Depending on which Services you use, we may collect the following types of personal information about you: 

• Identifiers, such as your contact information (including your name, email address, postal address, and telephone number), alias, unique personal identifier, social media identifiers, authentication information you create (such as account password), and device identifiers (such as advertising IDs, pixel and cookie IDs, and Internet Protocol (“IP”) address). 
• Customer Records, such as: (a) financial information, (b) including financial account number, and signatures (or equivalent), and (c) your physical characteristics or a description of you. 
• Demographic information, such as age and gender. 
• Internet and other electronic activity that is gathered automatically when you interact with our Services or with our advertisements, such as browsing and search history, browser information, device type, Operating System (OS) version, server logs, and other information about your interactions with our Services. For example, we use session replay tools to record your interactions with the Properties, such as how you move throughout the Properties and engage with our webforms. 
• Email addresses when you sign up for one of our mailing lists and interconnectivity information if you receive email from us, where we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases. 
• Information that you provide as part of a co-branded promotion with another company is sent to us with your permission. 
• Geolocation information, including: (a) non-precise geolocation for some Services, such as IP-based geolocation; and (b) precise geolocation for other Services. This may be collected automatically (such as through our tracking technologies) or based on information you provide. 
• Commercial information and preferences, such as purchase information (including payment method and payment information) and related records (such as information about returns, shipping, customer service interactions). We also collect information about your preferences, such as your favorite teams and players. 
• Audio, visual, electronic, and similar information, such as call recordings when you call us, chat with us, pictures that you may provide (including of ID cards), video footage from events or that you submit, chats, posts, emails, feedback, reviews, or other comment you provide, or other similar information. If you engage with us via chat, messaging applications, or social media, the content of those communications may be monitored or recorded by us or our authorized service providers.  
• Mobile Applications. If you participate in our mobile messaging program, we may collect your mobile phone number, the name of your carrier, the date and time of your messages, the message content, and other information you provide in connection with that program. Where such communications are facilitated through a third-party service provider, that provider’s privacy notice will govern the collection, use, and disclosure of your information. 
• Inferences drawn from any of the information we collect to create a profile about you that reflects your preferences and characteristics. 
• Sensitive personal information, including the following: (a) account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, (b) precise geolocation, and (c) other information related to specific services, such as information we collect in connection with the sale of products. We do not use or disclose sensitive personal information for purposes beyond those permitted by law, such as service provision, fraud prevention, or as authorized by you. 

We collect personal information about you from the following sources: 

• Directly From You. We may collect personal information during your access or use of the Services, such as when you sign up for marketing, make purchases, enter contests, create, or verify an account, contact us for customer service or other assistance, interact with us at in-person events, browse or interact with our Properties, leave a review, post, or submit content, and participate in promotions or streams, participate in one of our online games, activities, or applications, place an order or engage in other transactions. 
• Referral. With your consent, your friends or contacts may provide us with your personal information in connection with our “friend” referral program or for other related purposes. Likewise, you may only provide us with another individual’s personal information if you have obtained their prior consent and have confirmed that they authorize such disclosure. 
• Cookies and Other Tracking Technologies. When you access or use the Services, we may collect data using cookies and other tracking technologies, such as information about your device, internet usage, cookie identifiers, location, website activity, and other details about your use of the Services on the Site, advertisements and through messages like emails. For further information on how we use such technologies to collect personal information, see Section 5 below. 
• Other Third Parties and Publicly Available Information. We may collect personal information from other third parties that provide information to us, such as service providers, Business Partners (see Section 4), advertising networks, data brokers, government and other public sources, and social media platforms and networks. 

We may combine information that we receive from the various sources described in this Privacy Notice, including third-party sources, and use or disclose it for the purposes identified below. 

We may use your personal information for the following purposes: 

• To provide you with products and services, such as to: 
• Communicate with you and facilitate your interaction with us, including to: (i) respond to your inquiries ; (ii) give you updates on your orders or purchases; (iii) request feedback or information about your use of the Services; (iv) support returns, exchanges, recalls, warranties, and similar issues; (v) manage your account to keep it in working order;  and (v) notify you of important administrative or legal issues, such as changes to our terms or practices. 
• Facilitate transactions, payments, order fulfilment, exchanges, refunds, and other similar interactions. 
• For marketing, such as to market our goods and services or those of our affiliates, Business Partners, and other third parties in accordance with your marketing preferences; in connection with contests and promotions; and in other ways described in Section 5 – “Cookies and Other Tracking Technologies.” 
• For insights, such as to (a) identify trends and make inferences about you and your interactions with us, our affiliates, and Business Partners, such as to analyze your behavior and preferences, (b) evaluate and improve our products and services, including to debug, identify, repair errors, and (c) update or provide new services, along with those of our affiliates and Business Partners. To comply with legal obligations and defend ourselves and others, such as to (a) comply with legal requirements (including maintaining compliance-related records); (b) cooperate with law enforcement and other lawful requests; (c) enforce our Terms of Use, policies, and contracts; (d) establish, exercise, or defend against legal claims that we have may have or pursue; and (e) protect ours, our customers’, and other parties’ safety, property, or rights. 
•  For other internal business and operational purposes, such as: 
• For our internal business administration, such as to manage customer accounts, including keeping general records of customers, sales, customer care, and other interactions; 
• Auditing related to our interactions with you; 
• For security purposes, such as to respond to security incidents or to protect genuine customers and our business from fraud, to minimize the risk of false details being used, to avoid abuse by fraudsters, and to protect against other malicious, deceptive, fraudulent, or illegal activity; 
• To manage competitions or other promotions that you have chosen to participate in; 
• To comply with contractual obligations; 
• To improve or develop our products and services (including our marketing activity more generally), including operating our Services and improving or personalizing your experience (such as building profiles about you or how you interact with us), by analyzing our interactions with you; assessing how our products and services are used; and evaluating the effectiveness of marketing activities; and 
• For internal research and quality assurance, such as conducting surveys and questionnaires to gain feedback on our products and services and measuring analytics to improve our products and services. 
• In connection with a corporate transaction, including in connection with a sale, acquisition, merger, change of control, bankruptcy, or similar transaction involving some or all our assets, or due diligence related to such transactions.
• For any purpose for which you provide consent.
• De-identified, anonymized, or aggregated forms of your personal information may be used for internal business purposes. 

We may use, share or process your personal information for the following purposes: 

• Affiliates. We may disclose your personal information to our family of companies, such as affiliates, parents, subsidiaries and related entities under common control for the purposes described above, including marketing. For example, our companies may exchange information about your interactions with our Services, your preferences, and inferences we may have drawn about in or customize our offerings and market our services to you. 
• Legal Compliance and Protection. We may disclose information about you if required to do so by law, regulation, or legal process (such as a court order or subpoena). We may also disclose information to respond to government or regulatory requests, or to protect the rights, property, or safety of our users, or others. This includes exchanging information with other companies and organizations for fraud prevention, spam/malware protection, and similar purposes. 
• Public Information: When you choose to, direct us to, or otherwise intentionally interact with such third parties through our Services, such as-
• Information from your responses. Information you provide in response to offers from third parties through our Services; Information on product reviews, including your name or username, pictures you upload, and any other information you choose to include. Reviews that you submit to our Properties will be viewable to other users; and 
• Third-party site content. Content that you choose to post or otherwise make available to other users or the public in connection with the Services or on third-party sites. 
• Service Providers. We may permit our vendors and subcontractors to access your personal information in connection with performing services for us, such as IT providers, internet service providers, and data analytics providers. We may also engage other companies to provide certain services, such as identity verification, email distribution, market research, fraud prevention, security, and, if you contact us using chat, messaging apps, or social media, monitoring and recording the content of any conversations. Fanatics uses Google Analytics so for information on how Google Analytics uses data, please visit “How Google uses data when you use our partners sites or apps”, located at http://bit.ly/2jXZ13Y. 
• Professional consultants, such as accountants, lawyers, and financial advisors. 
• Payment Processors: Vendors that process your transactions, including your credit card issuer, a third-party credit verification company, the product handler, the delivery service, and vendors who may ship product to you directly from their warehouse (called drop-ship vendors). 
• Entities that provide you with services or benefits: We may disclose your information to entities to provide you with services or benefits. For example, when you participate in our Fan Cash program, we may disclose your personal information to Business Partners and other third parties to operate the program and allow you to acquire and redeem points. 
• Law enforcement, government agencies, and other recipients for legal, security, or safety purposes: We may disclose your personal information: (a) as required by law or legal process; (b) to anticipate, prevent, detect, and investigate suspected fraud, harassment, or other violations of any law, rule, or regulation; (c) to investigate suspected violations of any terms or policies applicable to the Services provided by us or our third party providers or affiliates; (d) to protect our, our users’, and other third- parties’ rights, property, and safety; (e) to comply with your request for the shipment of products to or the provision of services by a third-party intermediary; and (f) to otherwise establish, exercise, and defend against legal claims. 
• Other entities in connection with a corporate transaction: We also may transfer your personal information in connection with a sale, acquisition, merger, change of control, bankruptcy, joint venture, or similar transaction involving some or all of our assets. If required by law, we will take commercially reasonable efforts to notify you via email (sent to the email address specified in your account) or by posting an updated Privacy Policy on our website(s) if such a transaction results in the transfer of control of your personal information to a non-affiliate. 
• Business Partners for their own purposes. We may disclose your personal information to third parties for their own purposes (“Business Partners”) or their service providers in several situations such as: 
• Advertisers, ad platforms and networks, and social media platforms; 
• Leagues, teams, and other partners whose branded apparel, merchandise, and collectibles we sell or promote through the Properties; 
• Commercial data partners and/or sellers who use our platform to whom we make information available for order fulfilment or their own marketing purposes; and 
• Partners who work with us on promotional, sweepstakes, or sponsorship opportunities available through our Services, including co-branded products and services. If you decide to enter such an opportunity sponsored by a third-party partner, the information that you provide will be shared with us and with them. Their use of your information is not governed by this privacy policy. 
• Third-party sellers and business partners on our platforms, to the extent necessary to fulfill and verify your orders or to provide customer service. You may contact us to opt out of such disclosures in some cases (See Your Choices below). However, we do not control how Business Partners use and share your information once they receive it. You will need to contact such Business Partners directly for information about their privacy practices or to exercise rights you may have. 
• With Your Consent: We may share your information with other third parties for purposes not described in this Policy if you consent to such sharing. For instance, if you opt in to have your information shared with a partner company for their own marketing, we will honor that request. 

We also engage in business-to-business interactions, such as when we interact with the personnel of our business partners, including vendors and business customers. We collect limited information about such individuals, primarily consisting of name, demographic information, basic contact information and professional or employment-related information (such as your job title, employer, credentials, professional affiliations, skills, and other professional information). We use such information to facilitate our relationship with our business partners, including marketing. 

• Our Properties (and authorized third parties) use cookies and other tracking technologies to collect information about you, your device, and how you interact with our Properties. This section contains additional information about: 
• The types of tracking technologies we use and the purposes for which we use them, 
• The types of information we collect using these technologies, 
• You may have choices regarding these technologies. 
• Types of Cookies and Tracking Technologies We Use. Our Properties and the third parties that we authorize may use the following tracking technologies on our Site, including on websites, email and mobile apps: 
• Cookies, which are a type of technology that installs a small amount of information on a user's computer or other device when they visit a website. Some cookies exist only during a single session, and some are persistent over multiple sessions over time. 
• Pixels, web beacons, and tags are types of code or transparent graphics that contain a unique identifier. In addition to the uses described below, these technologies provide analytical information about the user experience and help us customize our marketing activities. In contrast to cookies, which are stored on a user's computer hard drive, pixels, web beacons, and tags are embedded invisibly on web pages or emails. 
• Session replay tools, which record your interactions with our Properties, such as how you move throughout our Properties and engage with our webforms. In addition to the uses described below, this information helps us improve our Properties and identify and fix technical issues visitors may be having with our Properties. 
• Embedded scripts and SDKs, which allow us to build and integrate custom apps and experiences, some of which may be developed by a third party. 
• Purpose for Using These Technologies. We and authorized third parties use these technologies for purposes including:
• Personalization, such as remembering user preferences, login details and browsing behavior; tracking your activity across online properties, platforms and marketing communications over time to better understand your preferences and interests; and personalizing online content; 
• Analytics, such as analyzing how our websites are used. For example, we use Google Analytics to help us improve our Properties, performance, and user experiences. Google Analytics may use cookies and other tracking technologies to perform their services. To learn how Google Analytics collects and processes data, please visit www.google.com/policies/privacy/partners; and 
• Advertising, such as providing you with offers that may be of interest to you; conducting targeted advertising to you on our Properties and those of third parties; and measuring the effectiveness of our communications with you and advertising campaigns, including identifying how and when you engage with our marketing communications. 
• Information Collected. These tracking technologies collect data about you and your device, such as your IP address, location (both approximate and precise), cookie ID, device ID, AdID, operating system, browser used, browser history, search history, and information about how you interact with our Properties (such as pages on our Properties that you have viewed) or our marketing communications.
• Disclosure of Your Information. We may disclose information to third parties or allow third parties to directly collect information using these technologies on our Properties, such as social media companies, advertising networks, companies that provide analytics including ad tracking and reporting, security providers, and others that help us operate our business and Properties.
• Your Choices. Some of the third parties we work with participate in the Digital Advertising Alliance (“DAA”) and Network Advertising Initiative (“NAI”). The DAA and NAI provide mechanisms for you to opt out of interest-based advertising performed by participating members at http://www.aboutads.info/choices/ and https://optout.networkadvertising.org/. 
• Refuse or Delete Cookies: You can also refuse or delete cookies using your browser settings. If you refuse or delete cookies, some of our Properties’ functionality may be impaired. Please refer to your browser’s Help instructions to learn more about how to manage cookies and the use of other tracking technologies. If you change computers, devices, or browsers; use multiple computers, devices, or browsers; or delete your cookies, you may need to repeat this process for each computer, device, or browser. Opting out of interest-based advertising will not opt you out of all advertising, but rather only interest-based advertising from us or our agents or representatives. 
• DNT: Some browsers have incorporated Do Not Track (“DNT”) preferences. Currently, we do not honor Do Not Track signals. 

• Third-Party Websites. The Services may contain links to other websites or Internet resources. When you click on one of those links, you are contacting another website or Internet resource. We have no responsibility or liability for, or control over, those other websites or resources or their collection, use and disclosure of your information, and this Privacy Notice does not apply to personal information collected through those websites or resources. We recommend that you review the privacy notices and terms of use for each of these websites.
• Social Media, Widgets, and Open Forums. Our Services may allow you to engage with social media services, such as Facebook, Twitter, Pinterest, and Instagram (“Social Networks”), and widgets such as the “Share this” button, or interactive mini programs that run on our Services or which link from Social Networks to our Services (“Social Functions”). These Social Functions may access, collect, and integrate with your Social Network accounts and information. For example, these Social Functions may collect your IP address, identify which page you are visiting on our Services, or set up a cookie, tag or pixel. Social Functions may also be used to register you as a Services user. 
• Social Network. If you choose to use these Social Functions, you may be sharing certain Social Network profile elements with us, including your name, birthday (month/day), comments, contacts, email address, photos, or favorite teams. This sharing is subject to each Social Network’s own privacy notice and terms of use. We do not control those Social Networks or your profiles on those services, nor do we modify your privacy settings on those services or establish rules about how your personal information on those services will be used. Please refer to the privacy settings in your Social Network account to manage the data that is shared with us through your account. 
• Information you include and transmit online in a publicly accessible blog, chat room, or Social Network, or that you share in an open forum such as an in-person panel or survey, may be viewed and used by others without any restrictions. We do not control such uses of your personal information, and by using such services you assume the risk and acknowledge that the personal information provided by you may be viewed and used by us and/or third parties for any number of purposes and that the usage restrictions set forth in this Privacy Notice do not apply to such services. To request removal of your personal information from a blog, community forum or other publicly accessible part of the Services, contact us using the information in the ‘Contact Us’ section. In some cases, we may be unable to delete your personal information. In that case, we will inform you accordingly. 

• Data Subject Rights. This section pertains to exercising your individual rights.  To exercise your rights with Business Partners, please contact them directly. If you live in California, Colorado, or certain other states that have adopted generally applicable privacy laws, you may have certain rights, subject to legal limitations, regarding your personal information.  For EEA/UK residents, see Section 15 below. Following are your privacy rights: 
• Right to Know. You may have the right to confirm that we process your personal information and to request information about the categories of personal information we have collected about you, the categories of sources from which we collected the personal information, the purposes for collecting the personal information, the categories of third parties to whom we have disclosed your personal information, and the purpose for which we sold or shared your personal information. You may also have the right to obtain copies of the specific pieces of personal information we have collected about you in a portable format. 
• Right to Delete. You may have the right to request that we delete your personal information. 
• Right to Correct. You may have the right to request that we correct inaccurate personal information that we maintain about you. 
• Right to Opt-Out of Sale/Sharing Targeted Advertising. You have the right to opt out of the sale or sharing of your personal information for targeted advertising. 

To fully exercise your Right to Opt-Out of the Sale or Sharing of Personal Information for Targeted Advertising, you must submit the opt-out request via the link above from each browser, on each device, and for each website you access. This process is required to ensure that a site-specific opt-out cookie is placed on each browser and device you use to signal your preferences. 

• Verification. To process your requests, we may need to obtain information to locate you in our records or verify your identity, depending on the nature of the request. In most cases, we will collect some or all the following data elements: first and last name, email address, telephone number, and postal address. In some cases, we may request different or additional information, including a signed declaration that you are who you say you are, and will inform you if we need such information. If you submit a request, you will also need to verify your identity by clicking a link in an email sent to your email account. 
• Authorized Agents. Authorized agents may exercise their rights on behalf of consumers. We may require the agent to demonstrate authority to act on behalf of you by providing signed permission from you. We may also require you to verify your own identity directly with us or to directly confirm with us that you provided the authorized agent permission to submit the request. To make a request as an authorized agent, please submit a request using our Privacy Request Center. If you are an authorized agent submitting a request on behalf of someone else, please begin by selecting the type of request you wish to make. Once selected, the portal will display the option to identify yourself as an authorized agent. 

Please Note:

• If you block cookies, we will be unable to fully comply with your request to opt out with respect to information automatically collected online through tracking technologies.
• If you clear cookies, you will need to complete the webform again on each browser on each device where you have cleared cookies
• If you are a Nevada resident, please contact us using the information in the Contact Us section above to exercise your opt-out rights under Nevada Revised Statutes §603A et seq.
• We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights.

We strive to offer you choices about how your personal information is used and disclosed. Some of the ways in which you may exercise these choices are described below. 

• Opting Out of Our Services
• Email. You can unsubscribe from commercial emails using the unsubscribe link, typically at the bottom of the e-mail. If you have an account with us, you may opt-out of some or all future unsolicited commercial communications by updating your account’s personal information settings (where available). 
• SMS. If you have provided your mobile phone number and we have separately obtained your consent for specified purposes such as account verification, multi-factor authentication, customer support, shipping notifications, stock updates, or participation in SMS marketing campaigns conducted by us or our affiliated entities, you may opt out at any time. For general communications, you may update your preferences through your account’s personal information settings. For marketing-related messages, you may opt out by replying with the keyword “STOP.” 
• Referral. If you participate in our referral program, the individual you referred to us may contact us using the details provided in the Contact Us section to request exclusion from future communications. 
• Mobile. On most devices, mobile application users may opt out of mobile communications from us via their device settings (mobile browser cookies require a separate opt-out, as explained below). 
• Business Partners. To exercise your privacy rights with respect to personal information held by Business Partners, please visit the Business Partners website(s). 
• Your Choices Regarding Direct Marketing:  
• Third-party disclosures. If you do not want your personal information disclosed to any third party who may use such information for direct marketing purposes, then you may opt out of such disclosures by sending an email to the email address in the Contact Us section. However, we are not responsible for removing your personal information from the lists of any third party who has previously been provided with your information in accordance with this Privacy Notice, and any elections or privacy choices you may make with respect to receipt of certain types of e-mails or marketing communications from us will not apply to any such third parties. You should contact any third parties that send you communications directly with respect to choices that they may make available to you with respect to such communications. 
• Marketing Communications. If you sign up for marketing emails or newsletters, you may unsubscribe at any time by clicking the “unsubscribe” link in any promotional email, or by adjusting your account preferences. Even if you opt out of marketing messages, we may still send you transactional or relationship messages (such as order confirmations, shipping notices, customer service responses, or notices about changes to terms or policies).  
• Mobile App Advertising. (If applicable, a note that users can reset or limit ad tracking on their mobile device. The Total Football App currently focuses on in-app purchases rather than third-party ads, but if any analytics or targeted notifications are present, users can adjust permissions in device settings. 
• Setting Cookie Preferences. Most web browsers can be set to detect or reject cookies. Each browser is different, so check the “Help” or “Settings” menu of your browser settings to learn how to change your cookie preferences. If you reject cookies, some features on our websites may not work properly. Cookie-based opt-outs must be performed on each device and browser that you wish to have opted out. 
• Opting out of Interest-Based Advertising. To provide you with a more relevant and interesting experience, we may work with third-party companies to display ads or customize content on the website and on other websites. Some of these third parties may participate in DAA NAI programs, which provide mechanisms for you to opt out of interest-based advertising performed by participating members at www.aboutads.info and optout.networkadvertising.org. Opting out of interest-based advertising will not opt you out of all advertising, but rather only interest-based advertising from us or our agents or representatives. 
• Location Data Opt-Out. In some cases, you may also adjust the settings on your personal device or mobile device to allow or restrict the sharing of location information. For example, the “location” permissions on your personal device or mobile device may allow you to elect whether to never share location information with us, to share location information only while you are using the Services or always share location information even if you are not using the Services. If you elect to not share your location information, you may be unable to access some features of our Services that are designed for mobile devices or that require us to confirm your location. Also, if you prevent the sharing of location information, we may still estimate your general location based on the IP address you use to access our Services. 
• Account Modification. If you have an account, you may be able to access, update, delete, or correct your personal information by logging into your account. 
• Push Notifications. We also may enable our mobile application to offer automatic (or “push”) notifications. We will provide push notifications only to those users who permit such notifications. If you would like to opt-out of push notifications, you can do so using your mobile device settings. 

We are committed to protecting your privacy. Fanatics systems and data-handling processes are subject to ongoing review to ensure that you are getting a quality service and that leading security features are in place. We employ administrative, physical, and technical measures designed to protect your information from unauthorized access and to comply with applicable privacy laws in the jurisdictions in which we operate. Your personal information will be kept on our servers or on those of our service providers, and only those employees that require it for the purposes of their duties will have access to your personal information. We have also implemented controls which require our third-party service providers and partners to have appropriate safeguards to protect your personal information. In addition, we maintain incident detection and response capabilities, business continuity plans, and encryption standards where appropriate, including encryption in transit and at rest.

However, despite these efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed to prevent any interception or other type of misuse. We also depend on you to protect your information. Please use strong passwords, safeguard access credentials, and if you become aware of any breach of security or privacy, please notify us immediately. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, loss, or disclosure of personal information resulting from factors beyond our control. 

We will retain your personal information for as long as necessary to fulfill the purposes we have outlined above unless we are required to do otherwise by applicable law. This includes retaining your personal information to provide you with the products or services you have requested and interact with you; maintain our business relationship with you; improve our business over time; ensure the ongoing legality, safety and security of our Services and relationships; or otherwise in accordance with our internal retention procedures. Once you have terminated your relationship with us, we may retain your personal information in our systems and records to ensure adequate fulfillment of surviving provisions in terminated contracts, or for other legitimate business purposes, such as to enable easier future user onboarding, demonstrate our business practices and contractual obligations, or provide you with information about our products and services in case of interest. 

Our products and services are intended for adults (i.e., those aged 18 or in the age of majority in some jurisdictions). If you make a purchase on our Services, you are representing that you are an adult. If you are not 18 or older, you are not authorized to use the Services. If we become aware that personal information from a child under 18 has been collected, we will use all reasonable efforts to delete such information from our database. If any parent, guardian, or other responsible adult becomes aware that we have collected personal information from a child under the age of 18, please contact us using the information in the Contact Us section.

Certain U.S. state privacy laws, including those in California, Virginia, Colorado, Connecticut, and other states, grant residents additional rights regarding the collection, use, and sharing of their personal information. This section provides supplemental disclosures and information specific to those state laws and is intended to be read in conjunction with the rest of our Privacy Notice. 

• Appeal. If we deny your rights request, you may have the right to appeal our decision. To submit an appeal, call 1-800-489-9149 or email us @[email protected] 
• Notice of Financial Incentive. For information about any current financial incentives, see the applicable program terms. 
• Additional Data Processing Disclosures. In addition to the disclosures above, this section provides supplemental information about how we process personal information. 
• Types of Personal Information. We have collected the following types of personal information in the preceding 12 months: (i) identifiers, (ii) personal information (iii) characteristics of protected class under California or federal law, (iv) internet and other electronic network activity information, or similar information, (ix) professional and employment-related information, (x) inferences. 
• Disclosure of Personal Information. The categories of Third Parties to which we disclose personal information for a business purpose or to whom we sell or share personal information for targeted advertising are summarized in the chart below. We do not knowingly sell or share the personal information of minors under the age of 18. Our data disclosure practices are detailed in the chart below. 
• Data Disclosure Practices. 

We use Artificial Intelligence (“AI”) technologies strictly for operational purposes, including support services through internal-facing tools such as AI-powered chatbots. These tools assist with tasks such as answering internal queries, surfacing relevant information, and triaging support requests to improve efficiency and accuracy across our business operations. We also use AI in our automated customer interactions to help respond to your questions or assist with account-related inquiries. These are designed to enhance response times and guide you to the right resources or teams. We do not use AI to make automated decisions about consumers that produce legal or similarly significant effects. We do not use AI to profile individuals or make automated decisions that produce legal or similarly significant effects under GDPR Article 22, CPRA, the EU AI Act, or any other privacy regulation. Any consumer data used to train or operate internal AI tools is processed in a pseudonymized, aggregated, or anonymized form wherever possible. 

Your Rights: European data protection law grants you the following rights with respect to your personal information, subject to certain conditions and exceptions: 

• Access: You may request access to the personal information we hold about you (commonly known as a “data subject access request”). This allows you to receive a copy of the personal data we have collected on you and to check that we are processing it lawfully.
• Correction (Rectification): You may request that we correct any incomplete or inaccurate personal information that we hold about you. 
• Erasure: You may request that we delete or remove personal information when there is no good reason for us to continue processing it, or if you have successfully exercised your right to object to processing (see below), or when we are obligated by law to erase your personal data . This is sometimes called the “right to be forgotten.” 
• Objection: You may object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and you feel such processing impacts your fundamental rights and freedoms. You also have the right to object at any time if we are processing your personal information for direct marketing purposes. 
• Restriction: You may request that we suspend the processing of your personal information, for example, if you want us to establish its accuracy or the reason for processing. 
• Data Portability: You may request a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format, and you may have the right to transmit that copy to another entity (this is known as the “right to data portability”) . 
• Not be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects on you , unless it is necessary for entering into or performing a contract between you and us, or you provide explicit consent, or other exceptions apply under law. 

We will endeavor to fulfill any valid requests to exercise the above rights within one month, as required by law. Occasionally, it could take us longer than a month if your request is particularly complex or if we have received multiple requests from you; we will notify you of any such delay and the reason for it. You will not have to pay a fee to exercise these rights. However, we may charge a reasonable fee or decline to comply if a request is manifestly unfounded, repetitive, or excessive. In such cases, we will explain our decision as appropriate. 

We may need to request specific information from you to help us confirm your identity and ensure your right to access or exercise any other right. This is a security measure to ensure that personal data is not disclosed to any person who does not have the right to access it. We may also contact you to ask for further information in relation to your request to speed up our response. 

Supervisory Authorities: If you are an EEA or UK resident and have concerns about how we handle your personal information, you have the right to lodge a complaint with a data protection supervisory authority. In the UK, our lead supervisory authority is the Information Commissioner’s Office (ICO). You can contact the ICO at ico.org.uk or by other means as advised on their website. If you are in the EEA, you may contact your local Data Protection Authority. A list of national authorities is available on the European Data Protection Board’s website. We would, however, appreciate the chance to address your concerns before you approach a regulator, so please consider reaching out to us first so we can discuss any issue and attempt to resolve it amicably. 

Legal Bases for Processing: We must have a valid legal basis to process your personal information. We rely on the following legal bases under the GDPR/UK law: 

• Legitimate Interests: We process certain data as necessary for our legitimate business interests (or those of a third party), provided that your interests and fundamental rights do not override those interests. For example, we rely on legitimate interests to maintain system security, to communicate with you and respond to your requests, to conduct surveys or analyze how users interact with our App and websites, to improve our products and services, and to protect our rights and the rights of others. We carefully consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. 
• Performance of a Contract: We process personal information when it is necessary to sign a contract with you or to take steps at your request before entering into a contract. For example, when you purchase goods or services from us (such as ordering cards via the App or website), we need to use your personal details to fulfill the contract (process of payment, shipping the product, etc.). Similarly, when you register an account, we must process your information to provide the Services you requested under the Terms of Use. 
• Compliance with Legal Obligations: We process personal information as needed to comply with our legal obligations. For instance, we may retain transaction records to satisfy tax and accounting laws or disclose information when required by law enforcement or court order. We also may verify ages or obtain parental consent in order to comply with child data protection regulations. 
• Consent: In limited circumstances, we rely on your consent to process your personal information. Where we rely on consent, we will make it clear at the point of data collection (for example, before collecting sensitive information or before sending certain marketing communications or using precise location, we may ask for your consent). You have the right to withdraw your consent at any time, and if you do, we will stop the processing that was based on your consent. Withdrawal of consent will not affect the lawfulness of any processing carried out before you withdraw consent. 

International Data Transfers (EEA/UK): Whenever we transfer your personal information out of the EEA or UK, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards. If we transfer data to countries that are not deemed to provide an adequate level of data protection (such as transfers to the United States from Europe), we will use one or more of the following safeguards: 

• We may rely on Standard Contractual Clauses (SCCs) approved by the European Commission (or the UK’s ICO, as applicable) in contracts with the recipient of your data. These clauses oblige the recipient to protect your personal information according to standards equivalent to European data protection law. We may also rely on adequacy decisions or certified participation in the EU-U.S. Data Privacy Framework, if applicable. 
• In accordance with Article 46 of the GDPR, we may transfer data to organizations that have implemented other approved transfer mechanisms, such as an EU-U.S. data privacy framework or Binding Corporate Rules, if available and applicable. (Note: In the past, we have relied on the EU-U.S. and Swiss-U.S. Privacy Shield frameworks for certain transfers. While the original Privacy Shield was invalidated by the EU in 2020, we continue to uphold high standards of protection and monitor the development of any new transatlantic data transfer frameworks. We will use any new legally recognized mechanism or framework once established to ensure compliance.)
• We may transfer data to countries that have been formally designated as providing an adequate level of protection by the European Commission or relevant authority. In such cases, personal data can flow freely to those countries. 
• In rare cases, we may base transfers on your explicit consent, or another exception provided under Article 49 of the GDPR, but we will only do so when necessary and when the above safeguards are not available. 

You can request more information about our international data transfer safeguards by contacting us. By using our Services, you acknowledge that your information may be transferred to and processed in countries outside of your own, including the United States, as described in this Privacy Policy. For European residents, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy and applicable law during such transfers. 

Data Retention (EEA/UK): We will not retain your personal information for longer than necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general, for users in Europe, this means: 

• If you have an account or ongoing relationship with us, we will retain your personal information for as long as your account is active or as needed to provide you with Services. 
• If you make a purchase, we retain your transaction information for the duration required by tax and financial regulations (typically at least 6-7 years in the UK) and for warranty/service periods.
• If you participate in a promotion or contest, we retain the data for the duration of that promotion and any required retention period following its end. 
• If you contact us for customer support, we retain communications for a period necessary to resolve your inquiry and for quality assurance. 
• If you request deletion of your data or close your account, we will securely delete or anonymize your information, except for any data we are required to keep by law or for legitimate business purposes. Your anonymized data may be retained as long as you continue to use the App/Services but will not be kept longer than necessary for the purposes stated. Once you cease using the Services or withdraw consent (if applicable), any remaining personal data will be either deleted or anonymized. All your data will generally be deleted from our backup systems after a short interval (e.g., after 7 days), except where we are required by law to retain certain information for a longer period. 

During the retention period, we maintain appropriate security measures to protect your data (see “Security” below). After the retention period, we will either delete your personal information or anonymize it (for example, by aggregation) so that it can no longer be associated with you, in which case we may use such information indefinitely without further notice to you. 

This section applies only to individuals located within the People’s Republic of China (“PRC”), excluding Hong Kong SAR, Macau SAR, and Taiwan, and supplements the information provided in the rest of this Privacy Notice. It is intended to meet the requirements of the Personal Information Protection Law (PIPL) and related PRC regulations.

Legal Basis for Processing Personal Information We only process your personal information when there is a lawful basis under the PIPL. These include: 

• Where the processing is necessary to conclude or fulfil a contract with you. 
• Where the processing is necessary for the performance of legal duties or obligations. 
• Where the processing is necessary for responding to public health emergencies or for the protection of life, health, and property. 
• Where your personal information is processed for news reporting or supervision by public opinion for the public interest, within a reasonable scope. 
• Where we have obtained your separate and informed consent, especially for processing sensitive personal information, disclosing data to third parties, or transferring it outside the PRC 

We rely on your consent for most of the personal information we collect, use, and disclose, and we provide means for you to withdraw that consent. 

Cross-Border Transfers If your personal information is collected within the PRC and transferred outside the PRC (such as to servers located in the United States), we will comply with applicable cross-border data transfer requirements under the PIPL, including: 

• Informing you of the purpose, scope, type of personal information, and recipient of the overseas transfer. 
• Obtaining your separate consent before any such transfer. 
• Taking necessary measures to ensure the foreign recipient provides adequate protection for your personal information. 

If required, we will complete data export security assessments or obtain standard contracts or certifications in accordance with regulations issued by the Cyberspace Administration of China (CAC). 

Your Rights under Chinese Law Under the PIPL, you have the following rights in relation to your personal information: 

• Right to Know and Decide: You have the right to know how your personal information is processed and to make decisions about such processing. 
• Right to Access and Copy: You may request access to and a copy of your personal information, subject to applicable exceptions. 
• Right to Correction and Deletion: You may request correction or deletion of inaccurate or unlawfully processed data. 
• Right to Restrict or Object: You may request suspension or restriction of processing under certain circumstances. 
• Right to Data Portability: Where technically feasible, you may request that your personal information be transferred to another personal information processor. 
• Right to Withdraw Consent: You may withdraw your consent at any time, though doing so may affect your ability to use some of our Services. 
• Right to Lodge Complaints: You may lodge complaints with the relevant PRC regulatory authority (typically the Cyberspace Administration of China). 

To exercise these rights, please contact us using the details provided in the Contact Us section below. We will respond in accordance with applicable PRC laws and within a reasonable period of time. 

Processing of Sensitive Personal Information We may collect and process certain categories of sensitive personal information under Chinese law, including biometric identifiers, precise geolocation data, and financial account details. We will seek separate and specific consent before processing any sensitive personal information, and we will implement enhanced protection measures in accordance with PRC requirements. 

Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. We may, however, modify and revise our Privacy Policy from time to time. If we make any material changes to this policy, we will notify you of such changes by posting them on the Site, informing you through the Services, or sending you an email or other notification, and we will indicate when such changes become effective. By continuing to access or use the Site or the Services after those changes become effective, you agree to be bound by the revised policy.

For questions relating to this Privacy Notice, contact us at: [email protected] (Global Outreach) or 1-800-489-9149 (US Only)