C&A Marketing, Inc. (“C&A”) is the manufacturer of the HP® Sprocket®, under license from HP, Inc. C&A values your privacy and recognizes its importance. This Privacy Statement informs you of our privacy practices and of the choices you can make and rights you can exercise in relation to your personal data, including information that may be collected from your online activity, use of devices, and interactions you have with the Sprocket and its mobile applications offline (together with its and our ancillary services, the “Sprocket”), such as when you engage with customer support.

HOW WE USE DATA

We collect and use personal data to manage your relationship with Sprocket and better serve you by personalizing and improving your experience. We use and otherwise process your data for the following business purposes:

CUSTOMER EXPERIENCE. Providing you with a quality customer experience by maintaining accurate contact and registration data, delivering comprehensive customer support, offering products, services, subscriptions and features that may interest you and enabling you to participate in contests and surveys. We also use your data to deliver a tailored experience, personalize the Sprocket and communications you receive and create recommendations based your use of Sprocket.

TRANSACTION SUPPORT. Assisting you in completing transactions and orders of our products or services, administering your account, processing payments, arranging shipments and deliveries and facilitating repairs and returns.

PRODUCT SUPPORT & IMPROVEMENT. Improving the performance and operation of our products, solutions, services and support, including warranty support and timely firmware and software updates and alerts to ensure the continued operation of the device or service.

ADMINISTRATIVE COMMUNICATIONS. Communicating with you about the Sprocket, such as our responses to your inquiries or requests, service completion or warranty-related communications, safety recall notifications or communications required by law.

SECURITY. Maintaining the integrity and security of your data, our websites, products, features and services and preventing and detecting security threats, fraud or other criminal or malicious activity that might compromise your information. We will also take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your personal data.

BUSINESS OPERATIONS. Conducting ordinary business operations, verifying your identity, making credit decisions if you apply for credit, conducting business research and analytics, corporate reporting and management, staff training and quality assurance purposes (which may include monitoring or recording calls to our customer support) and outreach.

RESEARCH & INNOVATION. Innovating new products, features and services using research and development tools and incorporating data analysis activities.

ADVERTISING. Providing personalized promotional offers (in accordance with your privacy preferences) and other selected partner websites (for example, you might see an advertisement for a product on a partner site that you have recently viewed on one of C&A’s sites). We might also share some of your information with selected partners, marketing service providers and digital marketing networks to present advertisements that might interest you.

COMPLIANCE WITH LAW. Compliance with applicable laws, regulations, court orders, government and law enforcement requests, to operate our services and products properly and to protect ourselves, our users and our customers and to solve any customer disputes.

WHAT DATA WE COLLECT

Personal data is any information that personally identifies you or from which you could be identified either directly or indirectly. We may collect your personal data through your use of the Sprocket or during interactions with C&A representatives.  The categories of personal data we may collect from you depends on the nature of your interaction with us or on the Sprocket, including but not limited the following:

Contact Data, such as personal and/or business contact information including your first name, last name, mailing address, telephone number, fax number, email address and other similar data and identifiers;

Payment Data, such as information necessary for processing payments and preventing fraud, including credit/debit card numbers, security code numbers and other related billing information;

Account Data, such as information such as how you purchased or signed up for the Sprocket, your transaction, billing and support history, the Sprocket services you may use and anything else relating to your account;

Location Data, such as geolocation data when you enable location-based services or when you choose to provide location-related information during product registration or when interacting with our website;

Security Credentials Data, such as user IDs, passwords, password hints, and similar security information required for authentication and access to your Sprocket account;

Demographic Data, such as certain demographic data including, for example, country, gender, age, preferred language, and general interest data;

Preferences, such as information about your preferences and interests as they relate to your use of the Sprocket (both when you tell us what they are or when we deduce them from what we know about you) and how you prefer to receive communications from us;

Social Media Data, including social media features that enable you to share information with your social networks and to interact with us on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites you use to make sure you understand the information that is collected, used, and shared by those sites;

Body and biometric Data, such as, where permitted by law, information about your body, such as your height or weight, or gait; and

Other Unique Identifying Information, such as examples of other unique information that we collect from you include product serial numbers, information you provide when you interact in-person, online or by phone or mail with our services centers, help desks or other customer support channels, your responses to customer surveys or contests or additional information you have provided to us to facilitate delivery of Sprocket services and to respond to your inquiries. If you apply for instant credit, we may ask you to provide additional personal data such as salary, government-issued identification number, banking/financial account information, and other information (for example from credit reporting agencies) for authentication purposes and to verify credit worthiness

INFORMATION AUTOMATICALLY COLLECTED ABOUT YOUR USE OF C&A SERVICES

We may also collect information from you about your use of the Sprocket in some or all of the following categories:

Product Usage Data, such product usage data such as pages printed, print mode, media used, ink or toner brand, file type printed (.pdf, .jpg, etc.), application used for printing (Word, Excel, Adobe Photoshop, etc.), file size, time stamp, and usage and status of other printer supplies. We do not scan or collect the content of any file or information that might be displayed by an application;

Device Data, such as information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product;

Application Data, such as information related to the Sprocket mobile applications such as location, language, software versions, data sharing choices and update details. In cases where we incorporate technologies from third parties, data may be shared between us and the third party and appropriate notice will provided at the application level;

Performance Data, such as information regarding the performance of individual device hardware components, firmware, software and applications. Examples of the data we collect include information relating to memory and processor performance, environmental conditions and systems failures, printing events, features, and alerts used such as “Low on Ink”, update and new product alerts, warnings, use of photo cards, fax, scan, embedded web server, and additional technical information that varies by device;

Website Browsing Data, such as information about your visits to and your activity on our websites, applications or websites “powered by” another company on our behalf including the content (and any ads) that you view and interact with, the address of the website from which you arrived and other clickstream behavior (such as the pages you view, the links you click or which items you've added to your shopping basket). Some of this information is collected using cookies, web beacons embedded web links and similar technologies;

Anonymous or Aggregated Data, such as information collected on anonymous answers to surveys or anonymous and aggregated information about how our services are used. In certain cases, we apply a process of de-identification or pseudonymisation to your data to make it reasonably unlikely to identify you through the use of that data with available technology.

We may also collect data from the following third parties:

Data brokers, social media networks and advertising networks may provide commercially-available data such as name, address, email address, preferences, interests, and certain demographic data. For example, personal data may be collected when you access our applications through social media logins (i.e., logging in to our applications using your Facebook or other social media credentials). The basic details we receive may depend on your social network account privacy settings;

Our Partners may send certain information about your purchase from that partner. We may also receive cookie data and insights;

Fraud prevention or credit reporting agencies collect and send us data to prevent fraud and in connection with credit determinations;

Analytics Providers may also send us non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources including select partners and companies that specialize in providing enterprise data, analytics and software as a service.

In order to ensure data accuracy and offer a superior customer experience by providing you with better personalized services, content, marketing and ads, in some cases we link or combine the information that we collect from the different sources outlined above with the information we collect directly from you. For example, we compare the geographic information acquired from commercial sources with the IP address to derive your general geographic area. Information may also be linked via a unique identifier such as a cookie or account number.

Where necessary, we obtain information to conduct due diligence checks on business contacts as part of our anti-corruption compliance program and in accordance with our legal obligations.

IF YOU CHOOSE NOT TO PROVIDE DATA

You aren’t required to share the personal data that we request, however, if you choose not to share the information, in some cases we will not be able to provide you with certain Sprocket services, specialized features or be able to effectively respond to any queries you may have.

C&A Services are made for the general public. C&A does not knowingly collect data from children as defined by local law without the previous consent of their parents or legal guardians or as otherwise permitted by applicable law.

To prevent loss, unauthorized access, use or disclosure and to ensure the appropriate use of your information, we utilize reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process. We retain data as required or permitted by law and while the data continues to have a legitimate business purpose.

When collecting, transferring or storing sensitive information such as financial information we use a variety of additional security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. When we transmit highly-confidential information (such as credit card number or password) over the internet, we protect it through the use of encryption, such as later versions of the Transport Layer Security (“TLS”) protocol. As part of our payment processing, we also subscribe to fraud management services. This service provides us with an extra level of security to guard against credit card fraud and to protect your financial data in accordance with industry standards.

We keep your personal data for as long as necessary to provide you with Sprocket services, for legitimate and essential business purposes, such as making data-driven business decisions, complying with our legal obligations, and resolving disputes. The retention periods for business records vary depending on the type of record.  Business records including records relating to customer and vendor transactions are maintained while active and as required by law. Following the expiration of the retention period, we try to permanently erase electronic records so they cannot be restored and physical records are destroyed in a manner where they cannot be reproduced (e.g., shredding). If you request, we will delete or anonymize your personal data so that it no longer identifies you, unless, we are legally allowed or required to maintain certain personal data.

SHARING YOUR DATA

We will only share your personal data to our affiliates in the US and worldwide for the purposes outlined in this Privacy Statement so long as those affiliates are required to comply with our privacy requirements. Our privacy guidelines are communicated to our employees on an annual basis as part of our mandatory trainings. When you agree to accept this Privacy Statement when registering a product or for service, creating an account, or otherwise providing us with your personal data, you consent to the transfer of your personal data throughout our network of entities.

SHARING WITH SERVICE PROVIDERS & PARTNERS

We engage service providers or partners to manage or support certain aspects of our business operations on our behalf. These service providers or partners may be located anywhere in the world and may provide services such as credit card processing and fraud management services, customer support, sales pursuits on our behalf, order fulfillment, product delivery, content personalization, advertising and marketing activities (including digital and personalized advertising), IT services, email service providers, data hosting, live-help, debt collection and management or support of our websites. Our service providers and partners are required by contract to safeguard any personal data they receive from us and are prohibited from using the personal data for any purpose other than to perform the services as instructed by us.

SHARING OTHER INFORMATION WITH ADVERTISERS

We may also transfer information about you to advertising partners (including the ad networks, ad-serving companies, and other service providers they may use) so that they may recognize your devices and deliver interest based content and advertisements to you. The information may include your name, postal address, email, device ID, or other identifier in encrypted form. The providers may process the information in hashed or de-identified form. These providers may collect additional information from you, such as your IP address and information about your browser or operating system and may combine information about you with information from other companies in data sharing cooperatives in which we participate.

SHARING WITH OTHER THIRD PARTIES

We may also share your personal data with: (i) credit reference and fraud prevention agencies; (ii) debt collection agencies (for outstanding debts with us); or (iii) insurance providers if you have purchased an insurance policy through us. If you choose to provide personal data to the other companies, that personal data will be handled according to the privacy policy of those companies, which may differ from our own policies and practices.

CORPORATE TRANSACTIONS

We may need to sell, buy, merge or otherwise reorganize businesses, in which case we may need to disclose or transfer your personal data to prospective or actual purchasers or receive personal data from sellers. In such a case, we will seek appropriate protections for your personal data in these types of transactions.

COMPLIANCE WITH LAW

We may also share your personal data when we believe, in good faith, that we have an obligation to: (i) respond to duly authorized information requests of law enforcement agencies, regulators, courts and other public authorities, including to meet national security or other law enforcement requirements; (ii) comply with any law, regulation, subpoena, or court order; (iii) investigate and help prevent security threats, fraud or other criminal or malicious activity; (iv) enforce/protect our rights and properties; or (v) protect the rights or personal safety of us , our employees, and third parties on or using our property when allowed and in line with the requirements of applicable law.

We do not, and will not, sell personal data to third parties. We do permit third parties to collect the personal data described above through our Services and share personal data with third parties for business purposes as described in this Privacy Statement, including but not limited to providing advertising on our Services and elsewhere based on users’ online activities over time and across different sites, services, and devices (so-called “interest-based advertising”). The information practices of these third parties are not covered by this Privacy Statement.

You have the right to ask us for a copy of any personal data that you have provided to us or that we maintain about you and to request an explanation about the processing. In addition, you have the right to withdraw any consent previously granted or to request correction, amendment, restriction, anonymization or deletion of your personal data; and to obtain the personal data you provide with your consent or in connection with a contract in a structured, machine readable format and to ask us to transfer this data to another data controller.

You also have the right to object to the processing of your personal data in some circumstances, in particular when we are using your data for direct marketing or to create a marketing profile, which we will only use with your consent. In addition to the privacy controls available to you via this Privacy Statement, you can control your device data collection yourself through your device settings and preferences (but only with your active participation). Certain product usage data is necessary to provide Sprocket services and if you disable data collection, it may affect the availability or functionality of such services. Data collected for the fulfilment of such essential functionality will not be processed for direct marketing purposes, without your express permission. In certain cases, these rights may be limited, for example if fulfilling your request would reveal personal data about another person or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests to keep.

We will not discriminate against you for exercising your rights and choices, although some of the functionality and features available on the Sprocket may change or no longer be available to you. To exercise your rights, or if you have any questions or concerns about our Privacy Statement, our collection and use of your data or a possible breach of local privacy laws, you can contact our Privacy Office as provide here:

C&A Marketing, Inc.
114 Tived Lane East
Edison, NJ 08837
USA

All communications will be treated confidentially. Upon receipt of your communication, our representative will contact you within a reasonable time to respond to your questions or concerns. In some cases, we may request further information in order to verify your identity. We aim to ensure that your concerns are resolved in a timely and appropriate manner.

If we are unable to resolve your concerns, you have the right to contact a data privacy supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached or seek a remedy through the courts.

Last revised October 19, 2020