Revised 12/14/2023 and effective 12/22/2023
This is the Privacy Notice (the “Privacy Notice” or the “Notice”) of Maverik, Inc., a Utah Corporation, and its affiliates, subsidiaries, and related companies (collectively, “we,” “us,” “our”, or the “Maverik Companies”). This Privacy Notice is here to help you understand how we collect, process, and share your Personal Information (as defined below). We also describe our security practices with respect to your Personal Information, as well as your rights and choices with respect to how we process that Personal Information. Please read this Privacy Notice carefully.
If you have questions, comments or concerns about our Privacy Notice and privacy practices, or if you wish to issue a request to exercise your rights where applicable by law, please contact our team as follows:
Data Rights Requests, Compliance, and Updates: You may have various privacy rights depending on your state of residence. Please see further details below. To exercise these rights, you may visit our Your Privacy Choices portal, call Customer Service at (800) 789-4455, or email us at firstname.lastname@example.org.
General Inquiries: For all other questions or concerns, please email CustomerService@maverik.com.
This Privacy Notice applies to your use of our “Services,” which include the following:
This Privacy Notice does not apply to Personal Information governed by the Gramm-Leach-Bliley Act (“GLBA”), including Personal Information collected by the Maverik Companies when you sign up for a Nitro® Card or an &Rewards℠ Debit Card. In accordance with the GLBA privacy rule, for information on how we collect, share, and protect your Personal Information when you apply for a Nitro® Card, please view our Nitro Card Agreement, when you apply for an &Rewards℠ Debit Card, please view our &Rewards℠ Terms and Conditions.
By using our Services and/or submitting your Personal Information to us, you are accepting and acknowledging the practices and uses described in this Privacy Notice.
We may make changes to this Privacy Notice from time to time. Any changes to the Privacy Notice will be posted on the website at www.maverik.com, and such changes will become effective when they are posted. Your continued use of our Sites or other Services following the posting of any changes will mean you accept those changes.
In order to provide our Services, we may collect and process information that relates to identified or identifiable individuals (“Personal Information” or “PI”). We collect and process the following categories of Personal Information (note, specific Personal Information elements are examples and may change):
Personal Information about you and your identity, such as your name, address, email address, phone number, account ID or usernames, date of birth, age, and other Personal Information you may provide when you sign up for one of our Loyalty Programs (described below), as part of your account profile, or in other interactions with us.
Identity Information that relates to information about how we can communicate with you, such as email, phone numbers, physical addresses, social media handles, and information you provide to us when you contact us by email or when you communicate with us via social media or otherwise.
Recordings and images collected from our surveillance cameras when you visit our Stores and areas adjacent to them, as well as audio files and records, such as voice mails, call recordings, and the like.
Personal Information relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session history and similar browsing metadata, and other data generated through applications and browsers, including via cookies and similar technologies.
General Location Data:
Personal Information relating to non-precise physical location data, such as state or city associated with your zip code.
Personal Information we infer or create about you, e.g. preferences, characteristics, interests, marketing segments, likes, favorites and other data or analytics.
Personal Information included in content provided by users of the Services in any free-form or unstructured format, such as in a “contact us” box, free text field, satisfaction survey, in a file or document, or messages to us.
Information about the Services we provide to you and about transactions you make with Maverik Companies or other companies operating through us or on our behalf, information about purchases and the method of payment you have used for purchases, what has been provided to you, when and where and, if applicable, how much you paid, and similar information.
Sensitive Personal Information
This may include:
“Government ID Data” Data relating to official government identification, such as driver’s license or passport numbers, including similar Identity Data protected as Sensitive Data under applicable law.
“Payment Data” Information such as bank account details, payment card number and other payment card data, including similar data protected as Sensitive Data under applicable law, and relevant information in connection with a financial transaction.
“Precise Location Data” Data from GPS, WiFi triangulation, certain localized Bluetooth beacons, or technologies used to locate you at a precise location and time
“Log-in Data” Data in combination with any required security or access code, password, or credentials allowing access to an account
Consumer Health Data
We collect Personal Information from various sources based on the context in which the Personal Information will be processed:
We collect Personal Information from you directly, for example, when you input information into an online form, sign up for a Loyalty Program, communicate to us verbally, or otherwise interact with us directly.
We may collect certain Personal Information automatically. This information includes computer and connection information, such as statistics on your page views, traffic to and from our Sites, referral URL, ad data, your IP address, and device identifiers. This information also may include your transaction history, and your web log information, how you search for our Sites, the websites you click on from our Sites or emails, whether and when you open our emails, and your browsing activities across other websites.
Much of this information may be collected through Cookies, as defined below, web beacons, and other tracking technologies, as well as through your web browser or device (e.g., IP address, MAC address, browser version, etc.). Cookies consist of portions of code installed in the browser that assist the website owner in providing the website services according to the purpose described. Most web browsers automatically accept Cookies but, if you prefer, you can usually modify your browser setting to disable or reject Cookies. If you delete your Cookies or if you set your browser to decline Cookies, some features of our Digital Services may not be available, work, or work as designed.
From Social Media:
We receive Personal Information from social media companies who may transfer Personal Information to us when you connect to, authenticate through, or interact with us or our Sites using a social media platform (such as by clicking on a social media icon linked from our Digital Services) including Personal Information related to your contacts, calendars, profile picture, the contents of your posts or other communications, and other information the platform makes available. If you choose to log in to your account with or through a social networking service or third-party service, we and that service may share certain information about you and your activities. You should check your privacy settings on these platforms and third party services to understand what information is made available to us, and you may be able to change the settings for these platforms or services to prevent, limit or otherwise control the information made available to us.
From Third Party Services:
We receive Personal Information from third parties with whom we have a relationship in connection with a relevant transaction, for example, when you connect to, authenticate through, or interact with us or our Digital Services using a third party service (such as a Google account) or if you make a purchase on our Digital Services in which the transaction is processed by a third party service provider.
Personal Information We Create and Infer:
We, certain partners, social media companies, and third parties operating on our behalf create and infer Personal Information such as Inference Data or Aggregate Data based on our observations or analysis of other Personal Information processed under this Notice, and we may correlate this data with other data we process about you. We may combine any Personal Information about you that we receive from you and from third parties.
When you use our Services, we process your Personal Information in specific contexts and for certain specified purposes, as well as for our general business purposes and, in some cases, for commercial purposes. We process Personal Information in the contexts and for the purposes set forth below:
We generally process Identity Data, Payment Data, Transaction Data, and Contact Data when you interact with us at our Stores, including when you make a purchase. We may process this data in combination with Audio/Visual Data, Inference Data, and Location Data that we collect and/or create as necessary in connection with certain legitimate business interests in verifying your identity, for authentication and security purposes, and helping us to ensure our customers are genuine and to prevent fraud.
Our Sites process General Location Data. We may also process Precise Location Data through our Mobile App if you consent. We use this data, together with Inference Data and Device/Network Data in order to provide contextual information to you, such as the distance to your nearest Store, or to show you content related to your location. We may also use this information in connection with our legitimate business interests, such as, creating aggregate information about users’ location and patterns, which we use to personalize, optimize, and improve our Sites, and for our other Business Purposes and Commercial Purposes (which may include data sales/sharing).
We may also process this Personal Data for our Business Purposes and Commercial Purposes (which may include data sales/sharing). See your Rights and Choices for information regarding opt-out rights for cookies and similar technologies.
Third parties may view, edit, or set their own cookies or place web beacons on our websites. We, or third party providers, may be able to use these technologies to identify you across platforms, devices, sites, and services. Third parties may engage in Targeted Advertising using this data. Third parties have their own privacy policies and their processing is not subject to this Policy.
We generally process Identity Data, Payment Data, Transaction Data, and Contact Data when you engage in a purchase and sale transaction at one of our Stores. We process this Personal Information as necessary to perform or initiate a contract with you, process your order and payment, and carry out fulfillment and delivery. In addition, we may also collect or create Device/Network Data and Inference Data. This data, together with other data we collect in this context is used as necessary in connection with certain legitimate business interests, such as ensuring the security of our Services and to prevent fraud, or providing you with information about our Services, to contact you about administrative matters, to manage and respond to any queries or complaints you make or any correspondence you send us.
We process Identity Data, Payment Data, Transaction Data, Contact Data, Inference Data, and Device/Network Data when you complete an online purchase and sale transaction using our Digital Services. We do not permanently store your Payment Data, except at your request.
We process this Personal Data as necessary to perform or initiate a transaction with you, process your order, payment, or refund, carry out fulfillment and delivery, document transactions, and for our Business Purposes. We may process Identity Data, Transaction Data, Contact Data, and Device/Network Data for Commercial Purposes (which may include data sales/sharing). We do not sell or “share” Payment Data or use it for Business Purposes not permitted under applicable law.
When you sign up for the Adventure Club, Nitro® Card, &Rewards℠, or the &Rewards℠ Debit Card, or if you engage in one of our promotions or clubs (our “Loyalty Programs”) and create an account with us, we and our third-party processor may collect Identity Data, Device/Network Data, Location Data, Contact Data, Payment Data, and Sensitive Personal Information, such as account log-in, username and password, financial account information, and social security number. A full name, email address, phone number, birth date, and state is required to register for an account. Financial account information and social security number are required in order to process your application for any of our debit or credit cards which can be used for payments.
We process this Personal Information to open and maintain your account, provide you with information relevant to your account, and otherwise provide the features and services you request. We may use your Personal Information to respond to any emails or other communications you send to us, to advise you of any changes to our Digital Services or any products or services we offer or provide through them, or to advise you of any problems with our Services. In addition, subject to applicable law, we may also enroll you in marketing communications, e.g. with information regarding products, services and events offered by the Maverik Companies or third parties that we believe you may be interested in. You may opt-out of receiving our marketing communications by contacting us directly at email@example.com, by following the “unsubscribe” process at the bottom of the promotional email, or by following the opt-out process in your account. We may also use this Identity Data, Contact Data, Location Data, and Device/Network Data collected in this context for our Business Purposes and Commercial Purposes (which may include data sales/sharing).
For information on the categories of third parties that will receive Personal Information through our Loyalty Programs, please review the Disclosure - Sharing of Personal Information section.
Please also see our Loyalty Programs Notice of Financial Incentives:
Members of Maverik Companies’ Loyalty Programs may receive certain benefits as a result of their disclosure of Personal Information to the Maverik Companies and allowing the Maverik Companies to process, sell and share their information in accordance with and as further described in the applicable Adventure Club Terms and Conditions and the &Rewards Terms & Conditions. These benefits may include special offers, discounts, giveaways, and rewards, all of which are reasonably related to our good faith estimate of the value we receive from the Personal Information you disclose to us. We estimate that the value of Personal Information you provide to us by considering, without limitation, the expenses we incur from collecting your Personal Information and/or providing the financial incentive to you, the revenue generated by your use of the financial incentive, and any improvements we can make to our products and services based on aggregating information obtained through the financial incentive program.
If you wish to join the Adventure Club or apply for a Nitro Card, please complete the form here. If you join the Adventure Club, we will collect your first name, last name, email address, phone number, birth date, state, and password. If you apply for a Nitro Card, we will collect your first name, last name, email address, phone number, and address. For more information on the terms of the Adventure Club, please click here, and for more information on the Nitro Card, please click here.
If you wish to join the &Rewards℠ or apply for an &Rewards℠ Debit Card, please sign up here. If you join &Rewards℠, we will collect your first name, last name, email address, phone number, state, and password. If you proceed with age-verification (required for certain purchases), we will also collect your birth date. If you apply for an &Rewards℠ Debit Card, we will collect your first name, last name, email address, phone number, and address. For more information on the terms of &Rewards℠, please see here, and for more information on the &Rewards℠ Debit Card, please see here.
You may terminate your membership in one of our Loyalty Programs at any time by contacting the Maverik Companies Customer Service at (800)789-4455.
Additionally, the Maverik Companies use the following methods to communicate with Loyalty Program members: email, push notifications, SMS, calls, and direct mail via address.
Note: In some jurisdictions you may have a right to delete certain Personal Information that we hold about you. By exercising your right to delete, you are withdrawing from our Loyalty Programs because our Loyalty Programs offer specific benefits based on your place of residence and age (if provided).
We may process Identity Data, Device/Network Data and Contact Data in connection with email marketing communications (such as promotional emails), which you might receive if you register for an account, choose to receive marketing communications, or engage in a transaction allowing us to send you those marketing communications. We may also automatically collect Device/Network Data when you open or interact with those marketing communications so that we can better understand engagement with our marketing communications. We may process Precise Location Data if you consent.
Subject to your Rights and Choices, we use Identity Data, Contact Data, Inference Data, and Precise Location Data as necessary to customize, deliver, and otherwise process marketing communications, and in order to tailor certain communications to individuals’ preferences and requests. Additionally, we may process Device/Network Data from devices receiving those marketing communications as part of our business interests in understanding whether our emails are opened or other aspects of engagement with such marketing communications.
We generally process Identity Data, Contact Data, Transaction Data, User Content, or other data you may provide, including Sensitive Personal Information, such as Payment Data, security or access code, password, or credentials, when you sign up to join one of our Fleet Card Programs.
We process this Personal Information as necessary to perform or initiate a contract with you, to issue your Maverik Companies fleet card, and to aggregate and summarize your fleet transactions. This data, together with other data we collect in this context is used as necessary in connection with certain legitimate business interests, such as ensuring the security of our Services and to prevent fraud, or providing you with information about our Services, to contact you about administrative matters, to manage and respond to any queries or complaints you make or any correspondence you send us.
We process Identity Data and Contact Data when you apply to be a vendor or supplier (collectively, “Supplier”) to the Maverik Companies. If you become a Supplier, we may also collect Sensitive Personal Information such as Payment Data, Government ID Data, or Log-in Data.
We Process this Personal Information as necessary to evaluate, establish, and maintain the Supplier relationship, and for our Business Purposes. We do not sell or share Personal Information processed in this context. We process Sensitive Personal Data only for Business Purposes permitted under applicable law.
When you contact us though our Digital Services using a contact us box, through our chat, via email, or otherwise, we process Personal Information such as Identity Data, Device/Network Data, and any Personal Information contained within any User Content. We use Identity Data, Contact Data, and User Content as necessary to communicate with you about the subject matter of your request and related matter, and if you consent or otherwise subject to applicable laws, we may also add you to our mailing list to receive marketing communications.
We collect and process Identity Data, Contact Data, and User Content as necessary to process your request to enter the contest, sweepstakes, or take part in another promotion, notify you if you have won or to process delivery of a prize or for other related purposes. In addition, we may process this information in connection with our legitimate business interests, such as:
Note, if you win a contest/sweepstakes, we may publicly post some of your data on our Digital Services or our social media accounts (for example acceptance of a prize may also require you to allow us to post publicly some of your Personal Information such as on a winners’ page). Where required by law, your information will not be posted without your consent. We use this Identity Data, Contact Data, and User Content information for Commercial Purposes, unless prohibited by law.
We generally process Identity Data, Contact Data, Inference Data, and User Content collected in connection with customer feedback or customer satisfaction surveys. We generally process this Personal Information as necessary to respond to your requests/concerns, create aggregate analytics regarding guest satisfaction, or to allow our third-party partners to communicate with guests. Feedback/Survey data may be made available to certain third-party service providers, who may use it for their own purposes. We may also store and analyze feedback for our Business Purposes and Commercial Purposes (which may include data sales/sharing), for example, to improve our Services, and help recommend relevant offers or services.
We process any Personal Information as is necessary to provide the Services, and as otherwise necessary to fulfill our obligations to you, e.g. to provide you with the information, features, and services you request.
We may use any Personal Information we process through our Services as necessary in connection with our improvement of the design of our Services, understanding how our Services are used or function, for customer service purposes, in connection with the creation and analysis of logs and metadata relating to service use, and for ensuring the security and stability of the Services. Additionally, we may use Personal Information to understand what parts of our Service are most relevant to users, how users interact with various aspects of our Services, how our Services perform or fail to perform, etc., or we may analyze use of the Services to determine if there are specific activities that might indicate an information security risk to the Services or our Users. This processing is subject to users' rights and choices.
We process Personal Information as necessary in connection with our creation of aggregate analytics relating to how our Services are used, the products and services our users purchase, to create service delivery metrics, and to create other reports regarding the use of our Services, demographics of our Users, and other similar information and metrics. The resulting aggregate data will be deidentified, meaning it will not contain information from which an individual may be readily identified. We will maintain and use the information in deidentified form and not to attempt to reidentify the information, except that the business may attempt to reidentify the information solely for the purpose of determining whether its deidentification processes satisfy relevant legislation. This processing is subject to users' Rights and Choices.
Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Information subject to this Policy for purposes determined to be in the public interest or otherwise required by law. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest or as required by a public authority. Please see the data sharing section for more information about how we disclose Personal Information in extraordinary circumstances.
If we process Personal Information in connection with our Services in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to Users' rights and choices) unless otherwise stated when you provide it.
We process certain Personal Information as necessary in connection with our legitimate business interest in personalizing our Services. For example, aspects of our Sites may be customized to you so that it displays your name and other appearance or display preferences, to display content that you have interacted with in the past, or to display content that we think may be of interest to you based on your interactions with our Services and other content. This processing may involve the creation and use of Inference Data relating to your preferences.
Consistent with our legitimate business interests, we (or if appropriate, certain third-parties) may send you marketing and promotional communications if you sign up for such communications or purchase products or services from us. For example, we may process Contact Data and Identity Data when you opt-in to receive marketing communications via email or SMS. Where allowed, we may also send you these communications without opt-in, for example, you may receive email marketing communications if you register for our Services or for a promotion, or in connection with your communications with or submission of User Content to us. Similarly, we may also collect Device/Network Data and Contact Data so that we can determine whether you have opened an email or otherwise interacted with our communications, and we may generate Inference Data based on these interactions.
We, and certain third parties operating through our Services, may engage in targeted advertising. This form of advertising includes various parties and services providers, including third party data controllers, engaged in the processing of Personal Information in connection with advertising. These parties may be able to identify you across sites, devices, and over time. We generally use targeted advertising for the purpose of marketing our Services and third-party goods and services, to send marketing communications, including by creating custom marketing audiences on third-party websites (such as Facebook).
We, and certain third parties operating on or through our Services, may engage in online behavioral advertising. This form of advertising uses Device/Network Data, Identity Data, Location Data, and at times, Contact Data in order to deliver more relevant advertising to you. The parties that control the processing of Personal Information for behavioral advertising purposes may build a profile of you containing this information, and may be able to identify you across sites, devices, and over time. See your Rights and Choices for information about how you can limit or opt out of this processing.
We may share your information with:
Service Providers and Agents
In connection with our Business Purposes, product/service improvements, to enable certain features, and in connection with our other legitimate business interests and business purposes, we may share your Personal Information with service providers, contractors, and other third-parties who provide certain services or process data on our behalf. For example, we use third parties to host our Digital Services and email server, provide cloud storage, send certain emails, process credit card payments, or fulfill orders. These companies only have access to Personal Information needed to perform their functions, but may not use it for other purposes.
We may offer you the opportunity to use services operated by third parties, and if you choose to use these services, we will disclose the Personal Information that you direct us to provide to them or as is appropriate to fulfill your requests.
We may share Personal Information internally with our current and future subsidiaries and affiliates.
We may share Personal Information with data aggregators in support of our Commercial Purposes. These disclosures can help better personalize our Services, the services of third parties, and help ensure that you see advertisements that are more relevant to your interests.
We may change our ownership or corporate organization. We may transfer to another entity or its affiliates or service providers some or all of the information we hold about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Privacy Notice.
We may use or disclose information about you if required to do so by law or that we in good-faith believe that such sharing is necessary to (a) conform to applicable law or comply with legal process served on us or our Sites; (b) protect and defend our rights or property, our Sites, or our users; or (c) act to protect the personal safety of our employees and agents, other users of our Services, or members of the public.
If you use our Digital Services outside of the United States, you understand and acknowledge the transfer of information about you, and the collection, processing, and storage of information about you, in the United States and elsewhere. The laws in the U.S. and these countries regarding Personal Information may be different than the laws of your state or country.
Applicable law may grant you rights in your Personal Information. These rights vary based on your location. See the following sections for more information regarding your rights/choices in specific regions:
Certain rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Information. We may require that you provide the email address we have on file for you (and verify that you can access that email account) and we may request additional information from you. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
You may have the following choices regarding the Personal Information we process, to the extent required under applicable law, which you may exercise as further described below:
If you have an account with us, you can update your information or adjust your contact and marketing preferences by logging in to your online account. You may also contact Customer Service to update information by Contacting Us.
You can withdraw your consent to receive marketing communications by clicking on the unsubscribe link in an email (for email), by responding with “OPT-OUT,” STOP, or other supported unsubscribe message (for SMS or MMS), by adjusting the push message settings for our mobile apps using your device operating system (for push notifications), or for other communications, by contacting us using the information below. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.
You may withdraw any consent you have provided at any time. The consequence of you withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalizing or making relevant certain types of advertising, or other services conditioned on your consent or choice not to opt-out.
You may control or limit Precise Location Data that we collect through our Services by changing your preferences in your device’s location services preferences menu, or through your choices regarding the use of Bluetooth, WiFi, and other network interfaces you may use to interact with our Services. Note, we may collect general location data even if you opt out of the collection of Precise Location Data.
Targeted Advertising- You may opt out or withdraw your consent to Targeted Advertising by emailing firstname.lastname@example.org. In some cases, you may be able to opt-out by submitting requests to third party partners, including for the vendors listed below:
Do-Not-Track - Our Services do not respond to your browser’s do-not-track request.
We use a combination of reasonable physical, technical, and administrative safeguards to protect the information we collect through our Sites and offline. When your Personal Information is shared, we will take a reasonable approach to prevent the unauthorized use of Personal Information.
While we use these precautions to safeguard your Personal Information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf.
We will review retention periods periodically and may pseudonymize or anonymize data held for longer periods.
We do not knowingly collect information directly from persons under the age of 16, via our Sites or offline, other than when required to comply with the law or for safety or security reasons, such as in the event of an accident at a store requiring the completion of an incident report.
If you are a parent or guardian of a minor who has provided information without your knowledge or consent, you may submit a request to remove the minor’s information by calling Customer Service at (800)789-4455 or emailing us at email@example.com. This email is for data privacy matters only. For all other questions or concerns, please email CustomerService@maverik.com.
The Maverik Companies are committed to facilitating the accessibility and usability of our Services for all individuals with disabilities. We continue to improve accessibility to our Digital Services and strive to create an accessible and barrier-free environment by making reasonable efforts to meet Level AA design standards recommended by the World Wide Web Consortium (W3C) in its Web Content Accessibility Guidelines (WCAG) 2.0.
Please be aware that we view accessibility as an ongoing effort and are continually seeking solutions that will ensure accessibility to all users. As such, our team tests our Digital Services on a periodic basis with assistive technologies.
For the best experience, we recommend using the most current version of any browser and assistive technology application. We further recommend trying different browsers with your assistive technology to determine which combination works best for you. The use of the version of the browser or assistive technology released immediately prior to the latest version also should provide a good user experience.
Please contact us at firstname.lastname@example.org if you are experiencing issues with the accessibility of our Services, or if you have specific questions or concerns about the accessibility of any particular page or section of any of our Digital Services. If you do encounter an accessibility issue, please be sure to specify the web page or section of the Mobile App in your email, and we will make all reasonable efforts to make that page or section accessible for you.
Under the California Consumer Privacy Act (“CCPA”), the Colorado Privacy Act, and other state privacy laws, residents of certain US states may have the following rights, subject to regional requirements, exceptions, and limitations.
Right to confirm whether we process your Personal Information.
Right to request any of following: (1) the categories of Personal Information we have collected, sold/shared, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Information was collected; (3) the purposes for which we collected or sold/shared your Personal Information; (4) the categories of third parties to whom we have sold/shared your Personal Information, or disclosed it for a business purpose; and (5) the specific pieces of Personal Information we have collected about you.
Right to request that we provide certain Personal Information in a common, portable format.
Right to delete certain Personal Information that we hold about you.
Right to correct certain Personal Information that we hold about you.
Right to opt-out of the following:
To the extent we have actual knowledge that we collect or maintain Personal Information of a minor under age 16 in California, those minors must opt in to any sales/sharing of Personal Information (as defined under CCPA), and minors under the age of 13 must have a parent consent to sales/sharing of Personal Information. All minors have the right to opt-out later at any time.
California residents have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA.
California residents may request a list of Personal Information we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.
Residents of California under the age of 18 can delete or remove posts using the same deletion or removal procedures described above, or otherwise made available through the Digital Services. If you have questions about how to remove your posts or if you would like additional assistance with deletion, contact us using the information below. We will work to delete your information, but we cannot guarantee comprehensive removal of that content or information posted through the Digital Services.
You may submit requests as follows (please review our verification requirements section). If you have any questions or wish to appeal any refusal to take action in response to a rights request (if the right of appeal is granted by your state), contact us at email@example.com. We will respond to any request to appeal within the period required by law:
For purposes of the CCPA, we have disclosed to Service Providers for “business purposes” in the preceding 12 months the following categories of Personal Data, to the following categories of recipients:
Category of Personal Data
Category of Recipients
Service Providers & Agents; Partners; Corporate Events; Legal Disclosure, Data Aggregators
General Location Data
Service Providers & Agents; Corporate Events; Legal Disclosure
Sensitive Personal Information: Government ID Data; Payment Data
Service Providers & Agents; Corporate Events; Legal Disclosure
For purposes of the CCPA, we have “sold” or “shared” in the preceding 12 months the following categories of Personal Data in the, to the following categories of recipients:
Category of Personal Data
Category of Recipients
Service Providers & Agents; Partners; Data Aggregators
Device Network Data
General Location Data
For purposes of CCPA, we may use or disclose the following categories of Sensitive Personal Data Government ID Data; Payment Data; Precise Location Data; Log-in Data. However, we do not sell or share Sensitive Personal Data, or use it for purposes other than those listed in CCPA section 7027(m).
The Nevada Revised Statutes (NRS 603A.300 et seq.) permit a Nevada consumer to direct an operator of an Internet website or online service to refrain from making any sale of any covered information the operator has collected or will collect about that consumer. You may submit a request pursuant to this directive by emailing us at firstname.lastname@example.org re: Nevada Privacy Rights.
We collect the following categories of Personal Information linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status (“Consumer Health Data”) as defined under Washington’s My Health My Data Act, for the following purposes:
Categories of Consumer Health Data
Purpose for Collection
How data will be used
Precise location information that could reasonably indicate a consumer's attempt to acquire or receive health services or supplies;
We use Precise Location Data with your consent:
• To provide contextual information to you, such as the distance to your nearest Store, or to show you content related to your location.
• As necessary to customize, deliver, and otherwise process marketing communications, and in order to tailor certain communications to individuals’ preferences and requests.
• In connection with our legitimate business interests, such as, creating aggregate information about users’ location and patterns, which we use to personalize, optimize, and improve our Site, and for our other Business Purposes and Commercial Purposes (which may include data sales/sharing).
Data that identifies a consumer seeking “health care services” as defined under Washington’s My Health My Data Act, also referred to as “Identity Data;”
We use Identity Data as necessary :
• In connection with certain legitimate business interests in verifying your identity;
• For authentication and security purposes; and
• Helping us to ensure our customers are genuine and to prevent fraud;
• to initiate or fulfill your requests through our Website;
• to ensure the security of our Services;
• to prevent fraud;
• to providing you with information about our Services;
• to contact you about administrative matters;
• to manage and respond to any queries or complaints you make or any correspondence you send us;
• in connection with our Business Purposes;
We may process Identity Data, for Commercial Purposes (which may include data sales/sharing).
Any information that we or our respective processor, processes to associate or identify you with data described above that is derived or extrapolated from non-health information (such as proxy, derivative, inferred, or emergent data by any means, including algorithms or machine learning), also referred to as “Inference Data.”
We use Inference Data as necessary to:
• to provide contextual information to you, such as the distance to your nearest Store, or to show you content related to your location.
• to customize, deliver, and otherwise process marketing communications, and in order to tailor certain communications to individuals’ preferences and requests.
We collect Consumer Health Data from various sources, which include: from you; collected automatically; from Third Party Services; Personal Information we create and infer.
We may share the following categories of Consumer Health Data with third parties and specific affiliates:
We may share Consumer Health Data with the following categories of third-party recipients: Service Providers and Agents; Partners; Data Aggregators; Legal Disclosure.
We do not currently share Consumer Health Data with specific Affiliates.
Under the Washington State My Health My Data Act, Washington State residents and natural persons whose Consumer Health Data is collected in Washington may have the following rights, subject to verification, exceptions, and limitations:
Right to Confirm/Access/Know - Up to twice annually, you have the right to (a) confirm whether we are collecting, sharing, or selling your Consumer Health Data, and (b) access such data, including a list of all third parties and affiliates with whom we have shared or sold the consumer health data and an active email address or other online mechanism that you may use to contact these third parties. (Effective March 31, 2024)
Right to Delete - You have the right to request deletion of the Consumer Health Data held by us and our affiliates, processors, contractors, and other third parties.
Right to Withdraw Your Consent/Opt-Out - You may withdraw any consent you have provided at any time. The consequence of you withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalizing or making relevant certain types of advertising, or other services conditioned on your consent or choice not to opt-out.
Right to Non-Discrimination - You have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the My Health My Data Act.
You may submit requests as follows (please review our verification requirements section).
If you have any questions or wish to appeal any refusal to take action in response to a rights request (if the right of appeal is granted by your state), contact us at email@example.com. We will respond to any request to appeal within the period required by law.