ARROW REWARDS PRIVACY POLICY

Last Updated: July 8, 2024

This Arrow Rewards Privacy Policy explains how Arrow International (“Arrow”, “we”, “us”, “our”) collects, uses, and shares your personal information, and your choices in connection with this. This Privacy Policy (“Policy”) applies to collection of information through the web-based Arrow Rewards Application website http://www.arrowplayersclub.com (the “Web App”) and the mobile-based Arrow Rewards App (the “Mobile App”) (collectively, the “Apps”), to check-in at on-site Arrow locations, or check-in onsite using an kiosk, enter into giveaways through your use of the Web App or Mobile App, and sign up for the Arrow Rewards Program (the “Program”) and receive points (collectively, the “Services”). Participation is voluntary, and you can remove yourself from the Program by deleting your account. Deleting your information is permanent and cannot be undone.

1. Introduction

We collect personal information, as further described below, directly from you and automatically as you engage with our Services. “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person.

2. Personal Information We Collect, How We Use It, How Long We Keep It, and How We Share It

We collect personal information as you engage with our Services.

If you use the Apps, this includes when you:

• Create a Mobile App and/or Web App Profile. When you create a profile in the Apps (an “App Profile”), we collect from you your personal identifiers (first name, last name, date of birth, email address, phone number, address). We use this personal information to set up your App Profile and facilitate your use of the App, which allows you to check-in (explained below), earn Rewards points, and participate in giveaways.

• Check-in using the Apps or a Kiosk at an Arrow location to accumulate Rewards Points. Arrow collects your internet and other electronic information (Device ID) and geolocation to confirm you are physically present at the location by geo-fencing. After one hour has elapsed since your last check-in, you can check in again. Each check-in will allocate a certain number of additional points to your Rewards Program profile. When you check-in at a location, your App Profile information is shared with the location, which may use this information to send you marketing and other promotional materials by email and (if you opt-in) text message. See the “Subscribe to Marketing Messages” section for additional information on these promotional messages. We will only enter you into the Rewards Program if you Check-in to a location. You can revoke your consent at any time by emailing us: [email protected]. The number of check-ins from your App Profile will determine your number of Rewards Points, which will determine your Member Status Level, and in turn, will impact the number of entries you will have to certain giveaways.

• Subscribe to E-mail Messages. When you are added to our email marketing list, we collected your personal identifiers (name, email address, and ZIP code) from you. Arrow and/or the location at which you have checked-in will use this personal information to send you promotional emails about updates relating to the Program and Services, including giveaways. We will share your identifiers (name and email address) with our email service provider to send you these marketing messages. You can unsubscribe to marketing emails at any time by clicking on the “unsubscribe” link in each email. Please note that we will continue to send you notifications necessary to provide the Services or requested products or services. Our communications contain tracking technologies, to analyze whether a predefined action took place by a recipient, such as opening our communications and other engagement metrics such as timestamps, delivery status, whether an email was forwarded, clicks within an email, as well as sender and recipient addresses to better adapt and distribute our communications. When you opt-in to our marketing communications, you will be automatically opted in to the use of these technologies. You can also avoid downloading the pixel by rejecting the download of images in the email. We retain support-related emails for 180 days; all other emails are retained for 180 days. If you opt in to receive recurring, automated promotional text messages from us to the telephone number provided, you can opt out at any time by replying STOP to any text message and can reply HELP for help. Message frequency varies. Message and data rates may apply. For additional information, please see Arrow’s Terms and Conditions. If you opt in to receive recurring, automated transactional messages from us to the telephone number provided, you can opt out at any time by replying STOP to any text message and can reply HELP for help. Message frequency varies. Message and data rates may apply. For additional information, please see Arrow’s Terms and Conditions.

• Interact with the Web App and Mobile App. When you interact with the Web App or Mobile App, we use essential, performance, and analytics trackers (cookies, pixels, web beacons, SDKs, and other similar technologies) to: (i) enable the Web App or Mobile App to function properly; (ii) track you within the Web App or Mobile App; (iii) enhance user experience; (iv) conduct analytics to improve the Web App or Mobile App; (v) prevent fraudulent use of the Web App or Mobile App; and (vii) diagnose and repair technical errors with the Web App or Mobile App and, in cases of abuse, track and mitigate the abuse. Thus, these trackers might store information about you, your preferences, or your device, such a usage information (information about your interaction with our website and online content, such as pages visited, frequency of access, time spent on each page, and referring website details), location information (i.e., zip code, city/state, which may be determined through your IP address), and device information (hardware model, operating system, browser, and device preferences). You cannot reject essential trackers as they are necessary for the Web App and Mobile App to function.

3. Data Retention

We use the following criteria to determine whether it remains reasonably necessary to retain your personal information for one or more disclosed operational purpose, or a service provider or contractor’s operational purpose(s): (i) whether there is a retention period required by statute or regulations (for example: (a) pursuant to state law on Sweepstakes, Arrow must retain information regarding sweepstakes participation and winnings, such as, the name and address of each winner, a description of each prize won, and the date the prize or notice of receipt of prize was delivered to each winner, for at least six (6) months following the end of the sweepstakes, and;  (b) the information of the participants that “opt-in” to text messages will be retained for at least two (2) years from the opt-in date); (ii) the existence of actual or threatened litigation for which we are required to preserve the information; (iii) the statutes of limitations for potential legal claims; and (iv) generally accepted best practices in our industry, including related to safety and security of our properties and assets. When we determine that it is no longer reasonably necessary to retain your personal information for one or more disclosed operational purposes based on the above criteria, we will delete your personal information.

4. Information Sharing
   A) General Information Sharing

In addition to the specific third-party sharing outlined above, Arrow shares personal information in the following general scenarios:

• Within Arrow: If you consent, we will share your information within Arrow for legitimate business purposes, to the extent permitted by law, in order to efficiently carry out our business. We will also share your information with other Arrow locations as part of the Rewards Program.
• With service providers: We share your personal information with our service providers that assist us in providing the Services, such as our IT support, website, email, and text message marketing providers, customer service providers, data analytics providers, communications providers, geolocation service providers, and cloud and hosting providers. These third-party service providers have access to personal information needed to perform their services, but may not use it for other purposes.
• In the event of a corporate reorganization: In the event that we enter into, or intend to enter into, a transaction that alters the structure of our organization, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our assets, we would share your personal information with third parties, including the buyer or target (and their agents and advisors) for the purpose of facilitating and completing the transaction. We will also share your personal information with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings. We will acquire consent where required by law.
• For legal purposes: We will share your personal information where we are legally required to do so, such as in response to tax obligations, regulatory requirements, court orders, law enforcement or legal process, including for national security purposes; to establish, protect, or exercise our legal rights, as required to enforce our terms of use or other contracts; to defend against legal claims or demands; to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person; or to comply with the requirements of any applicable law.
• With your consent: Apart from the reasons identified above, we may request your permission to share your personal information for a specific purpose. We will notify you and request consent before you provide the personal information or before the personal information you have already provided is shared for such purpose. You may revoke your consent at any time with effect going forward.
  
  B) Information Sharing in the Last Twelve (12) Months

For a Business Purpose. 

In the preceding twelve (12) months, Arrow has disclosed the following categories of personal information for a business purpose to the following categories of third parties:

• We have disclosed your personal identifiers, internet and other network activity information, geolocation data, commercial information, and customer records information to service providers that perform services on our behalf. These service providers include IT support, website, email, and text message marketing providers, customer service providers, communications providers, geolocation service provider, and cloud and hosting provider, and email provider.
• We have disclosed your internet or other electronic network information to our IT support to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to identify and repair website errors that impair functionality.

We have disclosed your internet or other electronic network information, commercial information, and location information to our IT support and data analytics providers to maintain, improve, and upgrade the Web App and Mobile App.

5. Your Information Choices

In addition to the specific information choices outlined above, you have more options as to how your information is used in the following scenarios:

• Location settings: You can prevent your mobile device from sharing your location data by adjusting the permissions on your mobile device or within the Services.
• Push notifications: If you have enabled push notifications, you may disable these at any time by updating your device settings.

6. Rights of Consumers

If you reside in a US State that provides rights to you in relation to our processing of your personal information, you are entitled to the following rights:

• Right to Access/Know. You have the right to request categories and/or specific pieces of personal information we have collected, used, disclosed, and sold about you, unless an exception applies. For California residents, you may only make a request for access twice within a 12-month period.

• Right to Deletion. You have the right to request the deletion of your personal information that we collect or maintain, subject to certain exceptions. For example, if we are required by law to retain the information that you are asking to be deleted, we would not be able to delete the information until we are legally permitted to delete it. You can do this by choosing the account deletion option in your account. Deleting your information is permanent and cannot be undone.

• Right to Non-Discrimination. You have the right to not receive discriminatory treatment if and when you exercise your rights to access, delete, opt out, correct, or limit use of sensitive personal information, as applicable.

• Right to Correct. You have the right to correct inaccurate personal information that we collect or maintain.

7. Exercise Your Rights

If you wish to exercise your privacy rights, you may submit a request by emailing us at [email protected].

For requests submitted, you must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the personal information and describe your request with sufficient detail to allow us to properly evaluate and respond to it.  For all requests, this information includes full name and email address. If we are not able to verify your identity with the information provided, we may ask you for additional pieces of information, including, for example, details of your relationship with us (e.g., nature of relationship, date of last contact, etc.).

If you are using an authorized agent to submit a privacy request, please provide written permission, signed by the consumer, authorizing the agent to submit the request. 

8. Nevada Residents

If you are a consumer in the State of Nevada, you may request to opt-out of the current or future sale of your personal information. We do not currently sell any of your personal information under Nevada law, nor do we plan to do so in the future. However, you can submit a request to opt-out of future sales by contacting us at [email protected] regarding the sale of such information. Please include “Opt-Out Request Under Nevada Law” in the subject line of your message.

9. Information Security

We implement and maintain reasonable security measures, such as access controls and encryption, to protect the personal information we collect and maintain. However, no security measure or modality of data transmission over the Internet is 100% secure and we are unable to guarantee the absolute security of the information we have collected from you.

10. Protection of Children's Personal Information

The Services are not intended for individuals under the age of eighteen (18) years. If we learn that we have collected or received personal information from individuals under the age of eighteen (18), we will delete the personal information. If you believe we have personal information on individuals under the age of eighteen (18), please contact us at the contact information provided below.

11. Policy Changes and Applicability

Arrow reserves the right to change this Privacy Policy at any time. If we make changes, we will post the changes to this page, and will indicate the date the changes go into effect. We encourage you to review our Privacy Policy to stay informed. If we make changes that materially affect your privacy rights, we will notify you via email and/or by prominently posting notice on the Services and obtain your consent, if required.

Our Privacy Policy applies only to Arrow and not to other companies' or organizations’ sites to which we link or to which you otherwise provide your information during your relationship with us. 

12. Contact information

All comments, queries and other requests relating to our use of your Personal Information should be addressed to [email protected].