Who are we?

We are Triaga Inc., a Delaware corporation with our registered address at 1900 Stantonsburg Road, Wilson, NC 27893.

The best way to contact us is by using our IQOS Customer Care online chat tool on our Website. You can also contact us by telephoning our Customer Care team at 1-844-275-4767 or by emailing us at contact.us@iqos.com; and

We are affiliate members of Philip Morris International, a collective group of businesses. All affiliate members of the group are listed here

  • Philip Morris International or PMI means Philip Morris International, a leading international tobacco group incorporated in US and headquartered in Switzerland. It is made up of a number of companies or “affiliates”.
  • PMI affiliates” means a member of the Philip Morris International group of companies. “We” (or “us” or “our”) refers to the PMI affiliate that first collected information about you.
  • PMI products or services” means consumer products or services of ours or of another PMI affiliate.

How do we collect information about you?

We may collect Personal Information about you in various ways.

  • You may provide us with Personal Information directly (e.g. filling in a form, making a call to us, or uploading information to us via a mobile app).
  • We may collect Personal Information from a PMI electronic device, if you choose to send Personal Information to us.
  • We may collect Personal Information automatically when you interact with our systems or we communicate with you (e.g. when you use a PMI app, chatbot or website or, where we use technologies to observe when you receive or open e-mails or receive SMS messages).
  • We may also acquire Personal Information from third parties (e.g. publicly-available Personal Information on social media platforms such as Facebook and X, or statistical information about the population in certain geographical areas). For example, we may infer information about you from aggregated information we acquire from third parties. This may include, for example, statistical information about people in certain geographical areas.

In this notice, we refer to all the methods by which you are in contact with us as “PMI touchpoints”. PMI touchpoints include both physical (for example, via retail outlets and events, consumer contact centres), and digital (for example, via apps and websites).

We may collect Personal information that you provide directly. Typically, this will happen when you:

  • sign up to be a member of our databases (including loyalty programs), which will include performing age verification (this could be, for example, in person, via an app, or online);
  • request information about our products, which may include age recognition (this could be computer analysis of your face via app or online);
  • purchase PMI products or services at a retail outlet;
  • download, or use, a PMI digital touchpoint (e.g. an app or a website);
  • contact us through a PMI touchpoint or by social media;
  • register a device with us;
  • subscribe to a PMI panel portal;
  • register to receive PMI press releases, e-mail alerts, or marketing communications;
  • participate in PMI surveys or PMI competitions or promotions; or
  • attend an event that a PMI affiliate has organized.

We may collect Personal information from an electronic device, if you choose to send the information to us. This may be shared with us through a direct connection to the internet, or via one of our apps that you may download.

We may collect Personal information about you automatically. Typically, this will happen when you:

  • visit an outlet that sells PMI products (for example, by collecting your data at check-out, or through sensors at the outlet that connect with mobile technology);
  • attend an event that a PMI affiliate has organized (for example, through purchases at the event or through sensors at the event that connect with mobile technology);
  • communicate with us (for example, through a PMI touchpoint, or social media platforms);
  • use PMI touchpoints (for example, through tracking mechanisms (such as cookies and web beacons/pixels), where we use them, that you receive when you use the PMI touchpoint or get an e-mail or SMS message from us);
  • use third party websites (for example, using technology similar to that described in the bullet above, that you receive when you visit a PMI touchpoint or get an e-mail from us); or
  • make public posts on social media platforms that we follow (for example, so that we can understand public opinion, or respond to requests concerning PMI products).

We may collect Personal Information about you automatically through the use of cookies and similar tracking technologies (such as web beacons/pixels) that you receive when you visit digital PMI touchpoints or get an electronic message from us. The specific cookies and other mechanisms used will depend on the touchpoint in question. To learn about these mechanisms used on a PMI touchpoint, including how you can accept or refuse cookies, please see the information made available on or through that touchpoint. These mechanisms may include Google analytics cookies (see www.google.com/policies/privacy/partners/.)

We use certain third-party analytics and/or other technology providers to help us understand how you use PMI products and services, and these companies may set their own cookies and other tracking technologies (collectively “Tracking Technologies”) on your devices. For example, we may use third-party services to record and review your interactions with our websites, including mouse movements, clicks, page visits, keystrokes/key touches, and other details, including any Personal Information that you provide.  These “session replay” services help us organize and analyze your interaction data for purposes, including to improve and prevent fraud related to our websites and services. By using any of our websites and services, you expressly consent to the recording and sharing of your Personal Information and other data with third-party “session replay” services and other analytics providers.

We may also use Google Analytics and similar third-party analytics providers to track visitors’ activity on our website. These analytics providers may also use web browsing data and other data analysis to improve their own products. For more information on how to limit this activity, including the ability to opt out of these analytics, visit “What rights and options do you have?

We may acquire Personal Information about you from third parties. This may include information shared between PMI affiliates, publicly available profile information (such as your preferences and interests) on third party social media sites (such as Facebook and Twitter), marketing lists and supplementary information acquired from third party agencies.

We may also infer information about you from information that we already have. For example, we may use aggregated information about people in certain geographical areas, that we acquire from third parties, to infer your preferences.

What information about you do we collect?

The description of our data practices in this Notice covers the twelve (12) months prior to the date noted at the bottom of this page (the “Effective Date”).

We may collect various types of information about you:

  • information about your orders, including information necessary to fulfil them
  • information necessary to provide warranty services
  • information about the referrals you make
  • information you give us in forms or surveys, and similar information that you give to third parties to be transferred to us
  • information about your location, where you choose to share it with us (for example, on your mobile phone)
  • information about your visits to our outlets or events (or outlets or events of others with whom we work)
  • information you give us in communications (e.g. calls, chats, e-mails, SMS messages) you have with contact centers
  • information about your preferences and interests (including information that we infer from other information, for example from statistical information)
  • information necessary to verify your age
  • information generated by your electronic device (for example, IQOS), if you choose to share it with us
  • information about your experiences using our products and services
  • statistical information about you (for example, statistical information about people in certain geographical areas)

We may receive or collect your Personal Information directly from you or from your devices, from third parties, or from other individuals and businesses, as well as public sources of data.    

Generally, we process your Personal Information to provide you our products and services and as otherwise related to the operation of our business, including for one or more of the following "Business Purposes":   

  • selling our products and services to you;  
  • managing our interactions and transactions with you;
  • marketing our products and tailoring our offering to you based on your preferences and purchase history;   
  • fraud prevention and security;    
  • maintaining products that you have purchased and debugging;
  • performing market research;   
  • Quality Assurance (see more detail below);   
  • Processing Interactions and Transactions (see more detail below); and notice  
  • performing research and development to improve our products.   

 

 

Deidentified and Aggregated Information: As permitted by applicable law, we do not treat deidentified data or aggregate consumer information as Personal Information and we reserve the right to use and disclose deidentified or aggregate consumer information for any commercially reasonable purpose. We have no obligation to re-identify information or keep it longer than we need it to respond to your requests. We also publicly commit to maintaining, using, and otherwise processing any deidentified or aggregate consumer information in a deidentified or aggregated manner and will not attempt to, directly or indirectly, re-identify or disaggregate this information. Data exempt from U.S. privacy laws are not included in this notice.

Other Uses: In some instances, we may use information about you in ways that are not described above. Where this is the case, we will provide a supplemental privacy notice that explains such use. You should read any supplemental notice in conjunction with this notice.

 

 

Who do we disclose your Personal Information to, and for what purposes?

We may disclose information about you with:

  • PMI affiliates;
  • third parties who provide PMI affiliates or you with products or services ("Service Providers");
  • PMI affiliates’ carefully selected business partners and advertisers (in areas connected with our products, or consistent with their style and image) so that they can contact you with offers that they think may interest you, in accordance with your preferences ("Business Partners");
  • ("Cookie operators");
  • ("Licensees"); and
  • other third parties, where required or permitted by law.

We disclose information about you with others only in accordance with applicable laws. Thus, where law requires your consent, we will first ask for it.

Data obtained through the short-code program will not be shared with third parties for their own independent marketing or promotional purposes.

PMI Affiliates:

  • Information about you will be disclosed to Philip Morris Products S.A. (based in Neuchâtel, Switzerland), which is the place of central administration of Personal Information  processing for PMI affiliates. Philip Morris Products S.A. processes the information about you for all the purposes described in this notice.
  • Information about you may be disclosed to any other PMI affiliate that you contact (for example, if you travel and you want to know where to buy PMI products in a new country, or where to find service or support for PMI products) in order to enhance our service to you.
  • Information about you may be disclosed to any other PMI affiliate to market other products or services 
  • Details of PMI affiliates and the countries in which they are established are available via our website.

Service Providers: We may disclose Personal Information about you with third parties who provide PMI affiliates or you with products or services (such as advisers, payment service providers, delivery providers, retailers, product coaches, information services providers and age verification providers).

Business Partners: We may disclose Personal Information about you with PMI affiliates’ carefully selected third party business partners and advertisers (in line with the kind of thing you might associate with our products, for example because they have similar or complementary image, style, or functionality) so that they can contact you with products, services and promotions that they think may interest you, in accordance with your preferences.

Compliance, Legal Claims, or with Government Agencies: We may disclose information about you with other third parties, where required or permitted by law, for example: regulatory authorities; government departments; in response to a request from law enforcement authorities or other government officials; when we consider disclosure to be necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.

In Connection with a Change of Control: We may transfer or disclose your Personal Information in connection with, or during negotiations concerning, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company or other business transaction.

After Notice to you, or with your Direction or Consent: We may disclose your Personal Information with your direction or consent, or after providing appropriate notice to you.  As an example, if you click on social sharing features on our services (such as a “Like” button), you are directing information about you to be shared with a social media platform,

Other Commercial Purposes: We may also use and disclose your Personal Information under this Notice for other commercial purposes, which may be considered a “sale” or “share” under certain U.S. state privacy laws, including to Cookie operators and Licensees. Please see Table 2: Personal Information Collection and Disclosure, in “For what purposes do we use information about you?” for more details on when we “sale” or “share” your information. 

Where might information about you be sent?

As with any multinational organization, we transfer information globally to our affiliates and service providers.  Your Personal Information may therefore be transferred to other countries as part of our standard operations.  Whenever we transfer your Personal Information abroad, we will protect it appropriately and only transfer information in compliance with applicable data privacy laws.

 

 

How do we protect information about you?

We implement appropriate technical and organizational measures to protect personal information that we hold. Where appropriate, we use encryption and other technologies that can assist in securing the information you provide. We also require our service providers that process your Personal Information to comply with appropriate data privacy and security requirements as required by applicable law. But note, given the inherently open nature of the Internet, PMI cannot guarantee that information transmitted between you and us will always remain secure. We may also require you to assist us to safeguard your Personal Information. For instance, if you create an account with us, you should use unique and strong passwords, not share your passwords with others, and take any other measures we may require under the terms of use applicable to the PMI products or services you use. 

How long will information about you be kept?

We will retain Personal Information about you for the period necessary to fulfill the purposes for which the Personal Information was collected in accordance with our internal data retention standards. If there are multiple purposes for which Personal Information was collected, we will retain it for the longer period. After that, subject to the legal obligations discussed in the next paragraph, we will delete it.

Typically, we retain data based on the criteria described in the table in the "find out more" section below. Where these periods conflict with legal obligations, for example, for tax and accounting purposes, to either retain the information for a set minimum period of time, or to delete it after a set maximum period of time, we apply the periods required for those legal obligations instead.

Typically, we retain data based on the criteria described in the table below:

Purpose of collection

Explanation/typical retention criteria

Marketing to you (including marketing communications) (if you use digital touchpoints and are contactable)

Most of the information in your marketing profile is kept for the duration of our marketing relationship with you; for example, while you continue to use digital touchpoints, or respond to our communications. However, some elements of your marketing profile, such as records of how we interact with you, naturally go out of date after a period of time, so we delete them automatically after defined periods (typically 3 years) as appropriate for the purpose for which we collected them.

Marketing to you (including marketing communications) (if you are no longer in contact with us)

This scenario is the same as the above, but if we don’t have any contact with you for a long period (typically 2 years), we will stop sending you marketing communications and delete your history of responses to them. This will happen, for example, if you never click through to an invitation to an event, log on to a digital touchpoint, or contact customer care, during that time. The reason is that in these circumstances, we assume you would prefer not to receive the communications.

Marketing to you (including marketing communications) (if you are not contactable)

If you have registered to receive marketing communications, but the information you give us to contact you doesn’t work, we will retain your details for a period of typically only 1 year to allow you to return and correct it.

Marketing to you (including marketing communications) (incomplete registrations)

If you commence registering yourself in a database, but do not complete the process (for example, if you don’t complete the age verification process, or you don’t accept the touchpoint’s terms of use), we will retain your details (to allow you to return and complete the process) for up to 30 days, depending on the type of information missing.

Market research

If you are not registered with us for other purposes (e.g. marketing communications, warranty, customer care), and we use publicly available information about you in order to understand the market or your preferences, we will retain the information about you for a short period in order to perform the particular item of market research.

If we collect information about you in other market research contexts, we will retain that information:

  • for the purposes of the individual item of market research for the period reasonably required (typically no longer than 1 year); and
  • for the purposes of demonstrating fair practices for so long as we need to be able to demonstrate that, and we will regularly review whether that purpose has been achieved to determine whether the retention is still required.

Purchases, loyalty transactions and warranty

If you purchase goods or perform a loyalty transaction, we will retain details of this for so long as required to complete the sale, and to comply with any legal obligations (for example, for tax and accounting record-keeping purposes and fraud-prevention purposes). If you also register for a warranty for a device, we will retain details of this for so long as relevant to the warranty.

Customer care

If you contact customer care, we will make a record of the matter (including details of your enquiry and our response) and retain it while it remains relevant to our relationship, for example if you need us to replace a device under warranty, or if your recent enquiries are relevant. Temporary records (for example, an automated recording of a telephone call in which you ask us to direct you to a retail outlet) may be relevant only until more permanent records are made and will be retained only temporarily.

System audit and fraud prevention

System audit logs are retained typically for a period of up to 6 months for system recovery and for up to 10 years for fraud prevention.

Business analytics

We keep most business analytics data for the duration of our marketing relationship with you as described in the first line of this table above. However, some elements of it, such as some device information (if you choose to share it with us), naturally go out of date after a period of time, so we delete them automatically after defined periods as appropriate for the purpose for which we collected them.

Device data

We keep data collected from your device (should you choose to share it with us) for various periods, according to the purposes for which we use it:

  • product improvement: 5 years (or earlier if you delete your marketing profile)
  • business analytics: 5 years (or earlier if you delete your marketing profile)
  • device diagnostics and upgrades: deleted immediately after providing the service
  • demonstrating fair treatment of a consumer: 10 years

Age verification

The details you submitted for us to verify your age are deleted once we have completed the process of verification. We operate several processes for doing this and the retention period varies according to the process that is followed, from a few minutes to six months. We also keep some details separately, for fraud prevention purposes – see above.

Age recognition using computer analysis (this may be used if you request information about our products)

Your image is deleted promptly following the analysis (the analysis takes only a few seconds).

What rights and options do you have?

We provide you with the privacy rights described in this section pursuant to requirements of the applicable state law in which you reside, provided any such request meets the requirements for a Verifiable Consumer Request (defined below).

California residents may have additional rights.  For more information, see Section ("Additional Notice for California Residents").

 The consumer rights we accommodate are as follows:  

Right to Limit Sensitive Personal Information Processing

You may have the right to request that we limit our processing of sensitive personal information (please see below for instructions on how to do so).  However, we may continue processing such personal information for the following processing purposes or any other permitted purposes under such U.S. state privacy laws:  

  • To perform our services at your request or at your direction;  
  • To prevent, detect, and investigate security incidents, fraudulent activity, illegal actions, etc.;  
  • For short term transient use, including, but not limited to, non-personalized advertising as part of your interaction with our products and services; and  
  • To maintain or service accounts, provide customer service, process or fulfill offers, orders and transactions, verify customer information, process payments, or provide similar services.  

Right to Know/Access

You may have the right to know and confirm that we are processing your personal information.  You may also have the right to access what personal information we have collected about you.  To the extent feasible, you may request for us to also provide a copy of your Personal Information that you previously provided in readily usable format to permit you to transfer your data to another entity. In accordance with applicable law, we may limit the number of these requests we process. 

Residents of California, Colorado, and Virginia are entitled to access information maintained by us up to twice in a 12-month period.  Residents of Connecticut and Utah are entitled to access information maintained by us once in a 12-month period, with subsequent requests subject to a service fee.   

You may request to confirm if we are processing your information and, if we are, to obtain a transportable copy of your information that we have collected and are maintaining, as required by applicable U.S. state privacy laws.  If you wish to receive specific pieces of your information, we will attempt to honor such requests where reasonably possible.  

Do Not Sell/ Share/Target for Advertising

Various U.S. state privacy laws have broad and differing concepts of “selling” information for which an opt-out is required, with some states including information transfers for non-monetary consideration and other states only including information transfers for monetary consideration. California also has an opt-out from “sharing” for cross-context behavioral advertising purposes (use of information from different businesses or services to target advertisements across websites or apps). Other states have an opt-out of “Targeted Advertising” (defined differently, but also addressing tracking, profiling, and targeting of advertisements).

We may sell or share your information and/or use your information for targeted advertising, as these terms apply under U.S. state privacy laws. However, you may have the right to opt out of such disclosures.

We will not sell your information, share your information for cross-context behavioral advertising, or process your information for targeted advertising if you make a Do Not Sell/Share/Target opt-out request as follows:   

Opt-out for non-cookie information: If you want to limit our processing of your non-cookie information (e.g., your email address or web browsing activity) for Targeted Advertising, or opt-out of the Sale/Sharing of such information, you may make an opt-out request using the method described in “Find out more” under this section. 

Opt-out for cookie information: If you want to limit our processing of your cookie-related informationfor Targeted Advertising, or opt-out of the Sale/Sharing of such information, you may exercise an opt-out request by accessing our cookie preference center on the site that you’re visiting. This cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device. Since your browser opt-out is designated by a cookie, if you clear or block cookies on your device, your preferences may no longer be effective, and you will need to enable them again via our cookie management tool.  

Opt-out preference signals ("OOPS", as they are known in California; also known as global privacy control or "GPC"): Some U.S. state privacy laws require businesses to process OOPS or GPC signals, which are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual's choice to opt-out of the Sale and Sharing of information. To use an OOPS/GPC, you can download a compatible internet browser or a plugin for your current internet browser and follow the settings to enable OOPS/GPC. We have configured the settings of our consent management platform to receive and process OOPS/GPC signals on our website, as explained in our cookie preference center on the site that you’re visiting. We process OOPS/GPC signals with respect to any sales and sharing of information with third parties that may occur via cookies or other Tracking Technologies, as discussed above and apply it to the specific browser on which you enable OOPS/GPC. We do not: (1) charge a fee for use of our service if you have enabled OOPS/GPC; (2) change your experience with any product or service if you use OOPS/GPC, although it may affect our ability to accurately track your activities for crediting your account with qualified rewards; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the OOPS/GPC, except for indicating whether we recognize the signal. 

Your device and/or browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services that you do not want them to track your online activities.  As of the Effective Date of this Notice, our online services do not support such “Do Not Track” requests. 

Right to Delete

Except to the extent we have retention rights under applicable law, you may request that we delete your information. Our retention rights include, without limitation:

  • To complete transactions and services that you have requested;
  • For security purposes;
  • For legitimate internal Business Purposes (e.g., maintaining business records);
  • To comply with law and to cooperate with law enforcement; and
  • To exercise or defend legal claims.

Also, if you elect to delete certain PMI Loyalty Program information, such as your loyalty account, you will lose certain PMI Loyalty Program benefits, which may include all the [PMI] points and rewards you have earned.

Correct Your Information

You may have the right to bring inaccuracies you find in the information that we maintain about you to our attention, and we will act upon such a report as required by applicable law.   

You can also make changes to your information in your online account in the account settings section of the account. That will not, however, necessarily change your information in other places where we may maintain it.  

To learn more about how we process your consumer privacy requests, please see the "find out more" section below.

Shine the Light

We provide California residents with the option to opt-out to sharing of “personal information,” as defined by California’s “Shine the Light” law, with third parties (other than with PMI affiliates) for such third parties own direct marketing purposes. California residents may exercise this opt-out, request information about our Shine the Light law compliance, and/or obtain a disclosure of third parties we have shared information with and the categories of information shared. California residents may make such a request, or inquire further about our compliance with this law, by using the address set forth in the Contact Us section above. You must put the statement “Shine the Light Request” in the body of your correspondence. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. This right is different than, and in addition to, CCPA rights, and must be requested separately. We are only required to respond to one request per person each year. We are not required to respond to requests made by means other than through the provided e-mail address or mailing address (requests by phone, fax, chats, social media, etc.). We are not responsible for requests that are incomplete or not labeled and sent properly. 

How We Process Your Consumer Privacy Requests

To submit a request to exercise your Consumer privacy rights, or to submit a request as an authorized agent, please email your request to the following address: contact.us@iqos.com, Attention: Privacy, and respond to any follow-up inquiries we make. In addition, you may call us at 1-844-275-4767. To submit a Do Not Sell/Share/Targeting Request for cookie-related Personal Information or the right to limit Sensitive Personal Information processing, please visit our cookie preference center on the site that you’re visiting.  Please be aware that we do not accept or process requests through other means (via phone, fax, chats, social media, etc.).        

Your Request Must be a Verifiable Consumer Request

As permitted or required by applicable U.S. state privacy laws, any request you submit to us must be a Verifiable Consumer Request, meaning that when you make a request, we may ask you to provide verifying information, such as your name, e-mail, phone number and/or account information. We will review the information provided and may request additional information (e.g., transaction history) to ensure we are interacting with the correct individual.

If we are unable to verify you sufficiently, we will be unable to honor your request. We will use information provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

Agent Requests

Authorized agents may be able to exercise rights on behalf of consumers. Authorized agents must contact us by submitting a request through the method described in the paragraph above (“How we process your consumer privacy requests?”) and indicate they are submitting the request as an agent. We will require the agent to demonstrate authority to act on your behalf by providing, for example, evidence of the agent’s identity, proof of registration with the applicable state authority (if the agent is a business), and at least one of the following evidencing proof of the agent’s legal authority to act on your  behalf: (i) presenting a power of attorney granted under the probate code that we can reasonably verify; or (ii) signed permission by you.  

We may also require you to verify your own identity directly with us and confirm to us that you provided the authorized agent permission to submit the request.  

Appeals (Colorado, Connecticut, and Virginia residents only)

If you are a resident of Colorado, Connecticut, or Virginia, you may have the right to appeal PMI’s decision regarding a request by contacting our Customer Care team at 1-844-275-4767 or by emailing us at contact.us@iqos.com with the following subject line: "DSR Appeals Request".

Our Responses 

Non-Discrimination/Non-Retaliation 

We will not discriminate or retaliate against you in a manner prohibited by applicable U.S. state privacy laws for your exercise of your privacy rights. We may charge a different price or rate, or offer a different level or quality of goods or service, to the extent that doing so is reasonably related to the value of the applicable data. 

Our Rights and the Rights of Others

Notwithstanding anything to the contrary, we may collect, use and disclose your information as required or permitted by applicable law and this may limit or affect your rights under U.S. state privacy laws. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s rights or conflict with applicable law.

Links to Third Party Sites

Our services may contain links or plugins to other websites.  Other websites may also reference or link to our services. These other web sites that are not of PMI affiliates are not controlled by PMI. When you click third-party links to such other sites and services (including by means of clicking on hyperlinks, logos, widgets, banners or advertisements), you become subject to their terms of use and privacy policies.  We encourage our users to be aware when they leave our services to read the privacy policies of each and every website that collects personally identifiable information.  We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or mobile applications. 

Additional Notice to California Residents

This part of the Notice applies to consumers who reside in the state of California. 

For California residents, the term “Consumer” refers to both individuals as well as households and is not limited to individuals regarding household goods and services and provides protections in a business-to-business context (e.g., as a service provider or customer, or an employee of a service provider or customer).

Personal Information We Collect and for What Purposes

For a description of the Personal Information we collect, the purposes for which we use this information, and the recipients of this information (including in the last twelve (12) months), see “For what purposes do we use information about you?” of this Notice.  

Notice of Financial Incentive

For a description of how we use Personal Information as part of our loyalty programs and the financial incentives we may offer for collection and processing of your Personal Information, see “For what purposes do we use information about you?” of this Notice.

iii.    Your California Privacy Rights

Under California law, if you are a California consumer, you have rights regarding your Personal Information, including:

  • The Right to Know what personal information we have collected, including the categories of Personal Information, the categories of sources from which this information is collected, the purposes for collecting, selling, or sharing this information, and the categories of third parties to whom we disclose this personal information.  You also have the right to know the specific pieces of Personal Information we have collected.
  • The Right to Delete Personal Information that we have collected, subject to certain exceptions.
  • The Right to Correct inaccurate Personal Information we maintain.
  • The Right to Opt-out of the sale or sharing of Personal Information we collect.
  • The Right to Limit the use of sensitive personal information we collect for certain purposes.
  • The Right to Non-Discriminatory Treatment if you exercise your privacy rights (although we may charge a different price or rate, or offer a different level or quality of goods or service, to the extent that doing so is reasonably related to the value of the applicable Personal Information). 

For more information on these rights, see “What rights and options do you have?” of this Notice for more information.

You may exercise your rights by following the instructions under Find out more in our “What rights and options do you have?” section.  You can also use our “What rights and options do you have?” of this Notice for more information, including a description of how we verify requests, how opt-out preference signals are processed, and how authorized agents can make a request on your behalf.

We do not knowingly sell or share the information of California residents under the age of sixteen (16)[, unless we receive affirmative opt-in authorization from (i) the under-16 California resident if he or she is at least 13 years of age, or (ii) the parent or guardian of the California resident if he or she is less than 13 years of age]. If you think we may have Sold or Shared Personal Information of a California resident under 16 years of age[ without the appropriate affirmative opt-in authorization], please report that to us as described in the Contact Us section above. 

If you have questions, see “Who should you contact with questions?” of this Notice for contact information. 

  

Who should you contact with questions?

If you have any questions, or wish to exercise any of your rights, you can find contact details here.

If your state has a data protection authority, you have the right to contact it with any questions or concerns. 

Changes to this notice

We may update this notice (and any supplemental privacy notice), from time to time. Where the law requires it, we will notify you of the changes; further, where the law requires it, we will also obtain your consent to the changes.

Last reviewed: June 25, 2024. 

Last updated/Effective Date: June 25, 2024.