Updated September 20, 2022
In addition, for certain products and services, your financial institutions, the merchants where you make a transaction, or other partners may provide us with more information about you, or we may collect it directly from you to provide you with those products and services on their behalf, support their business or perform processing activities on their behalf.
In the above situations, we act on behalf of and under the instructions of financial institutions, merchants and other partners which act as data controllers. Unless otherwise authorized by law, we will process your Personal Information to process payment transactions or for the purposes agreed between Astro and the financial institutions, merchants and other partners. Please refer to their respective privacy policies for more information regarding the processing of your Personal Information.
By registering a payment card in connection with transaction monitoring, you authorize Astro to share your payment card information with Visa, Mastercard, and AMEX (Payment Networks) so it knows you enrolled. You authorize Mastercard, Visa, and AMEX to monitor transactions on your registered card(s) to identify qualifying purchases in order to determine whether you have qualified for or earned an offer linked to your payment card, and for Visa, Mastercard, and AMEX (Payment Networks) to share such transaction details with Astro and participating merchants to enable your card-linked offer(s) and provide offers that may be of interest to you. You may opt-out of transaction monitoring on the payment card(s) you have registered by navigating to your settings menu to remove your linked card(s).
You acknowledge that Visa, Mastercard, and AMEX may be unable to monitor every transaction made with your enrolled Visa, Mastercard, and AMEX including PIN-based purchases on debit cards, purchases you initiate through identification technology that substitutes for a PIN, or transactions that are not processed or submitted through the Visa U.S.A. or MasterCard, AMEX payment systems, and that these transactions are not eligible. You may opt-out of this monitoring at any time by selecting ‘Account’ from the home screen of your Astro and deleting your registered card(s). If you register a debit card, your transaction must be processed as a ‘credit’ (i.e., signature) transaction to make sure the transaction can be monitored. Do not use a Personal Identification Number (PIN) when paying for your purchases with your enrolled card if you want the transaction to be available for view or action on the Astro App.
Not all Visa, MasterCard, and American Express cards are eligible for registration - including PIN based purchases on debit cards. Visa, MasterCard, and American Express Corporate cards, Visa, MasterCard, and American Express Purchasing cards, non-reloadable prepaid cards, government-administered prepaid cards (including EBT cards), healthcare (including Health Savings Account (HSA) or Flexible Spending Account (FSA) or insurance prepaid cards, Visa Buxx, and Visa-, MasterCard-, and American Express-branded cards whose transactions are not processed through the Visa payment system, MasterCard payment system, and/or American Express payment system are not eligible to participate.
Astro may provide you directly with products and services such as marketing programs, rewards programs, prepaid services, location alert programs, and biometric authentication tools. To benefit from one or more of these products and services, you can submit information to us directly via various means including: (i) on our websites and digital assets, (ii) in response to marketing or other communications, (iii) by signing up for an Astro product or service, or (iv) through your participation in an offer, program or promotion. We may also obtain Personal Information about you through your use of our products or services, from companies that use or facilitate our products or services, from publicly available sources, or from third party partners. Your Personal Information may also be passed on to us by your financial institution, merchant or other business partners.
Below is an overview of the types of Personal Information we may collect in relation to programs we offer directly to you. Each program differs, so where applicable, please refer to the relevant program-specific privacy notice for more information on the use of your Personal Information for that specific program.
In addition, we may collect or use Personal Information for fraud prevention and monitoring, risk management, dispute resolution and other related purposes. Such information may include identifiers, commercial information, and Internet or other electronic network activity information, such as the personal account number, merchant’s name and location, date and total amount of the transactions, IP address, fraud score, location data, merchant details, items purchased and information about the dispute.
We, our service providers and partners may collect certain information about you via automated means such as Internet or other electronic network activity information, cookies, and web beacons when you interact with our ads, mobile apps, or visit our websites, pages or other digital assets. The information we collect in this manner may include: IP address, browser type, operating system, mobile device identifier, geographical area, referring URLs and information on actions taken or interaction with our digital assets. A "cookie" is a text file placed on a computer’s hard drive by a web server. A "web beacon," also known as an Internet tag, pixel tag or clear GIF, is a technology that helps us identify when content has been accessed or visited. For more information about cookies and how we use them, see our Cookie Notice.
We use this information to improve our online products and services by assessing how many users access or use our online products and services, which content, products and features of our online products and services most interest our visitors, what types of offers our customers like to see and how our online products and services perform from a technical point of view. For instance, we may use third-party web analytics services on our websites and mobile apps, such as those of Google Analytics or Amplitude. The analytics providers that administer these services use technologies such as cookies and web beacons to help us analyze how visitors use our websites and apps.
We, our service providers and partners may also collect information about you in connection with our marketing activities, including offers, sweepstakes, contests and promotions. The information collected for these purposes may include identifiers and your contact information (e.g., name, postal address, email address, phone number), electronic identification data (e.g., username, password, security questions, IP address), and data collected in the context of online marketing programs, including commercial information, Internet or other electronic network activity information, geolocation data, and inferences drawn from Personal Information (e.g., personal characteristics, life habits, consumption habits, interests, location data, and voice and image recordings).
We, our service providers and partners may also collect information about you to provide you with content and advertising tailored to your individual interests based on inferences drawn from Personal Information. The information collected for these purposes may include Internet or other electronic network activity information, such as details about things like the particular pages or ads you view on our websites and apps and the actions you take on our websites and apps.
In addition, some of our online products and services include advanced fraud prevention technology using behavioral-based data or biometric information, such as keystroke timing, device accelerometer, scroll position and mouse-location.
Where required under applicable law, we obtain your consent prior to using the above automated means, and prior to sending you marketing communications, tailored content and advertising.
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, Astro does not respond to web browser-based DNT signals at this time. To learn more about browser tracking signals and DNT, visit http://www.allaboutdnt.com.
We may collect Personal Information from individuals working for one of our business partners (including financial institutions, merchants, customers, suppliers, vendors and other partners), including identifiers, name, job title, department and name of organization, business email and postal addresses, business telephone number, queries, answers to security questions, security passwords and other credentials. We may use this information to provide products and services directly to financial institutions, corporate clients, merchants, customers and partners, to manage our business relationships and financial reporting, for franchise development and integrity, to protect us from financial crime, to improve our service, for marketing and to comply with applicable law, as well as for accounting, auditing and billing purposes.
For your convenience, Astro offers you the ability to access some of our products and services through mobile applications and mobile-optimized websites ("Astro Mobile"). When you interact with us through Astro Mobile, we may collect information such as unique device identifiers for your mobile device, your screen resolution and other device settings, information about your location, and analytical information about how you use your mobile device. We may ask your permission before collecting certain information (such as precise geo-location information) through Astro Mobile.
We may use Personal Information we obtain about you for the purposes set out below. Depending on the country in which you are located, we will only process your Personal Information, when we have a legal basis for the processing as identified in the table below. However, please note that even though the chart below does not list consent as a legal basis for each processing activity, in some countries consent is the only legal basis for the processing of Personal Information, and in those countries we rely on consent for all processing activities.
In most cases, we process your payment transactions as a processor on behalf of your financial institutions, merchants and other partners which act as data controllers. When we act as a processor, controllers are responsible for ensuring a legal basis for the processing of your Personal Information. Please refer to their respective privacy policies for more information regarding the processing of your Personal Information in these contexts.
In some limited cases (e.g., chargebacks), we may process your payment transactions as a controller, provided that:
When we process Personal Information for fraud and cyber threat prevention, we may act as a controller or as a processor. When we act as a controller, we rely on one of the following legal grounds:
Where required under applicable law, we have carried out balancing tests for the data processing based on our or a third party’s legitimate interests to ensure that such legitimate interest is not overridden by your interests, fundamental rights or freedoms. For more information on our balancing tests, you may contact us as described in the "How to Contact Us" section below.
We will not subject you to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, unless you explicitly consented to the processing where required under applicable law, the processing is necessary for entering into, or performance of a contract between you and Astro, or when we are legally required to use your Personal Information in this way, for example to prevent fraud.
If you provide us with any information or material relating to another individual, you must make sure that the sharing with us and our further use as described to you from time to time is in line with applicable laws, so for example you should duly inform that individual about the processing of her/his Personal Information and obtain her/his consent, as may be necessary under applicable laws.
We may also share your Personal Information:
You have certain rights regarding the Personal Information we maintain about you and certain choices about what Personal Information we collect from you, how we use it, and how we communicate with you.
If you are located in California, we will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights, except where the different price or level of quality of good or service is reasonably related to the value of the data that we receive from you. In some instances, we may not be able to provide you with the good or service that you request if you choose to exercise certain rights.
You can choose:
Note that this list may not be exhaustive, which means that you may have additional rights in accordance with your local laws. In addition, the above rights may be limited in some circumstances by local law requirements.
To update your preferences, ask us to remove your information from our mailing lists or submit a request to exercise your rights under applicable law, contact us as specified in the "How To Contact Us" section below.
If we fall short of your expectations in processing your Personal Information or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time and as required under applicable law.
The security of your Personal Information is important to Astro. We are committed to protecting the information we collect. We maintain reasonable administrative, technical and physical safeguards designed to protect the Personal Information you provide or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We use SSL/TLS encryption on our website and the Astro Mobile App from which we transfer certain Personal Information.
We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrollment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
Our websites may provide links to other websites for your convenience and information. Our website may also contain certain features for which we partner with other entities. These entities may learn of your visit regardless of whether you use these features. These websites and features, which may include social networking and geo-location tools, operate independently from Astro, and are clearly identified as such. To the extent any linked websites or features you visit or use are not owned or controlled by Astro, we suggest that you review the privacy practices of the websites.
Astro may offer you the possibility to share, link to, or mention things on social media about Astro’s products and services. When you visit a website with a social media button, your browser establishes a direct connection to that social media provider, and data concerning your visit, including IP address, is transferred to the social media provider. If you have an account with the social media provider, the provider may link your visit to your account, even if you are not logged into this account.
You may also choose to use certain features on our websites that can be accessed through, or for which we partner with, other entities that are not otherwise affiliated with Astro. These features, including geo-location tools, are operated by third parties and are clearly identified as such. Social media providers such as Facebook and Twitter, and these other third parties, are independent from Astro and do not necessarily share the same policy as Astro regarding the protection of privacy. Please review their privacy notices if you decide to use their services and consult your social media account settings if you want to deactivate certain features.
Astro Financial, Inc. – Privacy Office
4136 Del Rey Avenue, Suite 612
Marina del Rey, California 90292
If you are located in California, to exercise your rights under the CCPA, you may email us at: email@example.com.
For inquiries about card purchases, you should contact your financial institution or merchant. More information about how to contact them can be found on their respective websites.