Privacy Shield Policy for Wilton Brands LLC
Residents of the European Union (EU) and European Economic Area (EEA)
Updated and effective May 22, 2018.
TABLE OF CONTENTS
- Information Collected by Wilton.
- Third Party Analytics Providers, Ad Servers, and Similar Third Parties.
- User Content and Submission Features.
- Social Media Features.
- Use of Information We Collect.
- Sharing Information with Third Parties.
- Third-Party Links and Content.
- International Transfer of Personal Information.
- Inquiries and Complaints.
- Closing Your Account; Retention of Information.
- California Residents Under the Age of 18 Only.
- Contact Information.
1. Information Collected by Wilton.
A. Information You Directly and Voluntarily Provide: We may ask you to provide “Personal Information” (i.e., information that identifies you as a specific, identifiable individual) when you visit one of our Sites through various features, including:
- Accounts. We collect your name and email address and may also collect other Personal Information, such as your address and telephone number, when you create an account on a Site (which may include accounts on The Wilton School or Careers portal); we will also require you to create a user name and password for each account. We collect the payment information that you choose to save to an account. We collect the employment and other information that you choose to save to or submit through a Careers portal account.
- Payment, Shipping, and Delivery. We collect payment information when you pay for an order or a class and collect shipping and delivery information for products that you buy.
- Contact Us. We collect your name, email address, other contact information and any additional Personal Information that you provide when you communicate with us through a Site, such as through the “Contact Us” feature.
- Share by Email. If you use a Site’s “Email a Friend” feature to share by email, we will ask you for the recipient’s Personal Information (i.e., email address) and will use your email address to identify the “sender.”
- Newsletters Features. We collect your email address and may collect other Personal Information you choose to provide if you “opt in” to receive promotional email communications from us.
- User Content and Submission and Social Media Features. We collect the Personal Information that you provide when you submit User Content (as described in Section 3) or participate in Submission Features (as described in Section 3) or Social Media Features (as described in Section 4).
We do not use the Personal Information that you provide as described above for any other marketing purposes. However, we may convert Personal Information into information that no longer identifies you as a specific, identifiable individual and is no longer Personal Information, for example, by converting your email address into an alphanumeric code that does not identify you directly (“Hashed Information”). We and our service providers use Hashed Information to track your activity on the Sites and elsewhere, to target advertising, and for other marketing purposes.
Each Site is intended for a general audience and not for use by or targeted to children younger than the age of 13. We do not knowingly collect Personal Information from children younger than the age of 13 and if we learn that we have, we will delete that information from our active databases.
Providing information is optional, but if you do not provide us with certain information, including Personal Information, you may not be able to use some Site features.
B. Information that We Automatically Collect:
We or our service providers collect certain information whenever you access or interact with a Site (“Usage Information”) using a variety of tracking and other technologies, such as cookies (including Flash cookies from the Adobe Flash plug-in), local storage, web beacons, embedded scripts, and location data services. These tracking technologies may transfer a unique identifier for your device to a browser, place a cookie on your device, temporarily download code to your device, or use other means to track your access or interactions.
To get information about Flash and Adobe’s privacy choices from Adobe, click here. To get information about cookies from All About Cookies.org, click here. If you disable cookies, adjust privacy settings on your device, restrict local storage, or otherwise limit these technologies, you may not be able to use some Site features.
We use these technologies for many purposes, including to make your use of a Site more convenient and to track total visitors on an aggregate basis. The information we collect may include (but is not limited to):
- Date and time of your visit to a Site.
- Areas you visit within a Site.
- Links that you click on within a Site.
- Websites or advertisements you visit before or after visiting a Site.
- Terms you entered into a search engine that lead you to a Site.
- IP address, mobile device identifier, or other unique identifier (“Device Identifier”) and other Usage Information for the device used to access a Site.
- Precise location data from your device, if you have opted-in to the collection of that information (you may be able to disable the collection of precise location data through the settings on the device used to access a Site, but your approximate location may remain available through its IP address or other information that we collect).
- Device and connection information, such as browser type and version, operating system, and platform.
- Whether an email message we sent was opened and whether a link in the email message was clicked.
C. “Do Not Track” Requests. Some browsers can be set to send a “Do Not Track” request that requests that a website not track the visitor’s activity. Currently, our Sites do not stop tracking in response to those requests. For information about “do not track” from The Future of Privacy Forum, click here.
2. Third Party Analytics Providers, Ad Servers, and Similar Third Parties. Wilton works with service providers, such as analytics companies, network advertisers, agencies, and others who provide us with information about the Sites, Site users, and our advertisements, and who serve our advertisements elsewhere. We and our service providers collect certain information about your visits to and activity on our Sites and other websites and services and may use this information to target advertising to you and others and to assess the effectiveness of our advertising. We may share certain information, such as Usage Information and Hashed Information, with these service providers for similar purposes.
These service providers use their own tracking technologies and may collect or have access to your Personal Information over time and across websites.
Some of these service providers may be members of the Network Advertising Initiative (“NAI”) or Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. Both NAI and DAA provide information regarding procedures for opting-out of targeted online advertising from participating companies. For information from NAI about opting out, click here. For information from DAA about opting out click here, and for information about DAA’s AppChoices application, click here.
Opting out through these mechanisms does not block all online advertising; you will continue to receive generic advertisements.
If you use Social Media Features, your interaction and Personal Information may be publicly disclosed on the Sites and on the third-party platform. We and the third-party platform may have access to information about you and your use of the Sites and the third-party site. If others give us access to their profile, page, or other content on a third-party platform, we may also receive information about you if it is accessible through that content.
5. Use of Information We Collect. We use information we collect, including Personal Information, Usage Information, and Hashed Information:
- To enable you to use a Site, such as maintaining your account information, fulfilling your orders, accepting your payments, shipping and delivering your orders and email messages, and processing information you provide through a Site, including verifying that your email address is active and valid.
- To communicate with you and send you information--by email, mail, telephone, text message, or other means--about us and our Sites, products, services, and activities. For information on how to opt-out of promotional communications from us, see Section 10.
- To tailor the content and advertising we display to you or others, on a Site or elsewhere, and to analyze trends and statistics.
- To create advertising models through lookalike modelling or other research methodologies.
- To provide customer service, such as responding to your questions, complaints, or comments and getting your feedback.
- For internal business purposes, such as improving our Sites, products, and services and to comply with legal requirements and our business practices, such as our recordkeeping, backup, and document retention policies.
- To consider an employment application you submit through the Careers portal, including as described in Section 6.E.
A. Service Providers: We use third parties to provide services to us or on our behalf, such as operating and supporting a Site, maintaining accounts, operating the Wilton School portal, Careers portal, and Blog portal, fulfilling orders, processing payments, shipping and delivery, sending newsletters and email messages, analyzing data, or performing marketing or consulting services. We give these service providers access to your Personal Information so that they can provide the services.
B. When You Agree to Receive Information from Third Parties or Request That We Share Your Information: We do not share Personal Information with any third party for the third party’s own direct marketing purposes and will not do so unless we first provide you with the opportunity to agree by opting-in. If you opt-in, your Personal Information will be disclosed to that third party and will be subject to the third party’s privacy practices.
C. Law Enforcement and Protection of Users: To the extent permitted by law, we will disclose your Personal Information to government authorities or third parties pursuant to a subpoena or other legal request or process. We may also use or disclose your Personal Information as permitted by law to enforce or protect the rights or property of us, our customers, or business partners. Information that we disclose in this way may become available to others.
D. Business Transfers and Transitions. We may, in evaluating or engaging in a sale of assets, bankruptcy, merger, or other transaction, transfer or assign your Personal Information, which you agree that we may do without your further consent.
E. Employment Applications. If you submit an employment application through the Careers portal on a Site and voluntarily “self-identify” in certain ways (e.g., veteran status or gender), we may use your Personal Information to fulfill legal reporting requirements or to defend against employment-related claims.
7. Security. We take commercially reasonable steps to secure information (including Personal Information), for example, the checkout process uses SSL (Secure Socket Layer) technology to help protect the transaction. No computer system is fully secure, however, and there are inherent risks associated with online transactions. You use a Site and submit information to us at your own risk.
8. Third-Party Links and Content. A Site may contain links to other web sites that Wilton does not control, and advertising and other content hosted and served by third parties. Wilton is not responsible for the privacy practices of any third party.
10. Corrections/Deletion/Opt-Out. You may update, correct, or delete the Personal Information you have provided by contacting us at email@example.com. We will take commercially reasonable steps to make changes in our active databases but will keep the original information consistent with our business practices (e.g., recordkeeping, backup, and document retention). To opt out of promotional email communications from us, email us at firstname.lastname@example.org or click on the unsubscribe link in a promotional email you receive from us.
13. California Residents Under the Age of 18 Only. If you have created an account with a Site, you may request that we remove content or information that you have publicly posted by sending an email message to email@example.com that includes: your mailing address and a detailed description of the content or information. At our option, we may either remove your Personal Information (and not other User Content) or remove all of the content and information.
Privacy Shield Policy for Wilton Brands LLC
Wilton Brands LLC and its Affiliates defined below (collectively, “Wilton,” “we,” “our,” and “us”) comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the United States Department of Commerce regarding the collection, use, and retention of Personal Data (defined below) from member states of the European Union (“EU”), European Economic Area (“EEA”), and Switzerland. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles, which we summarize below in this Policy. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and view our certification (which is in the process of being published on the Department of Commerce website), please visit https://www.privacyshield.gov/.
“Affiliates” means: Wilton Brands International LLC, Wilton Global Sourcing LLC, and Wilton Industries, Inc.
“Data Subject” means an individual to whom any Personal Data covered by this Privacy Shield Policy refers.
“Personal Data” and “personal information” mean any information relating to an identified or identifiable person residing in the EEA or Switzerland.
“Sensitive Personal Data” means Personal Data regarding an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.
“Controller” means a person or organization that, alone or jointly with others, determines the purposes and means of processing Personal Data.
Scope and Responsibilities
This Privacy Shield Policy applies to Personal Data transferred from within the EEA and Switzerland to our operations in the U.S. in reliance on the respective Privacy Shield framework and does not apply to Personal Data otherwise transferred under Standard Contractual Clauses or an approved derogation under the EU General Data Protection Regulation.
Our employees who have access in the U.S. to Personal Data covered by this Privacy Shield Policy are responsible for handling Personal Data in a manner consistent with this Privacy Shield Policy. Employees responsible for engaging third parties to handle Personal Data covered by this Privacy Shield Policy are responsible for obtaining appropriate contractual or other assurances that the Personal Data will be handled in a manner consistent with the Privacy Shield Principles.
Our adherence to this Privacy Shield Policy may be limited to the extent required to meet legal, regulatory, governmental, or national security obligations.
Privacy Shield Principles
We commit to process all Personal Data received in the U.S. subject to the EU-U.S. or Switzerland-U.S. Privacy Shield Frameworks in conformance with the following principles:
Apart from fulfilling our legal obligations and engaging agents to perform tasks on our behalf, we will inform you if we share Personal Data with a third party or use it for a new purpose materially different from the purpose for which we originally collected it or that you have already authorized or subsequently authorize. We will give you a choice of opting out of that sharing or new use. However, if the sharing or new use involves Sensitive Personal Data, we will not proceed unless you explicitly consent or “opt in.”
3. Accountability for Onward Transfer
If we transfer Personal Data covered by this Privacy Shield Policy to a third party acting as a Controller, we will do so consistent with any notice provided to Data Subjects and any consent they have given, and only under a contract with the third party providing that it will: (a) process the Personal Data for limited and specified purposes consistent with the consent provided by the Data Subject, (b) provide the same level of protection required by Privacy Shield Principles and notify us if it determines that it can no longer meet this obligation; and (c) if it determines that it can no longer meet this obligation, cease processing the Personal Data or take other reasonable and appropriate steps to remediate.
When we transfer Personal Data to a third party acting as our agent rather than as a Controller, we will: (a) permit the agent to process the Personal Data only for limited and specified purposes; (b) require the agent to provide the same level of privacy protection required by the Privacy Shield Principles; (c) take reasonable and appropriate steps to ensure that the agent effectively processes the Personal Data in a manner consistent with our obligations under Privacy Shield Principles; and (d) require the agent to notify us if it determines that it can no longer meet its obligation to provide the same level of protection required by the Privacy Shield Principles. On notice from an agent that it has made such a determination, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.
We remain liable under the Privacy Shield Principles if an agent processes Personal Data covered by this Privacy Shield Policy in a manner inconsistent with Privacy Shield Principles, except where we can establish that we are not responsible for the event giving rise to the damage.
We take reasonable and appropriate measures to protect Personal Data covered by this Privacy Shield Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.
5. Data Integrity and Purpose Limitation
We limit the collection of Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing, as described in our general or specific privacy notices. We do not process Personal Data in a way that is incompatible with the purposes for which it was collected or that were subsequently authorized by the Data Subject.
We take reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete, and current. We take reasonable and appropriate measures to comply with the requirement under Privacy Shield Principles to retain Personal Data in identifiable form only for as long as it serves a purpose of processing, which includes our obligations to comply with legal requirements and professional accounting and audit standards, and for longer periods in the event of legal or insurance claims or regulatory proceedings. We adhere to the Privacy Shield Principles for as long as we retain such Personal Data.
Data Subjects whose Personal Data is covered by this Privacy Shield Policy have the right to access such Personal Data and to correct, amend, or delete such Personal Data if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated). Requests for access, correction, amendment, or deletion should be sent to: firstname.lastname@example.org
7. Disclosure to Law Enforcement
We may disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
8. Recourse, Enforcement, and Liability
Our participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your Personal Data. If you have questions or complaints regarding this Privacy Shield Policy or our practices, you should first contact us at: email@example.com.
We have further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to an independent dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS Inc. (“JAMS”) https://www.jamsadr.com/eu-us-privacy-shield. for more information or to file a complaint. The services of JAMS are provided at no cost to you.
We have further committed to cooperate with the panel established by the EU data protection authorities or the Swiss Federal Data Protection Authority, as applicable, and comply with their advice regarding human resources data transferred under this Policy in the context of the employment relationship.
Under certain conditions detailed in the Privacy Shield Annex I, Data Subjects also may be able to invoke binding arbitration before the Privacy Shield Panel created by the U.S. Department of Commerce and the European Commission.
We will periodically review and verify compliance with the Privacy Shield Principles and remedy any issues arising out of failure to comply with the Privacy Shield Principles.
Residents of the European Union (EU) and European Economic Area (EEA)
We comply with the European Union General Data Protection Regulation (“GDPR”) and other relevant data protection laws. For GDPR purposes, Wilton Brands LLC is a data “controller,” and you may contact us here:
Wilton Brands LLC
535 East Diehl Road, Suite 300
Naperville, Illinois 60563
United States of America
c/o Data Protection Officer
1. Corrections/Deletion/Opt-Out. You can access personal information about you and update or correct it. In some cases, you can also ask us to erase it, restrict or stop processing it, or provide your personal data to you in a “portable” form, if feasible. You may withdraw consent (“opt-out”) if you have previously consented to a particular use of your personal information, such as receiving emails or text messages, by contacting us at firstname.lastname@example.org or clicking on the unsubscribe link in a promotional email you receive from us.
2. Inquiries and Complaints. If you reside in the EEA, you have the right to make a complaint to your national data protection supervisory authority.
3. Children. Each Site is intended for a general audience and not for use by or targeted to children younger than the age of 16. We do not knowingly collect Personal Information from children younger than the age of 16 and if we learn that we have, we will delete that information from our active databases.
- We operate the Sites in the United States. By visiting a Site or providing your personal information, you consent to the collection, transfer, and processing of your personal data in the United States and other jurisdictions. We are in the process of certifying regarding the collection, use, and retention of personal information relating to individuals residing in the EEA or Switzerland.
Except as noted on specific webpages, we retain your personal information while you have an account with us and while you are using our app or continuing to visit any of the Sites.
When we ask you for personal data, we will tell you if it is optional. Otherwise, we ask because it is necessary in order for us to provide requested information, complete a requested transaction, or access some Site features.