Gift Card Privacy Policy
GIFT CARD PRIVACY POLICY
1. INTRODUCTION
This Gift Card Privacy Policy (“Policy”) of Potomac River Running, Inc. (“our,” “us,” or “we”) applies to each individual from whom our processor receives personal information through our Sync Solution (defined below).
Our processor operates a software-based service for us, which is operable to synchronize your gift card data between the point-of-sale systems at our brick-and-mortar stores and the ecommerce processing system connected to our website that displays this Policy (our “Sync Solution”).
The term “personal gift card data,” as used in this Policy, means any personal information within your data that our processor receives through the Sync Solution.
In this Policy, we use certain terms that have specific meanings, such as “automated profiling,” “biometric information,” “targeted advertising,” “deidentified,” “personal information,” “sell,” and “sensitive personal gift card information.” For the full set of definitions, please see the end of this Policy at Section 3.5.
We may update this Policy from time to time. The date provided at the top of this Policy is the latest revision date of this Policy.
2. OUR NOTICES TO YOU
2.1 No Sale. Neither we nor our processor sells your personal gift card data, nor do we or our processor sell any of your sensitive personal gift card data that we may collect.
2.2 No Sharing for Targeted Advertising. Neither we nor our processor distributes or provides your personal gift card data (sensitive or otherwise) to any advertising network or other third party for purposes of targeted advertising.
2.3 Minors Under 16 Years of Age. As indicated above, neither we nor our processor sells any personal gift card data of any consumer under 16 years of age, nor do we or our processor share the sensitive personal gift card data of any consumer under 16 years of age for targeted advertising.
2.4 Sensitive Personal Gift Card Data. We may, through our processor, collect your sensitive personal gift card data depending upon the intended use of our Sync Solution, the nature of our transactions and communications with you, and our Business Purposes (defined in Section 2.6). To the extent required by applicable law, we will obtain your consent before collecting your sensitive personal gift card data. If we collect your sensitive personal gift card data, we may use or disclose it only: (a) as authorized by applicable law; or (b) as necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, including the services that we perform for the Service Purposes (defined in Section 2.6).
2.5 Categories of Personal Gift Card Data That We Collect. The following is a list of the categories of your personal gift card data that we may collect, through our processor, for our Business Purposes:
· Your purchase account number.
· Your name.
· Your email address.
· Your gift card number.
· The email address of another individual that you submit so that we may send a gift card to the individual.
2.6 Our Purposes for Collecting Your Personal Gift Card Data
· Service Purposes. We may, through our processor, collect, use, or disclose your personal gift card data for the purpose of synchronizing your gift card data between the point-of-sale systems at our brick-and-mortar stores and the ecommerce processing system connected to our website that displays this Policy (“Service Purposes”).
· Business Purposes. We may, through our processor, collect, use or disclose your personal gift card data for our Service Purposes as well as our operational purposes, provided that our use of your personal gift card data is necessary and proportionate to achieve the purpose for which your personal gift card data was collected or processed or for another purpose that is compatible with the context in which your personal gift card data was collected (collectively, our “Business Purposes”).
· Complying with Law. We may also use or disclose your personal gift card data to the extent necessary for us to: (a) comply with federal, state or local laws; (b) comply with civil, criminal or regulatory inquiries, investigations, search warrants, subpoenas, summons, orders, injunctions and mandates issued by courts, judicial authorities, law enforcement authorities or governmental authorities, including federal, state or local authorities; and (c) cooperate with such authorities.
2.7 How We Collect Your Personal Gift Card Data. We may, through our processor, use our Sync Solution to collect your personal gift card data through the following methods:
· automatically pulling data from the point-of-sale systems at our brick-and-mortar stores where you purchase a gift card or product from us.
· automatically pulling data from the ecommerce processing system connected to our website that displays this Policy where you make an online purchase of a gift card or product from us.
2.8 Sources of Your Personal Gift Card Data. We may obtain your personal gift card data from the following categories of sources:
· You – You may provide us with portions of your personal gift card data, such as your name.
· Us – We may generate portions of your personal gift card data, such as the account number and dollar amount.
2.9 Receivers of Your Personal Gift Card Data. We and our processor may disclose your personal gift card data to the following third-party receivers:
· Technology Suppliers – third parties that supply or operate webservers and other information technology resources that are connected to our Sync Solution.
· Corporate Affiliates – third parties that control us, that we control, or that are under common control with us, such as our parents, subsidiaries, and sister entities.
· Legal Authorities – legal authorities, such as courts, judicial authorities, law enforcement authorities or governmental authorities (including federal, state, or local authorities) in connection with any civil, criminal or regulatory inquiry, investigation, search warrant, subpoena, summons, order, injunction or mandate issued by any such legal authority.
2.10 How Long We Keep Your Personal gift card data. For each of the categories of personal gift card data provided above, we may keep your personal gift card data for a period lasting as long as is reasonably necessary for our purpose of collecting it or as otherwise required by applicable law. At the end of the period or when you delete your user account, whichever comes first, we may permanently destroy, erase, delete, encrypt, or disable access to your personal gift card data in a manner designed to ensure that it cannot be reconstructed or read. You will not be able to recover such personal gift card data later.
2.11 Your Personal Gift Card Data Rights
· Right to Know. As described above, this Policy informs you of the categories of your personal gift card data that we collect, our purposes for collecting or using it, whether we sell it or share it for targeted advertising, and the length of time that we retain it.
· Right to Request Deletion. You have the right to request that we delete your personal gift card data that we have collected.
· Right to Request Correction. You have the right to request that we correct any inaccurate personal gift card data about you that we maintain.
· Right to Request Usage Details. You have the right to request that we disclose the following to you: (a) confirmation as to whether or not we are collecting, using, storing, disclosing, analyzing deleting or modifying your personal gift card data; (b) the categories of personal gift card data that we have collected about you; (c) the categories of sources from which we have collected your personal gift card data; (d) the business or commercial purpose for collecting your personal gift card data and for any selling of it or sharing of it for targeted advertising; (e) the categories of third parties to whom we have disclosed your personal gift card data; and (f) the specific pieces of personal gift card data that we have collected about you, which may be requested in a portable, and to the extent technically feasible, readily usable format that enables you to transmit the personal gift card data to another entity without hindrance.
· Right to Request Details About Sales, Sharing or Disclosure. You have the right to request that we disclose the following to you: (a) the categories of any of your personal gift card data that we have sold or shared to third parties for targeted advertising; (b) the categories of any such third parties, itemized by category of your personal gift card data; and (c) the categories of your personal gift card data that we have disclosed to persons for a Business Purpose, and the categories of those persons.
· Right to Opt Out. You have the right, at any time, to: (a) direct any business that sells your personal gift card data or shares it for targeted advertising, not to do so; (b) opt out of automated profile-based advertising; and (c) opt out of automated profiling, including automated profiling conducted in furtherance of decisions that produce legal or similarly significant effects concerning you.
· Right to Limit Use and Disclosure of Sensitive Personal gift card data. You have the right, at any time, to direct any business that collects your sensitive personal gift card data to limit its use of your sensitive personal gift card data to the extent authorized by regulations adopted pursuant to applicable law or only as necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, including the services that we perform for the Service Purposes.
· Right of Non-Discrimination. You have the right to be free of any discrimination related to your exercise of any of your rights provided in this Policy or otherwise under applicable law. You understand that, as permitted by applicable law, we may provide you with a price, rate, level, or quality of goods or services that differs from what we offer to other consumers if that price or difference is reasonably related to the value that we receive, if any, based on your data.
· Right and Method to Contact Us. To submit a request or notice to us under this Section, you may send your request or notice through our contact page or by writing or emailing us at the following address or by calling the toll-free number shown below:
Potomac River Running, Inc.
21505 Greenoak Way
Sterling, Virginia 20166
Email Address: __________@prrunandwalk.com
Phone: 1-800-___-___
· Right to Authorize an Agent. You may authorize another person to provide us with your request or notice under this Section, and we will comply with such request or notice if we can verify that you have given such authority as described in Section 2.12.
2.12 Our Response Procedures
· Verification. For security purposes, before processing your request or notice under Section 2.11, we will take steps to determine whether the request is a verifiable request or whether the notice is verifiable. We are not obligated to provide information that you may request under this Section if we cannot verify, pursuant to applicable law, that the person making the request is the individual about whom we have collected information or is a person authorized by the individual to act on the individual’s behalf.
· Our Response. We will respond to your requests and notices within a reasonable timeframe and in accordance within the requirements, frequency and timing specified by applicable law. We may decline part or all of your requests or notices as permitted by applicable law, and we will inform you of the reason for the decline.
· Decline of Requests. We may decline to delete your personal gift card data if it is reasonably necessary for us to maintain your personal gift card data in order to: (a) complete the transaction for which the personal gift card data was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated by you within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us; (b) help to ensure security and integrity to the extent the use of the your personal gift card data is reasonably necessary and proportionate for those purposes; (c) debug to identify and repair errors that impair existing intended functionality; (d) exercise free speech, ensure the right of another consumer to exercise that your right of free speech, or exercise another right provided for by law; (e) engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the ability to complete such research, if you have provided informed consent; (f) enable solely internal uses that are reasonably aligned with the expectations of you based on your relationship with us and compatible with the context in which you provided the information; or (g) comply with a legal obligation or applicable law.
· Frequency and Historical Period. Pursuant to applicable law, we may not be required to provide you with the same type of information under this Section more than twice in a twelve (12) month period, and we may not be required to provide more than twelve (12) months of historical information.
3. MISCELLANEOUS
3.1 Deidentified Information. With respect to deidentified information derived from your personal gift card data, we retain the right to collect, process, use, store, sell, share, disclose, and distribute the deidentified information in accordance with applicable laws. If we exercise this right, we will maintain and use the deidentified information and not to attempt to reidentify it, except that we may reidentify the information only to determine whether our deidentification processes satisfy the requirements of applicable laws.
3.2 Definitions. In this Policy, we use the words and phrases “including,” “includes,” “such as” and “e.g.” in a non-limiting fashion, and the following terms (whether used in capitalized or lowercase form) will have the following meanings given to them:
“affiliates” means our third-party technology suppliers, contractors, corporate affiliates, service providers, processors, vendors, licensors, lessors, and other third parties with whom we have a business relationship.
“automated profiling” (referred to in some jurisdictions as “profiling”) means any form of automated processing of personal gift card data to evaluate, analyze, or predict personal aspects concerning any identified or identifiable individual’s economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
“biometric information” means an individual’s physiological, biological, or behavioral characteristics, including information pertaining to an individual’s deoxyribonucleic acid (DNA), that is used or is intended to be used singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes: (a) imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted; (b) keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information; and (c) information based on an individual’s retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry, which is used to identify the individual, excluding any item of such information that is not deemed biometric information according to specific exclusions set forth in applicable law.
“business” means a sole proprietorship, partnership, limited liability company, corporation, association, person other than a consumer, or other legal entity.
“consumer” (referred to in some jurisdictions as “data subject”) means a natural person.
“deidentified” (referred to in some jurisdictions as “pseudonymized”) means information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer, provided that the business that possesses the information satisfies the requirements of applicable law related to the use of deidentified information.
“personal information” (referred to in some jurisdictions as “personal data”) means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, but personal information does not include: (a) publicly available information as defined or characterized by applicable law; (b) lawfully obtained, truthful information that is a matter of public concern; or (c) consumer information that is deidentified.
“security and integrity” means the ability of: (a) networks or information systems to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal gift card data; (b) businesses to detect security incidents, resist malicious, deceptive, fraudulent, or illegal actions and to help prosecute those responsible for those actions; and (c) businesses to ensure the physical safety of natural persons.
“sell,” “selling,” “sale,” or “sold’’ means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal gift card data by the business to a third party for monetary or other valuable consideration, excluding any of the foregoing activities that are not deemed to be a sale according to specific exclusions set forth in applicable law.
“sensitive personal gift card data” means: (1) personal gift card data that reveals: (a) a consumer’s social security, driver’s license, state identification card, or passport number; (b) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (c) a consumer’s precise geolocation, including any data that is derived from a device and that is used or intended to be used to locate the consumer within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet, except as prescribed by applicable law; (d) a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (e) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; or (f) a consumer’s genetic data; (2) the processing of biometric information for the purpose of uniquely identifying a consumer; (3) personal gift card data collected and analyzed concerning a consumer’s health; and (4) personal gift card data collected and analyzed concerning a consumer’s sex life or sexual orientation. Sensitive personal gift card data that is “publicly available” (as described above) will not be considered sensitive personal gift card data or personal gift card data.
“targeted advertising” (referred to in some jurisdictions as “cross-context behavioral advertising”) means the targeting of advertising to a consumer based on data that is derived from the consumer’s behavior across distinctly branded platforms (e.g., websites, applications, and other venues) beyond the business or distinctly branded platform with which the consumer intentionally interacts. The definition of targeted advertising does not include advertising based on your activities within our Sync Solution, nor does it include other advertising activities that are not deemed to be targeted advertising according to specific exclusions set forth in applicable law.
“verifiable request” means a request that is made by you, by you on behalf of your minor child, by a natural person or a person authorized by you to act on your behalf, or by a person who has power of attorney or is acting as a conservator for you, and that we can verify, using commercially reasonable methods, pursuant to applicable law.
End of Gift Card Privacy Policy
© 2025 Potomac River Running, Inc.