PRIVACY NOTICE
Effective Date: September 1, 2024
Version 7.0
This Privacy Notice describes our handling of Personal Information in connection with your activities in our locations or your use of our websites, mobile applications, or the services we provide. By visiting our locations, websites, or mobile applications or using our services, you hereby consent to these terms.
“Personal Information” refers to both online and offline information that identifies you or that can be reasonably linked to you as an individual.
We encourage you to read this Privacy Notice which describes how we collect, use, disclose, share/sell, and protect your Personal Information, and the choices you have regarding your Personal Information.
Please note that if you are a current or former employee or job candidate, your Personal Information collected in that context is subject to our Workforce Privacy Notice rather than this Privacy Notice. This Privacy Notice applies to your interaction with our companies as a prospective, current, or former customer, visitor, or business partner.
Types of Personal Information that we, or our service providers on our behalf, may collect:
In certain situations, we, or our service providers on our behalf, may also collect data such as:
Note: We utilize the Google Maps API(s) for some services, please see the Google Privacy Policy for more information.
Personal Information is collected from the following:
Minors
Our websites and online mobile applications are not directed toward children under 13 years of age. We do not knowingly collect online Personal Information of children under 13 years of age without parental/guardian consent.
Personal Information may be used for the following purposes or as otherwise specified in this notice:
We may disclose your Personal Information within our family of companies for purposes such as preference management, marketing, customer service functions, and improved user experiences.
We may also disclose your Personal Information outside our family of companies (for example, with partners such as service providers, data processors, contractors, advertising agencies/networks, etc.) for various purposes such as:
We participate in digital advertising to present you with online ads for our products and services or products and services of other companies that may be of interest to you. We may partner with advertising companies and other third-party companies to infer your interests, identity, or intent and display content, offers or advertising that is tailored to you based on how you browse and shop both on and off our sites and your interactions with personalized ads or content. As a result, you may see ads on our digital properties or third-party digital properties based on your affiliation, purchases, search history, or web/mobile browsing activities (for instance, an ad from us may be displayed to you on another website if you recently browsed for office supplies). These interest-based ads (also sometimes called “personalized or targeted ads”) are displayed to you based on information collected from your online interactions across multiple websites that you visit, or across multiple devices you may use. Under applicable law in certain jurisdictions, the disclosure of your personal information to third parties in connection with cross-context behavioral advertising, targeted advertising, or advertising analytics may be considered a “sale” or “sharing” of personal information.
We may use your email address to deliver marketing information, product recommendations, and non-transactional communications about us or our products or services via email.
We may use your mailing address to deliver notices of new services/partnerships, offers/coupons, printed catalogs, etc. about us or our products or services via direct mail.
We may send you promotional text messages (SMS) when you opt-in to receiving them. We may also send you push notifications to your device when you have our mobile app installed.
Emails, Texts, Mail, and Notifications
Please note that if you opt out of receiving promotional communications from us, we may still send you transactional/program communications, including emails about your online account, rewards or loyalty program account, membership program, or purchases. If you have any questions regarding transactional communications, please see Section 8 below to contact us.
If you are receiving any other communications, have any questions, or continue to receive communications after opting out, please e-mail us at Info@Staples.com. Please include any relevant information such as a forwarding of the email received, specification of the order number in question, screenshot of the online message, scan of the mailed marketing artifact, etc. Please note that you may continue to receive communications while we process your request.
If you have any questions regarding the above, please contact us at Privacy@Staples.com.
Privacy Rights
You can execute your state-specific privacy rights as described in Section 7 below.
Interest Based Advertising
Industry groups such as the Digital Advertising Alliance and the Network Advertising Initiative have developed services to help you manage your Interest Based Advertising preferences. Please note that if you opt-out of Interest-Based Advertising, you may still see our ads, but they may not be as relevant to you.
If your preferences or controls are configured to limit cookies/pixels, and you subsequently erase your cookies, use a different device, or change web browsers, your opt-out may become ineffective and may need to be repeated.
You may visit the following sites to become more familiar with these entities, their terms and privacy notices, and their unsubscribe options:
Website Analytics
We use Google Analytics on our websites to collect usage data, to analyze how users use the websites and to provide advertisements to you on other websites. For more information about how to opt out of having your information used by Google Analytics, visit https://tools.google.com/dlpage/gaoptout/.
Mobile Apps
If you have granted our mobile apps access to your device’s camera, microphone, location, etc., you may revoke such access by configuring the permissions located in your device’s “Settings”.
Cookie Preferences
You may adjust your cookie preferences using various privacy plug-ins, opt out mechanisms, or browsers, or, on some of our sites, by using the link in the footer of our website. Please note that if you clear all cookies on your browser, or use a different browser or computer, you may need to complete the opt-out procedure again.
You can request that inaccuracies pertaining to your Personal Information be corrected.
You can update some information by logging into your account or you may contact us as described in section 8 below with changes. To prevent unauthorized changes, we may ask for certain information to verify your identity before we process such requests.
We may not fulfill your request in some cases, for example, if it requires a disproportionate technical or practical cost or effort or if it conflicts with our legal obligations or business requirements.
We employ technical, physical, administrative, and organizational safeguards to help protect your Personal Information, including when you use our websites, mobile apps, in-store devices/equipment, services, etc.
Our websites may contain links to other websites, services, social media platforms, etc. operated and maintained by partners. We may also provide social media features that enable you to disclose information with social networks and to interact with us on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. These properties, which we do not control, operate independently, and have their own privacy and security practices and statements, which we encourage you to review to make sure you understand the information that may be collected, used, and disclosed by those sites and how it is protected.
Unfortunately, no internet transmission, e-commerce solution, website, mobile application, database, or system can be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Information, we cannot guarantee or warrant the security of the information you transmit to or from us. You should also take steps to protect your personal information against unauthorized disclosure or misuse:
If you think the Personal Information you provided to us has been improperly accessed or used, or if you suspect that unauthorized purchases have been made on our websites using your Personal Information, please see Section 8 below to contact us immediately.
If you are a contract customer and have questions pertaining to your account or would like to opt-out of receiving promotional postal mail and/or email from us, please notify your Account Manager.
If you are a business entity receiving unsolicited communications from us and do not have an Account Manager, please see Section 8 below to contact us.
This section, in addition to all other non-state specific information contained in this Notice and sections 7.e. and 7.f. below, applies specifically to residents of the states listed above.
Residents of these states and their Authorized Agents may have the following rights under their respective privacy laws:
To exercise the rights applicable to you, see instructions below in section 7.f. How to Exercise Your State-Specific Privacy Rights.
Targeted Advertising:
We may participate in targeted advertising. You have the Right to Opt-Out of this advertising, as described above in Section 5 and below in Section 7.f.
Appeal Process:
You may submit an appeal for refusals to take action on your privacy rights request by emailing Privacy@Staples.com with your name, email address, phone number, and request id of the original privacy rights request you submitted.
De-identified Data:
In instances where we de-identify your Personal Information to prevent it from being linked to you as an individual, we will maintain and use it in a de-identified format and will not attempt to re-identify the Personal Information.
Opt-Out Signal:
An opt-out preference signal may be sent by certain platforms, technologies, or mechanisms on your behalf to communicate your choice to opt out of the sale/sharing of your personal information. Opt-out preference signals will opt you out of the selling/sharing of personal information at the browser level.
As an additional resource, you may also contact us at Privacy@Staples.com for any additional questions related to the rights granted under your state’s privacy law.
Under Nevada SB 220, Nevada residents may submit an opt-out request regarding the sale of their Personally Identifiable Information (PII) collected through a website or online service. You may submit your request to Opt-Out of the sale of Personal Information to third parties by submitting an online request at: Do Not Sell My Personal Information.
Under California Civil Code sections 1798.83–1798.84, California residents may request a notice disclosing the categories of personal information we have disclosed with third parties, for the third parties’ direct marketing purposes, during the preceding calendar year. If you are a California resident and would like to make such a request, please see Section 8 below to contact us. Please allow 30 days for a response.
2. California Consumer Privacy Act of 2018 (CCPA)/California Privacy Rights Act of 2020 (CPRA)
This section applies to residents of California, in addition to all other non-state specific information contained in this Notice and sections 7.e. and 7.f. below.
California residents have the following rights under the CCPA/CPRA:
To exercise the rights applicable to you, see instructions below in section 7.f. How to Exercise Your State-Specific Privacy Rights.
Authorized Agent:
You may designate an authorized agent to exercise your rights under the CCPA/CPRA on your behalf. You must provide the authorized agent written permission to exercise your rights under the CCPA/CPRA on your behalf and we may deny a request from an agent on your behalf if we cannot verify that they have been authorized by you to act on your behalf. Even if you use an authorized agent to exercise your rights under the CCPA/CPRA on your behalf, pursuant to the CCPA/CPRA we may still require that you verify your own identity directly to us. This provision does not apply if you have provided a power of attorney under the California Probate Code.
Opt-Out Signal:
An opt-out preference signal may be sent by certain platforms, technologies, or mechanisms on your behalf to communicate your choice to opt out of the sale/sharing of your personal information. Opt-out preference signals will opt you out of the selling/sharing of personal information at the browser level.
Metrics:
The following section describes consumer rights submission metrics for requests we received from January 1, 2023 through December 31, 2023 for Company business units (not limited to California residents):
Disclosure Requests |
Number of Requests Received |
5 |
Number of Requests Denied |
0 |
|
Number of Days to Resolve Requests (Mean) |
44 |
|
Number of Days to Resolve Requests with Extensions (Mean) |
72 |
|
Deletion Requests |
Number of Requests Received |
205 |
Number of Requests Denied Due to the Inability to Identify the Consumer with no Consumer Response to Follow Up Messages |
2 |
|
Number of Days to Resolve Requests (Mean) |
29 |
|
Number of Days to Resolve Requests with Extensions (Mean) |
57 |
|
Do Not Sell or Share My Personal Information Requests |
Number of Requests Received |
845 |
Number of Requests Denied |
0 |
|
Number of Days to Resolve Requests (Mean) |
1 |
|
Number of Days to Resolve Requests with Extensions (Mean) |
N/A |
Minors:
We do not knowingly share or sell the Personal Information of children under 16 years of age.
Notice of Financial Incentive:
We or our partners may provide price discounts, coupons, services, and other perks to our customers and for members of our loyalty programs. Through these offerings, you may provide us with Personal Information depending on how you choose to interact with us when and after you opt-in to our programs. There is no obligation to opt-in, and you may opt-out at any time. The details of the programs are contained in the program offerings. We offer these programs, among other things, to enhance our relationship with you so you can enjoy more of our products/services at a lower price. While we invest in our marketing and brands, consumer data is more valuable to our business when it is combined with a sufficient amount of other consumer data and after it is enhanced by our efforts described in this Privacy Notice. The value to our business of any individual consumer’s data is dependent on several factors, including, for example, whether and to what extent you take advantage or opt out of any offerings and whether we are able to enhance the data through our efforts described in this Privacy Notice. While we do not calculate the value of consumer data in our accounting statements, we provide this good faith summary for California residents. To the extent we create overall business value from our programs that could be directly or reasonably related to the value of consumer data, the method for calculating the value would include: a) costs related to maintaining the program including but not limited to IT infrastructure, delivery of offers, and marketing activities to enhance consumer data; b) whether the sales generated by the program exceeds the cost to us of offering the program including value of discounts to consumer; and c) value of the insights we are able to create based upon aggregate data.
Data Retention:
We retain all categories of your personal information for as long as is necessary, even if you are no longer an active customer, to provide the goods and services and to fulfill the transactions you have requested of us, and to support other necessary purposes such as:
In determining how long to retain information, we may consider various criteria such as the amount, nature and sensitivity of the information, and the potential risk of harm from unauthorized use or disclosure of the information.
The purposes and criteria for which we process the data may dictate different retention periods for the same types of information. For example, we retain your email address as an authentication credential (where applicable) as long as you have an account with us and an additional period of time after that for our legitimate interests and for our fraud and legal compliance purposes. We may also retain cached or archived copies of your information.
De-identified Data:
In instances where we de-identify your Personal Information to prevent it from being linked to you as an individual, we will maintain and use it in a de-identified format and will not attempt to re-identify the Personal Information.
Non-Discrimination:
We will not discriminate against you for exercising any of your CCPA/CPRA Rights and we will not deny you goods or services, charge you a different price, or provide you with a lesser quality of goods or services if you exercise any of your CCPA/CPRA Rights.
As an additional resource, you may also contact us at Privacy@Staples.com for any additional questions related to the rights granted under the CCPA/CPRA.
If you are a data controller with a consumer rights request for us, please contact us at Privacy@Staples.com.
For California, Colorado, Connecticut, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Montana, Oregon, Texas, Utah, and Virginia residents, the following section describes:
*Share/Shared/Sharing as defined by state privacy laws.
While this information is provided throughout the Privacy Notice, we provide the supplemental information below pursuant to requirements under these laws.
Not all categories or examples of specific Personal Information may be collected about you depending on how you interact with us.
Categories of Personal Information We Collect/Process |
Examples of Specific Personal Information that may be Collected |
Categories of Sources from which Personal Information is Collected
|
Purpose of Collecting/ Processing Personal Information
|
Categories of Other Parties to whom Personal Information may be Disclosed
|
Categories of Third Parties to whom Personal Information is Sold/Shared and the Purpose of Sale/Sharing |
Identifiers |
Names, Account/Loyalty Program IDs, Emails, Addresses, Phone Numbers, IP Addresses, Other Device Identifiers, Tax Exempt Numbers, Driver’s License |
From You, Your Devices (when you visit our sites or use our apps), Service Providers (e.g., data brokers, fraud prevention companies), Business Partners, Social Networks |
To identify you in support of business activities such as fulfilling a transaction, communicating with you (order notification, etc.), personalizing your experience, fraud prevention, administering programs |
Advertising Networks and Service Providers/Business Partners/Business Clients such as cloud service providers, payment processing companies, fraud prevention companies, delivery companies, CA recycling partners, and product manufacturers |
Advertising Networks/Agencies and other Partners for the purpose of marketing and improving products and services |
Commercial Information |
Products or Services Purchased, Rewards Data, Price or Service Quotations, Credit Card or other Financial Information, Chat Sessions, Feedback/Survey Responses, Copy/Print Materials, Website Account Credentials, Communications Entrusted to Us |
From You (when you transact with us or participate in any of our programs), or Business Partners with whom we have joint programs |
To support a business transaction, communicating with you (surveys about your purchase, customer service, order notification, etc.), improve our products and services, to provide services you request of us |
Advertising Networks and Service Providers/Business Partners/Business Clients such as cloud service providers, fraud prevention companies, payment processing companies, delivery companies, and product manufacturers |
Advertising Networks/Agencies and other Partners for the purpose of marketing and improving products and services
(We do not sell/share credit card data or other financial information.) |
Biometrics
|
None |
None |
None |
None |
None |
Characteristics of Protected Classifications
|
Demographic information such as age ranges, marital status, etc. |
From You and Service Providers (e.g., data brokers, survey vendors, fraud prevention companies) |
To protect against fraud, enable you to apply for a company credit card, demographically understand our customers to improve our products and services |
Advertising Networks and Service Providers/Business Partners such as cloud service providers and marketing/sales analytics companies |
None |
Internet or Other Electronic Network Activity |
Browsing activity, searches, IP address, and other interactions on our websites or mobile apps (such as text entered, pages visited, links clicked, keystrokes/ cadence, and mouse movements), your interactions with our ads |
From You, Your Devices (when you access our websites or mobile apps) and fraud prevention companies |
To send marketing to you, personalize your experience, improve our products and services, fraud prevention, etc. |
Advertising Networks and Service Providers/Business Partners/Business Clients such as cloud service providers, fraud prevention companies, and eCommerce analytics companies |
Advertising Networks/Agencies and other Partners for the purpose of marketing and improving products and services |
Geolocation Data |
Location based on IP address or mobile device location information |
From You, Your Devices (when you access our websites or mobile apps), Service Providers (e.g., data analytics providers, fraud prevention companies) |
To personalize your experience, display store locations near you, fulfill your orders, analyze web/app traffic, fraud prevention |
Advertising Networks and Service Providers/Business Partners such as cloud service providers and eCommerce functionality vendors |
None |
Recordings/ Electronic Communications (e.g., audio, visual, chat, etc.) |
Voice, Video, Email, Text Messages, Chat, and CCTV Recordings |
From You (calls, text messages, or emails with customer service or sales, or when you visit some of our locations), Service Providers (e.g., chat service providers, call recording software providers) |
For quality assurance, sales, training and analysis purposes, to improve our products and services, fraud prevention |
Service Providers/Business Partners such as cloud service providers, customer service call recording companies chat/email quality assurance and fraud prevention service providers |
None |
Professional or Employment-Related Information |
Employer Name and Job Title
|
From You (e.g., when you inquire about our programs), Service Providers (e.g., data brokers), Business Partners |
To send you marketing, personalize your experience, enroll you in certain programs at your request |
Advertising Networks and Service Providers/Business Partners such as cloud service providers and program administrators |
None |
Education Information |
School Affiliations |
From You (when you participate in certain programs) |
To administer certain programs |
Advertising Networks and Service Providers/Business Partners such as cloud service providers and program administrators |
None |
Inferences |
Product and Service Preferences |
From You (when you tell us what products and service are of interest), by analyzing other data we have about you, Service Providers (e.g., advertising networks, fraud prevention companies), Social Networks |
To provide you personalized experiences and marketing, group you into segments with other similar customers, improve our products and services |
Advertising Networks and Service Providers/Business Partners such as cloud service providers and marketing/ eCommerce analytics companies |
None |
Sensitive Personal Information* |
Driver’s License Number, Passport Number, Contents of Mail, Precise Geolocation |
From you, postal mail that you requested we receive/process, your mobile device |
To fulfill the services you requested of us |
Returns Processing Vendor, Passport Processing Vendor, Mail Service Vendor, Store Locator Service |
None |
The above categories are intended to encompass the Personal Information described in subdivision (e) of Section 1798.80 of the California Civil Code.
*We do not collect, process, or share Sensitive Personal Information for the purpose of inferring characteristics about you.
Residents may submit a Right to Know/Access request by either:
Residents may submit a Data Correction or Data Deletion request by either:
Residents may submit a request to Opt-Out of Targeted Advertising, Selling/Sharing with Third Parties, or Profiling by either:
We will take reasonable steps to verify your above request prior to fulfilling it by requiring a response to a confirmation email sent to the email address on the request. For purposes of verifying your identity, we will request that you provide personal information we already have on file including your first and last name, email address, and phone number. We may also request mailing address and, if applicable, your account number, login ID for our websites, and rewards/loyalty number to ensure that we have a verified match. We will respond to your request and let you know if we need additional information. In some instances, we may not be able to completely process your request if we do not receive all of the requested information from you. We will only use personal information provided in connection with the verification process to verify your identity or the authority of your authorized agent.
Authorized Agent:
In some states, you may designate an authorized agent to exercise your rights under your state’s privacy law on your behalf. You must provide the authorized agent written permission to exercise your rights under your state’s privacy law on your behalf and we may deny a request from an agent on your behalf if we cannot verify that they have been authorized by you to act on your behalf. Even if you use an authorized agent to exercise your rights under your state’s privacy law on your behalf, pursuant to your state’s privacy law we may still require that you verify your own identity/request directly to us.
As residents of some international jurisdictions (such as the EU or UK), you will have certain additional rights with respect to your Personal Information under local laws (such as the General Data Protection Regulation) including:
To exercise any of these rights, please email Privacy@Staples.com and provide your name and the email address we would have associated with your account along with information pertaining to the right you wish to exercise. We will respond to your request within 30 days of receipt. We must verify your identity in order to honor your request.
Lawful Bases of Processing:
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your “personal information” as such term is defined under applicable law. To the extent that such laws apply and where we are acting as a data controller that determines the purposes and means of processing your personal information, such as when we collect, use, and disclose personal information as described in the sections above, our lawful bases for processing personal information include:
Data Retention:
We will retain your personal information for as long as your account is active, as needed to provide you services and to fulfill the purposes for which the data was collected, and as necessary to comply with our legal obligations and fulfill our business needs.
Complaints:
Some international jurisdictions give you the right to lodge a complaint if you have any concerns or questions. For example, EEA residents have the right to lodge a complaint with an EEA supervisory authority (https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm) and UK residents may lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk/make-a-complaint/). We would, however, appreciate the opportunity to first address your concerns and would welcome you directing an inquiry first to us per section 8 below.
If you are accessing our services from outside of the U.S., please be aware that information collected through the services may be transferred to, processed, stored, and used in the U.S. Data protection laws in the U.S. may be different from those of your country of residence. We have taken commercially reasonable steps to ensure that your personal information is appropriately protected and is processed only in accordance with this Notice.
We may also use service providers in other countries. When you submit personal information to us, your personal information may be processed in a country where privacy laws are less stringent than the laws in your country.
This Privacy Notice applies to Staples, Inc., and its affiliated companies.
Please direct any questions, complaints or concerns regarding this Privacy Notice and our treatment of your Personal Information to any of the following:
Primary contact by email: privacy@staples.com
Alternate contact by phone: 1-800-333-3330
or by writing to:
Staples, Inc.
Privacy and Compliance
500 Staples Drive
Framingham, MA 01702
Upon receiving a written request, we will contact you directly, investigate your request, and work to address your concerns. We reserve the right to take reasonable steps to verify your identity prior to granting access or processing changes or corrections.
This Privacy Statement may change from time to time, and we will post on our websites any updated Privacy Notice. Recent changes to the Privacy Notice are documented below. Each version of this Privacy Notice will be identified by its effective date displayed at the top of this Privacy Notice.
What has changed:
V7.0 |
September 1, 2024 |
|
V6.0 |
March 1, 2024 |
|
V5.0 |
July 1, 2023 |
|
V4.0 |
January 1, 2023 |
|
V3.1 |
June 1, 2022 |
|
V3.0 |
July 1, 2021 |
|
V2.0 |
January 01, 2020 |
|
V1.1 |
October 1, 2019 |
|
V1.0 |
May 25, 2018 |
|
V0.1 |
March 23, 2017 |
|