This GDPR notice is a supplement to our full privacy notice (https://retailnext.net/legal/privacy-policy). It provides additional details to data subjects in the European Union and European Economic Area.
This supplemental policy describes the personal information we collect about individuals ("you") on our own websites when you visit or provide information to us. We process your data according to the rules of the EU General Data Protection Regulation (GDPR).
Refer to the full notice for complete details of our data processing activities.
Purpose of and Lawful Bases for Processing
When you visit our websites, we may collect information about your usage of our websites and any contact information you provide to us for marketing purposes and to improve the effectiveness of our marketing programs. We also allow you to submit information in order to apply for jobs at our company. This may include the following data:
- Name, email address, phone number, address, job title, company affiliation, and other contact information
- Billing information
- Website usage data, like page visits
- Other information you volunteer to us when you contact us, fill out forms on our website, or apply for a job
We process your personal information for these activities:
- Marketing and sales activities through our website, email, and other channels
- Customer relationship management, including billing and technical support
- Recruiting and hiring
The lawful bases for our processing include the following:
- Our legitimate interest for marketing, internal administrative purposes, and market research
- Consent for marketing communication when you request it from us
- To fulfill our contractual obligations to you when you are our customer
It is our policy to limit the retention of personal data we collect as long as it is necessary for the purposes stated in this notice.
When you visit our websites, we use third-party services for hosting, analytics, advertising, customer support, content acceleration, and other promotional purposes, including Google (Analytics and Ad Services), Pardot, Drift, Pendo, LinkedIn Insight Tag and others.
The information we collect is not shared with or sold to other organizations for commercial purposes, except to provide products or services you've requested, when we have your permission, or under the circumstances described in this policy.
We also contract with third-party service providers, such as virtual hosting infrastructure providers, to host our servers and databases and to provide other services to us. It is our policy to request that our service providers agree not to access or use any information or data they may have access to while providing services to RetailNext other than as specified by us and for the purpose for which it was originally collected. In the course of sharing information if we transfer information to countries outside of the European Economic Area it is our policy that the information is transferred in accordance with this supplemental notice and as permitted by GDPR, using an available approved adequacy mechanism, including the European Commission Decision C(2010)593 Standard Contractual Clauses for Controllers to Processors ("Model Clauses"). We shall remain responsible and liable under the Privacy Shield Principles if our service providers process information on our behalf in a manner inconsistent with the Privacy Shield Principles unless we prove that we are not responsible in that event.
Data Transfer to Other Countries
Storage of this data is not always in your home country and may be transported across borders. As of the date of writing this, we store data in the United States in addition to the country in which it is collected, but we may add additional storage and processing sites without notice. When we transfer information to countries outside of the European Economic Area it is our policy that the information is transferred in accordance with this supplemental notice and using an available approved adequacy mechanism, including the Model Clauses.
Despite its invalidation, RetailNext participates in the EU-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce, and we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
When transferring personal data from the European Union to the United States, we comply with the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity, purpose limitation, access, recourse, enforcement, and liability for data processed under that framework. We are also responsible for ensuring that third parties acting as an agent on our behalf do the same.
We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. Visit the program's website at http://privacyshield.gov to learn more about the Privacy Shield program and to view our certification.
We honor the rights that the GDPR provides for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Data Access, Rectification, Erasure, and other Rights
If you wish to access, correct/rectify, restrict, or delete data collected about you, object to or opt-out of future data collection, or withdraw consent you have provided previously, you may submit a request to the contact info below. You must provide us sufficient information to identify you, verify your identity, and identify the pertinent data and actions you wish to take. We will use commercially reasonable efforts to comply with your request.
We do not process your data in order to perform automated decision making or profiling.
We will investigate and attempt to resolve any complaints and disputes submitted to the contact info below. Please provide reasonable information for us to do so, which may include, but not limited to, your name, contact information and general nature of the complaint. If a complaint or dispute cannot be resolved through our internal process, we agree to participate in the dispute resolution procedures of the American Arbitration Association (http://go.adr.org/privacyshield.html) pursuant to the Privacy Shield Principles.
You also have the right to lodge a complaint directly with a supervisory authority within your own country.
In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles (https://www.privacyshield.gov/article?id=ANNEX-I-introduction).
Changes and Contact Info
From time to time, we update our privacy policies and notices to account for new features or for other reasons. When such changes occur, you are able to view the new document on our site. If you have concerns or questions about our policy, contact us:
RetailNext Privacy Inquiries 60 S. Market Street, Suite 310 San Jose, CA 95113 USA email@example.com
You may also contact our Data Protection Officer directly:
Amy Lund Data Protection Officer RetailNext 60 S. Market Street, Suite 310 San Jose, CA 95113 USA firstname.lastname@example.org
You can also track and compare changes to our policies on GitHub at https://github.com/retailnext/privacy-policy.