Effective Date: 02 December 2024
This Privacy Policy describes the privacy practices of Little Caesar Enterprises, Inc., and/or certain of its related and affiliated entities (on whose websites and other Services where this Privacy Policy is posted), which we refer to in this Privacy Policy as “LCE” or “we,” “our” or “us.”
Please note: This Privacy Policy does not apply to the data practices of third parties that may interact with our Service, or that operate LCE-branded online services under license (unless this Privacy Policy is linked there), or that operate LCE-branded franchise store locations.
This Privacy Policy describes how we collect, use and disclose personal information in relation to the operation of our business, including (1) LCE owned and operated retail locations in the U.S.; (2) our “Service,” which includes our website (littlecaesars.com) and our Little Caesars mobile application, as well as any other service, platform, website, or application (“App”) we may offer that links to this Privacy Policy; and (3) any communications between you and us, such as through customer service interactions and emails and other communications we send. Please note that this Privacy Policy applies to information that qualifies as personal information, which is information that can be used to reasonably identify you, such as your name, email address, and similar information.
Under certain laws, including those which our U.S. State Privacy Notice covers, the definition of personal information (which we use broadly to include similar terms such as “personal data”) is broader and also covers things like online identifiers (for example, IP address, cookie IDs, device IDs). Where information does not qualify as personal information, including information that has been deidentified, anonymized, or aggregated, we will not treat it as such. However, where we are required by law to treat certain information as personal information, or where we combine certain information with personal information, we will treat it as personal information.
This Privacy Policy does not apply to any online services, platforms, websites, or applications where it is not linked.
Sometimes additional or different privacy policies or practices may apply, in which case we will provide you with notice at the time of collection. Where applicable, those additional policies or practices supplement this Privacy Policy.
IN ADDITION, PLEASE REVIEW OUR TERMS OF SERVICE WHICH GOVERNS YOUR USE OF THE SERVICE. BY USING OUR SERVICE, YOU CONSENT TO OUR PRIVACY POLICY AND OUR COLLECTION, USE, AND DISCLOSURE OF PERSONAL INFORMATION DESCRIBED HEREIN.
We collect information in relation to the operation of our business and, most importantly, to run our restaurants and serve you pizza. Some of the data categories listed below may not apply to you, depending on how you interact with us.
The definition of personal information under certain laws is limited to information that can be used to directly identify you, such as your name, email address, and similar information. Under other laws, including those which our U.S. State Privacy Notice covers, the definition of personal information is broader and also covers things like online identifiers (IP address, cookie IDs, device IDs). Where we are required by law to treat certain information as personal information, or where we combine certain information with personal information, we will treat it as such.
Below are some examples of how we may collect your information. In some instances, our agents, service providers, and vendors (“Vendors”) may collect it on our behalf.
Directly From You on the Service
We may collect information directly from you when you order pizza or make other purchases, register for an account, enter a sweepstakes, contest, or other promotion, or otherwise fill out a form or make a request on the Service. You may also directly provide information to us when you communicate with or contact us and fill out surveys.
Information from your Retail Location Visits
We may collect information using technology in our stores and premises, such as cameras and CCTV. This technology is used for operational and security purposes, to protect the health and safety of our customers and associates and to prevent, investigate, and prosecute shoplifting, fraud, and other criminal activities. We may also collect information directly from you when you visit a store, such as when you interact with a team member or order pizza in person.
Automatically from You or Your Device When You Visit the Service
We use cookies and other tracking technologies (“Tracking Technologies”), as discussed in further detail below, to collect information about your device and your use of the Service.
We may use a variety of technologies that store or collect certain information whenever you visit or interact with the Service. This information may be stored or accessed using a variety of technologies that may be downloaded to your personal computer, browser, laptop, tablet, mobile phone or other device whenever you visit or interact with our Service.
In some instances, we may collect different identifiers that identify your device or browser, such as IP address, mobile advertising ID, and others (“Device Identifiers”). We may use such Device Identifiers to associate information you have provided on different devices, or during separate interactions with us on the Service on the same device. For example, if you login to your account on your mobile phone, then later login to your account on your tablet or laptop, we may collect those Device Identifiers and associate those two devices and their Device Identifiers with other information we have on you. By way of another example, if you use the Service (for example, to order pizza) while logged into your account during one interaction but later use the Service on the same device, but not logged into your account, we may use Device Identifiers and other information to associate these separate interactions with the Service with your single device.
We may use various tracking technologies such as those described below (“Tracking Technologies”) to collect information on the Service, including the types of information described above in the What Information Do We Collect? section. Tracking Technologies include:
There may be other Tracking Technologies now and later devised and used by us in connection with the Service.
From our Affiliates and Related Entities, and Franchisees
We may receive information from our affiliates and related entities that are part of the Ilitch Companies, as well as from our franchisees.
From Others
We may receive information about you from third parties, including your friends and others (when they submit content to us or post or interact with the Service) and Third-Party Services. Additionally, we may, from time to time, supplement the information we collect with information from third parties.
Information You Provide about Others
The Service may allow you to submit the personal information of someone else, such as if you are ordering pizza to a friend’s house and provide their address. In addition, the Service (or a Third-Party Service) may offer functionality to send someone else an invitation or other communication. If so, the information you provide is used to facilitate the communication or transaction and is not used by us for any other marketing purpose unless we obtain consent from that person or we explicitly say otherwise. Please see the “Content You Submit and Community Usage Rules” in our Terms of Service for our expectations and your obligations as to information that you submit. Please be aware that when you use any send-to-a-friend functionality, your information, including contact information, name or username and message, may be included in the communication sent to your addressee(s), and the communication will indicate it was sent at your request and/or on your behalf.
Generally, we use and otherwise process personal information to provide you with pizza and other products and services you purchase or request, personalize our offerings, services, and marketing, and to otherwise support our business and the business of our franchisees. Below are more specific examples of various purposes for which we use personal information:
We disclose or otherwise make available personal information as described in this Privacy Policy, including for the processing purposes described in Section 2 above, and as follows:
Your personal information may be stored and processed by Vendors and other third parties implicated above in the United States or other locations where they maintain facilities.
If the Service permits you to submit content (“User Content”), we or others may store, display, reproduce, publish, distribute, or otherwise use User Content online or offline in any media or format (currently existing or hereafter developed) and may or may not attribute it to you. You choose what User Content you submit. You may be able to submit User Content including ideas, photographs, user profiles, writings, music, video, audio recordings, computer graphics, pictures, data, questions, comments, suggestions, and personal information, to private areas of the Service, or to public areas of the Service such as blogs and message boards. Others may have access to this User Content and may have the ability to disclose it to third parties. Please think carefully before deciding what information you share, in connection with your User Content. Please note that LCE does not control who will have access to the information that you choose to make public and cannot ensure that parties who have access to such publicly available information will respect your privacy or keep it secure. We are not responsible for the accuracy, use or misuse of any User Content that you disclose or receive from third parties through the Service.
User Content that you submit in public areas of the Service is not subject to our usage or sharing limitations, or other obligations under this Privacy Policy or otherwise, and may be used and disclosed by us and third parties, except as prohibited by law. We encourage you to exercise caution when making decisions about what you disclose in such public areas. We are not responsible for User Content you submit to third party services via our Service.
Generally
The Service has functionality that allows certain kinds of interactions between the Service and third-party content, web sites, applications, platform, code ((e.g., plug-ins, application programming interfaces (“API”), and software development kits (“SDKs”)), and Tracking Technologies (collectively, “Third-Party Services”).
For example, you may have an option to use your Facebook, Google or other account provided by a Third-Party Service to interact with the Service, including by logging into the service or posting information from the Service on the Third-Party Service (or vice versa) (“Social Features”). If we offer and you choose to use Social Features, the Third-Party Service may send personal information about you to us. If so, we will then treat it as personal information under this Privacy Policy since we are collecting it as a result of your accessing of and interaction on our Service. If you use Social Features, and potentially other Third-Party Services, information you post or provide access to may be publicly displayed on the Service (as described in Section 4 above) or by the Third-Party Service that you use, depending on your privacy settings on each. Similarly, if you post information on a Third-Party Service that references the Service (e.g., by using a hashtag associated with us in a tweet or status update), your post may be used on or in connection with the Service or otherwise by us. Also, both we and the third party may have access to certain information about you and your use of the Service and any Third-Party Service.
Third-Party Services may use their own cookies, web beacons, and other Tracking Technologies to independently, collect information about you, including Third-Party Services to which you are directed from the Service, including where you click a link and leave the Service entirely. There are certain websites and other Third-Party Services to which we may link from the Service, which are third party websites using our name under license but with their own terms and policies (except where we have explicitly linked to this Privacy Policy).
We are not responsible for the policies or business practices of Third-Party Services, including how they collect, use, or disclose your information, including through Tracking Technologies that collect information regarding your visit to the Service as well as after your visit is over. These Third-Party Services may have their own terms of service, privacy policies or other policies and ask you to agree to the same. Be sure to review any available policies before submitting any personally identifiable information to or otherwise interacting with any Third-Party Services.
Analytics
We may use Google Analytics, Adobe Analytics, or other Service Providers for analytics services. These analytics services may use cookies and other Tracking Technologies to help us analyze Service users and how they use the Service. Information generated by these analytics services (e.g., your IP address and other Usage Information) may be transmitted to and stored by these Service Providers on servers in the U.S. (or elsewhere) and these Vendors and/or Third-Party Services may use this information for purposes such as evaluating your use of the Service, compiling statistic reports on the Service’s activity, and providing other services relating to Service activity and other Internet usage. See Section 6 for more information on your choices regarding certain analytics Tracking Technologies.
Interest-Based Advertising
We may engage and work with Vendors and Third-Party Services to serve advertisements on the Service and/or on other online services. Some of these ads may be tailored to your interest based on your browsing across time on the Service and elsewhere online (other websites and services), which may include use of precise location and/or cross-device data, sometimes referred to as “interest-based advertising” (“Interest-based Advertising”). See Section 6 for more information on your choices regarding Interest-based Advertising, and our U.S. State Privacy Notice for information on your choices with respect to Interest-based Advertising that qualifies as “Targeted Advertising” and/or “Cross-Context Behavioral Advertising”.
Marketing/Promotional Communications
You may unsubscribe from our email and other electronic marketing communications you receive from us as follows: (i) for promotional emails, following the instructions provided in emails to click on the unsubscribe link, or if available by changing your communication preferences by logging onto your account; (ii) for text messages, following the instructions provided in text messages from us to text the word, “STOP” (or as otherwise instructed); and (iii) for app push notifications, turn off push notifications on the settings of your mobile device.
Opting out of certain communications will not affect subsequent subscriptions and, if your opt-out is limited to certain types of electronic communications, the opt-out will be so limited. Subsequent or different subscriptions will be unaffected. Please note that we reserve the right to send you certain communications relating to your account or use of our Service and administrative and service announcements. These transactional messages will be unaffected if you choose to opt-out of marketing communications.
App Features and Functionality
All of the App’s features and functionality, and its related data collection, can be terminated by uninstalling the App. You can use the App’s or your device’s settings to set and change some settings and control some functions, such as enabling or disabling certain features (e.g., “tracking”, Bluetooth, location-based services, push notifications, etc.)
Tracking Technologies and Interest-based Advertising
Consent Management Platform and Device/Browser Settings
We offer a Tracking Technologies management platform (also called a consent management platform or CMP) that allows you to exercise choice with respect to certain Tracking Technologies on the Service. Please click here to visit the CMP.
Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options, so you may need to set them separately. Also, tools from commercial browsers may not be effective with regard to certain Tracking Technologies.
Some App-related Tracking Technologies in connection with non-browser usage (e.g., most functionality of a mobile app) can only be disabled by uninstalling the app. To uninstall an app, follow the instructions from your operating system or device manufacturer. Apple and Google mobile device settings have settings to limit ad tracking, and other tracking, but these may not be completely effective.
Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” you can visit http://www.allaboutdnt.com, but we are not responsible for the completeness or accuracy of this third-party information.
Some third parties, however, may offer you choices regarding their Tracking Technologies.
Interest-Based Advertising Industry Opt-Out Programs
There are two advertising industry organizations – the Network Advertising Alliance (NAI) and Digital Advertising Alliance (DAA) that offer opt-out programs. You can visit the following links to submit opt-out requests to companies participating in each program. The NAI’s opt-out page provides detailed information regarding the opt out of Interest-based Advertising and its limitations. For similar information from the DAA regarding its opt-out program, click here (web-based program) and here (app-based program).
Please be aware that, even if you are able to opt out of certain kinds of Interest-based Ads, you will continue to receive non-targeted ads. Further, if you selectively opt out of one or more of the above opt-out programs, you may receive Interest-based Advertising from other participants. You may also receive Interest-based Advertising from parties that do not participate in the NAI or DAA’s programs. However, LCE supports the ad industry’s Self-regulatory Principles for Online Behavioral Advertising and expect that ad networks LCE directly engages to serve you Interest-based Ads will do so as well, though LCE cannot guaranty their compliance.
Company-specific Opt-Outs
We may also use Microsoft Advertising Services. To learn about the data Microsoft collects and how your data is used by it and to opt-out of certain Microsoft browser Interest-based Advertising, please visit here.
We may also use Google Ad Services. To learn more about the data Google collects and how your data is used by it and to optout of certain Google browser Interest-Based Advertising, please visit here.
For Google Analytics, please visit here. For Adobe Analytics, please visit here.
Important Notice Regarding Opt-Outs
We are not responsible for effectiveness of, or compliance with, any third parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
You will need to exercise the above choices on each browser or device that you use. Please be aware that if you disable or remove certain Tracking Technologies, some parts of the Service may not work or will function with more limited capabilities. In addition, please note that your choices sometimes rely on Tracking Technologies, such that when you clear or disable them, your choices are reset.
Our Service is operated in the United States and intended for users located in the United States. If you are located outside of the United States, please be aware that personal information and other information we collect, will be transferred to, and processed, stored, and used in the United States. The data protection laws in the United States may differ from those of the country in which you are located, and your personal information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States. By using the Service or providing us with any information, to the extent permitted under applicable law, you consent to the transfer to, and processing, usage, sharing and storage of your personal information and other information, in the United States as set forth in this Privacy Policy.
We understand the importance of protecting children’s privacy online. We do not use the Service to knowingly collect personal information from children under the age of thirteen (13).
In the event that we become aware that we have collected personal information from any child, we will dispose of that information in accordance with the Children’s Online Privacy Protection Act (“COPPA”) and other applicable laws and regulations. If you are a parent or guardian and you believe that your child under the age of 13 has provided us with personal information without COPPA-required consent, please contact us at privacy@lcecorp.com.
We endeavor to incorporate commercially reasonable safeguards to help protect and secure your personal information. However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed to be 100% secure. Please note that we cannot ensure the security of any personal information you transmit to us, and you use our Service and otherwise provide us with your information at your own risk.
We reserve the right to change this Privacy Policy at any time. Any changes will be effective immediately upon the posting of the revised Privacy Policy and your use of our Service indicates your consent to the privacy policy posted at the time of use. However, we will not use your previously collected personal information in a manner materially different than represented at the time it was collected without your consent.
If you have any questions about this Privacy Policy or practices described in it, you can contact us in the following ways:
Effective Date: 02 December 2024
This U.S. State Privacy Notice applies to state residents defined as “Consumers” under privacy laws in California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia. (collectively, “U.S. Privacy Laws”). This U.S. State Privacy Notice is a supplement to our other privacy policies or notices, including the remainder of this Privacy Policy. In the event of a conflict between any other LCE policy, statement, or notice and this U.S. State Privacy Notice, this U.S. State Privacy Notice will prevail as to Consumers and their rights under the applicable U.S. Privacy Law.
This U.S. State Privacy Notice is designed to provide you with notice of our recent, historical data practices over the prior 12 months (from the Effective Date listed at the top of this U.S. State Privacy Notice) which is required under some of the U.S. Privacy Laws. However, this U.S. State Privacy Notice also applies to our current data practices such that it is also meant to comply with other requirements to provide current practices which under California’s law is referred to as “notice at collection,” which is notice of personal information we collect online and offline, and the purposes for which we process personal information, among other things that are required. For any new or substantially different processing activities that are not described in this U.S. State Privacy Notice, we will notify you as legally required. We reserve the right to amend this U.S. State Privacy Notice at our discretion and at any time. When we make changes to this U.S. State Privacy Notice, we will post an updated version on the Service and update the Effective Date.
Section A of this U.S. State Privacy Notice covers our collection, use, and disclosure of Consumers’ personal information or personal data (referred to herein as “personal information” or “PI”) as defined under applicable law. Section B of this U.S. State Privacy Notice describes your rights under U.S. Privacy Laws and explains how to exercise those rights.
Who does this apply to? This notice applies to Consumers that interact with us as traditional customers of LCE, as well as information we collect about you if you interact with us in a business-to-business context, such as if you are an employee of one of our vendors or suppliers or one of our franchise locations, and other Consumers about whom we collect personal information (except in an HR context).
Who does this notice not apply to? This U.S. State Privacy Notice does not apply to data that is collected in an HR context. For example, if you are a California resident and an applicant of LCE or one of its affiliated or related entities, or if we have collected data from or about you otherwise in a pre-employment context, please visit here for our CA applicant privacy policy. Current or former employees can access the CA employee privacy policy by logging into the employee portal or by calling us at 1-833-803-1077.
Notably, this U.S. State Privacy Notice does not apply to data that is not treated as PI under the U.S. Privacy Laws or to the extent the data is subject to an exemption under the applicable laws. This U.S. State Privacy Notice also does not apply to information collected by Third-Party Services (as defined and discussed above in our Privacy Policy) or to information collected independently by our network of franchisees.
Generally, we collect, retain, use, and disclose your PI to provide you our products and services and as otherwise related to the operation of our business. More specifically, we collect, retain, use, and disclose your PI for the business and commercial purposes listed in Section 2 and 3 of our Privacy Policy above (“Processing Purposes”). Some of the Processing Purposes, as we discuss below the table, implicate “Sale,” “Sharing”, and/or “Targeted Advertising” by LCE. For more details on the meaning of Sale, Sharing, and Targeted Advertising, and how to opt-out of them, please visit the Do Not Sell/Share/Target Section below. Please note that the Processing Purposes as shown in the table are categorical descriptions, to aid in readability and clarity. Please reference Sections 2 and 3 of the Privacy Policy above for the full description of each Processing Purpose.
The table below describes the categories of PI we collect as well as examples of types of data that fit within such categories, in the left column. Please refer to Section 1 of our Privacy Policy above, where certain categories are explained in further detail. The middle column lists Processing Purposes applicable to each category of PI. The right column states the categories of recipients that receive those specific categories of PI and Sensitive PI as part of disclosures for business purposes, as well as disclosures which may be considered a Sale or Sharing under certain U.S. Privacy Laws.
We also may disclose each category of PI and Sensitive PI in the table to the following categories of recipients in a manner that does not constitute Sale or Sharing:
In addition, our Vendors and the other recipients listed in the above table may, subject to contractual restrictions imposed by us and/or legal obligations, also use and disclose your PI for business purposes. For example, our Vendors and the other categories of recipients listed in the table above may engage subcontractors to enable them to perform services for us or process for our business purposes.
When you provide us PI for the following Processing Purposes, we may use certain information, such as your email address, that you provide for such purposes to advertise to you. This may include making available your PI to certain third parties in ways that may constitute a Sale and/or Sharing, as well as using your PI for purposes of Targeted Advertising.
Processing Purposes that may implicate Selling, Sharing, and/or Targeted Advertising include the following:
Some of the U.S. Privacy Laws require us to state whether we carry out processing of PI that implicates profiling in furtherance of decisions that produce legal or similarly significant effects. One activity that we carry out that may constitute such profiling is where we, like most businesses, utilize one or more Vendors or Third-Party Services (“Fraud Detectors”) to detect and prevent fraud or other illegal activities (including violations of our Terms of Service) on our Services, and to decide whether to permit a particular transaction from being completed. For example, users of the Service may be prevented from completing a transaction/purchase, and purchasing food items, if these third parties detect fraud or other illegal activity. The categories of PI that will be processed as part of this activity are identifiers and contact information, personal records, account details and customer information, Service usage information, location data (including precise location data), and inferences. Fraud Detectors collect data from the Service and elsewhere and use that data to analyze, evaluate, and predict whether a particular transaction is unusual for a particular consumer or otherwise indicative of fraudulent activity, such as if a credit card is suddenly used for multiple transactions in different locations within a short period, or if the proposed transaction does not align with the prior purchase behavior of a particular consumer, including spending patterns, location, transaction amounts, frequency of transactions, and types of merchants.
This Fraud Detector activity is beneficial to consumers because it is meant to prevent misuse of consumers’ credit card information on our Services and to otherwise protect consumers’ other personal information. We are unable to offer an opt-out of this activity because doing so would restrict our ability to detect and prevent fraudulent and other illegal transactions and to comply with our legal obligations. Please visit the privacy policy of Sift, our current Fraud Detector, to understand its data practices and any rights you may be able to exercise as to its processing of your personal information, and information regarding whether Sift has tested its systems for accuracy, fairness, or bias (and the outcome of such testing). If you are unable to make a purchase on the Service due to suspected fraud, please follow the instructions that are presented to you at the time of your attempted lawful transaction, such as utilizing a different payment method, including a different credit card, or cash (if you visit us in-person at one of our many retail locations).
As described in our Privacy Policy above, we collect PI directly from you or from your Device, Third-Party Services, Vendors, our affiliates and related entities, other individuals (e.g., your friends and others that use the Service and submit content) and franchisees and other third parties.
Because there are so many different types of PI in certain categories, and so many purposes and use cases for different data, we are unable to provide retention ranges based on categories of PI in a way that would be meaningful and transparent to you. Actual retention periods for all PI will depend upon how long we have a legitimate purpose for the retention consistent with the collection purposes and applicable law. For instance, we may maintain business records for so long as relevant to our business and may have a legal obligation to hold PI for so long as potentially relevant to prospective or actual litigation or government investigation. We apply the same criteria for determining if we have a legitimate purpose for retaining your PI that you ask us to delete. If you make a deletion request, we will conduct a review of your PI to confirm if legitimate ongoing retention purposes exist, will limit the retention to such purposes for so long as the purpose continues, and will respond to you with information on any retention purposes on which we rely for not deleting your PI. For more information on deletion requests see the Right to Delete section.
As described in further detail below, we provide Consumers – which are, for clarity, residents of the states listed at the beginning of this State Privacy Notice – the privacy rights described in this section. For residents of states without Consumer privacy rights, we will consider requests but will apply our discretion in how we process such requests. For states listed above that have passed consumer privacy laws but are not yet in effect as of the Effective Date, we will also consider applying state law rights prior to the effective date of such laws but will do so in our discretion.
As permitted by the U.S. Privacy Laws, certain requests you submit to us are subject to an identity verification process (“Verifiable Consumer Request”) as described in the “Verifying Your Request” section below. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI.
To make a request, please use one of the methods below. For additional instructions on how to submit a Do Not Sell/Share/Target request as to Cookie PI, visit that section).
Note that some Little Caesars locations are independently owned and operated by franchisees, in which case a request to us will not include PI collected independently by them that was not shared with us.
Some information we maintain about Consumers that is technically considered PI may, nonetheless, not be sufficiently associated with information that you provide when making your request. For example, if you provide your name, email address, and phone number when making a request, we may be unable to associate that with certain data collected on the Service, such as clickstream data tied only to a pseudonymous browser ID. Where we are unable to associate such information with the information you provide, we do not include such information in response to those requests. If we cannot comply with a request, we will explain the reasons in our response. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses unless you also gave it to us for another purpose.
We will make commercially reasonable efforts to identify PI that we collect, process, store, disclose, and otherwise use and to respond to your privacy requests. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.
When you make a request, we will verify that you are the person you say you are, or, if you are seeking information on behalf of another person, that you are authorized to make the request on their behalf (see our “Authorizing an Agent” section immediately below). In addition, we will compare the information you have provided to ensure that we maintain personal information about you in our systems. As an initial matter, we ask that you provide us with, at a minimum, your full name and phone number or email, and the nature in which you have transacted or interacted with us (e.g., in store or online, or both). Depending on the nature of the request and whether we have the phone number or email address you have provided in our systems, we may request further information from you to verify that you are, in fact, the Consumer making the request. We will review the information provided as part of your request and may ask you to provide additional information via email or other means to complete the verification process. We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces), Right to Delete, or Right to Correction request unless you have provided sufficient information for us to reasonably verify you are the Consumer that is the subject of the request. The same verification process does not apply to opt-outs of Sale or Sharing, or limitation of Sensitive PI requests, but we may apply authentication measures if we suspect fraud (such as verifying access to the email address or phone number provided when making the request).
The verification standards we are required to apply for each type of request vary. We verify your categories requests and certain deletion and correction requests (e.g., those that are less sensitive in nature) to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you. For certain deletion and correction requests (such as those that relate to personal information that is more sensitive in nature) and for specific pieces requests, we apply a verification standard of reasonably high degree of certainty. This standard includes matching at least three data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you, and may include obtaining a signed declaration from you, under penalty of perjury, that you are the individual whose personal information is the subject of the request.
If we cannot verify you in respect of certain requests, such as if you do not provide the requested information, we will still take certain action as required by certain U.S. Privacy Laws. For example, if you are a California Consumer:
You may designate an authorized agent to submit a request on your behalf using the submission methods described above. If you are an authorized agent who would like to make a request, the U.S. Privacy Laws require that we ensure that a request made by an agent is a Verifiable Consumer Request (except Do Not Sell/Share requests) and allows us to request further information to ensure that the Consumer has authorized the agent to make the request on their behalf. Generally, we will request that an agent provide proof that the Consumer gave the agent signed permission to submit the request, and, as permitted under the U.S. Privacy Laws, we also may require the Consumer to either verify their own identity or directly confirm with us that they provided the agent permission to submit the request.
Appeal Rights
Residents of Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Jersey, New Hampshire, Oregon, Texas, and Virginia have the right to appeal our decision regarding a request by following the instructions in our response to your request.
Right to Limit Sensitive PI Processing
Certain personal information qualifies as sensitive data or Sensitive PI under the U.S. Privacy Laws, which we refer to in this U.S. State Privacy Notice as “Sensitive PI”. Certain U.S. Privacy Laws require us to state that you have the right to direct businesses to limit their use and disclosure of Sensitive PI if we use or disclose it beyond certain internal business purposes. However, we do not process Sensitive PI in a way that would make that limitation right applicable.
Right to Know/Access
Right to Know Categories
If you are a California resident, you have the right to request that we share with you certain information to you about our collection, use and disclosure of your PI over the 12-month period prior to the request date, related to categories of PI. You can request that we disclose to you: (1) the categories of PI we collected about you; (2) the categories of sources for the PI; (3) our business or commercial purpose for collecting or selling that PI ; (4) a list of the categories of PI disclosed for a business purpose in the prior 12 months and, for each category of PI, the categories of recipients; and (5) a list of the categories of PI sold or shared about you in the prior 12 months and, for each, the categories of recipients.
Right to Know Specific Pieces
You have the right to request a transportable copy of the specific pieces of PI we collected about you. In some states, such as California, this includes the right to PI collected in the 12-month period preceding your request. Please note that PI is retained by us for various time periods, so there may be certain information that we have collected about you that we do not even retain for 12 months (and thus, it would not be able to be included in our response to you). Based on your state of residence, we may apply a limit on the number of “right to know” requests you make over a particular time period, as permitted in the applicable U.S. Privacy Law.
Right to Confirm Processing
You have the right to confirm if we are processing your PI, which you can request pursuant to the methods above, and to access your personal information as just stated in the two immediately prior paragraphs.
Right to Delete
You have the right to request that we delete your PI that we have collected and retained, subject to certain exceptions which we will explain (if they apply). In some states, this right is limited to PI that we collected directly from you. After we confirm that your deletion request is a Verifiable Consumer Request, subject to permitted retention exceptions, we will carry out one or more of the following: (i) permanently erase your PI on our existing systems with the exception of archived or back-up systems, (ii) deidentify your PI, or (iii) aggregate your PI with other information. In our response to your request to delete, we will tell you the method for deleting your PI. Where legal exceptions will apply to your request for deletion, we will tell you which one(s) and will limit retention to the permitted purpose(s).
Right to Correct
You have the right to request that we correct inaccuracies that you find in your personal information maintained by us. Your request to correct is subject to our verification (discussed above) and the response standards in the applicable U.S. Privacy Laws.
Oregon and Delaware Residents: Third Parties
Oregon and Delaware residents have the right to request a list of third parties (non-service providers/processors) to which we have disclosed personal information.
Do Not Sell/Share/Target
Under the various U.S. Privacy Laws, Consumers have the right to opt-out of certain processing activities. California and certain other states have opt-outs specific to Targeted Advertising activities, which involve the use of PI from different businesses or services to target advertisements to you. California’s law refers to these activities as “cross-context behavioral advertising” while other state laws refer to these activities simply as Targeted Advertising. California provides Consumers the right to opt-out of Sharing, which includes providing or making available PI to third parties for such Targeted Advertising activities, while other states provide Consumers the right to opt-out from processing PI for Targeted Advertising more broadly. There are broad and differing concepts of the Sale of PI under the various U.S. State Privacy Laws, all of which at a minimum require providing or otherwise making available PI to a third party.
Third-Party digital businesses, including social media platforms and other tech companies that offer digital advertising services (“Third-Party Digital Businesses”), may associate Tracking Technologies on our Services that collect PI when you use or access the Services, or otherwise collect and process PI that we make available about you, including some of the categories of PI in the table above. Giving access to PI on our Services, or otherwise, to Third-Party Digital Businesses could be deemed a Sale and/or Sharing and could implicate Targeted Advertising under some state laws. Therefore, we will treat such PI collected by Third-Party Digital Businesses (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) as such, and subject to the opt-out requests described above. In some instances, the PI we make available about you is collected directly by such Third-Party Digital Businesses using Tracking Technologies on our Service or our advertisements that are served on third-party sites (which we refer to as “cookie PI”). However, certain PI which we make available to Third Party Digital Businesses is information that we have previously collected directly from you or otherwise about you, such as your email address (which we refer to below as “non-cookie PI”).
When you opt-out pursuant to the instructions below, it will have the effect of opting you out of Sale, Sharing, and Targeted Advertising, such that our opt-out process is intended to combine all these state opt-outs into a single opt-out. Instructions for opting out are below. Please note that there are distinct instructions for opting out of cookie PI and non-cookie PI, which we explain further, below. This is because we have to use different technologies to apply your opt-out of cookie PI and to non-cookie PI.
Opt-out for non-cookie PI: If you would like to submit a request to opt-out of our processing of your non-cookie PI (e.g., your email address) for Targeted Advertising, or opt-out of the Sale or Sharing of such data, make an opt-out request here.
Opt-out for cookie PI: If you would like to submit a request to opt-out of our processing of your cookie-related PI for Targeted Advertising, or opt-out of the sale/sharing of such PI, you need to exercise a separate opt-out request on our cookie management tool by going to the preference center of the tool, which you can do by either clicking “Your Privacy Choices” on our cookie banner when it is presented upon your first visit, or by clicking here. Our cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our websites you visit, from each browser you use, and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective, and you will need to enable them again via our cookie management tool. Beware that if you use ad blocking software, our cookie banner may not appear when you visit our Services.
Some of the U.S. Privacy Laws also require us to state that we do not knowingly Sell or Share the PI of Consumers under 16.
For more information on how to limit Interest-based Advertising using your browser settings, mobile device settings, or ad industry tools, please see Section 6(c) in our Privacy Policy above. Please note, clearing cookies or changing settings may affect your choices and you have to opt-out separately via each browser and other device you use. Cookie-enabled opt-out signals may no longer be effective if you delete, block or clear cookies. We are not responsible for the completeness, accuracy or effectiveness of any third-party notices, tools, or choices.
Some of the U.S. Privacy Laws require businesses to process opt-out requests made through opt-out preference signals or universal opt-out mechanisms. Currently, such signals/mechanisms that we look for and process where required are Global Privacy Control (or GPC) signals. GPC signals are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of Sale, Sharing and/or Targeted Advertising or limit the use and disclosure of their Sensitive PI, such that the GPC signal effectively automatically communicates such requests. To use GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable GPC. To our knowledge, we have configured the settings of our consent management platform to receive and process GPC signals on our websites, as explained by our consent management platform here.
Please note that when we receive and process a GPC signal, we will apply such signal as an opt-out of Sale and Sharing as to cookie PI. To make a Do Not Sell/Share/Target request as to non-cookie PI, please visit the Do Not Sell/Share/Target Section above.
We do not: (1) charge a fee for use of our websites if you have enabled GPC; (2) change your experience with our websites if you use GPC; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the GPC
We may engage in processing that constitutes automated decision-making or profiling under California’s privacy law, the California Consumer Privacy Act (CCPA). However, as of the Effective Date, the definitions of these concepts, and any associated opt-out and access rights have not been finalized and added to the updated regulations of the CCPA.
As discussed above, we may carry out activities that constitute profiling in furtherance of decisions that produce legal or similarly significant effects, in order to detect and prevent fraud and illegal activities. So that we can protect your personal information and prevent fraudulent and illegal transactions, we are unable to offer an opt-out of such activities.
You have the right to not receive discriminatory treatment, in a manner prohibited by the U.S. Privacy Laws, for the exercise of your privacy rights. However, it is not considered discriminatory if businesses charge a different price or rate or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable PI. Accordingly, we may offer you incentive programs, loyalty programs, or price or service differences for or related to the collection, sale, retention, and use of your PI (“Incentive/Loyalty Program(s)”), as permitted by the U.S. Privacy Laws, that can result in reasonably different prices, rates, or quality levels. The material aspects of any Incentive/Loyalty Program will be explained and described in its program terms. For a list of our current Incentive/Loyalty Programs and their terms, including how to opt-in to or withdraw from such programs, and the basis for valuing your PI in connection with program benefits, click here to visit our Notice of Financial Incentive/Bona Fide Loyalty Program Notice (referred to as our “Incentive/Loyalty Programs Notice”). Please note that participating in Incentive/Loyalty Programs is entirely optional, you will have to affirmatively opt-in to the program and you can opt-out of each program (i.e., terminate participation and forgo the ongoing incentives) prospectively by following the instructions in the applicable program description and terms. We may add or change Incentive/Loyalty programs and/or their terms by posting notice on the program descriptions and terms linked to above, so check them regularly.
We disclose our tracking and “do not track” practices in Section 1(b) and CA minor’s rights to certain removal of their posts in Section 8. We comply with California Civil Code Section 1798.83 (the “Shine the Light” law) by not disclosing your personal information to third parties for their direct marketing purposes (as those terms are defined by that law) without your consent. If you are a California resident, you may request information about our compliance with the Shine the Light law by contacting us in the following ways: Postal Mail: 2125 Woodward Ave, Detroit, MI 48201, Attn: Legal; by e-mail here. Please note that the CCPA and Shine the Light are different laws offering different rights and requests must be made separately as explained in Section 1 of this U.S. State Privacy Notice.
We do not believe we “sell” “covered information” of Nevada “consumers” as those terms are defined by Chapter 603A of the Nevada Revised Statutes. Though we do not believe we sell covered information, Nevada’s law requires us to provide a method for Nevada consumers to make requests to opt out of sale, which you can do by e-mail here.
If you have any questions about the Privacy Policy or practices described in it, you should contact us in the following ways: Postal Mail: 2125 Woodward Ave, Detroit, MI 48201, Attn: Legal/Marketing; By e-mail here.
