Libbey General Privacy Policy

1. Our commitment to protecting your privacy.

Your privacy is important to Libbey. We’ve developed this General Privacy Policy to address how Libbey, its subsidiaries and affiliates worldwide collect, use, disclose, transfer and store your information. To ensure that your personal data is secure, we communicate our information security and privacy guidelines to all Libbey employees and enforce privacy safeguards within the company.

For personal information received from the European Economic Area (“EEA”), see Section 10 of this General Privacy Policy. If you are a California resident, see Section 11 of this General Privacy Policy.

1. What information do we collect and how do we collect it?

We collect personal information about you, such as name, e-mail address, mailing address and/or phone number, payment information, or contest information when you browse or register on our site(s), request information about our products, place an order, subscribe to our newsletter(s), participate in our contests, respond to a survey or fill out a form.  We also collect certain information about your session which does not identify individual users when you visit our website, including browser type, anonymized geolocation (if enabled), internet service provider, referring/exit pages, operating system, date/time stamp and clickstream data. We also use cookies as described in Section 5 below.

We collect information from you when you browse or register on our site(s), request information about our products, place an order, initiate a refund, subscribe to our newsletter(s), participate in our contests, respond to a survey, or fill out a form.

For employees of Libbey, we collect various types of data about you that is needed for your working relationship with the company as well as organizational planning and management.

1. What do we use your information for? 

We collect personal data for legitimate business purposes, which may include:

• To personalize your experience (your information helps us to better respond to your individual needs)
• To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you)
• To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs)
• To process transactions
• To administer a contest, promotion, survey or other site feature
• To send periodic emails (the email address you provide may be used to send you information, respond to inquiries, and/or other requests or questions)
• To meet government, national security, public interest, or law enforcement requirements
• In an emergency where the health or security of an individual may be endangered
• Other purposes disclosed at the time of collection or otherwise compatible with the above and any applicable data privacy laws and regulations.

1. How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. These precautions may include password protections for online information systems and restricted access to personal data.

All inquiries from outside the company concerning identity, employment record, or performance of a current or terminated employee are referred to the Human Resources department and/or an attorney in the Law Department, who will verify the credentials of the agency representative before releasing information about a current or terminated employee.

Libbey takes reasonable and appropriate measures to secure your personal data. Our publicly available website is hosted on a secure server.

1. Do we use cookies?

Yes, we use cookies. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites’ or service providers’ systems to recognize your browser and capture and remember certain information.

Libbey uses technical cookies strictly necessary for the operability of the site, non-profiling statistical cookies managed by Libbey, and anonymized statistical third-party cookies (e.g. Google Analytics).

We use cookies to help us remember and process the items in your shopping cart, understand and save your preferences for future visits and gather information about site traffic and site interaction so that we can offer better site experiences and tools to our online visitors in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

1. Do we disclose any information to outside parties?

No, we do not sell, trade, or otherwise transfer information to outside parties. This excludes third parties who assist us with human capital management, employee equity compensation, provision of health care or other benefits services to employees, in operating our website, conducting our business, or servicing you (for example, providing your shipping address to third-party logistics providers), so long as those parties agree to keep this information confidential and treat it in accordance with this General Privacy Policy and applicable data privacy regulations, including the California Consumer Protection Act (the “CCPA”). We may also release your information when we believe release is necessary to comply with the law, enforce our site policies, or protect our or other’s rights, property, or safety, or share personal information as necessary to other corporate entities as part of a business transition such as a merger, acquisition, or sale of assets.

Non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses. We will not distribute your personal information to outside parties for purposes other than those included in this General Privacy Policy without your consent.

1. Choice, Data Integrity & Access 

Libbey takes reasonable steps to ensure that personal data is accurate, complete and current.

For our employees, in adherence to applicable legal requirements, Libbey shall provide employees the opportunity to choose (opt out) whether their personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. Libbey reserves the right to collect and maintain any personal information that it is required to keep or maintain for legal or compliance purposes, for legitimate business purposes, or to protect itself or preserve its legal rights under pending, threatened or potential legal action. Certain Libbey employees may have system access that allows them to review and/or correct his or her data at any time. All employees are asked to inform the Human Resources or Payroll departments, or his or her manager, immediately in the event of changes in personal information. If any information is inaccurate or incomplete, the individual may request that inaccurate information be corrected.

1. Collection of Personal Information from Children

Our website, products and services are all directed to people who are at least 13 years old or older.

1. Changes to our General Privacy Policy

Libbey conducts an annual self-assessment in order to verify that this General Privacy Policy is published and implemented within the Company and that it conforms to applicable data privacy laws and regulations. If we decide to change our General Privacy Policy, we will post those changes on this page, and/or update the General Privacy Policy modification date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.

1. EEA Personal Data

For details on how we process the personal data of individuals from the EEA, please see Libbey’s Privacy Policy for European Economic Area as set out in Annex A to this General Privacy Policy below. The Privacy Policy for European Economic Area will control to the extent there is any inconsistency with this General Privacy Policy.

Libbey processes and controls EEA employee information according to our Privacy Policy for European Economic Area Employees. The Privacy Policy for Libbey Employees in the European Economic Area is made available to employees in the European Economic Area through effective communications channels, including on Libbey’s corporate intranet and from Libbey Human Resources Managers covering our EEA office locations. The Privacy Policy for Libbey Employees in the European Economic Area will control to there is any inconsistency with this General Privacy Policy.

1. Privacy Notice for California Residents

The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with specific rights regarding their personal information. This section applies to all visitors, users, and others who reside in the State of California.  This section describes your CCPA rights and explains how to exercise those rights. This notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals.

A. What personal information has Libbey collected or disclosed in the preceding 12 months?

Libbey collects and processes the types of personal information described in Section 2 of the General Privacy Policy. In particular, Libbey collected the following categories of personal information:

• Identifiers (e.g., name, mailing address, email address, phone number)
• Commercial information (e.g., products purchased, purchase history)
• Internet or other electronic network activity (e.g. browse or search history, interaction with our website)
• Geolocation data (e.g., latitude or longitude)
• Audio, electronic, visual or similar information (e.g., calls or emails to guest services
• Inferences drawn from any of the personal information listed above (e.g. preferences or characteristics).
• 
  

B. What are the categories of sources from which Libbey has collected personal information?

Libbey websites, guest relations or customer service, 3^rd party websites, social media, contests, email registration, and any other source referenced in Section 2.

C. What do we use your personal information for?

We collect your personal data for a range of legitimate business purposes described in Section 3 of the General Privacy Policy.

D. We do not sell your information.

Libbey does not sell personal information as defined in the CCPA. In addition, we will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. For purposes of this General Privacy Policy, “sold” or “sale” means the disclosure of personal information for monetary or other valuable consideration but does not include, for example, the transfer of personal information as an asset that is part of a merger, bankruptcy or other disposition of all or any portion of our business.

To be clear, Libbey does not disclose your personal information to third parties except as described in Section 6 of the General Privacy Policy. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

Libbey may be required to disclose your personal information in response to lawful requests by public authorities, including disclosures necessary to meet national security or law enforcement requirements.

E. Choice, Access, Deletion, Data Portability

The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights. Please see Section 12 on how to contact Libbey to exercise the rights described in this section.

• Access to Specific Information and Data Portability

You have the right to request (no more than twice in a 12-month period) that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you: (i) the categories of personal information we collected about you; (ii) the categories of sources for the personal information we collected about you; (iii) our business or commercial purpose for collecting or selling that personal information; (iv) the categories of third parties with whom we share that personal information.

• Deletion

You have the right to request deletion of the personal information we collected from you.

We will not discriminate against you for exercising any of your CCPA rights unless otherwise permitted by the CCPA or applicable law.

1. Inquiries/Contact Us 

Libbey commits to resolve complaints about your privacy and our collection or use of your personal information. For privacy-related inquiries, or to exercise any of the rights described in this privacy policy, individuals may contact Libbey’s Data Privacy Office, in any of the following ways:

• By email: Libbey_Legal_Department@Libbey.com
• By regular mail: Libbey Inc., Attn: Legal Department, 300 Madison Avenue, Toledo, Ohio 43604
• By telephone: 1-877-322-8228

Only you, or someone legally authorized to act on your behalf, may make a verifiable request related to your personal information. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

We will respond to all requests within the appropriate timeframe required by applicable law.

 Annex A

Privacy Policy for European Economic Area

A. Definitions

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the Processing of EU Personal Data.

“Data Privacy Laws and Regulations” means Directive 95/46/EC, the General Data Protection Regulation (EU) 2016/679, or equivalent law currently in effect in the European Economic Area.

“EU Personal Data” for the purposes of this Privacy Policy for European Economic Area means all data about an identified or identifiable individual that is within the scope of Directive 95/46/EC, the General Data Protection Regulation (EU) 2016/679, or equivalent law currently in effect in the European Economic Area, which is received by the Company from the European Economic Area for Processing, and is recorded in any form.

“General Privacy Policy” means the privacy policy that applies generally to all individuals providing personal data to Libbey, wherever located.

“Libbey” or “Company” means Libbey Inc. and all of its subsidiaries worldwide.

“Privacy Policy for European Economic Area” means this Annex A to the General Privacy Policy.

“Processing” of EU Personal Data means any operation or set of operations which is performed upon EU Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction. “Process”, “Processing” and “Processed” shall be construed accordingly.

B. Scope & Application

Libbey adheres to Data Privacy Laws and Regulations in connection with all EU Personal Data received in reliance on the Data Privacy Laws and Regulations.

This Privacy Policy for European Economic Area supplements the General Privacy Policy and applies to you if you are an EEA individual providing Personal Data to Libbey via on-line method or other means.

Where this Privacy Policy for European Economic Area is inconsistent with the General Privacy Policy with regard to the Processing of EU Personal Data, this Privacy Policy for European Economic Area will control.

C. Compliance with Data Privacy Laws and Regulations

Libbey complies with the Data Privacy Laws and Regulations regarding the collection, use, retention, and transmission of EU Personal Data within the EEA and as such information is transferred from the European Economic Area to other countries. Libbey adheres to the Principles of:

• Notice;
• Choice;
• Accountability for Onward Transfer;
• Security;
• Data Integrity and Purpose Limitation;
• Access; and
• Recourse, Enforcement and Liability.
• 
  

1. Notice

a. What EU Personal Data do we collect?

Libbey collects and Processes the types of personal information described in section 2 of the General Privacy Policy.

b. What do we use your EU Personal Data for?

We collect your EU Personal Data for a range of legitimate business purposes described in section 3 of the General Privacy Policy.

c. Who do we disclose your EU Personal Data to?

Libbey does not disclose your EU Personal Data to third parties except as described in section 6 of the General Privacy Policy. Further, Libbey may transfer your EU Personal Data if the Company sells or transfers all or a portion of its business or assets (for example, in the event of a merger or reorganization, joint venture, or liquidation).

Libbey may be required to disclose EU Personal Data in response to lawful requests by public authorities, including disclosures necessary to meet national security or law enforcement requirements.

Your EU Personal Data may be Processed and stored in the U.S. and other countries where Libbey’s affiliates, subsidiaries or agents are located. Libbey utilizes a range of methods to transfer EU Personal Data across country borders. These methods include model contracts, consent, contractual methods, and/or regulatory authority certifications.

2. Choice

You have the opportunity to choose (opt out) from: (1) the disclosure of your EU Personal Data to a third party (other than Libbey agents doing work on our instructions); and (2) the use of your EU Personal Data for a purpose materially different to that for which the data was originally collected (as set forth in the General Privacy Policy or this Privacy Policy for European Economic Area, or subsequently authorized by you). You may opt out by contacting us using the Libbey Contact Details provided in Section 7 below.

3. Accountability for Onward Transfer of EU Personal Data

Libbey shares EU Personal Data with third-party suppliers based on contractual arrangements which, among other things, ensure that the Data Privacy Laws and Regulations are respected as required, that the third-party supplier acts only on its instructions and that the data is appropriately secured by the third-party supplier.

In the context of onward transfers, Libbey is responsible for the Processing of the EU Personal Data it receives and subsequently transfers to a third-party agent acting on its behalf. Libbey remains liable under the Data Privacy Laws and Regulations if its agent Processes such EU Personal Data in a manner inconsistent with the Data Privacy Laws and Regulations, unless Libbey proves that it is not responsible for the event giving rise to the damage.

Please also see Section 2 above relating to Choice.

4. Security

Libbey takes reasonable and appropriate measures to protect EU Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the Processing and the nature of the EU Personal Data. For additional information on the data security measures employed by Libbey, please see section 4 of the General Privacy Policy.

5. Data Integrity and Purpose Limitation

Libbey’s collection and Processing of EU Personal Data is limited to the purposes for which it was collected as set forth in section 3 of the General Privacy Policy, unless further use has been subsequently authorized by you. Libbey may also Process EU Personal Data for compliance with our legal obligations, internal and external auditing and due diligence, security and fraud prevention, preserving or defending Libbey’s legal rights.

Libbey takes reasonable steps to ensure that the EU Personal Data it holds is accurate, complete and current. We rely on you to update and correct your EU Personal Data, where necessary. If you wish to make a request to update or correct your EU Personal Data, please use the Libbey Contact Details provided in Section 7 below.

Where Libbey is acting as a Controller, Libbey may retain EU Personal Data as long as necessary for the Company to: (a) complete the purpose for which it was collected; (b) meet any applicable legal requirements; or (c) protect its legitimate interests, including with respect to actual or potential legal claims.

6. Access

You may obtain access to EU Personal Data that Libbey holds which is relevant to you. You may also correct, amend or delete that information where it is inaccurate, or has been Processed in violation of the Data Privacy Laws and Regulations. If you wish to request access to your EU Personal Data, please use the Libbey Contact Details provided in Section 7 below.

Libbey may limit or deny access as provided in the Data Privacy Laws and Regulations, including where: (a) the rights of persons other than the requesting individual would be violated; or (b) the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question.

7. Libbey Contact Details

In compliance with the Data Privacy Laws and Regulations, Libbey commits to resolve complaints about our collection or use of your EU Personal Data. If you have queries or complaints about this Privacy Policy or wish to exercise your rights under Sections 2, 5, 6 or 8, you should contact Libbey in any of the ways provided in Section 12 of the General Privacy Policy.

8. Recourse, Enforcement and Liability

Libbey has implemented a self-assessment procedure to verify its adherence to the Data Privacy Laws and Regulations. If you have a query, concern or complaint about the application of this Privacy Policy for European Economic Area or the Processing of EU Personal Data by Libbey, we encourage you to contact Libbey using the Libbey Contact Details provided in Section 12 of the General Privacy Policy.

Last Updated: January 2020.