Juul Labs, INC.

Corporate Websites Privacy Policy

Effective Date: June 5, 2024

This privacy notice (“Corporate Privacy Notice”) applies to personal information processed by Juul Labs, Inc. (“Juul Labs,” “we,” “us,” or “our”) when engaging with us on our corporate websites including www.juullabs.com, www.juullabsretailer.com, or www.juullabsscience.com (collectively, the “Corporate Sites”), or other online informational offerings owned or operated by Juul Labs (collectively, the “Services”). Our Corporate Privacy Notice is designed to help you understand how we collect, use, process, and share your personal information when you engage with us through the Corporate Sites and to help you understand and exercise your privacy rights.

As used in this Corporate Privacy Notice, “personal information” has the meaning given to it under the law where you live, but typically refers to information that can be used to identify you as an individual; meanwhile our activities taken with respect to your personal information are referred to as “processing.”  For residents of California and other US states with specific privacy rights, additional disclosures are available below.

You can also download a copy of the policy.

  1. SCOPE

    This Corporate Privacy Notice only applies to the Corporate Sites. Our Corporate Sites provide information about our work to offer adult smokers an alternative to combustible cigarettes and, in so doing, reduce the harm associated with tobacco. The Corporate Sites also provide information about, and our Services support, our work to combat the serious problem of underage use of vapor products directly, and through our authorized retailers.

    We have an independent, age-restricted website through which we offer our products to eligible adult smokers and other users (the “E-Commerce Site”). This Corporate Privacy Notice only describes the personal information we collect and process through the Corporate Sites; the data practices of our E-Commerce Site are described by the E-Commerce Site’s Privacy Policy.

    We may post job openings and opportunities on our Services. If you reply to one of these postings by submitting your application, resume, cover letter, or other expression of interest, we will collect and use your information to assess your qualifications and potential employment pursuant to the terms of the Worker and Applicant Privacy Notice, not this Corporate Privacy Notice.

    Changes to our Corporate Privacy Notice. We may revise this Corporate Privacy Notice from time to time in our sole discretion. If there are any material changes to this Corporate Privacy Notice, we will notify you as required by applicable law, such as by sending you an email or announcing the change to policy on our Services. If you continue to use the Corporate Sites after the new Corporate Privacy Notice takes effect, we will assume you have read and acknowledged the new terms.

  2. PERSONAL INFORMATION WE COLLECT

    The categories of personal information we collect depends on how you interact with us, our Corporate Sites, and the requirements of applicable law. We collect information that you provide to us directly, information we obtain automatically when you use our Services, and information from other sources as described below.

    Information You Provide to Us

    • Communications with Us.We collect personal information from you such as name and email address when you request information or register for ongoing communication from us, such as when you: inquire about our corporate initiatives; request retailer or technical support; report unlawful or inappropriate sale or use of our products; report a potential issue, concern, or complaint related to an adverse experience potentially related to the use of our products (an “Adverse Experience”); use other communication tools we may offer through the Services (such as a chatbot), or otherwise communicate with us.
    • Information Related to Research. We are committed to supporting scientific research through our Investigator Initiated Research Program (“IIR Program”). Researchers may choose to provide personal information through the IIR Program including name, credentials, organization, phone number, email address, written agreement, research study, and any other information you submit to us when you submit a research proposal, participate as an investigator in the IIR Program, communicate with us about the IIR Program, or participate as a member of an institution engaged in IIR research. We use this information to run and manage the IIR Program, as well as to communicate directly with you about the IIR Program.
    • Social Media Content. Juul Labs maintains a social media presence for corporate communications. Any content or personal information you provide on these channels will be considered “public” and subject to the privacy policies and other terms of the social media platform provider.
    • Business Development and Strategic Partnerships.We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.

    Policy Regarding Cookies and Similar Technologies

    • Automatic Collection of Personal Information. We may collect certain information automatically when you use our Services, such as your Internet protocol (IP) address, user settings, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, location information (including approximate city-level location derived from IP address), and Internet service provider. We may also automatically collect information regarding your use of our Services, such as pages that you visit before, during and after using our Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services.
    • Cookies and Other Technologies. We, as well as third parties that provide content, analytics, or other functionality on our Services, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect information through your use of our Services.
      • Cookies. Cookies are small text files placed in device browsers that store preferences and facilitate and enhance your experience.
      • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in our Services that collects information about engagement on our Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

    Our uses of these Technologies fall into the following general categories:

    • Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity, improve security, or allow you to make use of functionalities available through our Services;
    • PerformanceRelated. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how individuals use our Services;
    • FunctionalityRelated. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services;
      • Analytics. We may use Technologies and other third-party tools to process analytics information on our Services. These Technologies allow us to better understand how our digital Services are used and to continually improve and personalize our Services. One of our analytics partners is Google Analytics. For more information about how Google uses your personal information (including for its own purposes, e.g., for profiling or linking it to other data), please visit Google Analytics’ Corporate Privacy Notice. To learn more about how to opt-out of Google Analytics’ use of your information, please click here.
    • Social Media Platforms. Our Services may contain social media buttons that link to social media platforms. Those social media buttons may include widgets such as the “share this” button or other interactive mini programs. These features may collect personal information such as your IP address and which page you are visiting on our Services and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policies of the companies providing them.
    • Online Verification Providers.We may use third-party services across the Corporate Site to mitigate brute force logins as a means of spam protection. For example, when you fill in certain forms, our service providers may evaluate various information (e.g., IP address, how long the visitor has been on the app, mouse movements) to detect if the activity is from an automated program instead of a human. We retain this data via our service provider for use in spam mitigation.

    Other Sources

    Third-Party Services and Sources. We may obtain personal information about you from other sources, including through third-party services and organizations.  For example, if you access our Services through a social networking site, we may collect personal information about you from that third-party application that you have made available via your privacy settings. If you are a research professional who has submitted a proposal to our IIR Program, we may collect or validate personal information if and as applicable, such as your institutional affiliation, license information, past publications, and other due diligence related information from various sources.

  3. HOW WE USE YOUR PERSONAL INFORMATION

    We use your personal information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market our products and Services, as described below.

    Provide Our Services.

    We use your information to fulfil our contract with you and provide you with our Services, such as:

    • Managing your information and associated profile or account(s) if applicable (e.g., as a retailer or scientific contributor);
    • Providing access to certain areas, functionalities, and features of our Services;
    • Answering requests for support;
    • Communicating with you about your activities on our Services or changes to our policies;
    • Undertaking activities to verify or maintain the quality or safety of our Services; and
    • Allowing you to register for events (e.g., an industry associated event).

    Administrative and Business Purposes.

     We use your information for various administrative purposes, such as:

    • Pursuing our legitimate interests such as research, and development (including marketing research), network and information security, and fraud prevention;
    • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
    • Measuring interest and engagement in our Services;
    • Short-term, transient use, such as contextual customization of ads;
    • Improving, upgrading, or enhancing our Services;
    • Developing new products and services;
    • Ensuring internal quality control and safety;
    • Authenticating and verifying individual identities, including requests to exercise your rights under this Corporate Privacy Notice;
    • Analyzing information, including Adverse Experiences reported to, or discovered by us required to meet our compliance obligations;
    • Debugging to identify and repair errors with our Services;
    • Auditing relating to interactions, transactions, and other compliance activities;
    • Disclosing personal information with third parties as needed to provide the Services;
    • Performing services on behalf of the business, including maintaining or servicing distributor accounts, providing analytic services, providing storage, or providing similar services on behalf of the business;
    • Enforcing our agreements and policies;
    • Supporting industry initiatives, symposia, conferences, and scientific, educational, and volunteer events related to our customers or our business;
    • Carrying out activities that are required to comply with our legal obligations, and
    • For other legitimate business purposes as permitted by law.

    With Your Consent

    We may use your personal information for other purposes that are clearly disclosed to you at the time and in the context that you may choose to share it with us, as requested by you, at your direction or otherwise with your consent.

    Other Purposes

    We also use your personal information for other purposes as permitted by applicable law, including to create de-identified and/or aggregated analyses.

  4. HOW WE DISCLOSE YOUR PERSONAL INFORMATION

    We may disclose your personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

    To Provide our Services

    We may share your personal information with our third-party service providers and vendors that assist us with the provision of our Services. This includes service providers and vendors that provide us with IT support, business analytics, hosting, customer service, and related services. We may also share your information with third parties as appropriate and permitted by law. The privacy choices you may have about your personal information are determined by applicable law and as described in the Your Privacy Choices and Rights section below.

    To Protect Ourselves or Others

    We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

    In the Event of Merger, Sale, or Other Asset Transfers

    If we are involved in an actual or proposed merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another commercial entity, your information may be disclosed, sold, or transferred as part of such a transaction, as permitted by law and/or contract.

  5. YOUR PRIVACY CHOICES AND RIGHTS

    Your Privacy Choices

    The privacy choices you may have about your personal information are determined by applicable law and described below.

    • Email Communications. If you receive an unwanted email from us, you can use the ‘unsubscribe’ link found at the bottom of the email to opt out of receiving future emails. Note you will not be able to opt out of communications regarding our Services, updates to legal terms or this Corporate Privacy Notice.
    • Cookies and Other Tracking Technologies. You can control our use of certain cookies and Technologies in the following ways:
      • Cookie Controls. You may decline all, or select the types of non-necessary Technologies that apply to your use of our Services by managing your preferences at any time by clicking Change Cookie Preferences on the Corporate Site you are visiting.
      • Browser Controls. You may stop or restrict the placement of certain Technologies in your browser or remove them by adjusting your preferences as your browser permits. These tools are generally available in the help section of browsers. You can also use the quick links, based on the browser type that you are using including Internet Explorer, Google Chrome, Firefox, and Safari.
    • Do Not Track” / “Global Privacy Control.” You may exercise your opt-out right by broadcasting an opt-out preference signal, called the Global Privacy Control (“GPC”) (on the browsers and/or browser extensions that support such a signal). You can learn more about the GPC here. Please note that your request to opt-out of sale/sharing will be linked to your browser identifier only. If you use a different computer or Internet browser to access the Corporate Sites, you will need to renew your opt-out request. Note that while we honor the GPC, we do not listen for or respond to older, Do Not Track (“DNT”) technologies that users may set in certain web browsers. (Note you must turn the GPC signal on for each supported browser or browser extension you use to connect with our Services.)

    Your Privacy Rights

    The privacy rights you may have about your personal information are determined by applicable law and described below.

    • Obtain Access to and Portability of Your Personal Information, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information including specific pieces of personal information; and (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine readable format (also known as the “right of data portability”);
    • Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;
    • Request Deletion of your personal information;
    • Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing and will not affect the lawfulness of processing before the withdrawal, and
    • Request Restriction of or Object to our processing of your personal information depending on the legal rights of your jurisdiction. For example, depending on where you live, you might have the right to opt out of (i) the sale or sharing of your personal information, (ii) our use or disclosure of your sensitive personal information, and/or (iii) the processing of your personal information for purposes of (a) targeted advertising, and (b) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

    If you would like to exercise any of these rights, please Contact Us at any time, or as otherwise instructed in the additional privacy notices provided at the time we collect your personal information. We will process such requests in accordance with applicable laws and will not discriminate or retaliate against you for the exercise of any of these rights. For additional rights applicable to residents of certain US states, please refer to the disclosures below.

  6. SECURITY OF YOUR INFORMATION

    We take steps to ensure that your information is treated securely and in accordance with this Corporate Privacy Notice. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of your personal information.  By using our Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically, for example by posting a notice on our Services, by mail, or by sending an email to you.

  7. INTERNATIONAL DATA TRANSFERS

    All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.

  8. RETENTION OF PERSONAL INFORMATION

    We store the personal information we collect as described in this Corporate Privacy Notice for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws, or based upon other criteria, including, but not limited to, the sensitivity and volume of such data.  Additionally, we endeavor to retain all such personal information in accordance with legal requirements.

  9. PROTECTION OF INDIVIDUALS UNDER THE AGE OF 21

    The Services are not directed to minors (or any individual under the age of 21), are designed to discourage individuals under 21 from engaging with our Services and from accessing the Corporate Sites, and we do not knowingly collect personal information from, or otherwise interact with, individuals under the age of 21.

    Protecting minors is important to us. If you are a parent or guardian and believe your child has submitted personal information through the Corporate Sites without your consent, and you wish to have that information modified or deleted, or you may Contact Us at any time as set forth below. If we become aware that an underage individual has provided us with personal information in violation of our policies, compliance obligations or applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it.

  10. OTHER WEBSITES/APPLICATIONS

    The Corporate Sites may contain links to other Juul Labs websites or terms which govern those sites or activities. In addition, the Corporate Sites may link to, or be referenced by websites/applications that are operated by third parties and not controlled by us. We encourage you to read the privacy policy of each website or application you visit. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of any third-party website or application. Providing personal information to third-party websites or applications is at your own risk.

  11. CONTACT US

    Juul Labs is the controller of the personal information we process under this Corporate Privacy Notice. If you have any questions about our privacy practices or this Corporate Privacy Notice, or to exercise your rights as detailed in this Corporate Privacy Notice, please:

    Make an online request by visiting our Privacy Portal

    Email us at dataprivacy@juul.com

    Call us at 1-855-509-5885

    Write to us at:

    Juul Labs, Inc.
    Attn: Chief Compliance Officer
    1000 F Street NW
    Washington, DC 20004

  12. NOTICE AT COLLECTION AND SUPPLEMENTAL NOTICE FOR RESIDENTS OF CERTAIN U.S. STATES

    This Notice at Collection and Supplemental Notice is for residents of states that have adopted comprehensive privacy legislation and others that may come into effect from time to time (collectively, “Applicable State Laws”).

    Personal Information we Collect and Share

    As more fully described in the section titled Personal Information We Collect, the sources from which we collect personal information include directly from you when you interact with us, automatically from you when you use our sites and Services (for example through cookies and other Technologies), from third parties (for example, from third-party referrals).

    Depending on how you use our Services, the information we may have collected about you, as well as the categories of third parties with whom we have shared this information, are described in the table below.

    Category of Personal Information Collected by Juul Labs Category of Third Parties to Whom Personal Information May Disclosed for a Business Purpose Category of Third Parties with Whom Personal Information May be Shared
    Identifiers.
    For example, real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
    • Service providers

     

    • Data analytics providers
    Personal information categories
    For example, name, address, telephone number or professional information.
    • Service providers
    • Affiliates

     

     
    Internet or other electronic network activity
    For example, browsing history, search history, information on a consumer’s interaction with an internet website, application, or advertisement.
    • Service providers
    • Advertising networks
    • Data analytics providers
    • Data analytics providers
    Sensitive personal information
    Any information concerning a consumer’s health, medical history, physical or mental condition or treatment.
    • Service providers
    • Government entities
     
    Sensory data
    Audio or similar information.
    • Service providers
    • Affiliates
     

     Use of Personal Information

    We may use or disclose the personal information we collect for the purposes outlined in Use of Information above. Where required under applicable law, we will not collect additional categories of personal information or use the personal information we have collected for materially different, unrelated, or incompatible purposes without first providing you notice.

    Sales/Sharing of Personal Information

    For purposes of certain laws, Juul Labs does not “sell” personal information, nor do we have actual knowledge of any sale of personal information as the term “sell” is commonly understood. We may share information with third parties for the purpose of analyzing traffic on the Corporate Sites as described above. You may limit such sharing by adjusting your browser settings to send a GPC signal, or by Contacting Us.

    Retention of Personal Information

    We store the personal information we collect as described in our Corporate Privacy Notice for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, enforce our agreements, and comply with applicable laws, or based upon other criteria, including, but not limited to, the sensitivity and volume of such data.  We endeavor to retain all such personal information in accordance with legal requirements.

    Additional Privacy Rights for Residents of Certain States

    • Non-Discrimination. Residents of certain states have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by applicable law.
    • Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To authorize an agent, provide written authorization signed by you and your designated agent and Contact Us for additional instructions.
    • Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, or to answer questions regarding your account and use of our Services.
    • De-Identified Information. If we create or receive de-identified information, we will not attempt to reidentify such information, except to comply with applicable law.