Privacy & Security

The Upper Deck Company Privacy Policy

Date last modified: May 1, 2019 

This Privacy Policy (the "Privacy Policy") discloses the privacy practices and use of data for The Upper Deck Company's website (the "Website"). The Website is hosted, directly or indirectly, by The Upper Deck Company, a Nevada corporation ("UDC"). Please read the information below to learn and understand how UDC collects, uses, and safeguards the information you provide UDC through the Website.

  • 1. Information Upper Deck Collects. In order to allow you to use the Website in the best possible way, UDC may request and/or collect information (such as name, e-mail address, country of residence, and date of birth) from you on a voluntary basis. UDC collects the following types of information about users: Personally Identifiable Information and Non-Personally Identifiable Information (collectively "your information").

    "Personally Identifiable Information" is information that identifies you and may be used to contact you online or offline. UDC only collects Personally Identifiable Information from you on a voluntary basis, through registration, downloads, contest or sweepstakes entries, mailing/newsletter subscriptions, purchases, and technical support or customer service requests. The information UDC collects and stores will depend on the activity but may include your first and last name, age and birthdate, shipping and billing address(es), e-mail address, phone number, username, and password. UDC does not collect any Personally Identifiable Information about you unless you voluntarily provide it to UDC. If you make a purchase from UDC, UDC may also collect a credit or debit card number or other financial information, CVV, and billing address. Any credit card information that you provide will only be used as is necessary to process payments and prevent fraud during processing. If you make any purchases associated with or on the Website using any third-party payment processor, that third-party payment processor will collect your email address as well as the billing and payment information it needs to process your charges. UDC and its third party payment processor do not use credit card information for any other purposes, and UDC does not store any credit card information without prior authorization or request to do so. Except as provided herein, when you ask for help from UDC customer service, UDC will collect and store the contact information you give them (generally, your name and e-mail address, and information about your activity on the Website). To participate as a user on the Website, or in online activities, special events, contests, sweepstakes, or blog comment areas, you may be required to provide Personally Identifiable Information.

    "Non-Personally Identifiable Information" is information that cannot be used to personally identify you. The Non-Personally Identifiable Information UDC may collect includes the time and date of access, device information, location information, anonymous usage data while you are using the Website, preferences you submit and preferences that are generated based on the data you submit and/or number of clicks, referring/exit pages, a website's Uniform Resource Locator ("URL") that you just came from or the URL you go to next, and your Internet Protocol ("IP") address. However, to the extent that any of the aforementioned identifiers or similar identifiers are considered personal information by local law, UDC also treats these identifiers as Personally Identifiable Information.

    The Website may contain chat functions, forums, message boards, links to social media websites, and/or personal websites. UDC collects information about your communication and any information you choose to provide. Please remember that any information that is disclosed on any of the aforementioned mediums is public information and you should exercise caution when deciding to disclose your Personally Identifiable Information.

  • 2. How Upper Deck Uses and Shares Information.

    Personally Identifiable Information: UDC will use your Personally Identifiable Information internally to: provide you with access to the Website, enhance the operation of the Website, process orders and notify you based on the status of your order, send you products you may have ordered, notify the winners of UDC contests and sweepstakes, address fraud concerns, communicate with you and respond to questions and issues, provide technical support, send you promotional materials and push notifications where opted-into, solicit feedback from users, conduct marketing and user preference related research, and let you know about upcoming changes or improvements to the Website. UDC does not sell, trade, or rent your Personally Identifiable Information to others. UDC provides some services through contractual arrangements with third-party service providers, including a payment processor and a card fulfillment processor. UDC will share your Personally Identifiable Information as necessary for that certain third party to provide these services and operate the Website. However, you may request more information on the use and storage of your Personally Identifiable Information as expressed in Section 7 of this Privacy Policy.

    Non-Personally Identifiable Information: UDC will use Non-Personally Identifiable Information to help enhance the operation of the Website customize the user experience and the Website's content and layout, and improve UDC marketing and promotional efforts. UDC also aggregates Non-Personally Identifiable Information in order to track trends and analyze use patterns on the Website. This Privacy Policy does not in any way limit UDC's use or disclosure of Non-Personally Identifiable Information to UDC partners, thirds party vendors, advertisers, and other third-parties at UDC's discretion.

    Please be aware that, to the extent permitted by law, UDC may access and disclose your information if UDC (a) is required to do so by law or court order or (b) has a good faith belief that such access or disclosure is reasonably necessary to (i) comply with applicable laws, regulations, or legal process; (ii) enforce the UDC Store User Agreement: Terms and Conditions of Use (the "Terms"); (iii) respond to claims that your use of the Website violated rights of UDC or third parties; (iv) respond to your requests for customer service; and (v) troubleshoot software bugs and operational problems. UDC may transfer the information collected through the Website if UDC is acquired by, sold to, or merged with another entity. UDC may also share the information with subsidiaries and affiliated and related entities that provide services on UDC's behalf or in connection with UDC.

    Additionally, UDC may use your information to (a) resolve any disputes with regard to other users, your accounts, third parties, or use of the Website, (b) enforce this Privacy Policy or the Term, (c) detect, prevent, and mitigate fraud, spam, abuse, security incidents, and other harmful activity, (d) verify or authenticate information or identifications provided by you, (e) send you service or support messages, such as updates, security alerts, and account notifications, (f) provide customer service, and (g) operate, protect, improve, and optimize the Website. You may opt-out of receiving information from UDC by clicking the "unsubscribe" button in any e-mail you receive or by contacting UDC using the contact information available in Section 12. In addition, you may modify the information in your account by logging into your account and changing your account settings.

  • 3. Cookies."Cookies" are small bits of information that are stored by your computer's web browser. Cookies may tell UDC whether you have visited the Website before and what pages on the Website you have viewed. Generally, Cookies allow UDC's websites, services, applications, and tools to store relevant information in your browser or device and later read that information in order to identify you to UDC's servers or internal systems and improve the user experience on the Website. UDC uses Cookies, pixel tags, local shared objects ("Flash Cookies"), and similar technologies to automatically collect this information. Pixel tags are very small images or small pieces of data embedded in images, also known as "web beacons" or "clear GIFs," that can recognize Cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from your computer or device. Flash Cookies are similar to Cookies except that they can be larger and are downloaded to a computer or mobile device by the Adobe Flash media player. UDC may allow other UDC websites and third parties to place and read Cookies, web beacons, Flash Cookies, and similar technologies to collect information through the Website. For example, UDC's third-party service providers may use these technologies to collect information that helps UDC with traffic measurement, research, and analytics. You can decide if and how your computer will accept a Cookie by configuring your preferences or options in your browser. However, if you choose to reject Cookies, you may not be able to use certain online products, services, or features on the Website. Please note that you may need to take additional steps beyond changing your browser settings to refuse or disable Flash Cookies and similar technologies. Flash Cookies can be controlled through the instructions on Adobe's setting manager page which can be found here: If you choose to refuse, disable, or delete these technologies, some of the functionality of the Website may no longer be available to you. You can also learn more about Cookies by visiting, which includes additional, useful information on Cookies and how to block cookies using different types of browsers. For more information on advertising using Cookies and how to opt-out of advertising Cookies specifically, please see Section 10 herein. UDC uses Google Analytics, a web analytics service provided by Google, Inc., located at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google") for the purpose of delivering advertisements tailored to your interests. Google Analytics uses Cookies, and UDC processes your data based on UDC's overriding legitimate interest to provide easy-to-use website access statistics in a cost-effective manner (pursuant to Article 6 of the General Data Protection Regulation). Google uses this information on UDC's behalf to evaluate your use of the Website, to compile reports on the Website's activity, and to provide UDC with other services related to activity on the Website and internet usage. The IP address sent by your browser as part of Google Analytics will not be merged with other data on Google. You can prevent such storage of Cookies by following the direction above. You may also opt-out of Google Analytics and prevent Google from collecting your data in connection with Google Analytics by downloading and installing the browser plug-in available at the following link:

    UDC may use the following social media plug-ins: Facebook, Instagram, Pinterest, YouTube, and Twitter. If you visit the Website initially, no Personally Identifiable Information will be transmitted to the provider of the plug-in. UDC gives you the opportunity to communicate directly with the provider of the plug-in via the corresponding button. By clicking on the button, the social plug-in will be activated and the plug-in provider receives the information that you have visited UDC's online service. By activating the plug-in, personal data will be transmitted by you to the respective plug-in provider and stored there. Since the plug-in provider carries out the data collection in particular via Cookies, UDC recommends that you delete all Cookies via the security settings of your browser before clicking on the plug-in. UDC has no influence on the collected data and data processing operations, nor is UDC aware of the full extent of the data collection, the purpose of the processing, or the storage periods. UDC does not have the ability delete the data collected by the plug-in provider. For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy statements of the plug-in providers.

  • 4.Your Information. In addition to the aforementioned mechanisms, you have the ability to manage the use of your information in the following ways

    • (a) If you wish to modify, verify, correct, or update any of your Personally Identifiable Information collected through the Website, you may edit your registered user information in your account settings or contact us using the contact information in Section 12. In accordance with UDC's routine record keeping, UDC may delete certain records that contain Personally Identifiable Information you have submitted through the Website. UDC is under no obligation to store such Personally Identifiable Information indefinitely and expressly disclaims any liability arising out of, or related to, the destruction of such Personally Identifiable Information. It may not always possible to completely remove or delete all of your information from UDC's databases without some residual data because of backups and other reasons.

    • (b) Additionally, you may make a formal request to delete your Personally Identifiable Information held by UDC. In order to do so, please email UDC to request a Data Subject Erasure Request Form via email from and complete the form then email the completed form along with the requested verification information to in accordance with Section 7. Once your request has been confirmed, UDC will initiate the necessary steps to execute this exercise, including the deletion of your account. Please see Section 7 for more options regarding the uses of your Personally Identifiable Information.

    • (c) You may direct UDC not to share your Personally Identifiable Information with third parties (other than our service providers), not to use your Personally Identifiable Information to provide you with information or offers, and not to send you newsletters, e-mails, or other communications by modifying your registered user information on your account or contacting UDC at

    • (d) Please note that while you may have the opportunity to opt-out of targeted advertising and you may be able to control the use of Cookies through your web browser as described above, some web browsers may also give you the ability to enable a "do not track" setting. This setting sends a special signal to the websites you encounter while web browsing. Because there currently is no industry standard concerning what, if anything, websites should do when they receive such signals, UDC currently does not take action in response to these signals, but when a final standard is established and accepted, UDC will reassess how to respond to these signals.
  • 5. Children's Privacy. UDC does not direct the Website to users under eighteen (18) years of age ("children"). UDC does not knowingly collect or maintain Personally Identifiable Information or Non-Personally Identifiable Information from users on the Website under eighteen (18) years of age, other than as permitted by law in support of the internal operations. If UDC gains knowledge that Personally Identifiable Information of children under the age of eighteen (18) has been collected, other than for support of the internal operations, UDC will take reasonable steps to remove such information. If a parent or legal guardian believes that his or her child has submitted personal information to UDC, he or she may contact UDC Customer Service at the addresses provided in Section 12 herein.

  • 6. How Upper Deck Protects Information. To protect your information, UDC follows generally accepted industry standards and maintains reasonable safeguards to attempt to ensure the security, integrity, and privacy of the information you have provided. UDC has standard security measures in place, including a firewall-protected server and use of encryption, designed to protect against the loss, misuse, and alteration of the information under UDC's control. Unfortunately however, no system or data transmission over the Internet can be guaranteed to be 100% secure; human errors do occur, so there is always a possibility that there could be unauthorized access to your information. Although UDC strives to protect your information, you acknowledge that (a) there are security and privacy limitations of the Internet that are beyond UDC's control; (b) the security, integrity, and privacy of any and all information and data exchanged between you and UDC through the Website cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party. Canadian residents: Canadian residents should be aware that their Personally Identifiable Information will be stored on servers located in the United States of America

  • 7. GDPR. The European Union General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") provides data subjects within the European Union ("EU") with certain access rights with respect to their personal data. For purposes of the GDPR "personal data" refers to any information that identifies a natural person existing or residing in the EU ("data subject"), or may be used to identify a data subject, such as name, an identification number, location data, an online identifier, or factors specific to a data subject's physical, physiological, genetic, mental, economic, cultural, or social identity. Please note that UDC is the data controller of your personal data. Data subjects' GDPR rights are provided herein and summarized briefly below:

    • (a) Basic Information - the right to understand who UDC is and how UDC processes a data subject's personal data.
    • (b) Access - the right to request a summary of the data subject's personal data that is processed by UDC, along with a copy of such personal data.
    • (c) Portability - the right to request UDC provide a copy of a data subject's personal data in machine readable form for transportation to another controller/processor.
    • (d) Rectification - the right to request that UDC correct errors or update a data subject's personal data.
    • (e) Erasure - the right to request that UDC erase personal data in UDC's possession.
    • (f) Restriction on Use - the right to request that UDC stop processing a data subject's personal data.
    • (g) Objection to Use - the right to object to UDC's assertion that UDC has a legitimate interest in processing a data subject's personal data.
    • (h) Objection to Direct Marketing - the right to object to receiving direct marketing materials from UDC and/or its subsidiaries and affiliates.
    • (i) Objection to Automated Processing - the right to object to UDC's use of personal data to make automated decisions that affect the data subject.

    All of the aforementioned requests and objections may be directed to Please note that the data subject access rights described above are not absolute, and in many cases are subject to exceptions or other restrictions. If UDC determines that a request is invalid or does not correspond with the data subject access rights provided by GDPR, UDC will inform the data subject of such determination promptly upon reaching that conclusion.

    Pursuant to the GDPR, as a data subject, you may request UDC erase the personal data held by UDC by submitting a Data Subject Erasure Request Form which you may request via email from Upon completion, send the Data Subject Erasure Request Form and proof of your identity via email to Under Article 17 of the GDPR, data subjects have the right to request the erasure of their personal data if one of the following grounds applies:

    • (a) The personal data is no longer necessary for the purpose collected;
    • (b) The data subject withdraws consent to UDC's processing activities and no other legal justification for processing applies;
    • (c) The data subject is objecting under Article 21(1) of the GDPR to;
      • 1. Processing that is necessary for UDC to perform a task in the public interest under Article 6(1)(e) of the GDPR or in the exercise of UDC's official authority; and
      • 2. There are no overriding legitimate grounds to process the personal data.
    • (d) The data subject is objecting under Article 21(1) of the GDPR to;
      • 1. Processing that is necessary to pursue UDC's or a third party's legitimate interests under Article 6(1)(f) of the GDPR; and
      • 2. There are no overriding legitimate grounds to process the personal data.
    • (e) The data subject is objecting under Article 21(2) of the GDPR to processing for direct marketing purposes;
    • (f) UDC unlawfully processed a data subject's personal data;
    • (g) EU law requires UDC to erase a data subject's personal data to comply with a legal obligation; or
    • (h) UDC collected the personal data in the context of offering online services to children under Article 8(1) of the GDPR.

    However, the right to erasure is not required under the GDPR, to the extent that data processing is necessary:

    • (a) for exercising the right of freedom of expression and information;
    • (b) for compliance with a legal obligation which requires processing by EU or EU member state law to which UDC is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in UDC;
    • (c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) GDPR as well as Article 9(3) GDPR;
    • (d) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 8.3.1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
    • (e) for the establishment, exercise or defense of legal claims.

    Pursuant to the GDPR, data subjects may request confirmation from UDC regarding whether or not UDC has processed their personal data. If your personal data has been processed, as a data subject you may request the following information:

    • (a) The purposes for which the personal data have been processed;
    • (b) The categories of personal data that have been processed;
    • (c) The recipients and/or the categories of recipients to whom your personal data have been or are still being disclosed
    • (d) The planned duration of storage of your personal data or, if specific information is not available on this, criteria for specifying the duration of storage;
    • (e) The existence of the right to lodge a complaint to a supervisory authority
    • (f) All available information on the origin of the personal data, if the personal data was not collected from you; and
    • (g) The existence of automated decision-making including profiling as per Article 22(1) and (4) of the GDPR, and at least in these cases, meaningful information on the logic involved and the consequences and intended effects of this kind of processing for you.

    Data subjects also have the right to request information about whether or not their personal data has been transmitted to another country or an international organization. Such requests may be directed to

    Data subjects shall have the right to request UDC to restrict processing of personal data if one of the following conditions is met:

    • (a) the data subject contests the accuracy of the personal data for a period enabling UDC to verify the accuracy of the personal data;
    • (b) the processing is unlawful and the data subject opposes the erasure of the personal data, but wants it to be restricted;
    • (c) UDC no longer needs the personal data for the purposes of the processing, but the data subject requires it the establishment, exercise or defense of a data subject's legal claims; or
    • (d) The data subject objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of UDC override those of the data subject.

    As the data controller, UDC may process and retain your personal information on UDC's servers in the United States. In order to provide data subjects with access to and use of the Website and the ability to make purchases, and utilize other functionality on the Website, and allow third party data processors have access to and process your personal data. Third party data processors include service providers, hosting providers, data storage providers, and other technical partners who help UDC administer the Website, or process the data submitted to the Website.

    Where a data subject requests the erasure of their personal data pursuant to the terms in this Privacy Policy, all related accounts and the contents in each account will be permanently unrenderable and inaccessible. Following such requests, UDC is not responsible for any damages or loss pursuant to the deletion or loss of your personal data or account contents.

  • 8. GDPR. UDC may, from time to time, send you e-mails regarding the Website and or/ UDC's other websites where you elected to opt-in to receive such e-mails. Additionally, if you indicated that you are interested in receiving offers or information from UDC and partners, UDC may occasionally send you direct mail about UDC products and services that UDC feels may be of interest to you.

  • 9. Third-Party Websites and Service Providers. Many websites link to the Website and the Website may link to other websites which UDC thinks may be of interest to visitors of the Website. Except as otherwise provided herein, this Privacy Policy only addresses the use and disclosure of information UDC collects from you. Other sites or apps accessible through the Website have their own privacy policies and data collection, use, and disclosure practices. UDC strongly urges you to consult the privacy policy on that site, extension, or app. UDC is not responsible for the policies or practices of third parties and UDC encourages you to read the privacy statements of other sites, extensions, or apps before proceeding to use them. UDC may acquire information from other sources to update or supplement the information that you provide or that UDC collects automatically (such as information to validate or update your address or other demographic information), or when you connect with the company through a third party (including through social networks) based on your registration and privacy settings on those third party sites.

  • 10. Opt-out. If you would prefer not to receive direct communications with regard to UDC products and/or services anymore, you may opt-out by following the directions on the bottom of e-mails to you from UDC or by logging into your account and changing your contact settings.

  • 11. Legal Disclosures; Safety. UDC may transfer and/or disclose the information UDC receives from and about you to comply with a legal obligation, to provide information to law governmental authorities in accordance with applicable law, and when UDC believes in good faith that the law requires it. UDC may collect your information for the internal operations of the Website. UDC also reserves the right to share your information with legal authorities and other companies for fraud protection and credit risk reduction, to detect any technical or security vulnerabilities, to enforce UDC's Terms or other applicable policies, or to otherwise protect the rights, property, safety, or security of third parties, users of the Website, UDC, or the public.

  • 12. Contact Upper Deck. For any questions and inquiries regarding this Privacy Policy and Upper Deck's practices, please contact Upper Deck by mail, telephone, or e-mail.

    The Upper Deck Company
    5830 El Camino Real
    Att: Customer Service
    Carlsbad, California 92008
    Phone: 1-800-873-7332

  • 12. Changes to Privacy Policy UDC reserves the right to makes changes to this Privacy Policy at any time and for any reason, with or without any notice to users. Updated versions of this Privacy Policy will be hyperlinked on the Website.