Last updated: August 29, 2007.
What Personal Information About Customers Does Amazon.com Gather?
The information we learn from customers helps us personalize and continually improve your shopping experience at Amazon.com. Here are the types of information we gather.
- Information You Give Us: We receive and store any information you enter on our Web site or give us in any other way. Click here to see examples of what we collect. You can choose not to provide certain information, but then you might not be able to take advantage of many of our features. We use the information that you provide for such purposes as responding to your requests, customizing future shopping for you, improving our stores, and communicating with you.
- Automatic Information: We receive and store certain types of information whenever you interact with us. For example, like many Web sites, we use "cookies," and we obtain certain types of information when your Web browser accesses Amazon.com. Click here to see examples of the information we receive.
- E-mail Communications: To help us make e-mails more useful and interesting, we often receive a confirmation when you open e-mail from Amazon.com if your computer supports such capabilities. We also compare our customer list to lists received from other companies, in an effort to avoid sending unnecessary messages to our customers. If you do not want to receive e-mail or other mail from us, please adjust your Customer Communication Preferences.
- Information from Other Sources: We might receive information about you from other sources and add it to our account information. Click here to see examples of the information we receive.
What About Cookies?
- Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your Web browser to enable our systems to recognize your browser and to provide features such as 1-Click purchasing, New for You, personalized Amazon Honor System greetings, and storage of items in your Shopping Cart between visits.
Does Amazon.com Share the Information It Receives?
Information about our customers is an important part of our business, and we are not in the business of selling it to others. We share customer information only as described below and with subsidiaries Amazon.com, Inc. controls that either are subject to this Privacy Notice or follow practices at least as protective as those described in this Privacy Notice.
- Affiliated Businesses We Do Not Control: We work closely with our affiliated businesses. In some cases, such as Marketplace and Auctions sellers, these businesses operate stores at Amazon.com or sell offerings to you at Amazon.com. In other cases, we operate stores, provide services, or sell product lines jointly with these businesses. Click here for some examples of co-branded and joint offerings. You can tell when a third party is involved in your transactions, and we share customer information related to those transactions with that third party.
- Third-Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include fulfilling orders, delivering packages, sending postal mail and e-mail, removing repetitive information from customer lists, analyzing data, providing marketing assistance, providing search results and links (including paid listings and links), processing credit card payments, and providing customer service. They have access to personal information needed to perform their functions, but may not use it for other purposes.
- Promotional Offers: Sometimes we send offers to selected groups of Amazon.com customers on behalf of other businesses. When we do this, we do not give that business your name and address. If you do not want to receive such offers, please adjust your Customer Communication Preferences.
- Business Transfers: As we continue to develop our business, we might sell or buy stores, subsidiaries, or business units. In such transactions, customer information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the customer consents otherwise). Also, in the unlikely event that Amazon.com, Inc., or substantially all of its assets are acquired, customer information will of course be one of the transferred assets.
- Protection of Amazon.com and Others: We release account and other personal information when we believe release is appropriate to comply with the law; enforce or apply our Conditions of Use and other agreements; or protect the rights, property, or safety of Amazon.com, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. Obviously, however, this does not include selling, renting, sharing, or otherwise disclosing personally identifiable information from customers for commercial purposes in violation of the commitments set forth in this Privacy Notice.
- With Your Consent: Other than as set out above, you will receive notice when information about you might go to third parties, and you will have an opportunity to choose not to share the information.
How Secure Is Information About Me?
- We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.
- We reveal only the last five digits of your credit card numbers when confirming an order. Of course, we transmit the entire credit card number to the appropriate credit card company during order processing.
- It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer.
What About Third-Party Advertisers and Links to Other Websites?
Our site includes third-party advertising and links to other websites. We do not provide any personally identifiable customer information to these advertisers or third-party websites. Click here for some examples as well as information on how to contact these companies to learn more or opt-out of their information collection practices.
Amazon.com also displays targeted advertising based on personal information about users. Although Amazon.com does not provide any personal information to advertisers, advertisers (including ad-serving companies) may assume that users who interact with or click on a targeted advertisement meet the targeting criteria used to display the ad (for example, users in the northwestern United States who like classical music).
Which Information Can I Access?
Amazon.com gives you access to a broad range of information about your account and your interactions with Amazon.com for the limited purpose of viewing and, in certain cases, updating that information. Click here to see some examples, the list of which will change as our Web site evolves.
What Choices Do I Have?
- As discussed above, you can always choose not to provide information, even though it might be needed to make a purchase or to take advantage of such Amazon.com features as your Profile, Wish Lists, Customer Reviews, and Amazon Prime.
- You can add or update certain information on pages such as those listed in the "Which Information Can I Access?" section above. When you update information, we usually keep a copy of the prior version for our records.
- If you do not want to receive e-mail or other mail from us, please adjust your Customer Communication Preferences. (If you do not want to receive Conditions of Use and other legal notices from us, such as this Privacy Notice, those notices will still govern your use of Amazon.com, and it is your responsibility to review them for changes.)
Are Children Allowed to Use Amazon.com?
Amazon.com does not sell products for purchase by children. We sell children's products for purchase by adults. If you are under 18, you may use Amazon.com only with the involvement of a parent or guardian.
Does Amazon.com Participate in the Safe Harbor Program?
Amazon.com is a participant in the Safe Harbor program developed by the U.S. Department of Commerce and the European Union. We have certified that we adhere to the Safe Harbor Privacy Principles agreed upon by the U.S. and the E.U. For more information about the Safe Harbor and to view our certification, visit the U.S. Department of Commerce's Safe Harbor Web site. If you would like to contact Amazon.com directly about the Safe Harbor program, please send an e-mail to email@example.com.
Conditions of Use, Notices, and Revisions
If you choose to visit Amazon.com, your visit and any dispute over privacy is subject to this Notice and our Conditions of Use, including limitations on damages, arbitration of disputes, and application of the law of the state of Washington. If you have any concern about privacy at Amazon.com, please contact us with a thorough description, and we will try to resolve it.
Our business changes constantly, and our Privacy Notice and the Conditions of Use will change also. We may e-mail periodic reminders of our notices and conditions, unless you have instructed us not to, but you should check our Web site frequently to see recent changes. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account. We stand behind the promises we make, however, and will never materially change our policies and practices to make them less protective of customer information collected in the past without the consent of affected customers.
Examples of Information Collected
Information You Give Us
You provide most such information when you search, buy, bid, post, participate in a contest or questionnaire, or communicate with customer service. For example, you provide information when you search for a product; place an order through Amazon.com or one of our third-party sellers; make an Auction bid or purchase; provide information in Your Account (and you might have more than one if you have used more than one e-mail address when shopping with us) or Your Profile; communicate with us by phone, e-mail, or otherwise; complete a questionnaire or a contest entry form; compile Wish Lists or other gift registries; provide employer information when opening a corporate account; participate in Discussion Boards or other community features; provide and rate Reviews; specify a Special Occasion Reminder; share information with Amazon Friends; and employ other Personal Notification Services, such as Available to Order Notifications. As a result of those actions, you might supply us with such information as your name, address, and phone numbers; credit card information; people to whom purchases have been shipped, including addresses and phone number; people (with addresses and phone numbers) listed in 1-Click settings; e-mail addresses of Amazon Friends and other people; content of reviews and e-mails to us; personal description and photograph in Your Profile; and financial information, including Social Security and driver's license numbers.
Information from Other Sources
Examples of information we receive from other sources include updated delivery and address information from our carriers or other third parties, which we use to correct our records and deliver your next purchase or communication more easily; account information, purchase or redemption information, and page-view information from some merchants with which we operate co-branded businesses or for which we provide technical, fulfillment, advertising, or other services (such as Target.com, BombayCompany.com, and DVF.com); search term and search result information from some searches conducted through the Web search features offered by our subsidiaries, Alexa Internet and A9.com; search results and links, including paid listings (such as Sponsored Links); and credit history information from credit bureaus, which we use to help prevent and detect fraud and to offer certain credit or financial services to some customers.
Third-Party Advertisers and Links to Other Websites
Examples of third-party advertisers and advertising companies that you can link to from the Amazon.com website or that serve advertising content directly to your browser on certain Amazon.com pages include Doubleclick. You can find out more about its information collection and use practices, including how to opt out of cookies and other collection techniques that is uses, by clicking on the above link to its website.
Information You Can Access
Examples of information you can access easily at Amazon.com include up-to-date information regarding recent orders; personally identifiable information (including name, e-mail, password, communications preferences, address book, and 1-Click settings); payment settings (including credit card information and gift certificate, gift card, and check balances); e-mail notification settings (including Alerts, Available to Order notifications, Delivers, New for You, Special Occasion Reminders, Weekly Movie Showtimes, and newsletters); recommendations (including recent product view history, prior order history, and Favorites); shopping lists and gift registries (including Wish Lists and Baby and Wedding Registries); Auctions and Marketplace seller accounts; and your Profile (including your product Reviews, Requests, and Recommendations, Listmania lists, "So You'd Like to..." guides, personal profile, people you tagged as interesting, and Amazon Friends).
Co-branded and Joint Offerings
Examples of businesses with which we offer joint or co-branded products and other offerings include Target, Borders, Waldenbooks, CD Now, Verizon Wireless, Sprint, T-Mobile, Cingular, Shutterfly, Office Depot, J&R, PetSmart, Godiva, FTD, Avon, Bombay Company, Macy's, PacSun, Eddie Bauer and Northern Tool + Equipment.
What are cookies?
A "cookie" is a small text file containing a string of alphanumeric characters. There are two types of cookies: a persistent cookie and a session cookie. A persistent cookie gets entered by your Web browser into the cookie folder on your computer's hard drive. A persistent cookie remains in that cookie folder, which is maintained and governed by your Web browser, after you close your browser program. A session cookie is temporary and disappears after you close your browser. DoubleClick's ad-serving and paid search listing ("DART Search") products utilize the same cookie: the DART cookie. The DART cookie is a persistent cookie and consists of the name of the domain that set the cookie ("ad.doubleclick.net"), the lifetime of the cookie, and a "value." DoubleClick's DART technology generates a unique series of characters for the "value" portion of the cookie.
What is the DoubleClick cookie doing on my computer?
If you have a DoubleClick cookie in your Cookies folder, it is most likely a DART cookie. The DoubleClick DART cookie helps marketers learn how well their Internet advertising campaigns or paid search listings perform. Many marketers and Internet websites use DoubleClick's DART technology to deliver and serve their advertisements or manage their paid search listings. DoubleClick's DART products set or recognize a unique, persistent cookie when an ad is displayed or a paid listing is selected. The information that the DART cookie helps to give marketers includes the number of unique users their advertisements were displayed to, how many users clicked on their Internet ads or paid listings, and which ads or paid listings they clicked on.
Why does your cookie keep coming back after I delete it?
When you visit any website or search engine on which DoubleClick's DART technology is used, our servers will check to see if you already have a DART cookie. If the servers do not receive a DART cookie, the servers will try to set a cookie in response to your browser's "request" to view that Web page. If you do not want a DART cookie with a unique value, you can obtain a DoubleClick DART "opt out" cookie. Alternatively, you can adjust your Internet browser's settings for handling cookies. This is explained in the next question.
How can I adjust my cookie settings to accept or decline cookies?
To eliminate cookies you may have currently accepted, and to deny or limit cookies in the future, please follow one of these procedures:
IMPORTANT: IF YOU DELETE YOUR OPT-OUT COOKIE, YOU WILL NEED TO OPT-OUT AGAIN. IF YOUR BROWSER BLOCKS ALL OR THIRD-PARTY COOKIES, YOU WILL BLOCK THE SETTING OF OPT-OUT COOKIES.
* If you are using Internet Explorer 6.0, go to the Tools menu, then to Internet Options, then to the Privacy tab. This version of Internet Explorer is the first to use P3P to distinguish between types of cookies. P3P uses standardized privacy statements made by the cookie issuer to manage your acceptance of cookies. Under the "Privacy" tab, click on the "Advanced" button. Select "Override automatic cookie handling" and choose whether you want to accept, block or be prompted for "First-party" and "Third-party Cookies." If you want to block all cookies coming from DoubleClick's doubleclick.net domain, go to the "Web Sites" section under the "Privacy" tab and click the "Edit" button. In the "Address of Web site" field, enter "doubleclick.net," select "Block," click OK (menu will disappear); click OK again and you will be back to the browser.
* If you are using Netscape 6.0+, go to "Edit" in the menu bar, click on "Preferences," click on "Advanced," and select the "Cookies" field. Now check either the box that says, "Warn me before accepting a cookie" or "Disable cookies." Click on "OK." Now go to your "Start" button, click on "Find," click on "Files and Folders," type "cookies.txt" into the search box that appears, and click "Find Now." When the search results appear, drag all files listed, into the "Recycle Bin." Now shut down and restart your Netscape. Depending on your earlier choice you will either be prompted by new cookie sets or no cookies will be set or received.
* If you are using Mozilla or Safari, please go to their websites to find out how to disable cookies in those programs.
What are Web beacons?
Web beacons are small strings of HTML code that are placed in a Web page. They are sometimes called "clear GIFs" (Graphics Interchange Format) or "pixel tags." Web beacons are most often used in conjunction with cookies. DoubleClick uses Web beacons in connection with its products and services, including ad serving and paid search listings ("DART Search"). Because a Web beacon is only 1 pixel high by 1 pixel wide, it appears invisible on your computer screen. If Web beacons were made larger (e.g., 100 pixels high by 100 pixels wide), it would take much longer for your Web page to load and would clutter up the page that you have requested.
In 2002, working with a broad spectrum of companies, including other technology companies, seal providers and websites, DoubleClick helped draft "Best Practice" guidelines for disclosing the use of Web beacons. Please click here to see these guidelines -- and a list of the companies that participated in developing them.
What is "personally identifiable information" ("PII")?
"Personally identifiable information" is any information that can identify or locate a particular person, including but not limited to name, address, telephone number, email address, social security number, bank account number or credit card number.
What is "non personally identifiable information" ("non-PII")?
"Non-personally identifiable information" is information that cannot identify a particular person. This type of information includes a user's Internet Service Provider, a computer's operating system and browser type, and a unique DoubleClick DART cookie ID.
DoubleClick's ad-serving and search products utilize non-PII. Some of our clients may associate PII that you have given them (for example, a customer number, if you have registered at or purchased from their websites), with their advertising campaigns. Although this customer number may be passed from the client to DoubleClick's ad servers during the ad delivery process, DoubleClick cannot recognize this information as PII and cannot link it to any person.
What is "sensitive information?"
To DoubleClick, "sensitive information" categorically includes but is not limited to data related to an individual's health or medical condition, sexual behavior or orientation, or detailed personal finances, information that appears to relate to children under the age of 13 at the time of data collection; and PII otherwise protected under federal or state law (for example, cable subscriber information or video rental records). DoubleClick does not use any "sensitive information" to target Internet advertisements.
What is ad serving?
In order to support their content without charging visitors, websites sell advertising space on their Web pages. Companies like DoubleClick provide technology for the websites and advertisers to use to display ads on the websites. DoubleClick's ad servers work at the direction -- and on behalf -- of our clients.
When you visit a website, your computer's Internet browser transmits a "request" to that website's server, "asking" that server to send you the Web page that you are seeking. Most Web pages contain components that are pulled from different sources. For example, a Web page at a news site may get its weather section from one provider, its sports results from a different source, and advertisements from other servers.
If the website is using DoubleClick's technology to display ads on its site, the Web page will contain coding that directs your browser to fill the ad space on the Web page with content from one of DoubleClick's ad servers. DoubleClick's clients select the format, content, and location of the ads, as well as the criteria for controlling which ads to show and when to show them. DoubleClick's ad-serving technology uses a cookie to help clients determine what ads to display. When a "call" is received by DoubleClick's ad servers, the server checks to see if the "calling" browser has sent a cookie with the request for advertising. If the server doesn't "see" either a unique DoubleClick cookie or an opt-out cookie, after "testing" to see whether the browser will accept cookies, the server sets a unique DoubleClick ad cookie. If the browser already has a unique DoubleClick ad cookie, the server "recognizes" the cookie and uses the unique ID for targeting and reporting purposes as specified by the DoubleClick client. If the browser has an opt-out DoubleClick cookie, the server uses only the non-cookie related information that is automatically transmitted in the Internet environment (e.g., browser type, Internet service provider, and information about the general content of the site or page displayed on your browser) to determine which ad to show. Sometimes Web beacons are used in conjunction with the DART cookie when clients want more versatile targeting or reporting capabilities.
How does an ad-serving client use DoubleClick's technology to target or select which ad to deliver?
Our clients store their ads on DoubleClick's ad servers. When you visit a Web page on which a client is using DoubleClick technology to deliver ads, coding that the website publisher placed in the Web page tells your computer's browser to send a request for an ad to the DoubleClick ad server. When the DoubleClick ad server receives a request, it will select an ad based on the criteria that the client has chosen together with any information logged against the unique cookie id.
For example, a client's website may attract an audience of mainly men, aged between 18 and 45, who are interested in sports, fashion and electronic gadgets. The client will therefore approach sports, fashion and electronic gadget retailers to see if they would like to advertise on the site. Those retailers will provide the client with ads, which the client will store on the DoubleClick ad servers. The client will assign those ads specific codes, such as sports = 1, fashion = 2, and electronic gadgets = 3. On the pages where the website publisher wants to show all three categories of ads, the website will install an ad tag that contains all three codes. On pages of the website that the client thinks attracts only men interested in sports, an ad tag that contains only the code for sports, code 1, may be installed.
DoubleClick does not tell clients which criteria to select or which advertisements to target against those criteria. Clients choose the categories they wish to attach to the advertising that they have contracted to show, what code(s) they wish to attach to those categories, and which code(s) they wish to include in each of their ad request tags. In their contracts with DoubleClick, DoubleClick's ad-serving clients promise not to use information that DoubleClick could recognize as either "sensitive" or "personally identifiable" to target ads.
What information is collected by a client using DoubleClick's ad serving technology?
Each time one of DoubleClick's ad servers receives a request for an ad or for a Web beacon, information about the request received and the ad or Web beacon served -- for example, the date, the time, the website to which the ad or image was delivered, the cookie ID to which the ad was shown, the operating system which the browser was using -- will be recorded.
Does DoubleClick itself do anything with this ad-serving information?
No. The information that is recorded on the DoubleClick servers by our clients' use of our technology belongs to our clients. Although that information may be logged on a DoubleClick server, DoubleClick's relationship with the client is that of an agent or processor. Consequently, DoubleClick does not own that information and cannot, therefore, use that information for its own business purposes or in any way not authorized by the relevant client. DoubleClick clients do, however, give us permission to use statistical or aggregate information derived from their use of the technology -- e.g., statistics about the number of ads served through the technology per month or analyses about, for example, what time of day is the best time to target certain types of ads.
Does DoubleClick sell the ad serving information to other companies?
No. The data that DoubleClick's servers record during ad serving belong to DoubleClick's clients, and DoubleClick cannot and does not sell that information to other companies. DoubleClick can, however, use its aggregate analyses about the effectiveness of ad campaigns to help clients develop more efficient and successful campaigns.
What are pop-ups and why do I see pop up advertising?
A pop-up is basically the opening of a new window in your browser.
DoubleClick provides its ad-serving clients with a means of choosing and reporting on ads. It is the website owners or the advertisers with whom they contract that make the decisions about the format of the ads. The advertisers choose whether they want to have banner ads or pop ups delivered, and they use our technology to make it happen. The website owners and advertisers choose the size and frequency of pop-up ads. DoubleClick has no control over which ad format website publishers or their advertisers choose.
Generally, there are a couple of different ways that you might receive pop up advertising:
1. The site you are currently visiting has sold an advertising opportunity to a marketer and that marketer has chosen to create an advertisement that opens a new browser window. This is a form of "traditional" Internet advertising.
2. You have some kind of ad-delivery software installed (intentionally or unintentionally, knowingly or unknowingly) on your computer. This type of software often comes bundled with freeware such as P2P (Peer-to-Peer) music sharing applications. It may track the sites you visit and scan their contents looking for triggers that match criteria identified by advertisers that purchased space from the software manufacturer. The software program will then display advertisements on your monitor.
What is spyware?
This term has been applied to a very broad range of technologies and activities -- from the mere setting of a cookie to the surreptitious installation of key-logging software on consumers' computers. There are many anti-spyware programs on the market and they each have their own definition of "spyware". For example, some programs identify cookies as "spyware", while others do not. Some software programs that monitor the websites that consumers visit in order to deliver context-based advertisements have been categorized as "adware." Many of these adware programs are responsible for the pop-up advertisements that you see.
DoubleClick does not consider its products either "spyware" or "adware." We believe that consumers should be provided meaningful notice and choice with respect to information collected and used about them.