Last Updated: 2/1/2021
1. Whose Personal Information Do We Collect
Step2 collects personal information from a range of individuals in the context of our business activities, including from the following: customers; individuals that use, or otherwise access, our Site; individuals who visit our premises or facilities; representatives of our suppliers, customers and other business contacts; contractors and similar types of workers; individuals related to, or otherwise affiliated with, our Company's employees; and, individuals who contact us by any means.
2. The Types Of Personal Information We Collect
The type of personal information that Step2 collects depends on our relationship with the particular individual. Generally, we collect the following types and categories of personal information:
• Identity data, such as your name, billing, shipping and residential address, e-mail address, telephone number, professional title, and your employers name.
• Registration data, such as information provided by you when you register for an account to use our Site, including usernames and passwords.
• Business contact data, such as information related to employees, owners, directors, officers, or contractors of a third-party organization (e.g., business, partnership, sole proprietorship, nonprofit, or government agency) with whom Step2 may conduct, or possibly conduct, business activities.
• Recruitment data, including information derived from employment applications or submitted in connection with a job posting or inquiry.
• Marketing and communications data, including your marketing preferences and your subscriptions to our publications or marketing materials.
• Transaction data, including orders for our products and services and details of payments to and from you, including purchase history and preferences and (limited) payment card information, and your past purchase and transaction history.
• Your feedback and comments, including comments or any statements you provide to us through the Site.
When you do not provide personal information that Step2 requests, we may not be able to provide you the requested service or complete a transaction, and you agree that Step2 will not be liable or otherwise responsible for any damages or loss arising from such circumstances.
3. How We Collect Personal Information
Most often, Step2 obtains personal information directly from individuals themselves. For example, when an individual undertakes the following activities, we generally collect their personal information:
• Use or access our Site and/or complete one of our web forms.
• Contact our customer service centers or request information from us in any other way.
• Visit one of our locations or premises.
• Submit an order to, or make a purchase with, Step2.
• Apply to a job posting or otherwise submit an employment application.
• Provide us personal or business contact information via a business card or through similar communications.
• Complete a survey or otherwise provide us feedback.
• Register your product for warranty service or submit a warranty claim.
• Report product/service issues.
• Communicate with us via social networking websites, third-party applications, or similar technologies.
• Visit one of our trade counters at an exhibition.
In accordance with applicable law, we may collect personal information about you from third parties, which we may combine with the information we already hold about you in order to promote our legal or business interests. If you provide personal information about a third party, then you expressly represent and warrant to Step2 that you have the full right and lawful authority to provide Step2 with the information.
4. How We Use Your Information
Step2 may use personal information for several business and administrative purposes, or to further our legal or other business interests. Generally, we use personal information for the following reasons:
• Services and transactions. We may use your personal information to execute transactions and deliver services to you that you have requested, including by providing you information on our products or services, answering customer service requests, facilitating the use of our Site, sending information to customers about the status of orders they placed with us, processing and collecting payments, and sharing phone numbers, shipping address, and item descriptions (including but not limited to, model number and brand) with delivery partners to facilitate prompt and efficient delivery. We also use personal information to facilitate order confirmations, invoices, technical notices, updates and security alerts, and support and administrative messages. For the avoidance of doubt, in the event you provide Step2 with a telephone number as part of your registration to the Site or as part of a purchase or transaction with us, you hereby consent and agree that Step2 (or our service providers) may contact said telephone number by any means (including SMS/text message) for service and transactions purposes.
• Marketing. In accordance with applicable laws and regulations, we may use your personal information to inform you of our products or services which may be of interest to you, and to otherwise communicate with you about offerings, events, news, surveys, special offers, and related topics. You are able to opt-out from marketing communications sent via e-mail at any time, free of charge, by using the "unsubscribe" link in any e-mail marketing materials you receive from us.
• Talent Management. In connection with a job application or inquiry, you may provide us with information about yourself, such as a resume/curriculum vitae, professional references, information about education and employment experience, and information about professional training and certifications. Step2 may use this information for the purpose of employment consideration, background checks and employment eligibility, and as otherwise set forth in any separate privacy statement or other notice made available to in connection with your application. We may use a third party (e.g., job recruiter) or social media platform to solicit, collect, and retain employment applications and inquiries.
• Security and Enforcement. We may use the personal information we collect in order to detect, prevent and respond to fraud, intellectual property infringement, violations of our terms and conditions, violations of law or other misuse of our Site, products, or facilities. We may use personal information to administer and protect our business and our Site, including system maintenance, support, reporting and hosting of data. We may use personal information to protect the health and safety of our employees, contractors, customers, and others in our community.
• Legal and Business Interests. We may use personal information to promote, defend or protect our legal, regulatory, or business interests, including enforcing contracts and other agreements. For example, we may use your personal information to help persuade retailers to carry our products.
5. Sharing Your Personal Information With Others
Step2 does not sell, lease, or rent personal information on any individual, including minors, to a third party for profit or other valuable consideration. We may, however, share your personal information with selected third parties in accordance with applicable law, including as set forth below.
• Service Providers. We may share your personal information with other companies with whom we have contracted to provide services on our behalf, such as hosting our Sites, conducting surveys, processing transactions, facilitating our marketing activities, providing customer service, performing analyses to improve the quality and security of our business, Site, products and services.
• Delivery Services. We may share your personal information with third parties to deliver our products and other items and to engage in similar routine business functions.
• Business Restructuring. Circumstances may arise where Step2 decides to sell, buy, divest, merge or otherwise reorganize our business. We may disclose information we maintain about you to the extent reasonably necessary to proceed with the negotiation or completion of a merger, acquisition, bankruptcy, divestiture, or sale of all or a portion of Step2's assets.
• Disclosure for Other Reasons. We may disclose personal information (i) if required by law or government order, or with a legal process, (ii) to protect and defend our rights or property, or (iii) in urgent circumstances, to protect the health and personal safety of any individual. In addition, Step2 may share your personal information with any third party when we believe such disclosure is necessary to defend or protect our legal, regulatory, and business interests. We may also disclose your information upon your express consent.
In the event that you facilitate a transaction with Step2, or request information from, or otherwise engage with us, and such activities require Step2 (in our sole judgment) to share your personal information with a service provider or other third party, you hereby consent to the same.
6. Third-Party Links, Social Media Widgets, Single Sign On
Step2 may include on our Site certain links to other websites, including websites operated by unaffiliated third parties. Each such third-party website has its own privacy policies and practices, which may be different than the policies and practices described herein; we urge you to read any privacy statement posted on a third-party website carefully. Additionally, to the extent that you follow a link to a website operated by an independent third party, please be aware that Step2 exercises no authority or control over that third party and we cannot be, and are not, responsible for any information that you may submit at that website or how it is used.
7. Data Retention and Localization
Step2 is based in the United States and the personal information that we collect and process is retained and stored in the United States. Please be aware that (i) the United States may not provide the same level of protection of personal information as in your country, state, or jurisdiction of residence or nationality, (ii) the European Union and other foreign authorities have determined that, in some circumstances, the United States does not provide an adequate level of protection for personal information, and (iii) when transferred to the United States, your personal information may be accessible by, or otherwise made available to, United States authorities and officials pursuant to judicial and/or administrative orders, decrees, and demands, and/or other domestic laws, statutes, and regulations, applicable in the United States. By continuing to provide us such information you hereby consent to your personal information being transferred to, and stored in, the United States.
8. Information Security
We are committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use or disclosure. However, no information system can be fully secure, so we cannot guarantee the absolute security of your personal information. Moreover, we are not responsible for the security of information you transmit to the Site over networks that we do not control, including the Internet and wireless networks, and you provide us with any information and data at your own risk. To the extent permitted by law, Step2 shall not be liable or otherwise responsible for any data incidents that may compromise the confidentiality, integrity, or security of your personal information. The safety and security of your personal information also depends on you. Where we have given you (or where you have chosen) a username and password to access the Site, you are responsible for maintaining the security and confidentiality of those credentials and not revealing them to others. You must contact us immediately if you have reason to believe that your username or password to our Site have been compromised.
9. No Personal Information Collected from Children
Our Site is not directed at, nor intended for use by, children. As a result, we will not knowingly collect information from children under eighteen years of age with or without consent from their parents or guardians. If you are under the age of eighteen, you are hereby prohibited from using our Site or with providing us with your personal information, unless you can demonstrate affirmative authorization from your parent or legal guardian to do so and thereafter, we grant you written consent. If you are a customer who provides us with general information about your children for analytical purposes (e.g., age, gender), you hereby represent and warrant that you have the right and authority to provide us with such data.
10. Your Responsibilities
11. Cookies, Digital Advertising Tools, Online Analytics
For information on cookies and behavioral advertising, see http://www.allaboutcookies.org/. For some of our service providers that participate in the Digital Advertising Alliance (DAA), you can exercise your choice to opt-out of interest-based advertising at http://optout.aboutads.info. You may also opt-out of receiving interest-based ads from many third-party websites and applications through the Network Advertising Initiative's (NAI) Opt Out Tool which is available at http://www.networkadvertising.org/choices. Certain types of mobile devices have an identifier that provides organizations with the ability to serve targeted advertising directly to a specific mobile device, and you may (depending on the device) be able to limit advertising, reset the advertising identifier, and turn off your device's tracking features within your device's settings. For more information see http://youradchoices.com/appchoices.
12. Email Marketing and Opt-Out Requests
You have the right to opt-out of receiving electronic direct marketing communications from us. All electronic direct marketing communications that you may receive from us, such as e-mail messages, will give you an "unsubscribe" option of not receiving such communications from us in the future. California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties with whom we have reason to believe use such information for their own direct marketing purposes
13. Text/SMS Message Consent; Opt-Out and Notice Obligations
You may, in your sole discretion, provide Step2 with your mobile telephone number in order to receive text messages from us, such as messages and alerts related to our products, events, and/or promotions. By providing us with your mobile telephone number, you (i) expressly represent that you are the owner of, and have the authority to provide, the mobile telephone number to us for these purposes, and (ii) hereby consent to receive from us automated marketing text messages at the mobile telephone number so provided. You further acknowledge that your consent to receive automated marketing text messages from us is not, in any form or manner, contingent upon, or required to make, a purchase for goods or services. Standard text/SMS message and data rates will apply and you should check the rates of your mobile carrier prior to providing us with your mobile telephone number. You can opt-out from further text marketing communications by texting STOP to the SMS number used by us to contact you or by contacting us directly in accordance with the "Contact Us" section listed below. We may share your mobile phone number with service providers with whom we contract to assist us with our marketing activities or delivery services, but we will not share your mobile phone number with third parties for their own marketing purposes without your consent. Because text messages are distributed via third-party mobile network providers, we cannot control certain factors relating to message delivery. Depending on your mobile carrier, it may not be possible to transmit the text message to you or your mobile device successfully; nor is our content available on all carriers. We do not claim or guarantee availability or performance of this service, including liability for transmission delays or message failures. Without limiting any of the foregoing, you hereby agree that you will immediately and without delay (and within 72 hours) notify Step2 in the event you no longer are the owner of any mobile telephone number provided to Step2 or have the authority to use any such mobile telephone number to receive text messages.
14. California Consumer Privacy Act
Pursuant to the California Consumer Privacy Act of 2018, as amended ("CCPA"), certain California residents may have additional data privacy rights, such as the right to be notified about what personal information is collected about you, and our intended use and purpose for collecting your personal information. In some circumstances, California residents have the right to know and access the categories or specific pieces of personal information we have collected, used, disclosed, or sold about you over the past twelve (12) months; the categories of sources from which the personal information is collected; and, the business or commercial purpose for which your personal information was collected, used, disclosed, or sold. In addition, certain California residents have the right to request Step2 transfer, to the extent feasible, personal information in certain forms and formats. California residents have the right to request that we (and any applicable service provider) delete/erase your personal information under certain circumstances. In some circumstances, certain California residents have the right to opt-out of the sale of their personal information and Step2 does not sell your personal information to third parties for profit or other valuable consideration. California residents have the right not to be subject to discrimination for asserting their rights under the CCPA. If you make, or an authorized agent on your behalf makes, any request related to your personal information under the CCPA, Step2 will ascertain your identity (and the identity of the authorized agent, to the extent applicable) to the degree of certainty required under the law before addressing your request. Step2 may require you to match at least two or three pieces of personal information we have previously collected from you before granting you access to, or erasing, specific pieces, or categories of, personal information, or otherwise responding to your request. We may require written documentation that demonstrates a third party is authorized to serve as your agent for the purposes of submitting the requests set forth herein.
15. Nevada Privacy Rights
Although we do not currently conduct sales of personal information, Nevada residents may submit a request directing us to not sell personal information we maintain about them to third parties who will sell or license their information to others.
16. European Data Protection
If you are located in the European Economic Area, Switzerland, or the United Kingdom (UK), you may have additional rights with respect to the personal information we have about you. To the extent permitted by the European Union (EU) General Data Protection Regulation (GDPR), or applicable data protection laws in EU member states, Switzerland, or the UK, you may request the following: access to the personal information we hold about you; that inaccurate, outdated, or no longer necessary information be corrected, erased, or restricted; and, we provide your personal information in a format that allows you to transfer it to another entity. You also may withdraw your consent at any time if, and only if, we are solely relying on your consent for the processing of your personal information. You may object to our processing of your personal information where that processing is based on our legitimate interest. For purposes of clarity, we do not engage in any activity that subjects our survey participants, customers, or others to a decision based solely on automated processing, including profiling, which produces legal effects, or similarly significant results, impacting them. We process your personal information in accordance with the legal bases set forth in the GDPR. For example, our processing of personal information (as described herein) is justified based on the following GDPR provisions and which may overlap: (1) processing is based on your consent; (2) processing is necessary for our legitimate interests as set out herein; (3) processing is necessary for the performance of a contract to which you are a party; and (4) processing is required to comply with a legal or statutory obligation. You have the right to lodge a complaint with your competent data protection authority. If you wish to exercise any of these rights, please contact us in accordance with the instructions provided below in the "How to Contact Us" section. We may need to collect and process information about you solely for the purpose of responding and satisfying any data right request you may have.
17. Do Not Track Signals
Some web browsers may transmit "Do Not Track" signals to the website with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not, unless otherwise required by law, take action in response to these signals.
18. Persons with Disabilities
19. Rewards and Financial Incentive Programs
Pursuant to the CCPA, you may be entitled to be informed as to why financial incentive programs, or price or service differences, are permitted under the law, including (i) a good-faith estimate of the value of your personal information that forms the basis for offering the financial incentive or price or service difference, and (ii) a description of the method we used to calculate the value of your personally identifiable information. Generally, we do not assign monetary or other value to personal information. However, in the event we are required by law to assign such value in the context of Rewards Programs, or price or service differences, we have valued the personal information collected and used as being equal to the value of the discount or financial incentive provided, and the calculation of the value is based upon a practical and good-faith effort often involving the (i) categories of personal information collected (e.g., names, email addresses), (ii) the transferability of such personal information for us and our Rewards Programs, (iii) the discounted price offered, (iv) the volume of consumers enrolled in our Rewards Programs, and (v) the product or service to which the Rewards Programs, or price or service differences, applies. The disclosure of the value described herein is not intended to waive, nor should be interpreted as a waiver to, our proprietary or business confidential information, including trade secrets, and does not constitute any representation with regard to generally accepted accounting principles or financial accounting standards.
20. We Do Not Sell Personal Information
21. Events and Video Teleconferencing
Step2 hosts, and uses video teleconferencing platforms to facilitate, conferences, meetings, training events, and other programs. We often use online platforms that are owned and administered by a third-party service provider (e.g., Zoom, WebEx, Skype for Business). Please be aware that our video teleconferencing may record the content, conversations, and discussions thereon, and such records may be stored or retained by our third-party service providers. By participating in our events and video teleconferencing, you hereby consent to the collection and retention of any information provided therein, and hereby consent to the recording of such activities.
23. Public Forums
Our Site may offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used, without limitation, by others.
25. Contact Us
The Step2 Company
ATTN: Privacy Counsel
10010 Aurora-Hudson Road
Streetsboro, Ohio 44241 U.S.A.
You may also contact us at 1-866-429-5200 or at Step2-Company@Step2.net.