This U.S. State Privacy Notice applies to âConsumersâ as defined under U.S. privacy laws, specifically the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (âCCPAâ), the Virginia Consumer Data Privacy Act (âVCDPAâ),the Colorado Privacy Act, the Utah Consumer Privacy Act, Connecticutâs Act Concerning Personal Data Privacy and Online Monitoring, and any other U.S. privacy laws, as each are amended and as and when they become effective, and including any regulations thereunder (collectively, the âU.S. Privacy Lawsâ). This U.S. State Privacy Notice is a supplement to this Privacy Policy. In the event of a conflict between any other P&G policy, statement, or notice and this U.S. State Privacy Notice, this U.S. State Privacy Notice will prevail as to Consumers and their rights under the applicable U.S. Privacy Laws.
This U.S. State Privacy Notice is designed to provide you with notice of our recent personal data practices over the prior 12 months from the âLast Updatedâ date of this Privacy Policy. This U.S. State Privacy Notice will be updated at least annually. This U.S. State Privacy Notice also applies to our current data practices such that it is also meant to provide you with ânotice at collection,â which is notice of personal data (also referred to in some of the U.S. Privacy Laws as âpersonal informationâ) we collect online and offline, and the purposes for which we process personal data, among other things required by the U.S. Privacy Laws. For any new or substantially different processing activities that are not described in this U.S. State Privacy Notice, we will notify you as required by the U.S. Privacy Laws, including by either notifying you at the time of collecting personal data, or by updating this U.S. State Privacy Notice earlier than required. We reserve the right to amend this U.S. State Privacy Notice at our discretion and at any time. To contact us about this U.S. Privacy Notice, please see the
section below.
Generally, we collect, retain, use, and disclose your personal data for our business purposes and commercial purposes, which are described above in the remainder of this Privacy Policy, including in â
,âand â
â (collectively, our â
Processing Purposesâ). The sources from which we collect personal data are set forth above in the â
.â Some of the Processing Purposes, as we discuss below in the table, implicate âSale,â âSharingâ, and or âTargeted Advertising.â For more details on the meaning of Sale, Sharing, and Targeted Advertising, see the â
âsection
below. Please note that the Processing Purposes as shown in the table are categorical descriptions, to aid in readability and clarity. Please reference the â
â section of the Privacy Policy above for the full description of each Processing Purpose.
The table below describes the categories of personal data we collect in the first column (starting on the left). The second column provides examples of data types within the applicable categories, which, in some instances, include the personal data types/categories listed above under â
.â The third column states the categories of recipients that receive such personal data (including sensitive personal data or special category data) as part of disclosures for business purposes, as well as disclosures which may be considered a Sale or Share under certain U.S. Privacy Laws. Not all data indicated in the examples is âsoldâ to third parties. For example, in the âIdentifiers and Contact Informationâ of the chart, we may collect âfinancial account dataâ or âgovernment issues IDsâ in order to provide services to you, but we do not âsellâ it to third parties. However, we may sell âunique IDsâ and account information to third parties. If any of your data is âsoldâ or âshared,â it will be done so according to applicable law. The fourth column provides the Processing Purposes that are applicable to each category of personal data. In the fifth column, we provide, on a per category of personal data basis, the applicable retention period.
Category of Personal Data Examples of Personal Data Types within Category Categories of Recipients Processing Purposes Retention Period 1. Identifiers and Contact Information Contact information, Unique IDs & Accounts Details, Online and Technical Information, Financial Account Information, Government-issued IDs Disclosures for Business Purposes:Sale/Sharing: Third-Party Digital Businesses and Retail Partners
⢠Products/ServicesData necessary to suppress communications to opted out consumers may be retained further.
2. Personal Records Contact information, Unique IDs & Accounts Details, Financial Account Information, Government-issued IDs Disclosures for Business Purposes:Sale/Sharing: Third-Party Digital Businesses
⢠Products / ServicesData necessary to suppress communications to opted out consumers may be retained further.
3. Personal Characteristics or Traits General Demographics & Psychographics, Data About Children, Inferred Information, Health-related information Disclosures for Business Purposes:Sale/Sharing: Third-Party Digital Businesses and Retail Partners
⢠Products / ServicesSale/Sharing: Third-Party Digital Businesses and Retail Partners
⢠Products/ServicesSale/Sharing: N/A
⢠Products/ServicesSale/Sharing: Third-Party Digital Businesses
⢠Products/ServicesSale/Sharing: N/A
⢠Products/ServicesSale/Sharing: N/A
⢠Products/ServicesSale/Sharing: Third-Party Digital Businesses
⢠Products/ServicesSale/Sharing: Third-Party Digital Businesses and Retail Partners
⢠Products/ServicesSale/Sharing: N/A
⢠Products/ServicesSale/Sharing: N/A
⢠Products/ServicesSale/Sharing: N/A
⢠Products/ServicesSale/Sharing:
Sale/Sharing: Third-Party Digital Businesses and Retail Partners (in jurisdictions where the law permits)
⢠Products/ServicesGeneral Demographics & Psychographics
Disclosures for Business Purposes:We also may disclose each category of personal data and sensitive personal data in the table to the following categories of recipients in a manner that does not constitute Sale or Sharing:
⢠The Consumer or to other parties at your direction or through your intentional action
⢠Recipients to whom personal data is disclosed for
⢠In addition, our Vendors and the other recipients listed in the above table may, subject to contractual restrictions imposed by us and/or legal obligations, also use and disclose your personal data for business purposes. For example, our Vendors and the other categories of recipients listed in the table above may engage subcontractors to enable them to perform services for us or process for our business purposes.
As described in further detail below, subject to meeting the requirements for a Verifiable Consumer Request (defined below), we provide Consumers â which are, for clarity, residents of certain states â the privacy rights described in this section. For residents of states without Consumer privacy rights, we will consider requests but will apply our discretion in how we process such requests. For states that have passed consumer privacy laws, but are not yet in effect, we will also consider applying state law rights prior to the effective date of such laws but will do so in our discretion.
As permitted by the U.S. Privacy Laws, certain requests you submit to us are subject to an identity verification process (âVerifiable Consumer Requestâ) as described below in the âVerifying Your Requestâ section below. We will not fulfill such requests unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected personal information.
To make a request, please submit your request to us by one of the methods below. For further instructions on how to submit a Do Not Sell/Share/Target request, for non-cookie PI (as defined below), please go to the â
â section below.
Calling us at (877) 701-0404Â
Visiting our Preference Center (which can be reached by the âYour Privacy Choicesâ link in the footer of our websites or via the Settings menu in our mobile applications)
Some personal data we maintain about you is not sufficiently associated with enough of your other personal data for us to be able to verify that it is your particular personal data (e.g., clickstream data tied only to a pseudonymous browser ID). We do not include that personal data in response to those requests. If we deny a verified request, we will explain the reasons in our response. You are not required to create a password-protected account with us to make a Verifiable Consumer Request. We will use personal data provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses unless you also gave it to us for another purpose.
We will make commercially reasonable efforts to identify personal data that we collect, process, store, disclose, and otherwise use and to respond to your privacy requests. We will typically not charge a fee to fully respond to your requests; provided, however, we may refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that we may refuse a request, we will give you notice explaining why we made that decision.
To help protect your privacy and maintain security, we take steps to verify your identity before granting you access to your personal data or considering your deletion request. Upon receipt of your request, we will send you a verification form by email or postal mail. To complete your request, please respond to the verification form when you receive it. To verify your identity, we may require you to provide any of the following information: Name, email address, postal address, or date of birth.
We will review the information provided as part of your request and may ask you to provide additional information via e-mail or other means as part of this verification process. We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces/Portability), Right to Delete, or Right to Correction request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected personal data. The same verification process does not apply to opt-outs of Sale or Sharing, or limitation of sensitive personal data or special category data requests, but we may apply some verification measures if we suspect fraud.
The verification standards we are required to apply for each type of request vary. We verify your categories requests and certain deletion and correction requests (e.g., those that are less sensitive in nature) to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you. For certain deletion and correction requests (such as those that relate to personal data that is more sensitive in nature) and for specific pieces requests, we apply a verification standard of reasonably high degree of certainty. This standard includes matching at least three data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you, and may include obtaining a signed declaration from you, under penalty of perjury, that you are the individual whose personal data is the subject of the request.
If we cannot verify you in respect of certain requests, such as if you do not provide the requested information, we will still take certain actions as required by certain U.S. Privacy Laws. For example:
If we cannot verify your deletion request, we will refer you to this U.S. State Privacy Notice for a general description of our data practices.
If we cannot verify your specific pieces request, we will treat it as a categories request.
You may designate an authorized agent to submit a request on your behalf by submitting a request in the manners described above. If you are an authorized agent who would like to make a request, the U.S. Privacy Laws require that we ensure that a request made by an agent is a Verifiable Consumer Request (except Do Not Sell/Share requests) and allow us to request further information to ensure that the Consumer has authorized you to make the request on their behalf. Generally, we will request that an agent provide proof that the Consumer gave the agent signed permission to submit the request, and, as permitted under the U.S. Privacy Laws, we also may require the Consumer to either verify their own identity or directly confirm with us that they provided the agent permission to submit the request. To make a request as an authorized agent on behalf of a Consumer, click here.
You may appeal a denial of your request by clicking here.
You have the right to request, twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:
the categories of personal information we have collected about you;
the categories of sources from which we collected the personal information;
the business or commercial purposes for which we collected or sold the personal information;
the categories of third parties to whom we sold or shared the personal information, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared;
the categories of personal information about you that we disclosed for a business purpose, and the categories of persons to whom disclosed that information for a business purpose.
You have the right to request a transportable copy of the specific pieces of personal data we collected about you in the 12-month period preceding your request. Please note that personal data is retained by us for various time periods, so there may be certain information that we have collected about you that we do not even retain for 12 months (and thus, it would not be able to be included in our response to you). Please also note that you may be limited under your applicable stateâs law to making a certain number of âright to knowâ requests in any 12-month period.
In addition, you have the right to request that we delete certain personal information we have collected from you. Please understand that P&G cannot delete personal data in those situations where our retention is required for our own internal business purposes or otherwise permitted by relevant U.S. Privacy Laws (such as fraud prevention or legal compliance). In these situations, we will retain your personal data in accordance with our records retention program and securely delete it at the end of the retention period.
You have the right to request that we correct inaccuracies that you find in your personal data maintained by us. Your request to correct is subject to our verification (discussed above) and the response standards in the applicable U.S. Privacy Laws.
Certain personal data qualifies as âsensitive personal dataâ or âsensitive personal informationâ or âspecial category dataâ under U.S. Privacy Laws, which we refer to in this U.S. State Privacy Notice as âsensitive personal data or special category dataâ. Some U.S Privacy Laws require consent for the processing of sensitive personal data or special category data, which can be revoked, subject to certain exceptions and exemptions (for example, if the processing of your sensitive personal data or special category data is required to provide a product or service specifically requested by you). Depending on your state of residence, you have the right to revoke such consent, if applicable, and/or direct businesses to limit their use and disclosure of sensitive personal data or special category data if they use or disclose it beyond certain internal business purposes. You can make a request using the methods set forth above.
You have the right to opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects. However, as discussed
, we do not carry out profiling or automated decision-making activities in a manner that requires us to provide opt-out rights.
Under the various U.S. Privacy Laws, Consumers have the right to opt-out of certain processing activities. Some states have opt-outs specific to Targeted Advertising activities - which Californiaâs law refers to as âcross-context behavioral advertisingâ, and others simply as Targeted Advertising - which involve the use of personal data from different businesses or services to target advertisements to you. California provides Consumers the right to opt-out of Sharing, which includes providing or making available personal information to third parties for such Targeted Advertising activities, while other states provide Consumers the right to opt-out from processing personal information for Targeted Advertising more broadly. There are broad and differing concepts of the Sale of personal data under the various U.S. Privacy Laws, all of which at a minimum require providing or otherwise making available personal data to a third party.
When you provide us personal data for the below Processing Purposes, we may use some or all of that personal data to advertise to you. This may include making available your personal data collected during these Processing Purposes to third parties in way that may constitute a Sale and/or Sharing, as well as using your personal data for purposes of Targeted Advertising.
â¢
â¢
â¢
â¢
â¢
⢠Purposes Disclosed at Collection
Third-Party digital businesses, including online platforms (Google, Amazon, Facebook, etc.) and AdTech companies such as Demand Side Platforms which help us place advertisements (âThird-Party Digital Businessesâ) may associate cookies and other tracking technologies that collect personal data about you on our apps and websites, or otherwise collect and process personal data that we make available about you, including digital activity information. Giving access to personal data on our websites or apps, or otherwise, to Third-Party Digital Businesses could be deemed a Sale and/or Sharing and could implicate processing for purposes of Targeted Advertising under some U.S. Privacy Laws. Therefore, we will treat such personal data collected by Third-Party Digital Businesses (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) as such, and subject to the opt-out requests described above. In some instances, the personal data we make available about you is collected directly by such Third-Party Digital Businesses using Tracking Technologies on our websites or apps, or our advertisements that are served on third-party sites (which we refer to as âcookie PIâ). However, certain personal data which we make available to Third Party Digital Businesses is information that we have previously collected directly from you or otherwise about you, such as your email address (which we refer to below as ânon-cookie PIâ).
When you opt-out pursuant to the instructions below, it will have the effect of opting you out of Sale, Sharing, and Targeted Advertising, such that our opt-out process is intended to combine all of these state opt-outs into a single opt-out. Instructions for opting out are below. Please note that there are distinct instructions for opting out of cookie PI and non-cookie PI, which we explain further, below.
Opt-out for non-cookie PI: If you would like to submit a request to opt-out of our processing of your non-cookie PI (e.g., your email address) for Targeted Advertising, or opt-out of the Sale or Sharing of such data, make an opt-out request here.
Opt-out for cookie PI: If you would like to submit a request to opt-out of our processing of your cookie PI for Targeted Advertising or opt-out of the Sale/Sharing of such personal data, you need to exercise a separate opt-out request on our cookie management tool. To do so, click âDo Not Sell or Share My Personal Information / Opt-Out of Targeted Advertisingâ in the footer of each of our websites and/or in the Settings menu of each of our mobile applications. Then follow the instructions for the toggle. This is because we have to use different technologies to apply your opt-outs of cookie PI and of non-cookie PI. Our cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device.
You must exercise your preferences separately on each of our websites that you visit, within each of our mobile applications that you use, if you use a different browser than the one on which you originally opted out, and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be affective, and you will need to enable them again via our cookie management tool.
For more information about how we have shared your personal data with third parties such that it constitutes a âSaleâ or âShareâ under CCPA during the 12-month period prior to the date this privacy policy was last updated, please refer to the chart above. We do not knowingly Sell or Share personal data of minors older than 13 years of age and under 16 years of age without their consent.
Some of the U.S. Privacy Laws require businesses to process GPC signals, which is referred to in some states as opt-out preference signals and in other states as universal opt-out mechanisms. GPC is a signal sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individualâs choice to opt-out of the Sale and Sharing of personal data, or of processing of personal data for Targeted Advertising. To use GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the GPC. We have configured the settings of our consent management platform to receive and process GPC signals on our website and mobile applications, which is explained by our consent management platform here.
Certain of the U.S. Privacy Laws require us to explain how we process GPC signals in detail, specifically how we apply GPC signals and the corresponding Do Not Sell/Share/Target requests to online data (what we refer to above as âcookie PIâ) and offline data (what we refer to above as ânon-cookie PIâ). Below we explain the scenarios in which we apply the Do Not Sell/Share/Target requests communicated by GPC signals to cookie PI and, where applicable, to non-cookie PI:
⢠When you are visiting our website on a particular internet browser (âbrowser 1â), we will apply the GPC signal and corresponding Do Not Sell/Share/Target to cookie PI collected on that browser 1.
⢠When you log in on browser 1: We will be able to apply the GPC signal and corresponding Do Not Sell/Share/Target request to non-cookie PI associated with your user account, but only if and after you have logged into your user account on browser 1.
When you visit our website on a different browser (âbrowser 2"). If you later visit our website on browser 2 (whether on the same device or a different device) and GPC is not enabled, we are unable to apply the prior GPC signal from browser 1 to cookie PI on browser 2, unless and until you login to your user account on browser 2. We will continue to apply the Do Not Sell/Share/Target opt-outs communicated via the GPC signal on browser 1.
We process GPC signals in a frictionless manner, which means that we do not: (1) charge a fee for use of our service if you have enabled GPC; (2) change your experience with our website if you use GPC; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the GPC.
We also collect and use your personal data to administer and maintain Rewards Programs (defined above in â
â), which may be considered a âfinancial incentiveâ or a âbona fide loyalty programâ under one or more of the U.S. Privacy Laws.
We use all categories of personal data disclosed in the above table, excluding âbiometric information,â âprofessional or employment information, and ânon-public education records,â to administer and maintain such Rewards Programs. All categories of personal data we use for loyalty programs may also be Sold or processed for Targeted Advertising. We may also use, Sell, and process for Targeted Advertising the categories of sensitive personal data or special category data: account information and credentials, precise geolocation data, racial or ethnic origin, and personal data concerning health. While we may collect sensitive personal data or special category data in relation to some Rewards Programs, the collection and processing of sensitive personal data or special category data is not required to participate in Rewards Programs. We use personal data to verify your identity, offer unique rewards, track your program status, and to facilitate the exchange of program points for products, promotional materials, training workshops, and other items. The categories of third parties that will receive personal data and sensitive personal data or special category data are set forth in the table above, some of which may qualify as data brokers under some of the U.S. Privacy Laws. Some U.S. Privacy Laws require us to state whether we provide Rewards Programs benefits through third-party partners; however, while we sometimes will provide you the opportunity to independently engage with third parties through our websites or apps, third parties do not provide Rewards Programs on our behalf.
You can opt-in to a Rewards Program by signing up on the applicable rewards page. If you opt-in to participate in any of our Rewards Programs, you may withdraw from participation at any time by contacting us using the contact details in this Privacy Policy or in accordance with the instructions set forth in the applicable Rewards Programâs terms and conditions.
Under certain U.S. Privacy Laws, you may be entitled to be informed as to why financial incentive programs, or price or service differences, are permitted under the law, including (i) a good-faith estimate of the value of your personal data that forms the basis for offering the financial incentive or price or service difference, and (ii) a description of the method we used to calculate the value of your personal data. Generally, we do not assign monetary or other value to personal data. However, in the event we are required by law to assign such value in the context of Rewards Programs, or price or service differences, we have valued the personal data collected and used as being equal to the value of the discount or benefit provided, and the calculation of the value is based upon a practical and good-faith effort often involving the (i) categories of personal data collected (e.g., names, email addresses), (ii) the use of such personal data for our marketing and business purposes in accordance with this Privacy Policy and our Rewards Programs, (iii) the discounted price offered (if any), (iv) the volume of consumers enrolled in our Rewards Programs, and (v) the product or service to which the Rewards Programs, or price or service differences, applies. The disclosure of the value described herein is not intended to waive, nor should be interpreted as a waiver to, our proprietary or business confidential information, including trade secrets, and does not constitute any representation with regard to generally accepted accounting principles or financial accounting standards. We deem the value of the personal data to be reasonably related to the value of the rewards, and by subscribing to these Rewards Programs you indicate you agree. If you do not, do not subscribe to the Rewards Programs.
Non-Discrimination
You have the right not to receive discriminatory treatment for the exercise of your privacy rights described in this U.S. State Privacy Notice. We will not deny, charge different prices for, or provide a different level or quality of goods or services in a manner that is prohibited by the U.S. Privacy Laws if you choose to exercise your rights. Please note, however, that you will no longer be able to participate in Rewards Programs request to delete personal data. This is because we need the personal data collected in relation Rewards Program to carry out the functions described above.
Click here to see request metrics from the previous calendar year.
We may offer interactive services which allow teens under the age of 18 to upload their own content (e.g., videos, comments, status updates, or pictures). This content can be removed or deleted any time by following the instructions on our sites. If you have questions about how to do this, contact us. Be aware that such posts may have been copied, forwarded, or posted elsewhere by others and we are not responsible for any such actions. You will, in such cases, have to contact other site owners to request removal of your content.
We provide California residents with the option to opt-out to sharing of âpersonal information,â as defined by Californiaâs âShine the Lightâ law, with third parties (other than with Company affiliates) for such third partiesâ own direct marketing purposes. California residents may exercise this opt-out, request information about our Shine the Light law compliance, and/or obtain a disclosure of third parties we have shared information with and the categories of information shared. To do so contact us at 1 Procter & Gamble Plaza, Cincinnati, OH 45202, U.S.A. (Attn: Privacy). You must put the statement âShine the Light Requestâ in the body of your correspondence. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. This right is different than, and in addition to, CCPA rights, and must be requested separately. We are only required to respond to one request per Consumer each year. We are not required to respond to requests made by means other than through the provided mail address. We will not accept Shine the Light requests by telephone or by fax, and are not responsible for requests not labeled or sent properly, or that are incomplete.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.3