INDYCAR, LLC PRIVACY POLICY

Effective & Last Modified August 14, 2018

Introduction

Welcome to the INDYCAR, LLC Privacy Policy.

INDYCAR, LLC together with its parents, subsidiaries, affiliates, agents, vendors, and licensees (collectively, “INDYCAR,” “us,” “we,” or “our”) respects your privacy, and takes the responsibility of protecting the personal information that you provide to us via our website (www.indycar.com, or any other website on which we place this Privacy Policy, referred to herein as the “Website”) very seriously.  This Privacy Policy describes how we collect, use, and disclose information we receive from users of the Website, including users in the European Economic Area (“EEA”) (collectively, “you” or “users”).  For the purposes of compliance with the EU General Data Protection Regulation (“GDPR”), we are the “controller” of “personal data” (defined below) that we receive from you via the Website.

We have adopted this Privacy Policy to explain what information may be collected when you access the Website, use any of our mobile or other applications (the “Applications”), or access or use any of our social media pages; how we and others use this information; under what circumstances we may disclose the information to third parties; and the instances in which we may allow third parties to collect information directly.  Depending on your activities when using or accessing our Website, Applications, or social media pages (collectively, the “Services”), you may from time-to-time be required to agree to additional terms and conditions. Without limiting the foregoing, our Services include any promotion, contest, or sweepstakes which refers to this Privacy Policy with respect to the collection and use of your information. 

This Privacy Policy applies regardless of whether you use our Services via a computer, mobile device, or any other platform or equipment (collectively, your “Equipment”).  This Privacy Policy also applies only to information we collect through our Services, including, without limitation, our Website, Applications, and social media pages, and does not apply to our collection of information from other sources.

Modifications to this Privacy Policy

We generally keep this Privacy Policy posted on our Website and accessible in our Applications.  You should review this Privacy Policy frequently, as it may change from time to time without notice. Any changes will be effective immediately upon the posting of the revised Privacy Policy.  WHEN YOU USE OUR SERVICES, YOU AGREE TO THIS PRIVACY POLICY.  IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, OR TO ANY CHANGES WE MAY SUBSEQUENTLY MAKE, IMMEDIATELY STOP USING OUR SERVICES.  Please note, however, that if we decide to use your personal data in a manner materially different than what is provided in this Privacy Policy or what we advised at the time it was collected, we will notify you of this change by email to the last email address provided to us or through our Applications.  You will have a choice (by means of an “opt-out” opportunity) as to whether or not we use your information in this different manner.  If you opt out, we will use your personal data in accordance with the terms in place when the information was collected.

A.         INFORMATION WE COLLECT

We typically collect four kinds of information about you when you use our Services:

 (1)  Personal Data:  Our definition of personal data includes any information that may be used to specifically identify or contact you, such as your name, address, or phone number.  Personal data also includes information that may be used to identify you indirectly, including by reference to an online identifier, location data, or an identification number. As a general policy, we do not automatically collect your personal data when you visit our Website. In certain circumstances, we may request, allow, or otherwise provide you an opportunity to submit your personal data in connection with a feature, program, promotion, or some other aspect of our Services.  For instance, you may: (a) provide your name, mail/shipping address, email address, credit card number, and phone number when registering with our Services, including the use of our online store, or in connection with a contest entry; (b) provide certain demographic information about yourself (e.g., age, gender, purchase preference, usage frequency) when using our Services, participating in a survey or poll, or joining a club; or (c) post a general comment and/or recommendation on our Services. Certain information may not be personal data when standing alone (e.g., your age), but may become so when combined with other information (e.g., your age and name). Whether or not you provide this information is your choice; in many instances, however, this type of information is required to participate in the particular activity, realize a benefit we may offer, or gain access to certain content or features available through our Services. 

(2)  Usage Data: Our definition of usage data is any information that does not personally identify you -(also referred to herein as “non-personal data”) that is automatically collected anytime you visit an IMS webpage, including information such as browser type and referring websites. Usage data can include certain personal data that has been de-identified; that is, information that has been rendered anonymous. We obtain usage information about you from information that you provide us, either separately or together with your personal data. We also automatically collect certain usage data from you when you access our Services with your Equipment. This information can include, among other things, your mobile device, other applications or software that you are using, your wireless carrier, your IP addresses, the type of browser you are using (e.g., Internet Explorer, Firefox, Safari, Opera), the websites you were on previously, the third party website from which your visit originated, the operating system you are using (e.g., Vista, Windows XP, Mac OS, Android, iPhone) on your Equipment, the domain name of your Internet service provider (e.g., CenturyLink, Google, Cox, AOL), the search terms you use on our Services, the specific web pages you visit, how much you use our Services, and the duration of your visits.

(3)  Location Data: When you use our Services, particularly our Application(s), we may automatically collect certain Equipment (mobile device) specific information.  This includes the general or specific location of your Equipment through GPS, Bluetooth, or WiFi signals.  Before we collect or send location-specific information, it is our practice to ask for your consent.  In some instances, your operating system may not allow you to install an Application without giving us consent. In all instances, you may withdraw your consent by disabling location features for your Equipment – the Application will still work, although certain location features may not function.

(4) Financial Data: Our definition of financial data is any information needed to facilitate the purchase of items or services on the Website, including credit card information.  Financial data may constitute personal data, depending on the circumstances of its collection and use.

Users may be referred to as Data Subjects in the Privacy Policy. A “Data Subject” means an identified or identifiable natural person as set forth in the GDPR.

B.         HOW WE USE & DISCLOSE THE INFORMATION COLLECTED

(1)  Personal Data: The personal data you voluntarily submit to us is generally used to carry out your requests, respond to your inquiries, better serve you, or in other ways naturally associated with the circumstances in which you provided the information. We may also use this information to later contact you for a variety of reasons, such as customer service, providing you promotional information for our products or those of our parent company, subsidiaries, or other affiliated companies (“affiliated companies”), or to communicate with you about content or other information you have posted or shared with us via use of our Services.

You may opt-out from receiving future promotional information from us or our affiliated companies, or direct that we not share your information with any affiliated companies, as set forth below. 

In certain instances, we may also share your personal data with third parties performing functions on our behalf (or on behalf of our affiliated companies) or accessing the Services (e.g., vendors that process credit card orders, deliver our merchandise, administer our promotions, provide us marketing or promotional assistance, analyze our data, assist us with customer service). These third parties agree to use this information, and we share information with them, only to carry out our requests or provide Services.

In addition, we may share your personal data with participating sponsors to a program or promotion (e.g., a sweepstakes or contest) you enter via our Services, and with third parties who assist us in using the content or other information you have posted or shared with us via our Services (e.g., production companies we may use). Further, we may share your personal data with third parties such as our co-promotional partners and others with whom we have marketing or other relationships. Except as provided in this Privacy Policy, our Terms of Use, or as set forth when you submit the information, your personal data will not be shared or sold to any third parties without your prior approval. 

(2)  Usage Data: We use usage information in a variety of ways.  For example, we may use usage information to evaluate use of our Services (e.g., visits to our Website, use of our Applications), analyze site traffic, track purchases, gauge coupon redemption rates, understand customer needs and trends, carry out targeted promotional activities, and to improve our Services.  We may use your usage information by itself or aggregate it with information we have obtained from others.  We may, among other things, share your usage information with our affiliated companies, allow third parties to collect such information directly from you, and/or sell the usage information to third parties to achieve these and any other business objectives (e.g., generate revenue, form alliances).  It is, however, important to remember that your usage information is anonymous information that does not personally identify you, directly or indirectly.

(3) General Uses and Disclosures: We use and share the information, including personal data, we collect from users for the purposes described below.  To perform the following tasks, we may transfer your data to countries outside the United States and EEA using appropriate safeguards when necessary.  When necessary, we will obtain your consent before using your data for these purposes:

• Provision of Services to Website Users. If you use the Website, we will use your information to process and respond to your requests, comments, inquiries, and other forms you submit through the Website.
• Processing Online Purchases.We use your Financial Data to process any purchases made on the Website, including disclosure of your Financial Data to third party payment processors.
• Improving our Services.We use your information to enhance our understanding of our users’ preferences and optimize the performance of the Website.
• Disclosures to Service Providers. We share your information with third party service providers that assist us with hosting and maintaining the Website, processing credit card information, analyzing online activity on the Website, marketing our services, and managing our daily business operations and delivery of the Website.We share only the minimum amount of personal data with these service providers that they need to perform their tasks.We also enter into contracts with these service providers that require them to protect personal data.
• Compliance with Legal Obligations.We will share your information with law enforcement, government officials, regulatory agencies, or other parties when we are required to do so by applicable law.We will also disclose your information to comply with a judicial proceeding, court order, subpoena, or legal process.
• Protection of Individual’s Vital Interests.In emergency situations, we will use or share your information when doing so is necessary to protect an interest that is essential for an individual’s life.
• Other Legitimate Interests.We will use and disclose your information when necessary for our legitimate interests, as long as such interests are not overridden by our users’ interests, rights, and freedoms with respect to their personal data.

(4) Legal Bases for Processing:  The legal bases for processing your personal data for the purposes described above or elsewhere in this Privacy Policy, including in Section C below, are, without limitation, that (1) it is necessary to perform a contract with you (sale of goods or services) or in order to take steps at your request prior to entering into a contract; (2) it is necessary to comply with a legal obligation (such as notifying you of Privacy Policy changes); and/or (3) it is necessary for the pursuit of our legitimate interests or those of a third party.

C.         COOKIES AND PREFERENCE BASED ADVERTISING

(1)  Cookies and Web Beacons:  We automatically receive and store certain types of usage data whenever you interact with us. For example, like many websites, we use "cookies" and "web beacons" (also called “clear gifs” or “pixel tags”) and embedded scripts to obtain certain types of information when you use or access our Services.  Cookies are small files that we transfer to your computer's hard drive or your web browser memory to enable our systems to recognize your browser and to provide convenience and other features to you. Cookies and other user tracking mechanisms (e.g., local shared objects), by themselves, do not tell us your email address or other personal data unless you choose to provide this information to us by, for example, registering at the Website.  However, once you choose to furnish us with personal data, this information may be linked to the data stored in the cookie or other tracking mechanisms.  We may use cookies and other user tracking mechanisms, including “persistent cookies”, which will remain on your computer even after you close your browser, to understand website usage and to improve the content and offerings on the Website.  For example, we may use cookies to personalize your experience at the Website and to save your password in password-protected areas.  We also may use cookies to offer you products, programs, or services.  While most browsers are set to accept cookies and other tracking devices by default, you can set yours to refuse tracking devices or to alert you before accepting them.  However, by disabling tracking devices, you may not have access to the entire set of features of the Website.  Your browser manufacturer has information on changing the default setting for your specific browser.

Web beacons are tiny graphics with a unique identifier, similar in function to cookies, and may be used to track the online movements of users, when an email has been opened, and to provide other information.  Web beacons can recognize certain types of information on your computer such as cookies, the time and date a page is viewed, and a description of the page where the web beacon is placed.  We may use web beacons to improve your experience with the Website, including to provide you with content customized to your interests and to understand whether users read email messages and click on links contained within those messages so that the Website can deliver relevant content.  Our web beacons may collect some contact information (for example, the email address associated with an email message that contains a web beacon).

Other examples of the information we collect and analyze in this manner include: the Internet Protocol (IP) address used to connect your Equipment to the Internet; computer and connection information such as browser type and version, operating system, and platform; your activities on our Website, including the products you view or searched for, as well as the URL you come from and go to next (whether this URL is on our Website or not); and cookie number. It is important to note that the cookies and Web beacons that we use do not contain and are not tied to personal data or personally identifiable information about you.

If you are concerned about the storage and use of cookies, you may block or limit the storage of cookies via browser controls or other software (we do not make any promise that our Services will recognize or be able to work with any such browser controls/software – see below for Do Not Track options).  You may also be able to delete cookies manually from your Equipment through your internet browser, operating system, or other programs.  Please note, however, that some portions of our Services will not function properly or be available if you are able and do block and/or delete cookies.

(2)  Preference Based Advertising: We may work with third parties, including advertising companies and website analysis firms, who use cookies and web beacons to collect usage data when you use our Services, including without limitation our Website and third party sites.  This usage data, collected through cookies and web beacons, is typically used by these third party advertising companies (i.e., advertising networks) to serve you with advertisements while on third party sites tailored to meet your preferences and needs.   If you do not wish to participate in this activity, go to www.aboutads.info and follow the simple opt-out process.

A couple of important notes about this opt-out tool: (1) it includes all the advertising networks that we may work with, but also many that we do not work with; and (2) it may rely on cookies to ensure that a given advertising network does not collect information about you (“Opt-out Cookies”) – an explanation of how Opt-out Cookies work can be found on www.aboutads.info.  Therefore, if you use different Equipment, change web browsers, or delete these Opt-out Cookies from your computer, you will need to perform the opt-out task again.

(3) Do Not Track Features: Certain browsers may offer you the option of providing notice to websites that you do not wish for your online activities to be tracked for preference-based advertising purposes (“DNT Notice”). Some browsers are, by default, set to provide a DNT Notice, whether or not that reflects your preference. Providing DNT Notice is often touted as a means to ensure that cookies, web beacons, and similar technology are not used for preference-based advertising purposes – that is, to restrict the collection of non-personally identifiable information about your online activities for advertising purposes. Unfortunately, given how preference-based advertising works, DNT Notices may not effectively accomplish this goal. For this and a variety of other reasons, with respect to our Website, we do not take any action based on browser based DNT Notices. Rather, if you do not wish to participate in preference-based advertising activities, you should follow the simple opt-out process identified below.

D.         OTHER USES & INFORMATION

(1)  IP Addresses: An IP address is a number that is automatically assigned to your Equipment whenever you access the Internet. Web servers (computers that serve up web pages) automatically identify your Equipment by its IP address. When visitors request pages from our Website, our servers typically log their IP addresses. We collect IP addresses for purposes of system administration, to report non-personal aggregate information to others, and to track the use of our Services. IP addresses are considered non-personally identifiable information and may also be shared as provided above. It is not our practice to link IP addresses to anything personally identifiable; that is, the visitors’ session will be logged, but the visitor remains anonymous to us. We reserve the right, however, to use IP addresses to identify a visitor: (a) at the request of the visitor; (b) when we feel it is necessary to enforce compliance with our Service rules; (c) to fulfill a government request; (d) to conform with the requirements of the law or legal process; (e) to protect or defend our legal rights or property, our Services, or other users; or (f) in an emergency to protect the health and safety of our customers, fans, or the general public.

(2)  Social Networks: We may offer you the ability to create or login to your account with us through accounts you may have with various social network platforms, such as Facebook or Twitter (each a “Social Network Account”).  To do so, you may be required to provide, or allow our Services to access, your Social Network Account login information.  By granting us access to your Social Network Account, you understand and agree that we may access, make available, and store any content that you have provided to and stored in your Social Network Account (e.g., friends, mutual friends, contacts).  We may make this information available on or through our Services and to our users.  You may be able to restrict what information is shared and how it is used through privacy and other settings.  Also, depending on the privacy settings you have set in your Social Network Account, personal data may be shared with us and made available through our Services and to our users.

(3)  Email Communications:  If you send us an email with questions or comments, we may use your personal data to respond to your questions or comments, and we may save your questions or comments for future reference.  For security reasons, we do not recommend that you send non-public personal information, such as passwords, social security numbers, or bank account information, to us by email.  We may send you emails for a variety of reasons –such as emails in response to your request for a particular service or your registration for a feature that involves email communications, that relate to purchases you have made with us (e.g., product updates, customer support), about our other products, services, or events, or when you consent to being contacted by email for a particular purpose.  In certain instances, we may provide you with the option to set your preferences for receiving email communications from us – that is, agree to some communications but not others. You may “opt-out” of receiving future commercial emails from us by clicking the “unsubscribe,” “opt-out,” or similar link included at the bottom of most emails we send, or as provided below; we reserve the right, however, to send you transactional emails such as customer service communications.

(4)  Transfer of Assets:  As we continue to develop our business, we may sell or purchase assets.  If another entity acquires us or all (or substantially all) of our assets, the personal data and non-personal data we have about you will be transferred to and used by this acquiring entity, though we will take reasonable steps to ensure that your preferences are followed.  Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such information may be considered an asset of ours and as such may be sold or transferred to third parties.

(5)  Other: Regardless of any other provision in this Privacy Policy, we reserve the right to disclose any personal data or non-personal data about you if we are required to do so by law, with respect to copyright and other intellectual property infringement claims, or if we believe that such action is necessary to: (a) fulfill a government request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property of our Services, or other users; or (d) in an emergency to protect the health and safety of our customers or the general public.

(6)  Your California Privacy Rights:  Under certain provisions of the California Civil Code § 1798.83, residents of the State of California have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed certain personally identifiable information as defined under California law during the preceding year for third party direct marketing purposes. You are limited to one request per calendar year. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. You may request the information in writing as provided in Section I below.                

                  
E.         PUBLIC FORUMS

We may offer chat rooms, blogs, message boards, or similar public forums where you and other users of our Services can share information and communicate – e.g., places where you can post your resume and/or profile. The protections described in this Privacy Policy do not apply when you provide information (including personal information) in connection with your use of these public forums.  We may use personally identifiable and non-personal information about you to identify you with a posting in a public forum.  Any information you share in a public forum is public information and may be seen or collected by anyone, including third parties that do not adhere to our Privacy Policy.  We are not responsible for events arising from the distribution of any information you choose to publicly post or share through our Services.

F.         CHILDREN

The features, programs, promotions, and other aspects of our Services requiring the submission of personally identifiable information are not intended for children. We do not market and do not knowingly collect personally identifiable information from children under the age of 13. Certain benefits of our Services may be restricted to adults, age 18 or older.  If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed personally identifiable information to us please contact us as provided in Section I below.  A parent or guardian of a child under the age of 13 may review and request deletion of such child's personally identifiable information as well as prohibit the use thereof. If we discover that we have inadvertently collected information from a child under 13 years of age, we will promptly take all reasonable measures to delete such information from our systems.

G.         KEEPING YOUR INFORMATION SECURE

We have implemented security measures we consider reasonable and appropriate to protect against the loss, misuse, and alteration of the information under our control. Please be advised, however, that while we strive to protect your personal data and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online or through our Services, and are not responsible for the theft, destruction, or inadvertent disclosure of your personal data. In the unfortunate event that your "personal data (as the term or similar terms are defined by any applicable law requiring notice upon a security breach) is compromised, we may notify you by email (at our sole and absolute discretion) to the last email address you have provided us in the most expedient time reasonable under the circumstances; provided, however, delays in notification may occur while we take necessary measures to determine the scope of the breach and restore reasonable integrity to the system as well as for the legitimate needs of law enforcement if notification would impede a criminal investigation.  From time to time we evaluate new technology for protecting information, and when appropriate, we upgrade our information security systems.

H.         OTHER SITES/THIRD-PARTY LINKS

Our Services may link to or contain links to third party websites that we do not control or maintain, such as in connection with purchasing products we may recommend or reference via our Services and/or advertisements you may see while using our Services.  We are not responsible for the privacy practices employed by any third party website.  We encourage you to note when you leave our Website and to read the privacy statements of all third party websites before submitting any personally identifiable information.

I.          CONTACT & OPT-OUT INFORMATION

You may contact us as provided below if: (a) you have questions or comments about our Privacy Policy; (b) wish to make corrections to any personally identifiable information you have provided; (c) want to opt-out from receiving future commercial correspondence, including emails, from us or our affiliated companies; or (d) wish to withdraw your consent to sharing your personally identifiable information with others.

Email: online@indycar.com

Phone: (317) 492-6526

Mail: INDYCAR, LLC
ATTN: Digital Media
4551 West 16th Street
Indianapolis, IN 46222

We will respond to your request and, if applicable and appropriate, make the requested change in our active databases as soon as reasonably practicable. Please note that we may not be able to fulfill certain requests while allowing you access to certain benefits and features of our Services. 

J.         SOLE STATEMENT

This Privacy Policy as posted on this Website is the sole statement of our privacy policy with respect to our Services, and no summary, modification, restatement or other version thereof, or other privacy statement or policy, in any form, is valid unless we post a new or revised policy to the Website.

K.        YOUR RIGHTS

Data Subjects from the EEA have the following rights under the GDPR:

• To access the Personal Data we maintain about you;
• To be provided with information about how we process your Personal Data;
• To correct your Personal Data;
• To have your Personal Data erased;
• To object to or restrict how we process your Personal Data; and
• To request your Personal Data to be transferred to a third party.

To exercise the above rights, please contact us at the information provided above.  We will consider and process your request within a reasonable period of time.  Please be aware that under certain circumstances, the GDPR may limit your exercise of these rights.

L.        RETENTION OF PERSONAL DATA

For Data Subjects from the EEA, we will retain your Personal Data only as long as necessary to process your request or other submission, fulfill the terms of our service contract with you, and comply with applicable law. 

M.       HOW TO WITHDRAW CONSENT

At any time, Data Subjects from the EEA may withdraw consent you have provided to us for using, disclosing, or otherwise processing your Personal Data.  You may withdraw your consent by emailing us at online@indycar.com) and following the instructions in our communication to you.

Please note that your withdrawal of consent to process certain Personal Data about you (1) may limit our ability to deliver services to you and (2) does not affect the lawfulness of our processing activities based on your consent before its withdrawal.

N.        HOW TO FILE A COMPLAINT

You may file a complaint regarding the Privacy Policy or our privacy practices by contacting us at the information we provide below.  Additionally, Data Subjects from the EEA may file a complaint with EU data protection authorities (DPAs).  A list of DPAs from the European Commission may be found here:

http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061.

You may also contact us using the contact information provided above to be directed to the appropriate DPA contact(s).