|
|
NGC Privacy Notice for California Residents
Effective: June 30, 2020
Last Reviewed: May 21, 2020
This Privacy Notice for California Residents applies to NGC, L.L.C. and all of its subsidiaries and affiliates (collectively, "NGC," "we," "us," or "our,") and NGC's public-facing and commercial-based websites (collectively, the "Sites").
This Privacy Notice supplements the information contained in NGC's General Privacy Notice and applies solely to all visitors, users, and others who reside in the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Notice.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("personal information"). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA's scope, like:
- health or medical information covered by the Health Insurance Portability
and Accountability Act of 1996 (HIPAA) and the California Confidentiality
of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws,
including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act
(GLBA) or California Financial Information Privacy Act (FIPA), and the
Driver's Privacy Protection Act of 1994.
In particular, we have collected the following categories of personal
information from our consumers within the last twelve (12) months:
Category
|
Examples
|
Collected
|
A. Identifiers.
|
A real name, alias, postal address, unique personal
identifier, online identifier, Internet Protocol address,
email address, account name, or other similar identifiers.
|
Yes
|
B. Personal information categories listed in the California
Customer Records statute (Cal. Civ. Code §
1798.80(e)).
|
A name, physical characteristics or description, address,
telephone number, education, employment, medical
information, or health insurance information.
Some personal information included in this category may
overlap with other categories.
|
Yes
|
C. Protected classification characteristics under
California or federal law.
|
Age (40 years or older), race, color, ancestry, national
origin, citizenship, religion or creed, marital status,
medical condition, physical or mental disability, sex
(including gender, gender identity, gender expression,
pregnancy or childbirth and related medical conditions),
sexual orientation, veteran or military status, genetic
information (including familial genetic information).
|
Yes
|
D. Commercial information.
|
Records of personal property, products or services
purchased, obtained, or considered, or other purchasing or
consuming histories or tendencies.
|
Yes
|
E. Biometric information.
|
Genetic, physiological, behavioral, and biological
characteristics, or activity patterns used to extract a
template or other identifier or identifying information,
such as, fingerprints, faceprints, and voiceprints, iris or
retina scans, keystroke, gait, or other physical patterns,
and sleep, health, or exercise data.
|
No
|
F. Internet or other similar network activity.
|
Browsing history, search history, information on a
consumer's interaction with a website, application, or
advertisement.
|
Yes
|
G. Geolocation data.
|
Physical location or movements.
|
No
|
H. Sensory data.
|
Audio, electronic, visual, thermal, olfactory, or similar
information.
|
No
|
I. Professional or employment-related information.
|
Current or past job history or performance evaluations.
|
Yes
|
J. Non-public education information (per the Family
Educational Rights and Privacy Act (20 U.S.C. Section
1232g, 34 C.F.R. Part 99)).
|
Education records directly related to a student maintained
by an educational institution or party acting on its
behalf, such as grades, transcripts, class lists, student
schedules, student identification codes, student financial
information, or student disciplinary records.
|
No
|
K. Inferences drawn from other personal information.
|
Profile reflecting a person's preferences, characteristics,
psychological trends, predispositions, behavior, attitudes,
intelligence, abilities, and aptitudes.
|
No
|
We obtain the categories of personal information listed above from the
following categories of sources:
-
Directly from you. For example, from forms you complete or products you purchase.
-
Indirectly from you. For example, from observing your actions on the Sites or on other
Sites which employ our Cookies.
-
From other sources. For example, from the information provided to us by your employer in
order to send you a gift card as part of an employee benefit program.
-
Note that categories C and I are only collected when such
information is voluntarily disclosed by the sender of a gift card (e.g. an
employer sends a gift card to an employee containing an inscription which
reference the employee's current job or health status). We do not seek out
this information, and we use it only for processing the corresponding gift
card order.
Use of Personal Information
We may use or disclose the personal information we collect for one or more
of the following purposes:
- To fulfill or meet the reason you provided the information;
-
For example, if you share your name and contact information to request a
price quote or ask a question about our products, we will use that personal
information to respond to your inquiry. If you provide your personal
information to purchase a product, we will use that information to process
your payment and facilitate the transaction. We may also save your
information to facilitate new product orders.
- To provide, support, personalize, and develop our Sites, products,
and services;
- To create, maintain, customize, and secure your account with us;
- To process your requests, purchases, transactions, and payments and
prevent transactional fraud;
- To provide you with support and to respond to your inquiries,
including to investigate and address your concerns and monitor and improve
our responses;
- To personalize your experience on our Sites and to deliver content
and product and service offerings relevant to your interests, including
targeted offers and ads through our Sites, third-party sites, and via email
or text message (with your consent, where required by law);
- To help maintain the safety, security, and integrity of our Sites,
products, databases and other technology assets, and business;
- For testing, research, analysis, and product development, including
to develop and improve our Sites, products, and services;
- To respond to law enforcement requests and as required by applicable
law, court order, or governmental regulations;
- As described to you when collecting your personal information or as
otherwise set forth in the CCPA;
- To evaluate or conduct a merger, divestiture, restructuring,
reorganization, dissolution, or other sale or transfer of some or all of
our assets, whether as a going concern or as part of bankruptcy,
liquidation, or similar proceeding, in which personal information held by
us about our consumers is among the assets transferred.
We will not collect additional categories of personal information or use
the personal information we collected for materially different, unrelated,
or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business
purpose. When we disclose personal information for a business purpose, we
enter a contract that describes the purpose and requires the recipient to
both keep that personal information confidential and not use it for any
purpose except performing the contract.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, NGC has disclosed the following
categories of personal information for a business purpose:
- Category A: Identifiers.
- Category B: California Customer Records personal information categories.
- Category C: Protected classification characteristics under California or federal law.
- Category D: Commercial information.
- Category F: Internet or other similar network activity.
- Category I: Professional or employment-related information.
- Category J: Non-public education information.
We disclose your personal information for a business purpose to the
following categories of third parties:
- with service providers, and other third parties we use to support
our business as needed for them to provide us with services that help us
with our business activities and promote our products to you;
- with professional advertisers;
- with government regulators and other authorities who require
reporting of our data processing activities;
- with postal service and other non-governmental mailing and delivery
service providers;
- with companies or organizations which have established customized
Sites hosted by NGC to permit authorized individuals of such companies or
organizations to place direct orders for NGC's products or services; and
- with Software/IT service providers we use to support our business
and who are bound by contractual obligations to keep personal information
confidential and use it only for the purposes for which we disclose it to
them.
Sales of Personal Information
In the preceding twelve (12) months, NGC has not sold personal information
nor has it sold personal information of minors under the age of 16.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights
regarding their personal information. This section describes your CCPA
rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you
about our collection and use of your personal information over the past 12
months. Once we receive and confirm your verifiable consumer request, we
will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we disclosed your personal information for a business purpose, a list of disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal
information that we collected from you and retained, subject to certain
exceptions. Once we receive and confirm your verifiable consumer request,
we will delete (and direct our service providers to delete) your personal
information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary
for us or our service provider(s) to:
- Complete the transaction for which we collected the personal
information, provide a good or service that you requested, take actions
reasonably anticipated within the context of our ongoing business
relationship with you, fulfill the terms of a written warranty or product
recall conducted in accordance with federal law, or otherwise perform our
contract with you.
- Detect security incidents, protect against malicious, deceptive,
fraudulent, or illegal activity, or prosecute those responsible for such
activities.
- Debug products to identify and repair errors that impair existing
intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise
their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal.
Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical
research in the public interest that adheres to all other applicable ethics
and privacy laws, when the information's deletion may likely render
impossible or seriously impair the research's achievement, if you
previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer
expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are
compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described
above, please submit a verifiable consumer request to us by:
- Calling us at 1 888.472.8747
- Emailing us at compliance@ngc-group.com.
Only you, or someone legally authorized to act on your behalf, may make a
verifiable consumer request related to your personal information. You may
also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data
portability twice within a 12-month period. The verifiable consumer request
must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information
if we cannot verify your identity or authority to make the request and
confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Authorized Agents. Only the consumer or an Authorized Agent may make a verifiable consumer request related to their Personal Information. An "Authorized Agent" is a person, or a business entity that is registered with the California Secretary of State, that consumers have authorized to act on their behalf or an individual granted authority under a written power of attorney issued pursuant to California Probate Code sections 4000 to 4465.
If you are an Authorized Agent who wishes to submit a request to know, a
request to delete, or a request to opt-out on behalf of another consumer,
please submit to us sufficient information to allow us to verify your
identity to a reasonably high degree of certainty and either:
- proof of authorization to submit the request, written and signed by the
consumer; or
- a power of attorney pursuant to Probate Code sections 4000 to 4465.
We may deny a request from an Authorized Agent who does not submit adequate
proof that they have been authorized by the consumer to act on the
consumer's behalf. We may also contact the consumer directly to confirm
their identity and that they provided you permission to submit the request
on the consumer's behalf.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five
(45) calendar days of its receipt. If we require more time (up to 45 more
calendar days), we will inform you of the reason and extension period in
writing.
Any disclosures we provide will only cover the 12-month period preceding
the verifiable consumer request's receipt. The response we provide will
also explain the reasons we cannot comply with a request, if applicable.
For data portability requests, we will select a format to provide your
personal information that is readily usable and should allow you to
transmit the information from one entity to another entity without
hindrance.
We do not charge a fee to process or respond to your verifiable consumer
request unless it is excessive, repetitive, or manifestly unfounded. If we
determine that the request warrants a fee, we will tell you why we made
that decision and provide you with a cost estimate before completing your
request.
Personal Information Sales : Opt-Out and Opt-In Rights
Under California law, if you are 16 years of age or older, you have the
right to opt-out of the sale of your personal information at any time (the
"right to opt-out"). Consumers between age 13 and age 16 and parents of
consumers under age 13 must give affirmative authorization (the right to
"opt-in") for any personal information sales. Consumers who opt-in to
personal information sales may opt-out of future sales at any time.
NGC does not sell the personal information of its consumers,
including any minors under 16 years of age.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA
rights.
However, we may offer you certain financial incentives permitted by the
CCPA that can result in different prices, rates, or
quality levels. Any CCPA-permitted financial incentive we offer will
reasonably relate to your personal information's value and contain written
terms that describe the program's material aspects. Participation in a
financial incentive program requires your prior opt in consent, which you
may revoke at any time.
Changes to Our Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on our Sites and update the notice's effective date. Your continued use of any of our Sites following the posting of changes constitutes your acceptance of such changes.
Contact Information
If you have any questions or comments about this notice, the ways in which
NGC collects and uses your information described here and in the General Privacy Notice your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Phone: 1 888.472.8747
Email: compliance@ngc-group.com
Postal Address:
NGC US, LLC
Attn: Compliance Department
300 Millennium Drive
Crystal Lake, Illinois 60012
|