- English - English - Consumer

Who are we?
How do we collect information about you?
What information about you do we collect?
For what purposes do we use information about you?
Who do we disclose your Personal Information to, and for what purposes?
Where might information about you be sent?
How do we protect information about you?
How long will information about you be kept?
What rights and options do you have?
Additional Notice to California Residents
Who should you contact with questions?
Changes to this notice

Who are we?

We are Triaga Inc., a Delaware corporation with our registered address at 1900 Stantonsburg Road, Wilson, NC 27893.

The best way to contact us is by using our IQOS Customer Care online chat tool on our Website. You can also contact us by telephoning our Customer Care team at 1-844-275-4767 or by emailing us at contact.us@iqos.com; and

We are affiliate members of Philip Morris International, a collective group of businesses. All affiliate members of the group are listed here

  • Philip Morris International or PMI means Philip Morris International, a leading international tobacco group incorporated in US and headquartered in Switzerland. It is made up of a number of companies or “affiliates”.
  • PMI affiliates” means a member of the Philip Morris International group of companies. “We” (or “us” or “our”) refers to the PMI affiliate that first collected information about you.
  • PMI products or services” means consumer products or services of ours or of another PMI affiliate.

How do we collect information about you?

We may collect Personal Information about you in various ways.

  • You may provide us with Personal Information directly (e.g. filling in a form, making a call to us, or uploading information to us via a mobile app).
  • We may collect Personal Information from a PMI electronic device, if you choose to send Personal Information to us.
  • We may collect Personal Information automatically when you interact with our systems or we communicate with you (e.g. when you use a PMI app, chatbot or website or, where we use technologies to observe when you receive or open e-mails or receive SMS messages).
  • We may also acquire Personal Information from third parties (e.g. publicly-available Personal Information on social media platforms such as Facebook and X, or statistical information about the population in certain geographical areas). For example, we may infer information about you from aggregated information we acquire from third parties. This may include, for example, statistical information about people in certain geographical areas.

In this notice, we refer to all the methods by which you are in contact with us as “PMI touchpoints”. PMI touchpoints include both physical (for example, via retail outlets and events, consumer contact centres), and digital (for example, via apps and websites).

We may collect Personal information that you provide directly. Typically, this will happen when you:

  • sign up to be a member of our databases (including loyalty programs), which will include performing age verification (this could be, for example, in person, via an app, or online);
  • request information about our products, which may include age recognition (this could be computer analysis of your face via app or online);
  • purchase PMI products or services at a retail outlet;
  • download, or use, a PMI digital touchpoint (e.g. an app or a website);
  • contact us through a PMI touchpoint or by social media;
  • register a device with us;
  • subscribe to a PMI panel portal;
  • register to receive PMI press releases, e-mail alerts, or marketing communications;
  • participate in PMI surveys or PMI competitions or promotions; or
  • attend an event that a PMI affiliate has organized.

We may collect Personal information from an electronic device, if you choose to send the information to us. This may be shared with us through a direct connection to the internet, or via one of our apps that you may download.

We may collect Personal information about you automatically. Typically, this will happen when you:

  • visit an outlet that sells PMI products (for example, by collecting your data at check-out, or through sensors at the outlet that connect with mobile technology);
  • attend an event that a PMI affiliate has organized (for example, through purchases at the event or through sensors at the event that connect with mobile technology);
  • communicate with us (for example, through a PMI touchpoint, or social media platforms);
  • use PMI touchpoints (for example, through tracking mechanisms (such as cookies and web beacons/pixels), where we use them, that you receive when you use the PMI touchpoint or get an e-mail or SMS message from us);
  • use third party websites (for example, using technology similar to that described in the bullet above, that you receive when you visit a PMI touchpoint or get an e-mail from us); or
  • make public posts on social media platforms that we follow (for example, so that we can understand public opinion, or respond to requests concerning PMI products).

We may collect Personal Information about you automatically through the use of cookies and similar tracking technologies (such as web beacons/pixels) that you receive when you visit digital PMI touchpoints or get an electronic message from us. The specific cookies and other mechanisms used will depend on the touchpoint in question. To learn about these mechanisms used on a PMI touchpoint, including how you can accept or refuse cookies, please see the information made available on or through that touchpoint. These mechanisms may include Google analytics cookies (see www.google.com/policies/privacy/partners/.)

We use certain third-party analytics and/or other technology providers to help us understand how you use PMI products and services, and these companies may set their own cookies and other tracking technologies (collectively “Tracking Technologies”) on your devices. For example, we may use third-party services to record and review your interactions with our websites, including mouse movements, clicks, page visits, keystrokes/key touches, and other details, including any Personal Information that you provide.  These “session replay” services help us organize and analyze your interaction data for purposes, including to improve and prevent fraud related to our websites and services. By using any of our websites and services, you expressly consent to the recording and sharing of your Personal Information and other data with third-party “session replay” services and other analytics providers.

We may also use Google Analytics and similar third-party analytics providers to track visitors’ activity on our website. These analytics providers may also use web browsing data and other data analysis to improve their own products. For more information on how to limit this activity, including the ability to opt out of these analytics, visit “What rights and options do you have?

We may acquire Personal Information about you from third parties. This may include information shared between PMI affiliates, publicly available profile information (such as your preferences and interests) on third party social media sites (such as Facebook and Twitter), marketing lists and supplementary information acquired from third party agencies.

We may also infer information about you from information that we already have. For example, we may use aggregated information about people in certain geographical areas, that we acquire from third parties, to infer your preferences.

What information about you do we collect?

The description of our data practices in this Notice covers the twelve (12) months prior to the date noted at the bottom of this page (the “Effective Date”).

We may collect various types of information about you:

  • information about your orders, including information necessary to fulfil them
  • information necessary to provide warranty services
  • information about the referrals you make
  • information you give us in forms or surveys, and similar information that you give to third parties to be transferred to us
  • information about your location, where you choose to share it with us (for example, on your mobile phone)
  • information about your visits to our outlets or events (or outlets or events of others with whom we work)
  • information you give us in communications (e.g. calls, chats, e-mails, SMS messages) you have with contact centers
  • information about your preferences and interests (including information that we infer from other information, for example from statistical information)
  • information necessary to verify your age
  • information generated by your electronic device (for example, IQOS), if you choose to share it with us
  • information about your experiences using our products and services
  • statistical information about you (for example, statistical information about people in certain geographical areas)

We may receive or collect your Personal Information directly from you or from your devices, from third parties, or from other individuals and businesses, as well as public sources of data.    

Generally, we process your Personal Information to provide you our products and services and as otherwise related to the operation of our business, including for one or more of the following "Business Purposes":   

  • selling our products and services to you;  
  • managing our interactions and transactions with you;
  • marketing our products and tailoring our offering to you based on your preferences and purchase history;   
  • fraud prevention and security;    
  • maintaining products that you have purchased and debugging;
  • performing market research;   
  • Quality Assurance (see more detail below);   
  • Processing Interactions and Transactions (see more detail below); and notice  
  • performing research and development to improve our products.   

 

 

Deidentified and Aggregated Information: As permitted by applicable law, we do not treat deidentified data or aggregate consumer information as Personal Information and we reserve the right to use and disclose deidentified or aggregate consumer information for any commercially reasonable purpose. We have no obligation to re-identify information or keep it longer than we need it to respond to your requests. We also publicly commit to maintaining, using, and otherwise processing any deidentified or aggregate consumer information in a deidentified or aggregated manner and will not attempt to, directly or indirectly, re-identify or disaggregate this information. Data exempt from U.S. privacy laws are not included in this notice.

Other Uses: In some instances, we may use information about you in ways that are not described above. Where this is the case, we will provide a supplemental privacy notice that explains such use. You should read any supplemental notice in conjunction with this notice.

For what purposes do we use information about you?

 

Table 1: Personal Information Collection and Disclosure – By Processing Purpose

(See Table 2 for an explanation of the Categories of Information)

Processing Purpose(s)

Example(s) of Processing Purpose

Categories of Information Involved

1.  Selling our products and services to you

Provide our products and services:  to provide you with PMI products and services such as IQOS and Zyn, including offers relating to these products;  

Enable additional features: to provide you with additional features to enhance our products and services, such as providing you with support and IQOS coaches;

Process orders: to process or fulfil an order or transaction;   

Contact you: to contact and communicate with you about your use of our products and services, including changes to our products and services or our policies;   

Account management: to process your registration relating to our products and services, verify your info is active and valid, and otherwise manage your account  

Customer Service: to respond to any questions, comments, or requests you have for us or for other customer service purposes  

Payment and other purchase-related purposes: to facilitate a purchase made using our products and services, including payment processing  

Other: marketing, administrative, operational, business, and commercial purposes subject to applicable law and not inconsistent with this Privacy Notice or other notice by us at collection  

Identifiers, Customer Account Details/Commercial Information, Internet Usage Information, General Geo-location Data, Sensory Data, Inferences

2.  Managing Interactions and Transactions 

Auditing: related to counting unique visitors and auditing compliance with user interaction or transaction specifications and standards   

Identifiers, Customer Account Details/Commercial Information, Internet Usage Information

3.  Security

Security/fraud prevention: to protect the security of Company, our products and services, and its users and to prevent and address fraud and violations of our terms and policies  

Identifiers, Internet Usage Information, Customer Account Details/Commercial Information

4.  Debugging

Repairs: identify and repair errors that impair existing intended functionality of our products, devices and services   

Identifiers, Internet Usage Information, Customer Account Details/Commercial Information

5.  Providing Advertising & Marketing Services 

Content and offers customization: to customize your experience with our products and services, or to serve you specific content and offers that are relevant to/customized for you  

Advertising, marketing, and promotions: to assist us in determining relevant offers; to develop and evaluate marketing and advertising campaigns; and for promotional activities, such as running sweepstakes, contests, and other promotions

Identifiers, Internet Usage Information, Customer Account Details/Commercial Information, Geo-location Data, Inferences

6.  Quality Assurance

Quality and Safety of Service: undertaking activities to verify or maintain the quality or safety of our products, devices and services, and to improve, upgrade, or enhance our products, devices and services. 

Identifiers, Internet Usage Information, Customer Account Details/Commercial Information, Geo-location Data, Inferences

7.  Processing Interactions and Transactions

Short-term, transient use: including, but not limited to, non-personalized advertising shown as part of a Consumer’s current interactions related to use of our products and services

Identifiers, Internet Usage Information, Customer Account Details/Commercial Information, Geo-location Data, Sensory Data, Inferences

8.  Research and Development

Research and analytics: to better understand how Consumers access and use our products and  services, both on an aggregated and individualized basis, to improve our products and services and respond to user preferences, and for other research and analytical purposes  

Market research and customer satisfaction surveys: to administer surveys and questionnaires, such as for market research or customer satisfaction purposes

Identifiers, Internet Usage Information, Customer Account Details/Commercial Information, General Geo-location Data, Inferences

9.  Additional Business Purposes 

Compliance with legal obligations: to comply with legal obligations, as part of our general business operations, and for other business administration purposes

Prevention of illegal activities, fraud, injury to others, or violation of our terms and policies: to investigate, prevent or take action if someone may be using info for illegal activities, fraud, or in ways that may threaten someone’s safety or violate of our terms or policies

Purposes disclosed at Personal Information collection: We may provide additional disclosures at the time of Personal Information collection  

Related or compatible purposes: for purposes that are related to and/or compatible with any of the foregoing purposes

Identifiers, Personal Records, Personal Characteristics or Traits, Customer Account Details/Commercial Information, Internet Usage Information, General Geo-location Data, Sensory Data, Professional or Employment Information, Inferences

10.  Commercial Purposes 

We may collect and use your Personal Information for commercial purposes such as for interest-based advertising and sharing Personal Information in a manner that is deemed a sale under the California Consumer Privacy Act or other applicable U.S. state privacy laws.

 

Identifiers, Personal Records, Personal Characteristics or Traits, Customer Account Details/Commercial Information, Internet Usage Information, General Geo-location Data, Sensory Data, Professional or Employment Information, Inferences

 

Table 2: Personal Information Collection and Disclosure – By Category of Information

(See Table 1 for a more detailed description of the Processing Purposes)

Category of Information: Identifiers

Examples of Information Collected and Retained

  • Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, or other similar identifiers.

Sale/Share Recipients

  • Cookie Operators*
  • Licensees

Business Purpose Recipients

  • Service providers (e.g., data processors, IT service providers, storage vendors, marketing service providers, logistics service providers, fraud screening providers, [third party retailers of our products], security providers, and professional advisors)  
  • PMI Affiliates  
  • Government entities (where we are under a duty to disclose or to protect our rights or the rights of others)  
  • Other parties within the limits of additional business purposes (e.g., when you engage in offer actions with third parties—see below)  

 

Processing Purposes

  • Selling our products and services to you
  • Managing Interactions and Transactions
  • Security
  • Debugging
  • Providing Advertising & Marketing Services
  • Quality Assurance
  • Processing Interactions and Transactions
  • Research and Development
  • Additional Business Purposes
  • Commercial Purposes 

Category of Information: Personal Records

Examples of Information Collected and Retained

  • Physical characteristics or description, signature, telephone number, bank account number, credit card number, debit card number, or any other financial information.

Sale/Share Recipients

  • Cookie Operators*
  • Licensees

Business Purpose Recipients

  • Service providers (e.g., data processors, IT service providers, storage vendors, marketing service providers, logistics service providers, fraud screening providers, [third party retailers of our products], security providers, and professional advisors)  
  • PMI Affiliates  
  • Government entities (where we are under a duty to disclose or to protect our rights or the rights of others)  
  • Other parties within the limits of additional business purposes (e.g., when you engage in offer actions with third parties—see below)  

 

Processing Purposes

  • Additional Business Purposes
  • Commercial Purposes 

Category of Information: Personal Characteristics or Traits

Examples of Information Collected and Retained

  • Age, gender, nationality, ethnicity, race, or information related to medical conditions.

Sale/Share Recipients

  • Cookie Operators*
  • Licensees

Business Purpose Recipients

  • Service providers (e.g., data processors, IT service providers, storage vendors, marketing service providers, logistics service providers, fraud screening providers, [third party retailers of our products], security providers, and professional advisors)  
  • PMI Affiliates  
  • Government entities (where we are under a duty to disclose or to protect our rights or the rights of others)  
  • Other parties within the limits of additional business purposes (e.g., when you engage in offer actions with third parties—see below)  

Processing Purposes

  • Additional Business Purposes
  • Commercial Purposes 

Category of Information: Customer Account Details/ Commercial Information

Examples of Information Collected and Retained

  • Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Sale/Share Recipients

  • Cookie Operators*
  • Licensees

Business Purpose Recipients

  • Service providers (e.g., data processors, IT service providers, storage vendors, marketing service providers, logistics service providers, fraud screening providers, [third party retailers of our products], security providers, and professional advisors)  
  • PMI Affiliates  
  • Government entities (where we are under a duty to disclose or to protect our rights or the rights of others)  
  • Other parties within the limits of additional business purposes (e.g., when you engage in offer actions with third parties—see below)  

Processing Purposes

  • Selling our products and services to you
  • Managing Interactions and Transactions
  • Security
  • Debugging
  • Providing Advertising & Marketing Services
  • Quality Assurance
  • Processing Interactions and Transactions
  • Research and Development
  • Additional Business Purposes
  • Commercial Purposes 

Category of Information: Internet Usage Information

Examples of Information Collected and Retained

  • Browsing history, search history, and information regarding your interaction with an Internet Web site, application, or advertisement.

Sale/Share Recipients

  • Cookie operators*
  • Licensees

Business Purpose Recipients

  • Service providers (e.g., data processors, IT service providers, storage vendors, marketing service providers, logistics service providers, fraud screening providers, [third party retailers of our products], security providers, and professional advisors)  
  • PMI Affiliates  
  • Government entities (where we are under a duty to disclose or to protect our rights or the rights of others)  
  • Other parties within the limits of additional business purposes (e.g., when you engage in offer actions with third parties—see below)  

Processing Purposes

  • Selling our products and services to you
  • Managing Interactions and Transactions
  • Security
  • Debugging
  • Providing Advertising & Marketing Services
  • Quality Assurance
  • Processing Interactions and Transactions
  • Research and Development
  • Additional Business Purposes
  • Commercial Purposes 

Category of Information: General Geo-Location Data

Examples of Information Collected and Retained

  • Broad information on location (e.g., based on zip code).

Sale/Share Recipients

  • Cookie Operators*
  • Licensees

Business Purpose Recipients

  • Service providers (e.g., data processors, IT service providers, storage vendors, marketing service providers, logistics service providers, fraud screening providers, [third party retailers of our products], security providers, and professional advisors)  
  • PMI Affiliates  
  • Government entities (where we are under a duty to disclose or to protect our rights or the rights of others)  
  • Other parties within the limits of additional business purposes (e.g., when you engage in offer actions with third parties—see below)  

Processing Purposes

  • Selling our products and services to you
  • Providing Advertising & Marketing Services
  • Quality Assurance
  • Processing Interactions and Transactions
  • Research and Development
  • Additional Business Purposes
  • Commercial Purposes 

Category of Information: Sensory Data (Non-Biometric)

Examples of Information Collected and Retained

  • Audio recordings of customer care calls, electronic, visual, olfactory, or similar information

Sale/Share Recipients

  • Cookie Operators*
  • Licensees

Business Purpose Recipients

  • Service providers (e.g., data processors, IT service providers, storage vendors, marketing service providers, logistics service providers, fraud screening providers, [third party retailers of our products], security providers, and professional advisors)  
  • PMI Affiliates  
  • Government entities (where we are under a duty to disclose or to protect our rights or the rights of others)  
  • Other parties within the limits of additional business purposes (e.g., when you engage in offer actions with third parties—see below)  

Processing Purposes

  • Selling our products and services to you
  • Processing Interactions and Transactions
  • Additional Business Purposes
  • Commercial Purposes 

Category of Information: Professional or Employment Information

Examples of Information Collected and Retained

  • Professional, educational, or employment-related information

Sale/Share Recipients

  • Cookie operators*
  • Licensees

Business Purpose Recipients

  • Service providers (e.g., data processors, IT service providers, storage vendors, marketing service providers, logistics service providers, fraud screening providers, [third party retailers of our products], security providers, and professional advisors)  
  • PMI Affiliates  
  • Government entities (where we are under a duty to disclose or to protect our rights or the rights of others)  
  • Other parties within the limits of additional business purposes (e.g., when you engage in offer actions with third parties—see below)  

Processing Purposes

  • Additional Business Purposes
  • Commercial Purposes 

Category of Information: Inferences from Information Collected

Examples of Information Collected and Retained

  • Creating a profile about a Consumer reflecting the Consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Sale/Share Recipients

  • Cookie operators*
  • Licensees

Business Purpose Recipients

  • Service providers (e.g., data processors, IT service providers, storage vendors, marketing service providers, logistics service providers, fraud screening providers, [third party retailers of our products], security providers, and professional advisors)  
  • PMI Affiliates  
  • Government entities (where we are under a duty to disclose or to protect our rights or the rights of others)  
  • Other parties within the limits of additional business purposes (e.g., when you engage in offer actions with third parties—see below)  

Processing Purposes

  • Selling our products and services to you
  • Providing Advertising & Marketing Services
  • Quality Assurance
  • Processing Interactions and Transactions
  • Research and Development
  • Additional Business Purposes
  • Commercial Purposes 

Category of Information: Sensitive Personal Information

Examples of Information Collected and Retained

  • Precise Geo-location (any data that is derived from a device and that may locate a consumer within a geographic area with a radius of 1,750 feet or less) 

 

Sale/Share Recipients

  • Cookie operators*
  • Licensees

Business Purpose Recipients

  • Service providers (e.g., data processors, IT service providers, storage vendors, marketing service providers, logistics service providers, fraud screening providers, [third party retailers of our products], security providers, and professional advisors)  
  • PMI Affiliates  
  • Government entities (where we are under a duty to disclose or to protect our rights or the rights of others)  
  • Other parties within the limits of additional business purposes (e.g., when you engage in offer actions with third parties—see below)  

Processing Purposes

  • Selling our products and services to you
  • Providing Advertising & Marketing Services

Category of Information: Sensitive Personal Information

Examples of Information Collected and Retained

  • Sensitive Personal Characteristics (e.g., racial or ethnic origin, religious or philosophical beliefs, citizenship or immigration status, or union membership)

 

Sale/Share Recipients

  • Cookie operators*
  • Licensees

Business Purpose Recipients

  • Service providers (e.g., data processors, IT service providers, storage vendors, marketing service providers, logistics service providers, fraud screening providers, [third party retailers of our products], security providers, and professional advisors)  
  • PMI Affiliates  
  • Government entities (where we are under a duty to disclose or to protect our rights or the rights of others)  
  • Other parties within the limits of additional business purposes (e.g., when you engage in offer actions with third parties—see below)  

Processing Purposes

  • Research and Development
  • Additional Business Purposes

Category of Information: Sensitive Personal Information

Examples of Information Collected and Retained

  • Health Information (collected and analyzed concerning a consumer’s health, medical history, mental or physical health, diagnosis/condition, and medical treatment)
  •  Sexual Orientation (collected and analyzed concerning a consumer’s sex life or sexual orientation)

Sale/Share Recipients

  • Cookie operators*
  • Licensees

Business Purpose Recipients

  • Service providers (e.g., data processors, IT service providers, storage vendors, marketing service providers, logistics service providers, fraud screening providers, [third party retailers of our products], security providers, and professional advisors)  
  • PMI Affiliates  
  • Government entities (where we are under a duty to disclose or to protect our rights or the rights of others)  
  • Other parties within the limits of additional business purposes (e.g., when you engage in offer actions with third parties—see below)  

Processing Purposes

  • Research and Development
  • Additional Business Purposes

Category of Information: Sensitive Personal Information

Examples of Information Collected and Retained

  • Financial Data (e.g., a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account)
  • Government Issued Identification Numbers (e.g., social security, driver’s license, state identification card, or passport number)
  • Communication Content (e.g., the contents of a consumer’s mail, email, and text messages, where PMI US is the intended recipient of the communication)

Sale/Share Recipients

  • None

Business Purpose Recipients

  • Service providers (e.g., data processors, IT service providers, storage vendors, marketing service providers, logistics service providers, fraud screening providers, [third party retailers of our products], security providers, and professional advisors)  
  • PMI Affiliates  
  • Government entities (where we are under a duty to disclose or to protect our rights or the rights of others)  
  • Other parties within the limits of additional business purposes (e.g., when you engage in offer actions with third parties—see below)  

Processing Purposes

  • Selling our products and services to you
  • Providing Advertising & Marketing Services
  • Quality Assurance
  • Processing Interactions and Transactions
  • Additional Business Purposes

*Only to the extent such data is collected by a cookie or other Tracking Technology.

Information that we collect from third parties will generally consist of publicly available information (such as your preferences, interests and experiences), for example from public social media posts.

 

 

Who do we disclose your Personal Information to, and for what purposes?

We may disclose information about you with:

  • PMI affiliates;
  • third parties who provide PMI affiliates or you with products or services ("Service Providers");
  • PMI affiliates’ carefully selected business partners and advertisers (in areas connected with our products, or consistent with their style and image) so that they can contact you with offers that they think may interest you, in accordance with your preferences ("Business Partners");
  • ("Cookie operators");
  • ("Licensees"); and
  • other third parties, where required or permitted by law.

We disclose information about you with others only in accordance with applicable laws. Thus, where law requires your consent, we will first ask for it.

Data obtained through the short-code program will not be shared with third parties for their own independent marketing or promotional purposes.

PMI Affiliates:

  • Information about you will be disclosed to Philip Morris Products S.A. (based in Neuchâtel, Switzerland), which is the place of central administration of Personal Information  processing for PMI affiliates. Philip Morris Products S.A. processes the information about you for all the purposes described in this notice.
  • Information about you may be disclosed to any other PMI affiliate that you contact (for example, if you travel and you want to know where to buy PMI products in a new country, or where to find service or support for PMI products) in order to enhance our service to you.
  • Information about you may be disclosed to any other PMI affiliate to market other products or services 
  • Details of PMI affiliates and the countries in which they are established are available via our website.

Service Providers: We may disclose Personal Information about you with third parties who provide PMI affiliates or you with products or services (such as advisers, payment service providers, delivery providers, retailers, product coaches, information services providers and age verification providers).

Business Partners: We may disclose Personal Information about you with PMI affiliates’ carefully selected third party business partners and advertisers (in line with the kind of thing you might associate with our products, for example because they have similar or complementary image, style, or functionality) so that they can contact you with products, services and promotions that they think may interest you, in accordance with your preferences.

Compliance, Legal Claims, or with Government Agencies: We may disclose information about you with other third parties, where required or permitted by law, for example: regulatory authorities; government departments; in response to a request from law enforcement authorities or other government officials; when we consider disclosure to be necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.

In Connection with a Change of Control: We may transfer or disclose your Personal Information in connection with, or during negotiations concerning, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company or other business transaction.

After Notice to you, or with your Direction or Consent: We may disclose your Personal Information with your direction or consent, or after providing appropriate notice to you.  As an example, if you click on social sharing features on our services (such as a “Like” button), you are directing information about you to be shared with a social media platform,

Other Commercial Purposes: We may also use and disclose your Personal Information under this Notice for other commercial purposes, which may be considered a “sale” or “share” under certain U.S. state privacy laws, including to Cookie operators and Licensees. Please see Table 2: Personal Information Collection and Disclosure, in “For what purposes do we use information about you?” for more details on when we “sale” or “share” your information. 

Where might information about you be sent?

As with any multinational organization, we transfer information globally to our affiliates and service providers.  Your Personal Information may therefore be transferred to other countries as part of our standard operations.  Whenever we transfer your Personal Information abroad, we will protect it appropriately and only transfer information in compliance with applicable data privacy laws.

 

 

How do we protect information about you?

We implement appropriate technical and organizational measures to protect personal information that we hold. Where appropriate, we use encryption and other technologies that can assist in securing the information you provide. We also require our service providers that process your Personal Information to comply with appropriate data privacy and security requirements as required by applicable law. But note, given the inherently open nature of the Internet, PMI cannot guarantee that information transmitted between you and us will always remain secure. We may also require you to assist us to safeguard your Personal Information. For instance, if you create an account with us, you should use unique and strong passwords, not share your passwords with others, and take any other measures we may require under the terms of use applicable to the PMI products or services you use. 

How long will information about you be kept?

We will retain Personal Information about you for the period necessary to fulfill the purposes for which the Personal Information was collected in accordance with our internal data retention standards. If there are multiple purposes for which Personal Information was collected, we will retain it for the longer period. After that, subject to the legal obligations discussed in the next paragraph, we will delete it.

Typically, we retain data based on the criteria described in the table in the "find out more" section below. Where these periods conflict with legal obligations, for example, for tax and accounting purposes, to either retain the information for a set minimum period of time, or to delete it after a set maximum period of time, we apply the periods required for those legal obligations instead.

Typically, we retain data based on the criteria described in the table below:

Purpose of collection

Explanation/typical retention criteria

Marketing to you (including marketing communications) (if you use digital touchpoints and are contactable)

Most of the information in your marketing profile is kept for the duration of our marketing relationship with you; for example, while you continue to use digital touchpoints, or respond to our communications. However, some elements of your marketing profile, such as records of how we interact with you, naturally go out of date after a period of time, so we delete them automatically after defined periods (typically 3 years) as appropriate for the purpose for which we collected them.

Marketing to you (including marketing communications) (if you are no longer in contact with us)

This scenario is the same as the above, but if we don’t have any contact with you for a long period (typically 2 years), we will stop sending you marketing communications and delete your history of responses to them. This will happen, for example, if you never click through to an invitation to an event, log on to a digital touchpoint, or contact customer care, during that time. The reason is that in these circumstances, we assume you would prefer not to receive the communications.

Marketing to you (including marketing communications) (if you are not contactable)

If you have registered to receive marketing communications, but the information you give us to contact you doesn’t work, we will retain your details for a period of typically only 1 year to allow you to return and correct it.

Marketing to you (including marketing communications) (incomplete registrations)

If you commence registering yourself in a database, but do not complete the process (for example, if you don’t complete the age verification process, or you don’t accept the touchpoint’s terms of use), we will retain your details (to allow you to return and complete the process) for up to 30 days, depending on the type of information missing.

Market research

If you are not registered with us for other purposes (e.g. marketing communications, warranty, customer care), and we use publicly available information about you in order to understand the market or your preferences, we will retain the information about you for a short period in order to perform the particular item of market research.

If we collect information about you in other market research contexts, we will retain that information:

  • for the purposes of the individual item of market research for the period reasonably required (typically no longer than 1 year); and
  • for the purposes of demonstrating fair practices for so long as we need to be able to demonstrate that, and we will regularly review whether that purpose has been achieved to determine whether the retention is still required.

Purchases, loyalty transactions and warranty

If you purchase goods or perform a loyalty transaction, we will retain details of this for so long as required to complete the sale, and to comply with any legal obligations (for example, for tax and accounting record-keeping purposes and fraud-prevention purposes). If you also register for a warranty for a device, we will retain details of this for so long as relevant to the warranty.

Customer care

If you contact customer care, we will make a record of the matter (including details of your enquiry and our response) and retain it while it remains relevant to our relationship, for example if you need us to replace a device under warranty, or if your recent enquiries are relevant. Temporary records (for example, an automated recording of a telephone call in which you ask us to direct you to a retail outlet) may be relevant only until more permanent records are made and will be retained only temporarily.

System audit and fraud prevention

System audit logs are retained typically for a period of up to 6 months for system recovery and for up to 10 years for fraud prevention.

Business analytics

We keep most business analytics data for the duration of our marketing relationship with you as described in the first line of this table above. However, some elements of it, such as some device information (if you choose to share it with us), naturally go out of date after a period of time, so we delete them automatically after defined periods as appropriate for the purpose for which we collected them.

Device data

We keep data collected from your device (should you choose to share it with us) for various periods, according to the purposes for which we use it:

  • product improvement: 5 years (or earlier if you delete your marketing profile)
  • business analytics: 5 years (or earlier if you delete your marketing profile)
  • device diagnostics and upgrades: deleted immediately after providing the service
  • demonstrating fair treatment of a consumer: 10 years

Age verification

The details you submitted for us to verify your age are deleted once we have completed the process of verification. We operate several processes for doing this and the retention period varies according to the process that is followed, from a few minutes to six months. We also keep some details separately, for fraud prevention purposes – see above.

Age recognition using computer analysis (this may be used if you request information about our products)

Your image is deleted promptly following the analysis (the analysis takes only a few seconds).

What rights and options do you have?

We provide you with the privacy rights described in this section pursuant to requirements of the applicable state law in which you reside, provided any such request meets the requirements for a Verifiable Consumer Request (defined below).

California residents may have additional rights.  For more information, see Section ("Additional Notice for California Residents").

 The consumer rights we accommodate are as follows:  

Right to Limit Sensitive Personal Information Processing

You may have the right to request that we limit our processing of sensitive personal information (please see below for instructions on how to do so).  However, we may continue processing such personal information for the following processing purposes or any other permitted purposes under such U.S. state privacy laws:  

  • To perform our services at your request or at your direction;  
  • To prevent, detect, and investigate security incidents, fraudulent activity, illegal actions, etc.;  
  • For short term transient use, including, but not limited to, non-personalized advertising as part of your interaction with our products and services; and  
  • To maintain or service accounts, provide customer service, process or fulfill offers, orders and transactions, verify customer information, process payments, or provide similar services.  

Right to Know/Access

You may have the right to know and confirm that we are processing your personal information.  You may also have the right to access what personal information we have collected about you.  To the extent feasible, you may request for us to also provide a copy of your Personal Information that you previously provided in readily usable format to permit you to transfer your data to another entity. In accordance with applicable law, we may limit the number of these requests we process. 

Residents of California, Colorado, and Virginia are entitled to access information maintained by us up to twice in a 12-month period.  Residents of Connecticut and Utah are entitled to access information maintained by us once in a 12-month period, with subsequent requests subject to a service fee.   

You may request to confirm if we are processing your information and, if we are, to obtain a transportable copy of your information that we have collected and are maintaining, as required by applicable U.S. state privacy laws.  If you wish to receive specific pieces of your information, we will attempt to honor such requests where reasonably possible.  

Do Not Sell/ Share/Target for Advertising

Various U.S. state privacy laws have broad and differing concepts of “selling” information for which an opt-out is required, with some states including information transfers for non-monetary consideration and other states only including information transfers for monetary consideration. California also has an opt-out from “sharing” for cross-context behavioral advertising purposes (use of information from different businesses or services to target advertisements across websites or apps). Other states have an opt-out of “Targeted Advertising” (defined differently, but also addressing tracking, profiling, and targeting of advertisements).

We may sell or share your information and/or use your information for targeted advertising, as these terms apply under U.S. state privacy laws. However, you may have the right to opt out of such disclosures.

We will not sell your information, share your information for cross-context behavioral advertising, or process your information for targeted advertising if you make a Do Not Sell/Share/Target opt-out request as follows:   

Opt-out for non-cookie information: If you want to limit our processing of your non-cookie information (e.g., your email address or web browsing activity) for Targeted Advertising, or opt-out of the Sale/Sharing of such information, you may make an opt-out request using the method described in “Find out more” under this section. 

Opt-out for cookie information: If you want to limit our processing of your cookie-related informationfor Targeted Advertising, or opt-out of the Sale/Sharing of such information, you may exercise an opt-out request by accessing our cookie preference center on the site that you’re visiting. This cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device. Since your browser opt-out is designated by a cookie, if you clear or block cookies on your device, your preferences may no longer be effective, and you will need to enable them again via our cookie management tool.  

Opt-out preference signals ("OOPS", as they are known in California; also known as global privacy control or "GPC"): Some U.S. state privacy laws require businesses to process OOPS or GPC signals, which are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual's choice to opt-out of the Sale and Sharing of information. To use an OOPS/GPC, you can download a compatible internet browser or a plugin for your current internet browser and follow the settings to enable OOPS/GPC. We have configured the settings of our consent management platform to receive and process OOPS/GPC signals on our website, as explained in our cookie preference center on the site that you’re visiting. We process OOPS/GPC signals with respect to any sales and sharing of information with third parties that may occur via cookies or other Tracking Technologies, as discussed above and apply it to the specific browser on which you enable OOPS/GPC. We do not: (1) charge a fee for use of our service if you have enabled OOPS/GPC; (2) change your experience with any product or service if you use OOPS/GPC, although it may affect our ability to accurately track your activities for crediting your account with qualified rewards; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the OOPS/GPC, except for indicating whether we recognize the signal. 

Your device and/or browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services that you do not want them to track your online activities.  As of the Effective Date of this Notice, our online services do not support such “Do Not Track” requests. 

Right to Delete

Except to the extent we have retention rights under applicable law, you may request that we delete your information. Our retention rights include, without limitation:

  • To complete transactions and services that you have requested;
  • For security purposes;
  • For legitimate internal Business Purposes (e.g., maintaining business records);
  • To comply with law and to cooperate with law enforcement; and
  • To exercise or defend legal claims.

Also, if you elect to delete certain PMI Loyalty Program information, such as your loyalty account, you will lose certain PMI Loyalty Program benefits, which may include all the [PMI] points and rewards you have earned.

Correct Your Information

You may have the right to bring inaccuracies you find in the information that we maintain about you to our attention, and we will act upon such a report as required by applicable law.   

You can also make changes to your information in your online account in the account settings section of the account. That will not, however, necessarily change your information in other places where we may maintain it.  

To learn more about how we process your consumer privacy requests, please see the "find out more" section below.

Shine the Light

We provide California residents with the option to opt-out to sharing of “personal information,” as defined by California’s “Shine the Light” law, with third parties (other than with PMI affiliates) for such third parties own direct marketing purposes. California residents may exercise this opt-out, request information about our Shine the Light law compliance, and/or obtain a disclosure of third parties we have shared information with and the categories of information shared. California residents may make such a request, or inquire further about our compliance with this law, by using the address set forth in the Contact Us section above. You must put the statement “Shine the Light Request” in the body of your correspondence. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. This right is different than, and in addition to, CCPA rights, and must be requested separately. We are only required to respond to one request per person each year. We are not required to respond to requests made by means other than through the provided e-mail address or mailing address (requests by phone, fax, chats, social media, etc.). We are not responsible for requests that are incomplete or not labeled and sent properly. 

How We Process Your Consumer Privacy Requests

To submit a request to exercise your Consumer privacy rights, or to submit a request as an authorized agent, please email your request to the following address: contact.us@iqos.com, Attention: Privacy, and respond to any follow-up inquiries we make. In addition, you may call us at 1-844-275-4767. To submit a Do Not Sell/Share/Targeting Request for cookie-related Personal Information or the right to limit Sensitive Personal Information processing, please visit our cookie preference center on the site that you’re visiting.  Please be aware that we do not accept or process requests through other means (via phone, fax, chats, social media, etc.).        

Your Request Must be a Verifiable Consumer Request

As permitted or required by applicable U.S. state privacy laws, any request you submit to us must be a Verifiable Consumer Request, meaning that when you make a request, we may ask you to provide verifying information, such as your name, e-mail, phone number and/or account information. We will review the information provided and may request additional information (e.g., transaction history) to ensure we are interacting with the correct individual.

If we are unable to verify you sufficiently, we will be unable to honor your request. We will use information provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

Agent Requests

Authorized agents may be able to exercise rights on behalf of consumers. Authorized agents must contact us by submitting a request through the method described in the paragraph above (“How we process your consumer privacy requests?”) and indicate they are submitting the request as an agent. We will require the agent to demonstrate authority to act on your behalf by providing, for example, evidence of the agent’s identity, proof of registration with the applicable state authority (if the agent is a business), and at least one of the following evidencing proof of the agent’s legal authority to act on your  behalf: (i) presenting a power of attorney granted under the probate code that we can reasonably verify; or (ii) signed permission by you.  

We may also require you to verify your own identity directly with us and confirm to us that you provided the authorized agent permission to submit the request.  

Appeals (Colorado, Connecticut, and Virginia residents only)

If you are a resident of Colorado, Connecticut, or Virginia, you may have the right to appeal PMI’s decision regarding a request by contacting our Customer Care team at 1-844-275-4767 or by emailing us at contact.us@iqos.com with the following subject line: "DSR Appeals Request".

Our Responses 

Non-Discrimination/Non-Retaliation 

We will not discriminate or retaliate against you in a manner prohibited by applicable U.S. state privacy laws for your exercise of your privacy rights. We may charge a different price or rate, or offer a different level or quality of goods or service, to the extent that doing so is reasonably related to the value of the applicable data. 

Our Rights and the Rights of Others

Notwithstanding anything to the contrary, we may collect, use and disclose your information as required or permitted by applicable law and this may limit or affect your rights under U.S. state privacy laws. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s rights or conflict with applicable law.

Links to Third Party Sites

Our services may contain links or plugins to other websites.  Other websites may also reference or link to our services. These other web sites that are not of PMI affiliates are not controlled by PMI. When you click third-party links to such other sites and services (including by means of clicking on hyperlinks, logos, widgets, banners or advertisements), you become subject to their terms of use and privacy policies.  We encourage our users to be aware when they leave our services to read the privacy policies of each and every website that collects personally identifiable information.  We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or mobile applications. 

Additional Notice to California Residents

This part of the Notice applies to consumers who reside in the state of California. 

For California residents, the term “Consumer” refers to both individuals as well as households and is not limited to individuals regarding household goods and services and provides protections in a business-to-business context (e.g., as a service provider or customer, or an employee of a service provider or customer).

Personal Information We Collect and for What Purposes

For a description of the Personal Information we collect, the purposes for which we use this information, and the recipients of this information (including in the last twelve (12) months), see “For what purposes do we use information about you?” of this Notice.  

Notice of Financial Incentive

For a description of how we use Personal Information as part of our loyalty programs and the financial incentives we may offer for collection and processing of your Personal Information, see “For what purposes do we use information about you?” of this Notice.

iii.    Your California Privacy Rights

Under California law, if you are a California consumer, you have rights regarding your Personal Information, including:

  • The Right to Know what personal information we have collected, including the categories of Personal Information, the categories of sources from which this information is collected, the purposes for collecting, selling, or sharing this information, and the categories of third parties to whom we disclose this personal information.  You also have the right to know the specific pieces of Personal Information we have collected.
  • The Right to Delete Personal Information that we have collected, subject to certain exceptions.
  • The Right to Correct inaccurate Personal Information we maintain.
  • The Right to Opt-out of the sale or sharing of Personal Information we collect.
  • The Right to Limit the use of sensitive personal information we collect for certain purposes.
  • The Right to Non-Discriminatory Treatment if you exercise your privacy rights (although we may charge a different price or rate, or offer a different level or quality of goods or service, to the extent that doing so is reasonably related to the value of the applicable Personal Information). 

For more information on these rights, see “What rights and options do you have?” of this Notice for more information.

You may exercise your rights by following the instructions under Find out more in our “What rights and options do you have?” section.  You can also use our “What rights and options do you have?” of this Notice for more information, including a description of how we verify requests, how opt-out preference signals are processed, and how authorized agents can make a request on your behalf.

We do not knowingly sell or share the information of California residents under the age of sixteen (16)[, unless we receive affirmative opt-in authorization from (i) the under-16 California resident if he or she is at least 13 years of age, or (ii) the parent or guardian of the California resident if he or she is less than 13 years of age]. If you think we may have Sold or Shared Personal Information of a California resident under 16 years of age[ without the appropriate affirmative opt-in authorization], please report that to us as described in the Contact Us section above. 

If you have questions, see “Who should you contact with questions?” of this Notice for contact information. 

  

Who should you contact with questions?

If you have any questions, or wish to exercise any of your rights, you can find contact details here.

If your state has a data protection authority, you have the right to contact it with any questions or concerns. 

Changes to this notice

We may update this notice (and any supplemental privacy notice), from time to time. Where the law requires it, we will notify you of the changes; further, where the law requires it, we will also obtain your consent to the changes.

Last reviewed: June 25, 2024. 

Last updated/Effective Date: June 25, 2024.