Ace Hardware  /  Privacy Policy / Additional Information for Virginia Residents

Additional Information for Virginia Residents

Under the Virginia Consumer Data Protection Act ("VCDPA"), consumers in Virginia have the right to receive certain disclosures regarding the processing their personal information and their privacy rights with respect to our processing of such personal information.

Categories of Personal Information Processed

Depending on your use of our Services and how you interact with us, we may collect the following categories of personal information:

  • Personal identifiers, such as name, address, telephone number, and email address;
  • Device information, online identifiers and related information, such as operating system information, type of device, and screen size;
  • Internet, application, and network activity information, such as browsing history, clickstream data, search history, and information regarding interactions with a website, application, or advertisement, including other usage data related to your use of any of our Services or other online services, cookies, and IP addresses;
  • Demographic information, such as age and birth month;
  • Commercial information, such as financial information, credit and debit card numbers (stored with our payment processor) and claims information, records of personal property, products, or services purchased, obtained, or considered, or other purchasing or use histories or tendencies;
  • Customer records, such as purchase history information, including products you have purchased, rented, and/or returned;
  • Professional information such as current and former employers, business contact information, and professional memberships;
  • Location information, such as precise and general geolocation information;
  • Audio, visual, and other sensory information, such as audio and video recordings;
  • Individual preferences and characteristics, such as inferences related to shopping patterns and behaviors; and
  • Sensitive personal information, including financial information (held by our payment processors) and precise geolocation.

Purpose for Processing Personal Information

We use your personal information to provide you products and Services, such as to fulfill your requests for products or to help us personalize our Services and market to you. We also may use your personal information to support our business functions, such as fraud prevention, marketing, and legal functions. Some examples may include:

  • Providing Services and support: To provide and operate our Services, fulfill your orders or requests for Services and provide customer service, create and maintain your account, communicate with you about your use of the Services, provide troubleshooting and technical support, debug to identify and repair errors that impair existing intended functionality, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar Service and support purposes.
  • Responding to inquiries: To respond to your questions, fulfill your orders, and consider your requests.
  • Analytics and improvement: To better understand how users' access and use the Services and our other products and offerings, conduct auditing and monitoring of transactions and engagement, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, develop Services and features, and for internal quality control and training purposes.
  • Customization and personalization: To tailor the content we may send or display on the Services, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences.
  • Marketing and advertising: For marketing and advertising purposes. For example, to send you information about our Services, such as offers, promotions, newsletters and other marketing content, including about third-party products and services we think may interest you, as well as any other information that you sign up to receive. We also may use certain personal information we collect to manage, measure, and improve our advertising campaigns so that we can better reach people with relevant content.
  • Loyalty and rewards program: If you are a member of our Ace Rewards program, we use your personal information in order to administer those programs, which are described more specifically when you enroll.
  • Planning and managing events: For event planning and management, including registration, attendance, connecting you with other event attendees, and contacting you about relevant events and Services.
  • Research and surveys: To administer surveys and questionnaires, such as for market research or member satisfaction purposes.
  • Safety, quality, and improvement: To undertake activities to verify or maintain quality or safety and improve, upgrade, or enhance the Services owned or controlled by us.
  • Security and protection of rights: To protect you and others, the Services, and our business operations; to help ensure security and integrity and prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use , available at acehardware.com/terms-of-use, our contracts, if any, with you, or this Privacy Policy.
  • Legal proceedings and obligations: To comply with the law and our legal obligations, to handle legal processes, and related to legal proceedings.
  • General business and operational support: To conduct business analysis, such as analytics and projections or to identify areas for operational improvement, to consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.
  • Other notified purposes: For other lawful purposes that you reasonable expect, are permitted under applicable law and regulation, or that we may notify you of from time to time.

Ace may combine personal information, collected online and offline, including personal information from third party sources as described below. Ace also may transfer or share your personal information within our corporate family of companies and Ace stores for these purposes, as permitted by law.

Categories of Personal Information Shared with Third Parties

Generally, we may share the following categories of personal information with third parties for a business or commercial purpose.

  • Commercial information, such records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Internet or other electronic network activity information, such as browsing history, search history, and information regarding your interaction with an internet website or application, as well as physical and network access logs and other network activity information related to your use of any Ace network or other information resource.
  • Geolocation data, such as precise and general location information about a particular individual, vehicle, or device.
  • Characteristics of protected classifications under state and federal law, such as race/ethnicity, gender, and sex.
  • Audio, electronic, visual, thermal, or similar information, such as, CCTV/camera/video footage, photographs, call recordings, and other audio recording (e.g., recorded webinars).
  • Professional or employment-related information, such as professional memberships and associations.
  • Education information, such as degrees earned.
  • Inferences, such as inferences drawn from any of the information identified above to create a profile about an individual regarding her or his preferences, characteristics, predispositions, behaviors, and personality tests and profiles reflecting skill and aptitude.
  • Sensitive personal information, such as financial account and payment information; and precise geolocation information.

Categories of Third Parties with Whom We Share Personal Information

The categories of third parties with whom we may share personal information include: advisors and agents, affiliates and subsidiaries, regulators, government entities and law enforcement, internet service providers, operating systems and platforms, advertising networks, data analytics providers, social networks, data brokers, Ace stores, and others, as permitted by law.

Virginia Residents' Rights

Virginia law grants Virginia residents certain rights and imposes restrictions on particular business practices as set forth below. Subject to certain exceptions, Virginia residents have the right to make the following requests:

Right to Deletion: Virginia residents have the right to request deletion of their personal information that a business has collected from or about them, subject to certain exemptions.

Right to Access: Virginia residents have the right to confirm whether a controller is processing personal information concerning the resident and to access the resident's personal information.

Right to Correction: Virginia residents have the right to correct inaccuracies in their personal information, taking into account the nature of the personal information and the purposes for processing the personal information.

Right of Portability: Virginia residents have the right to obtain a copy of the personal information that they previously provided to a business in a portable and, to the extent technically feasible, readily usable format that allows them to transmit their personal information to another controller or business where the processing is carried out by automated means.

Right to Opt Out of Sale: Virginia residents have the right to request a business opt them out of the sale of their personal information. Under Virginia's definition of sale we do not "sell" any personal information for monetary compensation.

Right to Opt Out of Targeted Advertising: Virginia residents have the right to request a business opt them out of the processing of their personal information for the purpose of targeted advertising. For more information about how we collect and process your personal information for purposes of targeted advertising, see the Cookies and Other Technologies and Interest-Based Advertising sections of the main body of the privacy policy.

Right to Opt Out of Profiling: Virginia residents have the right to request a business opt them out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

Right to Appeal: Virginia residents may appeal a business's refusal to take action on a request to exercise their rights per the instructions provided in our response or by submitting a new request that references the original request.

Submitting Requests

Requests to exercise privacy rights may be submitted on our Your Privacy Choices webform or by clicking the "Your Privacy Choices" button on the bottom of AceHardware.com. Additionally, individuals may contact Customer Care at 1-888-827-4223 or complete a form in Ace stores.

To submit a request to opt-out of targeted advertising, use the mechanisms outlined above and adjust your cookie settings here: Manage Choices

We will respond to verifiable requests received from Virginia residents as required by law.

Verification of Requests

For your protection, we may require you to log into your account to verify your identity or make requests. In order to process requests to know, delete or correct, we require first name, last name, zip code, email, phone number and/or Ace Rewards number, and we may ask for additional information such as recent purchases or authenticated interactions with us depending on the nature of the request and the need to prevent fraud and protect security. The information provided in the request will be compared to the data Ace maintains for that customer. If the information does not match, we will be unable to process the request.

Authorized Agent Requests

An authorized agent is a person or business who has authorization to request to know what personal information we have about you, to delete the personal information we have about you, to correct the personal information we have about you, or to opt-out of the sale of personal information on behalf of a Virginia resident. Authorized agents use the same links described above to submit requests.

If you are submitting a request on behalf of another person, we require an authorization, and/or other documentation demonstrating your authority to submit this request. This can be a letter or other documentation signed by the Virginia resident authorizing you to submit this request. Ace reserves the right to contact the consumer directly to verify their identity and ensure that they have elected an authorized agent.

Right to Non-Discrimination

Ace will not discriminate against Virginia residents for exercising their rights under the VCDPA.

Deidentified Data Requirements

In the event we use, disclose, or process deidentified data about consumers, we will do so in deidentified form. We commit to maintaining and using deidentified data in its deidentified form and will not attempt to reidentify it, except as permitted by law.