This policy governs any kind of processing (including collection, use, transfer, storage and deletion) of personally identifiable information (any information that may be used to identify a physical person, and any other information associated therewith) about natural persons, which are users of the service Rebrick.com (“personal data”), by all business units and entities within the LEGO Group. This policy applies to our processing of personal data collected through any means, actively as well as passively, online as well as offline, from persons located anywhere in the world. Any question regarding our processing of personal data may be directed to:
LEGO SYSTEM A/S
DK-7190 Billund Denmark
Attn: Privacy Officer
or to the company within the LEGO Group closest to you. LEGO entities
Generally, the LEGO Group will be guided by the following principles when processing personal data:
1. We will only collect personal data for specific and specified purposes;
2. We will not collect personal data beyond what is necessary to accomplish those purposes;
3. We will not use personal data for purposes other than that for which the data was collected, except as stated herein, or with prior consent;
4. We will not transfer personal data to third parties or across borders, except as stated herein, or with prior consent;
5. We will seek to verify and/or update personal data periodically, and we will accept requests for amendments of personal data;
6. We will apply high technical standards to make our processing of personal data secure;
7. Except when stated herein, we will not store personal data in identifiable form longer than is necessary to accomplish its purpose, or as is required by law.
Transfer of personal data to third parties and/or other countries
As a general principle, we process personal data in order to facilitate or improve the LEGO Group’s offerings and services to you. We do purchase supplementary data from public sources to complement our data bases.
We do not process personal data on behalf of third parties, nor do we sell personal data to, or share personal data with, third parties for their own, independent use, except if you allow us to do so.
We do share personal data with third party vendors when it is necessary to provide services that we don’t perform ourselves. We also use third party data hosting companies to store personal data collected by us in their servers, and to do data validation checks for us.
We undertake or commission consumer research projects from time to time and we may share personal data with third party research companies for this purpose. Also, such third party research companies may host survey data in their data bases on our behalf.
All data transfers to third party vendors or partners, including those listed as examples above will be subject to a written contract between us and the third party vendor or partner in question, and the vendor or partner will not have any authority to use such personal data for any purpose other than as instructed by us.
When relevant, personal information may be shared among the business units and entities inside the LEGO Group. LEGO entities
We will disclose personal data when legally obligated to do so under subpoena or court order, or for law enforcement purposes. For operational security reasons, we process (mirror) personal data in Europe and the United States. This means that all personal data processed by us is transferred between our facilities in Europe and the United States periodically.
The LEGO Group has introduced one common profile platform (LEGO ID) which is usable across different LEGO online applications. When you have created one LEGO ID for one application, it can be used for other applications as well.
In order to create a LEGO ID, we will process personal data such as email address, birthday, country of residence, and gender. We will also require a password and a username to be created.
The email address is used for sending account notifications and other system-related information as needed.
You may contact our LEGO Customer Service Center with questions or comments related to the LEGO Group, and our products and services.
When you contact us, we will process personal data such as age group, your email address, your gender, first and last name, mailing address, phone and/or cell phone number, as relevant.
- Your browser settings, such as the type of browser you use and what plug-ins you have installed. This keeps us from bothering you every time you enter the site in order to make sure that you have the necessary equipment to play a game or download information from our sites. It also allows us to know how many people are using certain types of software, so that we can adjust our site to provide the best browsing experience for every visitor.
- Your LEGO ID sign-in state.
- The last time we asked you to participate in a survey and whether you answered it so we do not prompt you too often
- Your movement on and usage of our sites. We do not collect personal data as part of this. We collect statistical data so we can optimize our site.
- Recently used data - to improve performance. In case we store personal data in a cookie, the information will be encrypted and thus safe.
Some cookies last until you close your browser, others are stored for longer. Our maximum cookie age is 400 days – as we want to make sure that you can find your information if you only visit us approximately once a year.
We use third party companies as suppliers for some of our functions. Their use of the data is controlled by our contract with them and they are only allowed to use the data strictly for the purpose we have stated .e.g. the data is not used in connection with data from other companies and we are not tracking user behavior outside our own sites.
Most browsers automatically accept cookies. You can prevent cookies from being stored on your computer or device by setting your browser to not accept cookies. Some browsers provide a mode where cookies are always deleted after a visit. This is called InPrivate in Internet Explorer version 8 and newer; Incognito in Google Chrome version 10 and newer; Private Browsing in Firefox version 3.5 and newer; Private Browsing in Safari version 2 and newer and Private Browsing in Opera version 10.5 and newer.
The exact instructions for this can be found in the manual for your browser. You can delete cookies already on your computer or device at any time. If you choose not to accept cookies at all, you can still visit our website, however we cannot guarantee an optimum experience without cookies.
You may always contact us to review and update personal data we may have stored about you. You may either use the following link or contact our LEGO Customer Service. Please note that prior to accessing and making changes to your account, we must verify your identity properly. It may take up to 10 business days before changes take effect.
Access to a number of LEGO.com services are protected by access restrictions based on the LEGO ID user name and password. It is important that you always choose a password which is hard to guess for others, and protect your password against disclosure.
All external transmissions of personal data facilitated by us are protected by encryption.
All data storage, at LEGO Group operated computer facilities as well as at business partner facilities, will be subject to written contracts.
Generally, processing of personal data will take place in accordance with applicable legislation and best practices concerning data security.
Handling of personal data is controlled by documented policies and procedures, including strict physical and logical access control, security back-up, fail over, anti-malware protection, monitoring and vulnerability detection mechanisms.
The LEGO Group may need to change its data processing policy from time to time to keep up with the ways in which we collect, use, transfer, store and/or delete personal data. If policy changes are made, which would materially and adversely affect the privacy of individuals to whom this policy applies, we will endeavor to give notice of such changes to all individuals concerned.
EFFECTIVE DATE: November 29th 2011