WHAT INFORMATION DO WE COLLECT?
HOW DO WE USE THE INFORMATION COLLECTED?
HOW AND WHEN DO WE DISCLOSE INFORMATION TO THIRD PARTIES?
HOW DO I CHANGE MY INFORMATION AND COMMUNICATIONS PREFERENCES?
WHAT SHOULD PARENTS KNOW ABOUT CHILDREN?
YOUR CALIFORNIA PRIVACY RIGHTS
GENERAL DATA PROTECTION REGULATION (“GDPR”) and UK GENERAL DATA PROTECTION REGULATION (“UK GDPR”): INFORMATION FOR EEA AND UK USERS
What information do we collect?
We collect information in connection with your use of our Services.
Certain of the information we collect may be personal information, by which we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (“Personal Information”). Information that is aggregated, de-identified, or anonymized is not considered as Personal Information, and there may be other exceptions or differences under applicable law.
The categories of information we collect can include:
- Contact information, such as your name, phone number, and email address.
- Certain business information, such as your employer name and location.
- Device information, including its location, characteristics (operating system, plug-ins, system fonts and other data, for purposes of identification), functionality, and your IP address, UDID or a number automatically assigned to your device used to access our Services (“Device Identifier”).
- Information about your communications with us (including customer support questions, if applicable).
- Information about how you access and navigate our Services, including the URL that referred you to our Site, the areas within our Services that you visit and your activities there, your interactions with our email communications or other communications, and remembering you, including some demographic information about you, and your preferences, and analytics regarding this information.
- Information about use of our Services generally, such as the number of visitors to the Site, how many e-mails that were sent were actually opened, which and how many particular articles or links were clicked on or actually viewed.
The information we collect varies depending on how you interact with us. In addition, we may receive this information directly from you, through our website — including as collected by service providers and partners (for example, from your device) — or from third parties. For example, we receive:
- Information You Provide to Us:
- You may provide information directly to us, including through “contact us” or “sign up” or “submit here” or similar forms that enable you to submit such information.
- Information We Collect and Store As You Access and Use our Services:
- We and our third-party service providers may automatically (or passively) collect and store certain information whenever you visit or interact with our Services (“Usage Information”). We may use various methods and technologies, including cookies, web beacons, embedded scripts, browser fingerprinting, Etag or entity tags, and recognition technologies, to collect and store Usage Information (collectively “Tracking Technologies”). Usage Information may be stored or accessed using Tracking Technologies that may be downloaded to your personal computer, browser, laptop, tablet, mobile phone or other device whenever you visit or interact with our Services.
- Information Third Parties Provide About You:
- We may receive information about you from third parties when those third parties use our Services, such as those third parties they submit information to us about you. We may also receive information from third party partners, such as market data enrichment services. We may combine information received from third parties with information, including Personal Information, that we collect directly from you.
- Information You Provide About a Third Party:
- You may send someone else a communication from our Services (for example only, by way of registering for a promotion or contest or sweepstakes, claiming a prize, or otherwise). If so, the information you provide (names, email addresses, mobile number, etc.) is used to facilitate the communication, and we may use such information to contact that person directly regarding our Services available to them. Please be aware that when you use such functionality on our Services, your email address, mobile number, name or user name and message may be included in the communication sent to your addressee(s).
How do we Use the Information Collected?
We may use your Personal Information for various purposes, including:
- to provide you with information, such as to send you electronic newsletters or to provide you with promotional and marketing materials on behalf of us or third parties, including to let you know about upcoming events;
- to enable you to participate in a variety of our Services’ features;
- to improve our Services, marketing endeavors or our Services and offerings;
- to customize your experience on our Services or to serve you specific content that we believe is relevant to you;
- to understand your use of advertisements;
- to serve advertisements across the Internet and to provide advertising tailored to your individual interests;
- to provide customer support;
- to contact you with regard to your use of our Services and, in our discretion, changes to our Services and/or our Services’ policies;
- to improve the overall experience of our Services;
- for internal business purposes;
- to supplement outside records from third parties; and
How and when do we disclose information to third parties?
We do not sell your Personal Information to third parties for valuable consideration and do not share your Personal Information to third parties for cross-context behavioral advertising. We may disclose your information as follows:
- When You Request Information From or Provide Information to Third Parties:
- You may be presented with an option on our Services to receive certain information and/or marketing offers directly from third parties or to have us send certain information to third parties or give them access to it. If you choose to do so, your Personal Information and other information may be disclosed to such third parties and all information you disclose will be subject to the third-party privacy policies and practices of such third parties.
- Third Parties Providing Services on our Behalf:
- We may use third-party vendors to perform certain services on behalf of us or our Services, such as: (i) to assist us in operation of our Services; (ii) to manage a database of customer information; (iii) to host our Services; (iv) to design and/or operate our Services’ features; (v) to provide marketing and analytics services; and (vi) other services designed to assist us in maximizing our business potential. We may provide these vendors with access to user information, including Device Identifiers and Personal Information, to carry out the services they are performing for you or for us.
- Administrative and Legal Reasons:
- Affiliates and Business Transfer:
- We may share your information (including your Device Identifiers, Personal Information, and Usage Information) with our parent, subsidiaries and affiliates. We also reserve the right to disclose and transfer all such information: (i) to a subsequent owner, co-owner or operator of our Services or applicable database; or (ii) in connection with a merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets or other corporate change, including, during the course of any due diligence process.
How do I Change my Information and Communications Preferences?
You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of registration. You may be able to review, correct or update Personal Information, if any, that you have provided through our Services, and you may provide updates and changes by contacting us here.
You may cancel or modify our marketing communications by changing your communication preferences. You can do so by (i) following the instructions contained within our promotional emails, or (ii) where we provide you with login access to certain Services, by logging into your account and changing your communication preferences as you see fit. This will not affect subsequent subscriptions and if your opt-out is limited to certain types of emails the opt-out will be so limited and different subscriptions will be unaffected.
What should Parents Know About children?
Our site is not designed nor intended to collect Personal Information from children under the age of thirteen (13), and we do not knowingly collect any Personal Information from children younger than the age of thirteen (13). If you are a parent or guardian of a child under the age of thirteen (13) and your child has disclosed Personal Information to us, please contact us here, so that we may take appropriate actions to remove the child’s Personal Information from our systems.
We do not sell the Personal Information of any individuals, including that of children under the age of 16.
Unless otherwise stated, we retain Personal Information and other information you provide or otherwise make available to us, to fulfill the purposes described above.
We use the following criteria to determine how long to retain Personal Information:
- Our relationship with you, including the status of your relationship with us;
- Your requests to us regarding your information, or our products or Services;
- Any legal obligations to retain the data, including those arising from legal requirements in applicable labor and employment laws, or for our own legal purposes (such as enforcing our agreements or litigation); and
- Technical considerations and feasibility, and level of protections in place for your Personal Information.
We take commercially reasonable precautions, including physical, electronic, and procedural safeguards, to help protect and secure your Personal Information. However, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can be guaranteed to be 100% secure. Please note that, despite our efforts, we cannot guarantee that Personal Information you transmit to us may not be accessed, disclosed, or altered by a breach of our safeguards. We urge you to take adequate precautions to protect your Personal Information, and you use our Services and provide us with your information at your own risk.
Your California Privacy Rights
Pursuant to the California Consumer Privacy Act of 2018 sections 1798.100 et seq. (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”), California residents have certain additional rights in relation to their Personal Information. For example, as a California resident, you may have—subject to exceptions and other applicable law—the following rights:
- Right to Transparency:
- You have a right to understand the categories and types of Personal Information to be collected (see the “WHAT INFORMATION DO WE COLLECT?” section above), the purposes for which the categories of Personal Information are collected or used (see the “HOW DO WE USE THE INFORMATION COLLECTED?” section above), whether that information is sold or shared (see the “HOW AND WHEN DO WE DISCLOSE INFORMATION TO THIRD PARTIES?” section above), and the length of time we intend to retain each category of Personal Information, or if that is not possible, the criteria used to determine that period, among other information (see the “RETENTION” section above). [EACH OF THE HIGHLIGHTED SECTIONS SHOULD JUMP LINK BACK TO THE SECTIONS ABOVE]
- Right to Access the categories and specific pieces of Personal Information we have collected about you, the categories of sources from which the Personal Information is collected, the business purpose for collecting the Personal Information, and the categories of third parties with whom we share Personal Information.
- Right to Limit the use and disclosure of sensitive personal information. We only collect and use sensitive personal information as necessary to provide you with goods and services, and do not sell or share (as defined by the CPRA) sensitive personal information. As a result, we do not, and are not required to, provide a right to limit.
- Right to Correct inaccurate or obsolete Personal Information that we may maintain.
- Right to Delete the Personal Information under certain circumstances.
- Right to Opt-out of the Sale or Sharing of Personal Information.
- Although you have the right to opt out of the “sale” of your Personal Information (i.e., disclosure of Personal Information to third parties for valuable consideration), or “sharing” of your Personal Information (i.e., disclosure of Personal Information to third parties for cross-context behavioral advertising), we do not “sell” or “share” your Personal Information.
- Right to non-discrimination:
- We do not discriminate against our employees, applicants, or customers on the basis of their exercising any of their rights afforded by the CCPA and CPRA, which is further in accordance with California residents’ rights under the law.
How California Residents Can Exercise Their Rights:
California residents may exercise the rights described above by submitting a verifiable request to us by emailing email@example.com, filling out the web form at [insert contact page for Giant], or by contacting us by telephone at (424) 443-3158. The right to opt out of certain sales or sharing of your Personal Information is not applicable because we do not sell your Personal Information to third parties for valuable consideration or share your Personal Information for cross-context behavioral advertising.
Please specify in your request what Personal Information you would like to access, correct, or delete.
We will first acknowledge receipt of your request within 10 business days after receipt of your request. We will provide a substantive response to your request within 45 calendar days after its receipt. If we require more time (up to 90 days or the permitted timeframe), we will inform you of the reason and extension period in writing.
Only you or an authorized agent (as described below) may make a verifiable request related to your Personal Information.
- How to Authorize an Agent.You may designate an authorized agent to submit your verified request on your behalf, only if the authorized agent has your written permission to do so and you have taken steps to verify your identity directly with us.
- How We Verify Your Request.To respond to your request to delete, to correct, or to know, we must verify your identity or the authority of your authorized agent to make the request. We will only use the Personal Information provided in that context to verify your identity or the authority of your authorized agent to make the request. Making a verifiable request does not require you to create an account with us. To allow us to verify your request, we will require that you provide at least two pieces of Personal Information that we already have in our possession, such as your name, contact information, and/or application date. Depending on the sensitivity of the Personal Information and the risk of harm to you posed by unauthorized deletion or correction, we may need to match additional pieces of Personal Information to verify the request to a reasonably high degree of certainty. We will verify your consumer request by comparing the information you provide to information already in our possession, and take additional steps to minimize the risk of fraud.
General Data Protection Regulation (“GDPR”) and UK General Data Protection Regulation (“UK GDPR”): Information for EEA and UK Users
What Rights do I Have?
Individuals located in the European Economic Area (EEA) and the United Kingdom (UK) have certain rights in relation to your Personal Information processed by us as a controller, including:
- The right to access Personal Information that we hold about you;
- The right to correct or rectifyany inaccurate or incomplete Personal Information;
- The right to restrict or oppose processingof Personal Information, in certain circumstances, and/or request that we stop sending you marketing communications;
- The right to erase the Personal Information that we hold about you, in certain circumstances;
- The right to Personal Information portability, in some circumstances; and
- The right to lodge a complaint with the relevant Supervisory Authority. In the UK, the relevant Supervisory Authority is the Information Commissioner’s Office (https://ico.org.uk/). If you are based in the EU, the relevant Supervisory Authority will depend on your place of residence—you can find the details for your Supervisory Authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
How May I Exercise My Individual Rights?
EEA and UK users may exercise their rights regarding their Personal Information as follows:
- You can access your Personal Information by contacting us to request a Personal Information report at [insert Giant contact page URL].
- You may withdraw your consent to receive cookies by adjusting your browser settings.
- You may withdraw your consent to receive marketing or promotional communications at any time by clicking the “unsubscribe” link found within our email updates and changing your contact preferences. Please note, you will continue to receive essential account-related information, even if you unsubscribe from promotional emails.
- You can request deletion of your data.
You may contact us at [insert Giant contact page URL] with questions or requests regarding your Personal Information. Please note that we may request additional information from you to verify your identity before we disclose any personal or account information.
Legal Basis for processing Personal Information:
Under the GDPR and UK GDPR, we are required to identify the legal bases for processing your Personal Information. We rely on the following legal bases:
- Consistent with your specific revocable consents.
- As necessary for our contracts with you.If we enter a contract with you, we process your Personal Information to perform the contract and provide its services.
- As necessary to comply with our legal obligations and to protect the vital interests of you or others.We process your Personal Information to comply with legal obligations, including privacy laws, and to detect and prevent harmful, illegal activities that impact vital interests and public safety.
- As necessary for our (and others’) legitimate interests, unless those interests are overridden by your interests or fundamental rights or freedoms, which require protection of personal data.Our legitimate interests include: (i) ensuring the integrity and security of our Services; (ii) developing, testing and improving our Services, and (iii) sending marketing communications, advertising and promotions related to our products and Services.
For Personal Information you share through our Services, we are the controller, as that term is defined under the GDPR and UK GDPR. You should contact us directly for requests regarding that data.
Data Storage and Transfers
By using our Services, you acknowledge that information we collect, including Personal Information, will be transferred to, and processed, stored and used in the United States. The data protection laws in the United States may differ and be less protective than those of the country in which you are located. We ensure that data transfers to the United States are governed by the European Commission’s standard contractual clauses.