BI WORLDWIDE (“BIW” or “BI WORLDWIDE”)provides services to businesses located around the world and maintains the following data privacy practices to ensure BIW processes Personal Information in compliance with applicable data privacy laws

Capitalized terms in this Privacy Policy have the following meanings:

"Individual(s)"means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to their personal physical, psychological, mental, economic, cultural or social characteristics. In some countries such as Switzerland, a legal entity may also be defined as an Individual.

"Personnel”means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of BI WORLDWIDE or any of its affiliates or subsidiaries.

“Personal Data”means data that personally identifies or may be used to personally identify a person, including an individual’s name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and identification numbers. Personal Data does not include data that is de-identified, anonymous, or publicly available. For Switzerland, the term “person” includes both a natural person and a legal entity, regardless of the form of the legal entity.

“Sensitive Data”means Personal Data that discloses a Data Subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership. “Third Party” means any individual or entity that is neither BI WORLDWIDE nor a BI WORLDWIDE employee, agent, contractor, or representative.
Processing of Personal Information by BIW about an Individual, regardless of that Individual’s country of residence
BI WORLDWIDE (BIW) has designated its legal department, data privacy managers, and information security officers (“Security and Privacy Team”) to oversee its information security and privacy programs. BIW’s Security and Privacy Team shall review and approve any material changes to its information security and privacy programs as necessary. Any questions, concerns, or comments regarding this Privacy Policy may be directed to Privacy.Office@biworldwide.com

BIW will maintain, monitor, test, and upgrade information security policies, procedures, and systems to protect the Personal Information that it collects.
BIW personnel will receive regular data privacy training to effectively implement this Privacy Policy
BI WORLDWIDE collects Personal Data directly from Individuals when they register with one of our websites, login to their account, participate in reward and recognition programs, participate in meetings, events, and travel programs, redeem award points for individual travel or merchandise, request information, or otherwise communicate with us. BI WORLDWIDE also receives Individual Personal Data indirectly from its business customers in its role as a service provider. In our capacity as a service provider, we will receive, store, and/or process Personal Data. In such cases, we are acting as a “data processor” and will process the Personal Data on behalf of, and under the direction of our customers acting as a “data controller”. The Personal Data that we collect from individuals in this capacity is used to provide services to the individual as requested by the data controller.

The Personal Data that we collect may vary based on the Individual’s interaction with one or more of our websites used to provide the services as agreed under contract with our business customers. In general, BI WORLDWIDE collects the following types of Personal Data either directly from Individuals, or indirectly from BI WORLDWIDE business customers: contact information, including, a contact person's name, work email address, work mailing address, delivery address for merchandise award delivery, work telephone number, title, and company name. Individuals have the option to log into their accounts online and request assistance via an online form or through a live support option such as chat or telephone, collectively “Portals”. In such cases, we will collect information that they choose to provide to us through these Portals.

When Individuals use our services online, we will collect their IP address and browser type. The information that we collect from Individuals is used for providing services, managing transactions, reporting, other operations related to providing services and products to the Individual and/or to a BI WORLDWIDE business customer in accordance with their contract.

BI WORLDWIDE uses Personal Data that it collects directly from Individuals, or indirectly from our customers in our role as a service provider for the following business purposes, without limitation:

    1. delivering and providing the requested products/services, and complying with its contractual obligations related thereto (including managing transactions, reporting, and other operations related to providing services to our customers and Individuals);
    2. satisfying governmental reporting, tax, and other requirements (e.g., import/export);
    3. storing and processing data, including Personal Data, in computer databases and servers located in the United States;
    4. verifying identity (e.g., for online access to accounts);
    5. as requested by the Individual;
    6. for other business-related purposes permitted or required under applicable local law and regulation, and
    7. as otherwise required by law.

BI WORLDWIDE does not disclose Personal Data to third parties for purposes that are materially different than as specified as the original purpose. Should this change in the future, we will provide affected individuals with the option to opt-out.
BI WORLDWIDE discloses relevant Personal Data only to a Third Party who reasonably needs to know such Personal Data, and only under a contract with the Third Party that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the Individual(s) and for no other purpose. Third Party recipients of Personal Data must agree to provide at least the same level of protection as required of BI WORLDWIDE within contracts with our business partners and must notify BI WORLDWIDE if they determine that they can no longer meet this obligation. The Third Party contract must provide that when such a determination is made, the Third Party must cease processing or take other reasonable and appropriate steps to remediate.

BI WORLDWIDE may provide Personal Data to Third Parties that act as agents, consultants, and contractors to perform tasks on behalf of and under our instructions. For example, BI WORLDWIDE may store such Personal Data in facilities operated by Third Parties. Such Third Parties must agree to use such Personal Data only for the purposes for which the Third Party has been engaged by BI WORLDWIDE and they must enter into a Data Protection Agreement that includes all applicable requirements for legal transfers and processing of Personal Data.

BI WORLDWIDE also may disclose Personal Data for other purposes or to a Third Party when a Data Subject has consented to or requested such disclosure. Please be aware that BI WORLDWIDE may be required to disclose an individual's personal information in response to a lawful request by public authorities such as for national security or law enforcement requirements. BI WORLDWIDE is liable for appropriate onward transfers of personal data to a Third Party.
In general, BI WORLDWIDE does not process Sensitive Data. However, within specific services provided by BI WORLDWIDE, and as contractually required and directed by a BI WORLDWIDE business customer, some Sensitive Data may be processed. In such cases, Individuals will be provided with information to explain why that data is required and the Individuals’ explicit consent will be obtained unless other legal grounds exist for the processing of Sensitive Data.
BI WORLDWIDE uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate. BI WORLDWIDE has implemented reasonable physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. BI WORLDWIDE also employs access restrictions and has limitations on the scope of Personnel who have access to Personal Data. Further, BI WORLDWIDE uses secure encryption technology to protect certain categories of personal data. Despite these precautions, no data security safeguards guarantee 100% security all of the time.
BI WORLDWIDE notifies Individuals about its privacy practices within a Privacy Notice available via each applicable website hosted by or on behalf of BI WORLDWIDE.
BI WORLDWIDE personnel are bound by confidentiality and nondisclosure agreements and data processing agreements and may only process Personal Data if their job functions require it, they are authorized to do so, and only for the purpose required.
  1. Right to Access.. Individuals have the right to know what Personal Data about them is included in the databases and to ensure that such Personal Data is accurate and relevant for the purposes for which it was collected. Upon reasonable request and in accordance with applicable data privacy laws, Individuals may have their Personal Data corrected or amended if inaccurate. When making or requesting modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information
    1. To request modifications to Personal Data, or have it deleted, Individuals should contact the Data Controller as described within the Privacy Notice published on the website containing their Personal Data.3
    2. If the website does not include a Privacy Notice with contact information of the Data Controller, the Individual may submit their written request, along with the URL of the website containing their Personal Data, via email to: Privacy.Office@biworldwide.com.
  2. Requests for Personal Data. BI WORLDWIDE will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from the Data Subject.
  3. Satisfying Requests for Access, Modifications, and Corrections. BI WORLDWIDE will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or delete Personal Data.
This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will make employees aware of changes to this policy either by posting to our intranet, through email, or other means. We will notify affected Individuals if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.
Individuals may contact BI WORLDWIDE with questions or complaints concerning this Policy at the following email address: Privacy.Office@biworldwide.com.
BI WORLDWIDE commits to investigate and resolve complaints about privacy and our processing of Personal Data at no cost to the Individual. Individuals with questions or concerns about the use of their Personal Data should contact us at: Privacy.Office@biworldwide.com. Individuals may bring a complaint directly to BI WORLDWIDE, and BI WORLDWIDE will respond to the complaint within 45 days.

If an Individual’s question or concern cannot be satisfied through this process BI WORLDWIDE has further committed to refer unresolved privacy complaints to a neutral third-party data privacy mediator recommended by the chamber of commerce applicable to the jurisdiction where the Individual resides.

Finally, as a last resort, BI WORLDWIDE will commit to binding arbitration through the appointment of a neutral data privacy arbitrator recommended to BIW by the chamber of commerce applicable to the jurisdiction where the individual resides and the Individual and BIW submit the dispute to such arbitrator for final determination of the dispute. The arbitrator shall be authorized to decide the data privacy dispute and award arbitration costs to the prevailing party, if any, but shall not have authority to award monetary damages. The decision of the arbitration neutral shall be final and not subject to appeal.