Effective Date: January 1, 2020
Whenever we collect information about you, we make decisions about how or why we process that personal data. We are responsible for ensuring that your personal data is used in accordance with data protection laws, to the extent they apply, such as the General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA) in the United States, and other applicable global privacy regulations.
- The controller
- Third-party links
- The data we collect and process about you
- How we collect your data
- How we use your personal data
- Do Not Track signals
- Disclosures of your personal data
- International transfers
- Data security
- Data retention
- Your legal rights
- California residents
- Contact us
1. The controller
To the extent the GDPR applies, and for other data privacy laws with a data controller requirement, Klein Tools, Inc. and its affiliates are the data controller that directs the purposes for which your personal data is processed. Note that ZAH Group, Inc. is Klein Tools’ parent company.
2. Third-party links
4. The data we collect and process about you
“Personal data”, (also referred to as “personal information” or “personally identifiable information” in some jurisdictions/regions), means any information from which a person is identifiable or from which that person can be identified. It does not include data where the person's identity has been removed (anonymous or de-identified data), unless it still possible to identify the person from that data in combination with other data held by the data controller.
Depending on which websites you use, and your activity on those websites, we may collect, use, store and transfer different kinds of personal data about you, which we have categorized as follows:
- Profile Data includes your name, username and password (for the relevant website), email address, mailing address, payment information, purchases or orders you make, your interests, preferences, and on-line or telephonic feedback and survey responses. For our U.S. employees who browse and/or buy products/services from us as well, this may include your employee file number from a pay stub in combination with zip code and last four digits of your Social Security Number.
- Technical Data includes your internet protocol (IP) address, browser type and language, Internet service provider or mobile carrier, referring and exit websites and applications, time zone setting, location, browser plug-in types and versions, operating system and platform, and other technology identifiers on the devices you have used to access this website.
- Usage Data includes information about how you use our website, products, and services.
5. How we collect your data
We use different methods to collect data from and about you, including through:
- Data you enter. If you order a product, engage in our discussion forums, complete a warranty card, enter contests, or sign up for reward points, we will collect that relevant information.
- Third parties or publicly available sources. We may receive data about you from third-party retailers who sell our products, primarily to enable us to ship products you have ordered through the third-party to you, or to fulfill legal or regulatory obligations.
6. How we use your personal data
To the extent the GDPR or another relevant privacy law applies, we will only use your personal data when we have a lawful basis to do so. The table below describes all the ways we plan to use your personal data, and the legal bases we rely on to do so.
|Information we collect||Why we collect it||Lawful basis for the processing|
|If you place an order with us, we will collect the following Profile Data: your name, mailing and billing address, email address, telephone number, and payment information.||This information is necessary to provide you (or the company which you represent, where your order is on behalf a company) with the product you ordered, or to take steps at your request prior to providing you with the product.|
Where you are contracting with us on your own behalf: necessary for the performance of a contract or in order to take steps to enter into a contract.
Where you are contracting with us as a representative of a company (e.g. your employer): necessary for our legitimate interests of taking and fulfilling orders from companies (which does not cause you unfair prejudice because it is used to complete the purchase you have requested).
|If you are a U.S. employee and place an order with us as part of our employee discount program, we will collect the above Profile Data, as well as your employee file number from your pay stub in combination with your zip code and last four of Social Security Number.||This information is necessary to provide you with the product you ordered at the discounted, employee rate, or to take steps at your request prior to providing you with the product.||Necessary for the performance of a contract or in order to take steps to enter into a contract.|
|If you complete a warranty card, or ask us to provide warranty services, we will collect the following Profile Data: your name, address, telephone number, and email address, in addition to the product(s) you purchased and the date of purchase.||This information is necessary to register your product for the warranty or for us to provide warranty services.|
Where you are contracting with us on your own behalf: necessary for the performance of a contract or in order to take steps to enter into a contract.
Where you are contracting with us as a representative of a company (e.g. your employer): necessary for our legitimate interests of providing warranties to companies in relation to their purchases (which does not cause you unfair prejudice because it is used to enable the company to register for the warranty).
|If you choose to complete a survey or leave a review, we will collect the following Profile Data: your name, address, email address, phone number and trade union affiliation.||This information is necessary for us to receive your input or feedback.|
In some cases we may seek your consent for this processing.
Where we do not seek your consent, but you voluntarily provide us with a review or a survey response, our lawful basis for processing your personal data is that it is necessary for our legitimate interest of receiving your input or feedback about our products/services (which does not cause you unfair prejudice because it is used with the aim of improving our products/services rather than making decisions in relation to you).
|If you request or agree to receive electronic communications or mailings from us, we may collect the following Profile Data: your name, email, phone number, or physical address.||This information is necessary to send you the information you have requested.||Consent.|
|If you enter a contest, we will collect the following Profile Data: your name, email, phone number, and physical address.||This information is necessary for you to enter the contest and for us to provide you with the prize should you win.||Consent.|
|If you sign up for the Klein Tools Tradesman Club or Klein Tools Loyalty Rewards programs, we will collect the following Profile Data: your name, email, phone number, physical address, and order history.||This information is necessary to register you (or the company whom you represent) for reward points and to service your (or your company’s) account.||Where you are signing-up with the Klein Tools Tradesman Club or Klein Tools Loyalty Rewards programs on your own behalf: Necessary for the performance of a contract or in order to take steps to enter into a contract.|
If you visit our website or interact with our electronic communications, we collect your IP address as well as electronic activity information about your use and interaction with our website or communications, and geolocation data.
You can find more information on how we collect information in the Cookies section of this policy.
This data is necessary for us to ensure the security and functionality of our website and related systems.
Furthermore, this data is used to offer products and services that may be of interest to you (or the company whom you represent).
This is necessary for our legitimate interest of ensuring that our websites function and are secure for you to use (which does not cause you unfair prejudice because it provides you with a functional and secure website to use for purchases).
With respect to using this data to offer products and services that may be of interest to you:
|If you apply for a job with us through our website, we will collect your name, address, telephone number, Social Security Number or other government identification, email address, and employment and educational history.||This data is necessary to determine whether to extend an offer of employment. This data is also necessary to comply with our legal obligations.||Necessary in order to take steps prior to entering into an employment contract.|
|If you receive a conditional offer of employment from us, we may conduct a credit, drug and/or criminal history check, in accordance with local law.||This data is necessary to determine whether to confirm an employment offer.||Consent.|
Where we rely on consent, depending on the applicable data protection/privacy law which applies, you have the right to withdraw your consent at any time by contacting us or by clicking on the “unsubscribe” link in marketing emails or text messages. Withdrawing consent will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
In cases where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you or the company whom you represent (for example, to provide you or the company whom you represent with goods or services). In such cases, we may have to cancel a product or service you or the company whom you represent have with us, but we will notify you at the time when this occurs.
Furthermore, where our processing of your personal data is necessary for our legitimate interests, depending on the applicable data protection/privacy law which applies, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time. Cookies are widely used by online service providers in order to (for example) make their websites or services work, or to work more efficiently, as well as to provide reporting information.
Most Internet browsers support cookies; however, users can set their browsers to decline certain types of cookies or specific cookies by configuring their browser's privacy settings (please refer to your browser's help function to learn more about cookie controls). Further, users can delete cookies at any time. Note that if you disable cookies entirely, our websites may not function properly.
What types of cookies do we use?
Third-party cookies belong to and are managed by other parties, such as Google Analytics or service providers. These cookies may be required to render certain forms, such as email list sign-up, or to allow for some advertising outside of our website.
Session cookies are temporary cookies that are used to remember you during the course of your visit to the website, and they expire when you close the web browser.
Persistent cookies are used to remember your preferences within the website and remain on your desktop or mobile device even after you close your browser or restart your computer. We use these cookies to analyze user behavior to establish visit patterns so that we can improve our website functionality for you and others who visit our website(s). These cookies also allow us to serve you with targeted advertising and measure the effectiveness of our site functionality and advertising.
How are cookies used for advertising purposes?
Cookies and ad technology such as web beacons, pixels, and anonymous ad network tags help us serve relevant ads to you more effectively. They also help us collect aggregated audit data, research, and performance reporting for advertisers. Pixels enable us to understand and improve the delivery of ads to you, and know when certain ads have been shown to you. Since your web browser may request advertisements and web beacons directly from ad network servers, these networks can view, edit, or set their own cookies, just as if you had requested a web page from their site.
How are third party cookies used?
How do I reject and delete cookies?
Third-party cookies used on our websites:
|Crazy Egg||We use the Crazy Egg service to help us improve the visitor experience and performance of our website. Crazy Egg provides graphical, video and text analysis of visitor behavior on a website. It tracks where visitors click and allows us to fine-tune the layout and design of our web pages. Personal data gets deleted after 1 year.||https://www.crazyegg.com/privacy|
|DoubleClick Floodlight||DoubleClick Floodlight cookies enable us to understand if you complete certain actions on our website(s) after you have seen or clicked through one of our display/ video advertisements served on Google or other platforms via DoubleClick. DoubleClick uses this cookie to understand the content with which you have engaged on our website(s) so they may subsequently deliver some targeted advertisements to you. Personal data gets deleted between 180-540 days.||https://support.google.com/ds/answer/2839090?hl=en|
|Google Analytics||We use Google Analytics to understand how our media campaigns work and how you interact with our website in order to improve the user experience. Personal data gets deleted between 1 minute and 2 years, depending on the type of analytic.||https://tools.google.com/dlpage/gaoptout|
|Google tracking cookies||Google tracking cookies enable us to understand if you complete certain actions on our website(s) after you have seen or clicked through one of our adverts served via Google. Based on the content you have engaged with on our websites Google are able to deliver some targeted adverts across other Google partner websites. Personal data gets deleted between 180-540 days.||https://support.google.com/ads/answer/2662922?hl=en|
|Facebook helps you stay in touch with your network through their website/ mobile application. We make it easier for you to share any content of interest on Facebook and sometimes, we may present you with some targeted advertisements on Facebook based on your engagement with our website(s). Personal data gets deleted after 1 year.||https://en-gb.facebook.com/help/568137493302217|
|The LinkedIn insight tag allows us to perform campaign reporting and unlock valuable insights about website visitors that may come via the campaigns we run on LinkedIn. Personal data gets deleted after 90 days.||https://www.linkedin.com/help/lms/answer/65521/the-linkedin-insight-tag-overview?lang=en|
|Twitter provides real time updates from across the globe on the latest trending stories, ideas and opinions from the Twitter accounts or hashtags that you choose to follow. We make it easier for you to share our website content over Twitter. At times, we may present you with some ads on Twitter based on your engagement with our website(s). Personal data gets deleted after 1 year.||https://support.twitter.com/articles/20170410|
|YouTube||We embed videos or insert links to videos from YouTube on our website(s). As a result, when you visit a page with content embedded from or linked to YouTube, you may be presented with cookies from YouTube. Personal data gets deleted between 180-540 days.||https://support.google.com/ads/answer/2662922?hl=en-GB|
|MailChimp||These cookies are used to help track email subscriptions and engagement with MailChimp emails or other content sent to opt-in customers. Personal data gets deleted after 1 year.||https://mailchimp.com/legal/cookies/|
|Brightedge||These cookies help optimize the search function of the site. Personal data gets deleted after 4 hours.|
To opt out: http://optout.aboutads.info/
8. Do Not Track signals
Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, our services do not currently respond to browser DNT signals. For more information on DNT, see https://allaboutdnt.com/.
9. Disclosures of your personal data
We may disclose your personal data to our affiliated companies, when required by law, or to our service providers (e.g., when necessary for the administration and maintenance of our IT systems). Where you are have provided us with your personal data in your capacity as a representative of a company, we may disclose your personal data to that company. We require our service providers to provide written assurances regarding the security and privacy protections they have in place to protect any personal data transferred or disclosed to them, as well as their compliance with our security requirements and any applicable laws and regulations.
The third parties we may share your personal data with include:
- third-party service providers (for example, administration and maintenance of IT systems, payments providers, email marketing services providers) ;
- regulatory authorities;
- other companies in relation to managing the proposed sale, restructuring, transfer or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation; and
- our auditors and legal advisors.
10. International transfers
Consistent will all applicable data protection regulations, we may share personal data with our affiliates, which means your personal data may be stored and processed outside of your home country (and/or region), including in countries/regions that may not offer the same level of protection for your personal data as your home country (where you are an EU resident, this includes the processing of your personal data outside of the EU, including in the United States.. In addition, the third parties that may store and process your personal data on our behalf are based in the United States. Where transfers from the E.U. to the United States take place, or when we engage in a follow-on transfer, we will use the EU Standard Contractual Clauses.
11. Data security
We have put in place reasonable and appropriate security measures (which will include, where relevant, those required by applicable law) to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to employees, agents, contractors, and other third parties who need to know for business purposes. They will only process your personal data according to our instructions and they are subject to the duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach, and we will notify you and any applicable regulators of a breach where we are legally required to do so.
12. Data retention
We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes that we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from the unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
In some circumstances, we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without providing further notice to you.
13. Your legal rights
You may have the following rights available to you, depending on your jurisdiction or depending on the jurisdiction in which the data was collected, including the right to:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you.
- Request the correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.
- Request the erasure of your personal data. This enables you to ask us to delete or remove personal data. Note, however, that we may not always be able to comply with your request (for example, we cannot erase information if we are required to keep it for regulatory purposes or to fulfill an order you have placed).
- Restrict or object to the processing of your personal data when we are relying on a legitimate interest, and there is something about your particular situation which makes you want to object to the processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Data portability. In some instances, you may have the right to receive the information about you in a portable and readily usable format. Before providing this information, we must be able to verify your identity.
- Opt-out of the sale of personal data. We do not knowingly sell your personal data to third parties, nor do we intend to, as those terms are defined in the CCPA. We also have not done so for the last 12 months. In addition, we have contracts with our service providers to prohibit any sale of the personal information we provide them; but if you have any concerns that our third parties might be selling your information, please contact us.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We will not discriminate against you in any way for exercising your rights.
Depending on the applicable data protection/privacy law which applies, you may also have the right to lodge a complaint with local state regulators/data protection authorities – please see paragraph 16.
What we may need from you
We may need to request specific information from you to help us verify your identity and ensure your right to access your personal data (or to exercise any of your other rights). Where applicable, this is a security measure to ensure that the personal data is not disclosed to any person who has no right to receive it. For example, we may verify the email address we have on file with the email address from which you are sending a request. We may also ask you to verify certain past orders, or to confirm your last four digits on a card you recently used to place an order. If you have an account with us, we may ask you to verify yourself by logging in. We may also contact you to ask you for further information in relation to your request, in order to speed up our response.
14. California residents
The personal data about you that we collect includes information within the below categories of data. These categories also represent the categories of personal data that we have collected over the past 12 months. Note that the categories listed below are defined by California state law. Inclusion of a category in the list below indicates only that, depending on the services and products we provide you, we may collect some information within that category. It does not necessarily mean that we collect all information listed in a particular category for all of our customers.
|Category||Purpose of processing||Disclosed for a business purpose in last 12 months?|
|Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.||A subset of this data is processed in connection with a number of our operational functions, including to take and deliver orders and to service our warranties. It may also be used for marketing purposes, including offering you products that may interest you.||Yes|
|Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, your name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.||A subset of this data is processed in connection with a number of our operational functions, including to take and deliver orders and to service our warranties. It may also be used for marketing purposes, including offering you products that may interest you.||Yes|
|Characteristics of classes protected under federal or California law, including: familial status, disability, sex, national origin, religion, color, race, sexual orientation, gender identity and gender expression, marital status, veteran status, medical condition, ancestry, source of income, age, or genetic information.||This information is collected and processed where required by law or, if you are an employee, to provide you with employee benefits you have elected to receive.||Yes|
|Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||A subset of this data is processed in connection with a number of our operational functions, including to take and deliver orders and to service our warranties. It may also be used for marketing purposes, including offering you products that may interest you.||Yes|
|Biometric information, which includes physiological, biological or behavioral characteristics that can be used, singly or in combination with each other or with other identifying data, to establish individual identity.||We do not collect or process biometric information.||No|
|Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.|
This data is processed in order to optimize performance of our websites and to offer your products and services.
It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics.
|Geolocation data.||This data is processed for marketing purposes, including offering you products that may interest you through both direct and partner advertising.||Yes|
|Audio, electronic, visual, thermal, olfactory, or similar information.||This data is processed in connection with a number of our operational functions, including recording sales calls and other calls.||Yes|
|Professional or employment-related information.||Yes|
|Inferences drawn from any of the above categories of information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||A subset of this data is processed in connection with a number of our operational functions, including for marketing purposes, such as offering you products that may interest you.||No|
These websites are not intended for use by children, and we do not knowingly collect data relating to children under the age of 16.
16. Contact us
Without prejudice to any other administrative or judicial remedy you might have, you may have the right to lodge a complaint with local state regulators/data protection authorities if you believe that we have infringed applicable privacy or data protection requirements when processing personal data about you.
The appropriate data protection authority in the United Kingdom is: