Effective Date: December 15, 2013, revised November 5, 2015, August 31, 2016, November 16, 2016, January 17, 2017, January 30, 2018, September 6, 2019, December 23, 2019, July 14, 2022, January 1, 2023, May 30, 2023, October 23, 2023, December 6, 2023, July 25, 2024.
To learn more about the way we use your data for interest-based advertising and share your geolocation data with third party advertisers, please see Section 5, Interest-Based Advertising.
BUFFALO BILLS, LLC PRIVACY POLICY
NFL Enterprises LLC, the National Football League, the League's thirty-two member clubs ("Member Clubs"), and the other members of the NFL Family (collectively, "NFL," "we," "our," "us") respect your privacy and value your trust and confidence. This privacy notice (the "Privacy Notice") applies to our websites, mobile applications, and other offline or online and mobile services that link to or post this Privacy Notice (collectively, the "Services"), and explains how we collect, use, and disclose information through the Services.
It is our policy to comply with applicable privacy laws and data protection laws, and so our privacy practices may vary depending on where you live. Please see the region-specific disclosures and applicable supplemental notices for more information relevant to data collected in certain regions and by individual member clubs. By using the Services, you acknowledge that you have read and understood the terms of this Privacy Notice. Please note that this Privacy Notice does not apply to information collected in employment or job applicant contexts. For information about data handling practices in these contexts, please refer to the applicable privacy notices or seek more information from the relevant NFL entity. Likewise, this Privacy Notice may not apply when we collect information from you in other contexts, such as when you buy or use products or services that link to a separate privacy notice instead of this Privacy Notice. For example, this Privacy Notice does not apply to the NFL Credential Card Program, which is governed by a separate Stadium and Event Credentialing Privacy Policy.
Please also note that in some instances, we may direct you to a site or page that is operated by one of our partners or use framing techniques to serve you content from partners while preserving the look and feel of our website. Even though the page where you provide information may have the look and feel of the Services, a different privacy policy may govern that information collection by such partners.
- 1. Information Collection
- 2. Use of Information
- 3. Disclosure of Information
- 4. Cookies and Similar Technologies
- 5. Interest-Based Advertising
- 6. Social Networking
- 7. Links to Other Websites
- 8. Data Security and Data Integrity
- 9. Data Transfers
- 10. Data Retention
- 11. Children's Privacy
- 12. Communications Preferences and Other Choices
- 13. Data Subject Rights
- 14. NFL Events
- 15. Changes To This Privacy Notice
- 16. Contact Us
- 17. California Users
- 18. International Users
- 19. Supplemental Notice for Buffalo Bills
1. Information Collection
Information Provided by You
We may collect some or all of the following types of information, some of which may be considered sensitive information, including when you register with us, use our Services, sign up for contests or sweepstakes, participate in surveys, create a profile, access various content or features, submit comments or content, use a send-to-a-friend feature, attend events, or directly contact us with questions or feedback:
- Identifiers, such as contact information, such as name, e-mail address, postal address, telephone number, and date of birth;
- Other unique identifiers, such as a username or password, and, where appropriate, other identifiers such as Social Security Numbers and government-issued identifiers. For example, we may need to collect these identifiers to award you certain types of prizes under relevant laws;
- Demographic information, which may include gender, race, ethnicity, and sexual orientation, and other protected classifications under relevant state or federal law;
- Financial and commercial information, such as credit card or other payment information and records of products or services purchased;
- Real-time geolocation information, which may include precise geolocation information;
- Communications and marketing preferences;
- Favorite team and inferences about you and your personal preferences;
- Audio, electronic, or visual information, such as photographs that you provide to us;
- Biometric information, such as when you elect to use biometric authentication at stadiums that offer this functionality for entry or other relevant functionality governed by this Privacy Notice. Where required by law, we collect this information pursuant to your consent and may provide additional notice about relevant data handling practices;
- Information about your contacts, such as name and email address, when you share that information with us. If you authorize us to access your contacts, calendar, or photos, we may also collect that information to provide you with relevant functionality;
- Search queries;
- Comments and other information posted in our interactive online forums;
- Professional and employment information;
- Education information;
- Information that could be considered health information, such as when you purchase accessible seating;
- Correspondence, waivers or acceptances and other information that you send to us; and
- Additional information as otherwise described to you in this Privacy Notice, at the point of collection, or pursuant to your consent.
If you decide not to provide this information, it may limit our ability to provide the Services or some of our content.
Information We Collect Automatically
We also may collect internet and electronic network activity information, device identifiers, and information about your use of the Services automatically when you visit or use the Services, including:
- Your Internet Protocol ("IP") address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area;
- Your Media Access Control ("MAC") address, which is a unique identifier assigned to a network interface controller;
- Your device type or mobile carrier;
- Other unique identifiers, including mobile device identification numbers and advertising identifiers (e.g., IDFA);
- Your browser type and operating system;
- Sites and apps you visited before and after visiting, or while using, the Services;
- Pages you view and links you click on within the Services;
- Information collected through cookies, web beacons, Local Shared Objects, and other technologies, as described further below;
- Information about your interactions with e-mail messages, such as the links clicked on and whether the messages were received, opened, or forwarded;
- If you link your social media account to your NFL account, information from those social media accounts in accordance with your settings on the social platform and their privacy policy;
- App usage information, including how often you use our application, the events that occur within the application, usage, and performance data, and where the application was downloaded from;
- Other Standard Server Log Information;
- Standard Network Traffic Information, when you are connected to an NFL stadium's Wi-Fi network; and
- We may also collect audio, electronic, or visual information from you automatically, such as information collected from CCTV cameras and when we film or photograph you in a public location at an NFL Event, as described further here.
Information We Collect from Other Sources
In addition to information we receive from you and collect automatically, we may receive information about you from other members of the NFL Family and from other sources, such as your friends, social networks, publicly available sources, data brokers, advertising partners, and our business partners and sponsors, including to facilitate co-branded programs. We may combine this data with information we already have about you, including to create inferences about you and your personal preferences.
2. Use of Information
We may use information that we collect about you for a variety of purposes, including to:
- Provide you with products, promotions, services, newsletters, and information you request and respond to correspondence that we receive from you, including, where relevant, to facilitate your purchases (e.g., to process returns or streamline the checkout process);
- Contact you about your account or relationship with us;
- Customize and personalize your experience on the Services and to better serve you with offers and content that we think may be of interest to you, such as by providing you with targeted advertising both on and off the Services. For more information on how we use cookies and similar technologies for advertising, please see Cookies and Similar Technologies. For more information about Interest-Based Advertising, please see Section 5, Interest-Based Advertising;
- Communicate with you about products, services, contests, and events that we think might be of interest to you, and otherwise send you promotional material or special offers on our behalf or on behalf of our marketing partners, their respective affiliates or subsidiaries, and other third parties. We will obtain your consent to send such communications to the extent required by law;
- Maintain or administer the Services (e.g., to maintain the security and integrity of the Services), perform business analyses, create aggregated or anonymized information that no longer identifies you and therefore is no longer subject to this Privacy Notice, or for other internal purposes to improve the quality of our business, the Services, and other products and services we offer, such as internal administrative purposes or to manage our relationships;
- Publish stories, comments, photos, and other information posted in our interactive online features;
- In the case of location information, for example, to determine your market location for purposes of administering broadcast restrictions for live games or other events, to validate your location to geo-gate certain features or information, to locate a place that you may be searching for in your area, for determining teams and offers in which you may have an interest and providing you with information or relevant advertising based on where you are located. For more information about how we use location data in connection with advertising, please see Section 5, Interest-Based Advertising;
- In the case of Social Security Numbers, for example, for tax purposes when administering prizes to certain contest winners;
- Protect the health and safety of our guests, personnel, and the public;
- Protect or enforce the legal and contractual rights, safety, and security of the NFL and NFL stadiums, enforce applicable agreements with you or others, and prevent fraud; and
- As otherwise described to you in this Privacy Notice, at the point of collection, or pursuant to your consent.
3. Disclosure of Information
We may disclose each of the categories of personal information described above with others for the purposes described above, including as follows:
- Authorized Third Parties and Service Providers: We may disclose your information to third-party vendors and service providers that perform certain functions or services on our behalf (such as to host the Services, fulfill orders, provide products and services, manage databases, perform analyses, process credit card payments, provide customer service, or send communications for us).
- Within the NFL Family: We may disclose your information to all members of the NFL Family, including, without limitation, the subsidiaries and affiliates of the National Football League (e.g., NFL Properties LLC, NFL International LLC, NFL Enterprises LLC, NFL Ventures, L.P., and NFL Ventures, Inc.) and to the subsidiaries and affiliates of the Member Clubs. For example, we may disclose your information to Member Clubs with whom you have interacted, such as where you have indicated a preference for one or more Member Clubs or when you attend or purchase a ticket for an event sponsored by a particular Member Club. These Member Clubs may disclose your information to other companies under common control with a Member Club that may be subject to separate privacy policies, including so that they may directly offer you products, services, contest, and events that may be of interest to you and send you promotional material or offers that may be of interest to you.
- Select Business Partners: We may disclose your information to select business partners so that they can provide you with special offers, promotional materials, and other materials that may be of interest to you. For example, we may disclose your information to our co-brand partners when you choose to be involved in those programs, such as when you enter contests or sweepstakes that are conducted with those business partners. We are not responsible for the privacy practices of our business partners, and we urge you to review their privacy notices for more detail on how they might process your information and for information about how to exercise your marketing and other choices with such partners.
- Third-Party Advertising and Audience and Traffic Measurement Services: We use third party advertising, analytics, and measurement partners to serve you advertisements on the Services as well as across other sites and services. For information about how we may disclose your information to third parties in connection with advertising, please see Section 5, Interest-Based Advertising. These third parties may set their own cookies or similar web technologies on the Services and elsewhere online that enables them to collect information about users' online activities over time and across different websites.
- Business Transfer: If we sell all or part of our business, or make a sale or transfer of assets, or are otherwise involved in a merger or business transfer, or in the unlikely event of bankruptcy, a business reorganization, or similar event, we may transfer your information as part of such transaction.
- Administrative or Legal Process: We may disclose your information to third parties in order to protect the legal rights, safety, and security of the NFL, our corporate affiliates, subsidiaries, business partners, and the users of our Services; enforce our terms of use and other agreements; respond to and resolve claims or complaints; prevent fraud or for risk management purposes; and comply with or respond to law enforcement or legal process or a request for cooperation by a government or other entity, whether or not legally required.
- Other Parties With Your Consent: We may disclose information to third parties or the public when you consent to such sharing. For example, if you win a contest or sweepstakes, we may ask your permission to publicly post certain information on the Services identifying you as the winner.
- Aggregate Information: We may disclose aggregate information, such as demographics and usage statistics, to advertisers, sponsors, or other organizations.
- Geolocation Information: We may disclose your geolocation information to service providers that perform certain functions or services on our behalf. We also may disclose your geolocation information to third parties so that they may provide you with geographically relevant advertising;
- If you wish to stop the further collection of your geolocation information, please opt out using your device settings. Turning off access to geolocation and precise geolocation data may disable or interfere with certain functionality or services.
- For Android users, please see the following link for instructions on how to opt-out of or withdraw consent to geolocation data collection from your settings https://support.google.com/accounts/answer/6179507?hl=en.
- For iOS users, please see the following link for instructions on how to opt-out of or withdraw consent to geolocation data collection from your settings https://support.apple.com/en-us/HT207092
- For more information and to learn about your options with regard to the use of geolocation information for interest-based advertising, please see Section 5, Interest-Based Advertising.
Please also note that if you choose to engage in public activities on the Services, such as through interactive features like a chat room, forum, blog, or other community tool, you should be aware that the information you share there will be publicly available and can be read, collected, or used by other users of these features. You may receive unsolicited messages from other parties. We cannot ensure that parties who have access to such information will respect your privacy. Please exercise caution when using these features.
4. Cookies and Similar Technologies
We, service providers acting on our behalf and third parties, such as advertising partners, use cookies and similar technologies such as beacons, tags, HTML5 local storage, and scripts, to collect information from your browser or device. By using the Services, you acknowledge the use of cookies and similar technologies on the Services, although we have certain cookie-related choices described below and, where required by law, we seek your additional consent for certain categories of cookies.
The following types of cookies and similar technologies are used on our Services:
- Strictly necessary cookies and technologies: These are necessary for the Services to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for Services, such as setting your privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about certain of these cookies, but some parts of the Services will not then work.
- Functional cookies and technologies: These enable the Services to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you disable functional cookies then some or all of these services may not function properly.
- Performance cookies and technologies: These allow us to count visits and traffic sources so we can measure and improve the performance of our Services. They help us to know which pages are the most and least popular and see how visitors move around the Services. If you disable performance cookies we will not know when you have visited our Services, and will not be able to monitor its performance.
- Targeting cookies: We partner with third party advertisers to serve and display advertising on the Services and elsewhere online across different sites and services. As described directly below under Section 5, Interest-Based Advertising, these partners may use cookies and other similar technologies to collect information about your activities across different websites and services to build a profile of your interests and provide you with relevant advertising. This is typically done based on uniquely identifying your browser and internet device. If you disable targeting cookies, you will experience less targeted advertising.
To disable optional cookies, (cookies other than those categorized as strictly necessary above), please utilize the Cookie Settings of the applicable website or navigate to Privacy Settings in applicable apps. Additional choices, including with respect to Interest-Based Advertising, are described below under Section 5, Interest-Based Advertising.
You also may be able to reject cookies and similar technologies through your browser settings. If you reject cookies through your browser settings, you may still use our Services, but your ability to use certain features may be limited.
5. Interest-Based Advertising
About Interest-Based Advertising
We partner with third party advertisers, as well as analytics and measurement partners, to serve and display advertising on the Services and elsewhere online across different sites and services.
These partners may use cookies and similar technologies on the Services and elsewhere online to collect and share information about your activities across different websites, mobile applications, and services to provide you with relevant advertising ("Interest-Based Advertising" or "IBA"). For example, we may conduct analysis on your behavior in order to provide you with Interest-Based Advertising both on and off the Services. We may also disclose non cookie-based information for advertising purposes, including for Interest-Based Advertising. For example, we may disclose information to social networking platforms, so that they may send tailored communications on our behalf via their platforms. To serve and display advertising relevant to your location, where permitted by law and depending on the Services you use, the Services may also track your device's precise geolocation by responding to beacons or inaudible signals sent to your device's microphone. This is typically done based on uniquely identifying your browser and internet device.
Opting Out of IBA
You can opt out of receiving some type of ads and third-party collection of data for IBA from your device across unaffiliated services by managing your preferences at https://youradchoices.com/control.
You can also manage third-party cookies that collect data from NFL-affiliated websites and mobile applications for Interest-Based Advertising by setting your preferences on the website, mobile application, or other service via "Privacy Settings" or "Cookie Settings."
Precise Geolocation Data for IBA
As noted previously and in accordance with local laws, we may disclose your geolocation information, including precise geolocation information, to service providers that perform certain functions or services on our behalf and to third parties so that they may provide you with geographically relevant advertising.
If you wish to stop the further collection of your geolocation information for IBA, please opt-out using your device settings, as noted below:
Opt-out or Withdraw Consent for Precise Geolocation Data for IBA
To opt out of the tracking of your device geolocation and/or precise geolocation data, please visit your device settings. Turning off access to geolocation and precise geolocation data may disable or interfere with certain functionality or services.
For Android users, please see the following link for instructions on how to opt-out of or withdraw consent to geolocation data collection from your settings https://support.google.com/accounts/answer/6179507?hl=en.
For iOS users, please see the following link for instructions on how to opt-out of or withdraw consent to geolocation data collection from your settings https://support.apple.com/en-us/HT207092
The NFL adheres to the Digital Advertising Alliance (DAA) Self-Regulatory Principles for Interest-Based Advertising.
6. Social Networking
The NFL works with certain third-party social media providers to offer you their social networking services through our Services. For example, you can use third-party social networking services to share information about your experience on our Services with your friends and followers on those social networking services. These social networking services may be able to collect information about you, including your activity on our Services. These third-party social networking services also may notify your friends, both on our Services and on the social networking services themselves, that you are a user of our Services or about your use of our Services, in accordance with applicable law and their own privacy policies. If you choose to access or make use of third-party social networking services, we may receive information about you that you have made available to those social networking services, including information about your contacts on those social networking services. Your interactions with those social networking services are governed by the privacy policy of the company providing the relevant service.
You also may be able to link an account from a social networking service (e.g., Facebook, Twitter, or Snapchat) to an account through our Services. This may allow you to use your credentials from the other site or service to sign into certain features on our Services. If you link your account from a third-party site or service, we may collect information from those third-party accounts, and any information that we collect will be governed by this Privacy Notice.
7. Links to Other Websites
The Services may contain links to other websites or online services that are operated and maintained by third parties and that are not under our control or maintained by us. Such links do not constitute an endorsement by us of those other websites, the content displayed therein, or the persons or entities associated therewith. This Privacy Notice does not apply to this third-party content. We encourage you to review the privacy policies of these third-party websites or services.
8. Data Security and Data Integrity
The security and confidentiality of your personal information is very important to the NFL. We have implemented technical and organizational safeguards designed to appropriately protect your personal information against accidental, unauthorized, or unlawful access, use, loss, destruction, or damage. Still, no system can be guaranteed to be 100% secure.
As a result, while we strive to protect your information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to the Services and cannot be responsible for the theft, destruction, or inadvertent disclosure of your information.
9. Data Transfers
When we transfer your personal information to third parties as described in this Privacy Notice, some of these parties may be located in countries other than your own, such as the United States, whose privacy and data protection laws may not be equivalent to those in your country of residence. When we transfer your personal information to other countries, we apply appropriate safeguards, to protect your information in accordance with applicable laws. For example, some NFL entities implement measures such as standard data protection contractual clauses to ensure that any transferred personal information remains protected and secure. A copy of these clauses can be obtained by emailing [email protected]. If you would like to know more about the processing of your personal information and whether your personal information is transferred to a third country, please contact us using any of the methods described in Contact Us.
10. Data Retention
We will retain your information for as long as reasonably necessary for the purposes set out above, considering criteria such as applicable rules on statute of limitations, any legal requirements to retain your personal information in light of compliance obligations, any relevant litigation or regulatory investigations and to enable the NFL to defend or bring potential legal claims, the sensitivity of the relevant information, and the duration of your use of the Services.
11. Children's Privacy
We do not knowingly collect personal information from children as defined by local law. If we learn that a child has provided us with personal information, we will delete it or otherwise comply with applicable law.
12. Communications Preferences and Other Choices
You may choose to receive promotional emails, text messages, newsletters, push notifications, and similar communications from us. You may opt out of receiving commercial emails from the applicable Member Club or other members of the NFL Family by clicking on the opt-out or "unsubscribe" link included in the commercial emails you receive. You may opt out of receiving marketing text messages from the applicable Member Club or other member of the NFL Family by replying "STOP." You may also opt out of receiving push notifications by turning off push notifications through your device settings.
If you have multiple accounts or relationships with different Member Clubs or other NFL entities, you may need to opt out separately for each account and relationship in relation to these choices. In addition, if you would like to opt out of receiving push notifications on all of your devices, you must turn off the feature on each device.
Please note that opt-out requests may take some time to be effective where permitted by applicable law. Your opt-out requests will not apply to messages that you request or that are not commercial in nature. For example, we may contact you concerning any purchases you have made with us, even if you opt out of receiving unsolicited commercial email messages.
Certain of our Services may feature Nielsen proprietary measurement software, which will allow users to contribute to market research, such as Nielsen TV Ratings. Nielsen believes that you should have a choice about whether to contribute to our research and insights. To learn more about Nielsen measurement and your choices, including how to opt out, please visit http://www.nielsen.com/digitalprivacy.
You may also have choices available to you to opt out of the collection of your geolocation information, whether collected through location services, Bluetooth, or microphone access technology. Where collected, this information may be used in accordance with local laws to serve and display advertising relevant to your location. To understand your choices and opt out if desired, please visit your device settings.
13. Data Subject Rights
Certain states in the United States and other international jurisdictions grant certain rights with respect to personal information. Depending on where you reside and in accordance with applicable law, you may be afforded the following rights:
- Access to your personal information in a portable format, or other information about our data processing practices.
- To delete the personal information the NFL has collected about you.
- To correct inaccurate personal information we have collected about you.
- To object to or request the restriction of processing of your personal information.
- To withdraw your consent.
To exercise your access, deletion, and correction rights, please submit your request by visiting our Data Subject Request Portal. If you would like to object to, or request the restriction of, processing of your personal information, withdraw your consent, or if you are otherwise not able to submit a request via the portal above, you can contact the NFL by filling out an inquiry here.
You may also be afforded, depending on where you reside and in accordance with applicable law, certain rights relating to the collection, use, and disclosure of your sensitive personal information.
- Where applicable, you may exercise the right to limit certain uses and disclosures of your sensitive personal information by clicking the "Your Privacy Choices" link at the footer of our sites or by clicking here.
- Where applicable, you may also withdraw your consent with respect to your sensitive personal information by submitting an inquiry here. You may also withdraw your consent with respect to precise geolocation information using your device settings, as discussed above.
Please note that we may still maintain, use, and disclose your sensitive personal information for certain purposes, such as to provide you with services that you have requested, protect the safety and security of services, and comply with our legal obligations.
Depending on the jurisdiction in which you reside, you may also be afforded the right to opt out of the sale, sharing, or processing of your personal information for purposes of serving you advertisements based on your activity across other sites and services ("cross-context behavioral advertising" or "targeted advertising"). You may exercise these opt-out choices with respect to your cookie-based personal information by visiting "Privacy Settings" in applicable apps or the "Cookie Settings" link in the footer of applicable websites and toggling off Selling, Sharing, Targeted Advertising cookies. You may also exercise these opt-out choices with respect to your non-cookie-based personal information by clicking the "Your Privacy Choices" link in the footer of applicable sites.
Global Privacy Control and "Do Not Track" Signals: Our websites also support the Global Privacy Control ("GPC"), which is a browser-based opt-out preference signal that can communicate your state law opt-out requests to the websites you visit. For more information on how the GPC works, visit their website here. Because the GPC is browser-based, note that your choices will be tied to online data that is associated with your browser, and you should enable the signal separately for each browser and/or device from which you would like to be opted out. Our websites do not support "do-not-track" signals, as there is no industry standard concerning what, if anything, websites should do when they receive such signals.
Note that we do not knowingly sell or share for cross-context behavioral advertising the personal information of consumers under 16 years of age.
We will not discriminate against you for exercising your rights and choices, although some of the functionality and features available to you may change or no longer be available to you. We may verify certain types of requests by requesting information sufficient to confirm your identity. Authorized agents may exercise rights on your behalf using the same mechanisms described herein, but we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid authority to submit requests to exercise rights on your behalf.
We reserve the right to deny requests as allowed by applicable law, such as where we have a reasonable belief that the request is fraudulent, where your identity cannot be confirmed, or where the NFL must retain your information consistent with applicable law. You can, however, appeal those requests that we deny by submitting a request here.
14. NFL Events
Information When You Attend An NFL Event: When you attend an NFL-event or NFL co-hosted event, including NFL games at an NFL stadium or at a third party stadium or other NFL fan events (including events at which a fan mobile pass is utilized) ("NFL Event"), we may capture your image, voice and/or likeness, including through the use of CCTV cameras and/or when we film or photograph you in a public location at an NFL Event. You should therefore expect to be filmed or photographed by CCTV and/or by cameras when you are in a public location at an NFL Event (e.g., as an audience-member in the stadium if you are attending a game). In addition to describing how we capture and use your image, voice and/or likeness in this Privacy Notice, we may also display signs at any NFL Event indicating that you may be filmed or photographed.
We may use your personal information collected at an NFL Event:
- To produce, exhibit, advertise or otherwise use your image, voice, or likeness in any and all media now or existing in future as part of NFL's commercial, advertising and marketing activities; and
- In the case of images or footage captured on CCTV cameras, to ensure the safety of the venues hosting NFL Events and of individuals attending NFL Events.
Sharing your personal information from an NFL Event: We may disclose your personal information captured at an NFL Event with any of the entities set out in this Privacy Notice, as described in Disclosure of Information. Additionally, when you appear in a photograph or film footage at an NFL Event, we may disclose that photograph or film footage containing your image, voice, and/or likeness with our third-party partners. These partners include our sponsors, licensees, advertisers, and/or broadcasters. We will disclose the photographs or film footage containing your image, voice and/or likeness when it is in our legitimate business interests to do so. However, each of the third-party partners may use your personal information for their independent commercial purposes without reference to the NFL.
Please also note that broadcasters and other third parties that are unconnected to the NFL may be independently filming or photographing you when you attend an NFL Event. Although we only give permission to a small group of entities (such as certain broadcasters) to film or photograph NFL Events, these entities are separate data controllers in respect of your personal information, and the NFL is not responsible for how those parties use your personal information and for what purposes.
15. Changes To This Privacy Notice
We may update this Privacy Notice, including any supplemental privacy disclosures, to reflect changes to our information practices. If we make any material changes, we will notify you by email or by means of a notice on the Services prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
16. Contact Us
If you have any questions about this Privacy Notice or the privacy practices of the Services, please contact us by submitting an inquiry here or at the following address:
NFL Digital Media Group
345 Park Avenue
New York, NY 10154
Attn: Website Privacy Notice
For contact information for other members of the NFL Family, click here.
17. California Users
This section provides additional information with respect to personal information that is subject to the California Consumer Privacy Act ("CCPA"). This section should be read together with the rest of our Privacy Notice, which includes other important information about our handling of your personal information.
Some of the practices described may not be relevant to you, since the ways we collect, use, and disclose personal information vary based on our relationship with an individual. For information about our retention practices, please click here.
As described further in the Information We Collect section above, the categories of personal information we collect, and have collected in the prior 12 months, include:
- Identifiers;
- Other unique identifiers, such as where appropriate, Social Security Numbers and government-issued identifiers;
- Demographic information, which may include gender, race, ethnicity, and sexual orientation, and other protected classifications;
- Financial and commercial information;
- Real-time geolocation information, which may include precise geolocation information; communications and marketing preferences;
- Favorite team and inferences about you and your personal preferences; audio, electronic, or visual information;
- Biometric information;
- Information about your contacts and other information from your device;
- Search queries;
- Comments and other information posted in our interactive online forums;
- Professional and employment information;
- Education information;
- Information that could be considered health information;
- Correspondence, waivers or acceptances and other information that you send to us;
- Internet and electronic network activity information, device identifiers, and information about your use of the Services when you visit or use the Services; and
- Additional information as otherwise described to you in this Privacy Notice, at the point of collection, or pursuant to your consent.
As described further in the Use of Information section, we process, and have processed over the prior 12 months, personal information for the following business purposes:
- Provide you with products, promotions, services, newsletters, and information you request and respond to correspondence that we receive from you;
- Contact you about your account or relationship with us;
- Conduct analysis on your behavior in order to customize and personalize your use of the Services and to better serve you with offers and content that we think may be of interest to you;
- Communicate with you and otherwise send you promotional material or special offers on our behalf or on behalf of our marketing partners, their respective affiliates or subsidiaries, and other third parties;
- Maintain or administer the Services, perform business analyses, create aggregated or anonymized information that no longer identifies you and therefore is no longer subject to this Privacy Notice, or for other internal purposes;
- Publish stories, comments, photos, and other information posted in our interactive online features;
- In the case of location information, for example, to determine your market location for purposes of administering broadcast restrictions for live games or other events, to validate your location to geo-gate certain features or information, to locate a place that you may be searching for in your area, and for determining teams and offers in which you may have an interest and providing you with information or relevant advertising based on where you are located;
- In the case of Social Security Numbers, for example, for tax purposes when administering prizes to certain contest winners;
- Protect the health and safety of our guests, personnel, and the public; protect or enforce the legal and contractual rights, safety, and security of the NFL and NFL stadiums, enforce applicable agreements with you or others, and prevent fraud; and
- As otherwise described to you in this Privacy Notice, at the point of collection, or pursuant to your consent.
Depending on the nature of your relationship with us, and as described further in the Disclosure of Information section, we disclose, and have disclosed over the prior 12 months, each category of personal information to the following:
- Authorized third parties and service providers;
- Within the NFL family;
- Select business partners;
- Third-party advertising and audience and traffic measurement services; and
- Other partners, including as part of a business transfer; for administrative or legal process; or with your consent.
Please review the rest of this Privacy Policy for more information about the circumstances in which we sell or share personal information, such as internet and electronic network activity information, device identifiers, and other information about your use of the Services we collect automatically when you visit or use the Services, and to exercise your rights to opt out.
If you are a California resident and your personal information is subject to CCPA, then you have certain rights under California law. For more information about the rights you have and how to exercise these rights, please review the Data Subject Rights section above. In addition to those methods described in the Data Subject Rights section above, California residents may also exercise their rights under applicable law by calling 1-855-265-6894.
The metrics below include the aggregate number of requests from consumers to know, access or delete personal information received by the League for the calendar year 2023. These numbers do not include requests that did not state a valid initial request under California law.
- Requests to Access: 40 total requests were received; we complied with 18 in whole or in part and denied 5 requests as they were unverifiable or on other grounds.
- Requests to Delete: 403 total requests were received; we complied with 332 in whole or in part and denied 50 requests as they were unverifiable or on other grounds.
- Requests to Correct: 8 total requests were received; we complied with 6 in whole or in part and denied 2 requests as they were unverifiable or on other grounds.
- Requests to Not Sell: 1103 total requests were received; we complied with 10846 in whole or in part and denied 192 requests as they were unverifiable or on other grounds.
- Requests to Limit the use of Sensitive Personal Information or Withdrawn consent to use Sensitive Personal Information: 137 total requests were received; we complied with 126 in whole or in part and denied 5 requests as they were unverifiable or on other grounds.
Average number of days within which the NFL substantively responded to requests to access, delete, know, correct, do not sell/share, and limit the use of Sensitive Personal Information is 72 days.
Shine the Light: California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.
To make such a request, or if you have questions as to how your information is handled in compliance with CCPA, please contact NFL Support or write us at CA Privacy Rights, NFL Digital Media Group, 345 Park Avenue, New York, NY 10154.
18. International Users
This section of the Privacy Notice is supplemental and provides disclosures in addition to those made elsewhere in this Privacy Notice. This supplemental section applies only if you attend an event outside of the United States or use our website or Services otherwise covered by this Privacy Notice from a country that is not the United States, and where the applicable member of the NFL Family is subject to jurisdiction-specific laws.
NFL Enterprises LLC is the data controller for League processing of personal information when you use our website and mobile applications. NFL International LLC is the data controller for League processing of personal information collected when you attend an NFL Event outside of the United States. Member Clubs may also be a data controller for certain club specific executions, and their entities are listed here.
Legal Basis for Data Processing: We process personal information for the specific purposes set out in this Privacy Notice, as described above. Where such concept is recognized, our legal basis to process personal information includes:
- Necessary for the entry into or performance of a contract: When you enter into a transaction with us, we will need to collect, process, and share your personal information. Failure to provide the requisite personal information when entering into such an agreement, objecting to this type of processing, and/or exercising your deletion rights may mean that products and/or services cannot be provided to you.
- Legitimate interest: In certain circumstances we may use your personal information to pursue legitimate interests of our own, but this is provided your interests and fundamental rights do not override those interests. This is on the basis of our legitimate interest to:
- provide you with information and services as requested by you on a non-contractual basis;
- develop and improve our services to you and to our other customers;
- communicate with you and manage our relationship with you;
- administer our websites and applications;
- carry out management analysis, audit, forecasts, business planning, and transactions;
- ensure our compliance with applicable laws, regulatory requirements, and our policies; and
- deal with legal claims and related administrative activities.
We consider that it is reasonable for us to process your personal information for achieving our legitimate interests, as outlined above, as:
- We process your personal information only so far as is necessary to achieve the purpose outlined in this Privacy Notice; and
- The processing of your personal information does not unreasonably intrude on your privacy and ultimately benefits you in optimizing our provision of services to you.
- Consent: We may, on occasion and where permitted by law, process your personal information based on your consent. For example, where required by law, we will obtain consent to collect and process your sensitive personal information or to send you marketing messages by email. You may opt out of receiving certain marketing messages by exercising the choices described in Communications Preferences and Other Choices. To the extent our processing is based on consent, you can withdraw your consent at any time. However, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Compliance with legal obligations: To meet our regulatory and legal obligations, we may need to process some of your personal information.
In some instances, you may be required to provide us with personal information for processing, as described above, in order for us to be able to provide you all of our Services and for you to use all the features of our website.
If you are aware of changes or inaccuracies in your information, you should inform us of such changes so that our records may be updated or corrected. You may lodge a complaint with your local supervisory authority if you consider that our processing of your personal information infringes applicable law.
Except as otherwise prescribed by applicable law, in the event of any inconsistency between the English language version and local language version of this Privacy Notice, the English language version will prevail.
19. Supplemental Notice for Buffalo Bills
This section provides additional information relevant to Buffalo Bills, Highmark Stadium, and their affiliates (collectively, "Bills Group").
Members of the NFL Family may choose or be required by law to provide different or additional disclosures relating to the processing of personal information about residents of certain countries, regions, or within the United States, including those contained in this Privacy Policy. Not all notices in the NFL Privacy Policy apply to all teams, including the Buffalo Bills.
This Privacy Policy, as it relates to the Buffalo Bills, is for people living in the United States.
This Privacy Policy is integrated into the Buffalo Bills' Terms & Conditions of Use (“Terms & Conditions”).
Additional Disclosures
Below are additions to some of the disclosures made in the Privacy Policy.
1. Information You Provide to Us
In addition to the Information Provided by You (section 1 above), you may also provide videos to the Buffalo Bills through our sweepstakes, contests, social media engagement, or other methods.
You may also submit personal information to us to apply for a job, which may include your resume, occupation, educational history, certifications and licenses, and other information provided in applicants for employment.
You may also provide us with other person's information, as permitted by law, such as emergency contacts or data about your family, including children.
In using the Services, you may also provide the Buffalo Bills with your preferences in communication methods, interests, opinions, and other data to help the Buffalo Bills personalize your experience in using the Services.
While at one of our events, games, or in our offices or buildings, we may collect camera footage for security purposes and operational reasons such as measuring traffic patterns and availability of the Services for you.
We may also collect personal information about you from third parties.
Depending on your permissions, we may collect personal information from your social media platforms, based upon your privacy settings, which can include your name, ID, profile picture, network used, gender, username, user ID, email address, friend list, age or age range, language, country, follower list, photos, location, and any other information you have agreed to have the social media platform share.
We may collect additional Information about you from our affiliates, including Member Clubs, partners or vendors, data brokers, third-party websites, social media platforms, such as, but not limited, to Facebook, Twitter, Instagram, LinkedIn, and/or sources providing publicly-available information (e.g., from the U.S. Postal Service) to help us provide the Services to you, confirm, enhance, or supplement our existing information about you (e.g., with your consent, background checks for credit and criminal history), help prevent fraud, maintain security, and for marketing, advertising and other business purposes.
2. Use of Your Information
In addition to the uses described in the Privacy Policy, the Buffalo Bills may use your information to:
comply with and enforce our Terms of Use;
assess your application for employment;
engage with you as an employee on our web-based platforms for staff engagement and exchange of information;
provide analytics for business purposes and business intelligence, including how Services are used, so that we can improve and expand upon our Services
build predictive models, which allow us to improve our Services, as well as tailor our marketing and advertising efforts
assist law enforcement or pursuant to other legal process or security reasons, including using photographs or film footage containing your image, voice, and/or likeness at our events or in the stadium property.
We share your personal information as described in the Privacy Policy, and also where applicable based upon your consent.
4. Cookies and Similar Technologies
In addition to the disclosures in this Privacy Policy, the Buffalo Bills, use cookies, flash technologies, Google Analytics, and mobile application technologies directly and also may collect information from use of these technologies from our affiliates, including the NFL and other member clubs, and through third-party service providers, advertisers, and other partners. The use of these technologies by such third-parties is subject to their own privacy policies and is not covered by this Privacy Policy, except as required by law.
For targeting cookies, e.g., internet advertising, please note that opting out of interest-based advertising does not mean you will stop seeing, or see fewer, advertisements. It does, however, mean that the advertisements you do see will not be interest-based and may be less relevant to your interests.
We are not responsible for the effectiveness of, or compliance with, any third-parties' opt-out options or programs or the accuracy of their statements regarding their programs. In addition, third-parties may still use cookies to collect information about your use of our online services, including for analytics and fraud prevention as well as any other purpose permitted under the self-regulatory principles for online behavioral advertising (Principles) published by the Digital Advertising Alliance (DAA). More information about these Principles can be found at https://youradchoices.com/.
The Buffalo Bills will not text you any information to your mobile device.
7. Data Security and Data Integrity
The Buffalo Bills is not responsible for the privacy and security practices of other websites or social media platforms or the information they may collect (which may include IP address).
We are not responsible for the circumvention of any privacy settings or security features. You agree that we will not have any liability for misuse, access, acquisition, deletion, or disclosure of your information.
It is your responsibility to maintain the confidentiality of your log-in credentials and unique identifiers used to access the Services. You are also responsible for ensuring the accuracy of the information you submit to us. Submitting inaccurate information or failing to maintain the accuracy of information that changes (for example, a change of email address) may disrupt your ability to use our Services, may affect the information you receive from us, and may impact our ability to contact you. You can update your information at any time by visiting our Preference Center.
If you believe that your information has been accessed or acquired by an unauthorized person, you shall promptly Contact Us at [email protected] so that necessary measures can quickly be taken.
8. Data Transfers
We operate in the United States.
Your Personal Information may be transferred to and processed in any country where we have offices or in which we engage service providers. These countries may be outside the United States and may have different data protection laws than in the United States.
10. Children's Privacy
The Buffalo Bills may link to Third-Party Websites that may collect data from children. These Third-Party Websites have their own privacy policies and terms of use. See Links to Other Websites for more information.
The Services, including our website, is a general audience website. For certain activities in which children are allowed to participate, any request for personal data (such as registration data) is intended for and directed to the parent or legal guardian. For example, so the parent or guardian may sign their child up for the Mini Mafia kids clubs (the "Mini Mafia"). The information we collect may include your child's name, date of birth, gender, grade, and favorite player(s) and the name, address, email address, and phone number provided by a parent, guardian or registrant of Mini Mafia memberships. We use this information to allow you to sign your child up for the Mini Mafia and, as applicable, for you to receive news, information, promotions, ticketing opportunities, and/or merchandising opportunities as a part of the Mini Mafia memberships, for your child. If you no longer wish to allow your child to be part of the Mini Mafia or wish to delete all information collected about your child, please contact us at [email protected]. If you feel we have collected personal information from your child directly as part of the Kids Clubs, please contact us at [email protected] to request immediate deletion of that information.
CHILDREN: If you are under sixteen (16) years of age, please do not use or access our Services at any time or in any manner. Upon learning of the existence of information concerning persons under sixteen (16) years of age (or a higher age threshold where applicable that has been collected by us without verified parental consent), we will take appropriate steps to delete it.
PARENTS/GUARDIANS: In the event that we do begin collecting any Personal Information or data from children under the age of sixteen (16) (or where applicable under law), we will notify parent(s)/guardian(s) first, and will seek parental or guardian consent to collect, use and/or disclose certain Personal Information from children. We encourage parents and guardians to monitor their children's online behavior, put parental control tools in place, and teach children not to provide their personal information through the Services without parental consent.
Third Party Facility Use
In addition, please note that this Privacy Notice addresses the use of our Services to the extent we (as it is defined in this Privacy Notice) provide the Services. There are instances where third parties rent, lease, borrow, or use our facilities, stadium, etc. to provide their own events, products, and services, and in those instances, such third parties' data collection privacy and other polices would apply. We disclaim all liability associated with those, except where required under law.
Thus, this Privacy Policy, where relevant, applies to personal information collected when you interact with the Buffalo Bills football team. For example, unless otherwise included, this Privacy Notice does not apply when you purchase tickets for or sign up for information about concerts and other events that do not involve the Buffalo Bills football team, book a private event at the Bills Group's facilities, such as Highmark Stadium, or visit Highmark Stadium-branded web pages or mobile sites.
How To Contact Us
If you have any questions about the Privacy Policy, the Services, how you should be contacted, or your personal information collected, please contact:
NFL Digital Media Group
345 Park Avenue
New York, NY 10154
Attn: Website Privacy Notice
Or submit an inquiry here.
If you have questions about the Buffalo Bills services, or how the Buffalo Bills may collect or process your personal information, please contact us in the following ways:
General Inquires and Questions:
Email at: [email protected]
Mail: One Bills Drive, Orchard Park, New York 14127, Attn: Privacy Officer.
Call us toll free at: (866) 918-0235
Publicly Posted Personal Information:
To request removal of your personal information from the Buffalo Bills blog or community forum, contact us at [email protected]. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to do so and why.