Updated March 24, 2020
We, STX, LLC, a Maryland limited liability company with offices at 1500 Bush Street, Baltimore, Maryland, USA as the data controller (“STX,” “we,” or “us”), together with its U.S. subsidiary, The Helmet Company, describe in this Policy how we collect, process and/or use your information that we receive through a variety of digital means, including our websites, mobile applications, emails or other STX product or service on any computer, mobile phone, tablet, console or other device (collectively, "Platform") that link to this Policy. This Policy also describes your choices regarding use, access, and correction of your personal information. For purposes of this Policy, personal information shall mean any information relating to an identified or identifiable natural person and when used alone or in combination with additional information may be used to identify, contact or locate a consumer.
By disclosing your personal information to us or by interacting with our Platform, you consent to our collection and use of your personal information in a manner that is consistent with applicable law and this Policy.
This Policy applies to only the information we collect, process and use through our Platform.
INFORMATION WE COLLECT
WHAT WE COLLECT FROM YOU
We collect information about you through your interaction with, and use of, our products and services. In order for us to best provide our products and services to you (and to help make it feasible for us to do so), it is essential that we are able to collect and use the information as described in this Policy. We do not collect personal information about you unless you voluntarily provide it to us, although we may collect personal information from third parties, as described in more detail below. Information we collect may include, but is not limited to, your email address, telephone number, device identifier and hardware information, IP address, browser type and language, cookie information, system type, whether you have enabling software to access certain features, access times, referring website URLS, information about your purchases on the Platform and other information about your interactions with us.
WHAT YOU GIVE US
When you fill out registration forms, complete an online purchase, request to receive communications, create an account, use of our website, or provide us with other personal information actively, we collect that information for processing and use it in accordance with this Policy. Due to the nature of our business, our offerings may change from time to time, the options you have to provide us with personal information may also change. Here are some examples of situations in which you have the opportunity to provide personal information to us:
- Creating an account on STX.com or CustomBuilder.STX.com;
- Signing up for email notifications;
- Completing a form related to one of our products;
- Entering an online contest;
- Enrolling on social media;
- Contacting us for customer service support; and
- Making an online purchase.
Depending on how you interact with our Platform, the personal information we collect from you may vary. For example, to create an account we may ask for an email address and password. In other circumstances, such as when you complete a form related to a particular sport category, we may ask you to provide other information, which may include your name, phone number, birth date, state or province and/or postal code. We also collect and store certain information associated with actions you take. For example, when you search for products, we store sport and product titles you search for and click on. We also store your IP address information, the time and duration of your activity on our Platform, and other information about your behavior on our Platform.
If you connect to the Platform using Facebook, Twitter, or another social networking site (each a "Social Networking Site"), we will receive information that you authorize the Social Networking Site to share with us, which may include public profile information, birthday, current city, and email address. When we receive this information, it becomes STX account information for purposes of your use of the Platform. This information also constitutes personal information and is therefore subject to this Policy. Any information that we collect from your Social Networking Site account may depend on the privacy settings you have set with the Social Networking Site, so please consult the Social Networking Site's privacy and data practices. If you come to the Platform through a Social Networking Site, from other websites or with devices that enable third parties to collect information from or about you, those third parties receive information about you subject to their own privacy policies.
On certain STX domains, when you set up an individual account on the Platform, you may create a profile (a “Profile”) that will include personal information you provide. At your request, we will create your Profile with information we extract from the form you have submitted on the Platform. When you fill out and save your Profile, your saved Profile will be shared with appropriate third-party vendors. For example, when you create a profile on our Custom Builder, we may share your custom designed product and Profile with an authorized STX Team Dealer to appropriately process the order per your request.
If you enter credit card information on the Platform in connection with a purchase, that information is sent directly from your browser to the third-party service provider we use to manage credit card processing and is not stored on our servers. The service provider is not permitted to use the information you provide except for the sole purpose of credit card processing on our behalf.
INFORMATION WE COLLECT AUTOMATICALLY
When you use the Platform, your device is automatically providing information to us so we can respond and customize our response to you. The type of information we collect by automated means generally includes technical information about your computer, such as your IP address or other device identifier, the type of device you use, and operating system version. The information we collect also may include usage information and statistics about your interaction with the Platform. That information may include the URLs of our web pages that you visited, URLs of referring and exiting pages, page views, time spent on a page, number of clicks, platform type, location data (if you have enabled access to your location on your mobile device), and other information about how you used the Platform.
AUTOMATED MEANS OF DATA COLLECTION INCLUDE THE FOLLOWING:
Log File Information: Log file information is automatically reported by your browser or mobile application each time you access a website on our Platform. For example, when you access an STX website, our servers automatically record certain information that your web browser sends when you visit any website. These server logs include information such as your web request, Internet Protocol ("IP") address, browser type, referring/exit pages and URLs, number of clicks, domain names, landing pages, and pages viewed.
Device Information: We collect information about the device you use to access the Platform, including type of device, operating system, settings, and unique device identifiers, and IP address. Whether we collect some or all of this information often depends on what type of device you’re using and its settings. For example, different types of information are available depending on whether you’re using a Mac or a PC, or an iPhone or Android phone. We collect the device type and any other information you choose to provide, such as username, geolocation, or email address. We may also use mobile analytics software to allow us to better understand the functionality of any STX mobile software on your phone. This software typically records information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We would not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.
INFORMATION WE COLLECT FROM OTHER STX INTERACTIONS AND THIRD PARTIES
We may combine information you give us with other information from STX sources, transactions and communications. This may include, for example, information from STX stores, direct mail, catalogs, events, products and applications, website traffic, or other STX interactions. We may also combine that information with data that is publicly available and data from third parties. We also collect information about gift recipients provided by the giver.
We also work with other companies who use tracking technologies to serve ads on our behalf across the internet, including Amazon. These companies may collect information about your interaction with us, including advertising. If you would like to opt-out of third-party tracking technologies associated with our website, please visit the Digital Advertising Alliance’s Opt-Out page. Note that if you opt-out from these third-party tracking technologies, you may still see our ads on other websites, but the ads will not be tailored using third-party tracking technologies associated with our website.
HOW WE USE INFORMATION
We use the information we collect to provide our products and services. In order for us to best provide our products and services (and to help make it feasible for us to do so), it is essential that we are able to collect and use the information as described in this Policy. So it is largely necessary for fulfilling the relationship we have with you, and, where that is not the case, we have a legitimate interest in using the information we collect, including personal information, for these purposes:
- to provide you with enhanced, customized and personalized content, products and services offered by STX as well as promotional content and services (for example, STX uses your previous search and browsing history (e.g. the products you click on), or your profile information, to determine relevant search results and provide you with STX experiences and enhanced content, including product emails and communications, you may be interested in);
- to administer contests, promotions, events, surveys or other features;
- to customize and improve features, performance, and support of the site;
- to create update transaction features, such as placing an order through our online store;
- to provide relevant advertising, including interest-based advertising from us and third parties, which may mean that we share non-personally identifiable information, such as your sport preference, to third-party advertisers;
- for internal operations, including troubleshooting, data analysis, testing, research, and service improvement (this includes use of your IP address and mobile device information to help diagnose problems with our service and to administer the Platform);
- to communicate with you or initiate communication with you on behalf of third parties through your STX account or through other means such as email, telephone (including mobile phone), or postal mail, including through the use of contact information that you provide to us or (where it is lawful for us to do so) that we otherwise obtain from third-party resources;
- to send you administrative messages and other information about STX, including communication with you about your purchase transaction, account information or customer service inquiries;
- to analyze use of the Platform and improve the Platform;
- to create aggregate and statistical data that does not identify you individually and that we can commercialize (for example, we use mobile device data and IP addresses to gather demographic information);
- for advertising or marketing purposes;
- we may communicate with you to provide you with information we think may be of interest to you; and
- for other purposes that you separately authorize as you interact with STX.
When we collect any information that does not identify you as a specific natural person ("Non-Personal Information"), we are permitted to use and disclose this information for any purpose, notwithstanding anything to the contrary in this Policy, except where we are required to do otherwise by applicable law. Examples of Non-Personal Information include: demographic information, including gender, dates of birth, etc., and any personal information that has been anonymized, aggregated or de-identified. If we combine any Non-Personal Information with your personal information we will use and disclose such combined information as personal information in accordance with this Policy. Similarly, if applicable law requires that we treat certain Non-Personal Information as personal information, we will use and disclose this information as personal information in accordance with this policy.
HOW WE SHARE INFORMATION
We do not share, sell, disclose or otherwise release your personal information to third parties for their direct use, except as follows:
- we may share your data with STX companies and affiliates, including our parent company, Wm. T. Burnett & Co.;
- we may hire other affiliated and unaffiliated companies and service providers (including web servers, cloud storage systems, CRM providers, email services, content support teams, marketing partners, advertising partners, credit card processors, shipping providers and others) to provide services on our behalf, such as marketing analytics, credit card processing, shipping, stocking orders, providing customer service, and fraud protection. These service providers access only such personal information needed to perform their functions and are contractually bound to establish and maintain the confidentiality and security of your information. They are prohibited from using, selling, releasing, disclosing, distributing or altering this data in any manner other than to provide the requested services;
- we may partner with trusted third parties for promotions, events and other activities, and may share personal information with them for STX marketing purposes unless you opt out of that sharing;
- in reorganization or sale of our company or assets, your data may be transferred, subject to the acquirer and its affiliates accepting the commitments made in this Policy and compliance with applicable law;
- we share certain information that does not identify you personally, but which is unique to your use of the Platform, such as sport preference that you have entered at the time of registration or on your profile. When we share such information, we do not link sport preference with your name when we provide this information to others, such as advertisers;
- we will otherwise share personal information with your consent.
EEA RESIDENT RIGHTS
IF YOU ARE A RESIDENT OF THE EUROPEAN ECONOMIC AREA, YOU HAVE THE FOLLOWING DATA PROTECTION RIGHTS:
If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the "How to contact us".
In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the "How to contact us".
You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link in the marketing emails we send you. Registered users can manage their account settings and email marketing preferences as described in the "Choices Regarding Your Personal Information" section below. If you are an unregistered user, or to opt-out of other forms of marketing (such as postal marketing or telemarketing), you may contact us using the contact details provided under the "How to contact us".
Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Notwithstanding the foregoing, we reserve the right to keep any information in our archives that we deem necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
In accordance with our obligations under the Privacy Shield, and subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, we hereby affirm our commitment to subject to the Privacy Shield Principles all personal information transferred from the European Union or European Economic Area (collectively, EU Information) or the United Kingdom in reliance on the Privacy Shield. This means that, in addition to our other obligations under the Privacy Shield Principles, we shall be liable to you for any third party agent to which we transfer EU or UK Information and that processes such personal information in a manner that violates the Privacy Shield Principles, unless we can demonstrate that we are not responsible for the resulting damages.
In compliance with the Privacy Shield Principles, STX commits to resolve complaints about our collection or use of your personal information. EU or UK individuals with inquiries or complaints regarding our Privacy Shield policy should first contact STX at: [email protected]. STX is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
STX has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. Under certain circumstances, it may be possible for you to invoke binding arbitration.
To learn more about the Privacy Shield Framework, and to view our certification, please visit http://www.privacyshield.gov.
WHAT TYPES OF COOKIES DO WE USE?
We use two types of Cookies on the Platform: "session cookies" and "persistent cookies." Session Cookies are temporary Cookies that remain on your device until you leave the Platform. A persistent Cookie remains on your device for much longer until you manually delete it (how long the Cookie remains will depend on the duration or "lifetime" of the specific Cookie and your browser settings).
WHAT ARE COOKIES USED FOR?
Cookies transmit information about you and your use of the Platform, such as your browser type, search preferences, product titles, data relating to advertisements that have been displayed to you or that you have clicked on, and the date and time of your use. With the exception of an identifier Cookie that we associate with registered accounts to prevent fraud by members of the Platform, Cookies link to certain unique information such as the sport that you entered at the time of registration or on your profile, but this is not linked to your name.
Preferences and Features
Analytics and Performance
Ad Choices and Managing Cookies
STX works with several third parties to provide you with personalized, interest-based advertising. We may target ads to you, and measure their performance, on and off the Platform using:
- member-provided profile information (e.g., name, postal address, email address, sport, telephone number, authorized information shared from your Social Networking Site);
- your use of the Platform (e.g., search history, product titles, purchases you have made);
- information inferred from data described above (e.g., using product titles from a search to infer sport preference, experience level with a sport, etc.);
- IP address or mobile device location information (to the extent you have enabled location tracking on your device);
- Cookies (both on and off the Platform) which may include information from the Ad Partners we use to help deliver relevant ads to you.
HOW WE WORK WITH THIRD-PARTY AD PARTNERS
When we work with our Ad Partners to serve you personalized, interest-based advertising, we do not share information with them that they can use to identify you or associate with you as a specific individual unless you have instructed us to do so (such as when you fill out a lead form in an ad, or approve your Profile for sharing with STX authorized dealers to complete an STX Custom Builder order). Similarly, if one of these Ad Partners have information about you saved in one of their own Cookies on your browser, they use that information to help us send you a relevant ad, but they do not share with us information that we can associate with you as an individual.
We work with third parties, such as Google Analytics, to provide analytics services that use the Cookies set on your device to measure the performance of advertising and track traffic to STX generally. We have also implemented Google Analytics Demographics and Interest Reporting, which categorizes Cookie information so that we and third-party service providers can better deliver advertisements that are relevant and useful to you on the Platform and various websites across the internet.
OPTING OUT OF COOKIES
If you enable location data for the mobile version of the Platform (including any version installed as a native application), we may use your location data to serve you geo-targeted ads for products and other advertisers that are local to you. In such instances, we do not share your location with the advertiser or advertising network; rather, we provide the advertiser or advertising network with a means to push ads through to users located in certain areas. You may disable location services at any time in your device privacy settings.
AD PARTNER COOKIES
Here are some options for managing the third-party Cookies used by our Ad Partners:
You are also able to opt out of other third-party advertiser and ad network placement of Cookies or targeted advertising generally by visiting the following links:
Or you can follow opt-out instructions of the Ad Partners we work with listed below. You will continue to receive generic ads by companies not listed with these opt-out tools.
You can opt out of tracking by Google Analytics and Google Analytics Demographics and Interest Reporting services by visiting Google Ads Settings or by downloading the Google Analytics Opt-Out Browser Add-on.
Please note: If ads or other features on the Platform are provided by third parties, those parties set and use their own Cookies that are subject to those third parties' privacy notices and policies. STX does not have access to, or control over, these Cookies. Also, if you respond to ads posted by third parties or submit information to third parties via the Platform, such third parties receive information about you subject to their privacy policies.
Third-Party Partners with Advertising Cookies on STX
STX works with the following ad networks and other third parties in connection with serving you advertising. You may click on the links below to visit their websites directly to opt out of cookie placement.
PARTNERS THAT HELP US SERVE PERSONALIZED, INTEREST-BASED ADVERTISING:
- Facebook Advertising (including Instagram)
- Facebook Pixel Tracking
- Google AdWords Advertising
- Google Tag Manager
- Google Remarketing Tag
- Google Analytics
- Google Data-layer Tracking
- Crazy Egg t-Tracking
- Metric Story
- Modern iO
- Amazon Ad System (home page)
- Amazon Ad System (mens-lacrosse page)
- Amazon Ad System (womens-lacrosse page)
- Amazon Ad System (field-hockey page)
- Amazon Ad System (hockey page)
PARTNERS THAT PROVIDE ANALYTICS SERVICES FOR THE ADVERTISING WE SERVE:
- Facebook Pixel Tracking
- Google Tag Manager
- Google Remarketing Tag
- Google Analytics
- Google Data-layer Tracking
- Crazy Egg t-Tracking
- Metric Story
- Amazon Ad System (home page)
- Amazon Ad System (mens-lacrosse page)
- Amazon Ad System (womens-lacrosse page)
- Amazon Ad System (field-hockey page)
- Amazon Ad System (hockey page)
We may update this list from time to time as we add or remove partners.
DO NOT TRACK SIGNALS
We do not currently respond to 'do not track' signals and similar settings or mechanisms. When you use the Platform, we try to provide a customized experience.
CHOICES REGARDING YOUR PERSONAL INFORMATION
In addition to your rights outlined above, if you are an individual consumer member of STX, you can edit your account settings by contacting us using the information in the “Contact Us” section below.
We will send you notifications and if, and to the extent, you have opted-in to promotional communications, or other messages using the contact information (e.g., your email address, your mobile device identifier) you provided to us when you registered or when you requested information from us. You may opt-out of continuing to receive optional messages by following the instructions included in each message.
CLOSE YOUR ACCOUNT
If you would like to close your STX account, you can do so by contacting us using the information in the “Contact Us” section below. When you close your account, you will no longer have full access to order history or previous design submissions and any content you have submitted will be pulled from the display on the Platform, but we reserve the right to keep any information in a closed account in our archives that we deem necessary to comply with our legal or regulatory obligations, resolve disputes and enforce our agreements. If, after you close your account, you wish to know which personal information we keep you can proceed in accordance with your rights set out above.
Requests to Access Personal Information and Deletion
You, as the customer, may send a request to STX to view all of your personal data in our systems or to delete any personal information that is obtained from your interactions with us. To view or remove your personal data, please complete the STX Privacy Form here https://www.stx.com/privacy-form and someone from the STX team will be in touch. Any request for deletion will result in the removal of your personal information not only from our systems, but also from the records of all third-parties as well.
Only you or a legally appointed guardian duly authorized to act on your behalf may make a request related to your personal information. You may also make an information request on behalf of a minor child.
We cannot respond to your request or provide you with personal information if we cannot verify your identity and authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require for you to create an account with us. We will only use the personal information provided in the request to verify the requestor’s identity and/or authority to make the request.
Upon verification of identity, requests for deletion will be honored subject to one or more of the following conditions in which we must retain your personal information in order to:
- complete the transaction for which the personal information was collected or to provide a good or service requested by the customer;
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity;
- debug to identify and repair errors that impair intended company functions;
- exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided by law;
- comply with state privacy laws;
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided consent;
- enable solely internal uses that are aligned with the expectations of the customer based on the customer’s relationship with us;
- comply with a legal obligation; and
- otherwise utilize the information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.
We will strive to respond to a verifiable consumer request within 30 days of receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver a response to you by electronic mail. The response we provide will also explain the reasons we cannot comply with your request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information to another entity without hindrance.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
We keep your personal information only so long as we need it to provide the Platform to you and fulfill the purposes described in this Policy. This is also the case for anyone that we share your personal information with and who carries out services on our behalf. Retention periods can vary significantly based on the type of information and how it is used. Our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. When we no longer need to use your personal information and there is no need for us to keep it to comply with our legal or regulatory obligations, resolve disputes and enforce our agreements, we’ll either remove it from our systems or depersonalize it so that we can't identify you.
Security: We employ physical, electronic, and managerial measures to safeguard the information we collect online. We use secure servers when you place transactional orders. All credit card information you supply is transmitted via secure socket layer (SSL) technology and then encrypted within our databases.
However, no company can fully eliminate security risks, so we cannot make guarantees about any part of our services. You are responsible for keeping your username and password secret. Once you have registered with us, we will never ask you for your password. Please create a unique password for your STX account(s) and do not use it for any other web services or applications. Do not share your password with anyone else.
STX encourages parents and guardians to spend time online with their children and to participate in the activities offered on the Platforms. No information should be submitted to or posted at STX by guests under 13 years of age without the consent of their parent or guardian. Unless otherwise disclosed during collection, STX does not provide any personally identifying information, regardless of its source, to any third party for any purpose whatsoever from our guests under 13 years of age. All registrants receive an email confirming their registration. In addition, when a guest under 13 years of age registers, he/she is required to provide the email address of his/her parent or guardian and that parent or guardian receives an email alerting them to that registration. No information collected from guests under 13 years of age is used for any marketing or promotional purposes whatsoever, except as explicitly stated during registration for contests or promotions (and in that case, the information collected is used only for the specific contest or promotion). Although guests under 13 years of age may be allowed to participate in some contests and promotions, if such a guest wins, notification and prizes are sent to the parent or guardian identified in the initial registration process. Publication of names, ages, or images for contest winners under 13 years of age require parental or guardian consent.
If you become aware that a child has provided us with personal information without parental consent, please contact us at [email protected]. If we become aware that a child under 13 has provided us with personal information without parental consent, we remove such information and terminate the child's account.
The information about you that we collect, process and/or use through the Platform is controlled by STX, LLC, Baltimore, Maryland. STX and the products and services it provides are hosted and provided outside of the European Economic Area (EEA), including in the United States, for the purposes described in this Policy. The privacy protections and the rights of authorities to access your information in these countries may not be the same as in your home country. We also rely on European Commission adequacy decisions about certain countries, as applicable, for data transfers to countries outside the EEA.
You may reach our data protection officer at [email protected].
We will not discriminate against you for exercising your privacy rights by, among other things:
- denying you goods or services;
- charging you different prices for goods and services, including through granting discounts or other benefits, or other imposing penalties;
- providing you a different level or quality of goods or services; or
- suggesting you may receive a different price or rate for goods or services or a different level or quality of goods or services.
We may revise this Policy from time to time by posting an updated version on the Platform. This version of the Policy will be effective for you as described at the beginning of the Policy. Further revisions of this Policy will become effective as follows: The revised Policy will be effective immediately for unregistered users and users registering accounts or otherwise acknowledging the Policy on or after the revision date. For other users who registered accounts before the revision date, it will also become effective immediately. However, they can object to the new Policy within thirty (30) days after the revision date. If we make a change that we believe materially reduces your rights or increases your responsibilities, we will notify you by email (sent to the email address specified in your account) or by means of a notice on this website prior to the change becoming effective. We may provide notice of changes in other circumstances as well. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of the Platform is subject to the most current effective version of this Policy.
If you have any questions regarding this Policy, please email us at pri[email protected], call us at 1-800-368-2250 or mail your concern to:
1500 Bush Street
Baltimore, Maryland 21230
To view or remove your personal data, please complete the STX Privacy Form here and someone from the STX team will be in touch.