1. Information UDC Collects. In order to allow you to use the Website in the best possible way, UDC may request and/or collect information (such as name, e-mail address, country of residence, and date of birth) from you on a voluntary basis. UDC collects the following types of information about users: Personally Identifiable Information and Non-Personally Identifiable Information (collectively “your information”).
“Personally Identifiable Information” is information that identifies you and may be used to contact you online or offline. UDC only collects Personally Identifiable Information from you on a voluntary basis, through registration, downloads, contest or sweepstakes entries, mailing/newsletter subscriptions, purchases, and technical support or customer service requests. The information UDC collects and stores will depend on the activity, but may include your first and last name, age and birthdate, shipping and billing address(es), e-mail address, and phone number. UDC does not collect any Personally Identifiable Information about you unless you voluntarily provide it to UDC. If you make a purchase from the Website, as applicable, UDC may also collect a credit or debit card number or other financial information, CVV, and billing address. Any credit card information that you provide will only be used as is necessary to process payments and prevent fraud during processing. If you make any purchases associated with or on the Website, as applicable, using any third-party payment processor, that third-party payment processor will collect your email address as well as the billing and payment information it needs to process your charges. UDC and its third party payment processor do not use credit card information for any other purposes, and UDC does not store any credit card information without prior authorization or request to do so. Except as provided herein, when you ask for help from UDC customer service, UDC will collect and store the contact information you give them (generally, your name and e-mail address, and information about your activity on the Website). To participate as a user on the Website, or in online activities, special events, contests, sweepstakes, or blog comment areas, you may be required to provide Personally Identifiable Information.
“Non-Personally Identifiable Information” is information that cannot be used to personally identify you. The Non-Personally Identifiable Information UDC may collect includes the time and date of access, device information, location information, anonymous usage data while you are using the Website, preferences you submit and preferences that are generated based on the data you submit and/or number of clicks, referring/exit pages, a website’s Uniform Resource Locator (“URL”) that you just came from or the URL you go to next, and your Internet Protocol (“IP”) address. However, to the extent that any of the aforementioned identifiers or similar identifiers are considered personal information by law, UDC also treats these identifiers as Personally Identifiable Information.
The Website may contain chat functions, forums, message boards, links to social media websites, and/or personal websites. UDC collects information about your communication and any information you choose to provide. Please remember that any information that is disclosed on any of the aforementioned mediums is public information and you should exercise caution when deciding to disclose your Personally Identifiable Information.
2. How UDC Uses and Shares Information.
Please be aware that, to the extent permitted by law, UDC may access and disclose your information if UDC (a) is required to do so by law or court order or (b) has a good faith belief that such access or disclosure is reasonably necessary to (i) comply with applicable laws, regulations, or legal process; (ii) enforce the UDC Terms and Conditions of Use for the Website (the “Terms”); (iii) respond to claims that your use of the Website has violated rights of UDC or third parties; (iv) respond to your requests for customer service; (v) share such information with its third party licensors, third party vendors, advertisers, licensors, and other third-parties at UDC’s discretion per any agreement or obligation; and (vi) troubleshoot software bugs and operational problems. UDC may transfer the information collected through the Website if UDC is acquired by, sold to, or merged with another entity. UDC may also share the information with subsidiaries and affiliated and related entities that provide services on UDC’s behalf or in connection with UDC, including allowing UDC to share participant data with applicable third party licensors and data recipients for direct marketing purposes.
Additionally, UDC may use your information to (a) resolve any disputes with regard to other users, your accounts, third parties, or use of the Website, (b) enforce the Terms, (c) detect, prevent, and ameliorate fraud, spam, abuse, security incidents, and other harmful activity, (d) verify or authenticate information or identifications provided by you, (e) send you service or support messages, such as updates, security alerts, and account notifications, (f) provide customer service, (g) enable you to communicate with other Website users, and (h) operate, protect, improve, and optimize the Website. You may opt-out of receiving information from UDC by clicking the “unsubscribe” button in any e-mail you receive or by contacting UDC using the contact information available in Section 14.
UDC may use the following social media plug-ins including, without limitation, Facebook, Instagram, Pinterest, YouTube, Discord, Twitter, and other applications. If you visit the Website initially, no Personally Identifiable Information will be transmitted to the provider of the plug-in. UDC gives you the opportunity to communicate directly with the provider of the plug-in via the corresponding button. By clicking on the button, the social plug-in will be activated and the plug-in provider receives the information that you have visited UDC’s online service. By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there. Since the plug-in provider carries out the data collection in particular via Cookies, UDC recommends that you delete all Cookies via the security settings of your browser before clicking on the plug-in. UDC has no influence on the collected data and data processing operations, nor is UDC aware of the full extent of the data collection, the purpose of the processing, or the storage periods. UDC does not have the ability delete the data collected by the plug-in provider. For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy statements of the plug-in providers.
4. Your Information. In addition to the aforementioned mechanisms, you have the ability to manage the use of your information in the following ways:
(a) If you wish to modify, verify, correct, or update any of your Personally Identifiable Information collected through the Website, you may edit your registered user information in your account settings or contact us using the contact information in Section 14. In accordance with UDC’s routine record keeping, UDC may delete certain records that contain Personally Identifiable Information you have submitted through the Website. UDC is under no obligation to store such Personally Identifiable Information indefinitely and expressly disclaims any liability arising out of, or related to, the destruction of such Personally Identifiable Information. It may not always be possible to completely remove or delete all of your information from UDC’s databases without some residual data because of backups and other reasons.
(b) You may direct UDC not to share your Personally Identifiable Information with third parties (other than UDC’s service providers), not to use your Personally Identifiable Information to provide you with information or offers, and not to send you newsletters, e-mails, or other communications by modifying your registered user information on your account or contacting us using the contact information in Section 14.
6. Children’s Privacy. UDC does not direct the Website to users under eighteen (18) years of age (“children”). UDC does not knowingly collect or maintain Personally Identifiable Information or Non-Personally Identifiable Information from children, other than as permitted by law in support of the internal operations. If UDC becomes aware that Personally Identifiable Information of children has been collected, other than for support of the internal operations, UDC will take reasonable steps to remove such information. If a parent or legal guardian believes that his or her child has submitted personal information to UDC, he or she may contact UDC Customer Service at the addresses provided in Section 14 herein.
7. How UDC Protects Information. To protect your information, UDC follows generally accepted industry standards and maintains reasonable safeguards to attempt to ensure the security, integrity, and privacy of the information you have provided. UDC has standard security measures in place, including a firewall-protected server and use of encryption, designed to protect against the loss, misuse, and alteration of the information under UDC’s control. Unfortunately however, no system or data transmission over the Internet can be guaranteed to be 100% secure; human errors do occur, so there is always a possibility that there could be unauthorized access to your information. Although UDC strives to protect your information, you acknowledge that: (a) there are security and privacy limitations of the Internet that are beyond UDC’s control; (b) the security, integrity, and privacy of any and all information and data exchanged between you and UDC through the Website cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party. Canadian residents: Canadian residents should be aware that their Personally Identifiable Information will be stored on servers located in the United States of America.
8. Public Safety. UDC may share your Personally Identifiable Information with necessary agencies or persons in the event UDC, in good faith, believes it will a) prevent physical injury or harm to yourself or members of the public; b) protect the rights, property, or safety of UDC or third parties; and/or c) report a crime or other offensive behavior.
9. GDPR. The European Union General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) provides data subjects within the European Union (“EU”) with certain access rights with respect to their personal data. For purposes of the GDPR “personal data” refers to any information that identifies a natural person existing or residing in the EU (“data subject”), or may be used to identify a data subject, such as name, an identification number, location data, an online identifier, or factors specific to a data subject’s physical, physiological, genetic, mental, economic, cultural, or social identity. Please note that UDC is the data controller of your personal data. Data subjects’ GDPR rights are provided herein and summarized briefly below:
- Basic Information – the right to understand who UDC is and how UDC processes a data subject’s personal data.
- Access – the right to request a summary of the data subject’s personal data that is processed by UDC, along with a copy of such personal data.
- Portability – the right to request UDC provide a copy of a data subject’s personal data in machine readable form for transportation to another controller/processor.
- Rectification – the right to request that UDC correct errors or update a data subject’s personal data.
- Erasure – the right to request that UDC erase personal data in UDC’s possession.
- Restriction on Use – the right to request that UDC stop processing a data subject’s personal data.
- Objection to Use – the right to object to UDC’s assertion that UDC has a legitimate interest in processing a data subject’s personal data.
- Objection to Direct Marketing – the right to object to receiving direct marketing materials from UDC and/or its subsidiaries and affiliates.
- Objection to Automated Processing – the right to object to UDC’s use of personal data to make automated decisions that affect the data subject.
All of the aforementioned requests and objections may be directed to firstname.lastname@example.org. Please note that the data subject access rights described above are not absolute, and in many cases are subject to exceptions or other restrictions. If UDC determines that a request is invalid or does not correspond with the data subject access rights provided by GDPR, UDC will inform the data subject of such determination promptly upon reaching that conclusion.
Pursuant to the GDPR, as a data subject, you may request UDC erase the personal data held by UDC by contacting us through http://upperdeck.com/requests/ , along with the requirements stated in Section 4(b). Under Article 17 of the GDPR, data subjects have the right to request the erasure of their personal data if one of the following grounds applies:
- The personal data is no longer necessary for the purpose collected;
- The data subject withdraws consent to UDC’s processing activities and no other legal justification for processing applies;
- The data subject is objecting under Article 21(1) of the GDPR to;
- Processing that is necessary for UDC to perform a task in the public interest under Article 6(1)(e) of the GDPR or in the exercise of UDC’s official authority; and
- There are no overriding legitimate grounds to process the personal data.
- The data subject is objecting under Article 21(1) of the GDPR to;
- Processing that is necessary to pursue UDC’s or a third party’s legitimate interests under Article 6(1)(f) of the GDPR; and
- There are no overriding legitimate grounds to process the personal data.
- The data subject is objecting under Article 21(2) of the GDPR to processing for direct marketing purposes;
- UDC unlawfully processed a data subject’s personal data;
- EU law requires UDC to erase a data subject’s personal data to comply with a legal obligation; or
- UDC collected the personal data in the context of offering online services to children under Article 8(1) of the GDPR.
However, the right to erasure is not required under the GDPR, to the extent that data processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by EU or EU member state law to which UDC is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in UDC;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) GDPR as well as Article 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 8.3.1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defense of legal claims.
Pursuant to the GDPR, data subjects may request confirmation from UDC regarding whether or not UDC has processed their personal data. If your personal data has been processed, as a data subject you may request the following information:
- The purposes for which the personal data have been processed;
- The categories of personal data that have been processed;
- The recipients and/or the categories of recipients to whom your personal data have been or are still being disclosed;
- The planned duration of storage of your personal data or, if specific information is not available on this, criteria for specifying the duration of storage;
- The existence of the right to lodge a complaint to a supervisory authority;
- All available information on the origin of the personal data, if the personal data was not collected from you; and
- The existence of automated decision-making including profiling as per Article 22(1) and (4) of the
GDPR, and at least in these cases, meaningful information on the logic involved and the consequences and intended effects of this kind of processing for you.
Data subjects also have the right to request information about whether or not their personal data has been transmitted to another country or an international organization. Such requests may be directed to email@example.com.
Data subjects shall have the right to request UDC to restrict processing of personal data if one of the following conditions is met:
- the data subject contests the accuracy of the personal data for a period enabling UDC to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data, but wants it to be restricted;
- UDC no longer needs the personal data for the purposes of the processing, but the data subject requires it the establishment, exercise or defense of a data subject’s legal claims; or
- The data subject objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of UDC override those of the data subject.
As the data controller, UDC may process and retain your personal information on UDC’s servers in the United States. In order to provide data subjects with access to and use of the Website and the ability to make purchases, and utilize other functionality on the Website, and allow third party data processors have access to and process your personal data. Third party data processors include service providers, hosting providers, data storage providers, and other technical partners who help UDC administer the Website, or process the data submitted to the Website.
10. Privacy Notice for California Residents
Effective Date: January 1, 2020
Last Revised: May 29 2020
This California Privacy Notice (“Notice”) explains what data UDC and its agents and affiliates (if applicable) collect from you through our interactions with you and through our products, services, events, and programs, including our websites, apps and digital platforms. This Notice applies only to California consumers as required by the California Consumer Privacy Act of 2018 (“CCPA”) and supplements UDC’s privacy policies.
UDC may change this Notice. Any changes will become effective when posted and your use of any service provided by UDC following these changes means that you accept them. We recommend that you regularly review this Notice when using UDC’s services.
Personal Information We Collect
When we say “Personal Information” in this Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you. It does not include publicly available information, deidentified, or aggregated consumer information, or information that cannot reasonably be linked to you.
The following categories of personal information may have been collected by us from our consumers within the last twelve (12) months:
- Identifiers: A name, alias, postal address, online identifier like usernames or screennames, Internet Protocol address, email address, Social Security number, driver’s license number, passport number, or other similar identifiers, insurance numbers, bank and credit card numbers.
- Commercial information: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
- Geolocation data: Physical location or movements.
- Professional or employment-related information: Current or past job history or performance evaluations.
- Inferences drawn from other personal information: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Our website may obtain the categories of personal information listed above from the following categories or sources:
- Directly from you. For example, from forms you complete or products you purchase, receive, or redeem.
- From your devices (i.e. passively from you). For example, from observing your actions on our websites.
- From third parties. For example, from our licensors, vendors, suppliers, and advertisers; from social media or other websites.
Use of Personal Information
We may use, sell, or disclose the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. For example, if you provide your personal information to redeem a product, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our website and products.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your experience with our websites and to deliver content and product offerings relevant to your interests, including targeted offers and ads through our websites, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our websites, products, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our websites and products.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our website and/or consumer is among the assets transferred.
Sharing Personal Information
For business purposes, we may disclose your personal information to third parties. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.
We may share your personal information with the following third parties: third party vendors, contractors, advertisers, licensors, service providers, business partners, and affiliated entities.
Your Rights and Choices
This section describes California residents’ rights under the CCPA and how you can exercise them with UDC.
Right to Know
You can request what personal information we have collected, used, disclosed, and sold about you in the preceding 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our purpose for collecting or selling that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- The categories of third parties with whom we share that personal information.
- The categories of information sold to any third parties.
Right to Deletion
You can also request that we delete your personal information. We may not delete all of your personal information if one of the following exceptions applies:
- Transactional: to complete a transaction for which the personal information was collected, provide a service requested by you, or perform a contract we have with you;
- Security: to detect data security incidents;
- Error correction: to debug or repair any errors;
- Research: Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Internal use: Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Legal compliance: Comply with a legal obligation.
- Other: Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will also maintain a record of your CCPA Rights requests.
Right to Opt Out
You have the right to direct us not to sell your personal information at any time.
Right of Nondiscrimination
Exercising any right provided in this Notice will not lead to any discrimination. For example, it will not lead to any denial of any goods or services, different rates or prices for goods or services, and/or different qualities of goods or services.
To exercise the various rights described above, please submit a verifiable consumer request to us by either:
- Calling us at 800-873-7332
- Visiting http://www.upperdeck.com/requests
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
- A power of attorney pursuant to California Probate Code sections 4000-4465 or otherwise sufficient in our discretion to establish your authorized agent’s authority; and/or
- Your authorized agent’s valid government-issued ID or other proof of identity acceptable to us in our sole discretion.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
10. Promotional E-mails. Where you grant UDC express consent to send you promotional e-mails by opting-in to receive such e-mails, UDC may, from time to time, send you e-mails regarding the Website and or/ UDC’s other websites. Additionally, if you indicated that you are interested in receiving offers or information from UDC and its affiliates and third party licensors, UDC may occasionally send you direct mail about products and services that UDC feels may be of interest to you. UDC shares your Personally Identifiable Information to its third party licensors pursuant to its agreements and including, without limitation, for their direct marketing purposes including by mail and email. You may opt-out of receiving such e-mails at any time by following the directions on the bottom of e-mails to you from UDC or by logging into your account and modifying your account settings. Users must opt-in to receive such e-mails by granting express consent prior to UDC sending commercial electronic messages.
The personal data collected by us may be shared with any of UDC’s affiliated companies. These companies will hold and transmit all personal data in the same safe, confidential and secure environment as set out below. UDC may also share aggregate data with its affiliates, partners, third party vendors, advertisers, licensors, and other third-parties at UDC’s discretion and by accessing and/or using the Website, you expressly consent to such disclosure. This data does not contain any Personally Identifiable Information.
12. Opt-out. If you would prefer not to receive direct communications with regard to UDC products and/or services anymore, you may opt-out by following the directions on the bottom of e-mails to you from UDC.
13. Legal Disclosures; Safety. UDC may transfer and/or disclose the information UDC receives from and about you to comply with a legal obligation, to provide information to law governmental authorities in accordance with applicable law, and when UDC believes in good faith that the law requires it. UDC may collect your information for the internal operations of the Website. UDC also reserves the right to share your information with legal authorities and other companies for fraud protection and credit risk reduction, to detect any technical or security vulnerabilities, to enforce UDC’s Terms or other applicable policies, or to otherwise protect the rights, property, safety, or security of third parties, users of the Website, UDC, or the public.
The Upper Deck Company
5830 El Camino Real
Attn: Customer Service
Carlsbad, California 92008