EFFECTIVE AS OF DATE OF LAST MODIFICATION: MARCH 2020
Our website is not intended for children. We do not knowingly collect personal information from children under the age of thirteen (13). If you are a parent or guardian of a child under the age of thirteen and believe he or she has disclosed personal information to us without your permission, please contact our Data Privacy Officer at firstname.lastname@example.org. A parent or guardian of a child under the age of thirteen may review and request deletion of such child’s personal information as well as prohibit the use thereof.
EU-US PRIVACY SHIELD STATEMENT
1. TYPE AND NATURE OF THE DATA COLLECTED AND PROCESSED
When you register with us, we collect and store your basic personal data such as your name and email address, as well as additional contact information such as your user name and password. We may receive additional information about you if you enter it through the website (for example, when you set up your personal profile) or through your communication with us.
When you place orders on the Stampin’ Up! websites, we need your name, delivery address, billing address, email address, phone number, credit card number, and expiration date to process the transaction and notify you of the status of your order.
2. HOW WE COLLECT DATA
Cookies are small files that are stored on your computer or mobile device, and they identify the device when connecting to our server and provide additional information. Other technologies such as tracking pixels, web bugs, web storage, and similar files serve the same purpose. Cookies are stored on your computer.
One type of cookie expires automatically at the end of your session and is referred to as a session cookie. Your user settings in particular are stored as session cookies, so that you can always use this website in the way you prefer. A different cookie, which is permanently stored and anonymous, contains the version number of your Flash player. Stampin’ Up! stores its users’ settings such as language selection, speech recognition settings, and user IDs for various applications in both session cookies and permanent cookies to simplify the use of the website.
Deactivating cookies will mean that a number of website functions will no longer operate as intended.
2.2 LOG FILES FOR WEB PAGE VIEWS
Stampin’ Up! uses external tracking services that implement technology to track non-personal information about visitors to this website. The access data is stored in a log file—the server log—every time a page is accessed. The resulting data set contains the following data:
your IP address (which can be used to uniquely identify your computer)
the name and IP address of the computer requesting the page (remote host)
the time, status, amount of data transferred, and website from which you accessed the requested page (referrer)
the product and version information of the browser you used (user agent)
A standardized file format for the web server log is used for this purpose. Provided that this data is not absolutely necessary for the technical maintenance of the system or system security, it is immediately anonymized, and the original logs deleted. Anonymization takes place through the removal or shortening of the IP address by assigning a code that is not assigned to any specific user. This means that assignment to a specific or identifiable person is no longer possible. Stampin’ Up! uses log data (log files) exclusively in anonymous form for statistical evaluations without any link or references to your personal data. This enables us to detect possible program errors or incorrect links and to continuously develop and improve the website. Stampin’ Up! does not link page views and usage information to individual people.
2.3 WEB ANALYSIS SOFTWARE
In addition to the technologies used to execute the page functions, we also employ web analysis software. Data collected by this software may include the time and duration of the visit, the pages visited, the browser used, add-ons/plug-ins, search engines, and referrer URLs.
Web analysis is carried out by Google Analytics, a web analysis service provided by Google, Inc. (“Google”), among others. Google Analytics uses “cookies”—text files stored on your computer—to be able to analyze how you use the website. Google will use this information to evaluate your usage of the website, to generate reports on website activity for the website operator, and to provide other services associated with website activity and internet use. Due to the activated anonymization of the data collected, Google shortens your IP address. The IP address transmitted by your browser in connection with Google Analytics is not combined with other Google data. For more information on how Google Analytics anonymizes IP addresses, please visit https://support.google.com/analytics/answer/2763052?hl+en.
You can opt-out of allowing your site activity to be make available to Google Analytics by installing the Google Analytics opt-out browser add-on https://tools.google.com/dlpage/gaoptout?hl=en. California residents have additional rights with regard to Google Analytics, which are explained in Section 7.
We may use software technology called tracking pixels (also known as web beacons/web bugs) to help us manage the content on our website better by determining the greatest effectiveness.
Tracking pixels are tiny graphics with a unique identifier that function in a manner similar to cookies and are used to track the online movements of web users. Unlike cookies, which are installed on the hard drive of the user’s computer, tracking pixels are invisible. We do not link the data collected by tracking pixels to our customers’ personal data.
We may use tracking pixels in our HTML emails to track which emails have been opened by recipients. This enables us to evaluate the effectiveness of certain communications and of our marketing campaigns.
All email messages sent by us that are subject to archiving requirements are stored by us. Every email that can be regarded as a business letter or is relevant for tax purposes will not be deleted during the period of the legal obligation to keep records in accordance with tax, commercial, and other applicable laws of the United States. Furthermore, we collect all email addresses to which messages could not be delivered to enable us to request a current email address. Email messages from Stampin’ Up! may contain graphics or links, the accessing of which allows us to determine whether an email message has been opened. This is done anonymously.
2.6 MOBILE DEVICE IDENTIFIERS
Some mobile service providers uniquely identify mobile devices, and we may receive such device information if you access the website through mobile devices. Some features of our website may require collection of mobile phone numbers, and we may associate that phone number to mobile device identification information. Additionally, some mobile phone service providers operate systems that pinpoint the physical location of devices that use their service. Depending on the provider, we may receive this information.
3. PURPOSE OF DATA COLLECTION AND DATA STORAGE
Stampin’ Up! and your Stampin’ Up! independent demonstrator are permitted to use your email address, mailing address, and/or telephone number to provide you with the customer service you have requested or to contact you regarding the status of orders, problems with products, and order processing, as well as other customer service questions.
Stampin’ Up! and your Stampin’ Up! independent demonstrator will also send you emails for various reasons (e.g., to confirm orders).
These emails may also contain information about our services, new product offers, and promotions, provided you have agreed to the usage of your email address for this purpose.
You can withdraw this consent at any time. Simply contact your independent demonstrator or send an email to our Data Privacy Officer at email@example.com.
4. TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?
Stampin’ Up! will not share personal information with third parties for the purposes of their marketing or other purposes unless you have given your explicit consent or the sharing of information is required by law.
4.1 EMPLOYEES AND CONTRACTUAL PARTNERS
Your data may be shared with Stampin’ Up! employees and third parties who provide technical or organizational services for Stampin’ Up! and are required and have agreed to protect your data.
4.2 PAYMENT PROCESSING
In the case of payment processing for orders placed on a demonstrator business website (“DBWS”), the data for processing the payment transaction is passed on to the payment service provider who is bound by instructions. Your independent demonstrator receives very little data; the independent demonstrator is only informed whether the transaction has been completed. Your independent demonstrator will not receive any information about your account in these cases unless you have given your consent in advance.
4.3 REPRESENTATIVE/SERVICE PROVIDER
We use the services of other companies such as shipping companies for transporting orders and credit card companies for billing. These service providers are prohibited from using your personal information.
4.4. INDEPENDENT DEMONSTRATORS
Stampin’ Up! grants rights to sell its products to independent contractors (“independent demonstrators”).
If you are a customer of an independent demonstrator, please contact your independent demonstrator directly to learn about their data protection practices.
4.5 TRANSFER AS A CONSEQUENCE OF A CHANGE IN LEGAL ENTITY
Stampin’ Up!’s ownership rights may be transferred by merger, acquisition by another company, or sale of all or part of its assets, in which case your personal information may also be included in the transferred assets.
We will notify you by email and on our website of any such changes and the protection of your data in this case.
4.6 DISCLOSURE OBLIGATIONS
In some cases, we may be required to disclose your information to public authorities to comply with legal requirements. In such cases, we will take appropriate measures to ensure the confidentiality of your data.
4.7 SWEEPSTAKES, CONTESTS, AND PROMOTIONS
We may offer sweepstakes, contests, and other promotions through the website that may require registration. By entering any promotion, you are agreeing to the official rules that govern that promotion, which may contain specific requirements of you, including, except where prohibited by law, allowing the sponsor(s) of the promotion to use your name, voice, and/or likeness in advertising or marketing associated with the promotion. If you choose to enter a sweepstakes, contest, or promotion, personal information may be disclosed to third parties or the public in connection with the administration of such promotion, including, without limitation, in connection with winner selection, prize fulfillment, and as required by law or permitted by the promotion’s official rules.
5. DATA SECURITY
Stampin’ Up! takes precautions to ensure that your data is protected against loss, modification and improper use. Stampin’ Up! uses firewalls that are constantly updated and meet industry standards, and also uses other security systems. Unfortunately, it is impossible to provide absolute protection against attacks by new viruses or other methods of attacking the secure data systems of internet services. However, Stampin’ Up! will initiate civil and criminal proceedings against any attack by hackers and the like. In the event that your personal information (as such may be defined by any applicable law requiring notice upon a security breach) is compromised, we may notify you by email in our sole discretion unless required by law to the last email address you provided us in the most expedient time reasonable under the circumstances. Delays in notification may occur while we take necessary measures to determine the scope of the breach and restore reasonable integrity to the system, as well as for the legitimate needs of law enforcement if notification would impede a criminal investigation.
Stampin’ Up! uses Secure Socket Layer (SSL) for the encrypted transfer of sensitive data, such as the password for your account and billing information, including credit card information, from your web browser to our web server. From time to time we evaluate new technology for protecting information and, when appropriate, we upgrade our information security systems.
6. ACCESS, RECTIFICATION, AND ERASURE
In addition to any rights provided to you by law, Stampin’ Up! commits to honoring its own privacy commitments, which include the following:
- Right to revocation of consents: You can revoke any consents you have given to us at any time. Data processing based on the revoked consent would no longer be continued in the future, although there may be instances in which the company must retain information for its legitimate interests or for tax and legal record-keeping purposes as allowed by law.
- Right of access: It is Stampin’ Up!’s policy to provide individuals with access to personal information about them that Stampin’ Up! holds.
- Right to rectification: You may correct any errors in the personal data processed by us. To make a correction request, please contact Stampin’ Up!’s Data Protection Officer at 12907 S. 3600 W., Riverton, UT 84065, or by email to firstname.lastname@example.org. You can edit your personal data at any time by going to https://www2.stampinup.com/ECWeb/MyAccount.aspx.
- Right to erasure: You may request the deletion of your personal data stored with us, so long as the processing thereof is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise, or defend legal claims. For information obtained in reliance on the Privacy Shield, individuals may request deletion of information processed in violation of the Privacy Shield Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individuals’ privacy in the case in question or where the rights of persons other than the individual would be violated.
7. YOUR CALIFORNIA PRIVACY RIGHTS:
We collect the following categories of personal data directly from you and indirectly from you (e.g., by observing your actions on our website): (i) identifiers, which includes the following specific pieces of personal data: name, email address, street address, and telephone number; (ii) bank card information, which includes the following specific pieces of personal data: name, card number, and other financial information; (iii) commercial information, which includes the following specific pieces of personal data: products or services purchased or considered or other purchasing or consuming history or tendency; and (iv) internet or other electronic network activity information, which includes the following specific pieces of personal data: browsing history, search history, and information regarding your interaction with Stampin’ Up!’s website.
In the preceding twelve months, we have:
collected the following categories of personal data: (i) identifiers; (ii) bank card information; (iii) commercial information; and (iv) internet or other electronic network activity information.
"sold” (as defined by the CCPA) the following categories of personal data: identifiers, internet or other electronic network activity information. Stampin’ Up! allows the collection of aggregated data by Google Analytics, as explained above in Section 2.3, which constitutes a sale under CCPA. Therefore, you have the right to refuse to allow Stampin’ Up! have your data included in the data analyzed by Google Analytics. You may choose to prevent the sharing of your data with Google Analytics by clicking on the “Do Not Sell My Personal Data” button on the website homepage https://www.stampinup.com/en-us/cookie-declaration or by writing to Stampin’ Up!’s Data Protection Officer at 12907 S. 3600 W., Riverton, UT 84065, or by email to email@example.com.
shared personal data with the following categories of third parties: service providers that help facilitate our business, advertising networks, internet service providers, data analytics providers, government entities, operating systems and platforms, social networks, and consumer data resellers.
California’s "Shine the Light" law, Civil Code section 1798.83, provides residents of the State of California the right to request a list of all third parties to which we have disclosed certain personal information as defined under California law during the preceding year for third-party direct marketing purposes. You are limited to one request per calendar year. To make your request, please write to us at Stampin’ Up!, Data Protection Officer, 12907 S. 3600 W., Riverton, UT 84065, or via email to firstname.lastname@example.org. In your request, please provide a current California address for our response.
8. LINKS TO OTHER WEBSITES
This website may contain links to other websites that are neither owned by Stampin’ Up! nor under the control of Stampin’ Up! Please note that Stampin’ Up! bears no responsibility for the data protection practices of such websites.
9. SOCIAL PLUGINS
Data protection notice when using Facebook plugins:
We have embedded plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA, 94304, USA, into our website. You can recognize these plugins by the Facebook logo on this website. A list of Facebook plugins can be found at http://developers.facebook.com/docs/plugins/. When you visit a page on our website with a Facebook plugin, a direct connection is established between your browser and a Facebook server. Using this connection, the plugin provides Facebook with the information that you have accessed a specific page of our website with your IP address. If you click the Like button on Facebook while logged into your Facebook account, you can link content from our website to your Facebook profile. Facebook can then connect your Facebook account to your visit to this website. Information on Facebook’s data protection policy can be found at https://www.facebook.com/policy.php. If you do not want Facebook to be able to connect your visit to our website with your Facebook account, please log out of Facebook.
Data protection notice when using Google +1:
Registration and transmission of information: When you click the Google +1 button, Google stores the information that you made a recommendation (+1) for the content and information of the website you visited when you clicked the +1 button. Your +1 recommendation may be visible to others with your profile name and photo in Google services such as Google Search or your Google Profile. Furthermore, your +1 recommendations may be displayed on other websites or as advertising. Google stores your +1 activity to improve Google services for you and other users. To use the Google +1 button, you need a public Google profile that is visible worldwide, with a name you choose for yourself, and this name is used for all Google services. Sometimes this name can replace the name you generally use to share information in your Google account. The identity of your Google profile may be visible to users who know your email address or have other identifying information about you. Usage of the information collected: Google may share aggregated +1 activity statistics with other users and partners, such as publishers, advertisers, or related websites.
10. DATA INTEGRITY
We will respond to your request and, if applicable and appropriate, make the requested change in our databases as soon as reasonably practicable. Please note that we may not be able to fulfill certain requests while allowing you access to certain benefits and features of our website. Also, please note that it is not always possible to completely change, remove, or delete all of your information from our databases and that residual data may remain on backup media. We may retain certain information that we are legally obligated or allowed to keep for tax reporting and other reasons.
For any Privacy Shield-related complaints that cannot be resolved with Stampin’ Up! directly, Stampin’ Up! has chosen to cooperate with EU data protection authorities (DPAs) and comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints. If you do not receive timely acknowledgement of your Privacy Shield complaint or if your complaint is not satisfactorily addressed by Stampin’ Up!, please visit ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm for the website and contact information of the appropriate DPA, or contact Stampin’ Up! to be directed to the relevant DPA contacts. As further explained in the Privacy Shield Principles, a binding arbitration will also be made available to you in order to address residual complaints not resolved by any other means.
Stampin’ Up!’s compliance with its Privacy Shield obligations is subject to investigation and enforcement by the U.S. Federal Trade Commission. Stampin’ Up! is also required by the Privacy Shield program to respond promptly to inquiries and requests for information from the US Department of Commerce.