Effective Date: May 25, 2018
This Privacy Statement describes our handling of Personal Information in connection with your presence in our locations and your use of our websites, mobile apps and the services we provide. By using our websites and services, you hereby consent to these terms.
“Personal Information” refers to information that identifies you as an individual. This Privacy Statement describes how we collect, use, share, and protect, your Personal Information, and choices you have regarding your Personal Information. We encourage you to read this Privacy Statement and to consult our Privacy Resource Center to learn more about privacy.
We collect the following categories of Personal Information:
- Information You Provide Us Directly. We collect personally identifiable and transactional information (purchase-related history) which you provide us directly, for example, in connection with a purchase, a promotion, or application for a membership program.
- Information We Receive from Other Parties. We may combine the information we receive from you with information we receive from other sources.
To learn more about automated tracking technologies, visit our Privacy Resource Center.
Our websites and mobile services are intended for a general audience and are not directed toward children, and we do not knowingly collect Personal Information from children.
Personal Information may be used for the following purposes:
- Our Products & Services. We use Personal Information to process and fulfill your orders, refunds or exchanges, requests for products, services or information, to provide customer service, to administer our credit card programs, to customize your shopping experience, to identify your preferences, and to provide you services across multiple devices.
- Marketing and Advertising. We may use Personal Information to administer promotions, contests, sweepstakes, and rewards programs and to market products and services, including serving you interest-based advertising. For more information on interest-based advertising, see our Privacy Resource Center.
- Other Uses. We use Personal Information for other reasons, including conducting research and analysis; preventing or mitigating fraud and credit risk; and complying with legal matters, investigations, and applicable laws and regulations.
We may share your Personal Information with other parties in the following instances:
- With Our Third-Party Service Providers: To process transactions or provide services on our behalf, including but not limited to providers of product delivery services (for example UPS and FedEx) and website analytics (for example Google Analytics).
- For Marketing Purposes: To notify you of offers for products or services that may be of interest to you. We do not share credit card or other financial information for marketing purposes.
- For Corporate Transactions: In connection with a merger, acquisition or sale involving all or a portion of our company.
a. To Stop Certain Collection and Use of Your Personal Information:
Marketing Emails and Texts
- You can stop promotional emails from us by using the “unsubscribe” link on our promotional emails.
- You can stop marketing text messages, by replying “STOP” our promotional text messages, or
- You can contact us with your request as noted in the How to Contact Us section below.
Interest Based Advertising
Some of our websites support Interest Based Advertising efforts by third parties. Industry groups such as the Digital Advertising Alliance, or the European Interactive Digital Advertising Alliance if you are located in the European Union, have developed services to help you manage your Interest Based Advertising preferences.
You can opt-out of tracking used to understand website utilization provided by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.
Do Not Track
Some browsers have a “Do Not Track” feature that lets you tell certain websites you do not want your online activities tracked. Our websites, like many other retailers, do not have this functionality.
b. To Change or Correct Your Personal Information
At any time, you can request access to your personal information, request that any inaccuracies be corrected, or request that comments or explanations be added to records about you.
You may contact us with changes as described in the How to Contact Us section. To prevent unauthorized changes, we may ask for certain information to verify your identity before we process such requests.
Although we will do our best to make your requested changes, in some cases (for example, if it requires a disproportionate technical or practical cost or effort or if it conflicts with our legal obligations or business requirements) we may be unable to do so completely.
We employ technical, physical and administrative safeguards to protect your Personal Information and require third parties with whom we work to do the same. However, we cannot guarantee your information will be completely safe against unauthorized access. Please use caution when sharing your information with others and take appropriate measures to protect the confidentiality of your username and password. Some practical tips are available in the Privacy Resource Center.
If you think the Personal Information you provided to us has been improperly accessed or used, or if you suspect that unauthorized purchases have been made on our websites using your Personal Information, please contact us immediately.
Our websites may contain links to, or plugins or widgets from, social media or other websites operated and maintained by third parties. These properties, which we do not control, operate independently and have their own privacy practices and statements, which we encourage you to review.
If you are a contract customer and would like to opt-out of receiving promotional mail and/or email from us, please notify your Account Manager. You may still receive email or postal mail from other affiliated companies and third parties if they have received your email or postal address from other sources or as a result of their own transactions or experiences with you. You will also continue to receive email or postal mail if you request to hear from us again at a later date.
Under California Civil Code sections 1798.83–1798.84 California residents may request the names and addresses of affiliated companies and categories of Personal Information we share for their direct marketing purposes. If you are a California resident and would like to make such a request, please contact us.
European Union (EU) Residents
Staples and its affiliated companies are based in the U.S. and the information Staples and its service providers collect is governed by U.S. law. If you are accessing the Services from outside of the U.S., please be aware that information collected through the services may be transferred to, processed, stored, and used in the U.S. Data protection laws in the U.S. may be different from those of your country of residence. Your use of the services or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of your information, including Personal Information, in the U.S. as set forth in this Privacy Statement.
As residents of the EU, you will have certain additional rights with respect to your Personal Data under the General Data Protection Regulation including;
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights in relation to automated decision making and profiling.
For more information, see the Privacy Resource Center.
We will retain your EU Personal Information for as long as your account is active, as needed to provide you services and to fulfill the purposes for which the data was collected, and as necessary to comply with our legal obligations and fulfill our business needs.
Please direct any questions, complaints or concerns regarding this Privacy Statement and our treatment of your Personal Information to any of the following:
by emailing at firstname.lastname@example.org
by phone at (+1) 800-333-3330 (US only)
by writing to: Staples
Privacy and Compliance
500 Staples Drive
Framingham, MA 01702 US
Upon receiving a written request, we will contact you directly, investigate your request and work to address your concerns. We will respond to your request without undue delay within 30 days. We reserve the right to take reasonable steps to verify customer identity prior to granting access or processing changes or corrections.
This Privacy Statement may change from time to time, and we will post on our websites any updated Privacy Statement. Recent changes to the Privacy Statement are documented below. Each version of this Privacy Statement will be identified by its effective date displayed at the top of this Privacy Statement.
What has changed:
May 25, 2018
March 23, 2017
Removed references to the US-EU and US-Swiss Safe Harbor programs which have or will be discontinued.
Privacy Resource Center
The following information is available for your education and reference purposes. We hope you find it both helpful and informative as privacy and data security are important to all of us. Here’s what you can learn about in this Resource Center:
- General Security Practices
- Interest-Based and Online Behavioral Marketing
- Bluetooth Beacons
- Mobile Devices and Location Services
- Identity Theft
- Canadian specific resources
- European specific resources
It is a good general practice when using any website to take the following pre-cautions:
- Protect your username and password. Never share them with others and use different and complex passwords for each account. Consider using a commercially available Password Locker or Vault to generate and store your passwords.
- Keep your virus protection software up to date.
- Apply security patches by going to the vendor’s website.
- Lock your computer screen when you leave it.
- Be prepared and be aware, particularly of phishing attacks. Learn more about data security and phishing attacks in Section 6 below and at the FTC’s Identity Theft and Data Security website.
- If applicable, enable encryption on your computer’s hard disk. Apple® computers come with encryption turned on. You need to enable Microsoft Window’s encryption called Bitlocker.
- Use multi-factor authentication services where available. These are services that add another layer of security. In addition to your password, “something you know”, these services require “something you have”, often a unique id that is presented to you on your phone or another device.
- When shopping or providing sensitive information, make sure the website is using secure connections indicated by “HTTPS” versus “HTTP” in the URL.
- Understand how websites will use your data and the choices that are available to you by reading the website’s privacy statement.
Other public online safety resources:
Cookies are pieces of information that are transferred from websites to your computer’s hard drive and they may serve a variety of purposes. Web beacons, flash cookies and other similar technologies may also be used for these purposes. For example, cookies “remember” you when you return to a website and make your experience more user-friendly. Cookies identify which web pages are visited and how often. Cookies are also used to allow companies to better understand how their websites are used to improve their services.
Types of Cookies, How They Are Used and
The Potential Impact If Disabled
Potential impact if disabled
Used to support website functionality
Access to website content and features may be limited
Used to remember user preferences from one visit to the next
Preference will need to be reset on each visit to the website. This may also disable the ability have websites “remember” you at time of login
Used to serve you advertisements that may be relevant to you and your interests
Advertisements will still be displayed but will be more random and may be less relevant to you and your interests
Used as a component of a website’s general security and user authentication processes
Access to website and features may be limited
How to disable or delete cookies
If you want to prevent your browser from accepting cookies, if you want to be informed whenever a cookie is stored on your computer or if you want to delete cookies from your computer, please make the necessary changes in your Internet browser settings, typically under the sections “Help” or “Internet Options”. See links below:
- Internet Explorer: //windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-9
- FireFox: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
- Chrome: https://support.google.com/chrome/answer/95647
- Safari: https://www.apple.com/legal/privacy/en-ww/cookies/
If you disable or delete cookies in your Internet browser settings, you might not be able to access important functions or features, you will be required to re-enter your log-in details and your use of the website may be limited.
Please note that if you clear all cookies on your browser, or use a different browser or computer, you will need to complete the opt-out procedure again.
To opt out from flash cookies, please click here: //www.adobe.com/privacy/opt-out.html.
Cookies also enable companies to market products and services and deliver targeted advertising to you. You can opt-out of receiving personalized ads from third party advertisers and ad networks using the opt-out features at Digital Advertising Alliance or the Network Advertising Initiative. AdChoices, indicated by the icon is an example of a service some websites offer to assist in managing Interest-Based advertising choices.
If your browsers are configured to reject cookies when you visit these pages, or if you subsequently erase your cookies, use a different device or change web browsers, your opt-out may become ineffective and may need to be repeated.
Websites use tools to track and manage website traffic. Google Analytics is a commonly used tool for this purpose. Individuals may opt out of Google Analytics tracking by visiting https://tools.google.com/dlpage/gaoptout.
Note: If your browsers are configured to reject cookies, or if you subsequently erase your cookies, use a different device or change web browsers, opt-out elections may become ineffective and may need to be repeated.
Bluetooth beacons transmit a low-power signal that can be received within short distances by nearby Bluetooth-enabled mobile devices and recognized by apps a smartphone user has downloaded. Beacons only broadcast signals, and don’t collect any data. With the user’s permission, an app on a device can use the beacon’s signals to know when the mobile device is close to the beacon.
Mobile devices offer access to many features including applications developed specifically for mobile devices and direct access to the internet via browsers. These devices also provide additional services including location services which broadcast your location and notifications services that allow you to receive messages. You can disable the GPS locator or push notifications on your mobile device via your device settings.
Learn more about mobile devices and location services.
Phishing: This occurs when scammers send legitimate-looking emails to illegitimately gather personal and financial information. The emails look just like a legitimate email and often use company logos. If the customer falls for the bait, the thief could get credit card numbers, PINs, account passwords, expiration dates, credit card/bank account numbers and even Social Security numbers. Don’t click on links in emails unless you’ve requested the email or somehow otherwise know it is real. Learn more about phishing.
Vishing: Vishing is like "phishing" but uses a phone (baiting people by voice instead of email. Scammers pose as a known retailer or bank. They often call saying they need to verify information on file asking the individual to provide their personal information.
Don’t provide sensitive information over the phone when asked, instead contact the company directly at a number you find on a statement of on their website. Don’t call a number you are provided over the phone. Learn more about vishing.
Smishing: In these scammers use text messages, called "SMS" messages, instead of emails or phone calls. They have been seen with messages of winning a contest. Learn more about smishing.
Steps to consider in protecting yourself against fraud and identity theft:
- Learn more about Identify Theft and visit the FTC Identity Theft Resources.
- Review your account statements regularly. Carefully review your bank, credit card, and other account statements every month to ensure that all of your account activity is valid. Report any questionable charges promptly and in writing to the card or account issuer.
- Review your credit report from time to time. Obtain and review your credit report periodically to ensure that all your information is correct. You can obtain a free credit report once per year by visiting http://www.annualcreditreport.com or by calling 877-322-8228. Carefully reviewing your credit report can help you spot problems and address them quickly. If you have any questions about your credit report or notice any inaccuracies, contact the relevant consumer reporting agency promptly at the telephone number listed on the report.
- Create a fraud alert. Consider placing a fraud alert on your credit file. The fraud alert prompts creditors to contact you before opening any new accounts or increasing credit limits on your existing accounts. You can place a fraud alert on your credit file by contacting one of three consumer reporting agencies listed below. You need to contact only one of the three agencies in order to create the alert; the agency you contact is required by law to contact the other two. You will receive confirmation letters in the mail and then will be able to order a credit report from each of the three agencies, free of charge. The fraud alert will remain in your credit file for at least 90 days.
Effective as of May 25, 2018 the EU General Data Protection Regulation (GDPR) will replace the currently applicable EU Data Protection Directive and it will override existing EU national privacy laws. The GDPR will require new or additional obligations on all companies that handle EU citizens’ personal data, regardless of where the companies themselves are located. These regulations will only apply to the following affiliated companies: Makr, Marke Creative and to a certain extent, Staples Promotional Products.
GDPR affords EU and EA citizens additional protections.
For example, you can request from us the following information:
- whether and why we have your personal information;
- how we got your personal information;
- what we have done with your personal information;
- to whom we have communicated your personal information;
- where your personal information has been stored, processed or transferred;
- how long we will retain your personal information, or how that retention period will be determined; and
- the safeguards in place to protect your information when it is transferred to third parties or third countries.
For more information on GDPR, see: Official text of the EU General Data Protection Regulation (GDPR)
Legal Disclaimer - This website is provided for informational purposes only and should not be considered as a contractual commitment or legal advice.
What has changed:
May 25, 2018
Initial version of the Information Security and Privacy Resource Center.