Last Updated: May 17, 2024

Heineken USA Incorporated (“Heineken,” “We,” “Us,” or “Our”) respects your privacy and recognizes your desire to safeguard your information. This Privacy Policy describes Our practices in connection with personal information that We collect in relation to the operation of Our business both offline and online, including Our websites as well as any other service, platform, website, or application we may offer that links to this Privacy Policy, as well as through any communications between you and us, such as customer service interactions and emails and other communications we send (collectively, the “Services”).

Residents of California, Colorado, Connecticut, Montana, Oregon, Texas, Virginia, and Utah: See the State Privacy Notice section below for more information on your data practices and what privacy rights you may have.

Sometimes additional or different privacy policies or practices may apply, in which case we will provide you with notice at the time of collection. Where applicable, those additional policies or practices supplement this Privacy Policy.

Personal Information We Collect

We collect personal information in relation to the operation of Our Services and Our business, including to understand the interests of Our customers and potential customers. Some of the personal information categories listed below may not apply to you, depending on how you interact with us.

  • Identifiers, including your name. We also collect device and online identifiers, such as your mobile advertising ID, IP address, and cookie ID that we may use in relation to Our advertising activities.
  • Contact Information such as your email address and phone number.
  • Personal Characteristics and Traits, such as your birthdate (and therefore, your age) in order to allow you to access Our Services. We may collect certain demographic information such as gender and ethnicity.
  • Commercial Information as Our brands which you have purchased or in which you have expressed interest, your purchase history and amounts, events you have attended, and communications preferences (including your preferred language).
  • Services Usage Information. This includes personal information collected by Tracking Technologies (defined below) during your visits to Our Services, which includes information such as:
    • your device functionality (browser, operating system, hardware, mobile network information);
    • the URL that referred you to Our Services;
    • the areas within Our Services that you visit and your activities there (including emails, such as whether you open them or click on links within);
    • your device location (if you have enabled such features on your device);
    • your device characteristics; and
    • device data and the time of day.
  • Location Data. most websites, We collect your IP address which can indicate rough geolocation, which allows Us to understand the zip code in which your device is located but not its precise location. You may be able to enable features on your device to provide Us with a more precise location and if you enable these features, We may receive more precise location data about your device.
  • Audiovisual and Similar Information such as personal information collected during customer service call recordings.
  • Professional or Employment-Related Information, such as if you interact with Us in a business-to-business context
  • Inferences including personal information derived from other information that We have collected. For example, We may make inferences about your activity on the Services or other information We have collected in order to provide you with advertisements that are most relevant to your interests.
  • User Content, such as content you provide in survey responses or in other contexts where We or one of Our Vendors allows you to provide user-generated content as described in Our User Content section.

The definition of personal information under certain laws is limited to information that can be used to directly identify you, such as your name, email address, and similar information. Under other laws, including those which Our U.S. State Privacy Notice covers, the definition of personal information is broader and also covers things like online identifiers (IP address, cookie IDs, device IDs). Where We are required by law to treat certain information as personal information, or where We combine certain information with personal information, We will treat it as such.

How We Collect Information

Below are some examples of how We may collect your personal information. In some instances, Our agents, service providers, and vendors (“Vendors”) may collect it on Our behalf.

Information you provide directly

We may collect personal information directly from you when you use the Services, enter a sweepstakes, contest, or other promotion, or otherwise fill out a form or make a request on the Services, or where you provide information at an event where We are a sponsor. You may also directly provide information to Us directly when you communicate with or contact Us and fill out surveys.

Information We Collect Automatically

We use cookies and other tracking technologies (“Tracking Technologies”), discussed in further detail below, to collect information about your device and your use of the Services that may constitute personal information.

We may use a variety of technologies that store or collect certain information whenever you visit or interact with the Services. This information may be stored or accessed using a variety of technologies that may be downloaded to your personal computer, browser, laptop, tablet, mobile phone or other device whenever you visit or interact with Our Services.

We may use various tracking Tracking Technologies to collect information on the Service, including the types of information described above in the Information We Collect section. Tracking Technologies include:

Cookies. A cookie is a data file placed on a device when it is used to visit the Service.

Web Beacons. Small graphic images or other web programming code called web beacons (also known as “1×1 GIFs” or “clear GIFs”) may be included in Our Service’s pages and messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a page or e-mail can act as a web beacon. Web beacons or similar technologies can be used to count visitors to the Service, to monitor how users navigate the Service, to count how many e-mails that were sent were actually opened or to count how many links were actually viewed.

Embedded Scripts. An embedded script is programming code that is designed to collect information about the links you click on and other of your interactions with the Service. The code is temporarily downloaded onto your device from Our web server or a third-party service provider, is active only while you are connected to the Service, and is deactivated or deleted thereafter.

Location-Identifying Technologies. Our Service may provide you the ability to enable location-identifying technologies from which may allow Us to collect more precise location data from your devices.

There may be other Tracking Technologies now and later devised and used by Us in connection with the Services.

Information from Other Sources

We may collect personal information from other online and offline sources, such as public databases, data brokers, joint marketing partners, social media platforms (including from people with whom you are friends or otherwise connected) and from other third parties.

How We Use Your Personal Information

Generally, We use and otherwise process personal information to provide you with the Services, personalize Our offerings and marketing, as well as the Service, and to otherwise support Our business operations. Below are more specific examples of various processing purposes for which We use personal information.

  • Providing the Services, including operating and maintaining the Services and verifying that you are of a legal age to visit the Services.
  • Operating Our business, including with respect to consumers as well as with respect to interfacing and interacting with B2B suppliers and partners.
  • Customer service and communications, including to respond to any questions, comments, or requests that you have for Us or for other customer service purposes; sending you communications and notifications about your use of the Services or your other interactions with us, and changes to the Service and/or Service’s policies or other aspects of Our business operations.
  • Research, development, and analytics, including to better understand how users access and use Our Services, both on an aggregated and individualized basis, in order to improve Our Services and respond to user desires and preferences, and for other research, development, and analytical purposes relating to the Services and the operation of Our business. We carry out these activities for a variety of purposes including to conduct data analysis and audits; develop new products and services; enhance, improve, or modify Our Services; and identify usage trends.
  • Advertising and marketing, including to determine relevant advertising audiences, deliver advertisements to you or your device on Our Services and third-party online properties, and to carry out administrative activities as to Our ads and marketing, such as measuring the effectiveness of Our advertising.
  • Personalization: To personalize your experience on the Services, including by presenting products, offers and content tailored to you.
  • Contests and Promotions: allow you to participate in sweepstakes, contests and similar promotions and to administer these activities.
  • Market research and customer satisfaction, including administering surveys and questionnaires, such as for market research or customer satisfaction purposes.
  • Safety and Security, including to respond to and threats, protect and secure Our Services, assets, network, business operations, and users of the Services; and detect, investigate, and prevent activities that may violate Our policies or be fraudulent or illegal.
  • Legal compliance, including to comply with legal process, such as warrants, subpoenas, court orders, and other lawful regulatory or law enforcement requests; enforce Our terms and conditions; protect Our rights, safety, or property and/or that of Our affiliates, you, or others; and comply with applicable legal requirements.
  • For purposes disclosed at the time you provide your personal information.
  • For Our legitimate business purposes that are compatible with the purpose of collecting your personal information and that are not prohibited by law.

How We Share Your Personal Information

We share or otherwise make available personal information as described in this Privacy Policy, including for the processing purposes described in the How We Use Your Personal Information section above, and as follows:

  • Affiliates: We share personal information with other members of Our group of companies for the purposes described in this Privacy Policy.
  • Vendors: We engage Vendors who perform specific business functions on Our behalf, such as website hosting, data management and analysis, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, auditing and other services. These vendors are obligated by contract to use information that We share with them only for the purpose of providing these business functions. Some Vendors may use personal information for their own, limited purposes in relation to their services (fraud prevention, security purposes, etc.) that are permitted by applicable law.
  • Third-party promotional partners: From time to time, We share your information, including contact information, with third parties that co-sponsor or co-brand activities with Heineken, including to permit them to send you marketing communications, as well as with third-party sponsors and administrators of sweepstakes, contests, and similar promotions.
  • Third-Party Services: Third-Party Services may collect your personal information independently on the Services, or We may directly provide them with personal information that We have collected on the Services, including in relation to Interest-Based Advertising and other purposes. This includes online advertising partners and social media platforms described immediately below and which We collectively define as “Third Party Digital Businesses” and use later in this policy.
  • Online advertising partners: We partner with companies that assist Us in Our marketing and advertising efforts, including partners that use Tracking Technologies to collect information in order to personalize, retarget, and measure the effectiveness of advertising. See below under “Your Choices” for information regarding these practices and how to exercise choice with respect to them.
  • Social media platforms: If you interact with Our brand pages on social media platforms, the platform may be able to collect information about you and your interaction with Us. If you interact with social media objects on Our Services (for example, by clicking a Facebook “like” button), both the platform and your connections on the platform may be able to view that activity. To control this sharing of information, please review the privacy policy of the relevant social media platform.
  • Readers of public posts you make: When you User Content on Our message boards, chat, profile pages, blogs, and other services to which you are able to publicly post information and materials, these messages and materials are visible to other users and/or the general public (“Public Postings”) via the Services. Please note that any information you post or disclose via Public Postings will become public information. We urge you to be very careful when deciding to publicly disclose any information on the Services.
  • Government entities/law enforcement: We may disclose your personal information to other persons, organizations, or governmental authorities if We believe in good faith that doing so is necessary or appropriate: (i) to protect or defend the rights, safety or property of Heineken, its affiliates, and its and their employees and representatives, or third parties; (ii) to investigate, prevent, or take action regarding illegal activities, or suspected fraud; (iii) to enforce, investigate, or take action regarding this Privacy Policy, Our Terms of Use, and other applicable agreements and policies; (iv) in litigation or other proceedings in which We or Our affiliates may be involved; and (v) to comply with legal and regulatory obligations and, to the extent not prohibited by applicable law, requests from law enforcement and other public authorities. We will exercise Our discretion in electing to make or not make such disclosures, and to contest or not contest requests for such disclosures, all without notice to you, subject to applicable law or other legal requirements.
  • Other businesses in the context of a Corporate Transaction: To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Our business, assets or stock (including in connection with any bankruptcy or similar proceedings), or in respect of diligence or similar process in relation to any of the foregoing (“Corporate Transaction”).
  • With notice or your consent. We may disclose your personal information to third parties with notice to you, as directed by you, or, where legally required, upon your consent or authorization.
  • Deidentified and/or Aggregate Data. We may disclose data that We de-identify or aggregate such that it is no longer personal information. We do not authorize recipients of information We have de-identified to re-identify the data.

Your personal information may be stored and processed by Vendors and other third parties implicated above in the United States or other locations where they maintain facilities.

Retention

We retain personal information according to Our records retention schedule which sets retention periods for categories of personal information based on Our business needs and legal obligations.

User Content

If the Services permit you to submit content (“User Content”), We or others may store, display, reproduce, publish, distribute, or otherwise use User Content online or offline in any media or format (currently existing or hereafter developed) and may or may not attribute it to you. You choose what User Content you submit. You may be able to submit User Content including ideas, photographs, user profiles, writings, music, video, audio recordings, computer graphics, pictures, data, questions, comments, suggestions, and personal information, to private areas of the Services, or to public areas of the Services such as blogs and message boards. Others may have access to this User Content and may have the ability to disclose it to third parties. Please think carefully before deciding what information you share, in connection with your User Content. Please note that We do not control who will have access to the information that you choose to make public and cannot ensure that parties who have access to such publicly available information will respect your privacy or keep it secure. We are not responsible for the accuracy, use or misuse of any User Content that you disclose or receive from third parties through the Services.

User Content that you submit in public areas of the Services is not subject to Our usage or sharing limitations, or other obligations under this Privacy Policy or otherwise, and may be used and disclosed by Us and third parties, except as prohibited by law. We encourage you to exercise caution when making decisions about what you disclose in such public areas. We are not responsible for User Content you submit to third party services via Our Services.

Third Party Services

The Services may have functionality that allows certain kinds of interactions between the Services and third-party content, web sites, applications, platform, code ((e.g., plug-ins, application programming interfaces (“API”), and software development kits (“SDKs”)), and Tracking Technologies (collectively, “Third-Party Services”). This Privacy Policy does not address, and We are not responsible for, the privacy, information or other practices of any third parties, including any Third-Party Services operating on or in connection with the Services, and any third party operating any site or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by Us or by Our affiliates. You should consult the privacy policies of these Third-Party Services to understand their practices.

For example, you may have an option to use your Facebook, Google or other account provided by a Third-Party Service to interact with the Service, including by logging into the service or posting information from the Service on the Third-Party Service (or vice versa) ( “Social Features”). If We offer and you choose to use Social Features, the Third-Party Service may send personal information about you to us. If so, We will then treat it as personal information under this Privacy Policy since We are collecting it as a result of your accessing of and interaction on Our Service. If you use Social Features, and potentially other Third-Party Services, information you post or provide access to may be publicly displayed on the Service (as described in the User Content section above) or by the Third-Party Service that you use, depending on your privacy settings on each. Similarly, if you post information on a Third-Party Service that references the Service (e.g., by using a hashtag associated with Us in a tweet or status update), your post may be used on or in connection with the Service or otherwise by us. Also, both We and the third party may have access to certain information about you and your use of the Service and any Third-Party Service.

Third-Party Services may use their own Tracking Technologies to independently, collect information about you, including Third-Party Services to which you are directed from the Service, including where you click a link and leave the Services entirely.

Advertising and Analytics

Advertising: We may engage with Third-Party Services to serve advertisements regarding goods and services that may be of interest to you when you access and use the Services and other websites or online services, based on information collected across time and relating to your access to and use of the Services and other websites or online services on any of your devices, as well as on information received from third parties (sometimes referred to as “Interest-based Advertising”).

Analytics: We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout .

See Your Choices below for information on what choices you may have in respect of Our analytics and advertising activities.

Your Choices

Email Unsubscribe: You may opt out of receiving marketing emails from Us by following the instructions contained in each such email. In addition, certain Services may give you the ability to opt out through your account settings. We will try to comply with your request as soon as reasonably practicable. Please note that while you can opt out of receiving marketing-related emails from Us, we will still send you important administrative and transactional emails.

Ad Choices: You have options to limit the information that We and Our partners collect for online advertising purposes.

  • You may disable cookies in your browser or mobile device using their settings menus. Your mobile device may give you the option to disable advertising functionality. Because We use cookies to support Services functionality, disabling cookies may also disable some elements of Our online properties.
  • The following industry organizations offer opt-out choices for companies that participate in them: the Network Advertising Initiative and the Digital Advertising Alliance.
  • You may use Our Privacy and Cookie Preference Center menu here.

If you exercise these options, please be aware that you may still see advertising, but it will not be personalized. Nor will exercising these options prevent other companies from displaying personalized ads to you. You also may not receive advertising or other offers from Us that are relevant to your interests and needs.

Important Notice Regarding Opt-Outs

We are not responsible for effectiveness of, or compliance with, any third parties’ opt-out options or programs or the accuracy of their statements regarding their programs.

You will need to exercise the above choices on each browser or device that you use. Please be aware that if you disable or remove certain Tracking Technologies, some parts of the Services may not work or will function with more limited capabilities. In addition, please note that your choices sometimes rely on Tracking Technologies, such that when you clear or disable them, your choices are reset. Moreover, We may not be able to recognize your computer, and you may need to enter your birthday every time you visit.

Do Not Track Signals: Some web browsers have settings that include “do not track” signals. We do not respond to those signals as there is not a consensus in the industry as to what they mean.

Other Rights: You may have certain rights with respect to your personal information. See Our State Privacy Notice for more information.

Cross-Border Transfer

The Services are controlled and operated by Us from the United States and are not intended to subject Us to the laws or jurisdiction of any state, country or territory other than that of the United States. Your information may be stored and processed in any country where We have facilities or in which We engage service providers, and by using the Services you understand that your information may be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.

Security

We seek to use reasonable organizational, technical and administrative measures to protect information within Our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with Us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify Us at the information in the Contacting Us section below.

State Privacy Notice

Last Updated: see the date at the beginning of this Privacy Policy.

This State Privacy Notice applies to “Consumers” as defined under general consumer privacy laws in the following states as of the date indicated: California, Virginia, Connecticut, Colorado, and Utah (already applicable as of the Last Updated date); Oregon and Texas (as of July 1, 2024); Montana (October 1, 2024) (“State Privacy Laws”). You can find more information about these laws, and a copy of them, here. This State Privacy Notice is a supplement to Our other privacy policies or notices, including the remainder of this Privacy Policy. In the event of a conflict between any other Heineken policy, statement, or notice and this State Privacy Notice, this State Privacy Notice will prevail as to Consumers and their rights under the applicable State Privacy Law.

This U.S. State Privacy Notice is designed to provide you with notice of our recent, historical data practices over the prior 12 months (from the Last Updated date listed at the top of this State Privacy Notice) which is required under some of the State Privacy Laws. However, this State Privacy Notice also applies to our current data practices such that it is also meant to comply with other requirements to provide current practices which under California’s law is referred to as “notice at collection,” which is notice of personal information We collect online and offline, and the purposes for which We process personal information, among other things that are required. For any new or substantially different processing activities that are not described in this State Privacy Notice, We will notify you as legally required. We reserve the right to amend this State Privacy Notice at our discretion and at any time. When we make changes to this State Privacy Notice, We will post an updated version on the Service and update the Last Updated date.

PI Collection, Use and Disclosure according to Categories of PI

We collect, retain, use, and disclose personal information (which we also refer to as “PI”) for the business and commercial purposes described above, including in the sections entitled How We Collect Information, How We Use Your Personal Information, and How We Share your Personal information ( “Processing Purposes”). Some of the Processing Purposes implicate “Sale,” “Sharing”, and/or processing for purposes of “Targeted Advertising” by Us. For more details on the meaning of Sale, Sharing, and Targeted Advertising, and how to opt-out of those activities, please visit the Do Not Sell/Share/Target section below.

The left column in the table below describes the categories of PI We collect. Please refer to the Information We Collect section above, where certain categories are explained in further detail. The right lists, for each category of PI, the categories of recipients that receive those specific categories of PI and Sensitive PI as part of disclosures for business purposes.

Category of PI (see Information We Collect for descriptions)

Recipients of business purpose disclosures

Identifiers

  • Software, IT, and other business Vendors (“Business Vendors”)
  • Website and App Management Vendors (e.g., security, analytics, etc.).
  • Marketing Vendors
  • Third-Party Promotional Partners
  • Third-Party Digital Businesses
  • Affiliates

Contact Information

  • Business Vendors
  • Website and App Management Vendors
  • Marketing Vendors
  • Third-Party Promotional Partners
  • Third-Party Digital Businesses
  • Affiliates

Personal Records (information defined in Cal. Civ. Code Section 1798.80) (note, this category is not included above; it includes information from many other categories, including Identifiers and Contact Information)

  • Business Vendors
  • Website and App Management Vendors
  • Marketing Vendors
  • Third-Party Promotional Partners
  • Third-Party Digital Businesses
  • Affiliates

Personal Characteristics and Traits

  • Business Vendors
  • Website and App Management Vendors
  • Marketing Vendors
  • Third-Party Promotional Partners
  • Third-Party Digital Businesses
  • Affiliates

Commercial Information

  • Business Vendors
  • Website and App Management Vendors
  • Marketing Vendors
  • Third-Party Promotional Partners
  • Third-Party Digital Businesses
  • Affiliates

Geolocation Information (as a reminder, this information is not precise geolocation, but only precise enough to identify zip code)

  • Business Vendors
  • Website and App Management Vendors
  • Marketing Vendors
  • Third-Party Digital Businesses
  • Affiliates

Services Usage Information

  • Business Vendors
  • Website and App Management Vendors
  • Marketing Vendors
  • Third-Party Digital Businesses
  • Affiliates

Audiovisual or Similar Information

  • Business Vendors
  • Affiliates

Professional or Employment-Related Information (if you interact with Us in a business-to-business context)

  • Business Vendors
  • Affiliates

Inferences

  • Business Vendors
  • Website and App Management Vendors
  • Marketing Vendors
  • Third-Party Digital Businesses
  • Affiliates

Sensitive Personal Characteristics (we may collect your ethnicity if you engage or interact with certain of Our Vendors or Third-Party Services )

  • Business Vendors
  • Third-Party Digital Businesses
  • Affiliates

Our Vendors and the other recipients listed in the above table may, subject to contractual restrictions imposed by Us and/or legal obligations, also use and disclose your PI for business purposes. For example, Our Vendors and the other categories of recipients listed in the table above may engage subcontractors to enable them to perform services for Us or process for Our business purposes.

The categories of sources from which we collect personal information are described above (including in the How We Collect Information section) include you, your device, Third-Party Services, Vendors, affiliates, and other third parties.

The categories of PI that we may Sell or Share to Third-Party Promotional Partners are: Identifiers, Contact Information, Personal Records, Personal Characteristics and Traits, and Commercial Information. The categories of PI that we may Sell or Share to Third-Party Digital Businesses, which are online advertising partners and social media platforms that assist Us in Our advertising and marketing activities, are: Identifiers, Contact Information, Personal Records, Personal Characteristics and Traits (including the Sensitive Characteristics and Traits listed in the table), Commercial Information, Geolocation Information, Services Usage Information, and Inferences.

Processing Purposes Implicating Sale, Sharing, and Targeted Advertising

When you provide Us PI for the following processing purposes, we may use certain information, such as your email address, that you provide for such purposes, to advertise to you. This may include making available your PI to certain third parties in ways that may constitute a Sale and/or Sharing, as well as using your PI for purposes of Targeted Advertising.

  • Providing the Services
  • Contests and promotions
  • For purposes disclosed at the time you provide your information

Processing purposes that may implicate Selling, Sharing, and/or Targeted Advertising include the following:

  • Marketing and advertising
  • Sweepstakes and promotions
  • For purposes disclosed at the time you provide your information

Data Retention

Because there are so many different types of PI in certain categories, and so many purposes and use cases for different data, we are unable to provide retention ranges based on categories of PI in a way that would be meaningful and transparent to you. Actual retention periods for all PI will depend upon how long we have a legitimate purpose for the retention consistent with the collection purposes and applicable law. For instance, we may maintain business records for so long as relevant to Our business and may have a legal obligation to hold PI for so long as potentially relevant to prospective or actual litigation or government investigation. We apply the same criteria for determining if we have a legitimate purpose for retaining your PI that you ask Us to delete. If you make a deletion request, we will conduct a review of your PI to confirm if legitimate ongoing retention purposes exist, will limit the retention to such purposes for so long as the purpose continues, and will respond to you with information on any retention purposes on which we rely for not deleting your PI. For more information on deletion requests see the Right to Delete section.

Notice of Financial Incentive

From time-to-time, we may offer you the opportunity to participate in sweepstakes, contests, or other promotions (collectively “Promotion(s)” , which may qualify as a “price or service difference” or “financial incentive” under California law (collectively, “incentive programs” ). The categories of personal information we collect and process in connection with your participation in the Promotions include identifiers, contact information, personal records, commercial information, Service usage information, and inferences.

You may opt-in to Promotions by signing up to them, typically through an online form we provide. Because Promotions are typically not ongoing programs, you cannot opt-out of Promotions once you have signed up (unlike a loyalty or points program that is ongoing, where you can opt-out from ongoing participation). You can, however, exercise your privacy rights by following the instructions below. If we provide any other incentive programs that provide ongoing benefits or otherwise which you can opt-out of, we will provide you with information on how to do so by updating this section or when you sign up.

We are required to explain how incentive programs we offer are reasonably related to the value that We receive from the personal information We collect in connection with the incentive programs. In addition to administering the Promotions, we use and disclose the personal information you provide for the other purposes described in Our privacy policy, including marketing and advertising purposes. These activities generate revenue for Us that We believe is reasonably related to the benefit you receive from participating in the sweepstakes. We treat the value of your personal information that we collect in connection with Promotions as equivalent to the potential increase in revenue attributable to additional marketing customization value to the consumer due to the enriched understanding, minus the program expenses associated with a Promotion. We calculate that value by looking at the potential additional marketing customization value to the consumer due to the enriched understanding of said consumer to determine the average value of the data based on the attribute collected. For this reason, Promotions are reasonably related to the value of the consumer’s data that we receive in connection with Promotions.

State Privacy Rights

As described in further detail below, we provide Consumers – which are, for clarity, residents of certain states listed at the beginning of this State Privacy Notice – the privacy rights described in this section. For residents of states without Consumer privacy rights, we will consider requests but will apply Our discretion in how we process such requests. For states that have passed consumer privacy laws but are not yet in effect as of the Last Updated date, we will also consider applying state law rights prior to the effective date of such laws but will do so in Our discretion.

Immediately below, we describe what privacy rights Consumers may have under the State Privacy Laws. See the Making a Request and Scope of Requests section below for information on how to make a request.

Your Privacy Rights under the State Privacy Laws

Appeal Rights

Residents of Colorado, Connecticut, Montana, Oregon, Texas, Virginia have the right to appeal Our decision regarding a request by following the instructions in Our response to your request.

Right to Limit Sensitive PI Processing

Certain personal information qualifies as sensitive data or sensitive PI under the State Privacy Laws, which we refer to in this U.S. State Privacy Notice as “Sensitive PI”. We may use and disclose Sensitive PI for purposes beyond certain internal purposes and therefore, where required by law, provide you with the right to direct Us to limit Our use and disclosure of Sensitive PI beyond certain internal business purposes.

Right to Know/Access

Right to Know Categories

If you are a California resident, you have the right to request that we share with you certain information to you about Our collection, use and disclosure of your PI over the 12-month period prior to the request date, related to categories of PI. You can request that we disclose to you: (1) the categories of PI we collected about you; (2) the categories of sources for the PI; (3) Our business or commercial purpose for collecting or selling that PI ; (4) a list of the categories of PI disclosed for a business purpose in the prior 12 months and, for each category of PI, the categories of recipients; and (5) a list of the categories of PI sold or shared about you in the prior 12 months and, for each, the categories of recipients.

Oregon residents have a right to request the third parties (non-processors/service providers) to which we have disclosed personal information. If you are an Oregon resident and if you make a Right to Know Categories request, we will provide you with this information in our response to your Verifiable Consumer Request.

Right to Know Specific Pieces

You have the right to request a transportable copy of the specific pieces of PI we collected about you. If you are a California resident, we reserve the right to provide only PI collected on or after the CCPA’s lookback date, which is January 1, 2022. Please note that PI is retained by Us for various time periods, so there may be certain information that we have collected about you that since the lookback date, but that we no longer retain; there also may be personal information collected 12 months prior to your request that proves impossible to provide or that would involve disproportionate effort to provide (and thus, it would not be able to be included in Our response to you). Please also note that you may be limited to making two “right to know” requests in any 12-month period depending on your state of residence.

Right to Confirm Processing

You have the right to confirm if we are processing your PI, which you can request pursuant to the methods above, and to access your personal information as just stated in the two immediately prior paragraphs.

Right to Delete

You have the right to request that we delete any of your PI that we have collected directly from you and retained, subject to certain exceptions which we will explain (if they apply). After we confirm that your deletion request is a Verifiable Consumer Request, subject to permitted retention exceptions, we will carry out one or more of the following: (i) permanently erase your PI on Our existing systems with the exception of archived or back-up systems, (ii) deidentify your PI, or (iii) aggregate your PI with other information. In Our response to your request to delete, we will tell you the method for deleting your PI. Where legal exceptions will apply to your request for deletion, we will tell you which one(s) and will limit retention to the permitted purpose(s).

Right to Correct

You have the right to request that we correct inaccuracies that you find in your personal information maintained by us. Your request to correct is subject to Our verification (discussed above) and the response standards in the applicable State Privacy Laws.

Do Not Sell/Share/Target

Under the various State Privacy Laws, Consumers have the right to opt-out of certain processing activities. California and certain other states have opt-outs specific to Targeted Advertising activities, which involve the use of PI from different businesses or services to target advertisements to you. California’s law refers to these activities as “cross-context behavioral advertising” while other state laws refer to these activities simply as Targeted Advertising. California provides Consumers the right to opt-out of Sharing, which includes providing or making available PI to third parties for such Targeted Advertising activities, while other states provide Consumers the right to opt-out from processing PI for Targeted Advertising more broadly. There are broad and differing concepts of the Sale of PI under the various U.S. State Privacy Laws, all of which at a minimum require providing or otherwise making available PI to a third party.

Third-Party Digital Businesses may associate Tracking Technologies on Our Services that collect PI when you use or access the Services, or otherwise collect and process PI that we make available about you, including some of the categories of PI in the table above. Giving access to PI on Our Services, or otherwise, to Third-Party Digital Businesses could be deemed a Sale and/or Sharing and could implicate Targeted Advertising under some state laws. Therefore, we will treat such PI collected by Third-Party Digital Businesses (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) as such, and subject to the opt-out requests described above. In some instances, the PI we make available about you is collected directly by such Third-Party Digital Businesses using Tracking Technologies on Our Service or Our advertisements that are served on third-party sites (which we refer to as “cookie PI”). However, certain PI which we make available to Third Party Digital Businesses is information that we have previously collected directly from you or otherwise about you, such as your email address (which we refer to below as “non-cookie PI”).

When you opt-out pursuant to the instructions below, it will have the effect of opting you out of Sale, Sharing, and Targeted Advertising, such that Our opt-out process is intended to combine all these state opt-outs into a single opt-out. Instructions for opting out are below. Please note that there are distinct instructions for opting out of cookie PI and non-cookie PI, which we explain further, below. This is because we have to use different technologies to apply your opt-out of cookie PI and to non-cookie PI.

Opt-out for non-cookie PI: If you would like to submit a request to opt-out of Our processing of your non-cookie PI (e.g., your email address) for Targeted Advertising, or opt-out of the Sale or Sharing of such data, make an opt-out request here.

Opt-out for cookie PI: If you would like to submit a request to opt-out of Our processing of your cookie-related PI for Targeted Advertising, or opt-out of the sale/sharing of such PI, you need to exercise a separate opt-out request on Our cookie management tool by going to the preference center of the tool, which you can do by either clicking “Your Privacy Choices” on Our cookie banner when it is presented upon your first visit, or by clicking Do Not Sell or Share My Personal Information. Our cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of Our websites you visit, from each browser you use, and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective, and you will need to enable them again via Our cookie management tool. Beware that if you use ad blocking software, Our cookie banner may not appear when you visit Our Services.

Some of the State Privacy Laws also require Us to state that we do not knowingly Sell or Share the PI of Consumers under 16.

For more information on how to limit Interest-based Advertising using your browser settings, mobile device settings, or ad industry tools, please see Your Choices above. Please note, clearing cookies or changing settings may affect your choices and you have to opt-out separately via each browser and other device you use. Cookie-enabled opt-out signals may no longer be effective if you delete, block or clear cookies. We are not responsible for the completeness, accuracy or effectiveness of any third-party notices, tools, or choices.

Global Privacy Control

Some of the State Privacy Laws require businesses to process Global Privacy Control (or GPC) signals, which are referred to in some states as opt-out preference signals. GPC signals are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of Sale, Sharing and/or Targeted Advertising or limit the use and disclosure of their Sensitive PI, such that the GPC signal effectively automatically communicates such requests. To use GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable GPC. To Our knowledge, we have configured the settings of Our consent management platform to receive and process GPC signals on Our websites, as explained by Our consent management platform here .

Please note that when we receive and process a GPC signal, we will apply such signal as an opt-out of Sale and Sharing as to cookie PI. To make a Do Not Sell/Share/Target request as to non-cookie PI, please visit the Do Not Sell/Share/Target Section above.

California law requires Us to state that we do not: (1) charge a fee for use of Our websites if you have enabled GPC; (2) change your experience with Our websites if you use GPC; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the GPC.

Automated Decision-making and Profiling

As of the Last Updated date, the definitions of automated decision-making and profiling, and any associated opt-out and access rights have not been finalized and added to the updated regulations of the California law. We do not believe we carry out these activities as defined in other state laws.

Right to Non-Discrimination

You have the right to not receive discriminatory treatment, in a manner prohibited by the State Privacy Laws, for the exercise of your privacy rights.

Making a Request and Scope of Requests

As permitted by the State Privacy Laws, certain requests you submit to Us are subject to an identity verification process (“Verifiable Consumer Request”) as described in the “Verifying Your Request” section below. We will not fulfill your request unless you have provided sufficient information for Us to reasonably verify you are the Consumer about whom we collected PI.

To make a request, please use one of the methods below. For additional instructions on how to submit a Do Not Sell/Share/Target request as to Cookie PI, visit that section).

  • Calling Us at 1-833-983-5070.
  • Visit Our webform

Some information we maintain about Consumers that is technically considered PI may, nonetheless, not be sufficiently associated with information that you provide when making your request. For example, if you provide your name, email address, and phone number when making a request, we may be unable to associate that with certain data collected on the Service, such as clickstream data tied only to a pseudonymous browser ID. Where we are unable to associate such information with the information you provide, we do not include such information in response to those requests. If we cannot comply with a request, we will explain the reasons in Our response. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses unless you also gave it to Us for another purpose.

We will make commercially reasonable efforts to identify PI that we collect, process, store, disclose, and otherwise use and to respond to your privacy requests. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

Verifying your Request

When you make a request, we will verify that you are the person you say you are, or, if you are seeking information on behalf of another person, that you are authorized to make the request on their behalf (see Our “Authorizing an Agent” section immediately below). In addition, we will compare the information you have provided to ensure that we maintain personal information about you in Our systems. As an initial matter, we ask that you provide Us with, at a minimum, your email address and phone number or email. Depending on the nature of the request and whether we have the phone number or email address you have provided in Our systems, we may request further information from you to verify that you are, in fact, the Consumer making the request. We will review the information provided as part of your request and may ask you to provide additional information via email or other means to complete the verification process. We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces), Right to Delete, or Right to Correction request unless you have provided sufficient information for Us to reasonably verify you are the Consumer that is the subject of the request. The same verification process does not apply to opt-outs of Sale or Sharing, or limitation of Sensitive PI requests, but we may apply fraud prevention measures (such as verifying access to the email address or phone number provided when making the request).

The verification standards we are required to apply for each type of request vary. We verify your categories requests and certain deletion and correction requests (e.g., those that are less sensitive in nature) to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you. For certain deletion and correction requests (such as those that relate to personal information that is more sensitive in nature) and for specific pieces requests, we apply a verification standard of reasonably high degree of certainty. This standard includes matching at least three data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you, and may include obtaining a signed declaration from you, under penalty of perjury, that you are the individual whose personal information is the subject of the request.

If we cannot verify you in respect of certain requests, such as if you do not provide the requested information, we will still take certain action as required by certain State Privacy Laws. For example, if you are a California Consumer:

  • If we cannot verify your deletion request, we will refer you to this State Privacy Notice for a general description of Our data practices.
  • If we cannot verify your specific pieces request, we will treat it as a categories request.

Authorizing an Agent

You may designate an authorized agent to submit a request on your behalf using the submission methods described above. If you are an authorized agent who would like to make a request, the State Privacy Laws require that we ensure that a request made by an agent is a Verifiable Consumer Request (except Do Not Sell/Share requests) and allows Us to request further information to ensure that the Consumer has authorized the agent to make the request on their behalf. Generally, we will request that an agent provide proof that the Consumer gave the agent signed permission to submit the request, and, as permitted under the State Privacy Laws, we also may require the Consumer to either verify their own identity or directly confirm with Us that they provided the agent permission to submit the request.

Other State Law Rights

There are some laws other than the State Privacy Laws mentioned above under which you may have rights.

Under California Civil Code section 1798.83, California residents have the right to request and receive from Heineken, once a year, free of charge, information about the personal information we have disclosed (if any) to third parties for their marketing purposes during the previous calendar year, and a description of the categories of personal information shared. To make such a request, please submit a request by clicking here or call Us at 1-833-983-5070.

Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to third parties. If you are a Nevada resident and would like more information about Our data sharing practices, please contact us. Currently, we do not believe we engage in sales as defined under Nevada law. If you are a Nevada resident and would like more information about Our data sharing practices, please contact us.

Updates to this Privacy Policy

We may update this Privacy Policy (including the State Privacy Notice Section) from time to time. The “LAST UPDATED” date at the top of this Privacy Policy indicates when this Privacy Policy was last updated. Any changes will become effective when we post the revised Privacy Policy on the Services.

Contacting Us

If You have any questions or concerns regarding this Privacy Policy or Our data practices, please send an e-mail to privacy@heinekenusa.com.

If you are a Heineken employee (current or former), independent contractor, consultant, or job applicant, please click here for the applicable privacy policy.