Kum & Go, L.C. Privacy Policy

Privacy Notice

Revised 8/1/2024 and effective 8/1/2024

Download | Regional Rights | Washington State Consumer Health Data Privacy Policy

This is the Privacy Notice (the “Privacy Notice” or the “Notice”) of Maverik, Inc., a Utah Corporation, and its affiliates, subsidiaries, and related companies (collectively, “we,” “us,” “our”, or the “Maverik Companies”). This Privacy Notice is here to help you understand how we collect, process, and share your Personal Information (as defined below). We also describe our security practices with respect to your Personal Information, as well as your rights & choices with respect to how we process that Personal Information. Please read this Privacy Notice carefully.

 

NAVIGATION

How to Contact Us/Controller

When This Privacy Notice Applies

Changes to this Notice

Categories and Sources of Personal Information

Categories of Personal Information We Collect

Processing Purposes

Disclosure/Sharing of Personal Information

International Transfers of your Personal Information

Your Rights & Choices

Data Security

Data Retention

Minors

Website Notice of Accessibility

Additional State Rights, Including Your California Privacy Rights

Washington State - Consumer Health Data Privacy Policy

How to Contact Us/Controller

If you have questions, comments or concerns about our Privacy Notice and privacy practices, or if you wish to issue a request to exercise your rights where applicable by law, please contact our team as follows:

Data Rights Requests, Compliance, and Updates: You may have various privacy rights depending on your state of residence. Please see further details below. To exercise these rights, you may visit our Your Privacy Choices portal, call Customer Service at (800) 789-4455, or email us at privacy@maverik.com.

General Inquiries: For all other questions or concerns, please email CustomerService@maverik.com.

When This Privacy Notice Applies

This Privacy Notice applies to your use of our “Services,” which include the following:

  • Our “Digital Services” - Our websites (“Sites”), mobile applications (“Mobile Apps”), social media pages, and other online services;
  • Our “Stores” – Our offline services you use when you visit one of our convenience store locations; and
  • Our other interactions with you, such as when you send us mail, give us call, or otherwise interact with us outside of our Sites or Stores.

Personal Information collected by the Maverik Companies and used in the context of the job application process is covered by our Job Applicant Privacy Notice. Personal Information collected by the Maverik Companies and used in the context of Human Resources, employment, and other internal business functions is covered by our Employee/HR Privacy Policy, which is available to Employees upon application or commencement of employment and Contractors upon engagement of services.

This Privacy Notice does not apply to Personal Information governed by the Gramm-Leach-Bliley Act (“GLBA”), including Personal Information collected by the Maverik Companies when you sign up for a Nitro® Card or an &Rewards℠ Debit Card. In accordance with the GLBA privacy rule, for information on how we collect, share, and protect your Personal Information when you apply for a Nitro® Card, please view our Nitro Card Agreement, when you apply for an &Rewards℠ Debit Card, please view our &Rewards℠ Terms and Conditions.

By using our Services and/or submitting your Personal Information to us, you are accepting and acknowledging the practices and uses described in this Privacy Notice.

Changes to this Notice

We may make changes to this Privacy Notice from time to time. Any changes to the Privacy Notice will be posted on the website at www.maverik.com, and such changes will become effective when they are posted. Your continued use of our Sites or other Services following the posting of any changes will mean you accept those changes.

Categories and Sources of Personal Information

Categories of Personal Information We Collect

In order to provide our Services, we may collect and process information that relates to identified or identifiable individuals (“Personal Information” or “PI”). We collect and process the following categories of Personal Information (note, specific Personal Information elements are examples and may change):

Identity Data: Personal Information about you and your identity, such as your name, address, email address, phone number, account ID or usernames, date of birth, age, and other Personal Information you may provide when you sign up for one of our Loyalty Programs (described below), as part of your account profile, or in other interactions with us.
Contact Data: Identity Information that relates to information about how we can communicate with you, such as email, phone numbers, physical addresses, social media handles, and information you provide to us when you contact us by email or when you communicate with us via social media or otherwise.
Audio/Visual Data: Recordings and images collected from our surveillance cameras when you visit our Stores and areas adjacent to them, as well as audio files and records, such as voice mails, call recordings, and the like.
Device/Network Data: Personal Information relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session history and similar browsing metadata, and other data generated through applications and browsers, including via cookies and similar technologies.
General Location Data: Personal Information relating to non-precise physical location data, such as state or city associated with your zip code.
Inference Data: Personal Information we infer or create about you, e.g. preferences, characteristics, interests, marketing segments, likes, favorites and other data or analytics.
User Content: Personal Information included in content provided by users of the Services in any free-form or unstructured format, such as in a "contact us" box, free text field, satisfaction survey, in a file or document, or messages to us.
Transaction Data: Information about the Services we provide to you and about transactions you make with Maverik Companies or other companies operating through us or on our behalf, information about purchases and the method of payment you have used for purchases, what has been provided to you, when and where and, if applicable, how much you paid, and similar information.
Sensitive Personal Information: This may include:
  • "Government ID Data" Data relating to official government identification, such as driver's license or passport numbers, including similar Identity Data protected as Sensitive Data under applicable law.
  • "Payment Data" Information such as bank account details, payment card number and other payment card data, including similar data protected as Sensitive Data under applicable law, and relevant information in connection with a financial transaction.
  • "Precise Location Data" Data from GPS, WiFi triangulation, certain localized Bluetooth beacons, or technologies used to locate you at a precise location and time
  • "Log-in Data" Data in combination with any required security or access code, password, or credentials allowing access to an account
Consumer Health Data: Personal information linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status as defined under the Washington My Health My Data Act. For more information, please review our Consumer Health Data Privacy Policy.

Sources of Personal Information

We collect Personal Information from various sources based on the context in which the Personal Information will be processed:

From You: We collect Personal Information from you directly, for example, when you input information into an online form, sign up for a Loyalty Program, communicate to us verbally, or otherwise interact with us directly.
Collected Automatically: We may collect certain Personal Information automatically. This information includes computer and connection information, such as statistics on your page views, traffic to and from our Sites, referral URL, ad data, your IP address, and device identifiers. This information also may include your transaction history, and your web log information, how you search for our Sites, the websites you click on from our Sites or emails, whether and when you open our emails, and your browsing activities across other websites.Much of this information may be collected through Cookies, as defined below, web beacons, and other tracking technologies, as well as through your web browser or device (e.g., IP address, MAC address, browser version, etc.). Cookies consist of portions of code installed in the browser that assist the website owner in providing the website services according to the purpose described. Most web browsers automatically accept Cookies but, if you prefer, you can usually modify your browser setting to disable or reject Cookies. If you delete your Cookies or if you set your browser to decline Cookies, some features of our Digital Services may not be available, work, or work as designed.
From Social Media: We receive Personal Information from social media companies who may transfer Personal Information to us when you connect to, authenticate through, or interact with us or our Sites using a social media platform (such as by clicking on a social media icon linked from our Digital Services) including Personal Information related to your contacts, calendars, profile picture, the contents of your posts or other communications, and other information the platform makes available. If you choose to log in to your account with or through a social networking service or third-party service, we and that service may share certain information about you and your activities. You should check your privacy settings on these platforms and third party services to understand what information is made available to us, and you may be able to change the settings for these platforms or services to prevent, limit or otherwise control the information made available to us.
From Third Party Services: We receive Personal Information from third parties with whom we have a relationship in connection with a relevant transaction, for example, when you connect to, authenticate through, or interact with us or our Digital Services using a third party service (such as a Google account) or if you make a purchase on our Digital Services in which the transaction is processed by a third party service provider.
Personal Information We Create and Infer: We, certain partners, social media companies, and third parties operating on our behalf create and infer Personal Information such as Inference Data or Aggregate Data based on our observations or analysis of other Personal Information processed under this Notice, and we may correlate this data with other data we process about you. We may combine any Personal Information about you that we receive from you and from third parties.

Data Processing Contexts / Notice at Collection

Note: please click the following links to view information on Data Retention or Regional Data Rightsfor any of the processing contexts described below.

When you use our Services, we process your Personal Information in specific contexts and for certain specified purposes, as well as for our general business purposes and, in some cases, for commercial purposes.We process Personal Information in the contexts and for the purposes set forth below:

When You Visit Our Stores

We generally process Identity Data, Payment Data, Transaction Data, and Contact Data when you interact with us at our Stores, including when you make a purchase. We may process this data in combination with Audio/Visual Data, Inference Data, and Location Data that we collect and/or create as necessary in connection with certain legitimate business interests in verifying your identity, for authentication and security purposes, and helping us to ensure our customers are genuine and to prevent fraud.

When you access or use our Sites or Mobile Apps

When you use our Digital Services, we automatically collect and process Device/Network Data, Identity Data, and Inference Data (including through the use of cookies and similar technologies). We may process Transaction Data when you make a purchase through our Digital Services. We use this data as necessary to initiate or fulfill your requests for certain features or functions through our Digital Services, such as keeping you logged in, delivering pages, etc. We may also use this data as necessary in connection with our Business Purposes, such as allowing you to participate in interactive features on our Digital Services; carrying out our obligations and enforcing our rights arising from any contracts entered into between you and us; ensuring the security of our Digital Services and other technology systems; and analyzing the use of our Digital Services, to help us make improvements.

Our Sites process General Location Data. We may also process Precise Location Data through our Mobile App if you consent. We use this data, together with Inference Data and Device/Network Data in order to provide contextual information to you, such as the distance to your nearest Store, or to show you content related to your location. We may also use this information in connection with our legitimate business interests, such as, creating aggregate information about users’ location and patterns, which we use to personalize, optimize, and improve our Sites, and for our otherBusiness Purposes and Commercial Purposes (which may include data sales/sharing).

Cookies, Tracking and Interest-Based Advertising

We may process Identity Data, Device/Network Data, Contact Data, Preference Data, Transaction Data, and General Location Data, in connection with our use of cookies and similar technologies on our Digital Services. We may collect this data automatically.

We and authorized third parties may use cookies and similar technologies for the following purposes:

  • for “essential” purposes necessary for our Digital Services to operate (such as maintaining user sessions, CDNs, and the like);
  • for “functional” purposes, such as to enable certain features of our Digital Services (for example, to allow a customer to maintain an online shopping cart);
  • for “analytics” purposes and to improve our Digital Services, such as to analyze the traffic to and on our Digital Services (for example, we can count how many people have looked at a specific page, or see how visitors move around the website when they use it, to distinguish unique visits/visitors to our Digital Services, and what website they visited prior to visiting our website, and use this information to understand user behaviors and improve the design and functionality of the Digital Services);
  • for “retargeting,” Targeted Advertising, or other advertising and marketing purposes, including technologies that process Preference Data or other data so that we can deliver, buy, or target advertisements which are more likely to be of interest to you; and
  • for “social media” e.g. via third-party social media cookies, or when you share information using a social media sharing button or “like” button on our Services or you link your account or engage with our content on or through a social networking website such as Facebook or Twitter.

We may also process this Personal Data for our Business Purposes and Commercial Purposes (which may include data sales/sharing). See your Rights & Choices for information regarding opt-out rights for cookies and similar technologies.

Third parties may view, edit, or set their own cookies or place web beacons on our websites. We, or third party providers, may be able to use these technologies to identify you across platforms, devices, sites, and services. Third parties may engage in Targeted Advertising using this data. Third parties have their own privacy policies and their processing is not subject to this Policy.

When You Make a Purchase

In-Store Purchases

We generally process Identity Data, Payment Data, Transaction Data, and Contact Data when you engage in a purchase and sale transaction at one of our Stores. We process this Personal Information as necessary to perform or initiate a contract with you, process your order and payment, and carry out fulfillment and delivery. In addition, we may also collect or create Device/Network Data and Inference Data. This data, together with other data we collect in this context is used as necessary in connection with certain legitimate business interests, such as ensuring the security of our Services and to prevent fraud, or providing you with information about our Services, to contact you about administrative matters, to manage and respond to any queries or complaints you make or any correspondence you send us.

Online Purchases

We process Identity Data, Payment Data, Transaction Data, Contact Data, Inference Data, and Device/Network Data when you complete an online purchase and sale transaction using our Digital Services. We do not permanently store your Payment Data, except at your request.

We process this Personal Data as necessary to perform or initiate a transaction with you, process your order, payment, or refund, carry out fulfillment and delivery, document transactions, and for our Business Purposes. We may process Identity Data, Transaction Data, Contact Data, and Device/Network Data for Commercial Purposes (which may include data sales/sharing). We do not sell or “share” Payment Data or use it for Business Purposes not permitted under applicable law.

When You Join one of our Loyalty Programs (Bona Fide Loyalty Program Disclosures) – Including Creating a Maverik or Kum & Go Account

When you sign up for the Adventure Club, Nitro® Card, &Rewards℠, or the &Rewards℠ Debit Card, or if you engage in one of our promotions or clubs (our “Loyalty Programs”) and create an account with us, we and our third-party processor may collect Identity Data, Device/Network Data, Location Data, Contact Data, Payment Data, and Sensitive Personal Information, such as account log-in, username and password, financial account information, and social security number. A full name, email address, phone number, birth date, and state is required to register for an account. Financial account information and social security number are required in order to process your application for any of our debit or credit cards which can be used for payments.

We generally process this Personal Information to open and maintain your account, provide you with information relevant to your account, provide the features and services you request, and for our Business Purposes. We may process Identity Data, Location Data, Device/Network Data, and Contact Data for our Commercial Purposes (which may include data sales/sharing). We use your phone number to set up multi-factor authentication for your account (“MFA”), however we will not sell, nor will we share your phone number with third parties outside of what is needed in connection with MFA (unless you expressly consent to such sharing and where permitted by applicable law). We do not sell, “share,” or process social security numbers, financial information, or other Sensitive Personal Information for Business Purposes not permitted under applicable law. We may use other Personal Information to respond to any emails or other communications you send to us, to advise you of any changes to our Digital Services or any products or services we offer or provide through them, or to advise you of any problems with our Services. In addition, subject to applicable law, we may also enroll you in email marketing communications, e.g. with information regarding products, services and events offered by the Maverik Companies or third parties that we believe you may be interested in. You may opt-out of receiving our email marketing communications by contacting us directly at privacy@maverik.com, by following the “unsubscribe” process at the bottom of the promotional email, or by following the opt-out process in your account.

In addition, subject to applicable law, we may also enroll you in email marketing communications, e.g. with information regarding products, services and events offered by the Maverik Companies or third parties that we believe you may be interested in. You can withdraw your consent to receive marketing communications by clicking on the unsubscribe link in an email (for email), by following the “unsubscribe” process at the bottom of the promotional email, by following the opt-out process in your account, or by contacting us. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.

For information on the categories of third parties that will receive Personal Information through our Loyalty Programs, please review the Disclosure/Sharing of Personal Information section.

Please also see our Loyalty Programs Notice of Financial Incentives :

Members of Maverik Companies’ Loyalty Programs may receive certain benefits as a result of their disclosure of Personal Information to the Maverik Companies and allowing the Maverik Companies to process, sell and share their information in accordance with and as further described in the applicable Adventure Club Terms and Conditions and the &Rewards Terms & Conditions. These benefits may include special offers, discounts, giveaways, and rewards, all of which are reasonably related to our good faith estimate of the value we receive from the Personal Information you disclose to us. We estimate that the value of Personal Information you provide to us by considering, without limitation, the expenses we incur from collecting your Personal Information and/or providing the financial incentive to you, the revenue generated by your use of the financial incentive, and any improvements we can make to our products and services based on aggregating information obtained through the financial incentive program.

If you wish to join the Adventure Club or apply for a Nitro Card, please complete the form here. If you join the Adventure Club, we will collect your first name, last name, email address, phone number, birth date, state, and password. If you apply for a Nitro Card, we will collect your first name, last name, email address, phone number, and address. For more information on the terms of the Adventure Club, please click here, and for more information on the Nitro Card, please click here.

If you wish to join the &Rewards℠ or apply for an &Rewards℠ Debit Card, please sign up here. If you join &Rewards℠, we will collect your first name, last name, email address, phone number, state, and password. If you proceed with age-verification (required for certain purchases), we will also collect your birth date. If you apply for an &Rewards℠ Debit Card, we will collect your first name, last name, email address, phone number, and address. For more information on the terms of &Rewards℠, please see here, and for more information on the &Rewards℠ Debit Card, please see here.

You may terminate your membership in one of our Loyalty Programs at any time by contacting the Maverik Companies Customer Service at (800)789-4455.

Additionally, the Maverik Companies use the following methods to communicate with Loyalty Program members: email, push notifications, SMS, calls, and direct mail via address.

Note: In some jurisdictions you may have a right to delete certain Personal Information that we hold about you. By exercising your right to delete, you are withdrawing from our Loyalty Programs because our Loyalty Programs offer specific benefits based on your place of residence and age (if provided).

Marketing Communications

We may process Identity Data, Device/Network Data and Contact Data in connection with email marketing communications (such as promotional emails), which you might receive if you register for an account, choose to receive marketing communications, or engage in a transaction allowing us to send you those marketing communications. We may also automatically collect Device/Network Data when you open or interact with those marketing communications so that we can better understand engagement with our marketing communications. We may process Precise Location Data if you consent.

Subject to your Rights & Choices, we use Identity Data, Contact Data, Inference Data, and Precise Location Data as necessary to customize, deliver, and otherwise process marketing communications, and in order to tailor certain communications to individuals’ preferences and requests. Additionally, we may process Device/Network Data from devices receiving those marketing communications as part of our business interests in understanding whether our emails are opened or other aspects of engagement with such marketing communications. We do not share phone numbers collected in connection with SMS marketing communications with third parties for their own marketing or Commercial Purposes (unless you expressly consent to such sharing and where permitted by applicable law).

When You Join One of Our Fleet Card Programs

We generally process Identity Data, Contact Data, Transaction Data, User Content, or other data you may provide, including Sensitive Personal Information, such as Payment Data, security or access code, password, or credentials, when you sign up to join one of our Fleet Card Programs.

We process this Personal Information as necessary to perform or initiate a contract with you, to issue your Maverik Companies fleet card, and to aggregate and summarize your fleet transactions. This data, together with other data we collect in this context is used as necessary in connection with certain legitimate business interests, such as ensuring the security of our Services and to prevent fraud, or providing you with information about our Services, to contact you about administrative matters, to manage and respond to any queries or complaints you make or any correspondence you send us.

When You Apply to be a Supplier

We process Identity Data and Contact Data when you apply to be a vendor or supplier (collectively, “Supplier”) to the Maverik Companies. If you become a Supplier, we may also collect Sensitive Personal Information such as Payment Data, Government ID Data, or Log-in Data.

We Process this Personal Information as necessary to evaluate, establish, and maintain the Supplier relationship, and for our Business Purposes. We do not sell or share Personal Information processed in this context. We process Sensitive Personal Data only for Business Purposes permitted under applicable law.

When You Contact Us

When you contact us though our Digital Services using a contact us box, through our chat, via email, or otherwise, we process Personal Information such as Identity Data, Device/Network Data, and any Personal Information contained within any User Content. We use Identity Data, Contact Data, and User Content as necessary to communicate with you about the subject matter of your request and related matter, and if you consent or otherwise subject to applicable laws, we may also add you to our mailing list to receive marketing communications.

When You Enter a Contest or Other Promotion

We collect and process Identity Data, Contact Data, and User Content as necessary to process your request to enter the contest, sweepstakes, or take part in another promotion, notify you if you have won or to process delivery of a prize or for other related purposes. In addition, we may process this information in connection with our legitimate business interests, such as:

  • verifying your identity for authentication and security purposes (in which case we may process Government ID Data to complete verification); and
  • helping us to ensure our customers are genuine and to prevent fraud.

Note, if you win a contest/sweepstakes, we may publicly post some of your data on our Digital Services or our social media accounts (for example acceptance of a prize may also require you to allow us to post publicly some of your Personal Information such as on a winners’ page). Where required by law, your information will not be posted without your consent. We use this Identity Data, Contact Data, and User Content information for Commercial Purposes, unless prohibited by law.

Feedback and Surveys

We generally process Identity Data, Contact Data, Inference Data, and User Content collected in connection with customer feedback or customer satisfaction surveys. We generally process this Personal Information as necessary to respond to your requests/concerns, create aggregate analytics regarding guest satisfaction, or to allow our third-party partners to communicate with guests. Feedback/Survey data may be made available to certain third-party service providers, who may use it for their own purposes. We may also store and analyze feedback for our Business Purposes and Commercial Purposes (which may include data sales/sharing), for example, to improve our Services, and help recommend relevant offers or services.

Processing Purposes

Business Purposes

Service Delivery

We process any Personal Information as is necessary to provide the Services, and as otherwise necessary to fulfill our obligations to you, e.g. to provide you with the information, features, and services you request.

Internal Processes and Service Improvement

We may use any Personal Information we process through our Services as necessary in connection with our improvement of the design of our Services, understanding how our Services are used or function, for customer service purposes, in connection with the creation and analysis of logs and metadata relating to service use, and for ensuring the security and stability of the Services. Additionally, we may use Personal Information to understand what parts of our Service are most relevant to users, how users interact with various aspects of our Services, how our Services perform or fail to perform, etc., or we may analyze use of the Services to determine if there are specific activities that might indicate an information security risk to the Services or our Users. This processing is subject to users’ rights and choices.

Aggregate Analytics

We process Personal Information as necessary in connection with our creation of aggregate analytics relating to how our Services are used, the products and services our users purchase, to create service delivery metrics, and to create other reports regarding the use of our Services, demographics of our Users, and other similar information and metrics. The resulting aggregate data will be deidentified, meaning it will not contain information from which an individual may be readily identified. We will maintain and use the information in deidentified form and not to attempt to reidentify the information, except that the business may attempt to reidentify the information solely for the purpose of determining whether its deidentification processes satisfy relevant legislation. This processing is subject to users’ Rights & Choices.

Compliance, Safety & Public Interest

Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Information subject to this Policy for purposes determined to be in the public interest or otherwise required by law. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest or as required by a public authority. Please see the data sharing section for more information about how we disclose Personal Information in extraordinary circumstances.

Other Processing of Personal Information

If we process Personal Information in connection with our Services in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to Users’ rights and choices) unless otherwise stated when you provide it.

Commercial Purposes

Personalization

We process certain Personal Information as necessary in connection with our legitimate business interest in personalizing our Services. For example, aspects of our Sites may be customized to you so that it displays your name and other appearance or display preferences, to display content that you have interacted with in the past, or to display content that we think may be of interest to you based on your interactions with our Services and other content. This processing may involve the creation and use of Inference Data relating to your preferences.

Marketing Communications

Consistent with our legitimate business interests, we (or if appropriate, certain third-parties) may send you marketing and promotional communications if you sign up for such communications or purchase products or services from us. For example, we may process Contact Data and Identity Data when you opt-in to receive marketing communications via email or SMS. Where allowed, we may also send you these communications without opt-in, for example, you may receive email marketing communications if you register for our Services or for a promotion, or in connection with your communications with or submission of User Content to us. Similarly, we may also collect Device/Network Data and Contact Data so that we can determine whether you have opened an email or otherwise interacted with our communications, and we may generate Inference Data based on these interactions. We do not share phone numbers collected in connection with SMS marketing communications with third parties for their own marketing or Commercial Purposes (unless you expressly consent to such sharing and where permitted by applicable law).

Targeted Advertising

We, and certain third parties operating through our Services, may engage in targeted advertising. This form of advertising includes various parties and services providers, including third party data controllers, engaged in the processing of Personal Information in connection with advertising. These parties may be able to identify you across sites, devices, and over time. We generally use targeted advertising for the purpose of marketing our Services and third-party goods and services, to send marketing communications, including by creating custom marketing audiences on third-party websites (such as Facebook).

Behavioral Advertising

We, and certain third parties operating on or through our Services, may engage in online behavioral advertising. This form of advertising uses Device/Network Data, Identity Data, Location Data, and at times, Contact Data in order to deliver more relevant advertising to you. The parties that control the processing of Personal Information for behavioral advertising purposes may build a profile of you containing this information, and may be able to identify you across sites, devices, and over time. See your Rights & Choicesfor information about how you can limit or opt out of this processing.

Disclosure/Sharing of Personal Information

We may share your information with:

Service Providers & Agents In connection with our Business Purposes, product/service improvements, to enable certain features, and in connection with our other legitimate business interests and business purposes, we may share your Personal Information with service providers, contractors, and other third-parties who provide certain services or process data on our behalf. For example, we use third parties to host our Digital Services and email server, provide cloud storage, send certain emails, process credit card payments, or fulfill orders. These companies only have access to Personal Information needed to perform their functions, but may not use it for other purposes.
Partners We may offer you the opportunity to use services operated by third parties, and if you choose to use these services, we will disclose the Personal Information that you direct us to provide to them or as is appropriate to fulfill your requests. We do not share phone numbers collected in connection with SMS marketing communications with Partners for their own marketing or Commercial Purposes (unless you expressly consent to such sharing, and if permitted by applicable law).
Affiliates We may share Personal Information internally with our current and future subsidiaries and affiliates.
Data Aggregators We may share Personal Information with data aggregators in support of our Commercial Purposes. These disclosures can help better personalize our Services, the services of third parties, and help ensure that you see advertisements that are more relevant to your interests.
Corporate Events We may change our ownership or corporate organization. We may transfer to another entity or its affiliates or service providers some or all of the information we hold about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Privacy Notice.
Legal Disclosure We may use or disclose information about you if required to do so by law or that we in good-faith believe that such sharing is necessary to (a) conform to applicable law or comply with legal process served on us or our Sites; (b) protect and defend our rights or property, our Sites, or our users; or (c) act to protect the personal safety of our employees and agents, other users of our Services, or members of the public.

International Transfers of your Personal Information

If you use our Digital Services outside of the United States, you understand and acknowledge the transfer of information about you, and the collection, processing, and storage of information about you, in the United States and elsewhere. The laws in the U.S. and these countries regarding Personal Information may be different than the laws of your state or country.

Your Rights & Choices

Your Rights

Applicable law may grant you rights in your Personal Information. These rights vary based on your location. See the following sections for more information regarding your rights/choices in specific regions:

Verification of Rights Requests

Certain rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Information. We may require that you provide the email address we have on file for you (and verify that you can access that email account) and we may request additional information from you. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.

Your Choices

You may have the following choices regarding the Personal Information we process, to the extent required under applicable law, which you may exercise as further described below:

Updating Your Personal Information

If you have an account with us, you can update your information or adjust your contact and marketing preferences by logging in to your online account. You may also contact Customer Service to update information by Contacting Us.

Marketing Communications

You can withdraw your consent to receive marketing communications by clicking on the unsubscribe link in an email (for email), by responding with “OPT-OUT,” STOP, or other supported unsubscribe message (for SMS or MMS), by adjusting the push message settings for our mobile apps using your device operating system (for push notifications), or for other communications, by contacting us using the information below. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.

Withdrawing Your Consent/Opt-Out

You may withdraw any consent you have provided at any time. The consequence of you withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalizing or making relevant certain types of advertising, or other services conditioned on your consent or choice not to opt-out.

Precise Location Data

You may control or limit Precise Location Data that we collect through our Services by changing your preferences in your device’s location services preferences menu, or through your choices regarding the use of Bluetooth, WiFi, and other network interfaces you may use to interact with our Services. Note, we may collect general location data even if you opt out of the collection of Precise Location Data.

Cookies, Similar Technologies, and Targeted Advertising

General
  • If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu or our Manage Cookies page. You may need to opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out.
Targeted Advertising
Do-Not-Track
  • Our Services do not respond to your browser’s do-not-track request.

Data Security

We use a combination of reasonable physical, technical, and administrative safeguards to protect the information we collect through our Sites and offline. When your Personal Information is shared, we will take a reasonable approach to prevent the unauthorized use of Personal Information.

While we use these precautions to safeguard your Personal Information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf.

Data Retention

We retain Personal Data for so long as it is reasonably necessary to achieve the relevant processing purposes described in this Privacy Policy, or for so long as is required by law. What is necessary may vary depending on the context and purpose of processing. We generally consider the following factors when we determine how long to retain data (without limitation):

  • Retention periods established under applicable law;
  • Industry best practices;
  • Whether the purpose of processing is reasonably likely to justify further processing;
  • Risks to individual privacy in continued processing;
  • Applicable data protection impact assessments;
  • IT systems design considerations/limitations; and
  • The costs associated continued processing, retention, and deletion.

We will review retention periods periodically and may pseudonymize or anonymize data held for longer periods.

Minors

We do not knowingly collect information directly from persons under the age of 16, via our Sites or offline, other than when required to comply with the law or for safety or security reasons, such as in the event of an accident at a store requiring the completion of an incident report.

If you are a parent or guardian of a minor who has provided information without your knowledge or consent, you may submit a request to remove the minor’s information by calling Customer Service at (800)789-4455 or emailing us at privacy@maverik.com. This email is for data privacy matters only. For all other questions or concerns, please email CustomerService@maverik.com.

Website Notice of Accessibility

The Maverik Companies are committed to facilitating the accessibility and usability of our Services for all individuals with disabilities. We continue to improve accessibility to our Digital Services and strive to create an accessible and barrier-free environment by making reasonable efforts to meet Level AA design standards recommended by the World Wide Web Consortium (W3C) in its Web Content Accessibility Guidelines (WCAG) 2.0.

Please be aware that we view accessibility as an ongoing effort and are continually seeking solutions that will ensure accessibility to all users. As such, our team tests our Digital Services on a periodic basis with assistive technologies.

For the best experience, we recommend using the most current version of any browser and assistive technology application. We further recommend trying different browsers with your assistive technology to determine which combination works best for you. The use of the version of the browser or assistive technology released immediately prior to the latest version also should provide a good user experience.

Please contact us at legal@maverik.com if you are experiencing issues with the accessibility of our Services, or if you have specific questions or concerns about the accessibility of any particular page or section of any of our Digital Services. If you do encounter an accessibility issue, please be sure to specify the web page or section of the Mobile App in your email, and we will make all reasonable efforts to make that page or section accessible for you.

Additional State Rights, Including Your California Privacy Rights

California, Colorado and Other US State Privacy Rights

Under the California Consumer Privacy Act (“CCPA”), the Colorado Privacy Act, and other state privacy laws, residents of certain US states may have the following rights, subject to regional requirements, exceptions, and limitations.

Confirm Processing

Right to confirm whether we process your Personal Information.

Access/Know

Right to request any of following: (1) the categories of Personal Information we have collected, sold/shared, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Information was collected; (3) the purposes for which we collected or sold/shared your Personal Information; (4) the categories of third parties to whom we have sold/shared your Personal Information, or disclosed it for a business purpose; and (5) the specific pieces of Personal Information we have collected about you.

Portability

Right to request that we provide certain Personal Information in a common, portable format.

Deletion

Right to delete certain Personal Information that we hold about you.

Correction

Right to correct certain Personal Information that we hold about you.

Opt-Out (Sales, Sharing, Targeted Advertising, Profiling)

Right to opt-out of the following:

  • If we engage in “sales” (as defined by applicable law) of Personal Information, you may direct us to stop such selling.
  • If we engage in Targeted Advertising (aka “sharing” of Personal Information or cross-context behavioral advertising,) you may opt-out of such processing.
  • If we engage in certain forms of “profiling” (e.g. profiling that has legal or similarly significant effects), you may opt-out of such processing.

Opt-in/Opt-out of Sale/Sharing of Minors’ Personal Data

To the extent we have actual knowledge that we collect or maintain Personal Information of a minor under age 16 in California, those minors must opt in to any sales/sharing of Personal Information (as defined under CCPA), and minors under the age of 13 must have a parent consent to sales/sharing of Personal Information. All minors have the right to opt-out later at any time.

Non-Discrimination

California residents have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA.

List of Direct Marketers

California residents may request a list of Personal Information we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.

Remove Minors’ User Content

Residents of California under the age of 18 can delete or remove posts using the same deletion or removal procedures described above, or otherwise made available through the Digital Services. If you have questions about how to remove your posts or if you would like additional assistance with deletion, contact us using the information below. We will work to delete your information, but we cannot guarantee comprehensive removal of that content or information posted through the Digital Services.

Submission of Requests

You may submit requests as follows (please our review verification requirements section). If you have any questions or wish to appeal any refusal to take action in response to a rights request (if the right of appeal is granted by your state), contact us at privacy@maverik.com. We will respond to any request to appeal within the period required by law:

  • Visit Your Privacy Choicesportal
  • You may call us at: (800) 789-4455. You will be directed to leave a voicemail where you will provide your email address, phone number or address, along with your request.
  • To limit the use and disclosure of Precise Location Data, update your preferences for location data using your device’s settings menu, or disable WiFi, Bluetooth, or other interfaces you use to interact with our Digital Services

California/CCPA Required Disclosures:

Categories of Personal Data Disclosed for Business Purposes

For purposes of the CCPA, we have disclosed to Service Providers for “business purposes” in the preceding 12 months the following categories of Personal Data, to the following categories of recipients:

Category of Personal Data Category of Recipients
Identity Data
Contact Data
Device/Network Data
General Location Dat
Inference Data
Transaction Data
User Content
Service Providers & Agents; Partners; Corporate Events; Legal Disclosure, Data Aggregators
Audio/Visual Data Service Providers & Agents; Corporate Events; Legal Disclosure
Sensitive Personal Information
Government ID Data
Payment Data
Service Providers & Agents; Corporate Events; Legal Disclosure

Categories of Personal Data Sold, Shared, or Disclosed for Commercial Purposes

For purposes of the CCPA, we have “sold” or “shared” in the preceding 12 months the following categories of Personal Data in the, to the following categories of recipients:

Category of Personal Data Category of Recipients
Identity Data
Contact Data
Device Network Data
General Location Data
Inference Data
Transaction Data
User Content
Service Providers & Agents; Partners; Data Aggregators

Categories of Sensitive Personal Data Used or Disclosed

For purposes of CCPA, we may use or disclose the following categories of Sensitive Personal Data Government ID Data; Payment Data; Precise Location Data; Log-in Data. However, we do not sell or share Sensitive Personal Data, or use it for purposes other than those listed in CCPA section 7027(m).

Nevada Privacy Rights

The Nevada Revised Statutes (NRS 603A.300 et seq.) permit a Nevada consumer to direct an operator of an Internet website or online service to refrain from making any sale of any covered information the operator has collected or will collect about that consumer. You may submit a request pursuant to this directive by emailing us at privacy@maverik.com re: Nevada Privacy Rights.

Washington State - Consumer Health Data Privacy Policy

Categories of Consumer Health Data We Collect

We collect the following categories of Personal Information linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status (“Consumer Health Data”) as defined under Washington’s My Health My Data Act, for the following purposes:

Categories of Consumer Health Data Purpose for Collection How data will be used
Precise location information that could reasonably indicate a consumer's attempt to acquire or receive health services or supplies; We use Precise Location Data with your consent:
  • To provide contextual information to you, such as the distance to your nearest Store, or to show you content related to your location.
  • As necessary to customize, deliver, and otherwise process marketing communications, and in order to tailor certain communications to individuals' preferences and requests.
  • In connection with our legitimate business interests, such as, creating aggregate information about users' location and patterns, which we use to personalize, optimize, and improve our Site, and for our other Business Purposes and Commercial Purposes (which may include data sales/sharing).
Data that identifies a consumer seeking "health care services" as defined under Washington's My Health My Data Act, also referred to as "Identity Data;" We use Identity Data as necessary :
  • In connection with certain legitimate business interests in verifying your identity;
  • For authentication and security purposes; and
  • Helping us to ensure our customers are genuine and to prevent fraud;
  • to initiate or fulfill your requests through our Website;
  • to ensure the security of our Services;
  • to prevent fraud;
  • to providing you with information about our Services;
  • to contact you about administrative matters;
  • to manage and respond to any queries or complaints you make or any correspondence you send us;
  • in connection with our Business Purposes;
We may process Identity Data, for Commercial Purposes (which may include data sales/sharing).
Any information that we or our respective processor, processes to associate or identify you with data described above that is derived or extrapolated from non-health information (such as proxy, derivative, inferred, or emergent data by any means, including algorithms or machine learning), also referred to as "Inference Data." We use Inference Data as necessary to:
  • to provide contextual information to you, such as the distance to your nearest Store, or to show you content related to your location.
  • to customize, deliver, and otherwise process marketing communications, and in order to tailor certain communications to individuals' preferences and requests.
  • for our Business Purposes and Commercial Purposes (which may include data sales/sharing), for example, to improve our Services, and help recommend relevant offers or services.

Sources of Consumer Health Data We Collect

We collect Consumer Health Data from various sources, which include: from you; collected automatically; from Third Party Services; Personal Information we create and infer.

Sharing of Consumer Health Data

Categories of Consumer Health Data We Share

We may share the following categories of Consumer Health Data with third parties and specific affiliates:

  • Precise location information that could reasonably indicate a consumer’s attempt to acquire or receive health services or supplies;
  • Data that identifies a consumer seeking “health care services” as defined under Washington’s My Health My Data Act, also referred to as “Identity Data;”
  • Any information that we or our respective processor, processes to associate or identify you with data described above that is derived or extrapolated from non-health information (such as proxy, derivative, inferred, or emergent data by any means, including algorithms or machine learning), also referred to as “Inference Data.”

Categories of Third Parties with Whom We Share

We may share Consumer Health Data with the following categories of third-party recipients: Service Providers & Agents; Partners; Data Aggregators; Legal Disclosure.

Specific Affiliates with Whom We Share

We do not currently share Consumer Health Data with specific Affiliates.

My Health My Data Rights

Your Rights

Under the Washington State My Health My Data Act, Washington State residents and natural persons whose Consumer Health Data is collected in Washington may have the following rights, subject to verification, exceptions, and limitations:

Right to Confirm/Access/Know - Up to twice annually, you have the right to (a) confirm whether we are collecting, sharing, or selling your Consumer Health Data, and (b) access such data, including a list of all third parties and affiliates with whom we have shared or sold the consumer health data and an active email address or other online mechanism that you may use to contact these third parties. (Effective March 31, 2024)

Right to Delete - You have the right to request deletion of the Consumer Health Data held by us and our affiliates, processors, contractors, and other third parties.

Right to Withdraw Your Consent/Opt-Out - You may withdraw any consent you have provided at any time. The consequence of you withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalizing or making relevant certain types of advertising, or other services conditioned on your consent or choice not to opt-out.

Right to Non-Discrimination - You have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the My Health My Data Act.

How to Exercise Your Rights

You may submit requests as follows (please our review verification requirements section).

  • You may visit our Your Privacy Choices portal
  • You may call us at: (800) 789-4455. You will be directed to leave a voicemail where you will provide your email address, phone number or address, along with your request.
  • To limit the use and disclosure of Precise Location Data, update your preferences for location data using your device’s settings menu, or disable WiFi, Bluetooth, or other interfaces you use to interact with our Services

If you have any questions or wish to appeal any refusal to take action in response to a rights request (if the right of appeal is granted by your state), contact us at privacy@maverik.com. We will respond to any request to appeal within the period required by law.