Modesto Penaherrera 11-46 y Gonzales Suarez, Cotacachi

Imbabura, Ecudaor 100350 | lacuadrahotel@gmail.com

Office: +593 06 291 6015 | Cell: +593 99 196 9936

Privacy Policy for https://lacuadra-hotel.com

This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

 

What personal information do we collect from the people that visit our blog, website or app?

When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, credit card information or other details to help you with your experience.

 

When do we collect information?

We collect information from you when you register on our site, place an order, subscribe to a newsletter, fill out a form or enter information on our site.

 

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.

  • To improve our website in order to better serve you.
  • To allow us to better service you in responding to your customer service requests.
  • To administer a contest, promotion, survey or other site feature.
  • To quickly process your transactions.
  • To ask for ratings and reviews of services or products
  • To follow up with them after correspondence (live chat, email or phone inquiries)

 

How do we protect your information?

Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.

We use regular Malware Scanning.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

 

We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.

All transactions are processed through a gateway provider and are not stored or processed on our servers.

 

Do we use ‘cookies’?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

 

We use cookies to:

  • Help remember and process the items in the shopping cart.
  • Understand and save user’s preferences for future visits.
  • Keep track of advertisements.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.
  • We may also use trusted third-party services that track this information on our behalf.

 

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.

 

If users disable cookies in their browser:

If you turn cookies off, some of the features that make your site experience more efficient may not function properly. Some of the features that make your site experience more efficient and may not function properly.

 

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Third-party links

Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

 

Google

Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en

We use Google AdSense Advertising on our website.

 

Google, as a third-party vendor, uses cookies to serve ads on our site. Google’s use of the DART cookie enables it to serve ads to our users based on previous visits to our site and other sites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy.

 

We have implemented the following:

  • Google Display Network Impression Reporting
  • Demographics and Interests Reporting

 

We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.

 

Opting out:
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt out Browser add on.

 

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared.

See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

 

According to CalOPPA, we agree to the following:

Users can visit our site anonymously. Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website. Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above.

 

You will be notified of any Privacy Policy changes:

  • On our Privacy Policy Page

 

Can change your personal information:

  • By emailing us
  • By logging in to your account

 

How does our site handle Do Not Track signals?

We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

 

Does our site allow third-party behavioral tracking?

It’s also important to note that we allow third-party behavioral tracking.

 

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We market to: Adults 21 years or older

We do not collect information from children under 13.

Do we let third-parties, including ad networks or plug-ins collect PII from children under 13? No.

 

In order to remove your child’s information please contact the following personnel:

Administration at: lacuadrahotel@gmail.com

 

We adhere to the following COPPA tenants:

 

  • Parents can review, delete, manage or refuse with whom their child’s information is shared through contacting us directly.

 

Fair Information Practices 

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

  • We will notify you via email within 7 business days
  • We will notify the users via in-site notification within 7 business days
  • We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

 

CAN SPAM ACT

 

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions
  • Process orders and to send information and updates pertaining to orders.
  • Send you additional information related to your product and/or service
  • Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

 

To be in accordance with CANSPAM, we agree to the following:

  • Not use false or misleading subjects or email addresses.
  • Identify the message as an advertisement in some reasonable way.
  • Include the physical address of our business or site headquarters.
  • Monitor third-party email marketing services for compliance, if one is used.
  • Honor opt-out/unsubscribe requests quickly.
  • Allow users to unsubscribe by using the link at the bottom of each email.


If at any time you would like to unsubscribe from receiving future emails, you can email us at:
lacuadrahotel@gmail.com. Follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.

Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below.

https://lacuadra-hotel.com

Modesto Penaherrera 11-46
Cotacachi, Imbabura
Ecuador 100350

lacuadrahotel@gmail.com

JetPack Cookies Policy
(https://lacuadra-hotel.com uses JetPack and Akismet)

What are cookies?

Cookies are small pieces of data, stored in text files that are stored on your computer or other devices when websites are loaded in a browser. They are widely used to remember you and your preferences, either for a single visit (through a session cookie) or for multiple repeat visits (using a persistent cookie). They ensure a consistent and efficient experience for visitors and perform essential functions, such as allowing users to register and remain logged in.

Cookies may be set by the site that you are visiting (known as first party cookies), or by other websites who serve up content on that site (third party cookies).

Cookies set by Jetpack

Cookies are used by Jetpack in a variety of ways. The cookies set will depend on the specific features that are enabled on a site. The cookies are only set when a user interacts with one of these features, or to allow admin functions to be performed from within the site’s dashboard (/wp-admin).

Further details are provided in the following tables, which list the various cookies that are set for visitors and registered users of sites with the Jetpack plugin installed.

Cookies set upon visitor interaction

Jetpack Comments

Cookie Name

Duration

Purpose

comment_author_{HASH}

347 days

Remembers the value entered into the comment form‘s name field. Specific to the site from which it is set. This cookie mirrors one set by the core WordPress software for commenting purposes.

comment_author_email_{HASH}

347 days

Remembers the value entered into the comment form‘s email field. Specific to the site from which it is set. This cookie mirrors one set by the core WordPress software for commenting purposes.

comment_author_url_{HASH}

347 days

Remembers the value entered into the comment form‘s URL field. Specific to the site from which it is set. This cookie mirrors one set by the core WordPress software for commenting purposes

Mobile Theme

Cookie Name

Duration

Purpose

akm_mobile

3.5 days

Remembers whether or not a user wishes to view the mobile version of a site.

Subscriptions

Cookie Name

Duration

Purpose

jetpack_comments_subscribe_{HASH}

347 days

Remembers the state of the post and comment subscription checkboxes.

jetpack_blog_subscribe_{HASH}

347 days

Remembers the state of the post and comment subscription checkboxes.

EU Cookie Law Banner

Cookie Name

Duration

Purpose

eucookielaw

30 days

Remembers the state of visitor acceptance to the EU Cookie Law banner.

Cookies set for registered users / admins

General

Cookie Name

Duration

Purpose

jetpackState[message]

session

Stores the state message passed back to the user across requests
regarding module activation.

jetpackState[error]

session

Stores the state’s error type passed back to the user across requests regarding module activation.

jetpackState[error_description]

session

Stores the state’s error description passed back to the user across requests regarding module activation.

jetpackState[module]

session

Stores the state’s module name passed back to the user across requests regarding module activation.

jetpackState[privacy_checks]

session

Stores modules that may require additional privacy-related verification for private sites so that we can properly communicate these to the user.

jetpackState[php_errors]

session

Stores any PHP errors found just before PHP shuts down execution.

jetpackState[deactivated_plugins]

session

Stores the names of any standalone plugins that needed to be deactivated by Jetpack so that these can be communicated back to the user.

jetpackState[network_nag]

session

Stores a true value if Jetpack is network-activated, and the plugin needs to communicate to the user that they must connect it on each child site of the network.

Jetpack Protect

Cookie Name

Duration

Purpose

jpp_math_pass

1 day

Remembers if a user has successfully completed a math captcha to prove that they’re a real human.

Secure Sign On

Cookie Name

Duration

Purpose

jetpack_sso_redirect_to

1 hour

Allows for redirect URLs to be stored, which is necessary for Secure Sign On to work.

jetpack_sso_remember_me

1 hour

Stores me values locally, rather than requiring them to be passed to WordPress.com each time.

jetpack_sso_wpcom_name_{HASH}

1 week or cleared after successful login

Remembers the WordPress.com display name to show on login page.

jetpack_sso_wpcom_gravatar_{HASH}

1 week or cleared after successful login

Remembers URL of the Gravatar image to show on login page.

jetpack_sso_original_request

1 hour

Stores the URL of the original login request.

jetpack_sso_nonce

10 minutes

Used for nonce verification.

Stats

Cookie Name

Duration

Purpose

stnojs

2 days

The Stats feature sets this admin-area-only cookie if the user requests to view stats reports without javascript turned on.

Registered on the site, but not connected to WordPress.com

Cookie Name

Duration

Purpose

tk_ai

session

Stores a randomly-generated anonymous ID. This is only used within the admin area.

Some Jetpack features make use of third-party applications and services to enhance the experience of visitors. These include social media platforms, such as Facebook and Twitter (via our Sharing feature). As a result, cookies may be set by these third parties, and used by them to track your online activity. We have no direct control over or access to the information that is collected by these cookies.

Additional cookies are set for those using wp-admin, and through the connected WordPress.com account.

Controlling cookies

Visitors may wish to restrict the use of cookies, or completely prevent them from being set. Most browsers provide for ways to control cookie behavior, such as the length of time they are stored — either through built-in functionality or by utilizing third-party plugins.

To find out more about how to manage and delete cookies, visit aboutcookies.org. For more details about advertising cookies, and how to manage them, visit youronlinechoices.eu (EU based), or aboutads.info (US based).

It’s important to note that restricting or disabling the use of cookies can limit the functionality of sites, or prevent them from working correctly.

 

OMS II Web Measurement and Customization Technologies Required Additions to the Privacy Policy

Use of Web Measurement and Customization Technologies

Office of Management and Budget (OMB) Memorandum 10-22 (M-10-22), “Guidance for Online Use of Web Measurement and Customization Technologies,” authorizes agencies to employ web measurement and customization technologies for the purposes of improving the Federal Government’s services and behavior online. OMB defines web measurement and customization technologies as technologies that are used to remember a customer’s online interactions with a website or online application in order to conduct measurement and analysis of usage or to customize the user’s experience.

 

OMB M-10-22 delineates the following three “tiers” of web measurement and customization technologies for the purposes of describing their functionality:

 

  1. Tier 1—Single Session. This tier encompasses any use of single session web measurement and customization technologies.
  2. Tier 2—Multiple Session without Personally-Identifiable Information (PII). This tier encompasses any use of multi-session web measurement and customization technologies when no PII is collected (including when the agency is unable to identify an individual as a result of its use of such technologies).
  3. Tier 3—Multiple Session with PII. This tier encompasses any use of multi-session web measurement and customization technologies when PII is collected (including when the agency is able to identify an individual as a result of its use of such technologies).

 

Agencies may use Tier 1 and Tier 2 web measurement and customization technologies without formal approval as long as they—(1) otherwise comply with M-10-22 and all other relevant policies; (2) provide clear and conspicuous notice in their online Privacy Policy citing the use of such technologies; and (3) comply with their internal policies governing the use of such technologies.

 

Proposals to use Tier 3 web measurement and customization technologies, however, must use “opt-in” functionality and are subject to a review and approval process that requires each such proposed use to—(1) be reviewed by the Senior Agency Official for Privacy; (2) be published for a 30-day public notice and comment period, unless exempted by the Chief Information Officer (CIO); (3) be reconsidered in light of any public comments received; and (4) receive explicit written approval from the CIO.

 

Within the Department of the Treasury, the Assistant Secretary for Management (ASM) serves as the Senior Agency Official for Privacy (SAOP) and the Deputy Assistant Secretary for Information Systems also serves as the Department’s Chief Information Officer. Additionally, under current Department of the Treasury Directive (TD) 81-08, paragraph 2, the authority to approve the use of Tier 2 and Tier 3 web measurement and customization technologies may only be granted by the Secretary of the Treasury. Because M-10-22 no longer requires an agency head to approve such uses, and because the ASM is the promulgating authority for TD 81-01, the ASM currently has the authority to grant an exception that would allow either the ASM or the CIO—rather than the Secretary of the Treasury—to approve the proposed uses herein.

 

At the time of this notice, the Treasury SAOP has reviewed the proposed uses of Tier 3 web measurement and customization technology.

 

The purpose of the web measurement and/or customization technology.

 

The United States Mint is replacing its Integrated Retail Information System, the system it currently uses to manage its numismatic products and services, with the Order Management System II (OMS II). OMS II is a next generation online retail sales and fulfillment system that will allow the United States Mint to continue to conduct its numismatic program in a productive, reliable and secure manner, while at the same time providing the online consumer an experience comparable to electronic commerce (eCommerce) retail industry standards. OMS II will use Tier 2 and 3 web measurement and customization technologies to maximize the marketing capabilities of the OMS II environment and to improve the functionality and shopping experience the United States Mint offers its customers.

 

The nature of the information collected, tracking Tier, and technology used.

 

To maximize the marketing capabilities of the OMS II environment and to improve the functionality and shopping experience the United States Mint offers its customers in the online store, OMS II will employ both Tier 2 and Tier 3 web measurement and customization technologies.  There are four types of visitors to the United States Mint’s online store who will encounter OMS II’s web measurement and customization technologies:  (1) Nonregistered Online Visitors; (2) Registered Online Shopping Account Customers; (3) Unregistered Online Single Transaction Customers; and (4) Online Visitors Who Subscribe to Email Communications from the United States Mint. For each type of visitor to the online store discussed below, the following information will be provided:  (a) the nature of the information collected; (b) the web measurement and/or customization technology usage (Tier 2 or 3); and (c) the technology used to track the visitor’s information.

 

  • Non registered Online Visitors (“Nonregistered Visitors”). These are individuals who visit the United States Mint’s online store, but do not register for an online shopping account, make any purchases or subscribe to receive emails (e.g., newsletters) from the United States
    • The nature of the information collected. Certain information is automatically collected from all Nonregistered Visitors to the online store using cookies (files that are placed on a website visitor’s computer to track and collect information).  If Nonregistered Visitors go to the online store (without first disabling first-party cookies) solely to read or download information—and do not, for example, send e-mail to the United States Mint or complete an online form or opt-in to certain data collections and uses (by purchasing online, creating an account or subscribing to a newsletter)—the United States Mint collects and stores only the following information:
      • Networking: the domain used to access the Internet and connection speed;
      • When/Where: the date, time, and region from which the online store was accessed;
      • Content: pages visited and files downloaded in the online store;
    • Referrer: the Internet address of a website that may have referred or linked the visitor to the online store; and
    • Device/Browser: the user’s browsing and purchasing behaviors while in the online store (but not on the rest of the United States Mint’s website or other sites to which the user navigates after leaving the online store), and other technical information about the computer or device used to access the online store (e.g., operating system, screen resolution and color, Flash/Java support, language).

When Nonregistered Visitors navigate to the United States Mint online store without first disabling first-party cookies, they are assigned an auto-generated visitor identifier to track their browsing and purchasing behavior while they remain in the online store (the tracking ends if the Nonregistered Visitor leaves the online store and navigates to other parts of the United States Mint site or to other sites).  The United States Mint automatically collects the geo-location data contained in the first six digits of the internet protocol (IP) address (“truncated” [not the full] IP address) and device settings.  IP addresses allow a website (e.g., the United States Mint’s online store) to recognize the device when the device owner visits the site. Because the truncated IP address reveals only broad geo-location data (i.e., a particular region), it is not PII.  This information is collected whether or not an individual who navigates to the online store is a Registered Customer (see below) or has logged into his or her customer profile.

 

  • The web measurement and/or customization technology usage Tier. Generally, Nonregistered Visitors will only encounter Tier 2 tracking (no PII associated with their browsing and purchasing behavior). They will not encounter Tier 3 tracking (association of their OMS II stored PII with their browsing and purchasing behavior) unless they opt in to the use of these technologies by becoming Registered Customers, Single Transaction Customers, or Email Subscribers.

 

  • The technology used to track the visitor’s information. A Tier 2 session cookie will be used to track the Nonregistered Visitor’s This means that as soon as the Nonregistered Visitor leaves the online store to navigate to another website (even other parts of the United States Mint’s website), the tracking ends (and only begins again the next time they visit the online store without first disabling first-party cookies).

 

  • Registered Online Shopping Account Customers (“ Registered Customers”).  The United States Mint provides customers the option of creating a registered These Registered Customers are individuals who visit the United States Mint’s online store, register for an account and make purchases online.
    • The nature of the information During registration, Registered Customers must provide: name (first and last), physical address, phone number, email address, login name, password, product and communication preferences, billing and delivery address (including country, city, county, state and zip code), order history and credit card payment information. In accordance with the online store’s Terms of Service, by providing this PII, the customer is also warranting that he or she is 18 years of age or older.  Registered Customers are also required to select and answer one of many security questions available (the responses to which contain PII).

 

  • The web measurement and/or customization technology usage Registered Customers

only encounter tier 2 web measurement and customization technologies (not linked to their PII) during their visits to the online store that predate their registration.  If customers wish to register to create an online shopping account, the United States Mint also requires that they explicitly agree (i.e., opt in) to the use of their full IP address (not merely the truncated [geo- location] version collected for online store Nonregistered Visitors) to track their browsing and purchasing behavior within the online store using a Tier 3 persistent cookie. This Tier 3 cookie is used to associate Registered Customers’ browsing and purchasing behavior with other information they provide to the online store.  The full IP address is PII because it can conceivably be traced to an individual when combined with other information (e.g., information from the Internet service provider regarding the account holder from whom the IP address originated, plus additional information from the owner of the account).

 

(c) The technology used to track the visitor’s information. The Registered Customer’s browsing and purchasing behaviors are tracked using a persistent cookie that associates the customer’s PII (name, billing and shipping address, phone number, email address, payment, birth month (if provided), and credit card information, product and communication preferences and order history) with his or her browsing and purchasing behavior (e.g., pages in the online store visited, products viewed and purchased etc.).

 

For United States Mint customers who already have an existing online shopping account when the United States Mint launches OMS II, the United States Mint will invite each of these customers to confirm his or her registration.  During the confirmation process, preexisting customers will be asked to agree to become a Registered Customer in OMS II by explicitly opting in to the use of persistent cookies to monitor their online store browsing and purchasing behavior and have it associated with their other account information.  They will also be required to create a new password to maintain access to their account and account services.  To do this, existing customers will need the answer to their security question that they provided when they first registered for an account on the online store.

 

  • Unregistered Online Single Transaction Customers (“ Single Transaction Customers”). Customers do not need to create an online shopping account to make an online

 

  • The nature of the information To make an online purchase of any kind (Registered Customer or Single Transaction Customer), the United States Mint requires information such as the customers’ credit card data, telephone number, name, and e-mail and postal addresses for customers or the gift recipient. In accordance with the online store’s Terms of Service, by providing this PII, the customer is also warranting that he or she is 18 years of age or older.
  • The web measurement and/or customization technology usage Single Transaction Customers only encounter Tier 2 web measurement and customization technologies (not linked to their PII) during their visits to the online store that predate their making an online store purchase or subscribing to United States Mint email communications. When Single Transaction Customers make a purchase, they are opting-in to certain collections and uses of their browsing and personal information.  Single Transaction Customers must explicitly agree (i.e., opt in) to have their full IP address (not the truncated version collected for Non- Registered Visitors) and their browsing and purchasing behavior tracked within the online store and associated with other information they provide to the online store.
  • The technology used to track the visitor’s Single Transaction Customers’ browsing and purchasing behaviors are tracked using a persistent cookie that associates their PII (First name, last name, telephone number, email address, billing address, shipping address, credit card information, [including expiration date and security code] credit card data) with their browsing and purchasing behavior. A customer’s browsing and purchasing behavior will be associated with additional types of PII if the Single Transaction Customer also conducts other transactions in the online store (e.g., becomes an Email Subscriber).

 

  • Online Visitors Who Subscribe to Email Communications from United States Mint (“ Email Subscribers”).  Online store visitors have the option of becoming Email Subscribers to receive e- mail communications (promotional/informational newsletters) from the United States Mint with general information about its products and  Email Subscribers can (but need not) be customers who purchase products and services from the United States Mint.  Therefore, these visitors can also be Single Transaction Customers or Registered Customers.

 

  • The nature of the information When an online store visitor becomes an Email Subscriber, the United States Mint collects information including the Email Subscriber’s name, e-mail address, birth month, and browsing and purchasing (if any) behavior. In accordance with the United States Mint online store’s Terms of Service, by providing this PII, the customer is also warranting that he or she is 18 years of age or older.

 

  • The web measurement and/or customization technology usage Email Subscribers who are neither Registered Customers nor Single Transaction Customers at the time they subscribe to email communications from United States Mint only encounter Tier 2 web measurement and customization technologies during their visits to the online store that predate their email communication subscription or online registration or purchase. Email Subscribers must explicitly agree (i.e., opt in) to allow their browsing and purchasing behavior to be tracked using a Tier 3 persistent cookie which is associated with other information they provide to the United States Mint online store.

 

  • The technology used to track the visitor’s Email Subscribers’ browsing and purchasing behavior is tracked using a Tier 3 persistent cookie that associates their PII (name, e-mail address, and birth month) with their browsing and purchasing behavior. Email Subscribers’ browsing and purchasing behaviors will be associated with additional types of PII if the Email Subscriber also conducts other transactions in the online store (e.g., becomes a Registered Customer or Single Transaction Customer).

 

The purpose and use of the information collection.

 

31 U.S.C. sections 5111(a)(3) and 5136 authorize the Secretary of the Treasury to prepare and distribute numismatic items and establishes the United States Mint Public Enterprise Fund from which the United States Mint may draw funds for the purpose of bureau operations and programs, including the production, administration, distribution, marketing, purchase, sale, and management of coinage and numismatic items.  Information collected by OMS II Tier 2 and Tier 3 web measurement and customization technologies is used to support United States Mint operations and programs and will be used solely for the purposes of such operations and programs.

 

Information collected through the use of Tier 2 web measurement and customization technologies will provide the United States Mint with insights necessary to enhance online customers’ browsing experiences and effectively focus marketing efforts to optimize customer engagement.  Information collected through the use of Tier 3 web measurement and customization technologies will improve online store navigation for customers who create a registered customer account by allowing them the opportunity to customize website settings based on interests and needs and saving them from having to provide duplicative information each time they make a purchase.  In addition, it will enable the United States Mint to create market segmentation groups and perform marketing analytics that it will use to provide customers with personally-customized marketing recommendations.

 

Whether and to whom the information will be disclosed.

 

Information collected by OMS II web measurement and customization technologies will not be shared with external agencies or otherwise except with explicit permission from the individual customer and in accordance with the Privacy Act and the Freedom of Information Act.

 

The privacy safeguards applied to the information.

 

The United States Mint applied the principles of “privacy by design” to this system. This means that privacy has been addressed as a requirement throughout OMS II’s acquisition, design, and development lifecycle and will remain a priority during operations. Procurement agreements require that service providers and subcontractors must comply with Federal, Department of the Treasury, and United States Mint privacy and information security policies, regulations and directives.  All contractors and subcontractors working in the development and maintenance of the system and program are required to sign non-disclosure agreements requiring that they use the information related to the program only for United States Mint purposes.  Pursuant to M-10-22 and TD 81-08, the United States Mint will not, under any circumstances, use OMS II web measurement and customization technologies:

 

  1. to track individual-level user activity on the Internet outside of the United States Mint online store (i.e., no tracking is even done on other parts of the United States Mint’s website);
  2. to share the data obtained through such technologies, without the user’s explicit consent, with other departments or agencies except pursuant to the routine uses stated in the system of records notice (Treasury/ United States Mint – .009 – Order Management System (OMS), replacing United States Mint .009, “Retail Sales System”);
  3. to cross-reference without the user’s explicit consent, any data gathered from web measurement and customization technologies against PII in a way that will make it possible to identify a particular individual with their online browsing and purchasing behavior;
  4. to collect PII without the user’s explicit consent in any

 

In addition to the privacy by design requirements incorporated throughout the procurement and development process, United States Mint employee and contractor employee access to OMS II information will be restricted to the least amount required to accomplish their assigned duties.  Further, all such employees are required to complete annual security and privacy awareness training and sign the IT System User Rules of Behavior.  The Rules of Behavior outline the appropriate and mandatory behavior of all those using United States Mint’s IT systems or systems operated on behalf of the United States Mint.

 

Information maintained by OMS II will be safeguarded and retained in accordance with all Federal, Department of the Treasury, and United States Mint security and privacy regulations, directives, and guidelines.  For additional information about the specific privacy safeguards applied to OMS II, review the OMS II privacy impact assessment:  Treasury/ United States Mint – .009 – Order Management System (OMS), replacing United States Mint .009, “Retail Sales System.”

 

The data retention policy for the information.

 

Electronic information in OMS II is being evaluated to establish the proper maintenance and disposition of records contained in the system.  Information will be maintained in a secure environment to ensure that no records are destroyed until a retention schedule is officially approved by the Archivist of the United States.

 

Whether the technology is enabled by default or not and why.

 

OMS II Tier 2 web measurement and customization technologies are enabled by default and gather aggregate and anonymous data for analytical and marketing purposes.  Pursuant to M-10-22, only Tier 3 web measurement and customization technologies require opt-in functionality.

 

OMS II Tier 3 web measurement and customization technologies are not enabled by default; they are only enabled after a Nonregistered Visitor explicitly opts in to become a Registered Customer, Single Transaction Customer, and/or Email SubscriberNonregistered Visitors are notified at the time they create a registered customer account, make a purchase, or subscribe to receive United States Mint marketing information via email that they are opting-in to the use of Tier 3 web measurement and customization technologies.  The notification includes notices that their browsing and purchasing behavior will be tracked and that information collected will be associated with their customer profile and the email address provided.

 

How to opt-out of the web measurement and/or customization technology.

 

While OMS II Tier 2 web measurement and customization technologies are enabled by default, all visitors to the United States Mint’s online store (whether they previously opted in or not) may disable first-party browser cookies to prevent their browsing and purchasing behavior from being associated with any particular customer, IP address, or other PII during their visit to the online store. Registered Customer, Single Transaction Customer, and/or Email Subscribers, however, must enable first-party browser cookies before making a purchase in the online store (after which, they are free to, once again, disable first-party cookies until they wish to make another purchase).

 

In addition to disabling browser cookies before visiting the online store, visitors may opt-out of OMS II uses of Tier 3 web measurement and customization technologies by not creating a registered customer account, canceling an existing account, subscribing to newsletters and notification services, and/or refraining from using the online store to purchase United States Mint numismatic products.

 

Statement that opting-out still permits customers to access comparable information or services.

 

Declining to opt-in to OMS II Tier 3 web measurement and customization technologies will not prevent a customer from accessing information on the United States Mint’s online store.  Declining to opt-in, however, will prevent customers from using the online store to place orders for United States Mint numismatic products.  As an alternative to the bureau’s online store, customers who choose not to opt-in may place orders for United States Mint numismatic products by using the United States Mint’s toll-free customer service line (800-872-6468 or TTY 888-321-6468), placing a mail order (United States Mint, PO Box 71191, Philadelphia, PA 19176-6191), or visiting a United States Mint point of sale (i.e., in person) location.

 

The identities of all third-party vendors involved in the measurement and customization process.

 

OMS II is a turn-key system developed, provided, and maintained by PFSweb, Inc.  Procurement agreements require PFSweb, Inc. and subcontractors to comply with Federal, Department of the Treasury, and United States Mint privacy and information security policies, regulations and directives. While PFSweb, Inc. is responsible for the development and maintenance of the OMS II environment, other third-party vendor applications support OMS II web measurement and customization processes. Those third-party vendors are as follows:  AgilOne, Demandware, IBM Digital Analytics, and Google Analytics.  For detailed information about how each of these third-party vendors supports OMS II web measurement and customization processes, please review the OMS II privacy impact assessment entitled: eCommerce End-to-End Solution: Order Management System II (OMS II), available at

http://www.treasury.gov/open/Pages/open-notices.aspx.

 

 

Last Edited on 2020/07/25

 

EnglishEspañolFrançaisDeutsch日本語简体中文