Privacy Policy for Child-Directed Sites

United States Of America

Privacy policy

Effective Date: December 20, 2019

General Mills ("we," "us," "our") is committed to providing a fun, entertaining, and safe online and mobile experience to people of all ages who use our websites and online services, and we take special care to protect the privacy of children under the age of 13. This Privacy Policy ("Policy") describes how information is collected, used, and disclosed through websites, mobile applications, and other online services that we create for children and that link to this Policy (collectively, the "Services"). In addition to reading this Policy, we recommend that parents discuss online and mobile safety with their children and supervise their children's activities to help ensure that children enjoy a safe online and mobile experience.

Information collection

The Services generally require little or no collection of personal information. From time to time, however, we may request that a child provide a name or email address in order to participate in particular activities on our Services. We also may ask a child to provide a screen name and password or demographic information, such as gender and age.

We may collect certain personal information automatically when you visit the Services. For example, we may collect identifiers, including persistent identifiers, such as your Internet Protocol (IP) address; unique identifiers, such as mobile device identification numbers; and customer ID numbers collected through cookies, web beacons, and other technologies. We may use cookies, web beacons, Local Storage Objects, and similar devices on our services to facilitate site administration and navigation and to provide an enhanced online experience for our visitors. Through these mechanisms, we may collect the persistent identifiers described above, as well as internet or other electronic network activity information about the type of web browser and operating system being used, the pages that a user visits on the Services, and other websites the user visited before visiting our Services.

Most web browsers accept cookies automatically, but can be configured not to do so or to notify the user when a cookie is sent. If you wish to disable cookies, please refer to your browser’s help section. Web beacons are 1x1 single-pixel graphics that may be embedded in web pages or emails. We may use web beacons on our websites to count and recognize users. Local Storage Objects (sometimes referred to as "Flash Cookies") are similar to standard cookies except that they can be larger and are downloaded to a computer or mobile device by the Adobe Flash media player. Please note that you may need to take additional steps beyond changing your browser settings to refuse or disable Local Storage Objects and similar technologies. For example, Local Storage Objects can be controlled through the instructions on Adobe's Setting Manager page.

General Mills may use the Services of third parties who collect or maintain personal information through the Services. A list of third parties that collect or maintain personal information from children through the Services is here.

Parental consent

We do not collect, use, or disclose personal information from children under the age of 13 without prior parental consent, except as permitted by the Children's Online Privacy Protection Act ("COPPA"). When we obtain verifiable parental consent, we provide parents with a direct notice in accordance with COPPA. The special, limited circumstances in which we may collect, use, or disclose personal information from a child under 13 without parental consent are:

We may collect online contact information in order to respond on a one-time basis to a specific request of that child. For example, if a child sends us an email request, we will hold the email address long enough to respond to the child and then delete it from our system after we have provided an answer. We will not use this information to re- contact the child or disclose it.
From time to time, we may have special online promotions such as sweepstakes and contests on our Services that are open for registration by children under the age of 13. In these situations, we may collect online contact information in order to communicate on a one-time basis with a child to inform him or her that he or she has won the sweepstakes or contest. At that point, we will ask the winning child for the online contact information of a parent/guardian so that we can make arrangements to award the prize. We will delete the child's online contact information and will not use it to re-contact the child or disclose it.
Alternatively, we may ask the child for a parent/guardian's online contact information so that we can notify the parent or guardian about the child's participation in a promotion or otherwise seek consent. Any information that is given to us in this circumstance is used only for the purpose of conducting the activity and will be deleted from our system after conclusion of the promotion or any other legally required period for keeping such information.
We may seek a child's name and contact information to the extent reasonably necessary to protect the safety of a child participating in our services. In this situation, the information will only be used for the purpose of protecting the child’s safety, and we will provide the parent/guardian with notice of this use.
We may seek a child’s name and contact information to the extent reasonably necessary to protect the security or integrity of our Services; to take precautions against liability; to respond to judicial process; or (to the extent permitted by law) to provide information to law enforcement agencies or for an investigation on a matter related to public safety.
We may use persistent identifiers, such as IP addresses and cookie IDs, to support the internal operations of the Services.

Use of personal information

In addition to the uses outlined in Section 2 (Parental Consent), we may use personal information that we collect through the Services for a variety of purposes, including to provide children with the services and information they request; customize and personalize a child's use of the Services; debug to identify and repair errors that impair existing intended functionality or otherwise maintain or administer the Services or perform business purposes; improve the quality of the Services or any related services; and as otherwise described to parents at the point of collection or pursuant to parental consent.

Sharing of personal information

We may transfer, disclose, or share the categories of personal information discussed in § 1 of this policy that we collect through our Services with service providers who we engage specifically to administer certain functions or perform business purposes on our behalf, such as conducting sweepstakes and contests. These service providers have access to the personal information needed to perform their functions, but may not use or disclose it for other purposes. We may also disclose personal information to third parties when required by law or pertinent to judicial or government investigations or proceedings, when otherwise necessary to protect our Services or the safety of our users or any third party, or with a parent/guardian’s consent. If we sell all or part of our organization, or make a sale or transfer of assets, or are otherwise involved in a merger or business transfer, or in the event of bankruptcy, we may transfer your information to one or more third parties as part of that transaction.

We do not sell any personal information that we collect on any child-directed Site to third parties.

Security

We have adopted reasonable security procedures to help protect the confidentiality, security, and integrity of your personal information against loss, misuse, unauthorized access, disclosure, alteration or destruction. Please note, however, that no system can be guaranteed to be 100% secure. As a result, while we strive to protect your information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and cannot be responsible for the theft, destruction, or inadvertent disclosure of your information.

Reviewing, Correcting, Updating, and Deleting Your Child's Personal Information

Upon providing proper identification, parents can access, review, correct, or have deleted their child's personal information from our database, or refuse further collection or use of personal information from their child by writing to us at:

General Mills, Inc.
Number One General Mills Boulevard
Minneapolis, MN 55426
Attn: Consumer Services.

Depending on the laws of your jurisdiction, you may be entitled to request further transparency about our data processing practices, or access to, or deletion of, the personal information we collect about you. Requests should be submitted to us as described in the "Contact Us" section. Once we receive your request, we may verify it by requesting information sufficient to confirm your identity. If you would like to use an agent registered with the California Secretary of State to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. We will not discriminate against you for exercising these rights or choices, although some of the functionality and features available on the Sites may change or no longer be available to you. Any difference in the Sites are related to the value provided.

We can also be reached by telephone by dialing our consumer response department at 800-446-7894 weekdays from 7:30 a.m. to 5:30 p.m. Central Time, or by email at cshelp@genmills.com. Please feel free to use this same contact information if at any time you have questions or concerns about our general Privacy Policy.

Your California Privacy Rights

In addition to the choices we provide you as described in the previous section, we also commit that we do not share information that we collect through the Services with third parties for the third party's direct marketing purposes.

Some web browsers may transmit "do-not-track" signals to the websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. Because there currently is no industry standard concerning what, if anything, websites should do when they receive such signals, we currently do not take action in response to these signals. If and when a final standard is established and accepted, we will reassess how to respond to these signals.

Links to Third Party Sites and Services

The Services may contain links to other websites or online services that are operated and maintained by third parties and that are not under the control of or maintained by us. Such links do not constitute an endorsement by us of those other websites, the content displayed therein, or the persons or entities associated therewith. This Privacy Policy does not apply to this third-party content. We encourage you to review the privacy policies of these third-party websites or services.

Privacy Policy Updates

General Mills reserves the right to change our practices and our Privacy Policy at any time. Any changes will be reflected on this page. Therefore we recommend that you visit our Privacy Policy often so that you are always fully informed. In addition, we will send a notice to any parent for whom we have contact information informing them of any material change in the collection, use, and/or disclosure practices to which that parent previously consented.