This policy governs each website, mobile site, application, and/or other property or service in all media (each, a “Website”) owned or provided by ssc.sale-north-face.org, LLC and its subsidiaries (“we,” “us,” or “our”) and it binds all those who access, visit and/or use the Website, whether acting as an individual or on behalf of an entity, including without limitation advertisers, creative and media buying agencies, analytics companies, survey/research vendors, widget providers, and other service providers, and all other entities that may collect digital content by any manner or medium whether now known or hereafter developed (collectively, “you” or “your”). This policy shall apply equally to all of your vendors, service providers, subcontractors, partners, agents, representatives, and any other third parties acting on your behalf. Without limitation and for the avoidance of doubt, this policy further applies to all vendors providing services to us.
This policy governs all data collected or received from the Website, by any means, including without limitation via an advertising unit, widget, code (as defined below) or other data collection process whether now known or hereafter developed, including without limitation data that relates to usage of the Website, user behavior, and/or analytics (collectively, “Data”).
This policy may be modified from time to time in our sole discretion. Continued access of the Website by you will constitute your acceptance of any changes or revisions to the policy.
(1) You will not collect or use, or direct, authorize or assist other persons or entities to collect or use, any Data, nor will you access or place any code, or direct, authorize or assist other persons or entities to access or place any code, on the computer or device operated by a user of the Website, including without limitation via actions such as cookie synching, without our prior express written permission in each instance. As used throughout this policy, “code” shall mean all pixel tags, cookies, clear gif, HTML, web beacon, scripts and all other tracking technologies.
(2) Without limiting the generality of the foregoing: (a) no Data may be collected, used or transferred for purposes of retargeting, behavioral remarketing, or targeting any advertisements, segment categorization or any form of syndication which is related to any Website, its content, or its users without our prior express written permission in each instance; and (b) you may not place any code that collects Data or tracks user activity on any Website without our prior express written permission in each instance.
(3) All Data collected is and will continue to be anonymous or you will immediately anonymize such Data. You will not deliberately collect Data that is “personally identifiable” or that constitutes “personal information” according to any applicable law, regulation, or agreement to which you are a party, and to the extent such Data is accidently collected, you will immediately securely delete or discard such Data. Without limiting the generality of the foregoing, you do not and will not aggregate Data collected into databases or engage in any other process that would result in the collation or organization of the Data such that the Data in such combined form would provide sufficient detail to enable the identification of individual users even if such Data was originally collected anonymously.
(4) All Data is and will continue to be our exclusive property. You may only use the Data in accordance with the agreement between us and you, subject to applicable confidentiality provisions, and must be destroyed by you upon completion of the project or termination of the Agreement, except as expressly set forth therein.
(5) Without limiting the generality of the foregoing, you will not use, resell or otherwise distribute Data: (a) to retarget users outside of the applicable Website, (b) in a manner that competes with our advertising services (including, by way of example and not limitation, by claiming to provide Data that identifies our users or users that “look like,” or share characteristics of our users, without necessarily tagging them on the Website), (c) as Data about, originating from or otherwise related to us, our customers, or the Website, and shall not label, denote or refer to in any manner the Data as having been derived from us or the Website, whether or not such Data contains any personally identifiable information, or (d) combine Data with third party data to create a new audience profile.
(6) Specific guidelines applicable to cookies on the Website:
(a) The billable tracking cookie and rich media tags of any rich media served units must be submitted to us for written approval prior to deployment and may not be implemented on the back end of the rich media tag;
(b) All cookies must contain a functioning expiration date which occurs after the time of placement;
(c) Unless we approve a later expiration date in writing, all cookies used in advertising campaigns must expire on the date that the ad campaign ends and all other cookies must expire no later than one (1) month after the date on which the cookie is stored; and
(7) Pixel tags on the Website may not be used in non-standard IAB, OPA, added value, or remnant online advertising units.
(8) You may not use Flash cookies, HTML storage or any forms of locally stored objects on the computer or device operated by a user of the Website.
(a) may not perceptibly increase the overall page latency during loading;
(b) must be able to support 4000 requests per second with 100 milliseconds or less Time to First Byte response and must fully load in 200 milliseconds or less;
(c) may only load after the online advertising unit itself loads using a “polite download” technique;
(d) may only trigger a single DNS lookup;
(f) may not be over 1 kilobyte in size unless we approve in writing; and
(g) must support TLS/HTTPS.
(10) Redirects are not permitted. Only direct requests can be made.
(11) You will not block or otherwise limit delivery of advertising for any reason related to impression guarantees, verification or other targeting, without our express prior written permission in each instance.
(12) We (and our representatives) shall have the right to inspect, review, and examine your policies, procedures, practices, records, and systems to verify compliance with this policy, provided that such inspection and review is conducted during reasonable business hours with no less than five (5) business days’ prior notice.
(13) You do and will employ up-to-date, industry recognized “best practices” with respect to technology and procedures to prevent and detect theft, piracy, leakage, unauthorized access, copying, duplication or distribution of all Data.
(14) You will notify us of any actual or suspected breaches of security in connection with Data as soon as practicable, but no later than one (1) week of discovery of such incident.
(15) Without limiting any of the foregoing, you hereby represent and warrant that you do and will comply with all applicable international and U.S. federal, state, and local laws, rules, regulations, legal orders or decrees and similar promulgations in connection with your collection, use and distribution of Data, including without limitation the Children’s Online Privacy and Protection Act (COPPA), the EU ePrivacy Directive, and FTC guidelines, as well as laws or regulations limiting the types of Data that can be collected (e.g., health information, credit scores etc.).
(16) You will provide a meaningful opportunity for users to opt-out from Data collection and targeting by you and your affiliates and customers. Data collection must respect Do Not Track headers.
(17) You will comply with the Self-Regulatory Principles for Online Behavioral Advertising as promulgated by the Digital Advertising Alliance (“DAA”), which is explained in detail at www.AboutAds.info, to the extent such principles, or part thereof, are applicable to your activities in connection with the Website.
(18) You will make reasonable efforts to use secure coding practices in the provision of all services to us and in all interactions with our users or customers. Secure coding practices means coding practices capable of meeting Level 2 of the most recent Application Security Verification Standard (ASVS) published by the Open Web Application Security Project (OWASP).
(19) You will not grant access to Data to any third party except a) on a need to know basis in order to provide specific services to you; b) after conducting a reasonable investigation of such third party; and c) upon entering a written agreement with such third party which contains obligations which are at least as restrictive as the foregoing.
(20) Our failure to object to your action or inaction, or our prior express written permission, in any instance does not and may not be deemed to constitute our opinion that such action or action is in compliance with, or brings you into compliance with, this policy or any applicable law, rule, regulation, legal order, or decree, and does not in any circumstance relieve you of your obligations to comply in all respects with this policy.