Effective Date: January 1, 2020
This Privacy Notice describes our handling of Personal Information in connection with your presence in our locations and your use of our websites, mobile apps and the services we provide. By using our websites, mobile apps, and services, you hereby consent to these terms.
"Personal Information" refers to information that identifies you as an individual. This Privacy Notice describes how we collect, use, share, and protect your Personal Information, and the choices you have regarding your Personal Information. We encourage you to read this Privacy Notice and to consult our Privacy Resource Center to learn more about privacy.
- Information You Provide Us Directly. We collect personal and transactional information (purchase-related history) which you provide us directly, for example, in connection with a purchase, a service/event, a promotion, or application for a membership program.
- Information We Receive from Other Parties. We may obtain information about you from other sources for purposes such as prospecting and/or enhancing the information you have provided.
Our websites and mobile applications are intended for a general audience and are not directed toward minors under 16 years of age, and we do not knowingly collect their Personal Information.
Personal Information may be used for the following purposes:
- Our Products & Services. We use Personal Information to process and fulfill your orders, refunds or exchanges, requests for products, services or information, to provide customer service, to administer our credit card programs, to personalize your shopping experience, to identify your preferences, and to provide you services across multiple devices.
- Marketing and Advertising. We use Personal Information to administer promotions, contests, sweepstakes, and rewards programs and to market products and services, including serving you interest-based advertising. For more information on interest-based advertising, see our Privacy Resource Center.
- Other Uses. We use Personal Information for other reasons, including conducting sales research and analysis; preventing or mitigating fraud and credit risk; and complying with legal matters, investigations, and applicable laws and regulations.
We may share your Personal Information with other parties in the following instances:
- With Our Third Parties: To process transactions or provide products or services on our behalf, including but not limited to providers of product delivery services (for example, UPS and FedEx) and website analytics (for example, Google Analytics).
- For Marketing Purposes: To notify you of offers for products or services that may be of interest to you. We do not share credit card or other financial information for marketing purposes.
- For Corporate Transactions: In connection with a merger, acquisition or sale involving all or a portion of our company.
a. To Stop Certain Collection and Use of Your Personal Information:Marketing Emails, Texts and Mail
- You can stop promotional emails from us by using the “unsubscribe” link on our promotional emails.
- You can stop marketing text messages, by replying “STOP” our promotional text messages.
- You can stop promotional postal mail by contacting us with your request as noted in the How to Contact Us section below.
Some of our websites support Interest Based Advertising efforts by Third Parties. Industry groups such as the Digital Advertising Alliance have developed services to help you manage your Interest Based Advertising preferences.
You can opt-out of tracking used to understand website utilization provided by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.
Do Not Track
Some browsers have a “Do Not Track” feature that lets you send a request to websites to not track your online activities. We, like many other retailers, do not honor those requests.
b. To Change or Correct Your Personal Information
At any time, you can request access to your personal information, request that any inaccuracies be corrected, or request that comments or explanations be added to records about you.
You may contact us with changes as described in the How to Contact Us section. To prevent unauthorized changes, we may ask for certain information to verify your identity before we process such requests.
Although we will do our best to make your requested changes, in some cases for example, if it requires a disproportionate technical or practical cost or effort or if it conflicts with our legal obligations or business requirements, we may be unable to do so completely. Should this occur, we will communicate that to you.
We employ technical, physical and administrative safeguards to protect your Personal Information and require Third Parties with whom we work to do the same. However, we cannot guarantee your information will be completely safe against unauthorized access. Please use caution when sharing your information with others and take appropriate measures to protect the confidentiality of your username and password. Some practical tips are available in the Privacy Resource Center.
If you think the Personal Information you provided to us has been improperly accessed or used, or if you suspect that unauthorized purchases have been made on our websites using your Personal Information, please contact us immediately.
Our websites may contain links to, or plugins or widgets from, social media or other websites operated and maintained by Third Parties. These properties, which we do not control, operate independently and have their own privacy practices and statements, which we encourage you to review.
a. Contract Customers
If you are a contract customer and would like to opt-out of receiving promotional postal mail and/or email from us, please notify your Account Manager. You may still receive promotional postal mail or email from other affiliated companies and Third Parties if they have received your email or postal address from other sources or as a result of their own transactions or experiences with you. You will also continue to receive promotional postal mail or email if you request to hear from us again.
b. Nevada Residents
Under Nevada SB 220, Nevada residents may submit an opt-out request regarding the sale of their Personally Identifiable Information (PII) collected through a website or online service. Where applicable, you may submit your request to Opt-Out of the sale of Personal Information to Third Parties by submitting an online request at: Do Not Sell My Personal Information
c. California Residents
1. California Shine the Light Law
Under California Civil Code sections 1798.83–1798.84 California residents may request the names and addresses of affiliated companies and categories of Personal Information we share for their direct marketing purposes. If you are a California resident and would like to make such a request, please Contact Us.
2. California Consumer Privacy Act of 2018
California residents have the following rights:
- The Right to Disclosure
- About information collected
- About information sold
- Categories of personal information sold
- Categories of Third Parties with whom the personal information was sold
- The Right to Deletion of Personal Information
- The Right to Opt-Out of the sale of Personal Information to Third Parties
- The Right to Sue for Security Breaches
- The Right to not be Discriminated Against Based on Exercising any of the Above Rights
California residents may submit a Data Disclosure request by:
- Submitting an online request here: Data Disclosure Request
- Submitting a phone request by calling 1-800-333-0333
California residents may submit a Data Deletion request by:
- Submitting an online request here: Data Deletion Request
- Submitting a phone request by calling 1-800-333-0333
Where applicable, you may submit your request to Opt-Out of the sale of your Personal Information to Third Parties by:
- Submitting an online request here: Do Not Sell My Personal Information
- Clicking the “Do Not Sell My Personal Information” button on our applicable website
Unless indicated with a “Do Not Sell My Personal Information” button on our websites, we do not sell Personal Information as defined by the California Consumer Privacy Act (CCPA).
We will take reasonable steps to verify your identity prior to fulfilling the above requests.
Authorized Agents may submit requests on behalf of a California resident using the above processes and providing the appropriate documentation.
The following section describes:
- Categories of personal information we collect
- he purpose for which the personal information is collected
- Specific personal information collected
- Categories of sources from which that information is collected
- Categories of Third Parties (who are not classified service providers) with whom the information may be shared
- The purpose for selling or sharing of personal information
|Categories of Personal Information as defined by CCPA||Do we collect this type of Personal Information?||Purpose of collecting that Personal Information||Specific Personal Information that may be Collected||Categories of Sources from which the Personal Information is Collected||Is this category of Personal Information shared with third Parties?||Categories of third Parties with which the Personal Information may be Shared||Purpose of Selling or Sharing Personal Information||Can you opt-out of this Sharing?|
|Identifiers||Yes||To uniquely identify an individual in support of business activities||Names, Account ids, emails, addresses, IP Addresses, Device Identifiers, Loyalty Program Ids, Tax Exempt Numbers||From you, From Marketing Firms||Yes||Marketing Partners||Marketing||Yes|
|Commercial Information||Yes||To support business transaction||Quotes, Sales Transactions,||Your transactions with us||Yes||Marketing Partners||Marketing||Yes|
|Biometrics||In limited circumstances||Fraud Protection||Behavioral biometrics and device usage||From you||No||N/A||N/A||N/A|
|Network Activity||Yes (if you access our websites or mobile apps)||To allow access to and optimize our websites||Access to our properties||From you||No||N/A||N/A||N/A|
|Geolocation Data||Yes (if you access our websites or mobile apps)||Personalization and Store Locations||Unique Identifiers and your location and ZIP code||From you and your devices||No||N/A||N/A||N/A|
|Recordings (e.g. audio, visual)||Yes (if you call customer service or visit a store using closed circuit TV)||Customer Service, Fraud Prevention||Voice and CCTV Recordings||From you||No||N/A||N/A||N/A|
|Professional or Employment-Related Information||Yes||For employment and credit purposes||Employment History including Companies and Job Titles||From you||Yes||Prior Employers and Background Check Services||Employment Background||No|
|Education Information||Yes||For employment and credit purposes||Educational History including Schools and programs||From you||Yes||Verification Services||Employment and Credit Verification||No|
|Inferences||Yes||Personalization||Product Affinities||From you and external data sources||In limited circumstances||Marketing Partners||Marketing||Yes|
We do not knowingly collect or sell the Personal Information of minors under the age of 16 without affirmative authorization.
As an additional resource, you may also contact us at ConsumerRightsRequest@Staples.com for any additional questions related to the rights granted under the California Consumer Privacy Act (CCPA).
d. Canadian Residents
We consider "personal information" to be information about an identifiable individual. We do not consider public information found in directories and listings, or business names, addresses and/or contact numbers to be personal information.
We have adopted, as Company policy, the 10 personal information privacy principles stated in the Canadian Standards Association (CSA) Model Code for the Protection of Personal Information. The 10 principles are:
- Reason for Collection
- Limiting Collection
- Limiting User, Disclosure and Retention
- Individual Access
- Challenging Compliance
Interest Based Advertising
Some of our websites support Interest Based Advertising efforts by Third Parties. In Canada industry groups such as Digital Advertising Alliance of Canada have developed services to help you manage your Interest Based Advertising preferences.
e. European Union (EU) ResidentsStaples and its affiliated companies are based in the United States (U.S.) and the information Staples and its service providers collect is governed by U.S. law. If you are accessing the Services from outside of the U.S., please be aware that information collected through the services may be transferred to, processed, stored, and used in the U.S. Data protection laws in the U.S. may be different from those of your country of residence. Your use of the services or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of your information, including Personal Information, in the U.S. as set forth in this Privacy Notice.
As residents of the EU, you will have certain additional rights with respect to your Personal Data under the General Data Protection Regulation including:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
Interest Based Advertising
Some of our websites support Interest Based Advertising efforts by Third Parties. In Europe industry groups such as European Interactive Digital Advertising Alliance have developed services to help you manage your Interest Based Advertising preferences.
For more information, see the Privacy Resource Center.
We will retain your EU Personal Information for as long as your account is active, as needed to provide you services and to fulfill the purposes for which the data was collected, and as necessary to comply with our legal obligations and fulfill our business needs.
Please direct any questions, complaints or concerns regarding this Privacy Notice and our treatment of your Personal Information to any of the following:
Privacy and Compliance
500 Staples Drive
Framingham, MA 01702 US
Upon receiving a written request, we will contact you directly, investigate your request, and work to address your concerns. We will respond to your request without undue delay. We reserve the right to take reasonable steps to verify your identity prior to granting access or processing changes or corrections.
This Privacy Statement may change from time to time, and we will post on our websites any updated Privacy Notice. Recent changes to the Privacy Notice are documented below. Each version of this Privacy Notice will be identified by its effective date displayed at the top of this Privacy Notice.
What has changed:
January 01, 2020
October 1, 2019
May 25, 2018
March 23, 2017
Privacy Resource Center
The following information is available for your education and reference purposes. We hope you find it both helpful and informative as privacy and data security are important to all of us. Here’s what you can learn about in this Resource Center:
- General Security Practices
- Interest-Based and Online Behavioral Marketing
- Bluetooth Beacons
- Mobile Devices and Location Services
- Identity Theft
- Canadian specific resources
- European specific resources
It is a good general practice when using any website to take the following pre-cautions:
- Protect your username and password. Never share them with others and use different and complex passwords for each account. Consider using a commercially available Password Locker or Vault to generate and store your passwords.
- Keep your virus protection software up to date.
- Apply security patches by going to the vendor’s website.
- Lock your computer screen when you leave it.
- Be prepared and be aware, particularly of phishing attacks. Learn more about data security and phishing attacks in Section 6 below and at the FTC’s Identity Theft and Data Security website.
- If applicable, enable encryption on your computer’s hard disk. Apple® computers come with encryption turned on. You need to enable Microsoft Window’s encryption called Bitlocker.
- Use multi-factor authentication services where available. These are services that add another layer of security. In addition to your password, “something you know”, these services require “something you have”, often a unique id that is presented to you on your phone or another device.
- When shopping or providing sensitive information, make sure the website is using secure connections indicated by “HTTPS” versus “HTTP” in the URL.
- Understand how websites will use your data and the choices that are available to you by reading the website’s privacy statement.
Other public online safety resources:
Cookies are pieces of information that are transferred from websites to your computer’s hard drive and they may serve a variety of purposes. Web beacons, flash cookies and other similar technologies may also be used for these purposes. For example, cookies “remember” you when you return to a website and make your experience more user-friendly. Cookies identify which web pages are visited and how often. Cookies are also used to allow companies to better understand how their websites are used to improve their services.
Types of Cookies, How They Are Used and
The Potential Impact If Disabled
Potential impact if disabled
Used to support website functionality
Access to website content and features may be limited
Used to remember user preferences from one visit to the next
Preference will need to be reset on each visit to the website. This may also disable the ability have websites “remember” you at time of login
Used to serve you advertisements that may be relevant to you and your interests
Advertisements will still be displayed but will be more random and may be less relevant to you and your interests
Used as a component of a website’s general security and user authentication processes
Access to website and features may be limited
How to disable or delete cookies
If you want to prevent your browser from accepting cookies, if you want to be informed whenever a cookie is stored on your computer or if you want to delete cookies from your computer, please make the necessary changes in your Internet browser settings, typically under the sections “Help” or “Internet Options”. See links below:
- Internet Explorer: //windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-9
- FireFox: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
- Chrome: https://support.google.com/chrome/answer/95647
- Safari: https://www.apple.com/legal/privacy/en-ww/cookies/
If you disable or delete cookies in your Internet browser settings, you might not be able to access important functions or features, you will be required to re-enter your log-in details and your use of the website may be limited.
Please note that if you clear all cookies on your browser, or use a different browser or computer, you will need to complete the opt-out procedure again.
To opt out from flash cookies, please click here: //www.adobe.com/privacy/opt-out.html.
Cookies also enable companies to market products and services and deliver targeted advertising to you. You can opt-out of receiving personalized ads from third party advertisers and ad networks using the opt-out features at Digital Advertising Alliance or the Network Advertising Initiative. AdChoices, indicated by the icon is an example of a service some websites offer to assist in managing Interest-Based advertising choices.
If your browsers are configured to reject cookies when you visit these pages, or if you subsequently erase your cookies, use a different device or change web browsers, your opt-out may become ineffective and may need to be repeated.
Websites use tools to track and manage website traffic. Google Analytics is a commonly used tool for this purpose. Individuals may opt out of Google Analytics tracking by visiting https://tools.google.com/dlpage/gaoptout.
Note: If your browsers are configured to reject cookies, or if you subsequently erase your cookies, use a different device or change web browsers, opt-out elections may become ineffective and may need to be repeated.
Bluetooth beacons transmit a low-power signal that can be received within short distances by nearby Bluetooth-enabled mobile devices and recognized by apps a smartphone user has downloaded. Beacons only broadcast signals, and don’t collect any data. With the user’s permission, an app on a device can use the beacon’s signals to know when the mobile device is close to the beacon.
Mobile devices offer access to many features including applications developed specifically for mobile devices and direct access to the internet via browsers. These devices also provide additional services including location services which broadcast your location and notifications services that allow you to receive messages. You can disable the GPS locator or push notifications on your mobile device via your device settings.
Learn more about mobile devices and location services.
Phishing: This occurs when scammers send legitimate-looking emails to illegitimately gather personal and financial information. The emails look just like a legitimate email and often use company logos. If the customer falls for the bait, the thief could get credit card numbers, PINs, account passwords, expiration dates, credit card/bank account numbers and even Social Security numbers. Don’t click on links in emails unless you’ve requested the email or somehow otherwise know it is real. Learn more about phishing.
Vishing: Vishing is like "phishing" but uses a phone (baiting people by voice instead of email. Scammers pose as a known retailer or bank. They often call saying they need to verify information on file asking the individual to provide their personal information.
Don’t provide sensitive information over the phone when asked, instead contact the company directly at a number you find on a statement of on their website. Don’t call a number you are provided over the phone. Learn more about vishing.
Smishing: In these scammers use text messages, called "SMS" messages, instead of emails or phone calls. They have been seen with messages of winning a contest. Learn more about smishing.
Steps to consider in protecting yourself against fraud and identity theft:
- Learn more about Identify Theft and visit the FTC Identity Theft Resources.
- Review your account statements regularly. Carefully review your bank, credit card, and other account statements every month to ensure that all of your account activity is valid. Report any questionable charges promptly and in writing to the card or account issuer.
- Review your credit report from time to time. Obtain and review your credit report periodically to ensure that all your information is correct. You can obtain a free credit report once per year by visiting http://www.annualcreditreport.com or by calling 877-322-8228. Carefully reviewing your credit report can help you spot problems and address them quickly. If you have any questions about your credit report or notice any inaccuracies, contact the relevant consumer reporting agency promptly at the telephone number listed on the report.
- Create a fraud alert. Consider placing a fraud alert on your credit file. The fraud alert prompts creditors to contact you before opening any new accounts or increasing credit limits on your existing accounts. You can place a fraud alert on your credit file by contacting one of three consumer reporting agencies listed below. You need to contact only one of the three agencies in order to create the alert; the agency you contact is required by law to contact the other two. You will receive confirmation letters in the mail and then will be able to order a credit report from each of the three agencies, free of charge. The fraud alert will remain in your credit file for at least 90 days.
Effective as of May 25, 2018 the EU General Data Protection Regulation (GDPR) will replace the currently applicable EU Data Protection Directive and it will override existing EU national privacy laws. The GDPR will require new or additional obligations on all companies that handle EU citizens’ personal data, regardless of where the companies themselves are located. These regulations will only apply to the following affiliated companies: Makr, Marke Creative and to a certain extent, Staples Promotional Products.
GDPR affords EU and EA citizens additional protections.
For example, you can request from us the following information:
- whether and why we have your personal information;
- how we got your personal information;
- what we have done with your personal information;
- to whom we have communicated your personal information;
- where your personal information has been stored, processed or transferred;
- how long we will retain your personal information, or how that retention period will be determined; and
- the safeguards in place to protect your information when it is transferred to third parties or third countries.
For more information on GDPR, see: Official text of the EU General Data Protection Regulation (GDPR)
Legal Disclaimer - This website is provided for informational purposes only and should not be considered as a contractual commitment or legal advice.
What has changed:
May 25, 2018
Initial version of the Information Security and Privacy Resource Center