PRIVACY NOTICE

Effective Date: September 1, 2024

Version 7.0

This Privacy Notice describes our handling of Personal Information in connection with your activities in our locations or your use of our websites, mobile applications, or the services we provide. By visiting our locations, websites, or mobile applications or using our services, you hereby consent to these terms.

“Personal Information” refers to both online and offline information that identifies you or that can be reasonably linked to you as an individual.

We encourage you to read this Privacy Notice which describes how we collect, use, disclose, share/sell, and protect your Personal Information, and the choices you have regarding your Personal Information.

Please note that if you are a current or former employee or job candidate, your Personal Information collected in that context is subject to our Workforce Privacy Notice rather than this Privacy Notice. This Privacy Notice applies to your interaction with our companies as a prospective, current, or former customer, visitor, or business partner.

1. Personal Information Collected and How It is Collected

Types of Personal Information that we, or our service providers on our behalf, may collect:

  • Name and contact information such as postal address, email address, and phone number
  • Digital information, including your device IDs, browsing/search history, referring URL, browser, operating system, IP/MAC address, and your direct interactions on our websites or mobile apps such as text typed, pages visited, links clicked, keystrokes/cadence, and mouse movements
  • Your transaction information, including purchases/returns/exchanges of products and services and your loyalty program activity information
  • Payment card number and other payment information
  • Your Account Number or Loyalty Program ID

In certain situations, we, or our service providers on our behalf, may also collect data such as:

  • Driver’s license number (for example, if you return a product)
  • Signatures (for proof of delivery or shipment receipt tracking)
  • Location or address information (such as when you manually provide your location and ask us to tell you about nearby stores, when you allow location sharing via our mobile apps, or when you provide address information for package shipping services)
    Note: We utilize the Google Maps API(s) for some services, please see the Google Privacy Policy for more information.
  • Demographic and preference information (to help find products or services that may be of interest to you)
  • Survey responses, chat sessions, and feedback (regarding products/services purchased, customer service interactions, and your customer experience)
  • Advertising interactions (such as cookie IDs, device advertising IDs, which ad was served, and the URLs where the ads are served when you interact with our emails or online/mobile ads)
  • Voice, chat, emails, text messages, video, and CCTV recordings (for example, calls and messaging involving customer service, our sales team, or chat vendor for quality assurance, training, or analysis, or when visiting stores that use security cameras (video only))
  • School or educator affiliations (based on program participation)
  • Photos, images, writings, and other files you provide to us (if you receive product deliveries or request certain services from us)
  • Employer name and business contact information (if your company has a business relationship with us)
  • Your postal mail and package shipping data (if you participate in those programs or services with us)
  • Your business contact, relationship, or firmographic, or transactional information (if interacting with us in a business-to-business scenario)
  • Travel related information (if you utilize travel services)
  • Information used to help detect fraud and prevent cybercrime
  • nferences drawn from or created based on some of the information identified above (such as products you may be interested in)

Personal Information is collected from the following:

  • Information You Provide Us Directly. We collect Personal Information from you directly, for example, in connection with a purchase (in-person or via our websites or mobile apps), a service, a promotion/event, a customer service request, a survey, a sweepstakes/contest, or an application for a membership program. When using our mobile apps, we may also ask you to grant us access to the camera, photo library, or microphone on your mobile device to enable certain features such as scanning bar codes and speech-enabled search.
  • Information Collected Through Automated Technologies.
  • We and our partners may use cookies, tags, web beacons and other technologies on our web properties and mobile applications to track and collect some Personal Information made available through your activity on our sites/apps, such as device/browser attributes, shopping/search activity, shopping cart abandonment, and other interactions with our online services. We, and our technology partners, may collect your direct interactions on our websites or mobile apps such as text typed, pages visited, links clicked, keystrokes/cadence, and mouse movements to monitor how you interact with our website, for fraud detection, and for troubleshooting purposes. We also use cookies to enable core site functionality, to analyze website usage so that we can measure and improve services and performance, and to serve ads that are relevant to your interests. Cookies “remember” your device/browser when you return to a website and make your experience more personalized and user-friendly and allow us to better understand how our websites are used to improve the experience.

    We and our partners may collect information via technology if you visit our locations (such as CCTV footage and security incident data collection) or use certain services (such as your interaction with demo products or partner services).

    If you use a mobile device, your device may disclose location information (when you enable location services) with our websites, mobile applications, services, or our service providers. For example, precise geo-location can be used to help you find our nearby locations.

  • Information We Receive from Other Sources. We may obtain information about you from other sources to enhance our existing information for purposes such as prospecting, marketing, fraud detection, evaluating credit risk, and/or improving the information you have provided. We may also obtain your transaction information from third party marketplace sites to process and fulfill your orders.

    Our sites and mobile applications may allow you to sign-in to our digital property using a social media network login and we may also include other social media features, such as a “share this” button. In these cases, we may receive information from the social media network, including your profile information, picture, user ID associated with your social media account, and other information you permit the social media network to disclose with partners. The data we receive from these social media networks is dependent upon their policies and your privacy settings on that partner site. You should always review and, if necessary, adjust your privacy settings on these websites and services before utilizing these features.

    We may collect information from publicly available sources, including information you submit in a public forum (such as a blog, chat room, or social media).

Minors

Our websites and online mobile applications are not directed toward children under 13 years of age. We do not knowingly collect online Personal Information of children under 13 years of age without parental/guardian consent.

2. How We Use Personal Information

Personal Information may be used for the following purposes or as otherwise specified in this notice:

  • To Communicate with You and to Provide, Support, and Improve our Products, Services, and Programs. We use Personal Information to process your orders, purchases, refunds/exchanges, and requests for products, services, or information. We may also use your Personal Information to create and maintain your accounts, to enable order shipment tracking notifications, to provide customer service, to administer our credit card/gift card programs, to personalize your shopping experience, to identify your preferences, to draw inferences, to provide you services across multiple devices, to improve the functioning and performance of our digital properties, to enable certain mobile app functionality (such as using your location to help you find our nearby locations), to support our partner programs, and to expand our product/service offerings. We also use your personal information to administer our rewards/loyalty programs.
  • Marketing and Advertising. Personal Information may be used to communicate and/or administer sales/prospecting programs, promotions, contests, sweepstakes, and surveys, and to make you aware of our products and services or the products or services of other companies. We may use your Personal Information to better predict your product/service preferences or interests. We may also evaluate your interactions with our emails/advertisements and activity on websites/applications to serve you personalized advertising in order to show you content that is more likely to be of interest to you and to measure advertising effectiveness. (See section 4 below for additional information regarding our Marketing activities.)
  • Other Uses. We use Personal Information for other reasons, including conducting sales research and analysis; preventing or mitigating fraud, illegal activity, and credit risk; support our core business functions; and relating to or complying with legal matters, investigations, and applicable laws and regulations.
  • 3. When We Disclose Personal Information

    We may disclose your Personal Information within our family of companies for purposes such as preference management, marketing, customer service functions, and improved user experiences.

    We may also disclose your Personal Information outside our family of companies (for example, with partners such as service providers, data processors, contractors, advertising agencies/networks, etc.) for various purposes such as:

    • Providing the Products or Services you Requested: To process transactions or provide products or services on our behalf. Examples include fulfilling orders for products or services, delivering packages, sending communications, analyzing data, processing payments, transmitting content, managing credit/collections, administering programs, and providing customer service. We may also exchange your Personal Information with our business partners and our business clients when you take part in certain programs or purchase from certain sites operated by us.
    • Sales and Marketing Purposes: To assess, develop, and administer sales and marketing programs, and notify you of promotions and offers for products or services that may be of interest to you. This may include sharing your data with advertising networks/agencies and other partners so that they may offer you products or services they believe to be of interest to you.
    • Corporate Transactions: In connection with a merger, acquisition or sale involving all or a portion of our company.
    • Other Reasons: Such as to enhance data and digital properties; to improve our websites/mobile apps and internal business processes; to enhance product review content on other platforms; to participate in commercial trade credit programs; to enforce the terms of use applicable to our services; to detect, prevent, or mitigate fraud and credit risk, security, or technical issues; to satisfy applicable law, regulations, legal processes, or valid governmental requests; and to protect against imminent harm to the rights, property or safety of our company, our customers or the public as required or permitted by law.
    • With Your Consent: In circumstances other than those described in this notice.

    4. How We Use Personal Information for Marketing

    a. Digital Marketing

    We participate in digital advertising to present you with online ads for our products and services or products and services of other companies that may be of interest to you. We may partner with advertising companies and other third-party companies to infer your interests, identity, or intent and display content, offers or advertising that is tailored to you based on how you browse and shop both on and off our sites and your interactions with personalized ads or content. As a result, you may see ads on our digital properties or third-party digital properties based on your affiliation, purchases, search history, or web/mobile browsing activities (for instance, an ad from us may be displayed to you on another website if you recently browsed for office supplies). These interest-based ads (also sometimes called “personalized or targeted ads”) are displayed to you based on information collected from your online interactions across multiple websites that you visit, or across multiple devices you may use. Under applicable law in certain jurisdictions, the disclosure of your personal information to third parties in connection with cross-context behavioral advertising, targeted advertising, or advertising analytics may be considered a “sale” or “sharing” of personal information.

    b. Email Marketing

    We may use your email address to deliver marketing information, product recommendations, and non-transactional communications about us or our products or services via email.

    c. Direct Mail Marketing

    We may use your mailing address to deliver notices of new services/partnerships, offers/coupons, printed catalogs, etc. about us or our products or services via direct mail.

    d. Text-Based (SMS) or Notification Marketing

    We may send you promotional text messages (SMS) when you opt-in to receiving them. We may also send you push notifications to your device when you have our mobile app installed.

    5. Your Choices Regarding Your Personal Information

    a. To Stop Certain Collection and Use of Your Personal Information:

    Emails, Texts, Mail, and Notifications

    • You can stop promotional emails from us by using the “unsubscribe” link in the footer on our promotional emails or contacting us if you have questions.
    • You can stop text messages by replying “STOP” to our text messages.
    • You can request to stop postal mail by contacting us as noted in section 8 below.
    • You can stop in-app push notifications from our mobile apps by adjusting your Notification Settings.

    Please note that if you opt out of receiving promotional communications from us, we may still send you transactional/program communications, including emails about your online account, rewards or loyalty program account, membership program, or purchases. If you have any questions regarding transactional communications, please see Section 8 below to contact us.

    If you are receiving any other communications, have any questions, or continue to receive communications after opting out, please e-mail us at Info@Staples.com. Please include any relevant information such as a forwarding of the email received, specification of the order number in question, screenshot of the online message, scan of the mailed marketing artifact, etc. Please note that you may continue to receive communications while we process your request.

    If you have any questions regarding the above, please contact us at Privacy@Staples.com.

    Privacy Rights

    You can execute your state-specific privacy rights as described in Section 7 below.

    Interest Based Advertising

    Industry groups such as the Digital Advertising Alliance and the Network Advertising Initiative have developed services to help you manage your Interest Based Advertising preferences. Please note that if you opt-out of Interest-Based Advertising, you may still see our ads, but they may not be as relevant to you.

    If your preferences or controls are configured to limit cookies/pixels, and you subsequently erase your cookies, use a different device, or change web browsers, your opt-out may become ineffective and may need to be repeated.

    You may visit the following sites to become more familiar with these entities, their terms and privacy notices, and their unsubscribe options:

    – The Digital Advertising Alliance (DAA): https://digitaladvertisingalliance.org/
    -The Network Advertising Initiative (NAI): https://optout.networkadvertising.org/?c=1
    -The Interactive Advertising Bureau (IAB): https://www.iab.com/

    Website Analytics

    We use Google Analytics on our websites to collect usage data, to analyze how users use the websites and to provide advertisements to you on other websites. For more information about how to opt out of having your information used by Google Analytics, visit https://tools.google.com/dlpage/gaoptout/.

    Mobile Apps

    If you have granted our mobile apps access to your device’s camera, microphone, location, etc., you may revoke such access by configuring the permissions located in your device’s “Settings”.

    Cookie Preferences

    You may adjust your cookie preferences using various privacy plug-ins, opt out mechanisms, or browsers, or, on some of our sites, by using the link in the footer of our website. Please note that if you clear all cookies on your browser, or use a different browser or computer, you may need to complete the opt-out procedure again.

    b. To Correct Your Personal Information

    You can request that inaccuracies pertaining to your Personal Information be corrected.

    You can update some information by logging into your account or you may contact us as described in section 8 below with changes. To prevent unauthorized changes, we may ask for certain information to verify your identity before we process such requests.

    We may not fulfill your request in some cases, for example, if it requires a disproportionate technical or practical cost or effort or if it conflicts with our legal obligations or business requirements.

    6. How We Protect Your Personal Information

    We employ technical, physical, administrative, and organizational safeguards to help protect your Personal Information, including when you use our websites, mobile apps, in-store devices/equipment, services, etc.

    Our websites may contain links to other websites, services, social media platforms, etc. operated and maintained by partners. We may also provide social media features that enable you to disclose information with social networks and to interact with us on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. These properties, which we do not control, operate independently, and have their own privacy and security practices and statements, which we encourage you to review to make sure you understand the information that may be collected, used, and disclosed by those sites and how it is protected.

    Unfortunately, no internet transmission, e-commerce solution, website, mobile application, database, or system can be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Information, we cannot guarantee or warrant the security of the information you transmit to or from us. You should also take steps to protect your personal information against unauthorized disclosure or misuse:

    • We urge you to keep your passwords secure and confidential and not divulge them to anyone, use different and complex passwords for each account and consider using a commercially available Password Locker or Vault to generate and store your passwords.
    • Remember to log off your account and close your app/browser window when you have finished your visit. This is to help ensure that others do not access your account, especially if you are sharing a computer with someone else or are using a computer in a public place.
    • Other public online safety resources:
      – https://www.consumer.ftc.gov (FTC)
      – https://www.aarp.org (AARP)
      – https://www.bbb.org (Better Business Bureau)

    If you think the Personal Information you provided to us has been improperly accessed or used, or if you suspect that unauthorized purchases have been made on our websites using your Personal Information, please see Section 8 below to contact us immediately.

    7. Customer-Specific Disclosures

    a. Contract or Business Customers

    If you are a contract customer and have questions pertaining to your account or would like to opt-out of receiving promotional postal mail and/or email from us, please notify your Account Manager.

    If you are a business entity receiving unsolicited communications from us and do not have an Account Manager, please see Section 8 below to contact us.

    b. You may have additional privacy rights under the privacy law of the state in which you reside:
    – Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia
    – Delaware, Iowa, Nebraska, and New Hampshire (effective 1/1/25)
    – New Jersey (effective 1/15/25)

    This section, in addition to all other non-state specific information contained in this Notice and sections 7.e. and 7.f. below, applies specifically to residents of the states listed above.

    Residents of these states and their Authorized Agents may have the following rights under their respective privacy laws:

    • Right to Know and Access. You have the right to confirm whether or not we are processing your personal information and to know what personal information the business has collected about you. While our table in section 7.e. below describes the personal information we collect about you, you have the right to make a request to know and get access to information that is specific to you, should we have any.
    • Right to Delete. You have the right to request that we delete personal information we have collected from you or obtained about you, subject to certain exceptions. For example, we will not delete any personal information required to provide our existing services to you or that we must maintain to comply with our legal/financial obligations.
    • Right to Correct. You may request that we correct inaccurate information we maintain about you, subject to some exceptions and, if necessary, independent verification of the information.
    • Right to Opt-Out. You may opt out of the processing of your personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
    • Right to Non-Discrimination. You have the right not to be discriminated against if you exercise any of these rights. Please note that a legitimate denial of a request to know or access, delete, correct, or opt out is not discriminatory, nor is charging a fee for excessive or repetitive consumer requests as permitted by the law.

    To exercise the rights applicable to you, see instructions below in section 7.f. How to Exercise Your State-Specific Privacy Rights.

    Targeted Advertising:
    We may participate in targeted advertising. You have the Right to Opt-Out of this advertising, as described above in Section 5 and below in Section 7.f.

    Appeal Process:
    You may submit an appeal for refusals to take action on your privacy rights request by emailing Privacy@Staples.com with your name, email address, phone number, and request id of the original privacy rights request you submitted.

    De-identified Data:
    In instances where we de-identify your Personal Information to prevent it from being linked to you as an individual, we will maintain and use it in a de-identified format and will not attempt to re-identify the Personal Information.

    Opt-Out Signal:
    An opt-out preference signal may be sent by certain platforms, technologies, or mechanisms on your behalf to communicate your choice to opt out of the sale/sharing of your personal information. Opt-out preference signals will opt you out of the selling/sharing of personal information at the browser level.

    As an additional resource, you may also contact us at Privacy@Staples.com for any additional questions related to the rights granted under your state’s privacy law.

    c. Nevada Residents

    Under Nevada SB 220, Nevada residents may submit an opt-out request regarding the sale of their Personally Identifiable Information (PII) collected through a website or online service.  You may submit your request to Opt-Out of the sale of Personal Information to third parties by submitting an online request at: Do Not Sell My Personal Information.

    d. California Residents

    1. California Shine the Light Law

    Under California Civil Code sections 1798.83–1798.84, California residents may request a notice disclosing the categories of personal information we have disclosed with third parties, for the third parties’ direct marketing purposes, during the preceding calendar year. If you are a California resident and would like to make such a request, please see Section 8 below to contact us. Please allow 30 days for a response.

    2. California Consumer Privacy Act of 2018 (CCPA)/California Privacy Rights Act of 2020 (CPRA)

    This section applies to residents of California, in addition to all other non-state specific information contained in this Notice and sections 7.e. and 7.f. below.

    California residents have the following rights under the CCPA/CPRA:

    • Right to Know and Access. You have the right to confirm whether or not we are processing your personal information and to know what personal information the business has collected about you. While our table in section 7.e. below describes the personal information we collect about you, you have the right to make a request to know and get access to information that is specific to you, should we have any.
    • Right to Delete. You have the right to request that we delete personal information we have collected from you or obtained about you, subject to certain exceptions. For example, we will not delete any personal information required to provide our existing services to you or that we must maintain to comply with our legal/financial obligations.
    • Right to Correct. You may request that we correct inaccurate information we maintain about you, subject to some exceptions and, if necessary, independent verification.
    • Right to Opt-Out of the Sale/Sharing. If we have sold or shared personal information about you, you have the right to opt out of the sale or sharing of that personal information.
    • Right to Non-Discrimination. You have the right not to be discriminated against if you exercise any of these rights. Please note that a legitimate denial of a request to know or access, delete, correct, or opt out is not discriminatory, nor is charging a fee for excessive or repetitive consumer requests as permitted by the CCPA/CPRA.

    To exercise the rights applicable to you, see instructions below in section 7.f. How to Exercise Your State-Specific Privacy Rights.

    Authorized Agent:
    You may designate an authorized agent to exercise your rights under the CCPA/CPRA on your behalf. You must provide the authorized agent written permission to exercise your rights under the CCPA/CPRA on your behalf and we may deny a request from an agent on your behalf if we cannot verify that they have been authorized by you to act on your behalf. Even if you use an authorized agent to exercise your rights under the CCPA/CPRA on your behalf, pursuant to the CCPA/CPRA we may still require that you verify your own identity directly to us. This provision does not apply if you have provided a power of attorney under the California Probate Code.

    Opt-Out Signal:
    An opt-out preference signal may be sent by certain platforms, technologies, or mechanisms on your behalf to communicate your choice to opt out of the sale/sharing of your personal information. Opt-out preference signals will opt you out of the selling/sharing of personal information at the browser level.

    Metrics:
    The following section describes consumer rights submission metrics for requests we received from January 1, 2023 through December 31, 2023 for Company business units (not limited to California residents):

    Disclosure Requests

    Number of Requests Received

    5

    Number of Requests Denied

    0

    Number of Days to Resolve Requests (Mean)

    44

    Number of Days to Resolve Requests with Extensions (Mean)

    72

    Deletion Requests

    Number of Requests Received

    205

    Number of Requests Denied Due to the Inability to Identify the Consumer with no Consumer Response to Follow Up Messages

    2

    Number of Days to Resolve Requests (Mean)

    29

    Number of Days to Resolve Requests with Extensions (Mean)

    57

    Do Not Sell or Share My Personal Information Requests

    Number of Requests Received

    845

    Number of Requests Denied

    0

    Number of Days to Resolve Requests (Mean)

    1

    Number of Days to Resolve Requests with Extensions (Mean)

    N/A

    Minors:

    We do not knowingly share or sell the Personal Information of children under 16 years of age.

    Notice of Financial Incentive:
    We or our partners may provide price discounts, coupons, services, and other perks to our customers and for members of our loyalty programs. Through these offerings, you may provide us with Personal Information depending on how you choose to interact with us when and after you opt-in to our programs. There is no obligation to opt-in, and you may opt-out at any time. The details of the programs are contained in the program offerings. We offer these programs, among other things, to enhance our relationship with you so you can enjoy more of our products/services at a lower price. While we invest in our marketing and brands, consumer data is more valuable to our business when it is combined with a sufficient amount of other consumer data and after it is enhanced by our efforts described in this Privacy Notice. The value to our business of any individual consumer’s data is dependent on several factors, including, for example, whether and to what extent you take advantage or opt out of any offerings and whether we are able to enhance the data through our efforts described in this Privacy Notice. While we do not calculate the value of consumer data in our accounting statements, we provide this good faith summary for California residents. To the extent we create overall business value from our programs that could be directly or reasonably related to the value of consumer data, the method for calculating the value would include: a) costs related to maintaining the program including but not limited to IT infrastructure, delivery of offers, and marketing activities to enhance consumer data; b) whether the sales generated by the program exceeds the cost to us of offering the program including value of discounts to consumer; and c) value of the insights we are able to create based upon aggregate data.

    Data Retention:
    We retain all categories of your personal information for as long as is necessary, even if you are no longer an active customer, to provide the goods and services and to fulfill the transactions you have requested of us, and to support other necessary purposes such as:

    • providing related business processes (such as returns or exchanges),
    • resolving disputes and enforcing our agreements,
    • fulfilling our legitimate interests (such as improving our products and services),
    • responding to any questions, complaints or claims made by you or on your behalf,
    • preventing fraud, and
    • complying with our legal obligations.

    In determining how long to retain information, we may consider various criteria such as the amount, nature and sensitivity of the information, and the potential risk of harm from unauthorized use or disclosure of the information.

    The purposes and criteria for which we process the data may dictate different retention periods for the same types of information. For example, we retain your email address as an authentication credential (where applicable) as long as you have an account with us and an additional period of time after that for our legitimate interests and for our fraud and legal compliance purposes.  We may also retain cached or archived copies of your information.

    De-identified Data:
    In instances where we de-identify your Personal Information to prevent it from being linked to you as an individual, we will maintain and use it in a de-identified format and will not attempt to re-identify the Personal Information.

    Non-Discrimination:
    We will not discriminate against you for exercising any of your CCPA/CPRA Rights and we will not deny you goods or services, charge you a different price, or provide you with a lesser quality of goods or services if you exercise any of your CCPA/CPRA Rights.

    As an additional resource, you may also contact us at Privacy@Staples.com for any additional questions related to the rights granted under the CCPA/CPRA.

    If you are a data controller with a consumer rights request for us, please contact us at Privacy@Staples.com.

    e. State-Specific Disclosures About Handling Categories of Personal Information

    For California, Colorado, Connecticut, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Montana, Oregon, Texas, Utah, and Virginia residents, the following section describes:

    1. Categories of Personal Information We Collect and Process
    2. Examples of Specific Personal Information that may be Collected
    3. Categories of Sources from which Personal Information is Collected
    4. Purpose of Collecting/Processing the Personal Information
    5. Categories of Other Parties to whom Personal Information may be Disclosed
    6. Categories of Third Parties to whom Personal Information is Sold/Shared* and the Purpose of Sale/Sharing*

    *Share/Shared/Sharing as defined by state privacy laws.

    While this information is provided throughout the Privacy Notice, we provide the supplemental information below pursuant to requirements under these laws.

    Not all categories or examples of specific Personal Information may be collected about you depending on how you interact with us.

    Categories of Personal Information We Collect/Process

    Examples of Specific Personal Information that may be Collected

    Categories of Sources from which Personal Information is Collected

     

    Purpose of Collecting/ Processing Personal Information

     

    Categories of Other Parties to whom Personal Information may be Disclosed

     

    Categories of Third Parties to whom Personal Information is Sold/Shared and the Purpose of Sale/Sharing

    Identifiers

    Names, Account/Loyalty Program IDs, Emails, Addresses, Phone Numbers, IP Addresses, Other Device Identifiers, Tax Exempt Numbers, Driver’s License

    From You, Your Devices (when you visit our sites or use our apps), Service Providers (e.g., data brokers, fraud prevention companies), Business Partners, Social Networks

    To identify you in support of business activities such as fulfilling a transaction, communicating with you (order notification, etc.), personalizing your experience, fraud prevention, administering programs

    Advertising Networks and Service Providers/Business Partners/Business Clients such as cloud service providers, payment processing companies, fraud prevention companies, delivery companies, CA recycling partners, and product manufacturers

    Advertising Networks for the purpose of Marketing and improving products and services

    Commercial Information

    Products or Services Purchased, Rewards Data, Price or Service Quotations, Credit Card or other Financial Information, Chat Sessions, Feedback/Survey Responses, Copy/Print Materials, Website Account Credentials, Communications Entrusted to Us

    From You (when you transact with us or participate in any of our programs), or Business Partners with whom we have joint programs

    To support a business transaction, communicating with you (surveys about your purchase, customer service, order notification, etc.), improve our products and services, to provide services you request of us

    Advertising Networks and Service Providers/Business Partners/Business Clients such as cloud service providers, fraud prevention companies, payment processing companies, delivery companies, and product manufacturers

    Advertising Networks for the purpose of Marketing and improving their products and services

     

    (We do not sell/share credit card data or other financial information.)

    Biometrics

     

    None

    None

    None

    None

    None

    Characteristics of Protected Classifications

     

    Demographic information such as age ranges, marital status, etc.

    From You and Service Providers (e.g., data brokers, survey vendors, fraud prevention companies)

    To protect against fraud, enable you to apply for a company credit card, demographically understand our customers to improve our products and services

    Advertising Networks and Service Providers/Business Partners such as cloud service providers and marketing/sales analytics companies

    None

    Internet or Other Electronic Network Activity

    Browsing activity, searches, IP address, and other interactions on our websites or mobile apps (such as text entered, pages visited, links clicked, keystrokes/ cadence, and mouse movements), your interactions with our ads

    From You, Your Devices (when you access our websites or mobile apps) and fraud prevention companies

    To send marketing to you, personalize your experience,  improve our products and services, fraud prevention, etc.

    Advertising Networks and Service Providers/Business Partners/Business Clients such as cloud service providers, fraud prevention companies, and eCommerce analytics companies

    Advertising Networks for the purpose of Marketing and improving products and services

    Geolocation Data

    Location based on IP address or mobile device location information

    From You, Your Devices (when you access our websites or mobile apps), Service Providers (e.g., data analytics providers, fraud prevention companies)

    To personalize your experience, display store locations near you, fulfill your orders, analyze web/app traffic, fraud prevention

    Advertising Networks and Service Providers/Business Partners such as cloud service providers and eCommerce functionality vendors

    None

    Recordings/ Electronic Communications  (e.g., audio, visual, chat, etc.)

    Voice, Video, Email, Chat, and CCTV Recordings

    From You (calls or emails with customer service or sales, or when you visit some of our locations), Service Providers (e.g., chat service providers, call recording software providers)

    For quality assurance, training and analysis purposes, to improve our products and services, fraud prevention

    Service Providers/Business Partners such as cloud service providers, customer service call recording companies chat/email quality assurance and fraud prevention service providers

    None

    Professional or Employment-Related Information

    Employer Name and Job Title

     

     

    From You (e.g., when you inquire about our programs), Service Providers (e.g., data brokers), Business Partners

    To send you marketing, personalize your experience, enroll you in certain programs at your request

    Advertising Networks and Service Providers/Business Partners such as cloud service providers and program administrators

    None

    Education Information

    School Affiliations

    From You (when you participate in certain programs)

    To administer certain programs

    Advertising Networks and Service Providers/Business Partners such as cloud service providers and program administrators

    None

    Inferences

    Product and Service Preferences

    From You (when you tell us what products and service are of interest), by analyzing other data we have about you, Service Providers (e.g., advertising networks, fraud prevention companies), Social Networks

    To provide you personalized experiences and marketing, group you into segments with other similar customers, improve our products and services

    Advertising Networks and Service Providers/Business Partners such as cloud service providers and marketing/ eCommerce analytics companies

    None

    Sensitive Personal Information*

    Driver’s License Number, Passport Number, Contents of Mail, Precise

    Geolocation

    From you, postal mail that you requested we receive/process, your mobile device

    To fulfill the services you requested of us

    Returns Processing Vendor, Passport Processing Vendor, Mail Service Vendor, Store Locator Service

    –  

    None

    The above categories are intended to encompass the Personal Information described in subdivision (e) of Section 1798.80 of the California Civil Code.

    *We do not collect, process, or share Sensitive Personal Information for the purpose of inferring characteristics about you.

    f. How to Exercise your State-Specific Privacy Rights – for residents of:
    – California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia
    – Delaware, Iowa, Nebraska, and New Hampshire (effective 1/1/25)
    – New Jersey (effective 1/15/25)

    Residents may submit a Right to Know/Access request by either:

    1. Submitting an online request here: Data Disclosure Request
    2. Submitting a phone request by calling 1-800-333-3330

    Residents may submit a Data Correction or Data Deletion request by either:

    1. Submitting an online request here: Data Correction/Deletion Request
    2. Submitting a phone request by calling 1-800-333-3330

    Residents may submit a request to Opt-Out of Targeted Advertising, Selling/Sharing with Third Parties, or Profiling by either:

    1. Submitting an online request here: Do Not Sell/Share My Personal Information
    2. Clicking the “Do Not Sell/Share My Personal Information” link on our website

    We will take reasonable steps to verify your above request prior to fulfilling it by requiring a response to a confirmation email sent to the email address on the request. For purposes of verifying your identity, we will request that you provide personal information we already have on file including your first and last name, email address, and phone number. We may also request mailing address and, if applicable, your account number, login ID for our websites, and rewards/loyalty number to ensure that we have a verified match. We will respond to your request and let you know if we need additional information. In some instances, we may not be able to completely process your request if we do not receive all of the requested information from you. We will only use personal information provided in connection with the verification process to verify your identity or the authority of your authorized agent.

    Authorized Agent:
    In some states, you may designate an authorized agent to exercise your rights under your state’s privacy law on your behalf. You must provide the authorized agent written permission to exercise your rights under your state’s privacy law on your behalf and we may deny a request from an agent on your behalf if we cannot verify that they have been authorized by you to act on your behalf. Even if you use an authorized agent to exercise your rights under your state’s privacy law on your behalf, pursuant to your state’s privacy law we may still require that you verify your own identity/request directly to us.

    g. International Residents

    As residents of some international jurisdictions (such as the EU or UK), you will have certain additional rights with respect to your Personal Information under local laws (such as the General Data Protection Regulation) including:

    • The right to be informed.
    • The right of access.
    • The right to rectification.
    • The right to erasure.
    • The right to restrict processing.
    • The right to data portability.
    • The right to object.
    • The right to restrict automated decision making and profiling.

    To exercise any of these rights, please email Privacy@Staples.com and provide your name and the email address we would have associated with your account along with information pertaining to the right you wish to exercise. We will respond to your request within 30 days of receipt. We must verify your identity in order to honor your request.

    Lawful Bases of Processing:
    The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your “personal information” as such term is defined under applicable law. To the extent that such laws apply and where we are acting as a data controller that determines the purposes and means of processing your personal information, such as when we collect, use, and disclose personal information as described in the sections above, our lawful bases for processing personal information include:

    • To conclude or perform a contract with you, for example to:
      • process your purchases of or requests for products and services, including delivering gift cards in accordance with your instructions.
      • communicate with you about orders, purchases, returns, services, accounts, programs, contests, and sweepstakes.
    • For our legitimate business purposes, including to:
      • respond to your customer service inquiries and requests for information;
      • maintain, improve, and analyze our websites, mobile applications, ads, and the products and services we offer;
      • detect, prevent, or investigate security breaches or fraud; and
      • facilitate the functionality of our websites and mobile applications.
    • To comply with our legal obligations, for example to maintain appropriate records for internal administrative purposes and as required by applicable law, and provide important product safety information and notice of product recalls; and
    • On the basis of your consent, for example to send you via email and other electronic means personalized promotions and special offers or informing you about our brands, products, events, or other promotional purposes.

    Data Retention:
    We will retain your personal information for as long as your account is active, as needed to provide you services and to fulfill the purposes for which the data was collected, and as necessary to comply with our legal obligations and fulfill our business needs.

    Complaints:
    Some international jurisdictions give you the right to lodge a complaint if you have any concerns or questions. For example, EEA residents have the right to lodge a complaint with an EEA supervisory authority (https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm) and UK residents may lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk/make-a-complaint/). We would, however, appreciate the opportunity to first address your concerns and would welcome you directing an inquiry first to us per section 8 below.

    h. Transmission of Information to/from Other Countries

    If you are accessing our services from outside of the U.S., please be aware that information collected through the services may be transferred to, processed, stored, and used in the U.S. Data protection laws in the U.S. may be different from those of your country of residence. We have taken commercially reasonable steps to ensure that your personal information is appropriately protected and is processed only in accordance with this Notice.

    We may also use service providers in other countries. When you submit personal information to us, your personal information may be processed in a country where privacy laws are less stringent than the laws in your country.

    8. How to Contact Us

    This Privacy Notice applies to Staples, Inc., and its affiliated companies.

    Please direct any questions, complaints or concerns regarding this Privacy Notice and our treatment of your Personal Information to any of the following:

    Primary contact by email: privacy@staples.com

    Alternate contact by phone: 1-800-333-3330

    or by writing to: Staples, Inc.

    Privacy and Compliance

    500 Staples Drive

    Framingham, MA 01702

    Upon receiving a written request, we will contact you directly, investigate your request, and work to address your concerns. We reserve the right to take reasonable steps to verify your identity prior to granting access or processing changes or corrections.

    9. Privacy Notice Updates

     

    This Privacy Statement may change from time to time, and we will post on our websites any updated Privacy Notice. Recent changes to the Privacy Notice are documented below. Each version of this Privacy Notice will be identified by its effective date displayed at the top of this Privacy Notice.

    What has changed:

    V7.0

    September 1, 2024

    ·  Updated for DPDPA, ICDPA, NEDPA, NHPA, and NJCDPA

    ·  Updated information on marketing and advertising

    ·  Updated general information and format

    V6.0

    March 1, 2024

    ·  Updated for MCDPA, OCPA, TDPSA

    ·  Updated general information and format

    ·  Updated the 2023 CCPA metrics

    V5.0

    July 1, 2023

    ·  Updated for CPA, CTDPA, and UCPA

    ·  Updated general information and format

    V4.0

    January 1, 2023

    ·  Updated for CCPA/CPRA and CDPA

    ·  Updated the 2022 CCPA metrics

    V3.1

    June 1, 2022

    ·  Updated the 2021 CCPA metrics

    ·  Updated general information

    V3.0

    July 1, 2021

    ·  Added 2020 CCPA metrics

    ·  Updated general information

    V2.0

    January 01, 2020

    ·  Added California Consumer Privacy Act of 2018 (CCPA) rights. Expanded Canadian Residents section with information provided previously in a separate document.

    ·  Changed the title of this document from Privacy Policy to a Privacy Notice, reflecting trend to use the word “Notice” when referring to public notifications while using the term “Policy” for internal communications.

    ·  Updated the Nevada resident opt-out instructions

    V1.1

    October 1, 2019

    ·  Addition of language addressing the Nevada Data Privacy Law

    V1.0

    May 25, 2018

    ·  Reorganization and Standardization of Privacy Policy and Introduction of the Privacy Resource Center

    V0.1

    March 23, 2017

    ·  Removed references to the US-EU and US-Swiss Safe Harbor programs which have or will be discontinued.