State Privacy Notice
State Privacy Notice
Last Updated: December 21, 2023
This U.S. State Privacy Notice (“Notice”) supplements Cintas Corporation’s (together with its relevant subsidiaries, associates, and affiliated companies, “Cintas,” “we,” “us,” or “our”) General Privacy Notice, and any other privacy policies, notice, or statements on a “Service” (e.g., website, mobile app, e-mail, or any other digital asset) that is owned and operated by Cintas.
This Notice applies to residents (“Consumers”) of U.S. states with consumer privacy laws applicable to Cintas operations and regulations implementing, supplementing, or amending them (each, a "State Law"). This Notice will provide you with information regarding how Cintas collects, uses, and discloses information about you, including the choices we offer with respect to that information.
In the event of a conflict between any other Cintas policy, notice, or statement and this Notice, this Notice will prevail as to Consumers unless stated otherwise. Please also see any other privacy policies, notices or statements posted or referenced on our Services.
Not Applicable to Workforce: This Notice does not apply to our job applicants, current employees, former employees, or independent contractors (“Workforce Members”). For information on our privacy practices for Workforce Members, see our Workforce Privacy Notice.
Table of Contents
A. Personal Data Collection, Disclosure, and Retention
1. Categories
B. Right to Obtain a Copy (Data Portability)
F. Exercising Access, Data Portability, and Deletion Rights
1. Your Request Must be a Verifiable Consumer Request
I. Response Timing and Formats
III. NON-DISCRIMINATION
IV. NOTICE OF FINANCIAL INCENTIVE PROGRAMS
V. OUR RIGHTS AND THE RIGHTS OF OTHERS
VI. ADDITIONAL NOTICE FOR CALIFORNIA RESIDENTS
VII. CHANGES TO OUR PRIVACY NOTICE
VIII. CONTACT INFORMATION
I. Notice of Data Practices
This Notice provides notice of our data practices, including our collection, use, disclosure, and sale of Consumers’ personal data, which does not include:
• Publicly available information from government records.
• Deidentified or aggregated consumer information.
• Information excluded from the scope of applicable state law.
The description of our data practices in this Notice will be updated at least annually. Otherwise, this Notice serves as our notice at collection.
A. Personal Data Collection, Disclosure, Use and Retention
During the Reporting Period, we collected, retained, disclosed, and otherwise processed (collectively, “process(ed)(ing)”) the following personal data about Consumers, for the purposes described in our General Privacy Notice under How We Use Your Personal Data.
| Category of Personal Data | Examples of Personal Data Collected and Retained | Categories of Recipients |
| Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | Disclosures for Business Purposes:
Sale/Share: Shared with Third-Party Digital Businesses (only certain online identifiers like IP address) |
| Personal Records | Name, signature, address, telephone number, financial information (e.g., bank account number or payment card information). | Disclosures for Business Purposes:
Sale/Share: N/A |
| Customer Account Details/Commercial Information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Disclosures for Business Purposes:
Sale/Share: Shared with Third-Party Digital Businesses |
| Geolocation Data | Approximate location derived from IP address. | Disclosures for Business Purposes:
Sale/Share: Shared with Third-Party Digital Businesses |
| Internet Usage Information | Browsing history, search history, and other information regarding your interaction with our Services or other sites, applications, or advertisements. | Disclosures for Business Purposes:
Sale/Share: Shared with Third-Party Digital Businesses |
| Sensory Data | Audio, electronic, or similar information when you or contact us through our customer service line. | Disclosures for Business Purposes:
Sale/Share: N/A |
| Professional or Employment Information (such as your current employer) | Information regarding your current employer and position to enable us to provide products or services to you on behalf of your employer (our customer). To the extent that you are a Workforce Member, please see our Workforce Privacy Notice. | Disclosures for Business Purposes:
Sale/Share: N/A |
| Inferences from Personal Data Collected | Inferences drawn from personal data to create a profile about a Consumer reflecting preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Disclosures for Business Purposes:
Sale/Share: Shared with Third-Party Digital Businesses |
| Sensitive Personal Data | Government Issued Identification Numbers (e.g., social security, driver’s license, state identification card, or passport number). | Disclosures for Business Purposes:
Sale/Share: N/A |
Data Retention: We retain each category of personal data, including sensitive personal data, for as long as needed or permitted in light of the purpose(s) for which it was collected. The criteria used to determine our retention periods include: (i) any applicable legal requirements to retain data for a certain period of time; (ii) any retention obligations related to actual or potential litigation or government investigations; (iii) any retention requirements in relevant agreements with our Customers or Business Partners; (iv) the date of your last interaction with Cintas; (v) the length of time between your interactions with Cintas; (vi) the sensitivity of the data; and (vii) the purposes for which the data was collected.
Purposes for the Collection, Processing, and Disclosure of Sensitive Personal Data: Subject to your consent where required by applicable law, we collect, process, and disclose sensitive personal data for purposes of: providing goods or services as requested; ensuring safety, security, and integrity; countering wrongful or unlawful actions; short term transient use such as displaying first party, non-personalized advertising; performing services for our business, including maintaining and servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of our business; activities relating to quality and safety control or product improvement; and other collection and processing that is not for the purpose of inferring characteristics about an individual. We do not use sensitive personal data beyond these purposes.
II. YOUR RIGHTS AND CHOICES
Under certain State Laws, Consumers have the privacy rights described in this section, subject to meeting the requirements for a Verifiable Consumer Request. We will verify and respond to your request consistent with applicable law.
To submit a request to exercise your privacy rights, or to submit a request as an authorized agent, use our Privacy Rights Request Portal, or call us at 1-844-378-7411 and respond to any follow-up inquiries we make. Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media etc.). More details on the request and verification process is described in the Your Request Must be a Verifiable Consumer Request section. Your rights are listed below:
A. Right to Know/Access
You are entitled to confirm whether Cintas processes their personal data and to access your personal data.
1. Categories
California residents have a right to submit a request to know any of the following:
- The categories of personal data we collected about you.
- The categories of sources for the personal data we collected about you.
- Our business purposes or commercial purposes for our collecting, selling, or sharing your personal data.
- The categories of third parties to whom we have disclosed your personal data..
- A list of the categories of personal data disclosed for a business purpose and, for each, the categories of recipients, or that no disclosure occurred.
- A list of the categories of personal data sold or shared about you and, for each, the categories of recipients, or that no sale or share occurred.
2. Specific Pieces
You may request to confirm if we are processing your personal data and, if we are, to obtain a transportable copy. For your specific pieces of personal data, we will apply the heightened verification standards as described below. We have no obligation to re-identify information or to keep personal data longer than we need it or are required to by applicable law to comply with access requests.
B. Right TO OBTAIN A COPY (DATA PORTABILITY)
As part of your Right to Know, you may also request a copy of your Personal Data that you previously provided us, in a format that is portable and readily usable.
C. OPT OUT OF SELLING OR SHARING
We may sell or share your personal data, or use it for targeted advertising, as these terms are defined under applicable law.
Opt-out for non-cookie personal data: If you want to limit our processing of your non-cookie personal data (e.g., your email address) for targeted advertising or opt out of the sale or sharing of such data, make an opt-out request here.
Opt-out for cookie personal data: If you want to limit our processing of your cookie-related personal data for targeted advertising, or opt-out of the sale or sharing of such personal data, you need to exercise a separate opt-out request on our cookie management tool Your Privacy Choices. This is because we have to use different technologies to apply your opt-out of cookie personal data from your opt-out of non-cookie personal data. Our cookie management tool enables you to exercise cookie opt-out requests and enable certain cookie preferences on your device. You must exercise your preferences on each of our Websites you visit, from each browser you use, and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective and you will need to enable them again via our cookie management tool. Note that if you use ad blocking software, our cookie banner may not appear when you visit our services and you may have to use the link above to access the tool.
Opt-out preference signals (also known as global privacy control or GPC): Global privacy controls, which may be referred to as opt-out preference signals (“OOPS”), are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers that communicate the individual’s choice to opt-out of the sale or sharing of personal data. To use an OOPS/GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the OOPS/GPC. We have configured the settings of our consent management platform to receive and process GPC signals on our website, which is explained by our consent management platform Your Privacy Choices. We process OOPS/GPC with respect to sales and sharing that may occur in the context of the collection of cookie personal data by tracking technologies online, discussed above, and apply it to the specific browser on which you enable OOPS/GPC. We do not: (1) charge a fee for use of our service if you have enabled OOPS/GPC; (2) change your experience with any product or service if you use OOPS/GPC; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the OOPS/GPC.
We do not knowingly sell or share the personal data of Consumers under 16, unless we receive affirmative opt-in consent (“opt-in”) from either the Consumer who is between 13 and 16 years old, or the parent or guardian of a Consumer who is under 13 years old. If you think we may have unknowingly collected personal data of a Consumer under 16 years old, please Contact Us.
D. DELETION REQUEST RIGHTS
You have the right to request that we delete any of your personal data, subject to certain exceptions. Once we receive and confirm your rights request, we will delete (and direct our Service Providers to delete) your personal data from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our Service Provider(s):
- To complete transactions and services you have requested.
- For security purposes.
- For legitimate internal Business Purposes (e.g., maintaining business records);
- To comply with law and to cooperate with law enforcement; and
- To exercise or defend legal claims.
E. CORRECT YOUR PERSONAL DATA
You may bring inaccuracies they find in their personal data that we maintain to our attention and we will act upon such a complaint as required by applicable law. You can also make changes to your online account in the account settings section of the account. That will not, however, change your information that exists in other places.
F. EXERCISING YOUR RIGHTS
To exercise the Consumer privacy rights described above, to submit a privacy rights request as an authorized agent, or to appeal our handling of a previous privacy rights request ,please use our Privacy Rights Request Portal or call us at 1-844-378-7411.
1. Your Request Must be a Verifiable Consumer Request
Only you, or someone legally authorized to act on your behalf (your authorized agent if you’re a California Consumer), may make a verifiable consumer request related to your personal data. You may also make a verifiable consumer request on behalf of your minor child.
When you make a request applicable to you, we may ask you to provide verifying information, such as your name, e-mail, phone number, account, and/or transaction information. We will review the information provided and may request additional information (e.g., transaction history) via e-mail or other means to ensure we are interacting with the correct individual. We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces), Right to Obtain a Copy (Data Portability), Right to Access, Right to Delete, or Right to Correction request unless you have provided sufficient information for us to reasonably verify you are the Consumer about or from whom we collected personal data. We do not verify opt-outs of Sell/Share requests, if applicable, unless we suspect fraud. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal data.
To protect Consumers, if we are unable to verify you sufficiently, we will be unable to honor your request. We will use personal data provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.
2. Agent Requests
Individuals who are entitled at law to submit rights requests may use an authorized agent to submit a request on their behalf, by using the methods outlined above, subject to our verification of the agent, the agent’s authority to submit requests on behalf of the individual, and of the requestor’s identity. Once your agent’s authority is confirmed, they may exercise rights on your behalf subject to the agency requirements of applicable U.S. Privacy Laws.
III. NON-DISCRIMINATION
We will not discriminate against you for exercising any of your rights.
IV. OUR RIGHTS AND THE RIGHTS OF OTHERS
Notwithstanding anything to the contrary, we may collect, use, and disclose your personal data as required or permitted by applicable law and this may override your rights under State Law. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.
V. ADDITIONAL NOTICE FOR CALIFORNIA RESIDENTS
Certain Californians are also entitled to certain other notices, as follows: :
This Notice provides information on our online practices and your California rights specific to our online services. Without limitation, Californians that visit our online Services and seek to acquire goods, services, money or credit for personal, family or household purposes are entitled to the following notices of their rights:
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites who are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected] or write us at:
Cintas Corporation
Chief Compliance Officer
6800 Cintas Boulevard
Mason, Ohio 45040
You must put the statement “Shine the Light Request” in the body of your correspondence. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. This right is different than, and in addition to, CCPA rights, and must be requested separately. We will not accept Shine the Light requests by telephone or by fax, and are not responsible for requests not labeled or sent properly, or that are incomplete.
VI. CHANGES TO OUR PRIVACY NOTICE
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this Notice, we will post the updated notice on our Websites and update the notice’s “last updated” date. In some cases, we may provide additional notice by adding a statement to our Websites or sending you a notification by email or through a Website portal.
VII. DE-IDENTIFIED INFORMATION
Where we maintain or use de-identified information, we will continue to maintain and use the de-identified information only in a de-identified fashion and will not attempt to re-identify the information.
VIII. CONTACT INFORMATION
If you have any questions or comments about this notice, the ways in which Cintas collects and uses your personal data described here and in our General Privacy Notice, your choices and rights regarding such use, or wish to exercise your rights under State Law, please do not hesitate to contact us at:
- Phone: 1-844-378-7411
- Website: Cintas.com
- Email: [email protected]
Postal Address:
Cintas Corporation
Chief Compliance Officer
6800 Cintas Boulevard
Mason, Ohio 45040