Stio is committed to protecting your privacy. Stio and its subsidiaries and affiliates (collectively, “Stio,” “us,” “we,” or “our”) have prepared this Privacy Policy (“Privacy Policy”) to describe to you, or if you represent an entity or other organization, that entity or organization (in either case, “you,” or “your”), our online and offline practices regarding the personal information that Stio collects, uses, and shares through the Services, the Stio website located at https://www.stio.com or other websites, events, social media pages, and email, phone, and other electronic communications operated by Stio (collectively, the “Site”). Capitalized terms not defined in this Privacy Policy, shall have the meanings as defined in the Stio Terms of Service.

Stio reserves the right, at any time, to modify this Privacy Policy. If we make revisions that change the way we collect, use, or share personal information, we will post those changes in this Privacy Policy. You should review this Privacy Policy periodically so that you keep up to date on our most current policies and practices. We will note the date of the latest update to our Privacy Policy at the end of this Privacy Policy. Your continued use of the Site, Services, or Content following posting of changes constitutes your acknowledgement of such changes.

This Privacy Policy covers the following topics:

1. COLLECTION OF PERSONAL INFORMATION
2. USE OF PERSONAL INFORMATION
3. SHARING OF PERSONAL INFORMATION
4. RETENTION
5. SECURITY
6. INTERNATIONAL DATA TRANSFERS
7. YOUR PRIVACY RIGHTS
8. EXERCISING YOUR PRIVACY RIGHTS
9. NOTICE TO RESIDENTS OF CALIFORNIA
10. OTHER WEBSITES
11. CONTACT US

1. COLLECTION OF PERSONAL INFORMATION.

Personal Information Collected. The following table describes the categories (with non-exhaustive examples) of personal information we may collect about you and for each category the purposes for which it may be collected and used. We may also collect other personal information that is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Unless we specifically request it, we ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Site, or otherwise to us.

Exclusions of Personal Information. We obtain the categories of personal information listed above from a variety of sources, including the following categories of sources:

 Personal Information You Provide. Stio collects personal information when you voluntarily submit it to us. For example, we may collect or receive information from you when you create an Account, submit your Content or Product comments, use or access Services or Content, or otherwise interact with us or other users of the Site. Additionally, Stio may collect personal information when you interact with Stio offline, such as when you provide personal information in a Stio store or at a Stio event.

 Automatically Collected Personal Information. In addition to personal information that we may receive directly from you, Stio, our service providers, and our advertising partners may log information about you, your computer, or mobile device, and your activity over time on our Site and other sites and online services, such as the online activity information and device information listed above. Stio collects some personal information automatically using cookies or other online tracking technologies, such as:

• Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
• Flash cookies, or locally-stored objects, which are used on websites for purposes similar to cookies but allow storage of a larger amount of data.
• Web beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
• Session-replay technologies, which are third-party software used to record a video replay of users’ interactions with the Site. The video replay may include users’ clicks, mouse movements, scrolls, mobile app touches, typing, and other activity taken during the session. We use these replays for research and development purposes, such as to help us troubleshoot problems with the Site, understand how users interact with and use the Site, and identify areas for improvement.

Personal Information Collected In-Store or Offline. Stio collects personal information when you visit us in-store or at a Stio event, such as video monitoring at the store locations for security and fraud prevention, or when you call customer service, such as recording customer service calls for quality assurance and training purposes.

Personal Information Obtained from Third Parties.  Stio may receive personal information about you from third parties, such as our service providers, advertising partners, data analytics partners, operating systems and platforms, social media platforms, event sponsors, publicly available sources, and companies that provide personal information to supplement what we already know about you, such as marketing cooperatives, and website optimization consultants.  For example, if you log into your Account through sign-in services (e.g., Facebook Connect), you provide Stio with permission to access certain information about you from that social networking site, such as your Facebook user ID, user profile, friends list, and profile picture.  We may merge or combine such personal information with the personal information we collect from you directly or automatically.

Referrals.  Users of the Site may have the opportunity to refer colleagues or other contacts to us and share their contact information.  Please do not provide us with someone’s contact information unless you have their permission to do so.

2. USE OF PERSONAL INFORMATION. Stio’s primary purpose in collecting personal information is to provide you with Content, Services, and Stio’s Products that you request. We also use personal information for the purposes set forth below and as otherwise described in this Privacy Policy or at the time of collection.

To Provide the Site and Related Products and Services. We may use personal information to provide our Products and Services and operate our business. For example, we use personal information to:

• monitor and help diagnose problems with the Site, to administer the Site, and to enhance the Site for your optimal experience.
• customize Content and Services that may be of interest to you.
• provide you with information about our Products.
• facilitate Orders, product transactions, and process payments.
• establish, manage, monitor, and maintain your Account.
• communicate with you, including providing notices about updates and information regarding the Site or your Account, and responding to any of your requests, feedback, or questions.
• provide maintenance, support, and customer service for the Site.
• contact you for information verification purposes.
• provide contests, surveys, sweepstakes, or other promotions you participate in.
• Fulfill any other purpose for which you provide your personal information.

Research and Development.We use personal information for research and development purposes, including to study and improve the Site, Products, Services, and our business, understand and analyze the usage trends and preferences of our users, and develop new features, functionality, and Products. As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes.

Direct Marketing.We may send you Stio-related or other direct marketing communications as permitted by law, including materials, updates, information, special offers, and promotional material from us and our business partners. You may opt-out of our marketing communications as described in the “YOUR PRIVACY RIGHTS” section below.

Behavioral-Based Advertising.We work with third-party advertising companies and social media companies to help us advertise our business and to display ads for our Products. These companies use cookies and similar technologies to collect information about you (including the online activity information and device information described above in the section called “Automatically Collected Personal Information”) over time across our Site and other websites and services or your interaction with our emails, and use that information to serve ads that they think will interest you. In addition, some of these companies may use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms. You can learn more about your choices for limiting behavioral-based advertising in the “YOUR PRIVACY RIGHTS” section below.

To Comply with Laws and Regulations.We will use personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For Compliance, Fraud Prevention, and Safety.We may use personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) maintain the safety, security, and integrity of our Products and Services, business, databases, and other technology assets; (b) protect our, your, or others’ rights, privacy, safety or property (including by making and defending legal claims); (c) audit our internal processes for compliance with legal and contractual requirements and internal policies; (d) enforce the terms and conditions that govern the Products and Services; and (e) prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With Your Consent.We will disclose your personal information in accordance with your prior direction or, in some cases, we may specifically ask you for your consent to collect, use, or share your personal information, such as when required by law.

3. SHARING OF PERSONAL INFORMATION. In addition to the specific situations discussed elsewhere in this Privacy Policy or at the point of collection, Stio may share your personal information with the following entities or persons:

Related Companies. Stio may share your personal information with companies that are affiliated with us (that is, that control, are controlled by, or are under common control with Stio).

Joint Marketing Partners. We may market to you on behalf of third parties that would like to send you information about their products and services.  For example, Stio may offer a promotion in conjunction with a co-sponsor that may have special offers or services that might be of interest to our users.  Such partners may send you promotional materials or otherwise contact you regarding products and services that they offer.  We may also extend special offers to you from the co-sponsor that may be of interest to you. 

Service Providers. Stio may disclose personal information to third parties who perform services on our behalf that are necessary for the operation our business; delivering, improving, and customizing our Content, Services, or Products; sending marketing communications, mail, or our catalog; payment processing; fraud prevention; and for any other use set out in this Privacy Policy.  For example, Stio contracts with payment processing providers which may process sales and Orders that users make through the Site. 

Other Users of the Site and the Public. We may provide functionality that enables you to disclose personal information to other users of the Services or the public.  For instance, you may be able to submit content to the Services (such as comments, questions, stories, Product reviews, surveys, blogs, photos, and videos), and we will identify you by displaying information such as your name, username, social media handle, or a link to your user profile along with the content you submit.  We do not control how other users or third parties use any personal information that you make available to other users or the public.

Social Networks.  The Site may offer you the ability to share your personal information through a social networking site (e.g., Facebook, Twitter, LinkedIn), using such site’s integrated tools (e.g., Facebook “Like” button, or Twitter “Tweet” button).  The use of such integrated tools enables you to share personal information about yourself with other individuals or the public, depending on the settings that you have established with such social networking site.  By making personal information available on the Site, you “opt in” to allow Stio to provide such personal information to a social networking site without your further consent.  For more information about the purpose and scope of data collection and use in connection with such social networking site or a site’s integrated tools, please visit the privacy policies of the entities that provide these social networking sites. 

Advertising Partners.  We may also share personal information with third parties who we partner with for advertising campaigns or that collect information about your activity on the Site for the “Behavioral-Based Advertising” purpose described in the “USE OF PERSONAL INFORMATION” section above.  Additionally, Stio shares personal information with third party marketing partners for commercial purposes in the form of marketing cooperatives.  As part of our participation in these marketing cooperatives, we share personal information (but not your payment card information) so that other select reputable companies can mail you information about their products that may interest you.   

Oracle.  We may share your personal information with Oracle for use in offline direct mail campaigns facilitated by Oracle Advertising.  If you would like to opt out of sharing your personal information with Oracle, please email us at the address listed below.

Shopify Audiences.  We use Shopify Audiences to market to potential customers on third-party marketing platforms who made purchases with other Shopify merchants and who may also be interested in our Products.  We also share information about your use of the Site, your purchases, and the email address associated with your purchases with Shopify Audiences, through which other Shopify merchants may make offers you may be interested in.  Customer personal information is hashed before it is sent to any marketing platform.  No merchant participating in Shopify Audiences has access to the personal information or statistics of our customers included in Shopify Audiences.  For more information about how Shopify processes personal information, please visit https://www.shopify.com/legal/privacy.  To opt-out of Shopify Audiences, please email us at the address listed below.

Professional Advisors.  We may share personal information with persons, companies, or professional firms providing Stio with advice and consulting in accounting, administrative, legal, tax, financial, debt collection, and other matters.

Law Enforcement.  Under certain circumstances, we may be required to disclose personal information to law enforcement, government authorities, and other parties if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Legal Compliance.  There may also be instances when Stio may disclose your personal information in the good faith belief that such action is necessary to comply with a legal obligation or for the purposes described above in the section titled “Compliance, Fraud Prevention, and Safety.” 

Business Transaction Participants.  If we sell all or part of our business, make a sale or transfer of assets, or are otherwise involved in a corporate divestiture, merger, consolidation, acquisition, reorganization, dissolution, sale, or other disposition of all or any portion of the business or assets of, or equity interests in the business (including any affiliate), whether as part of a bankruptcy, liquidation, or similar proceeding, we may transfer your personal information to third parties as part of that transaction, including at the negotiation stage.

4. RETENTION. Stio will retain your personal information as needed to fulfill the purposes for which it was collected, including as necessary to comply with Stio’s business requirements, legal obligations, to resolve disputes, for fraud prevention purposes, to establish and defend legal claims, protect our assets, and enforce our agreements.  To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

5. SECURITY. Stio employs reasonable safeguards to protect personal information from becoming disclosed to individuals who are not described in this Privacy Policy.  Although Stio attempts to protect the personal information in its possession, no security system is perfect, and Stio cannot promise that your personal information will remain absolutely secure in all circumstances. In the event that we are required by law to inform you of any unauthorized access or acquisition of your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

6. INTERNATIONAL DATA TRANSFERS. Stio is a global company with business processes, management structures, and technical systems that cross borders.  The personal information that we collect from you may be transferred to, and stored at, a destination outside of the country in which it was originally collected.  This may include transfers outside of United States.  It may also be processed by personnel working outside of the United States who work for us or for one of our providers.  Such personnel may be engaged in, among other things, the fulfilment of your Order, the processing of your payment details and the provision of Products or Services.  By submitting your personal information, you agree to this transfer, storing, or processing. 

7. YOUR PRIVACY RIGHTS. Except where another designated method is described, you may exercise the following rights by visiting the “Your Privacy Choices” Portal, emailing customerexperience@stio.com, or calling 1-800-265-7846.

Request to Know.  You have the right to request that Stio confirm whether we process personal information about you and to disclose certain information to you about our collection and use of your personal information, including:

• the categories of personal information we collected about you;
• the categories of sources from which that personal information was collected;
• our business or commercial purpose for collecting, selling, or sharing (as applicable) that personal information; and
• the categories of third parties with whom we disclose that personal information (as applicable).

Request to Access. You have the right to request that Stio provide you access to your personal information, including in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the personal information to another entity. 

Request to Correct.  If your personal information is incorrect or incomplete, you have the right to request that Stio correct your personal information or you may correct the personal information by modifying such information in your Account. 

Request to Delete.  You may request that we delete your personal information by contacting us as described below.  We will grant a request to delete information as required by law, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.  Except as provided above, we will delete, aggregate, or de-identify all of your personal information as described in this subsection within the timeframes required by law. 

Opt Out of “Sale.” Stio may share your personal information with advertising partners and to marketing cooperatives.  This may be considered a “sale” for monetary or other valuable consideration, and you have the right to opt out.  You may exercise your right to opt out by visiting the “Your Privacy Choices” Portal.  If you direct us not to sell your personal information, we will consider it a request pursuant to California’s “Shine the Light” law to stop sharing your personal information covered by that law with third parties for their direct marketing purposes.

Opt Out of “Share/Targeted Advertising.” Stio may share your personal information for cross-context behavioral advertising as described in this Privacy Policy, and you have the right to opt-out.  You may exercise your right to opt out by selecting the “Cookie Settings” link at the bottom of the Site and changing your preferences, or by broadcasting the Global Privacy Control (GPC) signal.  Note that due to technological limitations, if you visit our Site from a different computer or device, or clear cookies on your browser that store your preferences, you will need to return to this Site to select your preferences or rebroadcast the GPC signal.

Email Marketing Communications.  If you wish to stop receiving email marketing communications from Stio, please contact us at the address listed below or use the “unsubscribe” link at the bottom of any email marketing communication.  If you opt out, we may still send you non-promotional communications, such as those about your Account or to facilitate Orders you have made.

Text Messages.  If you opt-in, we may send you text messages about our Products and promotions.  You understand that you are not required to provide this consent as a condition of receiving information about our Products and promotions.  You also understand that you may opt-out of receiving text messages from us at any time, either by texting the word “STOP” in reply to any text message from us using the mobile device that is receiving the messages, or by contacting us at 1-800-265-7846.   You are responsible for obtaining the data network access and mobile device necessary to send and receive any text messages.  Your mobile network's data and messaging rates and fees may apply if you send or receive text messages. 

Catalog/Direct Mailers.  If you wish to stop receiving direct mail or our catalogs, please contact us at the address listed below.

Cookies.  Most browsers let you remove and/or stop accepting cookies from the websites you visit.  To do this, follow the instructions in your browser’s settings.  Many browsers accept cookies by default until you change your settings.  If you do not accept cookies, however, you may not be able to use all functionality of the Site may not work properly.  For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

Analytics.  The Site uses Google Analytics to help us analyze how the Site is being accessed and used.  You can learn more about Google Analytics cookies by clicking here and about how Google protects your data by clicking here.  To opt-out of Google Analytics, you can download and install the Google Analytics Opt-out Browser Add-on, available here.

Advertising Choices.  You can limit the use of your information for behavioral-based advertising by blocking third-party cookies in your browser settings, using browser plug-ins/extensions, and/or using your mobile device settings to limit the use of the advertising ID associated with your mobile device.  You can also opt out of interest-based ads from companies participating in the following industry opt-out programs by visiting the linked websites: the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp) and the Digital Advertising Alliance (https://optout.aboutads.info).  Some of the companies we work with may offer their own opt-out mechanisms.  For example, you can learn more about how Google uses cookies for advertising purposes by clicking here and opt-out of ad personalization by Google by clicking here.

Many of the opt-out preferences described in this section must be set on each device and/or browser for which you want them to apply.  Please note that some of the advertising companies we work with may not participate in the opt-out mechanisms described above, so even after opting-out, you may still receive behavioral-based advertisements from other companies.  If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.

Do-Not-Track.  Some web browsers and devices permit you to broadcast a “Do Not Track” signal to the online services that you visit.  At this time Stio does not modify your experience based upon whether a “Do Not Track” signal is broadcast.  To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.  Our Site does respond to the Global Privacy Control (GPC) signal as described in the “Opt Out of Share/Targeted Advertising” section above.

8. EXERCISING YOUR PRIVACY RIGHTS. When exercising the rights or options described in this Privacy Policy, the following guidelines apply:

No Fee Usually Required.  You will not have to pay a fee to access your personal information (or to exercise any of the other rights).  However, we may charge a reasonable fee or decline to comply with your request if your request is clearly unfounded, repetitive, or excessive.

What We May Need from You.  When exercising your rights or otherwise assisting you, we may need to request specific information from you to help us confirm your identity.  This is a security measure to, for example, ensure that we do not disclose personal information to any person who is not entitled to receive it.  We may also contact you to ask you for further information in relation to your request to speed up our response.

Time to Respond.  We try to respond to all legitimate requests within 45 days of your request.  Occasionally it may take us longer than 45 days to respond, for instance if your request is particularly complex or you have made a number of requests.  In this case, we will notify you of the delay, and may continue to update you regarding the progress of our response.

No Discrimination.  You will not be subject to discrimination as a result of exercising the rights described herein.  In some cases, when you exercise one of your rights, we will be unable to comply with the request due to legal obligations or otherwise, or we will be unable to provide you certain Products or Services.  These responses are not discrimination and our reasons for declining your request or ceasing Services will be provided at that time.

Authorized Agent.  Where permitted by applicable law, you may designate an authorized agent to make a request on your behalf.  If you do so, we may require your proof of identification, the authorized agent’s proof of identification, and any other information that we may request in order to verify your request, including evidence of valid permission for the authorized agent to act on your behalf.

Right to Appeal.  If we notify you that we will not take action on your request, you may appeal such refusal within a reasonable period after receipt of the notice by following the instructions provided in the notice or by submitting an appeal to customerexperience@stio.com.  We try to respond to appeals within 45 days of receipt.  Occasionally, where permitted by law, it may take us longer than 45 days to response based on, for example, the complexity and number of requests serving as the basis for the appeal.  We will notify you within the initial 45 days if we need more time to respond to the appeal, together with the reasons for the delay.

9. NOTICE TO RESIDENTS OF CALIFORNIA. The following applies to residents of California and supplements the information provided in this Privacy Policy.  It describes how we collect, use, sell, share, and retain personal information of California residents, and their rights with respect to that personal information.  For purposes of this Notice to California Residents, “personal information” has the meaning given in the California privacy laws, but does not include information exempted from the scope of those laws.

Personal Information We Collect and Disclose.  The chart below summarizes the personal information we collect, or have collected in the 12 months preceding the last updated date of this Privacy Policy, and whether and to whom we “sell” or “share” each category.  Additionally, in the 12 months preceding the last updated date of this Privacy Policy, we have disclosed for a business purpose all of the categories of personal information that we have collected.  The chart also identifies the categories of third parties to whom we may have disclosed personal information for a business purpose during that period.  Categories of personal information and third parties in the chart refer to the categories described in this Privacy Policy. 

To opt-out of the “sale” or “sharing” of your personal information, please visit the “Your Privacy Choices” Portal.  We do not knowingly “sell” or “share” the personal information of California residents under 16 years of age.

To the extent we collect sensitive personal information (as defined under California privacy law), we only use or disclose it for purposes permitted under California law (e.g., operate the Site, detect security incidences and prevent fraud, and to verify and maintain the quality of the Products and Services).  We do not collect or use sensitive personal information for the purpose of inferring characteristics about California residents.

Sources of Personal Information.  We may have collected the categories of personal information identified above from the sources described under, “Sources of Personal Information.”

Purposes.  We collect and use your personal information for the purposes, including the specific business and commercial purposes, described under, “USE OF PERSONAL INFORMATION.” 

During the 12 months preceding the last updated date of this Privacy Policy, we have “sold” or “shared” personal information indicated in the table above for the purpose of advertising our Products and Services (including tracking the success of our advertising campaigns), identifying new customers or potential customers (including through behavioral-based advertising), and measuring activity on the Site, and the other purposes described under, “USE OF PERSONAL INFORMATION.” During this same period, we disclosed for a business purpose the personal information indicated above for the purposes set forth in this Privacy Policy.

Retention.  The criteria used to determine the length of time that we intend to retain each category of personal information is described under, “RETENTION.”

Your California Privacy Rights. We describe your rights to know, access, correct, delete, and opt-out, and how to exercise those rights, under “YOUR PRIVACY RIGHTS.

Notice of Financial Incentive.  We may offer certain financial incentive programs that can result in different price or service levels, provided that such programs are reasonably related to the value of your personal information to us.  For example, we may offer additional content to users who sign up for our mailing list, or giveaways, sweepstakes, contests, or other similar promotional campaigns.  We typically ask you to provide your email address or other contact information in order to participate in these programs or campaigns.

We offer these programs and campaigns because, among other things, the value of your personal information to us is related to the value of the discounted Product or Service, or other benefits that you obtain or that are provided as part of the applicable program or campaign.  This value is based on the expense related to offering those products, services, and benefits to participants, along with other factors such as whether and to what extent you take advantage of (or opt-out from) any offerings and whether we are able to use the data we collect from you.

When we offer any program or campaign, there is no obligation to opt-in, and you may withdraw at any time by contacting us using the designated method set forth in the applicable program rules, as described in “YOUR PRIVACY RIGHTS” above, or by contacting us as provided below.

10. OTHER WEBSITES. This Privacy Policy does not apply to web sites or other online services offered by other organizations or individuals that may be displayed as content in a search on the Site.  These links are not an endorsement of, or representation that we are affiliated with, any third party.  In addition, our content may be included on web pages or online services that are not associated with us.  We do not control third party websites or online services, and we are not responsible for their actions.  Stio encourages you to read the privacy policy of any third-party web site or online services before transmitting personal information.

11. CONTACT US. If you have any additional questions or concerns about our Privacy Policy or any other privacy or security issue, please contact us at:

Stio
Attention: Stio Privacy Agent
PO Box 1188
Jackson, WY 83001
Email: customerexperience@stio.com
Phone: 1-800-265-7846