Privacy Policy

California Privacy Notice

Nevada Privacy Notice

ABOUT US

We are Groundspeak, Inc. (“Groundspeak”), the owner and operator of the following websites and mobile applications:

In addition, we work with developers (“Authorized Developers”) who create geocaching-related websites and applications that connect with our services using our software interface, known as an application programming interface or API.

For the purpose of this privacy policy, we refer to the above as our “services”. References in this privacy policy to “we”, “us,” or “our” are references to Groundspeak.

ABOUT THIS PRIVACY POLICY

When you use our services, we process your personal information. This privacy policy explains the ways that we process your personal information and our reasons for doing so. It is divided into sections to make it easier to read.

While we are based in the United States, we recognize that people in many different countries also use our services. Privacy laws vary depending on your location. As the majority of people who use our services are in the U.S. and Europe, we have based our privacy policy on U.S. law and the European Economic Area’s (EEA) privacy law, known as the General Data Protection Regulation (“GDPR”). When processing personal data (also “personal information” or “information” or “data”), we act as the controller within the meaning of GDPR.

CATEGORIES OF PERSONAL INFORMATION

We process the following categories of personal information about you in connection with our services.

Account and identity information Any information about you that we use to identify you in connection with your account and our services, such as your name, email address(es), username, passwords, and other identification information, e.g., your user ID for the account through which you are accessing our services. We may collect your age in order to comply with laws that restrict collection and disclosure of personal information belonging to minors.
Activity information Any information relating to your game-related activities on our services, such as your finds and related logs (including uploaded photos), hides, favorite points (awarded and received), trackable logs and ownership, game statistics, standing compared to other users on a leaderboard, the Adventures you own and have played, as well as the ratings and reviews you’ve added, and the date and time that you finished the various stages of an Adventure or logged a particular geocache or trackable item.
Browsing informationAny information on your browsing behavior while using our services, such as your IP address, time and date of access, browsing history, search history, and use of our services, as well as information regarding your interaction with websites, applications, or advertisements when you use our services.
Community informationAny information you provide to us when interacting with our community, including, but not limited to, any content you post publicly when you use the public features of our services, such as when you participate in the discussion forums or when you write a note to another user on their cache page.
Contact informationAny information that can be used to communicate with you, including, but not limited to, your name, email address, and other contact details you provide, such as your phone number and address.
CorrespondenceAny information you provide to us through correspondence with us (e.g., by email or via our Help Center), such as any opinions you share with us, any survey responses, your comments and questions, and your feedback.
Device informationAny information related to your mobile phone or GPS device, including, but not limited to, the unique identifier for your device, such as UUIDs, mobile ad IDs, Apple and Android IDs, analytics app instance IDs, and install IDs, your device type, device specifications, and crash data, including crash traces and breakpad minidump formatted data, your IP network state (online/offline), which version of our applications you’re using, the name of the application you’re using if you’re using an application provided by one of the Authorized Developers, and whether or not you have enabled an Android developer option that enables override of your phone’s GPS coordinates.
Professional or employment-related informationAny information you provide to us if you apply for a job with us, including information in your resume or application form.
Location informationAny information that allows us to determine or approximate your location. We may be able to determine your general location based on the IP address you use to access our services. We may also be able to detect, based on your mobile device settings, if you have enabled a feature that allows you to override your device’s GPS coordinates with mocked coordinates. We also collect your search data, including the latitude and longitude of any location-based search you perform either intentionally or via the automatic search of your current location that is performed when you open our applications. After getting your permission, our mobile applications access your precise location while you are using them in order to enable your use of our location-dependent services. However, we do not store or process that information for any additional purposes. Geocaching, Waymarking, Wherigo: in your account Settings, you have the option to add your general location to your public profile (allowing you to notify other users of where you are based). Geocaching: in your account Settings, you also have the option to add a “Home Location” in your non-public-facing profile (allowing us to show you events and geocaches near you). Your “Home Location” can be as broad as your state or as narrow as specific GPS coordinates.
Membership informationAny information regarding your active membership, including whether you are Basic or Premium, the date you joined and last visited the site, and whether your account is validated.
MessagingMessages you send to or receive from other users through our Message Center.
Other account informationAny information, such as email address, name, and profile photo, that we need to collect in order to link your account to a third-party account (e.g., Apple, Facebook, Google) when you choose to link your account with us to that third-party account for log-in or if you decide to share your game activity directly to social media via a link we’ve provided through our services.
Preference informationAny information that indicates your actual or likely preferences when using our services, whether provided by you or inferred by us. Such information includes, but is not limited to, information about how much time you spend on which pages, which links you choose to click, as well as files, listings, and content that you access, information about the pages you request, information that helps us better understand our visitors’ experience on our services in general, and your user experience, e.g., what you do and don’t like about our services.
Profile informationAny information that you provide to us in your profile such as your location, profile photo, cover photo, photo gallery and any other photo uploads, “about me” information, and Geocaching discussion forum title and signature.
Promotion informationAny information you provide when you participate in a promotion, such as a trackable giveaway. This information includes your contact information, username, and may include your age and answers to questions provided by us or the promotion sponsor.
Purchase informationAny information we use to complete a transaction with you to purchase a Premium membership or on Shop.Geocaching.com, including, but not limited to, your contact information, your shipping and billing address, the product you purchased, price, and payment method. We also create a record of your purchase history.
Review submissionsAny information used to assess whether your geocache meets the geocache hiding guidelines, such as your unpublished cache page, correspondence with the community volunteer reviewers, your username, and any other content you include in your submission.

USE OF PERSONAL INFORMATION

The purposes for which we process your personal information are below, along with our legal bases for processing as required by GDPR. (See Article 6(1)(a)-(f) of GDPR if you’d like to know more about the specific legal bases for processing.)

How do we use your personal information? What categories of personal information do we use? What is our legal basis for using your personal information?
To provide our services to you and to administer your account with us.
  • Account and identity information
  • Membership information
  • Profile information
  • Location information
  • Activity information
  • Other account information
Performance of a contract with you, e.g.:
  • providing you with the correct membership level
  • administering our services
Pursuing our legitimate interests in:
  • making our services available to you
  • providing you with all features that you have requested
  • providing a more compelling game experience
To complete your purchase transactions, including authorizing, processing, and tracking payments through our service providers’ secure credit card and payment processing gateways.
  • Account and identity information
  • Contact information
  • Correspondence
  • Purchase information
Performance of a contract with you, e.g.:
  • facilitating secure payment
  • providing you with the correct membership level
  • communicating with you about the status of your purchases
  • administering our services
To enable your Premium membership status and follow up with you in connection with your membership.
  • Account and identity information
  • Membership information
  • Contact information
  • Correspondence
Performance of a contract with you, e.g.:
  • providing you with the correct membership level
  • administering our services
  • providing you with non-marketing commercial communications relating to your Premium membership
Pursuing our legitimate interest in providing you with marketing communications relating to your Premium memberships, such as telling you about our services, products, or offers, if you have requested to receive these communications. Your consent, if requested and provided.
To allow you to communicate through any of our communications services.
  • Account and identity information
  • Membership information
  • Contact information
  • Messaging
Performance of a contract with you by enabling you to send or receive messages through our communications services.
For our own internal business purposes related to our services and operations, including market research, website and mobile application optimization, to improve our products and services, for record-keeping, as evidence in connection with a potential legal issue, back-ups, and data storage.  
  • Account and identity information
  • Membership information
  • Profile information
  • Location information
  • Correspondence
  • Purchase information
  • Activity information
  • Community information
  • Preference information
  • Device information
  • Browsing information
Pursuing our legitimate interest in:
  • improving our services
  • developing our business
  • maintaining our business records
  • ensuring that our services are secure and functioning properly
  • efficiently handling our business processes
Your consent, if requested and provided.
To enable Authorized Developers to provide related websites and applications that extend and enhance your experience of the game and our services.
  • Profile information
  • Activity information
  • Device information, specifically the name of the application you’re using if you’re using an application provided by one of the Authorized Developers and which version of the application you’re using.
Location information
Pursuing our legitimate interest and those of our Authorized Developers to create websites and applications that extend your experience of the games and services beyond what we are able to provide. Your consent, if requested and provided.
To communicate with you about things we think might interest you such as our products and services and location-based entertainment-related activities.
  • Account and identity information
  • Membership information
  • Profile information
  • Contact information
  • Location information
  • Correspondence
  • Purchase information
  • Preference information
Pursuing our legitimate interest in providing you with marketing communications, including telling you about our services, products, or offers relating to your membership or our services, if you have opted to receive these communications. Your consent, if requested and provided.
To verify your identity
  • Account and identity information
  • Other account information
Performance of a contract with you, e.g., authenticating your identity. Pursuing our legitimate interest in ensuring that our services are secure and only used by authenticated and authorized users.
To provide customer service and review issues with your account or your use of our services.
  • Account and identity information
  • Membership information
  • Contact information
  • Correspondence
  • Device information
Performance of a contract with you, e.g.:
  • providing you with non-marketing commercial communications relating to your membership or our services that you use
  • answering questions that you have specifically directed to us, e.g., support queries or questions relating to your membership or our services
To allow you to share your experiences using our services with others.
  • Account and identity information
  • Membership information
  • Profile information
  • Location information
  • Activity information
  • Community information
  • Other account information
Pursuing our legitimate interests in:
  • providing you with the public features of our services that you have requested
  • maintaining a historical record of game-related activity
  • enhancing the community-oriented nature of the game
  • allowing other users to interact with you and determine your credibility or engagement level with the game
Your consent, if requested and provided.
To update you on changes to our services, this Privacy Policy, or our Terms of Use; and other administrative communications.

  • Account and identity information
  • Membership information
  • Contact information
Performance of a contract with you, e.g., providing you with relevant non-marketing commercial communications. Complying with our legal obligations.
To provide promotions with our partners, such as GeoTours, trackable promotions, and sponsored Adventures.
  • Account and identity information
  • Contact information
  • Activity information
Pursuing our legitimate interest to develop our business. Your consent, if requested and provided.

To allow you to log in via Apple, Google, or Facebook.

Other account information Performance of a contract with you, in particular:
  • providing our services to you
  • administering your account with us
To share information through a social network site account, such as Facebook and Twitter
  • Other account information
  • Activity information
Your consent, if requested and provided.
To investigate any complaints, restrict access to our services, or communicate with users who have violated our Terms of Use; or otherwise violated our rights or the rights of others

  • Account and identity information
  • Membership information
  • Contact information
  • Profile information
  • Location information
  • Correspondence
  • Review submissions
  • Activity information
  • Community information
  • Device information
  • Browsing information
  • Messaging
Pursuing our legitimate interests in:
  • ensuring appropriate conduct in connection with the use our services
  • enforcing our terms of use and other agreements that we have in place
  • protecting the rights and freedoms of our users and other third parties
To enable geocaching community volunteers and us to review geocaches prior to publication and to moderate our discussion forums. Review submissions Pursuing our legitimate interest in:
  • ensuring that your geocache meets the publishing guidelines
  • providing appropriate controls on forum discussions
To verify your location Location information Pursuing our legitimate interests in verifying your location when you participate in Adventure Lab activities and to ensure we are sending you information that is relevant for your location.

If you have provided consent for us to use certain types of your personal information for specific purposes, you may withdraw it at any time, and we will stop using your information for those purposes moving forward. You may do this by “opting out” where we give you the opportunity to do so, by changing your account Settings, or by contacting us by one of the methods in the “How to contact us” section.

DISCLOSURE OF PERSONAL INFORMATION

Except as outlined below or otherwise described in this privacy policy, we do not share or sell personal information of our users. We only disclose your personal information to the categories of parties listed below for the following purposes and based on the corresponding legal bases:

Recipients Categories of personal information Our legal basis for sharing your personal information
Other users
  • Account and identity information: username
  • Membership information: membership type and date account was created
  • Profile information: only if you choose to make it public or visible to friends
  • Location information: only if you choose to make it public or visible to friends
  • Browsing information: if you participate in the discussion forums, your IP address may be shared with community volunteer forum moderators (who are registered Geocaching account holders) to help them provide appropriate controls on forum discussions
  • Review submissions: shared with community volunteer reviewers to allow them to assess whether your geocache meets the publishing guidelines
  • Activity information
Pursuing our legitimate interest in:

  • providing you with the public features of our services that you have requested
  • maintaining a historical record of game-related activity
  • enhancing the community-oriented nature of the game
  • allowing other users to contact and interact with you and determine your engagement level with the game
  • ensuring appropriate conduct in connection with the use our services
  • enforcing our terms of use and other agreements that we have in place
  • protecting the rights and freedoms of our users and other third parties
Authorized Developers

(unless you opt out of sharing in your account Settings)

Note: Authorized Developers’ applications are not owned or operated by us. They have their own privacy policies in relation to personal information. We provide a list of our current Authorized Developers.

  • Account and identity information: username
  • Profile information
  • Activity information: geocache and trackable listings and logs (including photos), Adventure Lab listings and activity
  • Location information: only if you use the Authorized Developer application and consent to share

Pursuing our legitimate interests and those of our Authorized Developers in creating websites and applications that extend your and other account holders’ experience of the games and services beyond what we are able to provide Your consent, if requested and provided.

Promotion partners (only if you choose to participate in their promotion)

Our partners’ use of your information will be covered by their privacy policies.

  • Location information
  • Contact information
  • Activity information

Pursuing our legitimate interests and those of our partners in:

  • enabling your participation in the promotion
  • allowing the promotion sponsor to learn more about the general location of participants, e.g.to gauge whether the promotion was effective
Your consent to:
  • Sharing of contact information for purposes of marketing to you or prize fulfilment
Social media

Review the privacy policies of any social media with whom you choose to share to understand how they use your information.

Activity information: only if you choose to share your activities to Facebook, Instagram, or Twitter via buttons that may be available on our services

Your consent, if requested and provided.
Advertising networks We have ads on our site served by a third-party advertising network. Using browser cookies, these ad networks use your navigation history to serve you ads they predict will interest you. Learn more in the Cookies section.

Browser information

Your consent, if requested and provided.
Vendors, contractors, and service providers, such as:

  • email services
  • commenting services
  • human resource related systems (e.g., applicant tracking, payroll, etc.)
  • customer relationship management

The information category varies depending on the services. Access to personal information is only as necessary for the specific function they were hired to perform. Other use is prohibited.

These entities act as our processors (see Art 28(1) GDPR) and will only process your personal information according to our instructions.
Internal business providers, such as:

  • auditors
  • accounting service providers
  • lawyers
  • banks
  • tax consultants
  • May include personal information; the type varies depending on the nature of the internal business purposes

  • Access only as necessary for the internal business purposes
Necessary for the provision of our services Our legitimate interest in the proper operation of our business (Art 6(1)(f) GDPR)
Legal authorities, such as:

  • law enforcement
  • tax or other local authorities based in countries in which we operate
  • May include contact information, profile information, activity information, and location information; the type varies depending on the nature of the request

  • Access only as necessary for the purpose
If we are required to by law Our legitimate interest in combatting abuse; in prosecuting crimes; and in securing, establishing, and enforcing claims
Merger and acquisition partners

In the unlikely event that we wished to sell our business or reorganize our company, we may need to share your personal information with potential buyers or the new entity.

  • May include all categories of personal information
  • Shared in accordance with this privacy policy and applicable data protection law

Our legitimate interest in changing the corporate structure of our business

Third Party account providers, such as:

  • Apple
  • Google
  • Facebook

To allow you to log in to your Geocaching account via these providers (aka “Single Sign-on”)

  • Other account information

Performance of a contract with you, in particular:

  • providing our services to you
  • administering your account with us
Map Providers

To enable map functionality

  • Location information (however, you are not identifiable – the information is not linked to your account)

Pursuing our legitimate interest in making our services available to you

Analytics Providers, such as:

  • Google
  • Hotjar
  • Microsoft

The information category varies depending on the services. Access to personal information is only as necessary for the specific function they were hired to perform. Other use is prohibited.

These entities act as our processors (see Art 28(1) GDPR) and will only process your personal information according to our instructions.
Payment Processors, such as:

  • Vindicia
  • Chase Paymentech
  • Braintree

The information category varies depending on the services.

  • We use Braintree (a PayPal service) to process membership payments. PayPal is an independent controller for purposes of processing customer data. You can learn more by reviewing PayPal’s privacy statement available at www.paypal.com.
Access to personal information is only as necessary for the specific function they were hired to perform. Other use is prohibited.
These entities act as our processors (see Art 28(1) GDPR) and will only process your personal information according to our instructions.

Other services

We use YouTube API Services to display video uploaded to YouTube on our mobile applications. This use does not require access to your YouTube account data. YouTube’s API Services are governed by Google’s privacy policy.

NOTICE OF RIGHTS FOR EEA, UK, AND SWITZERLAND

If you reside in the EEA, the UK, or Switzerland, our use of your personal information is governed by the GDPR or applicable EEA, UK, or Swiss national laws. These grant you the following rights:

  • Right of access (Art. 15 GDPR): You have the right to ask us for confirmation on whether we are processing your personal information, and access to the personal information and related information on that processing (e.g., the purposes of the processing, or the categories of personal information involved). You also have the right to access your personal information, by requesting a copy of the personal information about you.
  • Right to rectification (Art. 16 GDPR): You have the right to have your personal information corrected, as permitted by law.
  • Right to erasure (Art. 17 GDPR): Subject to the requirements of Art. 17 GDPR, you have the right to ask us to delete your personal information, as permitted by law. This right may be exercised among other things: (i) when your personal information is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) when you withdraw consent on which processing is based on your consent and where there is no other legal ground for processing; (iii) when you object to processing that is necessary for our legitimate interests (pursuant to Art. 21(1) GDPR) and there are no overriding legitimate grounds for the processing, or when you object to your personal information being used for direct marketing purposes (pursuant to Art. 21(2) GDPR); or (iv) when your personal information has been unlawfully processed.
  • Right to restriction of processing (Art. 18 GDPR): Subject to the requirements of Art. 18 GDPR, you have the right to request the restriction of our processing under limited circumstances, including: when the accuracy of your personal information is contested; when the processing is unlawful and you oppose the erasure of your personal information and request the restriction of the use of your personal information instead; and when you have objected to processing that is necessary for our legitimate interests (pursuant to Art. 21(1) GDPR) pending the verification whether our legitimate interest overrides your grounds.
  • Right to data portability (Art. 20 GDPR): Subject to the requirements of Art. 20 GDPR, you have the right to receive the personal information that you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
  • Right to object (Art. 21 GDPR): You have the right to object to our processing of your personal information, as permitted by law. This right is limited to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or processing which is necessary for the purposes of our legitimate interests (Art. 6(1)(e) or (f) GDPR), and includes profiling based on those provisions, and processing for direct marketing purposes.
  • Right to withdraw consent (Art. 7(3) GDPR): where we process your personal information on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that occurred prior to such withdrawal.

YOUR RIGHTS AND CHOICES

You can choose how your information is shared by adjusting your account Settings or by opting out in the following circumstances:

  • By signing into your account and accessing your account Settings, you can change various privacy settings and update certain personal information, including deleting information from your profile and deleting your geocache and trackable logs. You can also contact us via our webform to request deletion.
  • You can also choose to opt out of allowing our Authorized Developers to share your Geocaching.com Profile information with their users by changing your Authorizations in your account Settings. You can choose to allow Authorized Developers to share your geocaching activity with your Geocaching friends.
  • If you do not want to receive our newsletter or marketing messages from us, you can click the “unsubscribe” link at the bottom of the email or message you receive or adjust your email preferences in your account Settings.
  • If you do not want to receive emails from us about specific geocaches or trackables, you can change your settings by logging into your account and removing these geocaches and/or trackables from your Watchlist or Lists. Please note that you cannot disable notifications related to geocaches or trackables owned by you.
  • If you have granted us access to your Facebook, Google, or Apple sign-on, you can remove authorizations by logging into account Settings, selecting the Authorizations tab, and clicking to remove access.
  • If you have provided consent for us to use your information, you may withdraw it at any time for our use moving forward. If not otherwise specified in this privacy policy, you may do this by “opting out” where we give you the opportunity to do so, by changing your account Settings, by changing your email preferences, or by contacting us.

Contacting us to exercise your rights

If you wish to exercise any of the above rights or need help doing so or have questions about them, please use one of the methods provided in the in the “How to Contact Us” section.

Personal information processed when you exercise your rights

We process the personal information provided by you when you exercise your rights under Art. 7(3) and Art. 15 through 22 GDPR, not only for the purpose of complying with these rights, but also so that we can demonstrate such compliance. This processing is based upon the legal basis of Art 6(1)(c) GDPR in conjunction with Art. 7(3) and Art. 15 through 22 GDPR.

Right to lodge a complaint with the competent data protection authority

If you live in the EEA, UK, or Switzerland, you have the right to complain to a data protection supervisory authority about our collection and use of your personal information. For more information, please contact your local data protection supervisory authority.

COMPLAINTS AND QUESTIONS

If you have any complaints or questions about how we use your personal information, you may contact us using the contact details set out in the “How to Contact Us” section. We will then get in touch with you to see how we can help.

If you have a complaint about how we use your personal information, we would always prefer you to contact us first. However, as stated above, you may also make a complaint to your data protection supervisory authority, if you wish to do so. If you would like more information about how to contact the relevant data protection supervisory authority, please email or otherwise contact us.

STORAGE OF YOUR PERSONAL INFORMATION

We will keep your data only for as long as it is necessary for the specific purpose or purposes for which we have collected or used them in accordance with this privacy policy.

Account deletion

If you want to permanently delete your account or following your explicit request for deletion of any of your personal information, we will delete your account and/or help you to delete your personal information as requested. Due to the nature of the game and the way that users interact, you will need to take all steps necessary to facilitate the deletion, including adopting or removing any geocaches you own, deleting your logs, and disabling your account. We will then complete the deletion process as soon as possible. The way our systems are structured, in some cases, it may take up to 30 days for records to be deleted or overwritten. In some circumstances (set out below) we may keep your personal information for longer.

Because of the nature of our services, which require a cellular data plan or GPS device and the ability to travel to various locations, our services are not directed toward anyone under the age of 16. If you are a parent or guardian and discover that your child under the age of 16 has an account not created and managed by you, then you may alert us via email or otherwise contact us and request that we delete that child’s personal information.

When you stop playing

If you stop playing or temporarily disable your account, without taking any further steps or asking us to permanently delete your account or personal information, we will keep your information as long as needed to ensure the integrity of the game and the enjoyment of other players. Your geocache and trackable logs and any images associated with them will remain as part of the historic record of the geocache or trackable with which they are associated unless you delete them. If you have provided personal information or content that other users need to use in relation to the services (for example, information about a particular geocache you have logged or placed; if you have moved or logged a particular trackable; or if you have left instructions or goals about a particular trackable), we may retain that information for as long as we need to provide the services to our other users, but you may always delete that information if you wish. We know that sometimes users take a break from the game and come back at a later time, which is why we don’t automatically permanently delete your account and personal information if you stop playing or temporarily disable your account. We may contact you if you have stopped playing or temporarily disabled your account to check if you would like us to permanently delete your information. However, after three years of inactivity, we may delete your account without contacting you.

Please note that once your account and personal information has been deleted, we cannot get it back. If you don’t ask us to permanently delete your account and personal information, except as provided above, we will keep it until you want to reactivate your account, and we will store it securely and in accordance with this privacy policy.

Information provided for a specific purpose

If you have provided us with personal information for a specific purpose, we will keep your personal information for as long as we need to fulfill that purpose. Specifically:

  • If you have provided address information as part of a competition entry, we will keep that information for as long as necessary to administer the competition, typically about a year.
  • We will retain your contact details if you have an account with us or if we think you may be interested in marketing messages, offers, promotions, or new services. You will always have the choice of opting out of receiving these messages. If you do so, we will remove you from our email marketing lists as soon as we can but typically within 10 business days.
  • If you have posted content online in the discussion forums, unless you request deletion, we will retain that content for as long as we think the topic is relevant. After this time, we may delete the post or archive it.

Where we have obtained personal information automatically about your use of our services (e.g., analytics), we will keep this information for as long as we feel it may be useful to us to improve and develop our business. We will delete it when it is no longer useful. This will normally be within 24 months of completion of the purpose for which it was originally collected.

In some cases, we may be required to store personal information beyond the period of time that we need it for the purposes for which we have collected it, taking into account factors including:

  • legal obligation(s) under applicable law to retain personal information for a certain period of time (e.g., compliance with tax and accounting requirements).
  • the establishment, exercise, or defense of legal claims (e.g., for the purposes of a potential dispute).

If a law requires us to hold onto your personal information, we will store your data for the amount of time required by that law. Further, we will store your personal information on the basis of our legitimate interest, such as the requirement to create proper documentation of our business operations.

PROTECTION OF YOUR PERSONAL INFORMATION

We have implemented many security measures to protect against the loss, misuse, and alteration of your information. We protect your account information through the use of a password. To protect the confidentiality of your information, you MUST keep your password confidential and not disclose it to any other person. We and our payment card processors work to protect the security of your credit card information during transmission through the use of transport layer security (TLS), which encrypts the information you input.

HOW WE USE COOKIES AND OTHER TRACKERS

We also collect data about your use of our services through a variety of tracking technologies, such as cookies, pixels, and software development kits (SDKs). We use these trackers on our websites, in our email communications, and – to a more limited extent – on our mobile applications.

A cookie is a small text file that is downloaded and stored onto your computer, mobile phone, or similar device when you use our websites that enables us to: (a) recognize your computer; (b) store your preferences and settings; (c) understand the web pages of our services you have visited and the referral sites that have led you to our services; (d) enhance your user experience by delivering content specific to your inferred interests; (e) perform searches and analytics; and (f) assist with security administrative functions. You can find more detailed information in the Cookies section of your account Settings on the website and at https://www.geocaching.com/account/documents/cookies.

Pixel trackers (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads, and/or email, that are designed to provide usage information, like ad impressions or clicks, measure popularity of our services and associated advertising, and to access user cookies. 

SDKs are pieces of software code provided by our digital vendors (e.g., analytics providers) that are embedded into our mobile apps and are intended to collect and analyze certain device and user data, such as analytics, crash data, and digital identify information to provide services like login via Facebook.

Information we collect using trackers

  We collect the following information from you:
  • The date and time you use our services
  • Information about your browser, system, or device configuration
  • Your IP address
  • Your interactions with our websites and the pages you visit
  • Your interactions with our mobile apps
  • Analytics information
  • Crash reporting

Managing trackers

Depending on the laws in your location, you may have the ability to choose which types of cookies and pixels you wish to accept through the tools we provide on our website. You may also use the tools in your browser to disable cookies and pixels; however, disabling certain cookiesmay limit functionality of our services.

On some user profile pages and cache pages, account holders have used links to third-party sites to display content. In some cases, these third-party links may have associated cookies and pixels. Due to the volume of such content, we may be unable to identify all of these cookies and pixles or provide the ability for you to disable them. Please consider browser-based blocking if you wish to block these types of trackers.

Types of trackers that we use

Strictly necessary trackers

Strictly necessary trackers help make our websites usable by enabling basic functions like page navigation and access to secure areas of the websites. The websites cannot function properly without these trackers.

Preference trackers

Preference trackers enable our websites to remember information that changes the way the websites behave or look, like your preferred language or the region that you are in.

Statistics (also called analytics) trackers

Statistics trackers help us to understand how visitors interact with our services by collecting and reporting information about interactions with our services.

Advertising trackers

Advertising trackers are used by third parties to track visitors across websites. The purpose is to display ads that are relevant and engaging for the individual user and therefor more valuable for publishers and third-party advertisers.

For users in the EEA, UK, and Switzerland

For users in the EEA, UK or Switzerland, the legal basis for using strictly necessary cookies and pixels is Article 6(1)(b) GDPR. For all other cookies and pixels, including the third-party applications listed below, we use cookies and pixels on the basis of your consent (Article 6(1)(a) GDPR).

To the extent that we use cookies and pixels based on your consent, you have the right to withdraw your consent at any time, which will take effect moving forward (but not retroactively). You can withdraw your consent by changing your cookie settings in your account Settings on our websites or as outlined below for specific third-party applications.

Please note that even if you withdraw your consent, some trackers might not be blocked. Content that other account holders place on our websites (e.g., on their cache pages) in some cases includes links that trigger advertising trackers from third-party sites. Because of the volume of this content, we are not able to identify all of these trackers. Please consider browser-based blocking instead.

Google Services

We use the services, described below, of Google LLC, 1600 Amphitheater Pkwy Mountain View, California 94043, U.S. (“Google”). Your information is processed by Google in the U.S. Basic information concerning your personal information, as processed by Google, can be found here: https://policies.google.com/privacy?hl=en. Google provides you with the following ways to control the information it collects:

Ad Settings helps you control ads you see on non-Google websites and apps that use Google ad services. You can also learn how ads are personalized, opt out of ad personalization, and block specific advertisers.
• If you are signed in to your Google Account, and depending on your Account settings, My Activity allows you to review and control data that’s created when you use Google services, including the information it collects from the sites and apps you have visited. You can browse by date and by topic, and delete part or all of your activity.
• Many websites and apps use Google Analytics to understand how visitors engage with their sites or apps. If you don’t want Analytics to be used in your browser, you can install the Google Analytics browser add-on. Learn more about Google Analytics and privacy.
Incognito mode in Chrome allows you to browse the web without recording webpages and files in your browser or Account history (unless you choose to sign in). Cookies are deleted after you’ve closed all of your incognito windows and tabs, and your bookmarks and settings are stored until you delete them. Learn more about cookies.
• Many browsers, including Chrome, allow you to block third-party cookies. You can also clear any existing cookies from within your browser. Learn more about managing cookies in Chrome.

Google Analytics

We use Google Analytics (including Google Analytics for Firebase), an analytics service. Google Analytics uses cookies and collects information from you concerning your use of our services, including your truncated IP address. The information generated by the cookies regarding your use our services (including your truncated IP address) are transferred to, and stored on, Google servers. Additionally, we enable Google Analytics’ User-ID feature to better understand how users interact with our services over an extended period of time, from different devices and multiple sessions, so we can continue to improve our services and provide the best experience for our users. User ID helps identify unique users across multiple devices and browsers. When you log-in to use our services, your User ID is sent to Google. We use Google Analytics to collect both predefined events, such as the page you came from, and custom events, such as whether you clicked on a particular link/button, to understand how you use our websites and mobile applications. Google will use this information to help us evaluate your use of our services, to compile activity reports for us, and to generate further analyses and evaluations in connection with your internet use and use of our services. Google can also link this information with other information such as your search history, your personal account, the usage information of other devices, and additional information that Google has stored regarding you. Where applicable, Google will also transfer this information to third parties to the extent required by law (such as by government authorities) or to the extent that third parties process such data on behalf of Google.

The information logged with Google Analytics is stored for two years. Once this time period has lapsed, only aggregated statistics will be retained by Google Analytics.

You can deactivate Google Analytics on our websites through an opt-out browser add-on.

Google Firebase

We use Google Firebase, a cloud-based platform that provides certain backend services for mobile applications, such as in-app messaging, notifications, analytics, performance monitoring, A/B testing, dynamic links (links that take you to a particular location in our applications), crash reporting, remote configuration (allows customization of our applications), and predictions (applies machine learning to analytics information to help us predict the behavior of users in our app). Our use of Firebase requires us to share certain information with Google for purposes of providing the Firebase services above. This information includes installation IDs and UUIDs, mobile ad IDs, Apple and Android IDs, analytics app instance IDs, mobile ad IDs, IP addresses, device specifications, and crash data, including crash traces and breakpad minidump formatted data.

The information obtained using Firebase is stored for up to 14 months.

Google Marketing Platform

We use the Google Marketing Platform (formerly “Google DoubleClick”). This cookie platform enables Google and its partners to serve ads to you based on your visit to our websites and/or other sites on the internet. Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you have a Google account, Google may assign the visit to your Google account. Even if you do not have a Google account or have not logged in to your Google account, Google may connect this information to your IP address.

Additionally, the Google Marketing Platform enables us to understand whether you perform certain actions on our websites after you have called up one of our ads on Google or on another platform or clicked on it (conversion tracking).

For more information on the Google Marketing Platform, please visit https://marketingplatform.google.com/. Please visit Google and use “Ads Settings” to set your preferences. The website http://optout.aboutads.info/ offers a single place to turn off targeted ad serving from any of its members.

Google reCAPTCHA

We use this tool on some cache pages and during signup to protect our services from abusive bots and spam. Types of data collected include:

  • Referrer URL
  • IP Address
  • Operating system information
  • Cookies
  • Mouse and keyboard behavior
  • Date and language settings
  • JavaScript objects
  • Screen resolution

This data is stored by Google. To minimize data sent by reCAPTCHA, you can also delete your history and cookies from your browser.

Hotjar

We use Hotjar of Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta (“Hotjar“).

Your information is processed by Hotjar in the U.S. Hotjar is a technology service that helps us better understand our users’ experience (e.g., how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect information on our users’ behavior and their devices (in particular IP address, device screen size, device type, unique device identifiers, browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will match this information with further information on an individual user. For additional details, please see the information provided by Hotjar.

The information collected is stored for up to 365 days.

You can opt-out of the creation of a user profile, Hotjar’s storing of personal information about your usage of our websites, and Hotjar’s use of tracking cookies on other websites on the HotJar website.

You can prevent Hotjar from collecting your information generated by the cookie and related to your use of the website, as well as the processing of this information by following Hotjar’s guide here: https://www.hotjar.com/policies/do-not-track/.

Microsoft Azure Application Insights

We use the service Microsoft Azure Application Insights of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, U.S. Your information is processed by Microsoft in the U.S.

Microsoft Azure Application Insights collects mobile application performance data, and in some cases usernames, to help us diagnose problems and understand how you are using our apps.

The information collected are stored for up to 30 days.

Meta Pixel

We use the Meta Pixel from Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025. When you navigate to one of our websites, or view an ad from our website, your browser downloads a pixel. That action triggers a request from the Meta Pixel server, providing Meta with information about your visits to our websites. Meta may use information collected through Meta Pixel to provide targeted ads on Facebook and other sites and to provide measurement services. You can learn more by visiting Meta’s Privacy Policy and can control the information shared about you by changing your Meta ad preferences.

Navigate to Settings/Adverts in your Facebook account to adjust your preferences. Learn more about the different types of Facebook cookies here: www.facebook.com/policies/cookies/

CHANGES TO THIS PRIVACY POLICY

We may amend this privacy policy from time to time. When we post changes to this privacy policy, we will revise the “last updated” date at the top of this page. Please review this privacy policy periodically to be informed of how we use and protect your information. If we have your email address, we may also email you with information on those changes.

CROSS-BORDER DATA TRANSFERS

If you access our services from Europe, then the personal information that you provide to us, or that we collect about you, will in most cases be processed and stored in the U.S. In order to ensure your personal information is protected, we comply with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the applicable DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

We will offer you the opportunity to choose (opt-out) whether your data is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by you. You may opt-out of such uses of your personal data by contacting us in the “How to Contact Us” section or by using our web form.

We will not use sensitive personal data for a purpose other than the purpose for which it was originally collected, or subsequently authorized by you, without first receiving your affirmative and explicit consent (opt-in). We will treat as sensitive any personal data received from a third party where the third party identifies and treats it as sensitive.

Please see the section above called “Disclosure of Personal Information” for more information about the types of third-parties to whom we may transfer your data.

Our accountability for personal data that we receive under one of the DPFs and subsequently transfer to a third party is described in the DPF Principles. In particular, we remain responsible and liable under the DPF Principles if third-party agents that we engage to process the personal data on our behalf do so in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage. For data received under one of the DPFs, we will obtain appropriate assurances from applicable third-parties that they will safeguard it consistent with this privacy policy.

We will take reasonable and appropriate precautions to protect personal data in our possession from loss, misuse and unauthorized access, disclosure, alteration, and destruction.

We will use personal data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by you. We will take reasonable steps to ensure that personal data is relevant to its intended use, accurate, complete, and current.

Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. If you want access, or want to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, please contact us using the contact details set out in the “How to Contact Us” section. If requested to remove data, we will respond within a reasonable timeframe.

Recourse, Enforcement, and Liability

In compliance with the EU-U.S. Data Privacy Framework Principles and the Swiss-US DPF, we commit to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. EU, UK, or Swiss individuals with DPF inquiries or complaints should first contact us (How to Contact Us or use our web form).

We have further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

We will conduct compliance audits of our relevant privacy practices to verify adherence to the DPF. Any employee that we determine is in violation of this policy may be subject to disciplinary action.

Limitations

We may be required to disclose your personal data in response to a lawful request by public authorities or in connection with a legal obligation. Our compliance with the DPF Principles may also be limited to the extent necessary to meet national security, public interest or law enforcement obligations, and to the extent expressly permitted by an applicable law, rule or regulation.

HOW TO CONTACT US

If you have any privacy questions, the best and fastest way to contact us is through our Help Center form. You may also contact us by any of the means provided on our contact page, including writing to us at: Geocaching HQ, 837 N. 34th Street, Suite 300, Seattle, WA 98103. For specific requests to remove or change your profile information on Shop Geocaching (shop.geocaching.com), please email Shop Geocaching directly.

We will to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honor your request, e.g., we may request you to provide us with information necessary to confirm your identity, such as your username and the email address associated with your account, or we may request you to provide additional detail that allows us to properly understand, evaluate, and respond to your request.

If you live in the EU: We are located in the U.S. However, we have an EU-based data protection officer and EU-based representative who you may contact as follows:

Our EU Data Protection Officer:
Email: dpo@geocaching.com
Address: Data Protection Officer, Geocaching, Innere Kanalstr. 15 50823 Cologne, Germany

Our EU-based representative:
Email: EURepresentative@geocaching.com
Address: MCF Legal Technology Solutions Limited, ATTN: Groundspeak, Inc. DBA Geocaching EU Representative,
Riverside One, Sir John Rogerson’s Quay, Dublin 2, D02 X576

If you live in the UK: We are not located in the United Kingdom, so we have appointed a UK-based representative to serve as a direct contact on our behalf, who can be contacted at:

Email: UKRepresentative@geocaching.com
Address: MCF Legal Technology Solutions (UK) Limited, Tower 42 Level 38C, 25 Old Broad St, Cornhill, London EC2N 1HQ, United Kingdom.

If you live in California: If you would like to exercise your rights under the CCPA, you or your authorized agent may contact us at the address above or use our web form. If you would like to use an authorized agent to exercise your rights, we may request evidence that you have provided such agent with power of attorney, or that the agent otherwise has valid signed authority to submit requests on your behalf, and ask that you verify your identity directly with us.