This Privacy Policy was last revised on and is effective as of 2/22/2023.

Table of Contents

What Type of Personal Information Do We Collect and How Do We Collect It? How Personal Information Is Used for Business Purposes

What Steps Are Taken to Keep Personal Information Secure? How Can I Access, Correct and Update Personal Information?

Can I Indicate Whether or Not I Want to Receive Promotional Communications? Is Personal Information Collected from Children?

Additional Notice for California Residents Contact for Privacy Questions

How Will I Be Informed About Changes Regarding This Privacy Policy?

This Privacy Policy forms part of your legal agreement with Ace Hardware Corporation, its subsidiaries, and affiliates (collectively, "Ace", "we", "our", or "us"). By downloading, installing, accessing, or using any of the Services (as defined below) or by submitting personal information to us in a manner governed by this Privacy Policy, you agree to the terms of this Privacy Policy, as amended from time to time.

Our Services may contain links to other websites, applications or services operated by others. Please be advised that the practices described in this Privacy Policy do not apply to information gathered through these other websites, applications, or services.

‌What Does the Privacy Policy Include?

Services are defined as:
- Online Services: certain online services provided by us that link to this Privacy Policy or on which this Privacy Policy appears, as well as the content, features, and software available on them, including online communications through or related to the Online Services;
- Offline Services: certain offline services may include offline communications through our Retailer Care Department in connection with the Online Services;
  
  Additional Terms. There may be additional policies, guidelines, FAQs, rules, click-through agreements, and other terms and conditions may apply to certain portions of the Online Services or certain content, features, products, and services available on the Online Services (collectively, "Additional Terms").
  1
  ‌What Type of Personal Information Do We Collect and How Do We Collect It?
  We may collect personal information to deliver the products and Services you request, to help improve your shopping experience, to support our business functions and in a variety of ways when you interact with Ace Services.
  Notice For International Retailers
  Any personal information you provide us will be processed by Ace pursuant to applicable data privacy laws, including, but not limited to Article 6.1 of the GDPR for the legitimate interests of Ace, as necessary for the performance of a contract, or in order to take steps necessary prior to entering into a contract.
  What Personal Information Do We Collect?
  We may collect the following categories of personal information. Not all categories may be collected about every individual.
Personal identifiers, such as name, address, email, telephone number and email address;
Device information, online identifiers and related information, such as operating system information, type of device, and screen size;
Internet, application, and network activity, such as browsing history, clickstream data, search history, and information regarding interactions with a website, application, or advertisement, including other usage data related to your use of any of our Services or other online services, cookies and IP addresses;
Retailer records such as purchase history information;
Location information, such as precise and general geolocation information;
Audio, visual and other sensory information, such as audio and video recordings.

How Do We Collect Personal Information?
We collect personal information from you or about you in a variety of ways, including: directly from you; from internet service providers, data analytics providers, from your device, and other technologies; from operating systems and platforms, and other external third-party sources.
You actively share personal information with us in various ways when you utilize the Services. For example, you may share personal information when you:
Make payments and purchases: When you make an online purchase, return, or other transaction, with us through the Services, we and/or our payment processor, as applicable, collect purchase and payment information in order to process your payment. We also maintain records about your past purchases, as well as items that you view or add to your cart.

Register and add to your profile information: When you create an account on one of our websites or mobile services, or participate in our programs, we collect certain personal information from you, such as your name and email address, as well as any personal information you post to your profile or account.
Communicate and interact with us or our Services: When you email, call, chat or otherwise communicate with us and with members of our team, we collect and maintain a record of your contact details, communications and our responses. We also maintain records communications and information that you post in chat sessions, forums and in other areas of the Services, well as on our social media channels when you post a rating, review or other user-generated content on one of our websites or mobile services, participate in a promotion, or survey, or use features of our websites and mobile services that may ask you to grant us access to the camera or microphone on your computer or mobile device (such as voice search or scanning bar codes) and other personal information you provide to us related to any customer support requests.
Participate in events and make other requests: We also collect personal information related to your participation in our events as well as other requests that you submit to us related to our Services. For example, if you register for or attend an event that we host or sponsor, we may collect personal information related to your registration for and participation in such event. When you fill out a ‘Contact Us’ form, signup for our mailing lists, or otherwise request information from us, we collect and maintain records of your requests.
Passively provide via your technical interactions: We may collect technical information when you use the Services. This may include information such as Internet Protocol (IP) address, the type of mobile device you use, your device operating system and browser type, unique identifiers, the address of referring websites, the path you take through our websites, and other information about your visit to our websites.
Analytics: Ace may also use cookies and other technologies to implement analytics tools, including, but not limited to, Google Analytics, that help us understand how the Services are performing, how you engage with the Services, and how you interact with our advertisements and communications. The information we collect using Google Analytics, which may be shared with Google, doesn’t include names or contact information, but may include Ace Rewards numbers, IP addresses, and activity on the Services. For more information on your privacy choices in connection with Google Analytics, including the Google Analytics Browser Opt-Out Add On, please visit the Google website
at https://www.google.com/policies/privacy/partners/.

Personal Information We Collect from External Third-Party Sources
We may receive personal information about you from other sources to help us correct or supplement our records, improve the quality or personalization of the Services and marketing to you, and prevent or detect fraud. Third parties may collect user data directly from you for their own use and subject to their own privacy policies.
‌How Personal Information Is Used for Business Purposes
Purposes of Collection and Processing
We use your personal information to provide you products and Services, such as to fulfill your requests for products or to help us personalize our Services. We also may use your personal information to support our business functions, such as fraud prevention, marketing, and legal functions. Some examples may include:
Providing services and support: To provide and operate our Services, to fulfill your order or requests for Services and provide customer service, to create and maintain your account, communicate with you about your use of the Services, provide troubleshooting and technical support, debugging to identify and repair errors that impair existing intended functionality, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes.
Responding to inquiries: To respond to your questions, fulfill your orders and requests, and consider your requests.
Analytics and improvement: To better understand how users access and use the Services and our other products and offerings, to conduct auditing and monitoring of transactions and engagement, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop Services and features, and for internal quality control and training purposes.
Customization and personalization: To tailor content we may send or display on the Services, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences.
Planning and managing events: For event planning and management, including registration, attendance, connecting you with other event attendees, and contacting you about relevant events and Services.
Research and surveys: To administer surveys and questionnaires, such as for market research or member satisfaction purposes.
Safety, quality and improvement: To undertake activities to verify or maintain the quality or safety and to improve, upgrade, or enhance the Services owned or controlled by us.
Security and protection of rights: To protect you and others, the Services and our business operations; to help ensure security and integrity and prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, our contract, if any, with you or this Privacy Policy.
Legal proceedings and obligations: To comply with the law and our legal obligations and to handle legal processes related to legal proceedings.
General business and operational support: To conduct business analysis, such as analytics, projections, or identifying areas for operational improvement and to consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.
Other notified purposes: For other lawful purposes that you reasonable expect, are permitted under applicable law and regulation or that we may notify you of from time to time.
Ace may combine personal information, collected online and offline, including personal information from third party sources as described below. Ace also may transfer or share your personal information within our corporate family of companies for these purposes, as permitted by law.
With Whom Do We Share Your Personal Information Outside of Ace Hardware Corporation?
We may share your personal information in the following circumstances:
Ace Affiliates: Ace may transfer personal information to its subsidiaries and corporate affiliates, including future subsidiaries and affiliates.
Service Providers: We engage service providers to perform services in connection with the operation of our business, including operation of Services and management of our retailer accounts.
Personal Information We Share with External Third Parties: To deliver information about products and Services that may be of interest to you, we may share personal information with other companies, such as measurement analytics providers.
Legal Requirements and Protection of Our Company and Others: We may share your personal information in other special circumstances, which include situations when sharing is permitted by law, or we believe sharing will help to protect the safety, property, or rights of Ace, our customers, our associates, or other persons.
We may also disclose personal information to enforce this Privacy Policy, to troubleshoot problems, and resolve disputes (including, without limitation, in connection with litigation or arbitration of any dispute between you and Ace or to assist us in the collection of amounts owed by you to us).
Sale, Transfer or Reorganization of Business: We reserve the right to transfer your personal information in connection with the sale or transfer of all or a portion of the business or assets of Ace or Ace affiliates to an entity in the event of a corporate transaction.
When You Authorize Us: In addition to the foregoing circumstances, we may share your personal information when you authorize us to do so.

‌What Steps Are Taken to Keep Personal Information Secure?

We use various security measures to protect personal information that we collect. However, we cannot guarantee that your personal information will be secure from disclosure or misuse, either by accident or by unauthorized access or use.

In order to help protect your personal information, you should keep your account usernames and passwords secure and not provide them to others. If we request that you re-set your username and/or password, please do so promptly. If you become aware of any loss, theft or unauthorized use of a username or password, please contact our Retailer Care Department by phone at (800) 777-6797.

‌How Can I Access, Correct and Update Personal Information?

You can access, correct, and update certain personal information by accessing your account through the Services, by clicking on the Settings button located on the AceNet home page, under your name. You can also update certain personal information by contacting our Retailer Care Department by phone at (800) 777-6797.

‌Can I Indicate Whether or Not I Want to Receive Communications?

If you no longer wish to receive notifications when someone replies to a discussion you follow or someone creates a new discussion in a tag you’re following, you can update your information within your account under “Settings” and “Notifications”.

‌Is Personal Information Collected from Children?

The Services are intended for adults. We do not sell any items ordered through our Services directly to anyone who we know to be under the age of 18, including children under the age of 16. If you are under the age of 18, you should not enroll in the Ace Rewards program or use our Services to submit orders or purchase any items. In addition, we do not collect online any personal information from anyone who we know to be under the age of 13. If you are under the age of 13, you should use our Services only with the

involvement of a parent or guardian and should not submit any personal information of any kind to us.

We do not sell or share personal information about persons who we know to be under the age of 18.

‌Additional Information for California Residents

The following provides information for California residents, as required under California privacy laws, including the California Consumer Privacy Act ("CCPA"). California privacy laws require that we provide California residents information about how we use their personal information, whether collected online or offline, and this portion of our Privacy Policy is intended to satisfy that requirement.

Under the CCPA, "personal information" is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Please note that this definition of personal information applies to only this section of our Privacy Policy.

California Residents’ Rights

California law grants California residents’ certain rights and imposes restrictions on

particular business practices as set forth below.

Notice of Right to Opt-Out of Selling or Sharing: California residents have the right to opt- out of our sale or sharing of their personal information. Opt-out rights can be exercised on our Your Privacy Choices webform on AceHardware.com, by calling the Retailer Care Center at (800) 777-6797. California’s definition of sale is broad and encompasses many

types of data transfers. However, we do not "sell" any retailer data in the traditional

sense for monetary compensation.

Notice of Right to Limit: Notwithstanding the purposes described above, we do not collect, use or disclose Sensitive Personal Information about retailers beyond the purposes authorized by the CCPA. Accordingly, we use and disclose Sensitive Personal Information about residents as reasonably necessary and proportionate: (i) to perform the Services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our Services;

(v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.

Notice at Collection We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such personal information is used.

Data Retention

We endeavor not to collect more data than necessary to fulfill our business needs. Categories of personal information collected and disclosed

Generally, we may collect the following categories of personal information (as set forth in the CCPA) about California residents that we collect and have collected in the prior twelve

(12) months, as well as the categories of third parties to whom we may disclose this personal information for a business or commercial purpose. In some cases (such as where required by law), we may ask for consent or give you certain choices prior to collecting or using certain personal information. California’s definition of sale is broad and encompasses many types of data transfers. However, we do not "sell" any retailer data in the traditional sense for monetary compensation.

Categories

Description

Third Party Disclosures for Business or Commercial Purposes

Identifiers (Name, contact info and other identifiers)

Such as a real name, alias, postal address, unique personal identifier, online identifiers, Internet Protocol address, email address, account number and similar identifiers.

advisors and agents
affiliates and subsidiaries
regulators, government entities and law enforcement
internet service providers; operating systems and platforms
advertising networks; data analytics providers
others as required by law

Categories of Personal Information Described in Cal. Civ. Code § 1798.80.

Records containing Personal Information, such as name, signature, photo, contact information, education, financial or payment information.

advisors and agents
affiliates and subsidiaries
regulators, government entities and law enforcement
internet service providers; operating systems, and platforms
advertising networks; data analytics providers
others as required by law

Commercial Information	Including records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	advisors and agents affiliates and subsidiaries regulators, government entities and law enforcement internet service providers; operating systems and platforms advertising networks; data analytics providers others as required by law
Internet or Other Electronic Network Activity Information	Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with an internet website or application, as well as physical and network access logs and other network activity information related to your use of any Ace device, network or other information resource.	advisors and agents affiliates and subsidiaries regulators, government entities and law enforcement internet service providers; operating systems and platforms advertising networks; data analytics providers others as required by law
Geolocation Data	Precise and general location information about a particular individual, vehicle or device.	affiliates and subsidiaries regulators, government entities and law enforcement internet service providers; operating systems and platforms advertising networks; data analytics providers others as required by law
Audio, Electronic, Visual, Thermal, or Similar Information.	Audio, electronic, visual, or similar information, such as, photographs, call recordings, and	advisors and agents affiliates and subsidiaries regulators, government entities and law enforcement

	other audio recording (e.g., recorded webinars).	internet service providers; operating systems, and platforms data analytics providers others as required by law
Sensitive Personal Information	Such as financial account and payment information; and precise geolocation information.	advisors and agents affiliates and subsidiaries regulators, government entities and law enforcement internet service providers, operating systems, and platforms others as required by law

Categories of Third Parties with Whom We Share, Sell, or Collect Information From

In general, we may collect the personal information identified in the table above from the following categories of sources:

advisors and agents
affiliates and subsidiaries
regulators, government entities and law enforcement
internet service providers
operating systems and platforms
advertising networks
data analytics providers
and others, as required by law.

Verifiable Privacy Requests
Subject to certain exceptions, California residents have the right to make the following requests, at no charge, up to twice every 12 months:
Right of Deletion: California residents have the right to request deletion of their personal information that we have collected about them, subject to certain exemptions, and to have such personal information deleted, except where necessary for any of a list of exempt purposes.
Right to Know – Right to a Copy: California residents have the right to request a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b)
electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance.
Right to Know – Right to Information: California residents have the right to request that we provide them certain information about how we have handled their personal information, including the:
- categories of personal information collected
- categories of sources which personal information was collected from
- business and/or commercial purposes for collecting, selling, or sharing their personal information
- categories of third parties with whom we have disclosed their personal information
- categories of personal information that we have disclosed or shared with a third party for a business purpose, and
- categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.
Right to Correction: To correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of your personal information.
Right of Portability: To obtain a copy of the personal information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit your personal information to another controller or business where the processing is carried out by automated means.
Right to Limit the Use of Sensitive Personal Information: We do not collect or process sensitive personal information for the purpose of inferring characteristics about you or for any business uses other than those permitted by the CCPA so no action is required.
Requests to Opt Out of Sales and Sharing: California residents may submit a request to opt out of sales and sharing by:
Submitting a request through our webform.
Clicking the Your Privacy Choices link in the footer of our website or accessing our cookie preference manager and opting out of "Sale or Share of Personal Information".

Submitting Requests: Requests to exercise privacy rights may be submitted on our Your Privacy Choices webform or by clicking the "Your Privacy Choices" button on the bottom of AceHardware.com. Additionally, individuals may contact Retailer Care Department at (800)

777-6797. We will respond to verifiable requests received from California residents as required by law.

Verification of Requests: For your protection, we may require you to log into your account to verify your identity or make requests if possible. We will only fulfill requests for personal information upon verifying your identity. In order to process requests to know, delete or correct, we require First Name, Last Name, Zip Code, Email, Phone Number and/or Store Number, and we may ask for additional information such as recent purchases or authenticated interactions with us depending on the nature of the request and the need to prevent fraud and protect security. The information provided in the request will be compared to the data Ace maintains for that Retailer. If the information does not match, we will be unable to process the request.

Authorized Agent Requests: An authorized agent is a person or business who has authorization to request to know what personal information we have about you, to delete the personal information we have about you, to correct the personal information we have about you, or to opt-out of the sale/sharing of personal information on behalf of a California resident. Authorized agents use the same links described above to submit requests.

If you are submitting a request on behalf of another person, we require an authorization, and/or other documentation demonstrating your authority to submit this request. This can be a letter or other documentation signed by the California resident authorizing you to submit this request. Ace reserves the right to contact the Retailer directly to verify their identity and ensure that they have elected an authorized agent.

Right to Non-Discrimination. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA.

Contact for Privacy Questions

For questions or concerns about the practices described in this Privacy Policy, please contact the Retailer Care Department at (800) 777-6797.

How Will I Be Informed About Changes Regarding This Privacy Policy?

We may change this Privacy Policy from time to time without prior notice. Revised versions of this Privacy Policy will be posted on this page, together with an updated effective date. You should check this page periodically to see if any recent changes to this Privacy Policy have occurred. In some cases, we may post a notice of the revision on the Services and/or send an email or other communication notifying users of the changes. If you have any questions regarding this Privacy Policy, please contact our Retailer Care Department by phone at (800) 777-6797.

I confirm and agree to the terms in the Privacy Policy, Categories of Personal Information, and Notice For International Retailers.

Responding to inquiries: To respond to your questions, fulfill your orders and requests, and consider your requests.

Customization and personalization: To tailor content we may send or display on the Services, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences.

Planning and managing events: For event planning and management, including registration, attendance, connecting you with other event attendees, and contacting you about relevant events and Services.

Research and surveys: To administer surveys and questionnaires, such as for market research or member satisfaction purposes.

Safety, quality and improvement: To undertake activities to verify or maintain the quality or safety and to improve, upgrade, or enhance the Services owned or controlled by us.

Legal proceedings and obligations: To comply with the law and our legal obligations and to handle legal processes related to legal proceedings.

Other notified purposes: For other lawful purposes that you reasonable expect, are permitted under applicable law and regulation or that we may notify you of from time to time.

Ace Affiliates: Ace may transfer personal information to its subsidiaries and corporate affiliates, including future subsidiaries and affiliates.

Service Providers: We engage service providers to perform services in connection with the operation of our business, including operation of Services and management of our retailer accounts.

Personal Information We Share with External Third Parties: To deliver information about products and Services that may be of interest to you, we may share personal information with other companies, such as measurement analytics providers.

Sale, Transfer or Reorganization of Business: We reserve the right to transfer your personal information in connection with the sale or transfer of all or a portion of the business or assets of Ace or Ace affiliates to an entity in the event of a corporate transaction.

When You Authorize Us: In addition to the foregoing circumstances, we may share your personal information when you authorize us to do so.

Notice at Collection We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such personal information is used.

Right to Correction: To correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of your personal information.

Right to Limit the Use of Sensitive Personal Information: We do not collect or process sensitive personal information for the purpose of inferring characteristics about you or for any business uses other than those permitted by the CCPA so no action is required.

Requests to Opt Out of Sales and Sharing: California residents may submit a request to opt out of sales and sharing by:

Submitting Requests: Requests to exercise privacy rights may be submitted on our Your Privacy Choices webform or by clicking the "Your Privacy Choices" button on the bottom of AceHardware.com. Additionally, individuals may contact Retailer Care Department at (800)

Right to Non-Discrimination. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA.