Additional Information for Colorado Residents
Under the Colorado Privacy Act ("CPA"), consumers in Colorado have the right to receive certain disclosures regarding the processing of their personal information and their privacy rights with respect to our processing of such personal information.
Categories of Personal Information Processed
Depending on your use of our Services and how you interact with us, we may collect the following categories of personal information:
- Personal identifiers, such as name, address, telephone number and email address;
- Device information, online identifiers and related information, such as operating system information, type of device, and screen size;
- Internet, application, and network activity information, such as browsing history, clickstream data, search history, and information regarding interactions with a website, application, or advertisement, including other usage data related to your use of any of our Services or other online services, cookies and IP addresses;
- Demographic information, such as age and birth month;
- Commercial information such as financial information, credit and debit card numbers (stored with our payment processor) and claims information, records of personal property, products or Services purchased, obtained, or considered, or other purchasing or use histories or tendencies;
- Customer records such as purchase history information, such as products you have bought, rented, and/or returned;
- Professional information such as current and former employers, business contact information and professional memberships;
- Location information, such as precise and general geolocation information;
- Audio, visual and other sensory information, such as audio and video recordings;
- Individual preferences and characteristics, such as inferences related to shopping patterns and behaviors; and
- Sensitive personal information including financial information (held by our payment processors) and precise geolocation.
Purpose for Processing Personal Information
We use your personal information to provide you products and Services, such as to fulfill your requests for products or to help us personalize our Services and market to you. We also may use your personal information to support our business functions, such as fraud prevention, marketing, and legal functions. Some examples may include:
- Providing Services and support: To provide and operate our Services, fulfill your order or requests for Services and provide customer service, create and maintain your account, communicate with you about your use of the Services, provide troubleshooting and technical support, debug to identify and repair errors that impair existing intended functionality, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar Service and support purposes.
- Responding to inquiries: To respond to your questions, fulfill your orders, and consider your requests.
- Analytics and improvement: To better understand how users' access and use the Services and our other products and offerings, conduct auditing and monitoring of transactions and engagement, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, develop Services and features, and for internal quality control and training purposes.
- Customization and personalization: To tailor the content we may send or display on the Services, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences.
- Marketing and advertising: For marketing and advertising purposes. For example, to send you information about our Services, such as offers, promotions, newsletters, and other marketing content, including about third-party products and services we think may interest you, as well as any other information that you sign up to receive. We also may use certain personal information we collect to manage, measure, and improve our advertising campaigns so that we can better reach people with relevant content.
- Loyalty and rewards program: If you are a member of our Ace Rewards program, we use your personal information in order to administer those programs, which are described more specifically when you enroll.
- Planning and managing events: For event planning and management, including registration, attendance, connecting you with other event attendees, and contacting you about relevant events and Services.
- Research and surveys: To administer surveys and questionnaires, such as for market research or member satisfaction purposes.
- Safety, quality, and improvement: To undertake activities to verify or maintain quality or safety and improve, upgrade, or enhance the Services owned or controlled by us.
- Security and protection of rights: To protect you and others, the Services and our business operations; to help ensure security and integrity and prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use, available at acehardware.com/terms-of-use, our contracts, if any, with you, or this Privacy Policy.
- Legal proceedings and obligations: To comply with the law and our legal obligations, to handle legal processes, and related to legal proceedings.
- General business and operational support: To conduct business analysis, such as analytics and projections, or to identify areas for operational improvement, and to consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.
- Other notified purposes: For other lawful purposes that you reasonable expect, are permitted under applicable law and regulation, or that we may notify you of from time to time.
Ace may combine personal information, collected online and offline, including personal information from third party sources as described below. Ace also may transfer or share your personal information within our corporate family of companies and Ace stores for these purposes, as permitted by law.
Categories of Personal Information Shared with Third Parties
Generally, we may share the following categories of personal information with third parties for a business or commercial purpose:
- Commercial information, such records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Internet or other electronic network activity information, such as browsing history, search history, and information regarding your interaction with an internet website or application, as well as physical and network access logs and other network activity information related to your use of any Ace network or other information resource.
- Geolocation data, such as precise and general location information about a particular individual, vehicle, or device.
- Characteristics of protected classifications under state and federal law, such as race/ethnicity, gender, and sex.
- Audio, electronic, visual, thermal, or similar information, such as CCTV/camera/video footage, photographs, call recordings, and other audio recording (e.g., recorded webinars).
- Professional or employment-related information, such as professional memberships and associations.
- Education information, such as degrees earned.
- Inferences, such as inferences drawn from any of the information identified above to create a profile about an individual regarding her or his preferences, characteristics, predispositions, behaviors, and personality tests and profiles reflecting skill and aptitude.
- Sensitive personal information, such as financial account and payment information; and precise geolocation information.
Sales and Targeted Advertising
The CPA defines "sale" as disclosing or making available personal information to a third-party in exchange for monetary or other valuable consideration, and "targeted advertising" means displaying to a consumer an advertisement that is selected based on personal data obtained or inferred over time from the consumer's activities across nonaffiliated websites, applications, or online services to predict consumer preferences or interests. While we do not disclose personal information to third parties in exchange for monetary compensation, we may "sell" or process for "targeted advertising" the following categories of personal information: identifiers; commercial information; location data; and internet and network activity information. We may disclose these categories to third-party advertising networks, analytics providers, franchises, and social networks for purposes of marketing and advertising and to improve and measure our ad campaigns. We may also share limited information, such as name and email address to data brokers for purposes of marketing and advertising and to improve and measure our ad campaigns. You can opt-out of sale and sharing in the Right to Opt Out of Sales and Sharing section below.
Categories of Third Parties with Whom We Share Personal Information
The categories of third parties with whom we may share personal information include: advisors and agents, affiliates and subsidiaries, regulators, government entities and law enforcement, internet service providers, operating systems and platforms, advertising networks, data analytics providers, social networks, data brokers, Ace stores, and others, as permitted by law.
Colorado Residents' Rights
Colorado law grants Colorado residents' certain rights and imposes restrictions on particular business practices as set forth below. Subject to certain exceptions, Colorado residents have the right to make the following requests:
Right to Deletion: Colorado residents have the right to request deletion of personal information that concerns them, subject to certain exemptions.
Right to Access: Colorado residents have the right to confirm whether a controller is processing their personal information and to access their personal information.
Right to Correction: Colorado residents have the right to correct inaccuracies in their personal information, taking into account the nature of the personal information and the purposes of the processing of their personal information.
Right of Portability: Colorado residents have the right to obtain a copy of the personal information a controller processes that concerns them in a portable and, to the extent technically feasible, readily usable format that allows them to transmit their personal information to another entity without hindrance .
Right to Opt Out of Sale: Colorado residents have the right to request a business opt them out of the sale of their personal information. Colorado's definition of sale is broad and encompasses many types of data transfers. Under this definition, Ace does sell personal information, however, we do not "sell" any personal information for monetary compensation.
Right to Opt Out of Targeted Advertising: Colorado residents have the right to request a business opt them out of the processing of their personal information for the purpose of targeted advertising. For more information about how we collect and process your personal information for purposes of targeted advertising, see the Cookies and Other Technologies and Interest-Based Advertising sections of the main body of the privacy policy.
You may also use a universal opt-out mechanism through your browser, which our website shall process as a request to opt out of sales and targeted advertising for the relevant browser and device. You can configure certain browsers and other technologies to send opt-out preference signals to a website notifying the website of your express request to stop the sale or use of your personal information for targeted advertising. At this time, this signal only applies to the browser and device you are searching from. For AceHardware.com account holders, if you are logged into your account and are sending an opt-out preference signal, we will treat this as an offline opt out of sale request on your behalf as well.
Right to Opt Out of Profiling: Colorado residents have the right to request a business opt them out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.
Right to Appeal: Colorado residents may appeal a business's refusal to take action on a request to exercise their rights per the instructions provided in our response or by submitting a new request that references the original request via our appeal webform, available at https://privacyportal.onetrust.com/webform/08fcfb30-e571-44e6-a1de-eb62fe3d7b00/07be3cba-e48f-4be8-ba56-206313d29554.
Submitting Requests
Requests to exercise privacy rights may be submitted on our Your Privacy Choices webform or by clicking the "Your Privacy Choices" button on the bottom of AceHardware.com. Additionally, individuals may contact Customer Care at 1-888-827-4223 or complete a form in Ace stores. We will respond to verifiable requests received from Colorado residents as required by law.
To submit a request to opt-out of the sale of your personal data or targeted advertising, use the mechanisms outlined above and adjust your cookie settings here: Manage Choices
Verification of Requests
For your protection, we may require you to log into your account to verify your identity or make requests. In order to process requests to know, delete or correct, we require first name, last name, zip code, email, phone number and/or Ace Rewards number, and we may ask for additional information such as recent purchases or authenticated interactions with us depending on the nature of the request and the need to prevent fraud and protect security. The information provided in the request will be compared to the data Ace maintains for that customer. If the information does not match, we will be unable to process the request.
Authorized Agent Requests
An authorized agent is a person who has authorization to request to opt-out of targeted advertising, profiling, or the sale of personal information on behalf of a Colorado resident. Authorized agents use the same links described above to submit requests.
If you are submitting a request on behalf of another person, we require an authorization, and/or other documentation demonstrating your authority to submit this request. This can be a letter or other documentation signed by the Colorado resident authorizing you to submit this request. Ace reserves the right to contact the consumer directly to verify their identity and ensure that they have elected an authorized agent.
Right to Non-Discrimination
Ace will not discriminate against Colorado residents for exercising their rights under the CPA.