use of Web Beacons; Interest-Based Advertisements” sections above.
• Your browser may offer you a “Do Not Track” or “DNT” option, which allows you to opt out of certain of your online activities over time and across different websites. Petal does not support Do Not Track requests at this time, which means that we may collect information about your online activity both while you are using the Petal Services and after you leave our properties, as we describe above.
Children’s Privacy
The Petal Services are not intended for use by children. We do not knowingly collect personal information from children under the age of 13 years. If we become aware that a child under 13 has opened an account or otherwise provided us with Personal Information, we take steps to terminate the child’s account and delete such information.
What Happens When There Are Changes to this General Privacy Policy?
We may amend this General Privacy Policy from time to time. If we make changes in the way we collect or use information, we will attempt to notify you by posting an announcement on the Petal Services or sending you an email; however, any changes to the General Privacy Policy are effective as soon as we post them here.
For more information regarding this General Privacy Policy, or if you have any questions or concerns, please contact us at support@petalcard.com or +1 (855) 697-3825. This General Privacy Policy was last updated on 12/6/2022.
WHAT DOES PETAL DO WITH YOUR PERSONAL INFORMATION?
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
The types of personal information we collect and share depend on the product or service you have through us. This information can include:
• Social Security number and transaction history
• Account balances and payment history
• Credit history and credit scores
When you are no longer our customer, we continue to share your information as described in this notice.
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Petal chooses to share; and whether you can limit this sharing.
We collect your personal information, for example, when you
We also collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Federal law gives you the right to limit only:
State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.
Companies related by common ownership or control. They can be financial and non-financial companies.
• Petal does not share with our affiliates
Companies not related by common ownership or control. They can be financial and non-financial companies.
• Petal does not share with non-affiliates so they can market to you
A formal agreement between non-affiliated financial companies that together market financial products or services to you.
• Our joint marketing partner includes categories of companies that issue consumer credit.
.svg)
