Effective & Last Modified June 25, 2020
- INFORMATION WE COLLECT
We typically collect four kinds of information about you when you use our Services:
(1) Personal Data: Our definition of personal data includes any information that may be used to specifically identify or contact you, such as your name, address, or phone number. Personal data also includes information that may be used to identify you indirectly, including by reference to an online identifier, location data, or an identification number. As a general policy, we do not automatically collect your personal data when you visit our Website. In certain circumstances, we may request, allow, or otherwise provide you an opportunity to submit your personal data in connection with a feature, program, promotion, or some other aspect of our Services. For instance, you may: (a) provide your name, mail/shipping address, email address, credit card number, and phone number when registering with our Services, including the use of our online store, or in connection with a contest entry; (b) provide certain demographic information about yourself (e.g., age, gender, purchase preference, usage frequency) when using our Services, participating in a survey or poll, or joining a club; or (c) post a general comment and/or recommendation on our Services. Certain information may not be personal data when standing alone (e.g., your age), but may become so when combined with other information (e.g., your age and name). Whether or not you provide this information is your choice; in many instances, however, this type of information is required to participate in the particular activity, realize a benefit we may offer, or gain access to certain content or features available through our Services.
(2) Usage Data: Our definition of usage data is any information that does not personally identify you -(also referred to herein as “non-personal data”) that is automatically collected anytime you visit an IMS webpage, including information such as browser type and referring websites. Usage data can include certain personal data that has been de-identified; that is, information that has been rendered anonymous. We obtain usage information about you from information that you provide us, either separately or together with your personal data. We also automatically collect certain usage data from you when you access our Services with your Equipment. This information can include, among other things, your mobile device, other applications or software that you are using, your wireless carrier, your IP addresses, the type of browser you are using (e.g., Internet Explorer, Firefox, Safari, Opera), the websites you were on previously, the third party website from which your visit originated, the operating system you are using (e.g., Vista, Windows XP, Mac OS, Android, iPhone) on your Equipment, the domain name of your Internet service provider (e.g., CenturyLink, Google, Cox, AOL), the search terms you use on our Services, the specific web pages you visit, how much you use our Services, and the duration of your visits.
(3) Location Data: When you use our Services, particularly our Application(s), we may automatically collect certain Equipment (mobile device) specific information. This includes the general or specific location of your Equipment through GPS, Bluetooth, or WiFi signals. Before we collect or send location-specific information, it is our practice to ask for your consent. In some instances, your operating system may not allow you to install an Application without giving us consent. In all instances, you may withdraw your consent by disabling location features for your Equipment – the Application will still work, although certain location features may not function.
(4) Financial Data: Our definition of financial data is any information needed to facilitate the purchase of items or services on the Website, including credit card information. Financial data may constitute personal data, depending on the circumstances of its collection and use.
- HOW WE USE & DISCLOSE THE INFORMATION COLLECTED
(1) Personal Data: The personal data you voluntarily submit to us is generally used to carry out your requests, respond to your inquiries, better serve you, or in other ways naturally associated with the circumstances in which you provided the information. We may also use this information to later contact you for a variety of reasons, such as customer service, providing you promotional information for our products or those of our parent company, subsidiaries, or other affiliated companies (“affiliated companies”), or to communicate with you about content or other information you have posted or shared with us via use of our Services.
You may opt-out from receiving future promotional information from us or our affiliated companies, or direct that we not share your information with any affiliated companies, as set forth below.
In certain instances, we may also share your personal data with third parties performing functions on our behalf (or on behalf of our affiliated companies) or accessing the Services (e.g., vendors that process credit card orders, deliver our merchandise, administer our promotions, provide us marketing or promotional assistance, analyze our data, assist us with customer service). These third parties agree to use this information, and we share information with them, only to carry out our requests or provide Services.
(2) Usage Data: We use usage information in a variety of ways. For example, we may use usage information to evaluate use of our Services (e.g., visits to our Website, use of our Applications), analyze site traffic, track purchases, gauge coupon redemption rates, understand customer needs and trends, carry out targeted promotional activities, and to improve our Services. We may use your usage information by itself or aggregate it with information we have obtained from others. We may, among other things, share your usage information with our affiliated companies, allow third parties to collect such information directly from you, and/or sell the usage information to third parties to achieve these and any other business objectives (e.g., generate revenue, form alliances). It is, however, important to remember that your usage information is anonymous information that does not personally identify you, directly or indirectly.
(3) General Uses and Disclosures: We use and share the information, including personal data, we collect from users for the purposes described below. To perform the following tasks, we may transfer your data to countries outside the United States and EEA using appropriate safeguards when necessary. When necessary, we will obtain your consent before using your data for these purposes:
- Provision of Services to Website Users. If you use the Website, we will use your information to process and respond to your requests, comments, inquiries, and other forms you submit through the Website.
- Processing Online Purchases. We use your Financial Data to process any purchases made on the Website, including disclosure of your Financial Data to third party payment processors.
- Improving our Services. We use your information to enhance our understanding of our users’ preferences and optimize the performance of the Website.
- Disclosures to Service Providers. We share your information with third party service providers that assist us with hosting and maintaining the Website, processing credit card information, analyzing online activity on the Website, marketing our services, and managing our daily business operations and delivery of the Website. We share only the minimum amount of personal data with these service providers that they need to perform their tasks. We also enter into contracts with these service providers that require them to protect personal data.
- Compliance with Legal Obligations. We will share your information with law enforcement, government officials, regulatory agencies, or other parties when we are required to do so by applicable law. We will also disclose your information to comply with a judicial proceeding, court order, subpoena, or legal process.
- Protection of Individual’s Vital Interests. In emergency situations, we will use or share your information when doing so is necessary to protect an interest that is essential for an individual’s life.
- Other Legitimate Interests. We will use and disclose your information when necessary for our legitimate interests, as long as such interests are not overridden by our users’ interests, rights, and freedoms with respect to their personal data.
- COOKIES AND PREFERENCE BASED ADVERTISING
Web beacons are tiny graphics with a unique identifier, similar in function to cookies, and may be used to track the online movements of users, when an email has been opened, and to provide other information. Web beacons can recognize certain types of information on your computer such as cookies, the time and date a page is viewed, and a description of the page where the web beacon is placed. We may use web beacons to improve your experience with the Website, including to provide you with content customized to your interests and to understand whether users read email messages and click on links contained within those messages so that the Website can deliver relevant content. Our web beacons may collect some contact information (for example, the email address associated with an email message that contains a web beacon).
Other examples of the information we collect and analyze in this manner include: the Internet Protocol (IP) address used to connect your Equipment to the Internet; computer and connection information such as browser type and version, operating system, and platform; your activities on our Website, including the products you view or searched for, as well as the URL you come from and go to next (whether this URL is on our Website or not); and cookie number. It is important to note that the cookies and Web beacons that we use do not contain and are not tied to personal data or personally identifiable information about you.
A couple of important notes about this opt-out tool: (1) it includes all the advertising networks that we may work with, but also many that we do not work with; and (2) it may rely on cookies to ensure that a given advertising network does not collect information about you (“Opt-out Cookies”) – an explanation of how Opt-out Cookies work can be found on www.aboutads.info. Therefore, if you use different Equipment, change web browsers, or delete these Opt-out Cookies from your computer, you will need to perform the opt-out task again.
(3) Do Not Track Features: Certain browsers may offer you the option of providing notice to websites that you do not wish for your online activities to be tracked for preference-based advertising purposes (“DNT Notice”). Some browsers are, by default, set to provide a DNT Notice, whether or not that reflects your preference. Providing DNT Notice is often touted as a means to ensure that cookies, web beacons, and similar technology are not used for preference-based advertising purposes – that is, to restrict the collection of non-personally identifiable information about your online activities for advertising purposes. Unfortunately, given how preference-based advertising works, DNT Notices may not effectively accomplish this goal. For this and a variety of other reasons, with respect to our Website, we do not take any action based on browser based DNT Notices. Rather, if you do not wish to participate in preference-based advertising activities, you should follow the simple opt-out process identified below.
- OTHER USES & INFORMATION
(1) IP Addresses: An IP address is a number that is automatically assigned to your Equipment whenever you access the Internet. Web servers (computers that serve up web pages) automatically identify your Equipment by its IP address. When visitors request pages from our Website, our servers typically log their IP addresses. We collect IP addresses for purposes of system administration, to report non-personal aggregate information to others, and to track the use of our Services. IP addresses are considered non-personally identifiable information and may also be shared as provided above. It is not our practice to link IP addresses to anything personally identifiable; that is, the visitors’ session will be logged, but the visitor remains anonymous to us. We reserve the right, however, to use IP addresses to identify a visitor: (a) at the request of the visitor; (b) when we feel it is necessary to enforce compliance with our Service rules; (c) to fulfill a government request; (d) to conform with the requirements of the law or legal process; (e) to protect or defend our legal rights or property, our Services, or other users; or (f) in an emergency to protect the health and safety of our customers, fans, or the general public.
(2) Social Networks: We may offer you the ability to create or login to your account with us through accounts you may have with various social network platforms, such as Facebook or Twitter (each a “Social Network Account”). To do so, you may be required to provide, or allow our Services to access, your Social Network Account login information. By granting us access to your Social Network Account, you understand and agree that we may access, make available, and store any content that you have provided to and stored in your Social Network Account (e.g., friends, mutual friends, contacts). We may make this information available on or through our Services and to our users. You may be able to restrict what information is shared and how it is used through privacy and other settings. Also, depending on the privacy settings you have set in your Social Network Account, personal data may be shared with us and made available through our Services and to our users.
(3) Email Communications: If you send us an email with questions or comments, we may use your personal data to respond to your questions or comments, and we may save your questions or comments for future reference. For security reasons, we do not recommend that you send non-public personal information, such as passwords, social security numbers, or bank account information, to us by email. We may send you emails for a variety of reasons –such as emails in response to your request for a particular service or your registration for a feature that involves email communications, that relate to purchases you have made with us (e.g., product updates, customer support), about our other products, services, or events, or when you consent to being contacted by email for a particular purpose. In certain instances, we may provide you with the option to set your preferences for receiving email communications from us – that is, agree to some communications but not others. You may “opt-out” of receiving future commercial emails from us by clicking the “unsubscribe,” “opt-out,” or similar link included at the bottom of most emails we send, or as provided below; we reserve the right, however, to send you transactional emails such as customer service communications.
(4) Transfer of Assets: As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or all (or substantially all) of our assets, the personal data and non-personal data we have about you will be transferred to and used by this acquiring entity, though we will take reasonable steps to ensure that your preferences are followed. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such information may be considered an asset of ours and as such may be sold or transferred to third parties.
(6) Your California Privacy Rights: Under certain provisions of the California Civil Code § 1798.83, residents of the State of California have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed certain personally identifiable information as defined under California law during the preceding year for third party direct marketing purposes. You are limited to one request per calendar year. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. You may request the information in writing as provided in Section I below.
The features, programs, promotions, and other aspects of our Services requiring the submission of personally identifiable information are not intended for children. We do not market and do not knowingly collect personally identifiable information from children under the age of 13. Certain benefits of our Services may be restricted to adults, age 18 or older. If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed personally identifiable information to us please contact us as provided in Section I below. A parent or guardian of a child under the age of 13 may review and request deletion of such child's personally identifiable information as well as prohibit the use thereof. If we discover that we have inadvertently collected information from a child under 13 years of age, we will promptly take all reasonable measures to delete such information from our systems.
- KEEPING YOUR INFORMATION SECURE
We have implemented security measures we consider reasonable and appropriate to protect against the loss, misuse, and alteration of the information under our control. Please be advised, however, that while we strive to protect your personal data and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online or through our Services, and are not responsible for the theft, destruction, or inadvertent disclosure of your personal data. In the unfortunate event that your "personal data (as the term or similar terms are defined by any applicable law requiring notice upon a security breach) is compromised, we may notify you by email (at our sole and absolute discretion) to the last email address you have provided us in the most expedient time reasonable under the circumstances; provided, however, delays in notification may occur while we take necessary measures to determine the scope of the breach and restore reasonable integrity to the system as well as for the legitimate needs of law enforcement if notification would impede a criminal investigation. From time to time we evaluate new technology for protecting information, and when appropriate, we upgrade our information security systems.
- OTHER SITES/THIRD-PARTY LINKS
Our Services may link to or contain links to third party websites that we do not control or maintain, such as in connection with purchasing products we may recommend or reference via our Services and/or advertisements you may see while using our Services. We are not responsible for the privacy practices employed by any third party website. We encourage you to note when you leave our Website and to read the privacy statements of all third party websites before submitting any personally identifiable information.
- CONTACT & OPT-OUT INFORMATION
Phone: (317) 492-6526
Mail: INDYCAR, LLC
ATTN: Privacy Representative
4551 West 16th Street
Indianapolis, IN 46222
We will respond to your request and, if applicable and appropriate, make the requested change in our active databases as soon as reasonably practicable. Please note that we may not be able to fulfill certain requests while allowing you access to certain benefits and features of our Services.
- SOLE STATEMENT
- YOUR RIGHTS
Data Subjects from the EEA have the following rights under the GDPR:
- To access the Personal Data we maintain about you;
- To be provided with information about how we process your Personal Data;
- To correct your Personal Data;
- To have your Personal Data erased;
- To object to or restrict how we process your Personal Data; and
- To request your Personal Data to be transferred to a third party.
To exercise the above rights, please contact us at the information provided above. We will consider and process your request within a reasonable period of time. Please be aware that under certain circumstances, the GDPR may limit your exercise of these rights.
- RETENTION OF PERSONAL DATA
For Data Subjects from the EEA, we will retain your Personal Data only as long as necessary to process your request or other submission, fulfill the terms of our service contract with you, and comply with applicable law.
- HOW TO WITHDRAW CONSENT
At any time, Data Subjects from the EEA may withdraw consent you have provided to us for using, disclosing, or otherwise processing your Personal Data. You may withdraw your consent by emailing us at INDYCARPrivacy@indycar.com) and following the instructions in our communication to you.
Please note that your withdrawal of consent to process certain Personal Data about you (1) may limit our ability to deliver services to you and (2) does not affect the lawfulness of our processing activities based on your consent before its withdrawal.
- HOW TO FILE A COMPLAINT
You may also contact us using the contact information provided above to be directed to the appropriate DPA contact(s).