LAST UPDATED: April 6, 2023.
· The Drew Diplomat Program application made available by us for use on or through computers and mobile devices (the “App“);
· Our social media pages and apps such as, by way of example, those available on Facebook at https://www.facebook.com/drewestatecigar and Instagram at https://www.instagram.com/drewestatecigar/ and https://www.instagram.com/debarnsmoker/ (collectively, our “Social Media Pages”);
· Offline business interactions you have with us.
Collectively, we refer to the Websites, Apps, Social Media Pages, emails, and offline business interactions as the “Services.”
Information We Collect and How We Collect It
“Personal Information” is information that identifies you as an individual or relates to an identifiable individual. The Services collect Personal Information, including:
· Postal address (including billing and shipping addresses)
· Telephone number
· Email address
· Payment card data
· Profile picture
· Social media account ID
· Purchase information
· Delivery information and status
· Date of birth or age (and driver’s license under certain circumstances to verify age)
· Social Security Numbers (for contest winners only)
Collection of Personal Information
We and our service providers collect Personal Information in a variety of ways, including:
· Through the Services
o We collect Personal Information through the Services for example, when you sign up for a newsletter, register an account to access the Services, visit our stores, attend one of our events, place an order over the phone, contact customer service, or make a purchase.
· From Other Sources
o We receive your Personal Information from other sources, for example:
· joint marketing partners, when they share the information with us.
o If you connect your social media account to your Services account, you will share certain Personal Information from your social media account with us, for example, your name, email address, date of birth, list of social media contacts, and any other information that may be or you make accessible to us when you connect your social media account to your Services account.
How We Use Your Information
We and our service providers use Personal Information for the following purposes:
· Providing the functionality of the Services and fulfilling your requests
o To provide the Services’ functionality to you, such as arranging access to your registered account, giving you notices about your Drew Diplomat Program account status and subscription (including expiration and renewal notices), providing you with the App and its contents, and any other information, products or services that you request from the Company, and providing you with related benefits, special promotions, or customer service.
o To respond to your inquiries and fulfill your requests, when you contact us via one of our online contact forms or otherwise, for example, when you send us questions, suggestions, compliments or complaints, or when you request a quote for or other information about our Services.
o To allow you to complete our telephone and web-based surveys, for example, when you send us feedback or request information about our Services or products.
o To notify you when App updates are available and of changes to any products or services we offer or provide through the App.
o To complete your transactions, verify your information, and provide you with related benefits, special promotions, or customer service.
o To send administrative information to you, such as changes to our terms, conditions, and policies.
· Providing you with our newsletter and/or other marketing materials and facilitating social sharing.
o To send you marketing related emails, with information about our services, new products, Drew Estate events, and other news about our company.
o To facilitate social sharing functionality that you choose to use.
· Allowing you to participate in sweepstakes, contests, or other promotions.
o We may offer you the opportunity to participate in a sweepstakes, contest or other promotion.
o Some of these promotions have additional rules containing information about how we will use and disclose your Personal Information. Please read those additional rules before choosing to participate.
· Aggregating and/or anonymizing Personal Information.
o We may aggregate and/or anonymize Personal Information so that it will no longer be considered Personal Information. We do so to generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual. Where we maintain or use de-identified data, we will continue to maintain and use the de-identified data only in a de-identified fashion and will not attempt to re-identify the data.
· Accomplishing our business purposes.
o For data analysis, for example, to improve the efficiency of our Services;
o For audits, to verify that our internal processes function as intended and to address legal, regulatory, or contractual requirements;
o For fraud prevention and fraud security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;
o For developing new products and services;
o For enhancing, improving, repairing, maintaining, or modifying our current products and services, as well as undertaking quality and safety assurance measures;
o For identifying usage trends, for example, understanding which parts of our Services are of most interest to users;
o For determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users; and
o For operating and expanding our business activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests.
Disclosure of Your Information
We may disclose Personal Information that we collect:
· To our third party service providers, to facilitate services they provide us.
o These can include providers of services such as website hosting, data analysis, payment processing, order fulfillment, return authorization, fraud prevention, information technology and related infrastructure provision, customer service or related benefits (including special promotions), email delivery, auditing, and other services
· To third party sponsors of sweepstakes, contests, and similar promotions.
· By using the Services, you may elect to disclose Personal Information.
o Through User Contributions. You may provide information to be published or displayed (“Posted”) on public areas of websites you access through the App and social media pages (collectively, “User Contributions”). Your User Contributions are Posted and transmitted to others at your own risk. Although you may set certain privacy settings for such information by logging into your App account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of third parties with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Other Uses and Disclosures
We also use and disclose your Personal Information as necessary or appropriate, in particular when we have a legal obligation or legitimate interest to do so:
· To comply with applicable law and regulations.
o This may include laws outside your country of residence.
· To cooperate with public and government authorities.
o To respond to a request or to provide information we believe is necessary or appropriate.
o These can include authorities outside your country of residence.
· To cooperate with law enforcement.
o For example, when we respond to law enforcement requests and orders or provide information we believe is important.
· For other legal reasons.
o To enforce our terms and conditions; and
o To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
· In connection with a sale or business transaction.
o We have a legitimate interest in disclosing or transferring your Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual. The Services collect Other Information such as:
· Browser and device information
· App usage data
· Information collected through cookies, pixel tags and other technologies
· Demographic information and other information provided by you that does not reveal your specific identity
· Information that has been aggregated in a manner such that it no longer reveals your specific identity
Collection of Other Information
We and our service providers may collect Other Information in a variety of ways, including:
· Your browser or device.
o Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.
· Your use of the App.
o When you download and use the App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
· Pixel tags and other similar technologies.
o Pixel tags. Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the Services and response rates.
· Approximate Device Location.
o We may collect the approximate location of your device
by, for example, using the regional location of your IP address. We may use your device’s approximate location
to provide you with personalized location-based services and content.
Uses and Disclosures of Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Information under applicable law, we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Policy. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.
We seek to use reasonable organizational, technical and administrative measures to protect sensitive Personal Information within our organization. While we endeavor to protect the security and integrity of sensitive Personal Information, due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that any information, during transmission through the Internet or while stored on our system or otherwise in our care, will be absolutely safe from intrusion by unauthorized persons.
If you have an account with us, you are responsible for maintaining the strict confidentiality of your account password, and you shall be responsible for any activity that occurs using your account credentials, whether or not you authorized such activity. Please notify us of any unauthorized use of your password or account or any other breach of security.
Unfortunately, no transmission of information via the internet and mobile platforms and no storage of information is completely secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Information” section below.
We retain collected Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.
The criteria used to determine our retention periods include:
· The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services);
· Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
· Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Third Party Services
In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.
Age Verification 21/Children’s Privacy
The Services are not intended for, directed at, nor marketed to, individuals under 21 years of age (including children under the age of 13 in accordance with the Children’s Online Privacy Protection Act (COPPA)). We do not knowingly collect Personal Information from anyone under the age of 21. If we learn we have collected or received Personal Information from anyone under the age of 21 without verification of age, we will delete that information. If you believe we might have any information from or about someone under 21, please contact the Company at firstname.lastname@example.org.
In very limited circumstances, subject to your consent where required by applicable law, we may ask you for Sensitive Personal Information. For example, in the event that you win a sponsored contest, we may ask you for your Social Security Number for the sole purpose of filling out a W9 form (and in some cases a 1099 form). We only use and disclose such information to facilitate your requests, prevent fraud or other harm, and to comply with legal, audit, insurance and other similar requirements, and otherwise in accordance with applicable law. We take the confidentiality of this information very seriously (see also Data Security above) and have policies in place to limit access to such information on a need-to-know basis. We also have policies, processes and agreements in place to require that our employees and service providers treat such information accordingly.
Otherwise, unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, religion or other beliefs, health, biometrics or genetic characteristics, or criminal background) on or through the Services or otherwise to us.
Third Party Payment Service
Your Choices about the Company’s Use, and Disclosure of Your Information
We give you with choices regarding our use and disclosure of your Personal Information for marketing purposes. This section describes mechanisms We provide for you to control certain uses and disclosures of your information. You may opt out from:
· Receiving marketing-related emails from us. If you do not want the Company to use your e-mail address or contact information to receive marketing related emails from us on a going-forward basis, you can opt-out by communicating via email such request to email@example.com or by following the opt-out instructions at the bottom of any Company emails you receive.
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing related emails from us, we may still send you important administrative messages, from which you cannot opt out.
Changes to This Policy
If you have questions or comments about this Policy and/or our privacy practices as they relate to the Services, contact us at firstname.lastname@example.org.
ADDITIONAL INFORMATION REGARDING CALIFORNIA
Collection and Disclosure of Personal Information
|Categories of Personal Information||Disclosed to Which Categories of Third Parties for Operational Business Purposes|
|Identifiers, such as [name, alias, postal address, unique personal identifiers, IP address that can reasonably be linked or associated with a particular consumer or household, email address, account name, online identifiers, and government-issued identifiers (e.g., Social Security number)||affiliates; service providers;; social networks; business partners; marketing partners; other businesses; contest sponsors; legal authorities; other parties in litigation|
|Personal information as defined in the California customer records law, such as name, contact information, signature; financial account number; employment information||affiliates; service providers; social networks; business partners; marketing partners; other businesses; contest sponsors; legal authorities; other parties in litigation|
|Protected Class Information, such as age||service providers ; legal authorities; other parties in litigation|
|Internet or network activity information, such as interactions with our online properties or ads||affiliates; service providers ; legal authorities; other parties in litigation|
|Geolocation Data, such as approximate location||affiliates; service providers; contest sponsors; legal authorities; other parties in litigation|
|Audio/Video Data. Audio, electronic, visual, and similar information, such as call and video recordings, and photos from social media and events||affiliates; service providers; legal authorities; other parties in litigation|
|Employment Information. Professional or employment-related information, such as employer||affiliates; service providers; legal authorities; other parties in litigation|
|Sensitive Personal Information. Personal Information that reveals an individual’s social security, driver’s license, state identification card, or passport number; account log-in, financial account, payment card||affiliates; service providers; contest partners / sponsors; legal authorities; other parties in litigation|
We may also disclose your Personal Information to a third party in the event of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
Use of Sensitive Personal Information
Purposes for the Collection, Use, and Disclosure of Personal Information
If you are a California consumer you may, subject to applicable law, make the following requests:
1. You may request to know whether we process your Personal Information, and to access such Personal Information.
a. You may request that we disclose to you the following information covering the 12 months preceding your request:
i. The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
ii. The business or commercial purpose for collecting Personal Information about you; and
iii. The categories of Personal Information about you that we disclosed, and the categories of third parties to whom we disclosed such Personal Information (if applicable).
2. You may request to correct inaccuracies in your Personal Information.
3. You may request to have your Personal Information that we collected from you deleted.
4. You may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, request to obtain a copy of your Personal Information in a portable, readily usable format.
We will not unlawfully discriminate against you exercising your rights under California law. To make a privacy request, please contact us at https://drewestate.com/privacypolicy/california-individual-request-form/ or (866) 440-3644. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. In some instances, we may decline to honor your request where the law or right you are invoking does not apply or where an exception applies. We may need to request additional Personal Information from you, such as your full name, telephone number or email address, in order to verify your identity and protect against fraudulent requests. If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your Personal Information. If you make a request to delete, we may ask you to confirm your request before we delete your Personal Information.
If an agent would like to make a request on your behalf as permitted under applicable law, the agent may use the submission methods noted in the section entitled “Individual Requests” or may submit such requests at https://drewestate.com/privacypolicy/california-agent-request-form/. As part of our verification process, we may request that the agent provide, as applicable, proof concerning his or her status as an authorized agent. In addition, we may require that you verify your identity as described in the section entitled “Individual Requests” or confirm that you provided the agent permission to submit the request.
If you are a California consumer and an agent makes a request on your behalf, this may include:
1. A power of attorney provided to the agent by you pursuant to California Probate Code sections 4121‑4130.
2. If you have not provided a power of attorney according to item (1) above:
a. We may require proof that you have provided signed permission authorizing the agent to make a request on your behalf. “Signed” means that the permission has either been physically signed or provided electronically in accordance with the Uniform Electronic Transactions Act, Civil Code 1633.7 et seq.
b. We may require you to:
i. Verify your own identity directly with us; or
ii. Directly confirm with us that you provided you permission to submit the request.
Where we maintain or use de-identified data, we will continue to maintain and use the de-identified data only in a de-identified fashion and will not attempt to re-identify the data.
Response to “Do Not Track” Requests/Signals
Some web browsers may transmit “do-not-track” (“DNT”) signals to the websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not change our tracking practices in response to DNT settings in your web browser.