Skip to content

Privacy Policy

Short Form Privacy Notice

LAST UPDATED: APRIL, 2020
FACTSWHAT DOES METABANK®, NATIONAL ASSOCIATION DO WITH YOUR PERSONAL INFORMATION?
WhyFinancial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.
WhatThe types of personal information we collect and share depend on the product or service you have with us. This information can include:·
  • Social Security number and income
  • Account balances and Transaction history
  • Credit history and Assets
When you are no longer our customer, we continue to share your information as described in this notice.
HowAll financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons MetaBank®, National Association (“MetaBank”) chooses to share; and whether you can limit this sharing.
Reasons we can share your personal informationDoes MetaBank share?Can you limit this sharing?
For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureausYesNo
For our marketing purposes – to offer our products and services to youYesNo
For joint marketing with other financial institutionsYesNo
For our affiliates’ everyday business purposes – Information about your transactions and experiencesYesNo
For our affiliates’ everyday business purposes – information about your creditworthinessNoWe don’t share
For our affiliates to market to youNoWe don’t share
For nonaffiliates to market to youNoWe don’t share
Questions?Go to www.metabank.com.
Who we are
This privacy policy is provided by MetaBank and applies to MetaBank products and services.
What we do
How does MetaBank protect my personal information?To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.
How does MetaBank collect my personal information?We collect your personal information, for example, when you:
  • Open an account or Apply for a loan
  • Make deposits or withdrawals from your account or Provide account information
  • Make a wire transfer
We also may collect your personal information from others, such as credit bureaus, affiliates, or other companies.
Why can’t I limit all sharing?Federal law gives you the right to limit only:
  • Sharing for affiliates’ everyday business purposes – information about your creditworthiness
  • Affiliates from using your information to market to you
  • Sharing for nonaffiliates to market to you
State law and individual companies may give you additional rights to limit sharing. [See below for more on your rights under state law.]
Definitions
Affiliates Companies related by common ownership or control. They can be financial and nonfinancial companies.
  • MetaBank does not share with our affiliates.
Nonaffiliates Companies not related by common ownership or control. They can be financial and nonfinancial companies.
  • MetaBank does not share with nonaffiliates so they can market to you.
Joint MarketingA formal agreement between nonaffiliated financial companies that together market financial products or services to you.
  • Our joint marketing partner(s) include nonaffiliated financial companies that we may partner with to jointly market financial products or services to you.
Other important information
Special Notice for State Residents
Residents of California or Vermont: We will not share with nonaffiliates except for our own marketing purposes, our everyday business purposes, or with your consent.

Residents of Nevada: We are providing this notice pursuant to Nevada law.

Blackhawk Network Privacy Policy

Last Updated: March 1, 2019

Introduction and Scope of Practices

Blackhawk Network Holdings, Inc. and its affiliates (“Blackhawk,” “we,” “us,” or “our”) care about your personal information. This Privacy Policy (“Policy”) describes how we, use this data, disclose the personal information (which includes “personal data” as defined under applicable EU and other data protection laws) we collect about you, and the rights you have regarding such data.  This Policy applies to the personal information Blackhawk collects about users of our websites (including www.blackhawknetwork.com), mobile applications, and the services and features therein (together the “Sites”), as well as the data we collect in providing our services (the “Services”) and when individuals communicate with us about our Sites and Services, whether in person, by telephone, by mail, or other means. When we act as a data processor on behalf of another controller, we collect, use, and disclose certain personal information only under the controller’s instruction, and our processing of your personal information is subject to their instructions and privacy policies.

Please note that links to third-party websites are subject to the third-parties’ privacy policies and terms of use, not ours, unless you are told otherwise. Also, some of Blackhawk’s Services are offered through third-parties, such as banks or other financial institutions. In those cases, the third-parties’ policies will govern their use of the personal information they process about their customers.

Personal Information We Collect

We collect personal information directly from you, through third parties, or automatically through our Sites and related to our Services, subject to applicable laws as set out below. Where the personal information we collect is needed to comply with law, or to enter into or perform an agreement with you, we will inform you at the time of such data collection. If we cannot collect this data, we may be unable to on-board you as a client or provide products or services to you.

Personal Information We Collect Directly from You

  • Contact information, such as name, email address, mailing address, fax or phone number;
  • Payment and financial information, such as credit or other payment card information, bank account, or billing address;
  • Shipping address and related details;
  • Your resume, employment and education history, name and contact details, background details, and references when you apply to job postings or contact us about employment opportunities;
  • Company and employment information;
  • Subject to applicable local law restrictions, Social Security Number or other national tax ID number (for clients and potential clients)
  • Unique identifiers such as user name, account number, or password;
  • Preference information such as product wish lists, order history, or marketing preferences; 
  • Information about your business such as company name, size, or business type; and
  • Demographic information, such as age, gender, interests and ZIP or postal code.


Comments, Posts and Submissions
When you submit online forms, participate in surveys, contests, promotions, or sweepstakes, join online chat discussions or post on a blog, request customer support, or submit testimonials, we collect your personal information, such as contact information, and other information you choose to share. Some of our Sites offer publicly accessible blogs. Any information you provide in these areas may be read, collected, and used by others who access them.

Testimonials
With your consent, we may use your testimonial and your name, e.g. to display personal testimonials of satisfied customers on certain Sites and in print advertisements.

Location
On some Sites we collect geolocation-based information for fraud prevention purposes. With your consent, we may also collect your precise location-based information for purposes such as to help you locate a store offering our products and services in your area. You may withdraw your consent to the processing of location-based information at any time by changing the settings on your device. If you do, you might not be able to use certain features, especially when we use location-based information to prevent fraud.

Personal Information We Collect from Third-Parties
Sometimes, we may collect personal information from third-party sources. For example, subject to applicable law, we may confirm your address with the postal service or we may receive personal information about you from our clients who use our Services. Similarly, if our users choose to send a gift to their friend through our Sites, we will ask for the friend’s name and contact details.

Certain websites also may offer a referral service where users may refer other people they know to our Services, subject to restrictions under applicable local laws. If you choose to use our referral service to tell your friends about our Services, we will provide you with a referral code and signup instructions that you can share with your friends. Where permitted by local law, we conduct such referrals on an opt-out basis. If personal information about you has been provided to us and you want us to delete it, you may email us at privacy@bhnetwork.com.

Personal Information We Collect Automatically
We and our service providers automatically gather information about your use of the Sites and Services through cookies, web beacons, java script, log files, pixels, and other technologies, which include: your domain name, browser type, browser language preference, device type and operating system, page views and links you click within the Sites, IP address, device ID or other identifier, location information, date and time stamp, and time spent using the Services, referring URL, your activity within the Sites, and device geolocation information (where permitted by your device settings).

We also collect information from analytic services, including Google Analytics, to compile and analyze information derived from the use of our Services, such as aggregate usage patterns, user preferences, peak demand times, preferred content and other information.

See the “Cookies and Online Tracking” section below for details.

Use of Your Personal Information and Legal Bases

We may use the personal information we collect for the following purposes:

  • Provide Our Services: To provide our Services, operate our Sites, respond to your enquiries and fulfill your requests and orders, process your payments, for bug and error reporting and resolution, to perform upgrades and maintenance;
  • Customer Service and Support: To send you important information, such as changes to terms, conditions, and policies and/or other administrative information;
  • Personalization: To personalize your experience on a Site or using the Services, such as by tailoring the content we send or display to you in order to personalize help and instructions, and to otherwise personalize your experience using the Services;
  • Marketing and Promotions: To send you marketing communications you have signed up for;
  • Advertising and Referrals: To assist in advertising the Services on third-party websites and to track referrals from partner websites;
  • Analytics and Improvement: To better understand how users access and use the Services, and for other research and analytical purposes, such as to evaluate and improve the Services; 
  • Verify Identity and Detect Fraud: To verify your identity and/or location in order to allow access to your accounts, conduct online transactions, and secure your personal information, and for risk control, fraud detection and prevention, and compliance with laws and regulations;
  • Protect Our Legal Rights and Prevent Misuse: To protect the Services, prevent unauthorized access and other misuse, and where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Use or this Policy.
  • Comply with Legal Obligations: To comply with the law or legal proceedings such as when required to disclose information in response to lawful requests by public authorities, including responding to national security or law enforcement disclosure requirements; and
  • General Business Operations: Where necessary to the administration of our general business, accounting, recordkeeping and legal functions.

Aggregated and Anonymized Information
We may also generate aggregated, pseudonymized and/or anonymized information about users for marketing, advertising, research or similar purposes.

Purpose of Use
In the table below, we explain the purposes for which we use and process your personal information, as well as the legal bases for such use and processing under the European Union’s General Data Protection Regulation (“GDPR”) and other applicable laws.

Purposes of Use (see above)Legal Bases of Processing (where applicable)
Provide Our Services Customer Service and SupportNecessary to enter into or perform a contract with you (upon your request, or as necessary to make the Services available) Our legitimate business interests*
Personalization Marketing and Promotions  Advertising and ReferralsOur legitimate business interests*With your consent
Analytics and ImprovementOur legitimate business interests*
Verify Identity and Detect Fraud Protect Our Legal Rights and Prevent Misuse Comply with Legal ObligationCompliance with lawEstablish, defend or protect our legal interestsOur legitimate business interests*
General Business OperationsOur legitimate business interests*Establish, defend or protect our legal interestsCompliance with law

* For personal information from the EU, the processing is in our legitimate interests, which are not overridden by your interests and fundamental rights. Our legitimate interests include our interests in verifying identify, detecting and preventing fraud, protecting and improving our products and services, in support of our general business operations, and to comply with our legal obligations.  We only send marketing communications to EU consumers who provide opt-in consent or who are covered by “soft opt-in” exemptions.

How We Disclose Personal Information We Collect

Sale of Data
We do not sell your personal information to third-parties.

Affiliated Blackhawk Companies
We disclose personal information among our affiliated and subsidiary companies in furtherance of the purposes set out in this Policy; their processing of your personal information is subject to this Policy.

Service Providers
We disclose your personal information to certain companies that provide services to us and on our behalf and subject to our written instructions, such as shipping payment, hosting, and other support services; these companies may be located in the EU, the United States, and other jurisdictions.

Clients and Partners
Where we process personal information on behalf of our clients or partners, we process and share your personal information with that entity subject to its instructions. In such cases the client or partner is the controller of your personal information. This Policy does not apply to Blackhawk’s processing of your personal information in its capacity as the client or partner’s data processor and our use of your personal information is subject to their instructions. Rather, where our client or partners process and use your personal information as controllers, their own privacy policy applies.

Referral Partners
We offer referral-based commission systems through third-party partners so that publisher websites may refer users to our pages to make purchases. These partners will be identified when you sign up, and we will obtain your consent in jurisdictions where this is required (and not other legal basis applies). Your personal information collected in such cases will be owned and controlled by both Blackhawk and the partner as independent data controllers. This Policy governs only Blackhawk’s use of such data. The partner’s own privacy policy governs its use of the data.

Product Short Notices
Some products offered in conjunction with banks have unique data sharing agreements. Where relevant, Blackhawk will make available to you short privacy notices of each product’s sharing policies on its website.

Additional Disclosures
We may also disclose your personal information in the event of the situations below.

  • As permitted or required by law, such as to comply with a subpoena, or similar legal process;
  • When we believe in good faith that disclosure is necessary to respond to claims asserted against us, protect our rights, protect your safety or the safety of others, investigate fraud, comply with legal process (e.g., subpoenas or warrants), or respond to a government request;
  • If Blackhawk is involved in a merger, acquisition, or sale of all or a portion of its assets, or in the event of a bankruptcy or dissolution of our business, your personal information may be transferred to an acquiring business or third party, including in contemplation of or related to due diligence for such business transactions, subject to any applicable restrictions under applicable laws. You will be notified by email and/or by a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information; and
  • To any other third party with your prior consent.

Aggregate and Anonymized Information
We may share aggregate and anonymized information about users with certain third parties, including for marketing, advertising, research or similar purposes. 

Cookies and Online Tracking

We and our third-party service providers collect information automatically through cookies, beacons, pixels, tags, scripts, and HTML5, as well as log files. We, or our service providers, may combine this information with other information, including personal information we collect about you, to record your preferences, gather information about the use of our Services, identify when our emails are viewed, personalize content and ads and track information about the performance of our advertisements.

Cookies
These are small files with a unique identifier that are transferred to your browser through our websites. These technologies allow us to collect information such as browser type, time spent on our Sites, pages visited, language preferences, and your relationship with us. We can use this information to analyze trends, administer the website, track users’ movements around the website, measure the effectiveness of our communications, tailor our advertising to you, and gather demographic information about our user base as a whole. These technologies may provide us with information about devices and networks you utilize to access our Services, and other information regarding your interactions with our Services. For detailed information about the cookies used in the Services and how you can manage your cookie preferences or reject cookies altogether, please read and review our Cookie Policy.

Pixels, Web Beacons, Clear GIFs
These are tiny graphics with a unique identifier, similar in function to cookies that we use to track the online movements of users of our web pages and our Ad Services, and to personalize content, and to identify when our emails are viewed or forwarded. Our third-party partners may use Local Shared Objects, such as Flash cookies, to embed features on our sites. To manage Flash cookies, please click here.

“Do Not Track” Preferences
Our Site does not recognize do-not-track signals, however, we do not track your online activities across different Sites, and we only track your activity within a Site to the extent you log into your account. Therefore, our practices remain the same whether or not you enable the “Do Not Track” feature. For more information about do-not-track signals, please click here or see in our Cookie Policy.

Third-Party Analytics
We also use automated devices and applications, such as Google Analytics (more info here) to evaluate use of our Services. We use these tools to gather non-personal information about users to help us improve our Services and user experiences. These analytics providers may use cookies and other technologies to perform their services on our behalf. See our Cookie Policy for more information about our use of analytics tools.

Marketing and Targeted Advertising

We partner with third-party ad networks and third-party ad companies to manage our advertising on other sites. Our third-party partner use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you personalized advertising based upon your browsing activities and interests.  Please see the “Cookies and Online Tracking” section above or our Cookie Policy for more information.

Marketing and Newsletters
If you subscribe to our newsletters, we will use your name and email address to send them to you. You may choose to stop receiving our newsletter or marketing emails at any time by following the unsubscribe instructions included in these emails or accessing the email preferences in your account.

Custom Audiences
Subject to local law restrictions, we may disclose certain information (such as your email address) with third parties – such as Facebook (more info on Facebook Custom Audience here) so that we can better target ads and content to our users, and others with similar interests on these third parties’ platforms or networks (“Custom Audiences”).  We may also work with third-party ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others.  If you would like to opt-out of being included in our Custom Audiences going forward, email us at privacy@bhnetwork.com and we will opt you out of our future Custom Audiences.

Opting Out of Ad Networks

How to opt out. If you wish to not have this cross-site information used for the purpose of serving you targeted ads, you may opt-out of many ad networks by clicking here (or if located in the European Union, click here). You will continue to receive ads on the sites you visit, but the ad networks from which you have opted out will no longer target ads to you based upon your activities on other sites. Please note, however, that these opt-out mechanisms are cookie based; so, if you delete cookies, block cookies or use another device, your opt-out will no longer be effective. For more information, go to www.aboutads.info.

For more information, and to opt out of interest based ads from many ad networks, see our Cookie Policy. Note, if you delete cookies or change devices, your opt-out may no longer be effective.

Social Media Widgets

Our Sites include social media features, such as the Facebook “Like” button, either hosted by a third-party or hosted directly on our website (“Widgets”). Please refer to the privacy policies of the relevant third-party websites or services to find out more about the collection, use, and disclosure of your information through such features. We will comply with any legal obligations placed on the use of these technologies by certain jurisdictions, which may affect how these Widgets function.

Security

The security of your personal information is important to us. We have implemented safeguards designed to protect the personal information submitted to us. Please note that no data transmission over the Internet cannot be guaranteed to be 100% secure. As a result, we cannot guarantee or warrant the security of any personal information that we process.

Retention

We will retain your information for as long as your account is active or as needed to provide you services and up to a period of no longer than seven (7) years, unless the period is required to be different under applicable law. To the extent permitted by applicable law, we may also further retain and use your personal information only as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements.

Image Submissions and Public Directories

Some of our websites offer you the ability to upload your own image to be used to create a personalized product. You may have the option to make these images available in publicly-accessible directories. You should be aware that any information you provide in these areas may be read, collected and used by others who access them. You may request removal of your personal information at any time.

Your Rights

Certain countries and regions, including the European Union, have enacted laws that provide for privacy rights for individuals located in the EU. Regardless of your location and jurisdiction, Blackhawk may at its sole discretion choose to extend these rights to all individuals, and to comply with requests as detailed below. We do not charge for these services but in certain cases we may require further proof of your identity or ask you to clarify the scope and nature of your request if it is unclear. Where you are entitled to a right, we will respond to your request within the timeframe set out by law, or where we provide answers on a voluntary basis within a reasonable timeframe.

Please note that we only respond directly to you in cases where we are the controller of your personal information. Where we are acting as a data processor on behalf of a client or partner, we will forward your request to the client or partner who is the data controller of your personal information.

Access, Rectification, Portability and Deletion
You have the right to access, rectify (correct), or delete your personal information held by us or may ask for a restriction of processing. You may also have the right to ask for an overview or copy of your personal information or to request that certain of your personal information be exported to you or to another provider where technically feasible (data portability).  On some of our Sites, you may access, rectify, or delete your personal information by making the change directly on your account page.  You may also make these requests by sending an email to privacy@bhnetwork.com or by sending your request by postal mail to the address below. 

Please note that there are some limitations to these rights.  For example, we will not be able to delete your personal information if we are required by law to keep it or if we hold it in connection with a contract with you. Similarly, access to your personal information may be refused if making the information available would reveal personal information about another person or if we are legally prevented from disclosing such information. If we cannot fulfill your request, we will inform you about why we cannot comply with your request.  

Withdrawal of Consent
Where we process your personal information based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Object to Processing
You have the right to object to processing (including profiling) based on legitimate interest grounds, where we are relying upon legitimate interests to process personal information.  If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal information for the establishment, exercise or defense of legal claims.  Where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.

Object to Marketing
You have the right to object to our use of your personal information (including profiling) for direct marketing purposes, such as when we use your personal information to invite you to our promotional events.

Right to Lodge a Complaint
You have the right to lodge a complaint with your supervisory authority, if you consider that the processing of your personal information infringes applicable law.

To exercise your rights email privacy@bhnetwork.com (or contact us as indicated in the ‘Contact Us’ section below).  Please keep in mind that certain services will not be available if you withdraw your consent, or otherwise delete or object to our processing of certain personal information. We will respond to your request in accordance with applicable law, and we will inform you if we do not intend to comply with your request.

Protecting Children’s Privacy Online

Our Sites are not directed to children and we do not knowingly collect personal information from children under the age of sixteen (16), and we request that such individuals do not provide personal information through our Sites.

International Transfer

The personal information we collect from you may be transferred to, stored at or processed in other countries, including the United States or outside the European Economic Area, which may not provide equivalent levels of data protection to your home jurisdiction.

We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements. For transfers from the EU, United Kingdom (“UK”) or Switzerland to the U.S., Blackhawk Network relies on its Privacy Shield certification (see below). Safeguards may also include adequacy decisions by the EU Commission or putting in place standard contractual clauses as approved by the European Commission (the form for the standard contractual clauses can be found here: EU Commission Standard Contractual Clauses) or another applicable supervisory body.

Privacy Shield Certification

The Blackhawk Network, Inc. and the subsidiary companies listed below comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom (“UK”) and/or Switzerland to the United States in reliance on Privacy Shield:

Achievers LLCCardLab, Inc.
Blackhawk Engagement Solutions (DE), Inc.CashStar Inc.
Blackhawk Engagement Solutions (MD), Inc.GiftCardLab, Inc.
Blackhawk Engagement Solutions, Inc.GiftCards.com, LLC
Blackhawk Issued Content, LLCGlobal Incentive Solutions, LLC
Blackhawk Network (Overseas Territories), LLCIMShopping, Inc.
Blackhawk Network California, Inc.Incentec Solutions, Inc.
Blackhawk Network Holdings, Inc.Main Street Solutions US Inc.
Blackhawk Network, Inc.Measureprepaid, LLC
CardLab (TX), Inc.OmniCard, LLC

Blackhawk Network has certified to the Department of Commerce that the above companies adhere to the Privacy Shield Principles with respect to such information.  If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Blackhawk is responsible for the processing of Personal Information it receives, under the Privacy Shield Framework, and subsequently transfers to a third-party acting as an agent on its behalf. Blackhawk complies with the Privacy Shield Principles for all onward transfers of personal information from the EU, Switzerland and/or the UK, including the onward transfer liability provisions.

With respect to Personal Information received or transferred pursuant to the Privacy Shield Framework, Blackhawk is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Blackhawk may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. We are committed to cooperating in the resolution of disputes with individuals through this process.

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Updates to This Policy

This Policy may be subject to change. Please review it from time to time. If we make material changes to this Policy about how we process your personal information, we will post those changes on this page and revise the “Last Updated” date at the top and we will notify you by email or prominent notice on this Site prior to the change becoming effective. Where required by law, we will obtain your consent or give you the opportunity to opt out of such changes. Any changes will become effective when we post the revised Policy.

Contact Information

If you have any questions or concerns regarding the way in which your personal information is being processed, please reach out to us using the contact information below:

Chief Privacy Officer
Blackhawk Network, Inc.
6220 Stoneridge Mall Road
Pleasanton CA 94588
privacy@bhnetwork.com

EU Inquiries

You may contact Blackhawk Network, Inc. at the address or email above or the appropriate Blackhawk EU Data Protection Officer listed below, and we will work to properly respond to your inquiry or request.

Blackhawk Network DPO (European Union except Germany, Austria and Switzerland): ourprivacycommitments@bhnetwork.com

Blackhawk Network DPO (Germany, Austria, and Switzerland):     
privacy@bhnetwork.de

If you have any further queries or complaints that we are not able to answer, you should contact the Data Privacy Supervisory Authority for the country in which you reside.  A list of National Data Protection Authorities in the European Economic Area can be found here.