Privacy
Policy
The
LEGO Group Privacy Policy
Last Modified: June 20,
2018
Our
Privacy Policy
Welcome to our privacy
policy! It’s great that you’d like to know more about how we keep your
information safe. This policy will give you information about how we look after
your personal data when you visit our website (regardless of where you visit it
from) or use our services or our applications (apps). The policy also tells you
about your privacy rights and how the law protects you.
So, if you’re looking for
more information on how we collect, store, use and share your personal data we
collect, this is the place for you!
Now to start us off with,
a couple of practical but highly important details for you to take note of!
Who we
are
The LEGO Group is made up
by several different legal entities spread around the world. Read more about
the LEGO Group here https://www.lego.com/aboutus
This privacy policy is
issued on behalf of all the companies in the LEGO Group. All the companies in
the LEGO Group has decided that the Danish company LEGO System A/S is our
global data controller (the one responsible and in charge of the data).
So, when we use “we”, “us” or “our” in this policy, we are actually talking
about LEGO System A/S.
How to
contact us
We have appointed a data
protection officer (“DPO”) who is responsible for overseeing questions in
relation to this privacy policy. If you have any questions about this policy,
please contact our DPO at:
LEGO
System A/S
Aastvej
1,
7190 Billund,
Denmark
Att: Data Protection
Officer
Or by email: privacy.officer@LEGO.com
Telephone: ++42 0 312 778
197
Please include your name
and if you know it, the relevant LEGO Group company. If you don’t have that
information, it’s absolutely fine and we will then, treat your request as if it
the question relates directly to LEGO System A/S.
Your
rights as a someone we have personal data about (data subject)
You can make changes to
your account information yourself by editing them from within your account
settings. If you wish to unsubscribe from e.g. newsletters or marketing emails
you will be able to do so via the link provided in those emails. If you wish to
delete cookies placed, our cookie policy will help show you how to do that
(more on that later in the Policy under Cookies).
At any point while we are
in possession of or processing your personal data, you have the following
rights:
-
Right of access – you
have the right to request a copy of the information that we hold about you.
-
Right of rectification –
you have a right to correct data that we hold about you that is inaccurate or
incomplete.
-
Right to be forgotten –
in certain circumstances you can ask for the data we hold about you to be
erased from our records. If we are legally obligated to keep the information or
if it is impossible or unproportionate, we won’t delete it but we will only
keep it for as long as it is needed and we have time limits on our data
systems.
-
Right to restriction of
processing – where certain conditions apply to have a right to restrict the
processing.
-
Right of portability –
you have the right to have the data we hold about you transferred to another organization.
-
Right to object – you
have the right to object to certain types of processing such as direct
marketing.
-
Right to object to
automated processing, including profiling – you also have the right not to have
a computer make decisions about you directly (this doesn’t include general
marketing based on your age or gender).
-
Right to judicial review
– if we refuse your request under rights of access, we will provide you with a
reason as to why. You have the right to complain.
One thing to bear in mind
before contacting us. Our sites and applications may contain links to other
sites not owned or controlled by us. It could as an example be social media
platforms/services. We are not responsible for the privacy practices of those
sites, so if you have questions regarding such sites, you need to contact the
site directly. We also really encourage you to be aware and read the privacy
policies of other sites because they may very easily be collecting, storing,
using and sharing your personal information.
Complaints
about our behavior
You have the right to
complain if you don’t feel the LEGO Group is living up to our responsibilities
when it comes to your data.
We have a Global Data
Protection Officer at the LEGO Group, who takes your complaint very serious.
You can contact our Global Data Protection Officer on this email privacy.officer@lego.com. We
will send you a confirmation within 5 days and do our very best to deal with
the issue within 1 month. If the issue is difficult or requires a lot of work
it may take longer, but we will keep you updated.
You always have the right
to complain to the authorities as well, but because we take privacy matters
very seriously, we would really appreciate it, if you would talk to us. The
authority having the right to look at us, is the Danish Data Protection Agency.
You can see further information on their webpage: https://www.datatilsynet.dk/.
You can complain about:
-
how your personal data
has been processed;
-
how your request for
access to data has been handled;
-
how your complaint has
been handled;
-
appeal against any
decision made following a complaint.
Our
rules for collecting data
We take your privacy
really seriously, so we’ll only ask for the information we need to have so we
can give you great service.
Whenever we collect
customer data, we make sure:
-
We ask for permission to
collect the data
-
We only use the data for
the agreed reason and for the time it’s needed
-
We will as a minimum meet
the local data protection laws in the country where we provide you with a
service via our website or our applications.
-
We keep data that we’re
legally required to have on record
-
We explain why we need
the data and how we’ll use it (unless we have legitimate reason not to)
-
We check and update
privacy information on a regular basis (we might also cross-check the data
against other database to make sure it’s correct)
-
We don’t share data with
anyone unless we have a legal or legitimate reason, or we have permission from
you or if you are a child under 16 from your parents.
Collecting
data in our online channels
We collect your personal
and anonymous information from you when you visit any of the sites on our
LEGO.com domain or when you use one of our applications. When you visit our
online channels, you’ll be able to check if we’re collecting data under terms
and conditions of the site.
We also receive
information via third party when you visit our page on social media sites or
channels (e.g Facebook, Twitter, Youtube, Instagram, Wechat etc).
Types
of personal information we collect
When you’re visiting any
of these online channels, we may collect:
-
Registration information
that we use to help you set up an account (e.g. your name, country, gender,
date of birth, email address, username and password).
-
Payment or transactional
information that we use when you buy products or use online services (e.g.
postal address, phone number or credit card number).
-
Location information or
your IP Address that we use to give you relevant online content.
-
Information you’ve shared
publicly on our forums.
-
Information you’ve sent
to an individual or group using our messaging, chat or post services
-
Information you provide
when you use our own online channels or third-party channels (such as social
networks) or if you link your LEGO registration account to a third-party
platform.
Why we
need to process personal data
In legal terms, the way
we ‘process data’ describes how we collect, store, use, share and delete the
data we receive from customers. When you share your personal information with
us on our online channels, we’ll process your data as described in this Privacy
Policy.
As we’re a global company
that sells toys directly to customers and offers many different experiences for
our fans, we need to process personal customer data, so that:
-
Customers can buy
products from our online LEGO Shop and have them delivered where they want
-
Customers are able
register for any accounts and services they want to use
-
Customers can use the
online and offline LEGO experiences we’ve created for them
-
Customers can share
information on our public forums
-
We can send customers any
information they’ve asked us for or answer their questions
-
We can ask customers to
give us feedback on our services through questionnaires and surveys
-
We can provide our
customers with relevant marketing information about our products.
Always keep in mind, that
if you’re using a LEGO service through a third-party channel like social media
or a LEGO app, your personal data may also be processed by that third-party
according to their own privacy processes.
We may use automated
decision making in processing your personal information for some services and
products. An example is our fraud prevention and detection efforts on
shop.LEGO.com. You can request a manual review of the accuracy of an automated
decision if you are unhappy with it.
How we
process personal data
When you visit our online
channels or when you use third-party sites or platforms, we use technology such
as cookies, flash cookies, pixels and web beacons to process your personal
data.
Please visit our Cookie Policy for
more information, including information about how to delete cookies places on
your device and how to prevent them from being put there in the first place!
Be mindful that if you do
enable a prevent cookies functionality on your device, some of our services and
functionalities on the site will no longer work.
We also collect
information from other trusted sources, so we can update or add to the personal
information we’ve collected ourselves.
Sharing
information with trusted subsidiaries (other LEGO companies)
Our subsidiaries (the
other companies in the LEGO Group) may sometimes need to access your
information to provide services to you on our behalf. Because the LEGO Group is
passionate about your privacy, we have made a decision to implement the same
privacy protection all over the world, so you can feel safe no matter which
LEGO Group company is using your data. Legally, other LEGO Group
companies will then be acting as ‘data processors’ and will be subject to data
processing laws. They need your personal data so they can:
-
Deliver products and
services you’ve requested
-
Get in touch with you
about your account or transactions
-
Send you information
about our sites, applications and policies
-
Send you any newsletters
you’ve signed up for (you can unsubscribe at any time)
-
Process information that
the subsidiary is formally contracted to process on our behalf, e.g. carry out
a purchase placed by you, manage your LEGO ID account activity or your VIP
account data.
-
Identify, review and stop
any activities that could breach our policies or break the law
Sharing
information on public forums and chat
As our public forums and
chat services can be read by everyone, any personal information you share on
them can be seen publicly. If you’d like us to remove any of your
personal information from public areas of the site, please email our Customer Service. If we
can’t remove your personal information for any reason, we’ll let you know why.
If you’re under 16 years old, you’ll need the permission of a parent or
guardian to use our public forums or chat features.
Sharing
your LEGO ID
You can use your LEGO ID
on our trusted partners’ third-party websites, so you can play virtual games
without creating a separate account. If you choose to use your LEGO ID, we’ll
have access to some information that you provide to the third-party websites.
We’ll collect, store, use and process that information according to this
Privacy Policy. Third-party sites will also be able to access some information
from your LEGO ID profile, so you can to take part in experiences on their
site. Please read their privacy policy if you’d like to know more about how
they use your information.
Sharing
information on Social Media (Features) and Widgets
Some of our websites may
include social media links such as the Facebook ‘like’ button, widgets like
‘Share this button’ and interactive mini-programs. If you click on any of these
links, the features may collect your IP Address and record which page you were
visiting at the time. The features may also use cookies so that the feature can
function properly. Social media features and widgets are hosted by third
parties or may be hosted directly on our website. When you’re using these
features and widgets, your personal data will be processed by that third-party
according to their own privacy policies.
Sharing
information with other companies
Please see our category
list of trusted third parties that we may share your information with here.
We won’t share your
personal information outside the LEGO Group except:
-
When we need to enforce
the terms of use or the policies that we ask customers to agree to;
-
When we need to protect
the safety, security, rights and property of our customers or third-party
partners;
-
When we need to meet
legal processes or if disclosure of the data is required by law;
-
When we’re asking other
companies like e.g. couriers, shipping and warehouse service provides, payment
providers, IT platform providers, fraud detection and prevention providers,
survey providers, product catalogue providers and customer service suppliers to
deliver services on our behalf; We have contracts with the companies to make
sure they only use your personal information for agreed services and meet legal
requirements;
-
When we store your
information using secure cloud storage services/facilities. We have contracts
with companies to make sure they only use your personal information for the
agreed services and meet legal requirements;
-
If a merger, acquisition
or sale of assets ever meant we needed to share information with a third party
- in this case we’d email you and post a notice on our website to publish the
change of owner and we’d also tell you how your data would be used and give you
options regarding your personal data;
-
When you’ve given us
permission to share your information with third parties so they can send you
information on their products and promotions (you can opt out of these emails
by contacting our LEGO Customer Service team
although in some cases you may also need to contact the third-party directly);
-
When you have given us
permission to share your information with third parties, so they can provide
you with marketing information and promotions regarding our products (as an
example personalized advertising provided via a social media platform). You can
opt out of such marketing activities by adjusting your cookie settings on your
device. In some cases, you may also need to contact the third party directly
(in case of social media adjust your privacy settings and request deletion of
collected information by the third-party site)
-
When you’ve asked us to
share your personal information with third-party sites or platforms like social
networking sites – once it’s been shared, your personal data will be processed
by that third-party according to their own privacy processes
How
long do we keep your personal information
We’ll keep your personal
information as long as your account is active or as long as it’s needed to
provide a service. We have so called retention polices for each of the
categories of personal information that we process.
If you’d like to cancel
your account or for us to delete your data, we’ll only keep information that we
need for legal reasons, to resolve disputes or to enforce our agreements.
Our
Cookie Policy
Cookies are small data
files that your browser places on your computer or device. A cookie itself does
not contain or collect information. However, when it is read by a server via a
web browser it can help a website deliver a more user-friendly service – for
example, remembering previous purchases or account details.
Like most websites, our
online channels and our applications (apps) collect some information (e.g. information
on IP addresses, browsers, internet service providers, referring pages, exit
pages, operating systems, date stamps, time stamps and clickstream data). This
information won’t be linked to any other information we collect about you
unless you have given your consent that we may do this.
Both we and our
third-party tracking utility partners use browser storage, app storage,
cookies, pixls, beacons, scripts and tags to analyze trends, administer the
site, track user movement through the site and collect demographic information
about our overall user base. We may receive reports on these from our
third-party tracking utility partners on an individual and aggregate basis. For
more information about cookies, please read our full Cookie Policy.
Keeping
children safe online
We care deeply about
making sure children are safe online and have extra privacy processes in place
to make sure we’re keeping our younger fans safe when they’re using our online
channels. In fact, some features have age gates so to prevent children from
inadvertently using such features. We also take all reasonable care to secure
that we don’t knowingly collect, store, use or process personal information
from children who may use those features without proper parental consent.
We’ve joined a digital
child safety program which audits our company on a yearly basis to make sure we
follow the rules in the way interact with children online.
We also follow all
relevant laws for children aged between 13 and 18 and when it comes to personal
data, we consider anyone under the age of 16 years a child
If you have any questions
or concerns about our Privacy Policy, please contact our Data Protection
Officer at privacy.officer@lego.com.
If you have an unresolved
privacy or data use concern that we have not addressed satisfactorily, please
contact our U.S.-based third party dispute resolution provider (free of charge)
at https://feedback-form.truste.com/watchdog/request. To view a list of properties covered by our
Dispute Resolution provider, please click the seal located at the top of this
section.
When we do process
personal information from children, we take extra steps to protect their
privacy including:
-
Making sure we tell
parents what personal information we collect, store, use and process from their
child and explaining whether we share the information
-
Meeting legal
requirements by asking for parental consent to collect, use and process a
child’s data and asking for consent to send their children information about
our products and services
-
Limiting how we collect,
store, use and process personal information from children so only data that is
reasonably needed for them to take part in an online activity is collected
-
Giving parents access or
the option to ask for access to personal information we’ve collected from their
child – parents can also ask for their children’s personal information to be
changed or deleted
Collecting
and using children’s information
While some of our
websites, channels and apps are designed with families and users of all ages in
mind, others are intended to be used mainly by children. Whenever we collect
personal information from a child, we only keep the information for the time we
need it to provide a service or for the time it’s legally required to be kept on
record.
While children can choose
whether to share their information with us, there are features of our websites
that won’t function if they haven’t given us their information. Where personal
information is needed for features to function, we’ll only ask for information
that is reasonably required to take part in the activity.
Here are some examples of
times when we collect children’s data:
-
When children register
online
Children can register on our websites to
access a variety of services including content, games and competitions. During
registration, we may ask a child to provide their parent’s or guardian’s email
address, the child’s first name, gender, their birth date, their username and
password. We use this information for security and notification reasons. We
strongly encourage children to create a username that excludes any personal
information.
-
When children share
content they’ve created themselves
Some of our websites allow children to create
or use content themselves. Since only some of these features require personal
information from the child, not all activities require consent from a parent or
guardian. Whenever an activity could potentially allow a child to share
personal information, we either review the content ourselves and make sure personal
information is removed or ask for permission from a parent or guardian to
collect the data. Types of personal data that children have shared with us in
the past include stories, free-text fields, drawings that allow text or
free-hand entry of information, photographs of your child, sound clips, movie
files or any type of content or other persistent identifiers that clearly
identifies the child in some way. If, as well as collecting content that
includes personal information, we also plan to share the content publicly or
with a third party for their own use, we’ll ask the parent or guardian for
‘verifiable parental consent’ (which is a higher level of parental consent).
-
When children enter
contests and sweepstakes
If a child wants to enter a competition, we
ask for the personal information we need for a child to take part. We usually
only ask for the child’s first name (so we can tell the difference between
children from the same family) and the email address of a parent or guardian
(so we meet legal requirements to notify the responsible adult). We’ll only
contact the parent if the child wins the contest or sweepstake to find out
where to send the prize. If the competition asks the child to create content to
enter, we may need to ask for parental consent by email in advance to ensure we
meet the privacy requirements for content children have created themselves
(please see the information above about children creating content). Without
consent, children won’t be able to take part in our competitions.
-
When children receive
emails from us
We may need ask for their child’s contact
details (including their email address) so that we can reply to a question
they’ve asked us. To meet legislative requirements around the world, we’ll
delete any information we have on the child as soon as the reply’s been sent.
If we need to get in touch with the child a second time, for example to reply
to additional questions, we would request an email address from their parent or
guardian. We’d then only keep the child’s online contact information for the
time it takes us to honor their request and wouldn’t use the information for
any other purpose. If we ever need a child’s online contact information for
ongoing communication, we’d ask for the parent’s or guardian’s email address at
the earliest opportunity so that we can keep the adult informed of the data
we’re collecting and to give the parent an option to ask us to stop collecting
data. Parents or guardians can opt out of any communication we have with their
child at any time by following the unsubscribe instructions within each
communication (if there is more than one type of communication, the adult may
need to opt out of each individually). Alternatively, they can contact
our LEGO Customer Service team.
-
When children receive app
push notifications
Many apps send users ‘push notifications’ to
their customers’ mobile phones or devices to tell them about updates (sometimes
even when the app is not in use). Some of our apps are designed to be used by
children. We ask children to provide the email address of their parent or
guardian, so we can tell the adult about their child’s request before we send
children push notifications from our apps. We don’t link the device identifier
with any other personal information without parental consent. If you would like
your child to stop receiving push notifications from one of apps, you can
change the settings on the device your child’s using at any time.
Some of our websites, channels and apps are
designed for children. We request consent from a parent or guardian by email
before collecting information on a child’s street name, address or coordinates.
We do that because such information will effectively make us able to identify a
specific child. As an opposite, we don’t require parental consent to collect
information on a child’s city, country or region as long as it isn’t linked
directly to the specific child. The reason for this, is that such generic
information will not make us able to identify a specific child. If you would
like to stop us collecting this type of location information, you can adjust
the settings on the device your child is using at any time. Alternatively,
please contact our LEGO Customer Service team.
So we can give visitors to our online channels
more relevant and personalized online experiences, we automatically collect
some types on information (e.g. information on IP addresses, mobile device
identifier, browsers, internet service providers, referring pages, exit pages,
visitor frequency, operating systems, date stamps, time stamps and clickstream
data). We collect this information using technologies such as cookies, pixels,
flash cookies, web beacons and other unique identifiers (which we define under
the Cookie Policy section of this Privacy Policy). We may collect this
information ourselves or ask a third party to process the data on our behalf.
We use this data to give children access to online features and activities, to customize
content, to improve our online channels, to analyze the performance of our
online channel and to create anonymous reports. If we ever want to collect
children’s data for any other reason, we would contact the child’s parent or
guardian for consent in advance. A list of third-party operators who collect
‘persistent identifiers’ on our sites and apps can be found in our Cookie Policy.
What if
we accidentally collect children’s data?
If we discover that we’ve
unintentionally collected information from a child in a way that doesn’t meet
COPPA requirements, we will delete the information immediately.
Requesting
parental consent
Asking
for low-level consent by email
If we need to collect a
child’s personal information, we’ll ask for parental consent according to COPPA
legal requirements. We’ll send the child’s parent or guardian an email
explaining what information we’re collecting, how we plan to use it and ask the
parent to give or deny their consent. If we don’t receive parental consent in a
reasonable time, we’ll delete all information we’ve collected from the child
including the adult’s contact information that we asked for in order to request
consent.
Asking
for high-level ‘verifiable consent’
If we want to share a
child’s personal information publicly or with a third party, we’ll seek a
higher level of parental consent than the email request described above. We may
ask for verification by credit card or other payment method (with a nominal
charge involved), verification over the phone or through a video chat to a
trained customer service representative or a signed consent form to be returned
to us by mail, email attachment or fax. We may give the parent a guardian a PIN
or password that they’ll be able to use in future communications to confirm the
adult’s identity.
What if
a parent or guardian hasn’t been contacted for consent?
If a child under the age
of 16 accesses an online channel that’s designed for children by using an age
gate, we’ll email the child’s parent or guardian before collecting any personal
information from the child. If you think that your child is taking part in an
online activity that collects their personal information and you or another
parent/guardian hasn’t received an email letting you know or seeking your
consent, please contact our Data Privacy Officer at privacy.officer@lego.com.
We won’t use email addresses provided for parental consent for any other
purpose unless the adult has expressly opted in to marketing emails or taken
part in an activity which allows email contact.
Parental
choices and controls
At any time, parents or
guardians can refuse to allow us to use and collect further personal
information from their child. Parents or guardians can ask us to delete the
personal information we have collected in connection with their child’s account
from our records. As personal information is required for some services, deleting
a child’s records may result in an account, membership, or service being
unavailable to the child in future.
If a child has a
registered LEGO ID, parents or guardians can access, change or delete the
personal information we’ve collected from their child by:
If you’d prefer to
contact us, please let us know your child’s username along with the your own
telephone number and email address. We’ll need to confirm your identity as the
parent or guardian of the child before granting access to the child’s personal
information. We will respond to your request within a reasonable timeframe.
If we make material
changes to how we use Personal Information collected from a child under the age
of 16, we’ll tell their parent or guardian by email and ask for ‘verifiable
parental consent’ for the new uses of the child's personal information.
Sharing
information we have consent to share with others
If we’ve received
high-level parental consent to share a child’s personal information publicly,
we may also share personal information with our service provides or legal
authorities. We may share information with our service providers including
software solution companies, online security partners and customer services.
Our contracts with these companies make sure they only use personal data for
the agreed purpose.
We may share personal information
to meet legal processes or if disclosure is required by law. As allowed by
relevant laws, we may also share personal information collected from children
to:
-
Comply with a request
from to a law enforcement or public agency (including schools or children
services) or to avoid liability
-
Make a disclosure that we
believe may stop a crime being committed
-
Help an investigation
related to public safety
-
Protect the safety of a
child who’s using our online channels
-
Protect the technology of
our service providers or security of our online channels themselves
Parents have the right to
consent to the collection, use and processing of their child’s personal
information without also having to consent to the disclosure of that
information to third parties. We don’t share information with third parties
other than as described above.
Our
employees
Whether you’re an
existing employee or applying for a job with us, we’ll process specific
information relevant for your employment and application. The principles in this
Privacy Policy will also apply to your employment and application.
LEGO
Partners
We define LEGO Partners
as other companies doing business with the LEGO Group. We process information
on our LEGO Partner companies for collaboration and evaluation purposes.
Data
security and integrity
The security, integrity
and confidentiality of customer information is extremely important to us. We
use technical, administrative and physical security measures to protect
personal information from unauthorized access, disclosure, use and
modification. All external transfers that contain personal information are done
using encrypted technology. Credit card information is handled by approved
service providers that meet PCI (Payment Card Industry) standards and have
appropriate safeguards in place.
Although we regularly
review our security procedures and evaluate new technology and methods to make
our online channels safer, no security measures are perfect or impenetrable.
Our customers, employees
and partners also play an important role in protecting information. We
encourage customers to choose passwords that are difficult for others to guess
and to keep their personal passwords secret.
Should you notice any
flaws or concerns in our security, please contact our LEGO Customer Service
team as soon as possible.
If we ever experience a
data breach in which customer information is at risk of being misused, we’ll
contact customers according to legal requirements. If necessary, we’ll also
contact data protection authorities.
Data
transfers, storage and processing globally
As we’re a global
company, we may transfer your personal information to individual subsidiaries
of the LEGO Group or third parties in locations around the world for the
purposes described in this Privacy Policy. Whenever your personal information
is transferred, stored or processed by us or by companies carrying out such
services on our behalf, we’ll take reasonable steps to safeguard the privacy of
your personal information. Additionally, when using or disclosing personal
information we abide by our Binding Corporate Rules, when these become
effective.
The Binding Corporate
Rules provide the highest security to you when it comes to how your information
is processed.
Binding
Corporate Rules and local legal requirements
We want to make sure we
as a minimum use the standards of data privacy and security that follows from
the European General Data Protection Regulation (“GDPR”) anywhere in the world
where we collect, store, use or share your personal data. Where your local rules
require more from us than that, we will adjust our practice to make sure your
data is safe with us no matter where in the world you are! To bind us to that
promise we have implemented something called with Binding Corporate Rules with
effect from June/2016 ‘Binding Corporate Rules. These rules are set by European
data authorities across the European Union (EU) and set the some of the highest
standards in the world on data collection, storage, use and sharing.
Notice
to California Residents: If you’re a
California resident, you’re permitted by California Civil Code Section 1798.83
to request information regarding the disclosure of your personal information by
certain members of the LEGO Group to third parties for the third parties’
direct marketing purposes. With respect to these entities, this privacy policy
applies only to their activities within the State of California
Notice
to Australian Residents: In regard to how we
process your information to be compliant with local legislation the following
will apply in supplement to the Privacy Policy:
We generally collect
personal information directly from you where this is reasonable and practical
but may also acquire information from other trusted sources to update or
supplement the personal information you provided or which we processed
automatically.
-
We may also use your
personal information to tell you about the products and services of the LEGO
Group or third parties. From time to time, we and our LEGO Group entities and
business partners may contact you by mail, telephone, email or other electronic
messaging services (such as text, voice, sound or image messages including
using automated calling systems) with information about products and services
(including discounts and special offers). If you no longer wish to receive
marketing or promotional information from us and our LEGO Group entities or our
partners, you can unsubscribe at any time. There are certain messages relating
to the goods and services we provide to you that cannot be unsubscribed from.
-
Should the LEGO Group
experience a data breach and your information be involved, we will contact you
if there is a risk of serious harm to you and if we are legally obliged to do
so. In some instances, the LEGO Group will also be legally obliged to contact
(data protection) authorities when a breach of privacy information occurs.
-
We will take such steps
that are reasonable in the circumstances (if any) to destroy or de-identify
personal information when it is no longer required.
Changes
to this Privacy Policy
We may change this
Privacy Policy to accommodate new technologies, industry practices, regulatory
requirements or for other purposes. We will provide prior notice to users by
email and post the information on our online channels if these changes are
material and request your consent if legally required.
Third
party vendor categories
The LEGO Group works with
several trusted partners to secure that we provide you, our business partners
and our employees with the best experience possible. This means that we will at
times need to allow third parties to process personal data.
To give you an overview
we have categorized the type of vendors we use and what we use them for on a
category basis.
However, if you wish to
know what cookies we are placing on your devices – please look at our
detailed third- party cookie
list.
We
process personal data with vendors in the following categories:
IT
Service providers - we use a series of
trusted partners world wide to provide us with IT services and system
administration services - in regards to both our customer and partner facing
activities as well as our internal IT and administration systems.
Global
payment provider and processing partners - to
secure a safe and efficient payment process both online, in our stores or
through invoicing or money transfers.
Cloud
storage partners - we store our and your
data at secure data centers around the world.
Fraud
Prevention and detection partners and agencies – working
with the LEGO Group world wide to secure that the LEGO Group is not defrauded.
Warehousing,
packing, shipping and delivery partners – helping
us get our products into the hands of our customers and business partners
around the world.
Catalogue
printing and mailing and postal partners - helping
us making sure catalogues and magazines come your way.
Marketing
partners – to be able to provide targeted and personalize
advertisements, promotions and campaigns both when you are interacting with
LEGO on our online platforms, on social media, instore or otherwise.
Social
Media Partners – to be present and allow
you to interact with the LEGO Group on the platforms where you are.
Survey,
questionnaires and product review suppliers - helping
us secure that we get your all-important feedback of your LEGO® experience!
Tax and
customs authorities, regulators and other authorities globally - who
require reporting of processing activities in certain circumstances.
Professional
advisers - including lawyers,
bankers, auditors and insurers globally, who provide consultancy, banking,
legal, insurance and accounting services to the LEGO Group