Effective Date: June 8th, 2022
This processing of your information is performed by The United States Playing Card Company as data controller at 300 Gap Way, Erlanger, KY 41018, U.S.A.
THE INFORMATION WE COLLECT
We obtain information about you through the means discussed below when we provide the Services.
1. INFORMATION YOU PROVIDE TO US
We collect information that you provide directly to us. For example, we collect information from you through:
- Your registration on and use of our Services;
- Your purchases;
- Requests or questions you submit to us via online forms, email, or otherwise
- When you sign up for our newsletter or to receive other information, including promotions;
- Participation in surveys or contests.
Information about you. The types of data we collect directly from you include:
- Contact, registration, and eligibility information such as your full name, email address, login information (password and username or email), address, phone number, online screen name, and date of birth;
- Identity verification information to engage in certain features on the Services such as financial transactions over a certain threshold, our service provider, Onfido, will collect a photo of your identity document (i.e., government issued id) and uploaded selfie and compare facial scan data from those in order to verify your identity. Cartamundi does not have access to this facial scan data.
- Transactional information such as order details, billing address, shipping address, and payment information, including payment card, payment services like PayPal or cryptocurrency wallet information (Please note, payment information is processed by third party payment processors);
- Inquiries and Feedback including comments and questions you submit through customer service interactions with us (via email, phone, or online chat) or through surveys;
- User Generated Content: certain parts of the Services may enable you to post comments, photos or other content, that, depending on where you post them, may be publicly viewable.
- Any other information you directly provide to us in connection with your use of the Services.
2. INFORMATION WE COLLECT THROUGH AUTOMATED MEANS
- Device information and related identifiers: including your IP address, browser type, browser language, operating system, device identifiers, operating system, the state or country from which you accessed the Services, and software and hardware attributes. From your IP address, we may be able to infer your general location (e.g., city/state or postal code).
- Usage Information: including referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, error logs, language preferences, and other similar information.
- Location Information: When you use the Services, we and our service providers collect general location information from your computer or mobile device. “General” location information means information about the city and state in which your device is located based on its IP address. We may also obtain general location when you input your zip code or use location features on the Services, such as to find nearby merchants. This information allows us to give you access to content that varies based on your general location. If we collect precise GPS location information through your device, we will ask your permission first. You can disable sharing precise geolocation information in your device settings.
Information We Collect from Social Media Platforms or Single Sign On Services
If you log in using social media credentials or single sign on (such as Google or Facebook), depending on your settings, we may receive certain information to enable such sign on, such as an authentication token or your username or email. If you interact with us through a social media service (such as when you like or follow us or comment on our pages), we may have access to your information from that social network depending on your settings such as your name, social network ID, photo, current city, your comments about our Services, and the people/sites you follow.
Information We Collect from other sources
We may also collect personal data about you from other sources. This collection is made only to the extent permitted by applicable law and includes the following data in particular:
- Data from public sources (e.g. demographic data).
- Business partners, marketers, consumer data resellers, researchers and analysts that provide us with demographic data and statistical information about users in certain jurisdictions.
- Fraud prevention and detection vendors that provide us with personal data from available sources – such as social media networks – for identity verification: e.g. name, surname, age, gender, email and home address, cookies, social networking data, internet user-generated data and IP address.
We may combine, compile or connect the personal data we collect from you, through automated means, from social media and/or from the above-mentioned other sources. Where personal data is disclosed to us by third parties, we take steps to ensure that these third parties are legally permitted to disclose your personal data to us.
HOW WE USE YOUR INFORMATION
We use your information for various purposes and with certain legal bases (under applicable law) depending on the types of information we have collected from and about you, including:
To fulfill our agreement with you to:
- Provide our Services, including when you register for such Service;
- Contact you about the Services, including for important policy changes and updates about your purchases. Where local law requires, we will obtain your consent before sending marketing or other communications;
- Respond to your requests related to your transactions.
For our legitimate business interests to:
- Secure our Services, prevent misuse, and resolve technical issues;
- Respond to your requests for information and provide you with more effective and efficient customer service, including through our interactive chat functions.
- In accordance with applicable legal requirements, contact you regarding the Services, as well as surveys, promotions, special events, and other subjects that we think may be of interest to you;
- Better understand your interests and improve our Services;
- Conduct internal business operations in support of our Services, such as auditing, preventing /fighting against fraud, invoicing and accounting, sales and marketing, analytics, and research and development;
- Establish, exercise, or defend our legal rights.
To comply with our legal obligations, including to:
- Comply with any procedures, laws, and regulations which apply to us;
- To conduct identity verification through our identity verification service provider;
- Retain and use your information in connection with potential legal claims when necessary and for compliance, regulatory, and auditing purposes.
With your consent to:
- Enable you to participate in surveys and contests;
- Send you marketing and other commercial communications and use non-strictly necessary cookies as detailed in the section on cookies and similar technologies below, where local law requires such consent (please note these requirements vary by jurisdiction and not all jurisdictions require consent for such uses).
We may also collect and use personal information in connection with your consent in other circumstances. You can revoke your consent at any time, though you might not be able to use a service or feature that requires collection or use of that personal information.
Aggregate/Anonymized Information. We may use aggregate and/or de-identified information that can no longer be linked to you or your device (“Aggregate/Anonymized Information”) for any purpose, including without limitation for research and marketing purposes, and we may also share such data with any third parties, including advertisers, partners, and sponsors.
Automated individual decision-making, including profiling For certain services, we may implement the use of automated decision-making with the aim of detecting and blocking fraudulent account creation and transactions. These automatic checks are made by our fraud prevention and detection suppliers and based available sources such as social media networks. These data may be compiled and fraud prevention and detection vendors may perform automated analysis using algorithms and artificial intelligence to assign a certain risk score to each transaction taking into account its characteristics. Depending on its score, a transaction can be automatically rejected, in which case you can always exercise your rights as indicated in section “YOUR RIGHTS AND YOUR CHOICES” below, notably as per subsection “Automated individual decision-making, including profiling – your rights” which is dedicated to this topic and informs you on the steps to take to contest such an automated decision.
COOKIES AND SIMILAR TECHNOLOGIES
In operating the Services, we may use a technology called “cookies.” A cookie is a piece of information that the computer that hosts our Services stores to your browser when you access the Services. We use various types of cookies and similar technologies, including pixels, gifs, web beacons, and other tracking technologies, and first and third-party cookies. Cookies can be persistent by remaining on your computer until you delete them or be based on your browsing session where they delete once you close your browser.
Our Services use the following types of first-party and third-party Cookies:
- Strictly Necessary Cookies are necessary for our Services to function properly and securely. They cannot be switched off. You can set your browser to block or alert you about these cookies, but some parts of the Services will not work.
- Functional Cookies enable us to provide enhanced functionality by remembering your preferences or settings when you return to our Services. Without these cookies, certain features may not function properly.
- Performance Cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Services. We use third-party cookies, such as Google Analytics, to help with performance and analytics.
- Targeting or Advertising Cookies help deliver advertisements, make them more relevant and meaningful to users, and measure the efficiency of ad campaigns. We and our third-party advertising partners may use these cookies to deliver relevant ads about our Services on other sites or services.
You may have the ability to accept or decline certain cookies on our Services depending on your jurisdiction. In addition, most browsers have settings that enable you to decline cookies if you prefer. Detailed instructions are provided by your browser. If you do not accept all cookies or withdraw your consent to certain cookies where you have been asked to and have provided consent, you may not be able to use the full functionalities of the Services. For more information on cookies and how they can be managed and deleted, please visit http://www.allaboutcookies.org/ or your browser cookie settings.
We may use third-party web analytics services (such as those of Google Analytics) on our Services to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here. If you receive email from us, we may use certain analytics tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.
On our Services, we allow select third-party advertising technology partners to place cookies or other tracking technologies on your browser to collect information about you as discussed above. These third parties (e.g., ad networks and ad servers such as Google and others) may use this information to serve relevant content and advertising to you as you browse the Internet. You may visit the Network Advertising Initiative’s Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link, or Your Online Choices to opt-out of receiving interest based ads from companies that participate in these programs. We do not control these opt-outs or who participates in these programs. We are not responsible for the continued availability or accuracy of these mechanisms. Please note that these programs must be used on each browser you use. If you use these mechanisms, you may still see ads across the Internet, but they will not be tailored by participating companies based on your online activities over time.
HOW WE SHARE AND DISCLOSE YOUR INFORMATION
We will share your information in the following ways:
- Service Providers. We provide access to or share your information with selected third parties who perform services on our behalf. They provide a variety of services to us, including data hosting and storage, identity verification, customer service, security, fraud prevention, and legal services.
- Protection of Cartamundi and Others. We may disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such disclosure is reasonably necessary to: (a) comply with legal process (e.g. a subpoena or court order) or regulatory obligations; (b) enforce any contracts with you, if relevant; (c) respond to claims that any content violates the rights of third parties; (d) respond to your requests for customer service; (e) to investigate, prevent or take action related to suspicious or actual illegal activities, or to cooperate with public agencies; and/or (f) protect the rights, property or personal safety of Cartamundi, its agents and affiliates, its users and/or the public. In these cases, your information may be shared with third parties, such as government entities, third parties as directed by law or process or necessary for such purposes, entities responsible for investigation, and information technology or information security companies.
- Third Parties that Provide Advertising Services. As described above, third parties such as Google may collect or receive certain information about you and/or your use of the Services to provide ads (including personalized ads) or to measure and analyze ad performance.
- Business Transfers. We may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third party, customer information (including your email address) would likely be one of the transferred business assets.
- With your consent. We may share your information to recipients based on your direction or consent.
We may share or disclose Aggregate/Anonymized Information with any third party.
YOUR RIGHTS AND YOUR CHOICES
You may have certain rights under applicable law (depending on your jurisdiction) with respect to your information as further described in this section.
1. YOUR LEGAL RIGHTS
If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Contact Information” section below at any time. Please note for certain Services, you can access certain of your information and update that information through your account. Your local laws may permit you to request that we:
- provide access to and/or a copy of certain information we hold about you
- update information which is out of date or incorrect
- delete certain information which we are holding about you
- restrict the way that we process and disclose certain of your information
- object to the processing of your information when such processing is based on the pursuit of our legitimate interests
- revoke your consent for the processing of your information
Please note that your rights may vary depending upon your jurisdiction. We will consider all requests and provide our response within the time period provided by applicable law. Certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request that you provide us with information necessary to confirm your identity before responding to your request. The handling of your request is free of charge. We may however charge a reasonable fee or refuse to act on the request if such request is manifestly unfounded or excessive.
2. MARKETING COMMUNICATIONS
3. AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING – YOUR RIGHTS
As mentioned in section “Automated individual decision-making, including profiling” above, the processing of your personal data made as part of our anti-fraud controls can lead to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you (e.g. rejection of a request to create an account, to make a deposit or a transaction within the Hro Marketplace).
We have therefore taken suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, including:
- the right to obtain human intervention on our part and the right to express your point of view and to contest the decision. To exercise this right, please send an email to hro.gg with “Automated decision” as title of your request, and;
ADDITIONAL INFORMATION FOR INTERNATIONAL USERS
If you have any concerns or complaints about our data processing activities, we urge you to first try to resolve such issues directly with us by contacting us as set forth in “Contact Information” section below at any time. However, if applicable, you may make a complaint to the data protection supervisory authority in the country where you are based.
ADDITIONAL INFORMATION FOR CALIFORNIA USERS
If you are a California resident, California law requires us to provide you with additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).
We collect the following categories of personal information: identifiers (such as your name and email address and government identification); commercial information (a record of your orders); financial data (payment information (processed by a third party payment processor) and your history of purchases); biometric data (processed by an identity verification provider) internet or other network information (how you interact with the our Services); location information (because your IP address may indicate your general location); inference data about you (for example, what content you may be interested in); and other information that identifies or can be reasonably associated with you. For more information about what we collect and the sources of such collection, please see the “The Information We Collect” section above.
We collect personal information for the purposes described in “How We Use Your Information” above.
We may share:
- any of the above categories of information we collect with: our affiliates; business partners to provide you with services that you request; service providers; other parties, including government entities, when required by law or to protect our users and services; social media services pursuant to that service and your settings; and with your consent or in connection with a corporate transaction.
- commercial information and financial data, including your payment information, with payment processors, and
- device information and identifiers and internet or other network or device activity with entities that provide content, advertising, and functionality.
Please see “How We Share and Disclose Your Information” above for more information.
If you are a California resident, the CCPA allows you or your authorized agent to make certain requests about your personal information, please see Your Legal Rights above. We will take reasonable steps to verify your identity and requests, including by verifying your account information, residency or the email address you provide. The CCPA further provides you with the right to not be discriminated against (as provided for in applicable law) for exercising your rights under the CCPA.
California law broadly defines “sale” in a way that may include allowing third parties to receive certain information such as cookies, IP address, device identifiers, browsing behavior and/or other activity to enable the delivery and measurement of interest-based advertising on the or other sites. As such, we may share the following categories of information for such purposes which may be considered a sale (as defined by California law):
- device information and identifiers, such as IP address, and unique advertising identifiers and cookies; connection and usage information, such as browsing history or app usage, geolocation information, such as city; and inference data.
If you or your authorized agent would like to opt out of the use of your information for such purposes (to the extent this is considered a sale), you may do so as outlined on the following page: Do Not Sell My Personal Information.
Once a year, California residents can also request certain information regarding disclosure of certain categories of personal information to third parties for their direct marketing purposes in the preceding calendar year.
Nevada consumers who have purchased goods or services from us may opt out of the “sale” of “covered information” as such terms are defined under Nevada law. We do not engage in such activity, but if you have questions about this you can email us at [INSERT LINK OR CONTACT INFO]
ADDITIONAL INFORMATION FOR BRAZILIAN RESIDENTS
We will provide means for you to access, correct, exclude or modify the data that were provided by you to us, to request the correction, exclusion or modification of the respective personal data.
If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Contact Information” section below at any time. You will have the right to the following information:
- Confirmation of the existence of data processing: You may request confirmation regarding the existence of processing of your personal data
- Right to access your data: You may request a copy of the processed data, which will be made available in a readable and electronic format
- Data alteration or correction: You may request updates, alterations or corrections of your data in certain cases, especially if such data is incorrect or outdated
- Exclusion, blockage and/or anonymization of data: You may request the exclusion of your data from our platforms and our repositories without the need to provide any justification, as well as request the exclusion, blockage and/or anonymization of said personal data. Please note that this measure may result in you not being able to use the Services or full functionalities of the Services
- Information on data sharing: You may request information about public and/or private entities with which we have shared your personal data
- Information on consent: You may request information on the possibility of not providing consent in specific situations and on the consequences of the non-provision of said consent
- Revocation of consent: In cases where you have given consent to us for the processing of your personal data, the you may, at any time, revoke such consent
Channels to require your rights: To require the rights listed above, you must direct your requests through the “Contact Information” section or directly to the Data Protection Officer listed below. In the referred request, you shall include: (a) your qualification (full name and e-mail); (b) specification of the measure object of your request in relation to your personal data, and; (c) if applicable, specify the data that is the object of the request. Unless otherwise established by the applicable law, within 15 days, the Data Protection Officer or we will respond to your request: (a) communicating the fulfillment of the request; (b) presenting justification, when it is not possible to comply with the request, or (c) estimating a new deadline for fulfilling the request and the justification for such extension
You shall immediately inform us, through the Data Protection Officer listed in the following paragraph, when our cooperation is necessary to alter, update, supplement, correct or exclude personal data that has been made available by you to us (e.g. personal data of third parties). You shall provide all the relevant information so that we may take the necessary provisions within a reasonable time.
Name: Kelly Sampaio
E-mail: [email protected]
HOW WE PROTECT YOUR INFORMATION
We take a variety of appropriate technical and organizational security measures to protect the information provided to us from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. User-accounts are protected by passwords. We recommend you choose a strong password and ensure its confidentiality to prevent unauthorized access to your account. Please contact us immediately if you experience a security issue or believe your account has been compromised. Please keep this in mind when disclosing any information to us online.
THIRD PARTY LINKS AND FEATURES
The Services are intended for general audiences and not for children under the age of 14; some aspects of the Services may require users to be 18 or older. If we become aware that we have inadvertently collected “personal information” (as defined by the United States Children’s Online Privacy Protection Act) from children under the age of 14 without valid parental consent or from persons under 18 for applicable Services, we will take reasonable steps to delete such information as soon as possible.
We will retain your information, in compliance with applicable law, for no longer than necessary for the purposes for which it was provided or for our legitimate business purposes, unless an applicable legal requirement requires us to delete such information sooner or retain such data for longer periods.
You can reach us via email, at [email protected] or by mail at:
The United States Playing Card Company
300 Gap Way
Erlanger, KY 41018