Astro is providing this supplemental privacy notice to give California residents the additional information required by the California Consumer Privacy Act (the “CCPA”) and other California laws.
At Astro, we are committed to protecting the privacy and security of all Personal Information that is entrusted to us. Astro has a Privacy Policy to help ensure your information is handled properly, and your Personal Information is protected. It also reflects the requirements of the privacy laws in all the countries and states where Astro operates. Our Privacy Policy describes our privacy and security practices in detail.
In the United States, the payment transaction information that Astro collects when it operates its payment networks is regulated by existing federal financial privacy laws. The CCPA recognizes that such financial information is already protected by federal privacy law, so the CCPA does not apply to this information. Astro’s privacy program reflects the sensitivity of the financial and other information we handle.
Beyond financial information, Astro does collect certain information that is subject to the CCPA. The CCPA applies to (1) Personal Information, and (2) our marketing data, which we collect when consumers sign up for marketing from Astro, attend Astro-sponsored events, or interact with our websites and apps. This supplemental privacy notice explains our practices for this CCPA-covered information.
As a global payments technology company, Astro fulfills many roles. When we act as a service provider for Astro card issuers and merchants, we only collect and use Personal Information as authorized by our contracts with our clients. If you have questions about how these companies handle your Personal Information, or wish to exercise your rights, please contact them directly.
CCPA Rights
The CCPA provides California residents with specific privacy rights, including the right to receive a privacy notice, the right to know what information we have collected about you during the past twelve months and the right to know what categories of personal information we have shared with third parties. CCPA gives California residents the right to opt-out of having their personal information sold1. CCPA also gives California residents the right to request deletion of their personal information.
For information that Astro collects subject to the CCPA, this notice describes the categories of information that we collect from California residents generally, the sources of the information, the purposes for which we use the information, and the categories of third parties to whom we disclose the information for business purposes. Astro does not sell personal information.
As described below, Astro may share personal information with its affiliates and service providers. We may also disclose personal information to third parties for business purposes as permitted by CCPA, such as to our auditors, for compliance or security, or in connection with mergers and acquisitions.
We may also share personal information with third parties based on your consent, such as if you enroll in a co-branded marketing program or if you explicitly accept our use of third-party advertising cookies.
1Personal information of children under the age of 16 cannot be sold without affirmative written consent. Astro does not sell children's information.
How to Exercise Your Rights
If you are a California resident, you may exercise your rights or authorize another person to act on your behalf by:
- Email us: privacy@astrobanking.com
(Please do not include sensitive information, such as your account number, in emails) - Mailing us a letter:
Astro Financial, Inc. – Privacy Office
4136 Del Rey Avenue, Suite 612
Marina del Rey, California 90292
Please note that we will need to verify your identity before we can fulfill your CCPA-related request. The information that we maintain is subject to CCPA generally consists of marketing information, we will generally verify your identity using your email address. We will respond to requests using the email address that is associated with the information we maintain.
If you would like to designate an agent, please send an email from your own email address to privacy@astrobanking.com indicating the name and email address of your agent. We will respond to that person's requests using both your email address and the agent’s email address.
Please understand that your rights are subject to some limitations:
- For security reasons and to prevent unauthorized disclosure of personal information, cardholders should contact their payment card issuers to access their card transaction data. This helps ensure that access to the information is only provided to the authorized individuals, subject to the issuer’s verification processes.
- CCPA provides that service providers should refer access and deletion requests to the companies with whom the individual has the direct relationship. In many cases, we act as a service provider for card issuers and merchants, including rewards networks. If you have questions about how your issuer or a rewards network handles your personal information, please check the privacy notices provided by these companies and contact them directly for assistance with your relevant privacy requests.
- CCPA also prohibits companies from including certain elements of sensitive personal information, such as payment card number, in their access reports, even if you have provided those data elements to use for marketing.
- If you request that we delete your personal information, we will do so except in those situations where our retention is required for our internal business purposes or otherwise permitted by CCPA (such as for fraud prevention or legal compliance). In these situations, we will retain your information in accordance with our records retention program and securely delete it at the end of the retention period.
Financial Incentives
Astro collects personal information in order to deliver offers and promotions and to enable loyalty programs. While we cannot calculate the precise value of your information to us, our offers and incentives generally reflect the value of the relationships that we have with the individuals who participate in the program.
We will not discriminate against you if you exercise your rights under CCPA. However, if you ask us to delete your information, you will not be able to receive additional offers or promotions for which the deleted information was needed for program participation. Any offers or promotions sent to you previously will continue to be honored according to their original terms.
CCPA Rights to Know Disclosures
Contact Information
Category and Sources of Personal Information
We collect this type of information from you when you voluntarily give it to us. For example, you may:
- Sign up for offers, marketing programs, or co-branded promotions
- Enter a sweepstakes or contest
- Attend an Astro-sponsored event
Representative Data Elements
Data elements in this category include:
- Name
- Username
- Mailing address
- Email address
- Telephone number
- Mobile number
Purpose for Collecting and Sharing the Personal Information
We use this type of information to identify you and communicate with you, including:
- To send transactional messages (such as confirmations)
- To send marketing communications, surveys, and invitations
- To personalize our communications and provide customer service
- For our Everyday Business Purposes2
2Everyday Business Purposes encompasses the Business Purposes (as defined in the CCPA) and following related purposes for which personal information may be used:
- To provide the information, product or service requested by the individual or as reasonably expected given the context in which with the personal information was collected (such as customer credentialing, providing customer service, personalization and preference management, providing product updates, bug fixes or recalls, and dispute resolution);
- For identity and credential management, including identity verification and authentication, and system and technology administration;
- To protect the security and integrity of systems, networks, applications and data, including detecting, analyzing and resolving security threats, and collaborating with cybersecurity centers, consortia and law enforcement about imminent threats;
- For fraud detection and prevention;
- For legal and regulatory compliance, including all uses and disclosures of personal information that are required by law or reasonably needed for compliance with company policies and procedures, such as: anti-money laundering programs, security and incident response programs, intellectual property protection programs, and corporate ethics and compliance hotlines;
- For corporate audit, analysis and reporting;
- To enforce our contracts and to protect against injury, theft, legal liability, fraud or abuse, and to protect people or property, including physical security programs;
- To de-identify the data or create aggregated datasets, such as for consolidating reporting, research or analytics;
- To make back-up copies for business continuity and disaster recovery purposes; and
- For corporate governance, including mergers, acquisitions and divestitures.
Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose
We may disclose this type of information to our Affiliates and to:
- Service Providers, including to social media companies that use the data only to identify which of our customers use their platforms so that we can deliver ads to you on the platform
- Third parties who deliver our communications, such as the postal service and couriers
- Third parties who assist us with address hygiene and fulfillment
- Other third parties as required by law
Government-issued Identification Numbers
Category and Sources of Personal Information
We collect this type of information from you when you voluntarily give it to us.
Representative Data Elements
Data elements in this category include:
- Social security number
- Driver’s license number
- Passport number
Purpose for Collecting and Sharing the Personal Information
We use this type of information:
- To identify you
- To maintain the integrity of our records
- For security and risk management, fraud prevention, and similar purposes
- For our Everyday Business Purposes
Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose
We may disclose this type of information to our affiliates and Service Providers and to:
- Our lawyers, auditors, consultants
- Other third parties as required by law
Biometric Identifiers
Category and Sources of Personal Information
We collect this type of information from you when you enroll in a biometric identity program or biometric payment solution.
Representative Data Elements
Data elements in this category include:
Purpose for Collecting and Sharing the PI
We use this type of information:
- To identify and authenticate you
- For security and similar purposes
Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose
We may disclose this type of information to our affiliates and Service Providers and to:
- Third parties who assist with our information technology and security programs
- Third parties who assist with fraud prevention, detection and mitigation
- Our lawyers, auditors and consultants
- Other third parties as required by law
Relationship Information
Category and Sources of Personal Information
We collect this type of information from:
- You
- Third parties that provide access to information you make publicly available, such as social media
- Third parties that provide information that helps us understand our customers, including data aggregators and public records providers.
We may also infer information about you based on information that you have given us and your past interactions with us and other companies.
Representative Data Elements
Data elements in this category include:
- Personal characteristics and preferences, such as your age range, marital and family status, shopping preferences
- Loyalty and rewards program data
- Household demographic data, including census data
- Data from social media profiles
- Hobbies and interests
- Propensity scores obtained from third parties (such as likelihood that you may be interested in certain purchases or experiencing life events)
Purpose for Collecting and Sharing the Personal Information
We use this type of information:
- To better understand you and to understand our customers generally
- To design products, services and programs that delight our customers, including loyalty programs
- To identify prospective customers
- For internal business purposes, such as quality control, training and analytics
- For our Everyday Business Purposes
Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose
We may disclose this type of information to our affiliates and Service Providers and to:
- Third parties with whom we have joint marketing and similar arrangements
- Our lawyers, auditors and consultants
- Other third parties as required by law
Transaction and Interaction Information
Category and Sources of Personal Information
We collect this type of information from:
- You
- Third parties that process transactions for us
Representative Data Elements
Data elements in this category include:
- Rewards program account information, qualification data, and related records
- Records related to use of our websites and apps
- Non-biometric data collected for consumer authentication (passwords, account security questions)
- Customer service records
- Visitor logs
Purpose for Collecting and Sharing the Personal Information
We use this type of information:
- To fulfill our business relationship with you, including customer service
- For recordkeeping and compliance, including dispute resolution
- For internal business purposes, such as finance, quality control, training, reporting and analytics
- For risk management, fraud prevention and similar purposes
- For our Everyday Business Purposes
Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose
We may disclose this type of information to our affiliates and Service Providers and to:
- Third parties with whom we have joint marketing and similar arrangements
- Third parties as needed to complete the transaction, including delivery companies, agents and manufacturers
- Our lawyers, auditors and consultants
- Customers, in connection with their audits of Astro
- Other third parties as required by law
Inferred and Derived Information
Category and Sources of Personal Information
We create inferred and derived data elements by analyzing our relationship and transactional information.
Representative Data Elements
Data elements in this category include:
- Propensities, attributes and/or scores generated by internal analytics programs and used for marketing
- Propensities, attributes and/or scores generated by internal analytics programs and used for information security and fraud purposes
Purpose for Collecting and Sharing the Personal Information
We combine inferred data with other relationship information and use this type of information:
- To better understand you and to understand our customers generally
- To design products, services and programs that delight our customers, including loyalty programs
- To identify prospective customers
- For internal business purposes, such as quality control, training and analytics
- For our Everyday Business Purposes
Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose
We may disclose this type of information to our affiliates and Service Providers and to:
- Third parties with whom we have joint marketing arrangements
- Our lawyers, auditors and consultants
- Other third parties as required by law
Online & Technical Information
Category and Sources of Personal Information
We collect this type of information from:
- You and from your computer or devices when you interact with our platforms, websites and applications. For example, when you visit our websites, our server logs record your IP address and other information.
- Automatically, via technologies such as cookies, web beacons, when you visit our website or other websites.
- Third parties, including computer security services and advertising partners.
We also associate information with you using unique identifiers collected from your devices or browsers.
Representative Data Elements
Data elements in this category include:
- IP Address
- Device identifiers and characteristics
- Advertising ID
- Web Server Logs
- First Party Cookies
- Third Party Cookies
- Web beacons, clear gifs and pixel tags
- Server log records
- Activity log records
Purpose for Collecting and Sharing the Personal Information
We use this type of information:
- For system administration, technology management, including optimizing our websites and applications
- For information security and cybersecurity purposes, including detecting threats
- For recordkeeping, including logs and records that maintained as part of Transaction Data
- To better understand our customers and prospective customers and to enhance our Relationship Information, including by associating you with different devices and browsers that they may use
- For online targeting and advertising purposes
- For our Everyday Business Purposes
Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose
We may disclose this type of information to our affiliates and Service Providers including to companies’ search engines that use the data collected by cookies and similar means to help us with our online advertising programs, and to:
- Third parties who assist with our information technology and security programs, including companies such as network security services who retain information on malware threats detected
- Third parties who assist with fraud prevention, detection and mitigation
- Third party network advertising partners
- Our lawyers, auditors and consultants
- Other third parties as required by law
We also disclose this information with your consent, if you explicitly allow us to place third party advertising cookies. To learn more and review your cookie settings, please read our Cookie Notice.
Audio Visual Information
Category and Sources of Personal Information
We collect this type of information from:
- You
- Third parties that provide access to information you make publicly available, such as social media
Representative Data Elements
Data elements in this category include:
- Photographs
- Video images
- Voicemails
Purpose for Collecting and Sharing the Personal Information
We use this type of information:
- For internal business purposes, such as call recordings used for training, coaching or quality control
- For relationship purposes, such as use of photos and videos for social media purposes
- For premises security purposes and loss prevention
- For our Everyday Business Purposes
Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose
We may disclose this type of information to our affiliates and Service Providers and to:
- Third parties who assist with our information technology and security programs, and our loss prevention programs
- Our lawyers, auditors and consultants
- Other third parties as required by law
Financial Information
Category and Sources of Personal Information
We collect this type of information from you, if you enroll in card-link offer programs from Astro or a co-promotion partner.
Representative Data Elements
Data elements in this category include:
Purpose for Collecting and Sharing the Personal Information
We use this type of information:
- To enable your transactions
- To provide offers and promotions you requested, including calculating rewards earned and for related account purposes
- For recordkeeping and compliance, including dispute resolution
- For internal business purposes, such as finance, audits, training, reporting and analytics
- For risk management, fraud prevention and similar purposes
- For our Everyday Business Purposes
Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose
We may disclose this type of information to our affiliates and Service Providers and to:
- Payment processors, financial institutions and others as needed to complete the transactions and for authentication, security and fraud prevention
- Our lawyers, auditors and consultants
- Customers, in connection with their audits of Astro
- Other third parties as required by law
Geolocation Data
Category and Sources of Personal Information
We collect this type of information automatically from your mobile device if you opt-in to allow us to collect it.
Representative Data Elements
Data elements in this category include:
- Precise location and GPS information
Purpose for Collecting and Sharing the Personal Information
We use this type of information:
- To provide the information, products or services requested
- For information security and fraud prevention
- For our Everyday Business Purposes
Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose
We may disclose this type of information to our affiliates and Service Providers and to:
- Third parties who assist with our information technology and security programs
- Third parties who assist with fraud prevention, detection and mitigation
- Our lawyers, auditors and consultants
- Other third parties as required by law
Compliance Data
Category and Sources of Personal Information
We collect this type of information from:
- You
- Third parties, including companies that help us conduct internal investigations
- Third parties, such as consumer reporting agencies and data aggregators who conduct background screening for us
Representative Data Elements
Data elements in this category include:
- Compliance program data, such as records maintained to demonstrate compliance with CCPA and other applicable laws
- Records related to consumer preferences, such as your opt-ins and opt-outs of marketing programs
- Records related to CCPA rights requests
Purpose for Collecting and Sharing the Personal Information
We use this type of information:
- To comply with and demonstrate compliance with applicable laws
- For legal matters, including litigation and regulatory matters, including for use in connection with civil, criminal, administrative, or arbitral proceedings, or before regulatory or self-regulatory bodies, including service of process, investigations in anticipation of litigation, execution or enforcement of judgments and orders
- For internal business purposes, such as risk management, audit, internal investigations, reporting, and analytics
- For our Everyday Business Purposes
Categories of Third Parties to whom this type of Personal Information is Disclosed for a Business Purpose
We may disclose this type of information to our affiliates and Service Providers and to:
- Our lawyers, auditors and consultants
- Marketing partners, in connection with their audits of Astro
- Other third parties (including government agencies, courts and opposing law firms, consultants, process servers and parties to litigation) in connection with legal matters
