Is RevTrax violating FaceBook privacy policy? #facebook @RevTrax #privacy

I just read an article Web Coupons Know Lots About You, and They Tell in the New York Times about RevTrax, it stated the following:

“When someone joins a fan club, the user’s Facebook ID becomes visible to the merchandiser,” Jonathan Treiber, RevTrax’s co-founder, said. “We take that and embed it in a bar code or promotion code.”

“When the consumer redeems the offer in store, we can track it back, in this case, not to the Google search term but to the actual Facebook user ID that was signing up,” he said. Although Facebook does not signal that Amy Smith responded to a given ad, Filene’s [Basement] could look up the user ID connected to the coupon and “do some more manual-type research — you could easily see your sex, your location and what you’re interested in,” Mr. Treiber said. (Mr. O’Neil said Filene’s did not do this at the moment.)

RevTrax says that is because it handles data for the retailers and does not directly interact with consumers. RevTrax can also include retailers’ own client identification numbers (Amy Smith might be client No. 2458230), then the retailer can connect that with the actual person if it wants to, for example, to send a follow-up offer or a thank-you note.

Isn’t this in direct violation of policy if the user joins as a fan?

II.8.
If you offer a service for a user that integrates user data into a physical product (such as a scrapbook or calendar), you must only create a physical product for that user’s personal and non-commercial use.^[1]

III.3.
You must not give data you receive from us to any third party, including ad networks.^[1]

6.a.
You may not give data you receive from us to any third party, including advertising networks.^[2]

… with respect to the Statement of Rights and Responsibilities clause 9.2.4, if the user de-authorizes, disconnects, or otherwise disassociates from your application, the permission to “store indefinitely” is rescinded for all user data you received from Facebook except for the User ID. In that event you can retain the User ID indefinitely (so that you can recognize the returning user, identify who created Independent Data in your application, or for other purposes limited to use related to your application), but all other user data you received from Facebook must be deleted as soon as possible (and in no case longer than 24 hours after you received it).^[3]

It looks like they store the data offline, in a commercial product a coupon. And they share the data with a third party.