U.S.A. Privacy Policy

NEW Zippo Manufacturing Company Detailed US Privacy Policy

Last updated: June 6, 2024

If you are located outside the U.S.A. click here.

Zippo Manufacturing Company (“Company”, “we”, “us” or “our”) respects your right to privacy. This US Privacy Notice (“Privacy Policy”) will provide you with information regarding how Company collects, uses, and discloses data about you, including the choices we offer with respect to that data. The purpose of this Privacy Policy is to inform you about the types of personal data that we may collect and process when you visit any of our websites (the “Website”) or transact with us. Please note that all the personal data referenced in this Privacy Policy may be collected about you or used for the purposes set out below.

It is the Company’s policy to comply with applicable consumer privacy and data protection laws, including in the choices we offer with respect to your personal data, as defined by applicable laws.

Your U.S. Privacy Rights: Residents of some states in the U.S. have certain privacy rights detailed in our U.S. Privacy Notice. To the extent there is a conflict between this Privacy Policy and the U.S. Privacy Notice, the U.S. Privacy Notice will control.

To see and print our full Privacy Policy, click here. You can also request a copy, including in Braille, or otherwise obtain disability access assistance by contacting us at Consumer Relations (cr@zippo.com).

IF YOU HAVE QUESTIONS ABOUT COMPANY’S PERSONAL DATA PROCESSING PRACTICES, PLEASE REFER TO THE CONTACT US SECTION BELOW FOR MORE INFORMATION.

This Privacy Policy is divided into the following sections:

TABLE OF CONTENTS

  1. When This Privacy Policy Applies
  2. II. Data We Collect
    1. Types of Data Collected
    2. How We Collect Personal Data
  3. How We Use Your Personal Data
  4. How We Disclose Your Personal Data
  5. Third-Party Content, Links, and Services
    1. Generally
    2. Analytics
    3. Interest-Based Advertising
  6. Choices: Tracking and Communications Options
    1. Marketing and Promotional Communications
    2. App Features and Functionality
    3. Tracking Technologies and Interest-Based Advertising
      1. Cookie Policy
      2. Interest-Based Advertising Industry Opt-Out Programs
      3. Company-specific Opt-Outs
      4. Important Notice Regarding Opt-Outs
  7. Data Security and Monitoring
  8. Children
  9. U.S. Privacy Notice
    1. Applicability of U.S. Privacy Notice
    2. Notice of Personal Data Practices
    3. Personal Data Collection, Uses, and Disclosures
      1. Processing Activities: Categories, Purposes, and Recipients
      2. Processing Purposes Implicating Sale, Sharing, Targeted Advertising and Profiling
      3. Sources of Personal Data
      4. Data Retention
    4. Consumer Rights Requests
      1. Your Consumer Privacy Rights
      2. Making a Request and Scope of Requests
      3. Verifying Your Request
      4. Authorizing an Agent
    5. Notice of Financial Incentive
    6. Other California Notices
    7. Nevada
  10. Changes to Our Privacy Policy
  11. Contact Us

I. When This Privacy Policy Applies

This Privacy Policy applies to personal data collected through our Website, emails, and through offline means. It also applies to personal data we may otherwise collect: (i) when you purchase our products on our Website or through another retailer; (ii) when you interact with us by means other than the Website, for example, in person or by telephone; and (iii) from our distributors, suppliers, vendors, and other business partners (collectively, “Business Partners”). We encourage you to read this Privacy Policy in full before using the Website and any other service that posts a link to this Privacy Policy, opening our emails, or otherwise submitting your personal data to us (collectively, the “Service” or our “Services”). For certain Services, there may be additional notices about our information practices and your choices with respect to those practices. We may create deidentified and/or aggregate data from personal data. Data that is deidentified or aggregate data is not personal data under applicable laws, and we may collect, use, and disclose deidentified data without limitation except as restricted by applicable laws. Our Services are offered in the U.S. and abroad. By visiting or otherwise using our Service, you acknowledge having read this Privacy Policy and the Terms of Use (Zippo Manufacturing Company at https://www.zippo.com/pages/terms-conditions, (“Website Terms”)).

II. Data We Collect

Types of Data Collected

Company and its Service Providers may collect certain personal data from you when you via our Website. For example, we collect Personal Information from you when you purchase products from us, create an account on the Website, purchase e-gift cards, reach out to us via our Contact Us form, sign up for promotional emails. Information that we collect via our Services includes:

  • Identifiers, including your name, date of birth, phone number, mailing address, email address, photos submitted for product customization (“Customize It! Submissions”) and IP address.
  • Contact Information, including your email address, phone number, mailing address, and email address.
  • Account Details and Commercial Information, such as your purchase history and amounts, products or services considered, favorite products and communications preferences.
  • Financial and Payment Information, such as your payment card information (to fulfill your order), but please note that we do not handle full payment card information directly, but rather rely on Vendors for doing so.
  • Service Usage Data, including information collected by Tracking Technologies (defined below), such as:
    • your device functionality (browser, operating system, hardware, mobile network information);
    • the URL that referred you to our Service;
    • how you interact with the Service, including the areas within our Service that you visit and your activities there (including emails we send, such as whether you open them or click on links within), and the products you search for;
    • your device location (if you have enabled such features on your device);
    • your device characteristics; and
    • device data and the time of day.
  • Location Data, if you enable features on your device or browser to provide us with your location.
  • Professional and Employee Information, such as if you are a representative of our wholesale retail customers, or if you contact us via the Service in your capacity as an employee of one of our Business Partners or Vendors.
  • Inferences, including information derived from other information that we have collected. For example, we may make inferences about you based on your order history or other information about you in order to provide you with offers or advertisements that are most relevant to your interests.

The definition of personal data under certain laws is limited to information that can be used to directly identify you, such as your name, email address, and similar information. Under other laws the definition of personal data may be broader and also covers things like online identifiers (IP address, cookie IDs, device IDs). Where we are required by law to treat certain information as personal data, or where we combine certain information with personal data, we will treat it as such.

How We Collect Personal Data

Below are some examples of how we may collect your information. In some instances, our agents, service providers, and vendors (“Vendors”) may collect your information on our behalf.

Data That You Provide

Our Services are publicly available. We collect personal data from you when you purchase a product on our Website and when you browse or submit information through the Service, such as when you sign-up for email alerts or submit a request through our Contact Us chat box, submit a product review, or sign up for our sales, promotions, or discounts program. We also collect your personal data through our mobile app.

We may deidentify (i.e., remove personally identifiable elements or extract non-personally identifiable elements) and/or aggregate data from the personal data you provide. Data that is deidentified or aggregate data is not personal data under applicable laws, and we may collect, use, and disclose such data without limitation except as restricted by applicable laws.

Data Collected Automatically

We use cookies and other tracking technologies (“Tracking Technologies”), as discussed in further detail below, to collect information about your device and your use of the Service.

We may use a variety of technologies that store or collect certain data whenever you visit or interact with our Service. This data may be stored or accessed using a variety of technologies that may be downloaded to your device (e.g., personal computer, browser, laptop, tablet, mobile phone, etc.) whenever you visit or interact with our Service.

In addition, we may collect certain data by automated means. The data we collect may include your Internet Protocol (“IP”) address, device type, device operating system, browser type, the unique device identifier (“UDID”) or mobile equipment identifier (“MEID”) for your mobile device, and other data (“Device Identifiers”). We may use such Device Identifiers to associate data you have provided on different devices, or during separate interactions with us on the Service on the same device. For example, if you login to your account during one interaction but later use the Service on the same device without logging into your account, we may use Device Identifiers and other information to associate these separate interactions with the Service with your single device. We may also collect Service Usage Data, such as the address of a referring website (if any), the pages you visit on the Service, and other data. We may use this data to operate, maintain, and manage our Service and to provide customer assistance and technical support.

We may use various Tracking Technologies to collect data on the Service, including the types of information described in the Types of Data Collected section above. Tracking Technologies include:

  • Cookies. A cookie is a data file placed on a device when it is used to visit the Service.
  • Web Beacons. Small graphic images or other web programming code called web beacons (also known as “1x1 GIFs,” “pixels,” or “clear GIFs”) may be included in our Service’s pages and messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a page or e-mail can act as a web beacon. Web beacons or similar technologies can be used to count visitors to the Service, to monitor how Users navigate the Service, to count how many e-mails that were sent were actually opened or to count how many links were actually viewed.
  • Embedded Scripts. An embedded script is programming code that is designed to collect information about the links you click on and your interactions with the Service. The code is temporarily downloaded onto your device from our web server or a third-party service provider, is active only while you are connected to the Service and is deactivated or deleted thereafter.
  • Location-Identifying Technologies. Our Service may provide you the ability to enable location-identifying technologies, for example, to help you find the closest location that sells our products in-person. In order to stop utilizing, or to change the settings with respect to, location-identifying technologies, you can change your device or browser preference settings.

There may be other Tracking Technologies now and later devised and used by us in connection with the Service. See the Choices: Tracking and Communications Options section below for more information on your choices regarding Interest-based Advertising, and our U.S. Privacy Notice for more information on your opt-in/out choices with respect to Tracking Technologies.

From Our Affiliates and Related Entities

We may receive personal data from our affiliates and related entities that are part of the Company family of companies.

From Others

We may receive information about you from third parties, including your friends and family (when they submit content to us or post or interact with the Service) and Third-Party Services. We may also, from time to time, supplement the information we collect with information from third parties.

III. How We Use Your Personal Data

Generally, we use and otherwise process your personal data to provide you with products and services you purchase or request, personalize our offerings, services, and marketing, and to otherwise support our business.

  • To provide our products and services, including to provide you with information, or to process transactions that you have requested or agreed to receive; to enable you to participate in a variety of the Service’s features; to process your account registration with the Service, including verifying your personal data is active and valid; and to facilitate a purchase, including facilitating payment for your purchase.
  • To operate our business including, but not limited to, maintaining business records and complying with legal obligations, including as part of our general business operations, for other business administration purposes, or as otherwise required or compelled.
  • To provide customer service and communications, including responding to any questions, comments, or requests that you have for us, sending you communications and notifications about your use of the Service or your other interactions with us, and changes to the Service and/or the Service’s policies or other aspects of our business operations.
  • To administer your accounts and our loyalty program.
  • For research, development, and analytics, including to better understand how users access and use the Service, both on an aggregated and individualized basis, in order to improve our Service and respond to user desires and preferences, and for other research, development, and analytical purposes relating to the Service and the operation of our business.
  • For promotions and marketing, including sweepstakes, contests, and other promotions that you sign up for (which may include co-promotions with third parties), and to provide you with special offers or promotional materials on behalf of us or third parties, such as through our sales, promotions, or discounts program.
  • To customize your experience, offers, and content, including to customize your experience on the Company Website, or to serve you specific content and offers that are relevant to or customized for you (including, without limitation, pricing and discounts based on your profile, location, or history).
  • For targeting advertisements to you or your device to assist us in determining relevant advertising.
  • For ad measurement, attribution, and other ad administration, including to determine the success of our advertising campaigns and to help us determine where to place our ads, including ads placed on other websites and services.
  • For market research and customer satisfaction, including administering surveys and questionnaires, such as for market research or customer satisfaction purposes.
  • For security and safety purposes, including to detect and respond to threats to the Service, protect the health and safety of our customers, team members, and the public, and to prevent, investigate and prosecute criminal activities.
  • To prevent, detect, investigate, and mitigate illegal activities, fraud, injury, or violation of our terms or policies, such as where we believe we need to do so to investigate, prevent or take action if we think someone might be using information for illegal activities, fraud, or in ways that may threaten someone’s safety or violate of our Website Terms or this Privacy Policy.
  • For purposes disclosed at the time you provide your personal data.
  • For our legitimate business purposes that are compatible with the purpose of collecting your personal data and that are not prohibited by applicable law.

IV. How We Disclose Your Personal Data

We disclose or otherwise make available personal data as described in this Privacy Policy, including for the processing activities described in the How We Use Your Personal Data section above, and as follows:

  • Affiliated and Related Entities. We may disclose personal data to certain of our affiliated and related entities who may use personal data as described in this Privacy Policy.
  • Vendors. We may provide or otherwise make available personal data to Vendors who assist us with carrying out many of the purposes described above in the How We Use Your Personal Data section and otherwise in this Privacy Policy. For example, we work closely with Shopify to deliver our Website and provide our Products to you. For some categories of data, Shopify also handles your data for their own limited purposes such as for security and fraud detection and prevention and related uses. For information about how Shopify handles your personal data visit https://www.shopify.com/legal/privacy.
  • Third-Party Services. Third-Party Services may collect your personal data independently via the Service, or we may directly provide them with personal data that we have collected on the Service, including in relation to Interest-Based Advertising and other purposes. The data practices of these third parties are subject to their own privacy policies and terms.
  • Third-Party Promotional Partners. Where we have the legal right, we may disclose or otherwise make your personal data available to promotional partners or other third parties for a business purpose that we have approved. When we disclose personal data in these contexts, we comply with applicable legal requirements, which may include acting at your direction or providing opt-out or other rights with respect to the shared data. This may also include sponsors, co-promotional partners and other third parties on co-branded areas of the Service. The data practices of these third parties are subject to their own privacy policies and terms.
  • With notice or your consent. We may disclose your personal data to third parties with notice to you, as directed by you, or, where legally required, upon your consent or authorization.
  • For safety, security, legal, and similar/related reasons. We may disclose your personal data to other persons, organizations, or governmental authorities if we believe in good faith that doing so is necessary or appropriate: (i) to protect or defend the rights, safety or property of Company, its affiliated or related entities, or third parties; (ii) to investigate, prevent, or take action regarding illegal activities, or suspected fraud; (iii) to enforce, investigate, or take action regarding this Privacy Policy, our Website Terms, and other applicable agreements and policies; (iv) in litigation or other proceedings in which we, our affiliated or related entities may be involved; and (v) to comply with legal and regulatory obligations and, to the extent not prohibited by applicable law, requests from law enforcement and other public authorities. We will exercise our discretion in electing to make or not make such disclosures, and to contest or not contest requests for such disclosures, all without notice to you, subject to applicable law or other legal requirements.
  • Corporate Transactions. We may disclose and transfer your personal data: (i) to a subsequent owner, co-owner, or operator of the Service or applicable database; or (ii) in connection with a merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets or other corporate change, or a financing, and during the course of any due diligence process.
  • Deidentified and/or Aggregate Data. We may share data that we de-identify or aggregate such that it is no longer personal data or other information for which we have an obligation to you based on this Privacy Policy (or a statement made elsewhere on the Service) or applicable law. We do not authorize recipients of data we have de-identified to re-identify the data. Additionally, our Vendors may remove identifying elements from your personal data or aggregate your personal data to create deidentified personal data and use it for their own purposes. Depending on how the Vendor deidentifies or aggregates data, such data may be sufficiently deidentified so that it no longer constitutes “personal data” under applicable laws. To the extent that such data qualifies as “personal data,” our Vendors’ privacy policies will govern their usage of that personal data.

V. Third-Party Content, Links, and Services

A. Generally

The Service has functionality that allows certain kinds of interactions between the Service and third-party content, web sites, applications, platform, code (e.g., plug-ins, application programming interfaces (“API”), and software development kits (“SDKs”) and Tracking Technologies (collectively, “Third-Party Services”).

For example, we use Shopify to allow you to purchase in store, online and in multiple jurisdictions. We also use Shopify cookies to deliver our ads to you online. To understand more about Shopify cookies please see here: https://www.shopify.com/legal/cookies. You may also have an option to use your Facebook, Google or other account provided by a Third-Party Service to interact with the Service, including by logging into the service or posting information from the Service on the Third-Party Service (or vice versa) (“Social Features”). If we offer and you choose to use Social Features, the Third-Party Service may send personal data about you to us. If so, we will then treat it as personal data under this Privacy Policy since we are collecting it as a result of your accessing of and interaction on our Service. If you use Social Features, and potentially other Third-Party Services, information you post or provide access to may be publicly displayed on the Service (as described in the User Content section, above) and/or by the Third-Party Service that you use, depending on your privacy settings on each. Similarly, if you post information on a Third-Party Service that references the Service (e.g., by using a hashtag associated with us in a status update), your post may be used on or in connection with the Service or otherwise by us. Also, both we and the third party may have access to certain information about you and your use of the Service and any Third-Party Service.

Third-Party Services may use their own cookies, web beacons, and other Tracking Technologies to independently collect information about you, including Third-Party Services to which you are directed from the Service, including where you click a link and leave the Service entirely. There are certain websites and other Third-Party Services to which we may link from the Service, which are third-party websites using our name under license but with their own terms and policies (except where we have explicitly linked to this Privacy Policy).

We are not responsible for the policies or business practices of Third-Party Services, including how they collect, use, or share your information, including through Tracking Technologies that collect information regarding your visit to the Service as well as after your visit is over. These Third-Party Services may have their own terms of service, privacy policies or other policies. Be sure to review any available policies before submitting any personally identifiable information to or otherwise interacting with any Third-Party Services.

B. Analytics

We may use Google Analytics, TikTok Analytics, or other Vendors for analytics services. These analytics services may use cookies and other Tracking Technologies to help us analyze users and how they use the Service. Information generated by these analytics services (e.g., your IP address and other Service Usage Data) may be transmitted to and stored by these Vendors on servers in the U.S. (or elsewhere) and these Vendors and/or Third-Party Services may use this information for purposes such as evaluating your use of the Service, compiling statistic reports on the Service’s activity, and providing other services relating to Service activity and other Internet usage. See the Choices: Tracking and Communications Options and U.S. Privacy Notice for more information on your regarding certain analytics Tracking Technologies.

C. Interest-Based Advertising

We may engage and work with Vendors and Third-Party Services to serve advertisements on the Service and/or on other online services. Some of these ads may be tailored to your interest based on your browsing across time on the Service and elsewhere online (other websites and services), which may include use of precise location and/or cross-device data, sometimes referred to as “interest-based advertising” (“Interest-Based Advertising”). See the Choices: Tracking and Communications Options and U.S. Privacy Notice for information on your choices with respect to Interest-Based Advertising that qualifies as “Targeted Advertising” and/or “Cross-Context Behavioral Advertising”.

VI. Choices: Tracking and Communications Options

A. Marketing and Promotional Communications

You may unsubscribe from email and other electronic marketing communications you receive from us as follows: (i) for promotional emails, following the instructions provided in emails to click on the unsubscribe link, or if available, by changing your communication preferences by logging onto your account; and (ii) for text messages, following the instructions provided in text messages from us to text the word, “STOP” (or as otherwise instructed); and (iii) for app push notifications, turn off push notifications on the settings of your mobile device..

Opting out of certain communications will not affect subsequent subscriptions and, if your opt-out is limited to certain types of electronic communications, the opt-out will be so limited. Subsequent or different subscriptions will be unaffected. Please note that we reserve the right to send you certain communications relating to your account or use of our Service and administrative and service announcements. These transactional messages will be unaffected if you choose to opt-out of marketing communications.

B. App Features and Functionality

All of the Company mobile app’s features and functionality, and its related data collection, can be terminated by uninstalling the app. You can use the app’s or your device’s settings to set and change some settings and control some functions, such as enabling or disabling certain features (e.g., “tracking”, Bluetooth, location-based services, push notifications, etc.).

C. Tracking Technologies and Interest-Based Advertising

    1. Cookie Policy

      Zippo Manufacturing Company’s Cookie Policy can be found at: https://www.zippo.com/pages/cookie-policy.

    2. Interest-Based Advertising Industry Opt-Out Programs

      There are two advertising industry organizations – the Network Advertising Alliance (NAI) and Digital Advertising Alliance (DAA) that offer opt-out programs. You can visit the following links to submit opt-out requests to companies participating in each program. The NAI’s opt-out page provides detailed information regarding the opt out of Interest-based Advertising and its limitations. For similar information from the DAA regarding its opt-out program, click here (web-based program) and here (app-based program).

      To visit the NAI’s opt-out page, click here.

      To visit the DAA’s opt-out page, click here.

      Please be aware that, even if you are able to opt out of certain kinds of Interest-based Ads, you will continue to receive non-targeted ads. Further, if you selectively opt-out of one or more of the above opt-out programs, you may receive Interest-based Advertising from other participants. You may also receive Interest-based Advertising from parties that do not participate in the NAI or DAA’s programs.

    3. Company-specific Opt-Outs

We may use Google Analytics and Ad Services. To learn more about the data Google collects and how your data is used by it and to optout of certain Google browser Interest-Based Advertising, please visit here. To opt-out of Google Analytics, please visit here.

We may use TikTok Analytics. To learn more about the data TikTok collects and how your data is used by it and to opt-out of certain TikTok Interest-based Advertising, please visit here.

  1. Important Notice Regarding Opt-Outs

    We are not responsible for effectiveness of, or compliance with, any third party’s opt-out options or programs or the accuracy of their statements regarding their programs. You will need to exercise the above choices on each browser or device that you use. Please be aware that if you disable or remove certain Tracking Technologies, some parts of the Service may not work or will function with more limited capabilities. In addition, please note that your choices sometimes rely on Tracking Technologies, such that when you clear or disable them, your choices are reset.

VII. Data Security and Monitoring

Company endeavors to incorporate commercially reasonable safeguards to help protect and secure your personal data on the Service. However, the confidentiality and security of personal data transmitted over the Internet cannot be guaranteed. We urge you to exercise caution when transmitting personal data over the Internet. Please note that we cannot ensure the security of any personal data you transmit to us, and you use our Service and otherwise provide us with your information at your own risk.

VIII.Children

We do not use the Service to knowingly collect personal data online from children under the age of 13 without the appropriate parental or guardian consent.

In the event that we become aware that we have collected personal data from any child, we will dispose of that information in accordance with the Children’s Online Privacy Protection Act (“COPPA”) and other applicable laws and regulations. If you are a parent or guardian and believe we may have collected such information without parental or guardian consent or other than in a manner authorized by law, please contact us at privacy@zippo.com.

Please refer to the Other California Notices section for more information regarding requests pertaining to California residents under the age of eighteen (18) who have registered to use the Service.

IX. U.S. Privacy Notice

This U.S. Privacy Notice (“Notice”) applies to “consumers” (“you,” “your”) as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”), Colorado Privacy Act (“CPA”), Connecticut’s “An Act Concerning Personal Data Privacy and Online Monitoring” (also known as the “Connecticut Data Privacy Act” or CTDPA), Utah Consumer Privacy Act (“UCPA”), Virginia Consumer Data Privacy Act (“VCDPA”), Chapter 603A of the Nevada Revised Statutes, Oregon Consumer Privacy Act (effective July 1, 2024), Texas Data Privacy and Security Act (effective July 1, 2024), Montana Consumer Data Privacy Act (effective October 1, 2024), and all laws implementing, supplementing or amending the foregoing, including regulations promulgated thereunder (collectively, “U.S. Privacy Laws”). As used in this section, “personal data” means “personal data” or “personal information” as defined by U.S. Privacy Laws. This U.S. Privacy Notice is a supplement to our other privacy policies and notices, including the remainder of this Privacy Policy. In the event of a conflict between any other Company policy, statement, or notice and this U.S. State Privacy Notice, this U.S. State Privacy Notice will prevail as to consumers and their rights under applicable U.S. Privacy Laws.

A. Applicability of U.S. Privacy Notice

Personal Information/Personal Data. The Personal Data Collection, Uses, and Disclosures section covers our collection, use, and disclosure of consumers’ personal information or personal data, as defined by U.S. Privacy Laws (referred to herein as “personal data”), as defined under applicable U.S. Privacy Laws. The Consumer Rights Requests section of this U.S. State Privacy Notice describes your rights under U.S. Privacy Laws and explains how to exercise those rights. Notably, this Notice does not apply to data that is not treated as personal data under the U.S. Privacy Laws or data that is subject to an exemption under applicable laws. This U.S. Privacy Notice also does not apply to information collected by Third-Party Services (as defined and discussed above).

Consumers and Business-to-Business Contacts (only California). This U.S. State Privacy Notice applies to consumers that interact with us as traditional customers of Company, consumers residing in California who interact with us in a business-to-business context, such as an employee of one of our retail customers, and job applicants from California. Both the Personal Data Collection, Uses, and Disclosures and Consumer Rights Requests sections of this U.S. Privacy Notice apply to consumers about whom we collect personal data.

Personnel. This U.S. Privacy Notice does not apply to our current employees, former employees, or independent contractors (“Personnel”).

B. Notice of Personal Data Practices

This Notice is designed to provide you with notice of our recent, historical personal data processing practices over the 12 months prior to the Notice Effective Date, which is required under the U.S. Privacy Laws. However, this U.S. State Privacy Notice also applies to our current data practices such that it is also meant to comply with other requirements to provide current practices which under California’s law is referred to as “notice at collection,” meaning notice regarding the personal information we collect online and offline, and the purposes for which we process personal information, among other things that are required. For any new or substantially different processing activities that are not described in this Notice, we will notify you as legally required. We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will post an updated version on the Service and update the Effective Date.

C. Personal Data Collection, Uses, and Disclosures

Generally, we collect, retain, use, and disclose your personal data to provide you our products and services and as otherwise related to the operation of our business, including for the business and commercial purposes listed in the How We Use Your Personal Data and How We Disclose Your Personal Data sections of the Privacy Policy above and below. These processing purposes include the following categories of Business Purposes under the CCPA (some of which may overlap) (“Processing Purposes”):

  • Providing Products and Services: Processing or fulfilling orders and transactions, administering accounts and our loyalty program, providing customer service, verifying customer information, and processing payments.
  • Managing Interactions and Transactions: Performing services on behalf of the business, including maintaining or servicing accounts, administering accounts and our loyalty program, providing customer service, verifying customer information, processing payments, providing analytic services, providing storage, or providing similar services on behalf of the business, and customizing your experience, offers and content.
  • Security and Debugging: Helping to ensure security and integrity to the extent the use of the consumer’s personal data is reasonably necessary and proportionate for these purposes. Debugging to identify and repair errors that impair existing intended functionality.
  • Advertising and Marketing: Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance U.S. Privacy Laws. Short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with the Service. Providing advertising and marketing services, except for cross-context behavioral advertising. Customizing your experience, offers, and content.
  • Quality Assurance: Undertaking activities to verify or maintain the quality or safety of our products and services, to improve, upgrade, or enhance our products and services.
  • Research and Development: Undertaking internal research for technological development and demonstration.
  • Recruitment: Undertaking activities to recruit consumers to work at available positions at Zippo.
  • Operation of Our Business: For our legitimate business purposes that are compatible with the purpose of collecting your personal data and that are not prohibited by law. We may also use personal data for other Business Purposes in a context that is not a Sale or Share under U.S. Privacy Laws, such as disclosing it to our Service Providers, Contractors, or Processors that perform services for us (“Service Providers”), to the consumer or to other parties at the consumer’s direction or through the consumer’s action; for the additional purposes explained at the time of collection (such as in the applicable privacy policy or notice); as required or permitted by applicable law; to the government or private parties to comply with law or legal process or protect or enforce legal rights or obligations or prevent harm; and to assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”). Subject to restrictions and obligations under U.S. Privacy Laws, our Service Providers may also use your personal data for Business Purposes and other purposes permitted by law and may engage their own vendors to enable them to perform services for us.

Some of the Processing Purposes, as we discuss in the Processing Purposes Implicating Sale, Sharing, Targeted Advertising, and Profiling section below, may implicate “Selling,” “Sharing,” and/or “Targeted Advertising” by Company. For more details on the meaning of Selling, Sharing, and Targeted Advertising, and how to opt-out of them, please visit the Do Not Sell/Share/Target section below.

  1. Processing Activities: Categories, Purposes, and Recipients

    The information below describes the categories of personal data we collect and examples of types of data that fit within such categories. Please refer to the Types of Data Collected section of our Privacy Policy, where some of the categories are explained in further detail. The Processing Purposes, categories of recipients, and types of recipients of disclosures which may be considered a Sale or Sharing under U.S. Privacy Laws are described under each category of personal data. There may be additional information we Collect that meets the definition of personal data under applicable U.S. Privacy Laws but is not reflected by a category of personal data, in which case we will treat it as personal data as required but will not include it when we describe our practices by personal data category.

    As permitted by applicable law, we do not treat deidentified data or aggregate consumer information as personal data and we reserve the right to convert, or permit others to convert, your personal data into deidentified data or aggregate consumer information, and may elect not to treat publicly available information as personal data. We will not attempt to reidentify data that we maintain as deidentified.

    Identifiers

    Examples: For consumers, this may include name, date of birth, phone number, mailing address, email address, and IP address. For wholesale and retail customers, this may include name, phone number, mailing address, email address, and IP address. For job applicants, identifiers may include name, date of birth, email address, IP address, mailing address, phone number, photograph, work and personal references and contact details, beneficiary and emergency contact details, and other similar contact data.

    Processing Purpose(s): Providing Products and Services, Managing Interactions and Transactions, Security and Debugging, Advertising and Marketing, Quality Assurance, Research and Development, Recruitment, and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): Software providers, IT Service Providers, Website and app management vendors (e.g., development, security, analytics, etc.), recruitment vendors (e.g., job boards), third-party promotional partners, payment processors, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Business Recipients (Sale/Share): Third-Party Digital Businesses and third-party promotional partners.

    Personal Records

    Examples: Name, signature, description, address, telephone number, and financial information (e.g., payment card information). Some personal data included in this category may overlap with other categories.

    Processing Purpose(s): Providing Products and Services, Managing Interactions and Transactions, Security and Debugging, Advertising and Marketing, Quality Assurance, Research and Development, Recruitment, and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): Software providers, IT Service Providers, Website and app management vendors (e.g., development, security, analytics, etc.), recruitment vendors (e.g., job boards), third-party promotional partners, payment processors, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Business Recipients (Sale/Share): Third-Party Digital Businesses and third-party promotional partners.

    Account Details & Commercial Information

    Examples: Products or services you purchased or considered and your purchase history.

    Processing Purpose(s): Providing Products and Services, Managing Interactions and Transactions, Security and Debugging, Advertising and Marketing, Quality Assurance, Research and Development, and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): Software providers, IT Service Providers, Website and app management vendors (e.g., development, security, analytics, etc.), marketing vendors, third-party promotional partners, payment processors, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Business Recipients (Sale/Share): Third-Party Digital Businesses and third-party promotional partners.

    Financial Payment Information

    Examples: Your payment card information.

    Processing Purpose(s): Providing Products and Services, Managing Interactions and Transactions, Security and Debugging, and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): IT Service Providers, Payment processors, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Business Recipients (Sale/Share): N/A.

    Service Usage Data

    Examples: Browsing history, search history, information related to consumer interaction with our Website, application or advertisements, and login information.

    Processing Purpose(s): Providing Products and Services, Managing Interactions and Transactions, Security and Debugging, Advertising and Marketing, Quality Assurance, Research and Development, and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): Software, IT Service Providers, Website and app management vendors (e.g., development, security, analytics, etc.), marketing vendors, third-party promotional partners, payment processors, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Business Recipients (Sale/Share): Third-Party Digital Businesses and third-party promotional partners.

    Geolocation Data (not Precise)

    Examples: approximate location inferred based on your IP address.

    Processing Purpose(s): Providing Products and Services, Managing Interactions and Transactions, Security and Debugging, Quality Assurance, and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): Software providers, IT Service Providers, Website and app management vendors (e.g., development security, analytics, etc.), marketing vendors, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Business Recipients (Sale/Share): N/A.

    Sensory Information

    Examples: audio and electronic data, such as when you contact our customer service line or utilize the customer chat feature on the Service.

    Processing Purpose(s): Providing Products and Services, Managing Interactions and Transactions, Security and Debugging, Quality Assurance, and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): Software providers, IT Service Providers, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Business Recipients (Sale/Share): N/A.

    Professional and Employment Information

    Examples: Professional, educational, or employment-related information.

    Processing Purpose(s): Providing Products and Services, Managing Interactions and Transactions, Recruitment, and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): Software providers, IT Service Providers, Website and app management vendors (e.g., development, security, analytics, etc.), recruitment vendors (e.g., job boards), third-party promotional partners, payment processors, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Business Recipients (Sale/Share): N/A.

    Inferences

    Examples: Inferences drawn from personal data to create a profile about a consumer reflecting preferences, characteristics, predispositions, behavior, and attitudes.

    Processing Purpose(s): Providing Products and Services, Advertising and Marketing, Quality Assurance, Research and Development, and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): IT Service Providers, Software and Platform Providers, Marketing vendors, other members of our corporate group, other parties (e.g., litigants and government entities).

    Categories of Business Recipients (Sale/Share): Third-Party Digital Businesses and third-party promotional partners.

    Category of Sensitive Personal Data:

    Government Issued Identification Numbers

    Examples: Social Security, Driver’s license, or state ID card.

    Processing Purpose(s): Recruitment and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): Software providers, IT Service Providers, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Business Recipients (Sale/Share): N/A.

    Financial Data

    Examples: Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account

    Processing Purpose(s): Providing Products and Services, Managing Interactions and Transactions, Security and Debugging, Advertising and Marketing, Quality Assurance, Research and Development, and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): Software and platform providers, IT Service Providers, Website and app management vendors (e.g., development, security, analytics, etc.), marketing vendors, third-party promotional partners, payment processors, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Business Recipients (Sale/Share): Third-Party Digital Businesses and third-party promotional partners.

    Precise Geolocation

    Examples: Any data that is derived from a device and that is used or intended to be used to locate a consumer within a geographic area that is equal to or less than the area of a circle with a radius of 1,750-1,850 feet.

    Processing Purpose(s): Providing Products and Services, Advertising and Marketing, Security and Debugging, Research and Development, Quality Assurance, and Operation of Our Business.

    Categories of Recipients (for Business Purposes): Software and platform providers, IT service providers, website and app management vendors (e.g., development, security, analytics, etc.), marketing vendors, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Recipients (Sale/Share): Third-Party Digital Businesses and third-party promotional partners.

    Account Log-In Information

    Examples: Username and password to a Company account.

    Processing Purpose(s):Providing Products and Services, Managing Interactions and Transactions, Security and Debugging, Quality Assurance, and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): Software providers, IT Service Providers, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Business Recipients: (Sale/Share): N/A.

    Personal Characteristics

    Examples: Racial or ethnic origin, religious or philosophical beliefs, or union membership.

    Processing Purpose(s):Providing Products and Services, Managing Interactions and Transactions, Security and Debugging, Quality Assurance, and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): Software providers, IT Service Providers, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Business Recipients: (Sale/Share): N/A.

    Sex Life, Sexual Orientation, or Gender Identity

    Examples: Information revealing information regarding a consumer’s sex life, sexual orientation, or gender identity.

    Processing Purpose(s): Recruitment and Operation of Our Business.

    Categories of Business Recipients (for Business Purposes): Software providers, IT Service Providers, third-party promotional partners, other members of our corporate group, and other parties (e.g., litigants and government entities).

    Categories of Business Recipients: (Sale/Share): N/A.

  2. Processing Purposes Implicating Sale, Sharing, Targeted Advertising and Profiling

    When you provide us personal data for the following Processing Purposes, we may use certain information, such as your email address, that you provide for such purposes to advertise to you. This may include making available your personal data to certain third parties in ways that may constitute Selling and/or Sharing, as well as using your personal data for purposes of Targeted Advertising.

    • Providing our products and services
    • Administering accounts and loyalty programs
    • Sweepstakes, contests, and other promotions
    • For purposes disclosed at the time you provide your information
    • For purposes disclosed at the time you provide your information
  3. Sources of Personal Data

    We collect personal data directly from, among others, you, your Device, Third-Party Services, Service Providers, other members of our corporate group, and other parties. We may also infer information about you from your activity on the Service and on other third-party websites and services.

  4. Data Retention

    Because there are so many different types of personal data in certain categories, and so many purposes and use cases for different data, we are unable to provide retention ranges based on categories of personal data in a way that would be meaningful and transparent to you. Actual retention periods for all personal data will depend upon how long we have a legitimate purpose for the retention, consistent with the collection purposes and applicable law. For instance, we may maintain business records for as long as relevant to our business and may have a legal obligation to hold personal data for as long as potentially relevant to prospective or actual litigation or government investigation. We apply the same criteria for determining if we have a legitimate purpose for retaining your personal data that you ask us to delete. If you make a deletion request, we will conduct a review of your personal data to confirm if legitimate ongoing retention purposes exist, will limit the retention to such purposes for so long as the purpose continues, and will respond to you with information on any retention purposes on which we rely for not deleting your personal data. For more information on deletion requests, please refer to the Right to Delete section.

D. Consumer Rights Requests

We provide consumers the privacy rights described in this section. This Consumer Rights Requests section also applies to consumers residing in California who interact with us in a business-to business context and California job applicants.

  1. Your Consumer Privacy Rights

    The consumer privacy rights we will consider are as follows:

    Right to Limit Sensitive Personal Data Processing

    With regard to personal data that qualifies as Sensitive Personal Data under U.S. Privacy Laws, if you elect to provide us with that Sensitive Personal Data you will have consented to such Processing. However, you can limit certain Sensitive Personal Data processing, and if you do so, we will explain in a response what processing purposes U.S. Privacy Laws do not allow you to limit.

    Right to Know Categories

    If you are a California resident, you have the right to request that we share with you certain information about our collection, use, and disclosure of your personal data over the 12-month period prior to the request date, by category of personal data. You can request that we disclose to you: (1) the categories of personal data we collected about you; (2) the categories of sources for the personal data; (3) our business or commercial purpose for collecting or selling that personal data; (4) a list of the categories of personal data disclosed for a business purpose in the prior 12 months and, for each category of personal data, the categories of recipients; and (5) a list of the categories of personal data sold or shared about you in the prior 12 months and, for each, the categories of recipients.

    Right to Know Specific Pieces

    You have the right to request a transportable copy of the specific pieces of personal data we collected about you. In California, this includes the right to personal data collected in the 12-month period preceding your request. Unlike California, some other states do not prescribe a lookback period, however, we may decline your request if it is manifestly unfounded, excessive, or repetitive. Please note that personal data is retained by us for various time periods, so there may be certain information that we have collected about you that we do not even retain for 12 months (and thus, we would not be able to include such data in our response to you). As legally permitted, based on your state of residence, we may apply a limit on the number of “right to know” requests you make over a particular time period.

    Right to Confirm Processing

    You have the right to confirm we are processing your personal data, which you can request pursuant to the methods above, and to access your personal data as stated in the two immediately prior paragraphs.

    Right to Delete

    Some U.S. Privacy Laws (e.g., California) grant you the right to request that we delete any of your personal data that we have collected directly from you and retained, subject to certain exceptions which we will explain (if they apply), while other U.S. Privacy Laws (e.g., Texas) grant you the right to request that we delete any of your personal data that we have collected directly from you or personal data that we have obtained about you, such as from a source other than you. We will honor your deletion request as required by the laws of the State in which you reside. After we confirm that your deletion request is a Verifiable Consumer Request, subject to permitted retention exceptions, we will carry out one or more of the following: (i) permanently erase your personal data on our existing systems with the exception of archived or back-up systems, (ii) deidentify your personal data, or (iii) aggregate your personal data with other consumers’ information. Where legal exceptions will apply to your request for deletion, we will tell you which one(s) and will limit retention to the permitted purpose(s).

    Right to Correct

    You have the right to request that we correct inaccuracies that you find in your personal data maintained by us. Your request to correct is subject to our verification (as discussed below) and the response standards under the applicable U.S. Privacy Laws.

    Do Not Sell/Share/Target

    Under the U.S. Privacy Laws, consumers have the right to opt-out of certain processing activities. California and certain other states have opt-outs specific to Targeted Advertising activities, which involve the use of personal data from different businesses or services to target advertisements to you. California’s law refers to these activities as “cross-context behavioral advertising” while other state laws refer to these activities simply as Targeted Advertising. California provides consumers the right to opt-out of Sharing, which includes providing or making available personal data to third parties for such Targeted Advertising activities, while other states provide consumers the right to opt-out from processing personal data for Targeted Advertising more broadly. There are broad and differing concepts of the Sale of personal data under the U.S. Privacy Laws, all of which at a minimum require providing or otherwise making available personal data to a third party.

    Third-Party digital businesses, including social media platforms and other tech companies that offer digital advertising services (“Third-Party Digital Businesses”), may associate Tracking Technologies on our Services that collect personal data when you use or access the Services, or otherwise collect and process personal data that we make available about you, including some of the categories of personal data described above. Permitting access to personal data on our Services, or otherwise providing personal data, to Third-Party Digital Businesses could be deemed a Sale and/or Sharing and could implicate Targeted Advertising under U.S. Privacy Laws. Therefore, unless the other company has committed contractually to limit their processing to what would qualify them as our Service Provider or Processor, as applicable under U.S. Privacy Laws, we will treat such personal data collected by Third-Party Digital Businesses (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) as such, and subject to the opt-out requests described above. In some instances, the personal data we make available about you is collected directly by such Third-Party Digital Businesses using Tracking Technologies on our Service or our advertisements that are served on third-party sites (which we refer to as “cookie personal data”). However, certain personal data which we make available to Third-Party Digital Businesses is information that we have previously collected directly from you or otherwise about you, such as your email address (which we refer to below as “non-cookie personal data”).

    When you opt-out pursuant to the instructions below, it will have the effect of opting you out of Sale, Sharing, and Targeted Advertising, such that our opt-out process is intended to combine all these state opt-outs into a single opt-out. Instructions for opting out are below. Please note that there are distinct instructions for opting out of cookie personal data and non-cookie personal data, which we explain further below. This is because we have to use different technologies to apply your opt-out to non-cookie personal data and to cookie personal data.

    Opt-out for Non-Cookie Personal Data

    If you would like to submit a request to opt-out of processing of your non-cookie personal data (e.g., your email address) for Targeted Advertising, or opt-out of the Selling or Sharing of such data, you may submit an opt-out request through our online portal or contact us via our toll-free number: 888-442-1932, and respond to any follow-up inquiries we make. Please be aware that we do not accept or process requests through other means (e.g., via email, fax, etc.).

    Opt-out for Cookie Personal Data

    If you would like to submit a request to opt-out of our processing of your cookie-related personal data for Targeted Advertising, or opt-out of the sale/sharing of such personal data, you need to exercise a separate opt-out request on our cookie management tool by going to the preference center of the tool, which you can do by either clicking “Your Privacy Choices” in the footer of our web pages, or by clicking here. Our cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our Websites you visit, from each browser you use, and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective, and you will need to enable them again via our cookie management tool.

    We do not knowingly Sell or Share the personal data of consumers under 16.

    For more information on how to limit Interest-Based Advertising using your browser settings, mobile device settings, or ad industry tools, please see the Tracking Technologies and Interest-Based Advertising section of our Privacy Policy above. Please note, clearing cookies or changing settings may affect your choices and you may have to opt-out separately via each browser and other device you use. Cookie-enabled opt-out signals may no longer be effective if you delete, block, or clear cookies. We are not responsible for the completeness, accuracy, or effectiveness of any third-party notices, tools, or choices.

    Global Privacy Control

    Some of the U.S. Privacy Laws require businesses to process Global Privacy Control ( “GPC”) signals, which are referred to by U.S. Privacy Laws as opt-out preference signals or universal opt-out mechanisms. GPC signals are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of Sale, Sharing and/or Targeted Advertising or limit the use and disclosure of their Sensitive Personal Data, such that the GPC signal effectively automatically communicates such requests. To use GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable GPC. To our knowledge, we have configured the settings of our consent management platform to receive and process GPC signals on our Websites, as explained by our consent management platform here [Link].

    Please note that when we receive and process a GPC signal, we will apply such signal as an opt-out of Sale and Sharing as to cookie personal data. To make a Do Not Sell/Share/Target request as to non-cookie personal data, please visit the Do Not Sell/Share/Target section above.

    We do not (1) charge a fee for use of our websites if you have enabled GPC; (2) change your experience with our websites if you use GPC; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the GPC.

    Appeal Rights

    Residents of Colorado, Connecticut, Virginia, Oregon (effective July 1, 2024), Texas (effective July 1, 2024), and Montana (effective October 1, 2024) may appeal Company’s decision regarding a request by following the instructions in our response to your request. We will inform you of our final decision within 45 days.

  1. Making a Request and Scope of Requests

    As permitted by the U.S. Privacy Laws, certain requests you submit to us are subject to an identity verification process and must be a Verifiable Consumer Request (as described in the Verifying Your Request section). We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the consumer about whom we collected personal data.

    To make a privacy rights request, or to submit as an authorized agent, use our online portal or contact us via our toll-free number: 888-442-1932, and respond to any follow-up inquiries we make. Please be aware that we do not accept or process requests through other means (e.g., via email, fax, etc.).

    Some information we maintain about consumers that is technically considered personal data may, nonetheless, not be sufficiently associated with information that you provide when making your request. For example, if you provide your name, email address, and phone number when making a request, we may be unable to associate that with certain data collected on the Service, such as clickstream data tied only to a pseudonymous browser ID. Where we are unable to associate such information with the information you provide, we do not include such information in response to those requests. If we cannot comply with a request, we will explain the reasons in our response. We will use personal data provided to verify your identity for purposes of a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses unless you also gave it to us for another purpose.

    We will make commercially reasonable efforts to identify your personal data that we process to respond to your privacy requests. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

  2. Verifying Your Request

    Your request must be a Verifiable Consumer Request, meaning that when you make a request, we will verify that you are the person you say you are, or, if you are seeking information on behalf of another person, that you are authorized to make the request on that person’s behalf (see our Authorizing an Agent section below). In addition, we will compare the information you have provided for verification purposes to ensure that we maintain personal data about you in our systems. As an initial matter, we may ask that you provide us with, information such as, your full name and phone number or email, and the nature in which you have transacted or interacted with us (e.g., known individual customer or wholesale retail customer or representative of one of our Service Providers). Depending on the nature of the request and whether we have the phone number or email address you have provided in our systems, we may request further information from you to verify that you are, in fact, the consumer making the request. We will review the information provided as part of your request and may ask you to provide additional information via email or other means to complete the verification process. We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces), Right to Delete, or Right to Correct request unless you have provided sufficient information for us to reasonably verify you are the consumer that is the subject of the request. The same verification process does not apply to opt-outs of Sale or Sharing or Targeted Advertising, or limitation of Sensitive Personal Data requests, but we may apply authentication measures if we suspect fraud (such as verifying access to the email address or phone number provided when making the request).

  3. Authorizing an Agent

    You may designate an authorized agent to submit a request on your behalf using the submission methods described above. If you are an authorized agent who would like to make a request, the U.S. Privacy Laws require that we ensure that a request made by an agent is a Verifiable Consumer Request (except Do Not Sell/Share requests) and allows us to request further information to ensure that the consumer has authorized you as their agent to make the request on their behalf. Generally, we will request that an agent provide proof that the consumer gave the agent signed permission to submit the request, and, as permitted under the U.S. Privacy Laws, we also may require the consumer to either verify their own identity or directly confirm with us that they provided the agent permission to submit the request.

E. Notice of Financial Incentive

As described in our sales, promotions, or discounts program page, we offer financial incentives to U.S. residents based upon the collection, retention, or sale of their personal data. The incentive is calculated based on a good faith estimate of the value of the personal data, which forms the basis for offering such financial incentives. The financial incentive offered is as follows: We offer financial incentives to consumers based upon the collection, retention or sale of a consumer’s personal data calculated based on a good faith estimate of the value of the consumer’s data, which forms the basis for offering such financial incentives. The financial incentive offered is a free gift for signing up to the email list. The categories of personal data that are implicated by the financial incentive or price or service difference include: Identifiers, Service Usage Data, and Inferences. Factors we consider when calculating the value of a U.S. resident’s data in order to determine what financial incentives we offer include: revenue generated by us from the sale/collection/retention of a consumer's Personal Data. You may enroll in or withdraw from our financial incentive program at any time by following the instructions on the sales, promotions, or discounts program page or any communications regarding the financial incentive, or by updating your preferences in your Company account.

F.Other California Notices

Any California residents under the age of eighteen (18) who have registered to use the Service, and who have posted content or information on the Service, can request that such information be removed from the Service by submitting a request through our online portal or contacting us via our toll-free number: 888-442-1932, stating that they personally posted such content or information and detailing where the content or information is posted. Please be aware that we do not accept or process requests through other means (e.g., via email, fax, etc.). We will make reasonable, good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished the post and archived copies of it may be stored by search engines and others that we do not control.

We do not disclose your personal information to third parties for their direct marketing purposes (as those terms are defined by the California shine the Light law) without your consent. If you are a California resident, you may request information about our compliance with the Shine the Light law by contacting us in the following ways: Postal Mail: Zippo Manufacturing Company, 33 Barbour Street. Bradford, Pennsylvania 16701 Attn: Legal – Shine the Light Request; or by e-mail at privacy@zippo.com. Please note that the CCPA and Shine the Light are different laws offering different rights and requests must be made separately, however, a non-cookie Do Not Sell request is broader and will function to opt you out of disclosures for third-party direct marketing purposes under Shine the Light.

G. Nevada

We do not believe we “sell” “covered information” of Nevada “consumers” as those terms are defined by Chapter 603A of the Nevada Revised Statutes. Though we do not believe we sell covered information, Nevada’s law requires us to provide a method for Nevada consumers to make requests to opt out of sale, which you can do so via our toll-free number: 888-442-1932. Please be aware that we do not accept or process requests through other means (e.g., via email, fax, etc.).

X. Changes to Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Any changes will apply prospectively effective upon the posting of the revised Privacy Policy. A revised Privacy Policy will be posted on Service, along with information on any material changes (if applicable). Your continued use of the Service indicates your acknowledgment to the privacy policy and notices posted at the time of use. However, we will not use your previously collected personal data in a manner materially different than was represented at the time it was collected without your consent. To the extent any provision of this Privacy Policy is found by a competent tribunal to be invalid or unenforceable, such provision shall be severed to the extent necessary for the remainder to be valid and enforceable.

XI. Contact Us

If you have any questions or concerns regarding this Detailed US Privacy Notice, contact us at privacy@zippo.com.