SYSTEM NAME:
Commissary Retail Sales Transaction Data (January 06, 2015, 80 FR 497)
SYSTEM LOCATION:
Defense Commissary Agency, 1300 E Avenue, Fort Lee, Virginia, 23801-1800.
An official listing of locations can be obtained from the Office of the Deputy Director/Chief Operating Officer, Defense Commissary Agency.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Members of the uniformed services on active duty, members of the uniformed services entitled to retired pay, dependents of such members, persons authorized to use the system under Chapter 54 of Title 10, United States Code, and others authorized in regulations issued by the Secretary of Defense such as, recipients of the Medal of Honor; selected military personnel of foreign nations; other organizations and activities of the United States Government.
CATEGORIES OF RECORDS IN THE SYSTEM:
Individual's name; address(es); zip code; ship-to address(es); email address(es); telephone number(s); date of birth; Social Security Number (SSN); Department of Defense Identification Number (DoD ID Number), and ID card bar code value; internet and mobile ordering web login username and password; financial transaction information; store, point-of-sale terminal number, date of transaction, transaction number, merchandise purchased, universal product codes (UPCs), global trade item numbers (GTINs), quantity, unit price, total purchase, on-line orders; method of payment information; account/card holder name, check number, financial institution routing number, financial institution bank account number, Magnetic Ink Character Recognition Number (MICR), credit and debit/ATM card number, expiration date, Card Verification Value 2 (CVV2), Card Validation Code (CVC), or Card Identifier (CID); smart card and other chip-based card payment information; issuer, card holder name, bank, credit or debit account and account limits; electronic benefit transfer card (Women, Infants and Children Program (WIC) and Supplemental Nutritional Assistance Program (SNAP)) information; issuer, account/card holder name, account number, purchases and refunds, account balance; prepaid/preloaded/stored value card information; issuer, account number, account limits, and account balance; gift card/certificate information; gift card/certificate number, amount, limits, and balance; coupon information; brand, product, and value; loyalty card, rewards card, points card, advantage card or club card information; card holder name, card number, digital coupons available, buying preferences, and demographic data concerning the patron; other similar methods of payment information initiated by mobile device applications; Near Field Communications (NFC).
Commissary Patron Demographic Information: age, military status (active, reserve, retired, civilian, officer, enlisted, family member, survivor, foreign), military rank, branch of service, household size, distance from nearest commissary, frequency of grocery shopping trips, gender, ethnicity, race, marital status, education level, household information (sponsor, dependent, spouse, child), and income range; shopper preference information; preferred brand names, price, quality, size, availability of discounts, promotions or coupons; and commissary patron profile information; social media (e.g. Facebook, Twitter, Flickr, YouTube) username; compilation of commissary patron comments, inquiries, complaints, and feedback concerning commissary merchandise and the patron's commissary shopping experience posted by the commissary patron in the social media environment; and the commissary patron's publically viewable social media profile information.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301, Departmental regulations; 10 U.S.C. 136, Under Secretary of Defense for Personnel and Readiness; 10 U.S.C. §2481, Defense Commissary and Exchange Systems; Existence and Purpose; 10 U.S.C. §2484, Commissary Stores: Merchandise That May Be Sold; Uniform Surcharges and Pricing; 10 U.S.C. §2485, Commissary Stores: Operation; Department of Defense Directive 5105.55, Defense Commissary Agency (DeCA); Department of Defense Instruction 1330.17, Armed Services Commissary Operations; Department of Defense 7000.14-R, Department of Defense Financial Management Regulations (FMRs), Volume 4, Chapter 3, Receivables; Volume 6A, Reporting Policy and Procedures, Volume 11A, Reimbursable Operations, Policy and Procedures, Volume 11B, Reimbursable Operations, Policy and Procedures – Working Capital Funds.
PURPOSE(S):
To enable the Defense Commissary Agency to carry out its mission to enhance the quality of life of members of the uniformed services, retired members, and dependents of such members, and to support military readiness, recruitment and retention, by providing a world-wide system of commissaries similar to commercial grocery stores and selling merchandise and household goods similar to that sold in commercial grocery stores. The system will enable the authentication of authorized patrons, record purchases and purchases prices, account for and deduct coupons and other promotional discounts, calculate the total amount owed by the customer, and accept payment by various media, such as cash, check, credit card, debit/ATM card, smart card and other chip-based card, electronic benefits transfer payments, including WIC and SNAP, prepaid/preloaded and stored value cards, gift cards/certificates, and other similar methods of payment initiated through mobile device applications. The system will also enable the collection of debts due the United States in the event a patron's medium of payment is declined or returned unpaid. The system also enables the monitoring of purchases of restricted items outside the United States, its territories and possessions, as necessary to prevent black marketing in violation of treaties or agreements, and to comply with age restrictions applicable to certain purchases by minors or those under allowable ages. The system has an internet and mobile device shopping capability allowing authorized patrons to order commissary retail products on-line through their home computer or mobile device and to pay for such purchases electronically either at the time of ordering or at the time of pick up. The system also will enable the creation of commissary patron profiles for the purposes of determining aggregate patron demographic data (age, military status, household size, income group, and distance to nearest commissary, etc.) and patron shopping preference information (preferred brand names, price, quality, size, availability of discounts, promotions, coupons, and enabling the compilation of individual patron comments, inquiries, complaints, requests, and feedback posted to social media pages, for use in responding to individual patron inquiries, assessing aggregate patron satisfaction with the delivery of the commissary benefit, and in determining appropriate product availability meeting the commissary customers' current and future needs and wants.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, as amended, these records contained therein may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
To the Department of Treasury and its designated contractors for electronic check processing and electronic funds transfers related to credit/debit card charges;
To a loyalty card, rewards card, points card, advantage card or club card or digital coupon program coupon contractor which will use the information to verify a commissary customer's enrollment in a loyalty, rewards, points, advantage, club or digital coupon program, and to provide discounts, digital coupons or other incentives to be applied to the customers' commissary purchases.
To the on-line ordering fulfillment contractor to allow for the confirmation by e-mail of orders received, fulfilled, and closed.
To purchasers of commissary sales transaction data pursuant to 10 U.S.C. §2485(h).
The DoD Blanket Routine Uses published at the beginning of the Defense Commissary Agency's compilation of systems of records notices may apply to this system of records.
Disclosures pursuant to 5 U.S.C. 552a(b)(12) may be made from this system to "consumer reporting agencies" as defined in the Fair Credit Reporting Act (14 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)). The purpose of this disclosure is to aid in the collection of outstanding debts owed to the Federal government, typically to provide an incentive for debtors to repay delinquent Federal government debts by making these debts part of their credit records.
The disclosure is limited to information necessary to establish the identity of the individual, including name, address, and SSN, DoD ID Number, DoD barcode value, credit card or debit/ATM card number, the amount, status, and history of the claim; and the agency or program under which the claim arose for the sole purpose of allowing the consumer reporting agency to prepare a commercial credit report.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Paper records in file folders and electronic storage media.
RETRIEVABILITY:
By individual's name, store, point-of-sale terminal number, transaction date, order date, merchandise purchased, transaction number, SSN, Military Card Identification Number, DoD ID Number, DoD ID Bar Code value, financial institution routing number, financial institution account number, Magnetic Ink Character Recognition Number (MICR); loyalty, rewards, points, advantage, club or digital coupon card number; credit or debit/ATM card number; address(es)/e-mail address(es), telephone number, zip code; military status, military rank, family size, income group, and shopping preferences.
SAFEGUARDS:
Access to records is limited to the custodian of the records or by persons responsible for servicing the records in the performance of their official duties. Records are stored in locked cabinets or rooms and controlled by personnel screening. Computer terminals are located in supervised areas. Access to computerized data is controlled by password or other user authentication code systems. All electronic data is transmitted using approved, secured methods to ensure the data is protected while in transit, such as encryption and through the use of Secure FTP using Secure Sockets Layer. Credit/debit card numbers are masked Name, social Security Number, or DoD ID number is not collected for credit card purchases. PINs are automatically encrypted when entered by a patron at the point of sale using a touch-screen keyboard. Credit card information is also subject to the Data Security Standards (DSS) promulgated by the Payment Card Industry (PCI) Security Council.
RETENTION AND DISPOSAL:
Records of commissary retail transactions are maintained for 6 years and 3 months. Records of demographic information, shopper preferences and customer profiles are maintained for 3 years. Paper records containing Personally Identifiable Information (PII) are shredded to a level where the information cannot be reconstructed. Paper records not containing PII are recycled. Electronic records, including metadata, are permanently deleted by Records Managers with administrator privileges from applicable information systems upon verification of disposal status.
SYSTEM MANAGER(S) AND ADDRESS:
Deputy Director/Chief Operating Officer, Defense Commissary Agency, 1300 E Avenue, Fort Lee, VA 23801-1800.
NOTIFICATION PROCEDURE:
Individuals seeking to determine whether information about themselves is contained in this system of records should address written inquiries to the Defense Commissary Agency, ATTN: Privacy Officer, 1300 E Avenue, Fort Lee, Virginia, 23801-1800.
Requests should contain individual's name and address, telephone, and email address; and SSN, DoD ID Number, DoD ID Bar Code value.
RECORD ACCESS PROCEDURES:
Individuals seeking access to information about themselves contained in this system of records should address written inquiries to the Defense Commissary Agency, ATTN: Privacy Officer, 1300 E Avenue, Fort Lee, Virginia, 23801-1800.
Requests should contain individual's name and address, telephone, email address, SSN, DoD ID Number, DoD ID Bar Code value, address(es)/e-mail address(es), and zip code.
CONTESTING RECORD PROCEDURES:
The Defense Commissary Agency rules for accessing records, for contesting contents, and for appealing initial agency determination can be obtained from the Privacy Act Officer, 1300 E. Avenue, Fort Lee, VA 23801-1800.
RECORD SOURCE CATEGORIES:
Individual, Defense Enrollment Eligibility System (DEERS), US Treasury Over the Counter Network (OTCNet), Commissary Advanced Retail Transaction System (CARTS), Defense Commissary Agency Enterprise Data Warehouse (EDW).
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
FEDERAL REGISTER HISTORY:
January 6, 2015, 80 FR 497; May 24, 2013, 78 FR 31528; December 28, 2007, 72 FR 73781;