Department of the Army

AAFES 0207.02

PRINT  |  E-MAIL

SYSTEM NAME:

Exchange Retail Sales Transaction Data  (March 18, 2016,  81 FR 14839)

SYSTEM LOCATION:

Headquarters, Army and Air Force Exchange Service, 3911 S. Walton Walker Boulevard, Dallas, TX 75236-1598; Exchange Regions and Area Exchanges at posts, bases, and satellite locations worldwide. Official mailing addresses are published as an appendix to the Army's compilation of systems of records notices.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Customers or potential customers of the Army and Air Force Exchange Service.

CATEGORIES OF RECORDS IN THE SYSTEM:

Individual's name; date of birth; Social Security Number (SSN); Department of Defense Identification Number (DoD ID Number), and ID card bar code value; military card identification number; addresses (home, billing, and shipping); email address (personal and/or business) telephone number (personal and/or business); Internet and mobile ordering web login username and password.

Information related to purchases to include: Date of transaction; transaction number; name and address of recipient of order; description and price of item ordered; method of shipment; amount of order/refund; returned check identifier; claim data for returns/damages to shipments; coupon information; digital coupons available; incentive account information (loyalty card, rewards card, points card, advantage card or club card information), and buying preferences.

Information related to payment method to include: Account/card holder name; financial institution information(bank account number, routing number, check number); credit and debit/automated teller machine card information (card number, expiration date, Card Verification Value 2 (CVV2), Card Validation Code (CVC), or Card Identifier (CID); smart card and other chip-based card payment information (issuer, credit or debit accounts and account limits); other similar methods of payment information initiated by mobile device applications; electronic benefit transfer card (Women, Infants and Children Programs (WIC) and Supplemental Nutritional Assistance Program (SNAP) information; prepaid/preloaded/stored value card information; and gift card/certificate information.

Exchange patron demographic information to include: age; military status (active, reserve, retired, civilian, officer, enlisted, family member, survivor, foreign, etc.); military rank; branch of service; household size and income; distance from nearest Exchange; frequency of shopping trips; income range; shopper preference information; preferred brand names; promotions or coupons; and Exchange profile information; social media (Facebook, Twitter, Flickr, YouTube) username; compilation of Exchange patron comments, inquiries, complaints, and feedback concerning Exchange merchandise and the patron's Exchange shopping experience posted by the Exchange patron in the social media environment; and the Exchange patron's publically viewable social media profile information.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

10 U.S.C. 3013, Secretary of the Army; 10 U.S.C. 8013, Secretary of the Air Force; 10 U.S.C. 2481, Defense commissary and exchange systems: existence and purpose; Army Regulation 215-8/Air Force Instruction 34-211(I), Army and Air Force Exchange Service Operations; and E.O. 9397 (SSN), as amended.

PURPOSE(S):

To enable the Army and Air Force Exchange Service to carry out its mission to enhance the quality of life for authorized patrons and to support military readiness, recruitment and retention, by providing a world-wide system of Exchanges with merchandise and household goods similar to commercial stores and services.

To authenticate authorized patrons, record purchases and purchase prices, account for and deduct coupons and other promotional discounts, calculate the total amount owed by the customer, and accept payment by various media, such as cash, credit card, debit/ATM card, smart card and other chip-based cards, electronic benefits transfer payments, prepaid/preloaded and stored value cards, gift cards/certificates, and other similar methods of payments initiated through mobile device applications.

To locate order information to reply to customer inquiries, complaints; to create labels for shipment to proper location; to refund customer remittances or to collect monies due; to provide claim and postal authorities with confirmation/certification of shipment for customer claims for damage or lost shipments.

To record customer transactions/payment for layaway and special orders; to determine payment status before finalizing transactions; to identify account delinquencies and prepare customer reminder notices; to mail refunds on canceled layaway or special orders; to process purchase refunds; to document receipt from customer of merchandise subsequently returned to vendors for repair or replacement, shipping/delivery information, and initiate follow up actions; to monitor individual customer refunds; to perform data analysis and data research that helps the Exchange understand the purchasing behavior of customers and better meet the needs, affinities and wants of our customers; to improve efficiency of marketing system(s); and, to help detect and prevent criminal activity, and identify potential abuse of exchange privileges.

To collect debts due to the United States in the event a patron's medium of payment is declined or returned unpaid.

To monitor purchases of restricted items outside the United States, its territories and possessions, as necessary to prevent black marketing in violation of treaties or agreements, and to comply with age restrictions applicable to certain purchases by minors or those under allowable ages.

To create, maintain and enhance system and mobile device shopping capability allowing authorized patrons to order Exchange retail products online through their home computer, mobile device or other method through which the patron can access the internet, and to pay for such purchases electronically either at the time of ordering or at the time of pick up.

To create Exchange patron profiles for the purposes of determining aggregate patron demographic data for use in responding to individual patron inquiries, assessing aggregate patron satisfaction with the delivery of the Exchange benefit, and in determining the appropriate product availability meeting the Exchange customers' current and future needs and wants. To aid the Exchange management in determining needs of customers and action required to settle customer complaints and to notify potential customers who voluntarily provide their email address and other personal information to receive information about special events, sales, and other information about shopping at the Exchange, and to improve the efficiency and effectiveness of the Exchange's marketing programs.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, as amended, these records or information contained therein may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

To a contractor who requires the data to perform the services that they were contracted to perform, provided that those services are consistent with the routine use for which the information was disclosed to the contracting entity. Should such a disclosure be made to the contractor, the individual or entity making such disclosure shall insure that the contractor complies fully with all Privacy Act provisions, including those prohibiting unlawful disclosure of such information.

To consumer reporting agencies as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or in accordance with 3(d)(4)(A)(ii) of the Federal Claims Collection Act of 1966 as amended (31 U.S.C. 3701(a)(3) for the purpose of encouraging the repayment of an overdue debt, the amount, status and history of overdue debts, the name and address, taxpayer identification (SSN), and other information necessary to establish the identity of a debtor, the agency and program under which the claim arose, may be disclosed pursuant to 5 U.S.C. 552a(b)(12).

The DoD 'Blanket Routine Uses' set forth at the beginning of the Army's compilation of systems of records notices apply to this system. The complete list of DoD Blanket Routine Uses can be found online at: http://dpcld.defense.gov/Privacy/SORNsIndex/BlanketRoutineUses.aspx.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:


STORAGE:

Paper records and electronic storage media.

RETRIEVABILITY:

By individual's name; SSN; military card identification number; DoD ID Number; email address.

SAFEGUARDS:

Records are maintained in a controlled facility. Physical entry is restricted by the use of locks, guards, and is accessible only to authorized personnel. Access to records is limited to person(s) with an official need to know who are responsible for servicing the record in performance of their official duties. Persons are properly screened and cleared for access. Access to computerized data is role-based and further restricted by passwords, which are changed periodically.

RETENTION AND DISPOSAL:

Information on shipments is maintained in computer files for 180 days following completion of shipment. Microfilm and microfiche are retained for 2 years for postal claim purposes; destroyed after 6 years.

Cancelled or completed layaway tickets are held for 6 months after cancellation or delivery of merchandise; purchase orders are retained for 2 years; transaction records are retained for 2 years; refund vouchers are retained for 6 years; returned merchandise slips are retained for 6 years; cash receipt vouchers are retained for 3 years; repair/replacement order slips are retained for 2 years. All records are destroyed by shredding, all electronic records are destroyed by erasing/reformatting the media.

Paper records for customer comments, solicitations and complaints are destroyed by shredding after 3 years. Customer records are kept continuously until obsolete or superseded, at which point paper records are shredded, and electronic records are destroyed by erasing/reformatting the media.

SYSTEM MANAGER(S) AND ADDRESS:

Director/Chief Executive Officer, Army and Air Force Exchange Service, 3911 S. Walton Walker Boulevard, Dallas, TX 75236-1598, and local managers at Exchanges worldwide.

NOTIFICATION PROCEDURE:

Individuals seeking to determine whether information about themselves is contained in this system should address written inquiries to the Director/Chief Executive Officer, Army and Air Force Exchange Service, 3911 S. Walton Walker Boulevard, Dallas, TX 75236-1598.

Individuals should provide their full name, current address and telephone number, case number that appeared on correspondence received from the Exchange if applicable, and signature.

In addition, the requester must provide a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format:

If executed outside the United States: "I declare (or certify, verify, or state) under penalty of perjury under the laws of the United State of America that the foregoing is true and correct. Executed on (date). (Signature)."

If executed within the United States, its territories, possessions, or commonwealths: "I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature).”

RECORD ACCESS PROCEDURES:

Individuals seeking access to information about themselves contained in this system should address written inquiries to the Director/Chief Executive Officer, Army and Air Force Exchange Service, Attention: FOIA/Privacy Manager, 3911 S. Walton Walker Boulevard, Dallas, TX 75236-1598.

Individuals should provide their full name, current address and telephone number, case number that appeared on correspondence received from the Exchange if applicable, and signature.

In addition, the requester must provide a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format:

If executed outside the United States: "I declare (or certify, verify, or state) under penalty of perjury under the laws of the United State of America that the foregoing is true and correct. Executed on (date). (Signature)."

If executed within the United States, its territories, possessions, or commonwealths: "I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature).”

CONTESTING RECORD PROCEDURES:

The Army's rules for accessing records and for contesting contents and appealing initial agency determinations are contained in 32 CFR part 505, Army Privacy Program; or may be obtained from the system manager.

RECORD SOURCE CATEGORIES:

From the individual and contractor/vendor.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

FEDERAL REGISTER HISTORY:

March 18, 2016, 81 FR 14839; August 28, 2006,  71 FR 50899; August 09, 1996, 61 FR 41572; November 1, 1995, 60 FR 55552; July 13, 1995, 60 FR 36111; February 22, 1993, 58 FR 10004