Effective Date: December 19, 2022
This processing of your information is performed by The United States Playing Card Company as data controller at 300 Gap Way, Erlanger, KY 41018, U.S.A.
THE INFORMATION WE COLLECT
We obtain information about you through the means discussed below when we provide the Services.
- INFORMATION YOU PROVIDE TO US
We collect information that you provide directly to us. For example, we collect information from you through:
- Your registration on and use of our Services;
- Your purchases;
- Requests or questions you submit to us via online forms, email, or otherwise;
- When you sign up for our newsletter or to receive other information, including promotions;
- Participation in surveys or contests.
Information about you. The types of data we collect directly from you include:
- Contact, registration, and eligibility information such as your full name, email address,
login information (password and username or email), address, phone number, online screen name, and date of birth;
- Transactional information such as order details, billing address, shipping address, and payment information, including payment card, payment services like PayPal or cryptocurrency wallet information (Please note, payment information is processed by third party payment processors);
- Inquiries and Feedback including comments and questions you submit through customer service interactions with us (via email, phone, or online chat) or through surveys;
- User Generated Content: certain parts of the Services may enable you to post comments, photos or other content, that, depending on where you post them, may be publicly viewable.
- Any other information you directly provide to us in connection with your use of the Services.
- INFORMATION WE COLLECT THROUGH AUTOMATED MEANS
- Device information and related identifiers: including your IP address, browser type, browser language, operating system, device identifiers, operating system, the state or country from which you accessed the Services, and software and hardware attributes. From your IP address, we may be able to infer your general location (e.g., city/state or postal code).
- Usage Information: including referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, error logs, language preferences, and other similar information.
- Location Information: When you use the Services, we and our service providers collect general location information from your computer or mobile device. “General” location information means information about the city and state in which your device is located based on its IP address. We may also obtain general location when you input your zip code or use location features on the Services, such as to find nearby merchants. This information allows us to give you access to content that varies based on your general location. If we collect precise GPS location information through your device, we will ask your permission first. You can disable sharing precise geolocation information in your device settings.
Please note certain information, such as precise geolocation information or biometric, is considered “sensitive” under certain laws, and this information is collected in accordance with applicable legal requirements.
Information We Collect from Social Media Platforms or Single Sign On Services
If you log in using social media credentials or single sign on (such as Google or Facebook), depending on your settings, we may receive certain information to enable such sign on, such as an authentication token or your username or email. If you interact with us through a social media service (such as when you like or follow us or comment on our pages), we may have access to your information from that social network depending on your settings such as your name, social network ID, photo, current city, your comments about our Services, and the people/sites you follow.
Information We Collect from other sources
We may also collect personal data about you from other sources. This collection is made only to the extent permitted by applicable law and includes the following data in particular:
- Data from public sources (e.g. demographic data).
- Business partners, marketers, consumer data resellers, researchers and analysts that provide us with demographic data and statistical information about users in certain jurisdictions.
- Fraud prevention and detection vendors that provide us with personal data from available sources – such as social media networks – for identity verification: e.g. name, surname, age, gender, email and home address, cookies, social networking data, internet user-generated data and IP address.
We may combine, compile or connect the personal data we collect from you, through automated means, from social media and/or from the above-mentioned other sources. Where personal data is disclosed to us by third parties, we take steps to ensure that these third parties are legally permitted to disclose your personal data to us.
HOW WE USE YOUR INFORMATION
We use your information for various purposes and with certain legal bases (under applicable law) depending on the types of information we have collected from and about you, including:
To fulfill our agreement with you to:
- Provide our Services, including when you register for such Services;
- Contact you about the Services, including for important policy changes and updates about your purchases. Where local law requires, we will obtain your consent before sending marketing or other communications;
- Respond to your requests related to your transactions.
For our legitimate business interests to:
- Secure our Services, prevent misuse, and resolve technical issues;
- Respond to your requests for information and provide you with more effective and efficient customer service, including through our interactive chat functions.
- In accordance with applicable legal requirements, contact you regarding the Services, as well as surveys, promotions, special events, and other subjects that we think may be of interest to you;
- Better understand your interests and improve our Services;
- Conduct internal business operations in support of our Services, such as auditing, preventing /fighting against fraud, invoicing and accounting, sales and marketing, analytics, and research and development;
- Establish, exercise, or defend our legal rights.
To comply with our legal obligations, including to:
- Comply with any procedures, laws, and regulations which apply to us;
- To conduct identity verification through our identity verification service provider;
- Retain and use your information in connection with potential legal claims when necessary and for compliance, regulatory, and auditing purposes.
With your consent to:
- Enable you to participate in surveys and contests;
- Send you marketing and other commercial communications and use non-strictly necessary cookies as detailed in the section on cookies and similar technologies below, where local law requires such consent (please note these requirements vary by jurisdiction and not all jurisdictions require consent for such uses).
We may also collect and use personal information in connection with your consent in other circumstances. You can revoke your consent at any time, though you might not be able to use a service or feature that requires collection or use of that personal information.
Aggregate/Anonymized Information. We may use aggregate and/or de-identified information that can no longer be linked to you or your device (“Aggregate/Anonymized Information”) for any purpose, including without limitation for research and marketing purposes, and we may also share such data with any third parties, including advertisers, partners, and sponsors.
Automated fraud detection: For certain services, we may implement the use of automated fraud detection with the aim of detecting and blocking fraudulent account creation and transactions. These automatic checks are made by our fraud prevention and detection suppliers and based upon available sources such as social media networks. This data may be compiled and fraud prevention and detection vendors may perform automated analysis using algorithms to assign a certain risk score to each transaction taking into account its characteristics. Depending on its score, a transaction may be automatically rejected. EU and UK residents can learn about choices related to this automated fraud detection in “Additional Information for UK and EEA Residents.”
COOKIES AND SIMILAR TECHNOLOGIES
In operating the Services, we may use a technology called “cookies.” A cookie is a piece of information that the computer that hosts our Services stores to your browser when you access the Services. We use various types of cookies and similar technologies, including pixels, gifs, web beacons, and other tracking technologies, and first and third-party cookies. Cookies can be persistent by remaining on your computer until you delete them or be based on your browsing session where they delete once you close your browser.
Our Services use the following types of first-party and third-party Cookies:
- Essential cookies
Essential cookies are necessary for purely technical reasons in order to use our Services. Given the technical necessity, only an information obligation applies, and these cookies are placed as soon as you access our Services (contrary to the optional cookies, for which your consent is required). You may nevertheless disable essential cookies by changing your browser settings, but this may affect the functionality of our Services.
- Optional cookies
- Targeting Cookies
These cookies are placed by our advertising partners. If you accept their placement, they may be used by our advertising partners to build a profile of your interests and show you relevant ads on other sites. They are based on uniquely identifying your browser and internet device. By not allowing these cookies, you experience less targeted advertising.
- Social Media Cookies
These cookies are set by a range of social media services that we have added to our Services to enable users to share our content with their friends and networks. Once accepted, they are capable of tracking your browser across other sites and building up a profile of your interests. This would then possibly impact the content and messages you would see on other sites you visit. By not allowing these cookies, you may not be able to use or see these sharing tools.
- Performance Cookies
Once accepted, these cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Services. They help us to know which Services are the most and least popular and see how individuals use and navigate our Services. By not allowing these cookies, you will prevent us from knowing when and how you have used our Services.
You may have the ability to accept or decline certain cookies on our Services depending on your jurisdiction. In addition, most browsers have settings that enable you to decline cookies if you prefer. Detailed instructions are provided by your browser. If you do not accept all cookies or withdraw your consent to certain cookies where you have been asked to and have provided consent, you may not be able to use the full functionalities of the Services. For more information on cookies and how they can be managed and deleted, please visit http://www.allaboutcookies.org/ or your browser cookie settings.
We may use web analytics services (such as those of Google Analytics) on our Services to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here. If you receive email from us, we may use certain analytics tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners contained in our emails. This data allows us to gauge the effectiveness of our communications and marketing campaigns.
On our Services, we allow select third-party advertising technology partners to place cookies or other tracking technologies on your browser to collect information about you as discussed above. These third parties (e.g., ad networks and ad servers such as Google and others) may use this information to serve relevant content and advertising to you as you browse the Internet. You may visit the Network Advertising Initiative’s Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link, or Your Online Choices to opt-out of receiving interest based ads from companies that participate in these programs. We do not control these opt-outs or who participates in these programs. We are not responsible for the continued availability or accuracy of these mechanisms. Please note that these programs must be used on each browser you use. If you use these mechanisms, you may still see ads across the Internet, but they will not be tailored by participating companies based on your online activities over time.
HOW WE DISCLOSE YOUR INFORMATION
We will disclose your information in the following ways:
- Service Providers. We provide access to or disclose your information with selected third parties who perform services on our behalf. They provide a variety of services to us, including data hosting and storage, identity verification, customer service, security, fraud prevention, and legal services.
- Protection of Cartamundi and Others. We may disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such disclosure is reasonably necessary to: (a) comply with legal process (e.g. a subpoena or court order) or regulatory obligations; (b) enforce any contracts with you, if relevant; (c) respond to claims that any content violates the rights of third parties; (d) respond to your requests for customer service; (e) investigate, prevent or take action related to suspicious or actual illegal activities, or to cooperate with public agencies; and/or (f) protect the rights, property or personal safety of Cartamundi, its agents and affiliates, its users and/or the public. In these cases, your information may be shared with third parties, such as government entities, third parties as directed by law or process or necessary for such purposes, entities responsible for investigation, and information technology or information security companies.
- Third Parties that Provide Advertising Services. As described above, third parties such as Google may collect or receive certain information about you and/or your use of the Services to provide ads (including personalized ads) or to measure and analyze ad performance.
- Business Transfers. We may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third party, customer information (including your email address) would likely be one of the transferred business assets.
- With your consent. We may share your information to recipients based on your direction or consent.
We may share or disclose Aggregate/Anonymized Information with any third party.
YOUR RIGHTS AND YOUR CHOICES
You may have certain rights under applicable law (depending on your jurisdiction) with respect to your information as further described in this section.
- YOUR LEGAL RIGHTS
Pursuant to EEA, UK, and California, Colorado and other state privacy laws, you may be permitted to make certain requests depending on the country or state you live in. You may be able to request that we:
- provide access to and/or a copy of certain information we hold about you
- update information which is out of date or incorrect
- delete certain information which we are holding about you
- restrict the way that we process and disclose certain of your information
- object to the processing of your information when such processing is based on the pursuit of our legitimate interests
- revoke your consent for the processing of your information
Please note that your rights may vary depending upon your jurisdiction.
If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please email us at [email protected] at any time.
We will consider all requests and provide our response within the time period provided by applicable law. Certain information may be exempt from such requests in some circumstances which may include if we need to keep processing your information for our legitimate interests (where permitted by law) or to comply with a legal obligation. We may request that you provide us with information necessary to confirm your identity and residency before responding to your request. The handling of your request is free of charge. We may however charge a reasonable fee or refuse to act on the request if such request is manifestly unfounded or excessive.
Authorized agents for California residents may submit requests: [email protected]. We may require proof of the written authorization you have given.
Virginia residents may appeal the denial of a request here: [email protected]. We will respond within the legally required time period, including a written explanation of the results of your appeal.
Privacy Choices: Do Not Sell or Share or Process My Personal Information for Targeted Advertising
Residents of certain states such as California, Virginia, and Utah may opt out of the “sale” of some or all personal information. Some of those states, such as California and Virginia, may also allow residents to opt out of the sharing or processing of their personal information for targeted advertising to them. Applicable law broadly defines “sale” or “share” in a way that may include allowing third parties to receive certain information such as cookies, IP address, device identifiers, browsing behavior and/or other activity to enable the delivery and measurement of interest-based advertising. As such, we may share or process for targeted advertising to you the following categories of information for such purposes which may be considered a sale:
- device information and identifiers, such as IP address, and unique advertising identifiers and cookies; connection and usage information, such as browsing history or app usage, geolocation information, such as city; and inference data.
If you or your authorized agent would like to opt out of the use of your information for such purposes, you may do so as outlined on the following page: Your Privacy Choices.
You may still receive advertising; it just may not be tailored to your interests. Please note, if you use different browsers, devices, or services you will need to make your elections separately. In some cases, you may also be presented with form field to complete, in those cases we ask for your email address or other information so we may add it to an appropriate suppression list.
Please note that if you have a legally-recognized browser-based opt out preference signal turned on via your device browser (such as Global Privacy Control), we recognize such preference in accordance and to the extent required by applicable law.
- MARKETING COMMUNICATIONS
ADDITIONAL INFORMATION FOR INTERNATIONAL USERS
If you have any concerns or complaints about our data processing activities, we urge you to first try to resolve such issues directly with us by contacting us as set forth in “Contact Information” section below at any time. However, if applicable, you may make a complaint to the data protection supervisory authority in the country where you are based.
ADDITIONAL INFORMATION FOR CALIFORNIA USERS
If you are a California resident, California law requires us to provide you with additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).
We collect the following categories of personal information: identifiers (such as your name and email address and government identification); commercial information (a record of your orders); financial data (payment information processed by a third party payment processor and your history of purchases); biometric data (processed by an identity verification provider); internet or other network information (how you interact with the our Services); location information (because your IP address may indicate your general location); inference data about you (for example, what content you may be interested in); and other information that identifies or can be reasonably associated with you. For more information about what we collect and the sources of such collection, please see the “The Information We Collect” section above.
We collect personal information for the purposes described in “How We Use Your Information” above.
We may disclose:
- any of the above categories of information we collect with: our affiliates; business partners to provide you with services that you request; service providers; other parties, including government entities, when required by law or to protect our users and services; social media services pursuant to that service and your settings; and with your consent or in connection with a corporate transaction;
- commercial information and financial data, including your payment information, with payment processors; and
- device information and identifiers and internet or other network or device activity with entities that provide content, advertising, and functionality.
Please see “How We Disclose Your Information” above for more information.
If you are a California resident, the CCPA allows you or your authorized agent to make certain requests about your personal information, please see Your Legal Rights above. We will take reasonable steps to verify your identity and requests, including by verifying your account information, residency or the email address you provide. The CCPA further provides you with the right to not be discriminated against (as provided for in applicable law) for exercising your rights under the CCPA.
California law broadly defines “sale” or “share” in a way that may include allowing third parties to receive certain information such as cookies, IP address, device identifiers, browsing behavior and/or other activity to enable the delivery and measurement of interest-based advertising. As such, we may share the following categories of information for such purposes which may be considered a sale (as defined by California law):
- device information and identifiers, such as IP address, and unique advertising identifiers and cookies; connection and usage information, such as browsing history or app usage, geolocation information, such as city; and inference data.
If you or your authorized agent would like to opt out of the use of your information for such purposes (to the extent this is considered a sale), you may do so as outlined on the following page: Your Privacy Choices.
Once a year, California residents can also request certain information regarding disclosure of certain categories of personal information to third parties for their direct marketing purposes in the preceding calendar year.
We retain your information as long as it is necessary to fulfill the purposes for which we collect it, unless a longer retention is required or permitted by law. We consider the nature and sensitivity of the information, the purposes for which we process the information, applicable legal requirements, and our legitimate interests in determining how long to retain information. Different processing purposes may dictate different retention periods for the same types of information. For example, if you opt out of email marketing, we maintain your email on our suppression list for an extended time to comply with your request.
ADDITIONAL INFORMATION FOR BRAZILIAN RESIDENTS
We will provide means for you to access, correct, exclude or modify the data that were provided by you to us, to request the correction, exclusion or modification of the respective personal data.
If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Contact Information” section below at any time. You will have the right to the following information:
- Confirmation of the existence of data processing: You may request confirmation regarding the existence of processing of your personal data.
- Right to access your data: You may request a copy of the processed data, which will be made available in a readable and electronic format.
- Data alteration or correction: You may request updates, alterations or corrections of your data in certain cases, especially if such data is incorrect or outdated.
- Exclusion, blockage and/or anonymization of data: You may request the exclusion of your data from our platforms and our repositories without the need to provide any justification, as well as request the exclusion, blockage and/or anonymization of said personal data. Please note that this measure may result in you not being able to use the Services or full functionalities of the Services.
- Information on data sharing: You may request information about public and/or private entities with which we have shared your personal data.
- Information on consent: You may request information on the possibility of not providing consent in specific situations and on the consequences of the non-provision of said
- Revocation of consent: In cases where you have given consent to us for the processing of your personal data, you may, at any time, revoke such consent.
Channels to require your rights: To require the rights listed above, you must direct your requests through the “Contact Information” section or directly to the Data Protection Officer listed below. In the referred request, you shall include: (a) your qualification (full name and e-mail); (b) specification of the measure object of your request in relation to your personal data, and (c) if applicable, specify the data that is the object of the request. Unless otherwise established by the applicable law, within 15 days, the Data Protection Officer or we will respond to your request: (a) communicating the fulfillment of the request; (b) presenting justification, when it is not possible to comply with the request, or (c) estimating a new deadline for fulfilling the request and the justification for such extension.
You shall immediately inform us, through the Data Protection Officer listed in the following paragraph, when our cooperation is necessary to alter, update, supplement, correct or exclude personal data that has been made available by you to us (e.g. personal data of third parties). You shall provide all the relevant information so that we may take the necessary provisions within a reasonable time.
Name: Kelly Sampaio
E-mail: [email protected]
ADDITIONAL INFORMATION FOR UK AND EEA RESIDENTS
If you are located in the UK or EEA, you may have certain rights with respect to the personal information we have about you. To the extent permitted by the UK Data Protection Act and EU General Data Protection Regulation (“GDPR”), the following rights may apply to you:
- Right to be informed: Data subjects have the right to be informed about the collection and use of their personal data.
- Right to access: Data subjects have the right to view and request copies of their personal data.
- Right to rectification: Data subjects have the right to request inaccurate or outdated personal information be updated or corrected.
- Right to be forgotten/Right to erasure: Data subjects have the right to request their personal data be deleted. Note that this is not an absolute right and may be subject to exemptions based on certain laws.
- Right to data portability: Data subjects have the right to ask for their data to be transferred to another controller or provided to them. The data must be provided in a machine-readable electronic format.
- Right to restrict processing: Data subjects have the right to request the restriction or suppression of their personal data.
- Right to withdraw consent: Data subjects have the right to withdraw previously given consent to process their personal data.
- Right to object: Data subjects have the right to object to the processing of their personal data (with some restrictions).
- Right to object to automated processing: Data subjects have the right to object to decisions being made with their data solely based on automated decision making or profiling.
- Notification obligation regarding rectification or erasure of personal data or restriction of processing: The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with the UK Data Protection Act and GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
As mentioned in section “Automated individual decision-making, including profiling” above, the processing of your personal data made as part of our anti-fraud controls can lead to decisions based on automated processing, which produce effects concerning your ability to use the services (e.g. rejection of a request to create an account, to make a deposit or a transaction).
In order to safeguard your rights and freedoms and legitimate interests, you may:
- Request the right to obtain human intervention on our part and the right to express your point of view and to contest the decision. To exercise this right, please send an email to [email protected] with “Automated decision” as title of your request, and
- Request to obtain meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing. To exercise this right please contact us at [email protected].
HOW WE PROTECT YOUR INFORMATION
We take a variety of appropriate technical and organizational security measures to protect the information provided to us from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. User-accounts are protected by passwords. We recommend you choose a strong password and ensure its confidentiality to prevent unauthorized access to your account. Please contact us immediately if you experience a security issue or believe your account has been compromised. Please keep this in mind when disclosing any information to us online.
THIRD PARTY LINKS AND FEATURES
The Services are intended for general audiences and not for children under the age of 14; some aspects of the Services may require users to be 18 or older. If we become aware that we have inadvertently collected “personal information” (as defined by the United States Children’s Online Privacy Protection Act) from children under the age of 14 without valid parental consent or from persons under 18 for applicable Services, we will take reasonable steps to delete such information as soon as possible.
We will retain your information, in compliance with applicable law, for no longer than necessary for the purposes for which it was provided or for our legitimate business purposes, unless an applicable legal requirement requires us to delete such information sooner or retain such data for longer periods.
You can reach us via email, at [email protected] or by mail at:
The United States Playing Card Company
300 Gap Way
Erlanger, KY 41018