TO CONTROL COOKIE TRACKING AND DISABLE CERTAIN COOKIES, PLEASE SEE SECTION 11.4 BELOW.

PRIVACY POLICY

This Privacy Policy (“Policy”) of Great Lakes Potato Chips LLC, a Michigan limited liability company (“our,” “us,” or “we”), applies to each one of our users, customers and visitors (“you” or “your”). This Policy relates to our Terms of Use, which incorporates this Policy. This Policy describes how we collect, use and disclose your personal information. In this Policy, we use certain terms that have specific meanings, such as “personal information,” “sensitive personal information,” “sell,” “share,” “targeted advertising,” “affiliates,” “deidentified,” “aggregate consumer information,” “verifiable request,” and other defined terms. For the definitions, please see the end of this Policy at Section 21.

1. Our Information Channels

The following is a list of the information channels that we and our affiliates may use to collect your personal information, which may vary depending on the nature of your interactions with us and may not include all of the examples listed below (collectively, our “Information Channels”):

• the website that displays this Policy, any other websites of ours, and all ecommerce stores, online portals, web portals, mobile applications and electronic user interfaces that we own or control (collectively, our “Technology Sites”).

• social media pages, email messages, text messages and direct messages.

• phones, computers, web cameras and other communication devices operable to receive your written, text, oral, telephonic and video communications.

• real time communications with our representatives, including interviews, discussions, conversations and conferences via in-person interaction or video, phone or other means.

• any brick-and-mortar facilities (such as stores, offices, trade show buildings and convention centers) as well as any cameras, beacons, sensors and other tracking equipment located at such facilities.

• any means for personal interaction or observation, such as the collection of survey results from you when you are located at such facilities.

• surveys, forms and other materials used to document your answers, feedback or behavior at such facilities.

2. No Sale or Sharing of Personal Information

2.1 No Sale. We do not sell your personal information, nor do we sell your sensitive personal information.

2.2 No Sharing. The definition of “sharing,” provided at the end of this Policy, involves disclosing your personal information for targeted advertising, and the definition has certain exclusions. Based on the definition, we do not share your personal information, nor do we share your sensitive personal information.

2.3 Minors Under 16 Years of Age. As indicated above, we do not sell or share the personal information of any consumer under 16 years of age or of any other age.

3. Collection and Limited Use of Sensitive Personal Information

The personal information that we collect, as categorized below, may contain your sensitive personal information depending upon the intended use or function of our Technology Sites, the nature of our transactions and communications with you, and our Business Purposes (defined in Section 5.1). We may use or disclose your sensitive personal information only as authorized by regulations adopted pursuant to applicable law or as necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, including the services that we perform for the following purposes marked with an asterisk in Section 5.1: Security, Short-Term Use, Services, and Quality & Safety. Therefore, our Technology Sites do not display a “Limit the Use of My Sensitive Personal Information” opt-out link or any other link having the same purpose.

4. Categories of Personal Information that We May Collect

The following is a list of the categories of your personal information that we may collect for our Business Purposes, which may vary depending on the nature of your interactions with us and may not include all of the examples listed below:

• Identifiers – such as your real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

• Other Personal Information – such as your name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

• Characteristics of Protected Classes – such as your race, color, national origin, religion, gender (including pregnancy), disability, age and citizenship status.

• Commercial Information – such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

• Biometric Information – such as your biometric information, including information of that specifies your face, eyes, fingerprints and voice.

• Network Activity and Device Information – such as your device, browser, internet or other electronic network activity information, including browsing history, search history, information regarding your interaction with an internet website, application, or advertisement, network routing information (where you came from), date/time stamps, clickstream information (when a webpage was visited and how much time was spent on the webpage), device information or identifier, browser type, referring/exit webpages, and number of visitors, views, and interactions).

• Geolocation Data – such as your general geographic location, which may be determined using your Internet Protocol (IP) address or cellular signals generated by your mobile device.

• Audio, Visual and Other Information – such as your audio, electronic, visual, thermal, olfactory, or similar information, including voices, sounds, photos and videos of you.

• Professional Information – such as your professional or employment-related information.

• Inferred Profile Information – such as inferences drawn from any of the information described above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities or aptitudes.

5. Our Purposes for Collecting or Using Personal Information

5.1 Business Purposes. We may collect, use or disclose your personal information for our purposes described below in this Section 5.1 (“Business Purposes”). These purposes include our operational purposes, provided that our use of your personal information is necessary and proportionate to achieve the purpose for which your personal information was collected or processed or for another purpose that is compatible with the context in which your personal information was collected. These operational purposes include the following:

• Auditing – auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.

• Security* – helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes.

• Debugging – debugging to identify and repair errors that impair existing intended functionality.

• Short-Term Use* – short-term, transient use, including nonpersonalized advertising shown as part of a your current interaction with the business, provided that your personal information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction with us.

• Services* – performing services on behalf of us, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of us.

• Marketing – providing to you, advertising and marketing services, except for targeted advertising, provided that, for the purpose of advertising and marketing, we will not combine the personal information of opted-out consumers that we receive with personal information that we receive from another person or that we collect from our own interaction with consumers.

• Internal Research – undertaking internal research for technological development and demonstration.

• Quality & Safety* – undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.

• Non-Inference – collecting or processing sensitive personal information for a purpose other than inferring characteristics about you.

5.2 Complying with Law. We may also use or disclose your personal information to the extent necessary for us to comply with: (a) federal, state or local laws; or (b) civil, criminal or regulatory inquiries, investigations, search warrants, subpoenas, summons, orders, injunctions and mandates issued by courts, judicial authorities, law enforcement authorities or governmental authorities, including federal, state or local authorities.

6. Categories of Receivers of Your Personal information

We may disclose your personal information to the following third party receivers:

• Technology Suppliers – providers of software (e.g., plugins) or software-as-a-service that connects their webservers to our Technology Sites, including:

  • web hosting

  • mobile app hosting

  • web content management

  • web analytics and mobile app analytics

  • online data synchronization with mobile apps

  • credit card and payment processing

  • hosting communication systems, such as text messaging and emailing systems

• Service Providers – third parties that provide, lease or license products, services, facilities or data to us, such as customer support providers, offline credit card and payment processors, order fulfillment centers and data room facilities.

• Contractors – third parties that render services to us, such as product developers, event managers, information technology consultants, cyber security advisors, computer programmers, business advisors, auditors, accountants and attorneys.

• Corporate Affiliates – third parties that control us, that we control, or that are under common control with us, such as our parents, subsidiaries and sister entities.

• Legal Authorities – legal authorities, such as courts, judicial authorities, law enforcement authorities or governmental authorities (including federal, state or local authorities) in connection with any civil, criminal or regulatory inquiry, investigation, search warrant, subpoena, summons, order, injunction or mandate issued by any such legal authority.

7. How We Collect Your Personal Information

We may collect your personal information in a variety of ways, such as the following:

• automatically pulling data from your browser or device, such as your computer or smartphone, by embedding computer code or data files to track your activity or geolocation, by other tracking means or by using cookies, as described below.

• receiving information you have provided to us via phone, text, email, electronic message, online form submission or other communications.

• receiving information from third parties whom have disclosed to us, the information you have made publicly available, such as photos, videos and content you have posted on publicly-available social media platforms.

• communicating with you in-person.

• photographing or video recording you, in accordance with applicable law, when you visit any of our brick-and-mortar facilities.

8. Categories of the Sources of Your Personal Information

We may obtain your personal information from the following categories of sources:

• You – We may collect the content, communications and personal information that you send or provide when you use our products, services or Information Channels.

• Your Devices – We may pull your personal information from your devices and browsers through tracking methods and by placing cookies, as described below.

• Our Affiliates – We may receive your personal information from our affiliates, as described above. They may collect your personal information from you or your devices in accordance with their privacy policies and applicable laws. For example, our affiliates may supply software (e.g., plugins) or software-as-a-service that connects their webservers to our Technology Sites. In this way, our affiliates may collect your personal information for our Business Purposes.

9. How Long We May Keep Your Personal Information

For each of the categories of personal information provided above, we may keep your personal information for a period lasting as long as is reasonably necessary for our purpose of collecting it or as otherwise required by applicable law. At the end of the period or when you delete your user account, whichever comes first, we may permanently destroy, erase, delete, encrypt or disable access to your personal information in a manner designed to ensure that it cannot be reconstructed or read. You will not be able to recover such personal information later.

10. Privacy Policies of Others

10.1 Privacy Policies of Our Technology Suppliers. Our technology suppliers, described above, have their own privacy policies. For example, we use the Google Analytics service of Google, one of our technology suppliers, which has posted its privacy policy at the following link: https://policies.google.com/privacy. Our Technology Sites may post hyperlinks to the privacy policies of Google and our other technology suppliers. By using our Technology Sites, you confirm that you have reviewed these posted privacy policies, and you consent to our disclosure of your personal information to these technology suppliers for our Business Purposes.

10.2 Caution After Leaving Our Environment. Our Technology Sites may provide links to or the ability for you to leave our Technology Site and connect with resources owned or controlled by third parties, such as third party websites, services, social networks and mobile applications. Clicking on these resources to leave our Technology Site may enable the applicable third party to collect or disclose your personal information. These third party resources are beyond our control. We encourage you to check the privacy policies of these third party resources before providing your personal information to them.

11. Cookies

11.1 What is a Cookie? A cookie is a small data file that our websites store on the browser of your device, such as your computer or smartphone. Your browser, such as Chrome, Firefox, Edge or Safari, stores cookies in the memory of your device. Our webservers or the webservers of our affiliates may receive and use these cookies when you return to our websites. As explained below, we have classified cookies as Necessary Cookies and Other Cookies. You can learn more information about cookies at www.allaboutcookies.org.

11.2 Necessary Cookies. We use certain types of cookies, sometimes referred to as necessary cookies, to enable our websites to work properly, securely and efficiently (“Necessary Cookies”). Generally, Necessary Cookies enable our websites to:

• save pieces of information you have entered during online transactions at our website, such as items you have added to a shopping cart, as well as names, addresses, usernames, passwords and other text you have entered in forms on our websites.

• verify whether you are logged-in to an account on our websites for authentication and security purposes.

• operate with adequate security, speed and electronic performance.

11.3 Other Cookies. We use other types of cookies, sometimes referred to as marketing or functional cookies, to study how you interact with our websites and spend time viewing particular content on our websites (“Other Cookies”). For example, we may use Other Cookies to record your browsing history, such as the particular buttons you have clicked and the particular webpages you have visited. This helps us personalize your experience, improve our websites, enhance our products and services, and identify new products or services that may be in demand.

11.4 Disabling and Deleting Cookies. There are several ways for you to stop or limit our use of certain types of cookies. If there is a cookie setting hyperlink displayed in this Section below or on our websites, you may use the displayed hyperlink to disable the Other Cookies. Also, you may use your browser’s settings to disable, limit or delete cookies. Please keep in mind, however, that our websites may no longer work properly if you disable, limit or delete cookies.

12. How to Control Your Preferences

We may enable you to opt-out of, decline or disable certain features that involve the use of your personal information. For example, we may enable you to select a setting to opt out of marketing emails and messages by modifying your user profile or using our unsubscribe link.

13. Your Rights

13.1 Right to Know. As described above, this Policy informs you of the categories of your personal information that we collect, our purposes for collecting or using it, whether we sell or share it, and the length of time that we retain it.

13.2 Right to Request Deletion. You have the right to request that we delete your personal information that we have collected.

13.3 Right to Request Correction. You have the right to request that we correct any inaccurate personal information about you that we maintain.

13.4 Right to Request Access. You have the right to request that we disclose the following to you: (a) confirmation as to whether or not we are collecting, using, storing, disclosing, analyzing deleting or modifying your personal information; (b) the categories of personal information that we have collected about you; (c) the categories of sources from which we have collected your personal information; (d) the business or commercial purpose for collecting your personal information and for any selling or sharing of your personal information; (e) the categories of third parties to whom we have disclosed your personal information; and (f) the specific pieces of personal information that we have collected about you, which may be requested in a portable, and to the extent technically feasible, readily usable format that enables you to transmit the personal information to another entity without hindrance.

13.5 Right to Request Details About Sales, Sharing or Disclosure. You have the right to request that we disclose the following to you: (a) the categories of any of your personal information that we have sold or shared to third parties; (b) the categories of any such third parties, itemized by category of your personal information; and (c) the categories of your personal information that we have disclosed to persons for a Business Purpose, and the categories of those persons.

13.6 Right to Opt Out. You have the right, at any time, to: (a) direct any business that sells or shares your personal information to third parties, not to sell or share your personal information; (b) opt out of targeted advertising; and (c) opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

13.7 Right to Limit Use and Disclosure of Sensitive Personal Information. You have the right, at any time, to direct any business that collects your sensitive personal information to limit its use of your sensitive personal information to the extent authorized by regulations adopted pursuant to applicable law or only as necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, including the services that we perform for the following purposes marked with an asterisk in Section 5.1: Security, Short-Term Use, Services, and Quality & Safety.

13.8 Right of Non-Discrimination. You have the right to be free of any discrimination related to your exercise of any of your rights provided in this Policy or otherwise under applicable law. You understand that, as permitted by applicable law, we may provide you with a price, rate, level, or quality of goods or services that differs from what we offer to other consumers if that price or difference is reasonably related to the value that we receive, if any, based on your data.

13.9 Methods for Submissions. To submit a request or notice to us under this Section, you may send your request or notice through our contact page or by writing or emailing us at the following address:

Great Lakes Potato Chips LLC

6806 East Traverse Highway

Traverse City, Michigan 49684

Email Address: info@greatlakespotatochips.com 

13.10 Verification. For security purposes, before processing your request or notice under this Section, we will promptly take steps to determine whether the request is a verifiable request or whether the notice is verifiable. We are not obligated to provide information that you may request under this Section if we cannot verify, pursuant to applicable law, that the person making the request is the individual about whom we have collected information or is a person authorized by the individual to act on the individual’s behalf.

13.11 Our Response. We will respond to your requests and notices within a reasonable timeframe and in accordance within the requirements, frequency and timing specified by the applicable laws. We may decline part or all of your requests or notices as permitted by the applicable laws, and we will inform you of the reason for the decline.

13.12 Decline of Requests. We may decline to delete your personal information if it is reasonably necessary for us to maintain your personal information in order to: (a) complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated by you within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us; (b) help to ensure security and integrity to the extent the use of the your personal information is reasonably necessary and proportionate for those purposes; (c) debug to identify and repair errors that impair existing intended functionality; (d) exercise free speech, ensure the right of another consumer to exercise that your right of free speech, or exercise another right provided for by law; (e) engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the ability to complete such research, if you have provided informed consent; (f) enable solely internal uses that are reasonably aligned with the expectations of you based on your relationship with us and compatible with the context in which you provided the information; or (g) comply with a legal obligation or applicable law.

13.13 Frequency and Historical Period. Pursuant to applicable law, we may not be required to provide you with the same type of information under this Section more than twice in a twelve (12) month period, and we may not be required to provide more than twelve (12) months of historical information.

14. Cross Border Transfers/Storage

We might offer our Technology Sites, products or services on a worldwide basis and might rely upon the services or facilities of our contractors or service providers located in the United States and other countries throughout the world. In accordance with applicable laws, we may: (a) transfer your personal information from the United States to countries outside of the United States, where it may be stored and processed for the uses described in this Policy; and (b) transfer your personal information from a country outside of the United States to another country, where it may be stored and processed for the uses described in this Policy.

15. Security Safeguards for Your Personal Information

The security of your personal information is very important to us. Directly or through our contractors or service providers, we implement reasonable physical, technical and administrative safeguards designed to protect your personal information from unauthorized or illegal access, destruction, use, modification or disclosure. However, we cannot warrant the security of your personal information. Despite our efforts, there is no guarantee that your personal information will not be unlawfully accessed or destroyed by a hacking incident, cyberattack or other breach of our safeguards.

16. California

16.1 California Consumer Privacy Act. In the event that: (a) you are resident of the State of California; (b) we have received personal information from you; (c) we fall within the definition of “business,” as defined by the California Consumer Privacy Act, as amended from time to time (“CCPA”); and (d) we disclose your personal information to any third party (e.g., our affiliates) for our Business Purposes, we will enter into a written agreement with the third party that contains the applicable privacy provisions required by the CCPA.

16.2 Information-Sharing Disclosure, Shine the Light. Under California Civil Code Section 1798.83 (also known as Information-Sharing Disclosure, Shine the Light), if you are a California resident and your business relationship with us is primarily for personal, family, or household purposes, you may request certain data regarding our disclosure, if any, of personal information to third parties for the third-parties’ direct marketing purposes. To make such a request, use our contact page. You may make such a request up to once per calendar year. In accordance with California Civil Code Section 1798.83, we will provide to you, by e-mail, a list of the categories of personal information disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the third parties’ names and addresses and any other information required by California Civil Code Section 1798.83.

17. European Union Residents

17.1 Legal Basis for Processing Personal Information. If you are a resident or citizen of a member-country of the European Union, the General Data Protection Regulation ((EU) 2016/679)) (“GDPR”) may provide you with certain rights beyond the rights stated in this Policy. For information about the GDPR, you may visit https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en. In accordance with the GDPR, we may process your personal information without your consent under several cases, including cases in which:

• it is necessary for us to process such personal information for purposes of: (a) performing contracts between you and us, including contracts involving our sale of products or services to you; (b) protecting your vital interests; or (c) establishing, exercising or defending legal claims;

• it is necessary for reasons of substantial public interest;

• it is necessary for reasons of public interest in the area of public health;

• it is necessary for archiving purposes in the public interest or for scientific or historical research purposes or statistical purposes;

• you have publicly disclosed such personal information that we process; and

• we process such personal information for purposes of our legitimate interests.

17.2 Consent. If we desire to process any of such personal information for cases that require your prior consent pursuant to the GDPR, we will not do so without obtaining your prior consent in accordance with the GDPR.

17.3 Transfers of Personal Information. To the extent that we transfer any personal information from any member-country of the European Union to any other country, we will satisfy the conditions required for such transfer under the GDPR and other applicable laws. For example, depending on the circumstance, we may implement any of the following measures to satisfy such conditions: (a) appropriate safeguards to protect such personal information, including standard contractual clauses or any other measure set forth in the GDPR, provided that, in each such case, we will implement the applicable measure in accordance with the requirements of the GDPR; or (b) a procedure or measure to confirm that: (i) such transfer is necessary or that you have explicitly consented to such transfer; (ii) such the transfer is not repetitive, concerns only a limited number of data subjects, and is necessary for the purposes of compelling legitimate interests pursued by us; and (iii) we have satisfied the additional requirements set forth in the GDPR.

18. Federal Laws

We may enter into a contract with you (or engage in a transaction with you) that involves our receipt of information from you that is governed or regulated by federal laws of the United States, such as the following:

• Education Information – Family Educational Rights and Privacy Act (20 U.S.C. § 1232g; 34 C.F.R. Part 99), as amended from time to time.

• Protected Health Information – Health Information Portability and Accountability Act of 1996 (Public Law 104-191) and the Health Information Technology for Economic and Clinical Health Act (Public Law 111-5) ), as amended from time to time.

• Financial Information – The Gramm-Leach-Bliley Act (Public Law No. 106-102) and the Privacy Regulations and related implementing regulations, and the standards for safeguarding customer information set forth in 12 CFR Part 364 and 16 CFR Part 314), as amended from time to time.

These federal laws may provide certain requirements that we must satisfy that are not set forth in this Policy, and we will comply with the requirements. Nothing in this Policy will eliminate or decrease any of our obligations under these federal laws. In the event of a conflict between any part of this Policy and any requirements of these federal laws, the requirements of the federal laws will control.

19. Mobile App Privacy. This Policy applies to personal information that we receive through all of our various Information Channels. If we receive personal information through a mobile app that we own or operate, the related app license agreement or end user license agreement may provide information about how the app collects and uses such personal information. If the app collects and sends personal information to others, such agreement may describe that process as well. Therefore, to fully understand the privacy of any personal information collected by any of our mobile apps, please review the applicable license agreement as well as this Policy. You may find our app license agreements at our websites or at the mobile app marketplace where the app is available for downloading.

20. Our Retained Rights. Nothing in this Policy will prevent or restrict us from:

• complying with federal, state, or local laws or complying with a court order or subpoena to provide information.

• complying with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities. 

• cooperating with law enforcement agencies concerning conduct or activity that we, our affiliates or associates reasonably and in good faith believe may violate federal, state, or local law.

• cooperating with a government agency request for emergency access to a your personal information if a natural person is at risk or danger of death or serious physical injury provided that: (a) the request is approved by a high-ranking agency officer for emergency access to your personal information; (b) the request is based on the agency’s good faith determination that it has a lawful basis to access the information on a nonemergency basis; and (c) the agency agrees to petition a court for an appropriate order within three days and to destroy the information if that order is not granted.

• exercising or defending legal claims.

• collecting, using, retaining, selling, sharing, or disclosing your personal information that is deidentified or aggregate consumer information.

21. Definitions

21.1 Interpretation. In this Policy, we use the words and phrases “including,” “includes,” “such as” and “e.g.” in a non-limiting fashion.

21.2 Defined Terms. In this Policy, the following terms (whether used capitalized form or in lowercase) will have the following meanings given to them:

“aggregate consumer information” means information that relates to a group or category of consumers, from which individual consumer identities have been removed, that is not linked or reasonably linkable to any consumer or household, including via a device. “Aggregate consumer information” does not mean one or more individual consumer records that have been deidentified.

“biometric information” means an individual’s physiological, biological, or behavioral characteristics, including information pertaining to an individual’s deoxyribonucleic acid (DNA), that is used or is intended to be used singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

“business” means a sole proprietorship, partnership, limited liability company, corporation, association, person other than a consumer, or other legal entity.

“consumer” means a natural person.

“deidentified” means information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer provided that the business that possesses the information: (a) takes reasonable measures to ensure that the information cannot be associated with a consumer or household; (b) publicly commits to maintain and use the information in deidentified form and not to attempt to reidentify the information, except that the business may attempt to reidentify the information solely for the purpose of determining whether its deidentification processes satisfy the requirements of this subdivision; and (c) contractually obligates any recipients of the information to comply with all provisions of this subdivision.

“affiliates” means our third party contractors, service providers, vendors, suppliers, licensors, lessors, associates and other third parties with whom we have a business relationship.

“personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, but personal information does not include: (a) publicly available information or lawfully obtained, truthful information that is a matter of public concern. For purposes of this paragraph, “publicly available” means: information that is lawfully made available from federal, state, or local government records, or information that a business has a reasonable basis to believe is lawfully made available to the general public by the consumer or from widely distributed media; or information made available by a person to whom the consumer has disclosed the information if the consumer has not restricted the information to a specific audience. “Publicly available” does not mean biometric information collected by a business about a consumer without a consumer’s knowledge; or (b) consumer information that is deidentified or aggregate consumer information.

“precise geolocation” means any data that is derived from a device and that is used or intended to be used to locate a consumer within a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet, except as prescribed by regulations.

“security and integrity” means the ability of: (a) networks or information systems to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information; (b) businesses to detect security incidents, resist malicious, deceptive, fraudulent, or illegal actions and to help prosecute those responsible for those actions; and (c) businesses to ensure the physical safety of natural persons.

“sell,” “selling,” “sale,” or “sold,’’ means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration. For purposes of this definition, a business does not sell personal information when: (a) a consumer uses or directs the business to intentionally: (1) disclose personal information; or (2) interact with one or more third parties; (b) the business uses or shares an identifier for a consumer who has opted out of the sale of the consumer’s personal information or limited the use of the consumer’s sensitive personal information for the purposes of alerting persons that the consumer has opted out of the sale of the consumer’s personal information or limited the use of the consumer’s sensitive personal information; or (c) the business transfers to a third party the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the business, provided that information is used or shared consistently with applicable law.

“sensitive personal information” means: (1) personal information that reveals: (a) a consumer’s social security, driver’s license, state identification card, or passport number; (b) A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (c) a consumer’s precise geolocation; (d) a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (e) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; or (f) a consumer’s genetic data; (2) the processing of biometric information for the purpose of uniquely identifying a consumer; (3) personal information collected and analyzed concerning a consumer’s health; and (4) personal information collected and analyzed concerning a consumer’s sex life or sexual orientation. Sensitive personal information that is “publicly available” (as described above) shall not be considered sensitive personal information or personal information.

“share,” “shared,” or “sharing” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for targeted advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for targeted advertising for the benefit of a business in which no money is exchanged. For purposes of this definition, a business does not share personal information when: (a) a consumer uses or directs the business to intentionally disclose personal information or intentionally interact with one or more third parties; (b) the business uses or shares an identifier for a consumer who has opted out of the sharing of the consumer’s personal information or limited the use of the consumer’s sensitive personal information for the purposes of alerting persons that the consumer has opted out of the sharing of the consumer’s personal information or limited the use of the consumer’s sensitive personal information; or (c) the business transfers to a third party the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the business, provided that information is used or shared consistently in accordance with applicable law.

“targeted advertising” means the displaying to or targeting of advertising to a consumer that is selected based on the consumer’s personal information obtained or inferred from the consumer’s activity across businesses, distinctly-branded websites, applications, or services, excluding the business, distinctly-branded website, application, or service with which the consumer intentionally interacts. For purposes of clarity, the definition of targeting advertising does not include advertising based on your activities within our Technology Sites. In some jurisdictions, targeted advertising is referred to as “cross-context behavioral advertising.”

“verifiable request” means a request that is made by you, by you on behalf of your minor child, by a natural person or a person authorized by you to act on your behalf, or by a person who has power of attorney or is acting as a conservator for you, and that we can verify, using commercially reasonable methods, pursuant to applicable law.

22. Policy Updates

We may update this Policy from time to time. The date provided at the beginning of this Policy is the latest revision date of this Policy. To request a prior version of this Policy, please contact us.

End of Privacy Policy

© 2023 Great Lakes Potato Chips LLC