Information we collect
The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.
When you register for an Account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number.
How we use your information
We use the information we collect in various ways, including to:
- Provide, operate, and maintain our website
- Improve, personalize, and expand our website
- Understand and analyze how you use our website
- Develop new products, services, features, and functionality
- Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the webste, and for marketing and promotional purposes
- Send you emails
- Find and prevent fraud
candygadget follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services’ analytics. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.
Cookies and Web Beacons
Like any other website, candygadget uses ‘cookies’. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information.
For more general information on cookies, please read “What Are Cookies”.
Google DoubleClick DART Cookie
Advertising Partners Privacy Policies
Note that candygadget has no access to or control over these cookies that are used by third-party advertisers.
Third Party Privacy Policies
You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers’ respective websites.
CCPA Privacy Rights (Do Not Sell My Personal Information)
Under the CCPA, among other rights, California consumers have the right to:
Request that a business that collects a consumer’s personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
Request that a business delete any personal data about the consumer that a business has collected.
Request that a business that sells a consumer’s personal data, not sell the consumer’s personal data.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.
GDPR Data Protection Rights
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.
Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.
candygadget does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.
- What Information Do We Gather about You?
1. (A) Information Collected through Times Services
i. Information You Voluntarily Give Us
ii. Information Collected Automatically
iii. A Note about Sensitive Personal Information
1. (B) Information We Create or Generate
1. (C) Information Collected from Other Sources
i. Privately Owned Databases
ii. Social Media Platforms and Other Third-Party Services
iii. Workplace and Schools
- What Do We Do With the Information We Collect about You?
2. (A) We Provide the Times Services
2. (B) We Personalize Your Experience
2. (C) We Allow You to Share User-Generated Content
2. (D) We Develop Products and Services, and Do Analysis
2. (E) We Carry Out Administrative Tasks
2. (F) We Offer Sweepstakes, Contests and Other Promotions
2. (G) We Allow for Personalized Advertising on Times Services and Create Audiences for Third-Party Advertisers
2. (H) We Advertise or Market Times Services to You
2. (I) We Aggregate (or De-identify) Personal Information into Larger Findings
- To Whom Do We Disclose the Information We Gather?
3. (A) Within The New York Times Company
3. (B) With Service Providers
3. (C) With Other Third Parties
- What Are Your Rights and Choices?
4. (A) In General
i. Communications Preferences
ii. Access, Correct, Change/Update, Delete or Restrict Processing of Your Personal Information
iii. Managing Your Digital and Home Delivery Accounts
iv. Browser and Platform Controls
v. Other Rights and Choices
4. (B) California Privacy Rights
i. Notice at Collection
ii. Rights to Know, Correction, and Deletion
iii. “Do Not Sell or Share My Personal Information”
iv. Right to Limit Use and Disclosure of Sensitive Personal Information
v. Authorized Agents
vi. Non-Discrimination Rights
vii. Record of Requests
viii. California “Shine the Light” Privacy Rights
ix. Removal of Content for California Minors
- How Long Do You Retain Data?
- How Do You Protect My Information?
- Are There Guidelines for Children?
- How Is Information Transferred Internationally?
- What Is Our Legal Basis?
- What about Third-Party Services?
- How Can You Contact Us? Who Is the Controller of Your Personal Information?
The information we gather about you depends on the context. By and large, it’s information about you that can personally identify you — either on its own or when combined with other information.
The following describes the information we collect and how we obtain it.
- For Registration:
When you sign up for a Times Service (e.g., a subscription), we collect your contact information and account credentials. Once you’re registered, we assign you a unique ID number. This ID number helps us recognize you when you’re signed in.
For some Times Services, you can instead sign up by linking your Apple, Facebook or Google account. See Information Collected From Other Sources below.
If you register for an event or conference, we might ask for additional information (e.g., your company name, your job title or your dietary restrictions).
- For Billing:
To process payments or donations, we collect and use your payment information.
This can include your name, your address, your telephone number, your email address, your credit or debit card information and any other relevant information.
- For User-Generated Content:
We offer you the ability to post content that other users can read (e.g., comments or recipe reviews). Anyone can read, collect and use any personal information that accompanies your posts. See the Comments F.A.Q., or read the User-Generated Content section in our Terms of Service for more information.
We do not have to publish any of your content. If the law requires us to take down, remove or edit your personal information, we will comply to the required extent.
- For Contests, Sweepstakes and Special Offers:
When you sign up for these, you give us your name, email and any other required information.
- For Reader Surveys, Research, Panels and Experience Programs:
We gather information through questionnaires, surveys and feedback programs, including demographic information like your age, ethnicity, race, or gender. We also conduct similar research for advertisers. We ask you for your consent to use this information when you participate in these programs and events.
- During Contact with Our Call Centers:
We collect information from you when you place an order over the phone or contact customer service through one of our toll-free numbers. This can include your name, contact information and any other information you choose to provide.
- Personal Contacts Data:
We never scan your device for your contacts or upload that data.
With your consent, we do comply with your requests to collect data about your friends, family or acquaintances (e.g., Refer a Friend campaigns). This functionality is only meant for U.S. residents. By using it, you acknowledge and agree that both you and your contacts are based in the United States — and that you have everyone’s consent for us to use their contact information.
- Identifiers and Device Information:
When you visit our Services, including our websites, apps, email communications and newsletters, our servers automatically log information about the device you are using, including unique identifiers. If your browser doesn’t accept our cookies or similar technologies, you can’t access certain parts of our websites (e.g., your account on nytimes.com). The items we log include:
- Your IP address
- Cookie identifiers
- Your operating system and browser (e.g., type, version, and configuration)
- Your browser language
- Device identifiers (such as MAC address)
- Advertising identifiers
We combine this data with other information we collect about you.
- Geolocation Information:
Some of our apps can provide content based on your GPS location if you enable this feature. Your GPS location is your precise geolocation, which is considered a type of sensitive personal information.
You choose whether to enable GPS features when you first install the app. You can edit that setting on your device at any time. If you enable these features, your GPS location can be found by satellite, cell phone tower or Wi-Fi and used by the app. If you save a location-based search in your history, that data moves to our service provider’s servers — see below for the definition of service provider.
If you do not enable GPS location-based services, or if a specific app does not have location-based features, we don’t collect your precise GPS location. We do collect your IP address, which can establish your approximate location. Ads on our sites and apps may be targeted based on this approximate location but are never targeted based on your GPS location.
- Other Usage Data:
We collect certain internet and network activity on our Services, including our websites and apps, such as the URLs of any pages you visit on our sites and apps, the URL of the website from which you came to our sites, how long you spent on a page, access times and other details about your use of and actions on our Services.
We generally don’t want to gather sensitive information about you. This includes:
- Government-issued IDs (such as your driver’s license, passport or social security number)
- Your racial or ethnic origin
- Your political opinions
- Your religion or other beliefs
- Your health, biometric or genetic characteristics
- Any trade union membership
- Your sexuality (information about your sex life or sexual orientation)
- Any criminal background
- The content of your private communications (other than messages you may send to us)
However, as discussed above, we sometimes collect precise geolocation information (which may be considered a sensitive data type) to provide GPS-based location services you choose to enable. Also, some laws define account access information, such as a username and password, as sensitive personal information, but we collect that information only for the accounts you create directly with us and not for any other account you may have with a third party.
Finally, there are situations when we request certain of the above information (e.g., a reader survey asks about your political leanings or ethnicity), but you can decline to answer. Outside those situations we would prefer you never share these types of information with us.
We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”).
Marketing, data analytic and social media-owned databases give us access to a range of information — like public data, survey data and more. This data sometimes includes your mailing address, your gender, your age, your household income and other demographic data.
(Social media platforms include services like Facebook. Third-party services include services like Google and Nook.)
You can link your social media or other third-party account to a Times Service. By linking the services, you authorize us to collect, store and use any information they may give us (e.g., your email address). You can disconnect your nytimes.com registration from third-party accounts at any time.
We also receive information from you when you interact with our pages, groups, accounts or posts on social media platforms. This includes aggregate data on our followers (e.g., age, gender and location), engagement data (e.g., “likes,” comments, shares, reposts and clicks), awareness data (e.g., number of impressions and reach) and individual users’ public profiles.
When your employer or school buys an organization-wide subscription to nytimes.com, they sometimes provide us with your name and organization email address to grant you access as a user.
We use your information to help you use and navigate Times Services, such as:
- Making a Times Service available to you
- Arranging access to your account
- Providing customer service
- Responding to your inquiries, requests, suggestions or complaints
- Completing your payments and transactions
- Sending service-related messages (e.g., a change in our terms and conditions)
- Saving your reading list, recipes or property searches
- Displaying your Games (including Crossword, Wordle, and Spelling Bee) stats
- Letting you take part in paid services, polls, promotions, surveys, panels, research and comments.
We track your interests and reading habits (e.g., the articles you read) to personalize your reading experience using technology like algorithmic recommendations and machine learning. This is how we highlight articles you might be interested in and de-emphasize articles you’ve already read. For more information about content personalization on Times Services, you can read the Personalization F.A.Q. We also show you prices, promotions, products or services we believe you’ll find interesting, based on demographic and usage data.
Any information you disclose in your content becomes public — along with your chosen screen name and uploaded photo.
We analyze data on our users’ subscriptions, purchases and usage behaviors. This helps us make business and marketing decisions.
For example, our analysis, which includes the use of technology like machine learning, lets us predict preferences and price points for our products and services. It helps us determine whether our marketing is successful. It also shows us characteristics about our readers, which we sometimes share in aggregate with advertisers.
- For auditing: We verify that our internal processes work as intended and comply with legal, regulatory and contractual requirements.
- For fraud and security monitoring: We detect and prevent cyberattacks or unauthorized robot activities.
- For customer satisfaction: We assess users’ satisfaction with Times Services and our customer care team.
You can take part in our sweepstakes, contests and other promotions. Some might have additional rules about how we use and disclose your personal information.
We also identify groups of users to whom to serve personalized ads on behalf of our advertisers. To do this, we combine information we collect through surveys or registration with information we collect automatically using tracking technologies while you browse our sites and apps. This combined information is used to build models. These data models are then used to measure users’ attributes, like their demographic information or their interests. Working with service providers, we use these measurements to group users by common attributes. Each group is associated with a random ID which is then passed to our ad server for use in targeting ad campaigns on our sites and apps.
- For more about targeted advertising, and how to opt out with your specific browser and device, go to the DAA Webchoices Browser Check and NAI Opt Out of Interest-Based Advertising. You can download the AppChoices app to opt out in mobile apps. You can also follow the instructions in the What Are Your Rights and Choices? section below.
- We try to limit how our third-party advertising technology vendors use the information they gather from you. Many of these providers require us to enter into contracts that allow them to optimize their own services and products, or that help them create their own. Essentially, these providers combine any information they gather about you through Times Services with information they receive from their other clients. This helps them target ads to you on behalf of their other clients, not just us.
We market our Times Services to you. Sometimes we use marketing vendors to do this.
We serve ads through websites, locations, platforms and services operated and owned by third parties. Often these ads are targeted at people who have visited or registered for a Times Service but have not subscribed to or purchased anything. The ads are also targeted at people with similar traits or behaviors to our subscribers or customers.
We target our advertising to these users by uploading an encrypted customer list to a third party, or by incorporating a tracking technology from a third party onto our Times Service. The third party then matches individuals who appear in both our data and their data. Because of how this matching process works, the third party can’t read our encrypted customer list if they don’t already have it. We will also opt you out of such matched ads if you are a California resident and you exercise your right not to have your personal information “sold,” as discussed further below.
To opt out of receiving these matched ads, contact the applicable third parties. For example, when we use “Custom Audiences” to serve you our ad through Facebook, you should be able to hover over the box in the right corner of that Facebook ad and opt out. We are not responsible for any third party’s failure to comply with opt-out requests.
We periodically send you targeted email newsletters or promotional emails. For information on opting out of these emails, see What Are Your Rights and Choices? below.
Sometimes we aggregate or de-identify information so that it can no longer identify you, as defined under applicable laws. This helps us better understand and represent our users, such as when we measure ad performance, create advertising interest-based segments or compile survey results. We can use and disclose this aggregated or de-identified information for any purpose, unless an applicable law says otherwise.
We work with service providers, as defined above, to carry out certain tasks, including:
- Processing your payments
- Fulfilling your orders
- Maintaining technology and related infrastructure
- Offering you customer service
- Serving and targeting ads
- Measuring ad performance
- Presenting surveys
- Shipping you products and mailings
- Distributing emails
- List processing and analytics
- Managing and analyzing research
- Managing promotions
When performing these tasks, service providers often have access to your personal information.
We sometimes allow them to use aggregated or de-identified information for other purposes, in accordance with applicable laws.
It is worth noting how practices of certain vendors and changes in law outside of our control have changed what we can say about this. First, as noted elsewhere in this Policy, to the extent California regulators take the position that the disclosure of information for matched ads is a “sale,” we will opt you out of such matched ads if you are a California resident and you exercise your right not to have your personal information “sold.”
Second, at least one of our vendors uses pseudonymized email addresses they receive from us to power products that they provide to us and their other customers. Therefore, it is possible that your email address, which was shared with our vendor to provide services to us, is being used in pseudonymized form by the vendor to provide products and services to other companies.
While we try to control the behavior of our vendors that we understand to be service providers, some of those vendors engage in activities beyond our control that may be seen by a regulator as the activities of “third parties,” not service providers.
The following provides more information about the circumstances in which we know we are disclosing personal information to third parties that are not service providers.
i. If you’re a U.S. print subscriber, we may provide your name and mailing address (among other information) to other reputable companies that want to market to you by mail. This may be a “sale” of personal information under the law of some jurisdictions. If you prefer we don’t share this information, refer below to What Are Your Rights and Choices? below.
ii. We provide information to third party advertisers and their agencies as described in Section 2(G) above.
iii. We provide information to websites, locations, platforms and services operated and owned by third parties in connection with marketing, as described in Section 2(H) above.
iv. We provide information about our live event and conference attendees (e.g., your name, your company or your job title) to the event sponsors. In those cases, we notify you when you provide us the information.
- We collect your information and provide it to the third-party service for processing (such as Worldpay).
- The third-party service collects your information for processing.
vii. In the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we would have a legitimate interest in disclosing or transferring your information to a third party — such as an acquiring entity and its advisers.
- Comply with the law or with legal process
- Protect and defend our rights and property
- Protect against misuse or unauthorized use of the Times Services
- Protect the safety or property of our personnel, users or the general public (e.g., if you provide false information or attempt to pose as someone else, we could share your information to help investigations into your actions)
- Cooperate with government authorities, which could be outside your country of residence.
We provide a variety of ways for you to control the personal information we hold about you, including choices about how we use that information. In some jurisdictions, these controls and choices are enforceable as rights under applicable law.
The choices described below are limited to the email address, phone or device used. They won’t affect subsequent subscriptions.
We offer a variety of commercial emails and email newsletters. You can unsubscribe from emails and email newsletters from The Times, including emails regarding The Athletic, by following the instructions near the bottom of the email. You can also email us at email@example.com.
To stop receiving emails and email newsletters sent directly by The Athletic, you must separately contact The Athletic.
- Mail or Telephone Promotions:
You can ask us to unsubscribe from our mail or telephone solicitations. In some jurisdictions, as discussed elsewhere in this Policy, you can also ask us to not share your information with third parties for marketing purposes. To do so, call us at 1-800-698-4637 or chat with us. You may also email us at firstname.lastname@example.org with “Opt Out” in the subject line and your account number and phone number in the body of the email.
For International Edition customers, you can write us at: The New York Times International Edition, Subscription Dept. 18 Museum Street, London, WC1A 1JN, United Kingdom. Please include your account number and phone number in the body of the letter.
- Push Notifications:
You can opt out any time by adjusting your device settings, or uninstalling our app.
- Text Messages:
You can opt out of text alerts any time by replying “STOP,” or any alternative keyword we’ve shared with you.
We complete any opt-out request as quickly as we can. This opt-out request won’t prohibit us from sending you important nonmarketing notices.
In some jurisdictions, you may exercise the following choices:
- Access, modify or delete the personal information we have about you
- Be informed of or receive an electronic copy of the personal information we have about you, for data portability.
- Restrict, or object to, how we process personal information about you
For example, in the European Union and the United Kingdom, you have the right to object to, or obtain a restriction of, the processing of your personal information under certain circumstances; and where the processing is based on your consent, you have a right to withdraw that consent at any time for future processing.
If you’d like to exercise any of the above choices, contact us via this form or by calling us at our toll-free number, 1-800-NYTIMES. In your request, please be specific. State the information you want changed, whether you’d like your information suppressed from our database or whether there are limitations you’d like us to put on how we use your personal information. Please use the email address linked to that personal information — we only complete requests on the information linked to your email address. To verify your identity, we will email the email address you provide us, and which matches our records, and wait for your response. In some instances, we may also ask for additional information. This is how we verify your identity before complying.
In some jurisdictions, you can designate an authorized agent to make a request on your behalf. In order to do that, please provide the agent with written permission, signed by you, authorizing the agent to submit the request on your behalf. The agent must submit that written permission along with the request. We will contact you to verify your identity — and the authorized agent’s permission — before a response to the request is sent.
We’ll respond to your request in a manner consistent with applicable law, including any exceptions that may result in a request being denied in whole or in part.
We might need to keep certain information for recordkeeping purposes, or to complete a transaction you began prior to requesting a change or deletion (e.g., if you make a purchase or enter a promotion, you might not be able to change or delete the personal information provided until after the completion of the purchase or promotion).
In some cases, your request doesn’t ensure complete removal of the content or information (e.g., if another user has reposted your content).
You can update your account information and see your transaction history (for International Edition print subscribers). If you need assistance, call our toll-free number, 1-800-NYTIMES. Other local numbers are available.
It works differently if you subscribed via Apple’s App Store or Google Play. Register with us to access the Account area and contact Apple or Google for your transaction history.
- Cookie Controls:
- Global Privacy Control:
Some browsers and browser extensions support the Global Privacy Control (“GPC”) that can send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data sales. In certain territories, when we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting as required by applicable law.
- Do Not Track:
Some browsers include a “Do Not Track” (DNT) setting that can send a signal to the websites you visit indicating you do not wish to be tracked. Unlike the GPC described above, there is not a common understanding of how to interpret the DNT signal; therefore, our websites do not respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.
- Mobile Advertising ID Controls:
iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.
- Email Web Beacons:
Most email clients have settings which allow you to prevent the automatic downloading of images, including web beacons, which prevents the automatic connection to the web servers that host those images.
- Virginia Opt Out of Targeted Advertising:
Effective January 1, 2023, residents of Virginia have the choice to opt out of targeted advertising. In order to exercise your choice as a Virginia resident, please click on “Do Not Sell/Share My Information” link on the bottom of the webpage where your information is being collected.
You will not receive discriminatory treatment by us for the exercise of your privacy rights.
This Policy has been designed to be accessible to people with disabilities. If you experience difficulties accessing this Policy, please contact us at email@example.com. If you’d like, you can lodge a complaint with a data protection authority. A list of E.U. data protection authorities is available. But we encourage you to first contact us with any questions or concerns.
In some jurisdictions, you may appeal to us if we refuse to take action on your exercise of certain choices described above. In order to appeal such a refusal, please contact us at firstname.lastname@example.org using the subject line “Appeal of Refusal to Take Action on Privacy Request” and provide the relevant information in the email.
If you are a California resident, you have certain rights with respect to your personal information.
Please see Access, Correct, Change/Update, Delete, or Restrict Processing of Your Personal Information above for details, including on how to exercise these rights and how we verify your identity.
To the extent The New York Times Company “sells” your personal information (as the term “sell” is defined under the CCPA), you have the right to opt-out of that “sale” on a going-forward basis at any time.
If you’re a California resident, you have a right to opt-out from the “sale” or “sharing” of your personal information with third parties who are not our service providers (as those terms are defined under the California Consumer Privacy Act and the California Privacy Rights Act, or “CCPA” for short in this Policy). To exercise this right, click the Do Not Sell/Share My Information link on the bottom of the webpage where your information is being collected or go to “Account” and then “Settings” and “About This App” and click the “Do Not Sell/Share My Information” link there. You can also submit a request to opt-out by emailing us at email@example.com with the subject line “California Resident – Do Not Sell or Share.” Finally, if your browser supports it, you can turn on the Global Privacy Control to opt-out of the “sale” or “sharing” of your personal information.
If you have an account with certain Times Services (specifically nytimes.com, cooking.nytimes.com, nytimes.com/crosswords, the New York Times app, the New York Times Cooking app and the New York Times Games app) and are logged in, we will save your preference and honor your opt-out request across browsers and devices so long as you remain logged in. If you are not logged in, or do not have an account with any Times Services listed above, your opt-out of the “sale” or “sharing” of personal information will be specific to the browser or device from which you have clicked “Do Not Sell/Share My Personal Information” and until you clear your cookies (or local storage in apps) on this browser or device.
We do not knowingly “sell” or “share” (as those terms are defined by the CCPA) the personal information of minors under 16 years old.
If you are a California resident, effective January 1, 2023, you have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law. To opt-out from such additional purposes, contact us via this form or by calling us at our toll-free number, 1-800-NYTIMES.
You can designate an authorized agent to make a request to exercise your rights under the CCPA on your behalf. In order to do that, please provide the agent with written permission, signed by you, authorizing the agent to submit the request on your behalf. The agent must submit that written permission along with the request. We will contact you to verify your identity — and the authorized agent’s permission — before a response to the request is sent.
You may exercise any of your rights listed in this section without fear of unlawful discrimination.
We keep a record of requests that we received from California residents.
For data deletion and data access requests, our readers submit requests through our intake form. In the intake form, they mark whether they reside in California. We then send an identity verification email to the user. If the user does not verify their identity in 45 days, their request will be denied. If the user does verify in 45 days, we begin to fulfill their request.