THE UNITED STATES PLAYING CARD COMPANY
YOUR PRIVACY IS IMPORTANT TO US
At The United States Playing Card Company, we strive to honor the privacy and security of our users, customers and suppliers, as well as their representatives, in relation to all products, services, applications and websites provided by The United States Playing Card Company, or any of its affiliates (“USPC”), when acting as a Controller under relevant data protection rules and regulations.
This Privacy Statement describes our privacy practices as required by the General Data Protection Regulation (“GDPR”) (EU) (2016/679) and other applicable data protection laws (collectively “Privacy Laws”). This Privacy Statement applies where USPC is acting as a Data Controller with respect to the Personal Data of our customers, employees, website users, partners and service providers. In other words, this Privacy Statement applies where we determine the purposes and means of the processing of Personal Data.
PERSONAL DATA WE COLLECT ABOUT YOU
When you complete a transaction, submit a request, set up an account, apply for a position, visit our Sites, etc., with any USPC entity, you may be asked to provide certain information, including, but not limited to, your name, title, company, address, phone number, e-mail address, credit card information, and line of business. You may also be providing us with data regarding your devices including, your IP address, your geolocation, your data usage, your client or supplier account, etc. In limited circumstances, we may collect information related to you, and your family members, such as age, gender and civil status. This information and data may be Personal Data under applicable Privacy Laws.
WHY WE PROCESS YOUR PERSONAL DATA, LEGAL BASES FOR PROCESSING AND RETENTION
Please consult the table below to see the categories of Personal Data we may collect about you, why we process (collect, use, store, etc.) your Personal Data, the legal grounds for such processing (where applicable) and the relevant maximum retention period.
|Purpose||Categories of Personal Data||Legal Bases for Processing (if required by applicable Privacy Laws)||Retention Period (max*)|
|Customer Management (including provision of services, invoicing, customer support; account management, personalizing your experience on our sites, etc.)||Identification data (name, address, telephone, etc.)Electronic identification data (e-mail, IP-addresses, geolocation, website usage data, cookies, etc.)Financial characteristics (bank account number, credit card details, etc.)Personal characteristics of data subjects and, in some cases family members (age, gender, civil status, etc.||Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract Legal obligation to process your dataProper administration of our website and business||Up to 10 years after date of last order or end of contract, unless longer period required by law or for litigation|
|Direct Consumer Sales (including provision of services, invoicing, customer support, account management, personalizing your experience on our sites, etc.)||Identification data (name, address, telephone, etc.)Electronic identification data (e-mail, IP-addresses, geolocation, website usage data, cookies, etc.)Financial characteristics (bank account number, credit card details, etc.)Personal characteristics of data subjects and, in some cases family members (age, gender, civil status, etc.)||Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract Legal obligation to process your dataProper administration of our website and business||Up to 10 years after date of last order or end of contract, unless longer period required by law or for litigation|
|Know your customer (including anti-fraud, anti-money-laundering, etc.||Identification data (name, address, telephone, etc.)Electronic identification data (e-mail, IP-addresses, geolocation, website usage data, cookies, etc.) Financial characteristics (bank account number, credit card details, etc.)Personal characteristics of data subjects and, in some cases family members (age, gender, civil status, etc.)||Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract Proper administration of our website and business||Up to 10 years after date of last order or end of contract, unless longer period required by law or for litigation|
|Direct marketing (including email marketing communications including promotions, marketing campaigns, surveys, etc.)**||Identification data (name, address, telephone, etc.)Electronic identification data (e-mail, IP-addresses, geolocation, website usage data, cookies, etc.)||With your consent/opt-in where requiredPerformance of a contract between you and us and/or taking steps, at your request, to enter into such a contract Proper administration of our website and business||Until you withdraw consent to direct marketing communications or your information is no longer needed for marketing purposes.|
|Supplier management (including accounting, etc.)||Identification data (name, address, telephone, etc.)Financial characteristics (bank account number, credit card details, etc.)Electronic identification data (e-mail, IP-addresses, geolocation, website usage data, cookies, etc.)Personal characteristics of data subjects and, in some cases family members (age, gender, civil status, etc.||Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract Proper administration of our website and businessLegal obligation to process your data|
|Maintaining the security of our people and assets||Identification data (name, address, telephone, etc.)Electronic identification data (e-mail, IP-addresses, geolocation, website usage data, cookies, etc.)Financial characteristics (bank account number, credit card details, etc.)Personal characteristics of data subjects and, in some cases family members (age, gender, civil status, etc.)||Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract Legal obligation to process data securelyOur legitimate interests in the proper administration of our website and business|
|Legal Compliance and Litigation management||Identification data (name, address, telephone, etc.)Electronic identification data (e-mail, IP-addresses, geolocation, website usage data, cookies, etc.)Financial characteristics (bank account number, credit card details, etc.)Personal characteristics of data subjects and, in some cases family members (age, gender, civil status, etc.)||Processing necessary for the establishment, exercise or defense of legal claims or obligations. Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract Legal obligation to process dataProper administration of our website and business||Up to 10 years after legal compliance or other obligation ends or after final resolution of litigation|
|Product/service improvement & business intelligence||Your consentProper administration of our website and business||Up to 10 years from product discontinuation|
* Retention periods vary depending on the type of document containing the Personal Data. For more information regarding the retention periods, please contact us at Data Privacy Inquiry
** If you wish to object to the use of your Personal Data for these purposes, see the “Your Rights Regarding Access To and Control Over Personal Data” section below.
We will keep your Personal Data while we are providing our products and services to you. Thereafter, we will keep your Personal Data for one of these reasons: (a) to respond to any questions, complaints or claims made by you or on your behalf; (b) to show that we treated you fairly; (c) for the proper administration of our business; and/or (d) to keep records as required by law.
We will not retain your Personal Data for longer than necessary for the purposes for which it was collected as set out in this Privacy Statement. In determining data retention periods, we take into consideration local laws, contractual obligations, our reasonable business requirements, and your expectations and requirements. When it is no longer necessary to retain your Personal Data, we will securely delete it or anonymize it.
HOW WE SHARE YOUR PERSONAL DATA
Your Personal Data may be shared with others as described below:
- We may disclose your Personal Data to any member of our group of companies, affiliates, resellers, suppliers, and service providers, including advertising networks, as reasonably necessary for the purposes, and on the legal bases, set out in this Privacy Statement. While we do not consider such disclosure to service providers for these purposes a “sale” of information, we understand and disclose to you it may be interpreted as such under certain applicable laws.
- We may disclose your Personal Data to our insurers and professional advisers as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or other legal proceedings.
- We may disclose your Personal Data with our payment services providers to complete financial transactions. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
- In addition to the specific disclosures of Personal Data set out in this section, we may disclose your Personal Data: (a) where such disclosure is necessary for compliance with a legal obligation to which we are subject, including a subpoena, court order or search warrant; (b) enforce our Terms of Service, this Privacy Statement, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims regarding violations of third party rights; (d) respond to your requests for customer service; and/or (e) protect the rights, property or personal safety of USPC and its employees, its agents and affiliates, its users and/or the public. This includes exchanging information with other companies and organizations for fraud protection, spam/malware prevention, or in order to protect your vital interests or the vital interests of another natural person.
We reserve the right to transfer your Personal Data in the event of bankruptcy or a sale or transfer of all or a portion of our business or assets, an acquisition, merger or divestiture.
Except as otherwise set forth herein, we do not sell, trade, rent or otherwise share your Personal Data with any third parties outside of USPC or with our affiliated companies for monetary or other valuable consideration.
SENSITIVE PERSONAL DATA
Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Sites or otherwise to us, Sensitive Personal Data (e.g., religion, ethnicity, political opinions, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions) unless specifically requested by us or required by law.
INTERNATIONAL DATA TRANSFERS
USPC is a global business based in the United States. USPC, and our affiliated companies, have offices and facilities in worldwide locations including, the European Union/EEA, Latin America, Asia, Africa, etc. Your Personal Data may be transferred to other USPC entities, as well as to third party service providers who may process your Personal Data on our behalf, including e-marketing service providers, hosting providers, etc.
Our customers and the users of our Sites may be located anywhere in the world. The privacy laws in some countries may not provide protections equivalent to those in your country of residence, and your government may or may not deem such privacy protections adequate. We may process your information in, or transfer your information to, the United States, third parties in the United States, or other countries.
For residents of EU/EEA countries, in the event of transfer of your Personal Data to a country which has been deemed to have an inadequate level of protection for Personal Data, we will implement safeguards, including selecting “Privacy Shield” certified processors or putting in place standard contractual clauses, in accordance with the EU requirements. You can request more information about such measures by contacting us at Data Privacy Inquiry.
YOUR RIGHTS REGARDING ACCESS TO AND CONTROL OVER PERSONAL DATA
Your rights regarding your Personal Data depend on local law in the jurisdiction where you reside.
If you reside in the EU/EEA, you may have the right, after submitting a verified request to:
- Information and Access – You may request to access your Personal Data, receive supplemental information about your Personal Data, and/or be provided with a copy of your Personal Data.
- Rectification – You may request to rectify and/or update your inaccurate or out-of-date Personal Data.
- Erasure – You may have the right to have your Personal Data erased.
- Restriction – You may have the right to restrict the processing of your Personal Data.
- Object to Processing – You may have the right to object to specific types of processing of your Personal Data.
- Data Portability – You may have the right to request a portable copy of your Personal Data. For example, Data Portability does not apply to paper records, and must not prejudice the rights of others, or sensitive company information.
- Right not to be subject to decisions based solely Automated Decision Making – You may have the right not to be subject to decisions based solely on automated processing (i.e., without human intervention).
- Right to lodge a complaint – You may have the right to lodge a complaint with a supervisory authority in the country in which you reside, details of which can be provided on request by the Data Privacy Committee at Online Webform.
If you wish to exercise any of these rights please Data Privacy Inquiry.
USPC may charge a reasonable fee if your request is not valid under applicable law, repetitive or excessive. We may also request information from you in order to verify your identify before you receive a response.
If you reside in California, you may have the right, after submitting a verified request to:
- Know the categories of personal information we collect about you;
- Know whether your personal information was sold or disclosed to third parties for a business purpose, including for direct marketing purposes by third parties, during the immediately preceding calendar year;
- Know the identity of the third parties that received your personal information for their direct marketing purposes during that calendar year;
- Deletion of your personal information maintained by us;
- Opt-out of the sale of your personal information;
- Access your personal information and to a portable copy of your data;
- Not be discriminated against for exercising your rights; and
- Notification of your rights.
If you wish to exercise any of these rights, please submit your request to Subject Access Request
(Please note, California consumers may exercise these verified rights effective January 1, 2020).
If you would prefer not to have your personal information shared for any purpose other than to facilitate a transaction with us, please contact Data Privacy Inquiry.
To opt-out of the sale of your personal information click here: DO NOT SELL MY PERSONAL INFORMATION.
This Privacy Statement does not create, extend or modify any EU Data Subject rights, California consumer rights, or USPC obligations, except as provided by the GDPR and CCPA.
Attn: Data Privacy
300 Gap Way
Erlanger, Kentucky 41018
For more information on the full extent of your rights or to exercise your rights, please contact our Data Protection Director using the contact information above or Data Privacy Inquiry.
PERSONAL DATA SUBMITTED BY CHILDREN
Some of the content on our Sites may be directed toward children under age 13. However, we do not knowingly collect or solicit personal information from children under age 13 without parental consent, unless permitted by law. If we become aware that we have collected personal information from a child under age 13 without parental consent or unless otherwise permitted by law, we will delete it in accordance with applicable law. If you believe that a child may have provided us with Personal Data without parental consent or otherwise not permitted by law, please contact us as detailed below in the “Contact Us” section.
California consumers – We will not sell the information of California consumers who are 16 years old or younger without prior authorization. Our sites and services directed toward children will verify a user’s age and offer choices regarding the sale of personal information related to children aged 16 or younger. If a California consumer is under 13 years old, a parent or guardian must consent to the sale of the minor’s personal information. However, if the California consumer is between the ages of 13 and 16 years old, the minor may provide opt-in consent to the sale of their personal information. Our sites directed toward children will ask for age verification and require appropriate consent.
EU Residents – We do not collect or process personal data related to EU Data Subjects under the age of 16 without explicit consent from a parent or guardian. Our sites directed toward children will ask for age verification and require consent as appropriate.
COOKIES, WEB BEACONS AND OTHER TRACKING TECHNOLOGIES
Some of our business partners set web beacons and Cookies on our site. In addition, third-party social media buttons may log certain information such as your IP address, browser type and language, access time, and referring website addresses. Further, if you are logged in to those social media sites, they may also link such collected information with your profile information on that site.
There is no perfect security. We have implemented appropriate and commercially reasonable organizational, technical and administrative safeguards to protect Personal Data. You are responsible for maintaining the secrecy of any credentials that can be used to access any account or service with Newell. If you should suspect any unauthorized activity please report this to us immediately. You can report suspicious activity or other concerns by contacting us at:
Data Privacy Inquiry or email@example.com
LINKS TO THIRD PARTY SITES
We may collect your information from third party’s sites. This includes when you log in through a third party site such as Facebook, Snapchat, Instagram, LinkedIn, Twitter, etc. We may also disclose information collected from third parties to customize ads and to manage and facilitate messaging on third party sites. Please note that when you unsubscribe from our marketing email there may be a delay in the discontinuation of our ads directed to you on third party sites.
DO NOT TRACK
Newell does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, you may be able to set the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked.
USING MOBILE AND OTHER DEVICES
Newell, our affiliates and third parties that we have engaged, may collect and store unique identifiers matched to your mobile device in order to deliver customized ads or content while you use our Sites, navigate the internet, to deliver location-based services and advertising, or to identify you in a unique manner across devices or browsers. In order to customize these ads or content, we, or third parties, may collect Personal Data, e.g., your email address, or data passively collected from you such as your device identifier, location, or IP address. Most mobile devices allow you to turn off location services.
By adjusting the privacy and security settings on your device, you can manage how your mobile device and mobile browser share information, as well as how your mobile browser handles Cookies and other tracking identifiers. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn how to adjust your settings.
EMAIL MARKETING COMMUNICATIONS
If you are an existing customer or, if required by applicable law, you have provided consent or have not otherwise directed us not to send you marketing messages, we may send you marketing messages via email and/or mail to keep you updated on our products and services.
You can stop receiving marketing messages from us at any time through the following methods:
- Through your customer account settings/preferences within “My Account”;
- By clicking on the ‘unsubscribe’ link in any email communication we send you
- By contacting us at Data Privacy Inquiry
Once one of these methods is completed, we will honor your request and update your profile to ensure that you don’t receive further marketing messages.
We will process opt-out/unsubscribe requests as quickly as possible, and in most cases, within 10 days. However, USPC is made up of a complex web of many inter-connecting companies and service providers so it may take time for all our systems to reflect these updates. We ask for your understanding that during this period you may still get messages from us while your request is being processed.
Please note that the discontinuation of marketing messages will not stop any service communications such as order updates.
Our Sites may give you the choice to opt-in to receiving text messages and alerts on the mobile phone number(s) you have shared with us. Once you have opted-in, we may send you text messages regarding your account, to investigate or prevent fraud, to alert you in the event of an emergency, etc. We may send you text messages and alerts using autodialed technology. Also, from time to time, we may run certain campaigns that provide you with the ability to send a text message to a specific short code and provide an opt-in to receive future text messages. Your opt-in request provides us with your mobile phone number. If you choose to opt-in, you agree that we may, from time to time, send messages to the mobile device associated with that number about new products, promotions, services, or offers.
You may choose to opt-out from our text messages and alerts at any time by replying “STOP” to the message you received. Once you opt-out, you will not receive any additional text messages via your mobile phone. Please keep in mind that if you opt-out of receiving text messages and alerts we may not be able to contact you with important messages regarding your account or transactions with us. However, if there is an emergency or account question, we will make every attempt to contact you in other ways such as by email or on a landline phone. You do not have to opt-in to text messages and alerts to use our Sites and services. If you opt-in, standard text messaging charges may apply. For more information regarding our text messaging and alerts, please contact us at Data Privacy Inquiry.
CHANGES TO OUR PRIVACY STATEMENT
Effective January 1, 2020, we updated and harmonized portions of our Privacy Statement. Here is a summary of some of the changes:
- We will now use the term “Sites” to describe our website, mobile apps, etc.
- We clarify the types of Personal Data we collect about you and the ways we collect this information.
- We describe your rights of access to and control over your Personal Data.
- We provide updated contact information.
- We describe how we may use and share your Personal Data
- We clarify the types of Personal Data we collect about you and the ways we collect this Personal Data. We collect Personal Data in many ways, including from third party sites, social media sites, and advertising networks.
- We describe how we share and use your Personal Data.
- We describe our use of email communications and text messaging and how to opt out and/or control these communications.
- We notify users as to their rights under the GDPR and California Consumer Privacy Act where applicable.
- We clarify that your Personal Data may be transferred across international borders for processing and other uses.
- We clarify how we share your Personal Data with our suppliers, third party vendors and referring sites.
- We include additional information on Do Not Track signals.