Legal Notices

Effective date:

This GDPR notice is a supplement to our full privacy notice. It provides additional details to data subjects in the European Union and European Economic Area.

This supplemental policy describes the personal information we collect about individuals ("you") on our own websites when you visit or provide information to us. We process your data according to the rules of the EU General Data Protection Regulation (GDPR).

Please refer to the full notice for complete details of our data processing activities.

Purpose of collection and types of data collected

When you visit our websites, we may collect information about your usage of our websites and any contact information you provide to us for marketing purposes and to improve the effectiveness of our marketing programs. We also allow you to submit information in order to apply for jobs at our company.

This may include the following types of data:

  • Name, email address, phone number, address, job title, company affiliation, and other contact information;
  • Billing information;
  • Website usage data, like page visits; and
  • Other information you volunteer to us when you contact us, fill out forms on our website, or apply for a job.

We process your personal information for these activities:

  • Marketing and sales activities through our website, email, and other channels;
  • Customer relationship management, including billing and technical support; and
  • Recruiting and hiring.

Lawful Bases for Processing

The lawful bases for our processing include the following:

  • Our legitimate interest for marketing, internal administrative purposes, and market research;
  • Consent for marketing communication when you request it from us; and
  • To fulfill our contractual obligations to you when you are our customer.

Data Retention

It is our policy to limit the retention of personal data we collect as long as it is necessary for the purposes stated in this notice.

Data Sharing

When you visit our websites, we use third-party services for hosting, analytics, advertising, customer support, content acceleration, and other promotional purposes, including Google (Analytics and Ad Services), Pardot, Drift, Pendo, LinkedIn Insight Tag and others. The information we collect is not shared with or sold to other organizations for commercial purposes, except to provide products or services you've requested, when we have your permission, or under the circumstances described in this policy. We also contract with third-party service providers, such as virtual hosting infrastructure providers, to host our servers and databases and to provide other services to us. It is our policy to request that our service providers agree not to access or use any information or data they may have access to while providing services to RetailNext other than as specified by us and for the purpose for which it was originally collected. In the course of sharing information if we transfer information to countries outside of the European Economic Area it is our policy that the information is transferred in accordance with this supplemental notice and as permitted by GDPR. We shall remain responsible and liable under the U.S. DPF Principles if our service providers process information on our behalf in a manner inconsistent with the U.S. DPF Principles unless we prove that we are not responsible in that event.

Data Transfer to Other Countries

Storage of this data is not always in your home country and may be transported across borders. As of the date of writing this, we store data in the United States in addition to the country in which it is collected, but we may add additional storage and processing sites without notice. When we transfer information to countries outside of the European Economic Area it is our policy that the information is transferred in accordance with this supplemental notice and using an available approved adequacy mechanism, including the Model Clauses.

RetailNext complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. RetailNext has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this GDPR Notice and the EU-U.S. DPF Principles, the Principles shall govern. The Federal Trade Commission has jurisdiction over RetailNext’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

When transferring personal data from the European Union to the United States, we comply with the EU-U.S. DPF Principles of notice, choice, accountability for onward transfer, security, data integrity, purpose limitation, access, recourse, enforcement, and liability for data processed under that framework. We are also responsible for ensuring that third parties acting as an agent on our behalf do the same.

We have certified to the Department of Commerce that we adhere to the EU-U.S. DPF Principles. Visit the DPF website at to learn more about the Data Privacy Framework and to view our certification.

Your Rights

We honor the rights that the GDPR provides for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

Data Access, Rectification, Erasure, and other Rights

If you wish to access, correct/rectify, restrict, or delete data collected about you, object to or opt-out of future data collection, or withdraw consent you have provided previously, you may submit a request to In order for us to process your request, you must provide us with sufficient information to identify you, verify your identity, and identify the pertinent data and actions you wish to take. We will use commercially reasonable efforts to comply with your request.

We do not process your data in order to perform automated decision making or profiling.

Complaint and Resolution Process

In compliance with the EU-U.S. DPF, RetailNext commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact RetailNext at:

In compliance with the EU-U.S. DPF, RetailNext commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to the International Centre for Dispute Resolution, the international division of the American Arbitration Association (ICDR-AAA), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you.

You also have the right to lodge a complaint directly with a supervisory authority within your own country.

Individuals have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms as described in Annex I to the EU-U.S. Data Privacy Framework.

Changes and Contact Info

From time to time, we update our privacy policies and notices to account for new features or for other reasons. When such changes occur, you are able to view the new document on our site. If you have concerns or questions about our policy, contact us:

RetailNext Privacy Inquiries 307 Orchard City Drive, Suite 100 Campbell, CA 95008 USA

You may also contact our Data Protection Officer directly:

Amy Lund Data Protection Officer RetailNext 307 Orchard City Drive, Suite 100 Campbell, CA 95008 USA