Thanks Privacy Policy - Last updated in 01 May 2024

At Thanks (Thanks Ad Pty Ltd ABN ​​15 665 397 062), the protection of your Personal Data (as defined below) is critical in our mission to craft and deliver offers people love to find. Our Privacy Policy (this document) outlines how we collect, use, store and most importantly, how we protect your Personal Data, so please take the time to read through it.

Why Thanks collects your Personal Data

We collect your information only when it is reasonably necessary for the purposes of providing you promotions and offers on the Thanks platform. Some examples of this may include, among others:
‍
_To show you relevant advertising promotions or offers
_To exclude you from seeing offers, where you explicitly request this
_To best answer your questions or concerns
_To understand how we can best serve you on an ongoing basis
_To ensure we let you know in an appropriate manner about what we can offer you in the future
_To comply with all our legal and regulatory obligations
_To improve our systems, procedures and products
_To manage our relationship with third-party vendors or business partners in connection to our customers’ experience with our products and services
_To measure and analyze your customer experience while using our services or products

The type of Personal Data we collect

“Personal Data” is any information about you that either readily identifies you, or can be used to identify you, your location or your contact details, either by itself or when combined with other information that can be associated with you, or as may be otherwise defined by applicable law. Personal Data includes contact information (e.g. email address, telephone number), online information (e.g. IP addresses, device identifiers), and other data which can be used individually or in combination with other data (such as gender, marital status, age, or postcode) to identify an individual . The type of information we collect relates directly to what is reasonably necessary for Thanks business activities and limited to Personal Data that a merchant partner shares with us along with metadata that describes you, but does not readily identify you. For example, Thanks collects information which includes or may include:

_Your name and contact information (including phone number or email or mailing address);
_Your employment status and title;
_Your metadata, such as IP address, ISP and IP location, service type, internet speed, and browser information
_Your activity as recorded by our, or our partners’, software such as widgets or APIs, which may contain your order history, order amounts, cart data and history, and purchase history (your “usage data”)

You may not wish to provide us this information or you may wish to remain anonymous, however, we may not be able to offer you with the product or relevant services you’ve requested or give you the service you expect without it. If you do not want us to collect your Personal Data as described herein, do not consent to our collection of your information when signing up to our offers, services or products.

Our goal is to provide offers that are relevant to you, however, we do not wish to store any information which could be used to personally identify you without your consent, i.e. we do not store, track or collect your name, full address, mobile phone number, or email address in plain text, and take reasonable steps to limit access to it or keep it unidentifiable.

We don’t collect details about your race, ethnicity, political views, religious or philosophical beliefs, sexual preferences, health, genetics or criminal records as it has no bearing on the services we provide.

Thanks has a strong commitment to comply with the laws and regulations that protect your Personal Data (“Data Protection Laws”), which include, but are not limited to, the European Union’s General Data Protection Regulation (GDPR), the Australian Privacy Act, and other federal and state regulations, such as the California Consumer Protection Act (CCPA), as applicable to Thanks in the jurisdictions where it conducts its business.
‍

How Thanks collects your Personal Data

Thanks collects information about you when our “Offers” widget is shown on partner merchants “thank you page” or “confirmation page,” as it is known. This is the page you see after you complete a purchase online at a partner merchant’s website. On this page you may be presented with unique offers, promotions or incentives. It is at this time that the merchant may pass us Personal Data, and we may collect metadata, as described above. We then store all non-identifiable information to assist with determining which promotions are best for you. If a merchant partner erroneously transfers us Personal Data such as name, email or address, we will not store this information as it has no bearing on our service and our ability to provide the service.
‍
We may also collect Personal Data from you when you subscribe to some of our newsletters or weekly communications programs, such as our “Thanks Weekly” program, and use it for the purposes indicated at the time of subscription.

Some of your Personal Data may also be collected via indirect sources. These may include:

_A survey you completed
_Responses you’ve made to an offer or promotion
_Through our employees, agents, contractors or suppliers
_Third-party service providers
_From publicly available sources such as through the purchasing of marketing lists, databases and data aggregation services
_When we are required by law or regulation to do so

Other ways we collect information include via online activity, such as your Internet Protocol (IP) address, through analytic or advertising “cookies” or digital identifiers, which are usually small lines of text that are stored with your Web browser for record keeping purposes, and which we use to obtain statistical information and to understand what advertising, offers or services may be relevant to you. Your browser has options in its security settings to accept, reject or provide you with a notice when a cookie is sent, and you can clear these and disable future use of cookies and digital identifiers if you want to.

How Thanks holds your Personal Data

At Thanks we have a series of security measures in place to protect your Personal Data. First of all, we store your data on an as-needed basis. If we don’t need it, we don’t store it. We have a pre-process that strips unnecessary Personal Data such as name, and address, should this be erroneously collected from you. We keep customer information in controlled systems that are protected with authorized access only and prevent copying of your stored Personal Data. We manage and access privileges to ensure the minimal Personal Data that we do store is limited to only those who need access to it for our legitimate business purposes. We also provide continuing training to our staff and regular security reviews. We have procedures in place to mitigate any security risks or breaches, but you must keep in mind that no security system is 100% secure and such incidents may occur. Most importantly, we remain ever-attentive to protecting your Personal Data.

Who Thanks may share your Personal Data with

Thanks is a solely owned Australian company based in Sydney, Australia. From time to time, we may share your Personal Data with other affiliates or subsidiaries of our business group. We may also share your Personal Data with third-parties outside of our organization for different purposes, including:
‍
_Legal, regulatory or self-regulatory authorities overseeing a complaint or concerns of yours, or a matter involving you
_Vendors we rely on to conduct our business and are necessary for us to be able to provide our services and products.
_Our professional advisors or contractors, such as our auditors, accountants or lawyers or other professional consultants.
_Market research and customer review organizations who can assist us in developing or improving the quality of our services and products.
_Software providers we may contract with in order to provide advertisement or offers, such as digital advertisement or e-commerce related platform companies.
_Any authorized government or regulatory or self-regulatory authority or enforcement agency we are required or specifically permitted under law to share your Personal Data with.

Marketing and advertising

Besides displaying offers and promotions on partner merchants’ website’s or apps, Thanks will never contact you directly via email or phone for the purposes of marketing or advertising. We may re-target you with third-party advertising platforms, such as Facebook or Instagram or other platforms, to further promote offers we deem of relevance to you.

Your rights regarding your Personal Data we collect or store

Depending on which jurisdiction you are located in, you may have certain rights related to your access and/or management of your Personal Data stored by us. Please contact us if you want more information about your rights regarding your Personal Data.

In certain circumstances, you may have the following rights under Data Protection Laws:
_The right to access, update or to delete the information we have on you. Thanks may also give access, where we are permitted or obliged to under applicable law, to your Personal Data. Some circumstances where this may occur include to react to unlawful activity, to reduce or prevent a serious threat to life, health or safety, or with serious misconduct.
_The right of rectification: you may have the right to have your Personal Data rectified if that information is inaccurate or incomplete. If you believe there are errors with the information we hold about you, we ask that you let us know as soon as is practical, and you always have the right to ask us to correct this information.
_The right to object: you may have the right to object to our processing of your Personal Data.
_The right of restriction: you may have the right to request that we restrict the processing of your Personal Data.
_The right to data portability: you may have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
_The right to withdraw consent or opt-out: you may also have the right to withdraw your consent at any time. Withdrawing your consent or opting-out of any data collection notice or request will not result in any reprisal from Thanks, but may hinder or impair the quality of the services or products we strive to make available to you, or our ability to do so.

Please note that we may ask you to verify your identity before responding to such requests.  You may have the right to complain to the applicable data collection authority about our collection and use of your Personal Data.
Please also take into account that given the limited personally identifiable information we collect; we may not be able to link data we store with you directly. For example, if we do not receive your email address, address or name, but only receive your IP address, this itself may not be enough to accurately identify you. If we are able to identify you and find matching data, we will provide this to you. If your request is particularly complex or requires a detailed search, there may be an associated charge that is fair and reasonable in relation to the effort required.
‍
We will let you know if there is, prior to undertaking your request.
‍
If so requested, we would also supply your Personal Data to any authorized representative or nominated contact person you have agreed to, including your legal advisors, trustees, guardian or advocates. Basically, Thanks will only supply information to people you nominate or if the disclosure relates to the main reason we collected the information and you’d reasonably expect us to do so.
‍
There are some instances where we may not be able to provide access, such as if we are prevented by law; if it poses a serious threat to health or safety; where it may have an unreasonable impact on the privacy of others; where it may prejudice a law enforcement or crime prevention activity; where it may prejudice legal proceedings or negotiations Thanks has with you; or where revealing the information is connected with a commercially sensitive decision making process or where we are not able to find a match

Our region-specific compliance

Although we are based in Australia, we may offer our products and services in different locations around the world, in our mission to help our customers around the globe. Where applicable, Thanks implements different mechanisms to transfer Personal Data in compliance with Data Protection Laws.

European Economic Area

If you are located in the European Economic Area, the United Kingdom, or Switzerland (the “GDPR Area”), and we provide any Personal Data about you to any non-GDPR Area service providers or suppliers, where we are required to do so, we will take appropriate measures to ensure that the recipient protects your Personal Data adequately in accordance with this Privacy Policy and Data Protection Laws. These measures include:

_Ensuring that there is an adequacy decision in respect of the country to which the Personal Data is being transferred, which means that the applicable authority of the GDPR Area has concluded that the laws and practices of the destination country provide adequate protection for Personal Data.
_The use of standard model contractual arrangements with the recipient of Personal Data which have been approved by the European Commission and consolidated into the GDPR as the Standard Contractual Clauses (“SCC’s”).
_The EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)

Further details on the steps we take to protect your Personal Data are available from us on request by contacting us by email at compliance@thanks.co at any time.

Retention of Personal Data:
We will retain your Personal Data for as long as needed to fulfill the legitimate business purposes for which we collected it and for a reasonable period thereafter in order to comply with audit, contractual, or legal requirements, or where we have a legitimate interest in doing so. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may retain aggregated or de-identified data indefinitely or to the extent allowed by the Data Protection Laws. We may retain Personal Data preserved in automatically generated computer back-up or archival copies generated in the ordinary course of our information technology systems procedures.

Our Legal Basis for processing your Personal Data (EEA, UK, and Swiss Visitors Only)

If you are a visitor from the GDPR Area, Thanks’s legal basis for collecting and using the Personal Data collected will depend on the Personal Data concerned and the specific context in which we collect it.In most circumstances, we collect Personal Data (i) where it is needed for the performance of a contract, (ii) where the processing of the Personal Data is in our legitimate interests and not overridden by your rights, or (iii) where you provide your consent. Other times, your Personal Data may be collected in order for us (iv) to comply with a legal obligation, (v) to perform a task for the public interest, or (vi) for the protection of your or another’s vital interests.

If we collect and use your Personal Data in reliance on our legitimate interests or those of any third-party, we will make clear to you at the relevant time through this notice or otherwise what those legitimate interests are. Oftentimes, legitimate interests involve our normal day-to-day operations, such as the ability to operate our platform and communicate with you as necessary to provide our services, responding to your inquiries, or marketing. We may transfer Personal Data to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided at the bottom of this Privacy Policy.

If you are a resident of the GDPR Area, and where Thanks is a data controller, your data protection rights are as follows:

_You can request access, correction, or deletion of your Personal Data. You can do so at any time by submitting a request via compliance@thanks.co.
_You can object to processing of your Personal Data, ask us to restrict processing of your personal data or request portability of your Personal Data. You can do so at any time by submitting a request via compliance@thanks.co.
_You have the right to opt-out of marketing communications we send to you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or by visiting your privacy preferences in your dashboard
_To opt-out of other forms of marketing, such as telemarketing, then please contact Thanks using the contact details provided below or by email at compliance@thanks.co.
_If Thanks has collected and, currently processes, your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
_You have the right to complain to a data protection authority about Thanks’s collection and use of your Personal Data.

Thanks responds to verifiable requests received from individuals who wish to exercise their data protection rights in accordance with applicable data protection laws. When contacting us, please provide us with detailed information about the Personal Data you are requesting we correct, update, amend, or remove, and the timeframe and manner in which you believe we came to collect your Personal Data. If we obtained your Personal Data from a customer or third party acting on your behalf, you should contact the company or person you provided your information to. If you would no longer like to be contacted by one of our Customers or would like to have your Personal Data corrected, updated, amended, or removed, please contact the Customer/data controller that you interact with directly.
‍

California Residents

The California Consumer Protection Act as amended and applied by the California Privacy Rights Act (CCPA) provides consumers (California residents) with specific rights regarding the processing of their Personal Data. If you are a California resident, you may be subject to the following provisions.

Categories of Personal Data Collected
In the preceding 12 months, Thanks may have collected the following categories of Personal Data about California consumers. We may collect this Personal Data directly from you, from third parties, and from your interactions with our software or applications. For additional details regarding the Personal Data Thanks collects and where it is collected, please review the outline of our practices as described above. As defined by CCPA, the Personal Data categories are:

_business contact information, including identifiers such as name, email address, address, and phone number;
_commercial information, such as records of products or services purchased and other transactional data;
_Internet or other network or device activity details, such as technical data about your use of our website or applications;
_geolocation data, such as your approximate location based on IP address;
_audio, electronic, or visual data, such as part of a photo or recording for a Thanks in-person or virtual event.

In regard to Personal Data provided by you, from third-parties, or from your interactions with our software or applications, we may retain Personal Data for as long as is needed for the purpose(s) for which it was collected and no longer than is relevant and reasonably necessary. Our retention periods vary based on business, legal and regulatory needs.

Purposes for Collection
Thanks may collect the categories of Personal Data described above for business and operational purposes, marketing and commercial purposes, security purposes, and legal and compliance purposes, as further described above. In the preceding 12 months, and where applicable, we may have disclosed each of these categories to our service providers, affiliates, partners, resellers, and event sponsors, in line with the applicable purpose(s) as described above.

Categories of Personal Data Sold/Shared for Cross-Context Behavioral Advertising
In the preceding 12 months, we may have disclosed the above categories of Personal Data to third-party advertising partners, such as in connection with our use of tracking technologies for cross-context behavioral advertising or by providing lists of email addresses for potential customers, so that we can reach you across the web with advertisements for our products and services. This may be considered “sharing” or a “sale” under the CCPA.

Sensitive Personal Data
In the preceding 12 months, Thanks has not collected, shared, or sold any sensitive Personal Data as described in the CCPA.

Your Rights under the CCPA
_You have the right to know what Personal Data we collect, use, disclose, share and sell about you.
_You have the right to request we correct Personal Data we collect and maintain about you if such Personal Data is inaccurate.
_You have the right to request we delete Personal Data we collect and maintain about you.
_You have the right to opt-out of the sale or sharing of your Personal Data. Thanks shares personal data as described above, which may be considered a “sale” of Personal Data under the CCPA.
_You have the right to limit the use or disclosure of your sensitive personal data. Thanks does not collect, share, or sell sensitive Personal Data.
_You have the right not to receive discriminatory treatment from Thanks for exercising your privacy rights under the CCPA.
_You have the right to designate an authorized agent to make a request on your behalf when exercising your privacy rights under the CCPA.

To opt-out of the sale/share of your Personal Data, please submit a request to compliance@thanks.co, or by setting your privacy preferences by visiting your dashboard and following the directions provided on that page.
‍
If you are an authorized agent making a request on behalf of a California consumer, please email your request to compliance@thanks.co and provide us the first name, last name, and email address of the California consumer you are making the request for. If you do not provide the requested information, we may not be able to identify the California consumer and process the request. The information you provide will be used only to help verify and process the request. We reserve the right to request you demonstrate evidence of your authorization, either by providing us with a signed permission form or a copy of your power-of-attorney document granting you such authority.
‍
If we obtained your Personal Data from a customer or third-party acting on your behalf, you should contact the company or person you provided your information to. If you would no longer like to be contacted by one of our customers or would like to have your Personal Data corrected, updated, amended, or removed, please contact the customer/business that you interact with directly.

How to contact Thanks about Your Rights

Should you have questions, requests or concerns about your privacy, Thanks can be reached by emailing compliance@thanks.co.
‍
Alternatively you can mail us at: 81-83 Campbell Street, Surry Hills, NSW 2010, Australia.
‍
We maintain and update the Personal Data that we hold as it becomes necessary and our aim is to ensure we hold accurate, up-to-date and complete information, so please contact us if you think our records need correcting.
‍
If you have any queries concerning this Privacy Policy or our practices please contact us using the above contact details.

Changes to this Privacy Policy

We may update this Privacy Policy and its last modified date at any time to reflect changes to our information practices. If we make significant changes in how we use your Personal Data, we will notify you by email if feasible or by means of a notice on this. We encourage you to periodically review this page for the latest information on our privacy practices.