Our Platform contains links to other websites for your convenience and reference. We are not responsible for the privacy practices or the content of those sites.
2.4 Right to Withdraw Consent. You have the right to withdraw your consent at any time, in accordance with Section 12 (Your Right to Opt-Out; Object to Processing; Deleting Information).
- The Information We Collect
To provide our Services, and to otherwise conduct our business via the Platform, we rely on information provided by, and collected from, our users. This information consists of the following:
3.1 Personally Identifiable Information. We collect certain information that identifies you as an individual (collectively, “Personally Identifiable Information“). The Personally Identifiable Information we collect may include the following:
- Your name;
- Your address;
- Your phone number;
- Your email address;
- The agency or organization that you represent; and
- Your fax number.
3.2 Non-Personally Identifiable Information. We also collect technical and device-related information that is not Personally Identifiable Information, but instead identifies or may reasonably be used to identify a particular user device (collectively, “Non-Personally Identifiable Information“). Non-Personally Identifiable Information is typically collected automatically by technical means and, subject to Section 3.4 (Treatment of Combined Information), for purposes of our Platform consists of the following:
- Device identifiers, such as cookies;
- Device information, such as hardware and software settings;
- IP addresses and log information, such as your device’s name, the type and version of your web browser, and referrer addresses that can function to identify a user device; and
- Tracking information that we, or a third party collects.
3.3 Anonymous Information. Our Platform also collects, processes, and/or uses information that does not identify you or your devices, including Personally Identifiable Information that has been made anonymous by: (i) removing identifying fields and aggregating the information with other information so that individual subjects of the information cannot be re-identified, or (ii) anonymizing the information with techniques that remove or modify the identifying data so as to prevent re-identification of the anonymized information (collectively, “Anonymous Information“). Information that meets these criteria might include, for example, demographic information, statistical information (e.g. page views and hit counts), and general tracking information.
3.4 Treatment of Combined Information. If we combine Non-Personally Identifiable Information or Anonymous Information with Personally Identifiable Information, we treat the resulting combination as Personally Identifiable Information.
- How We Collect this Information
We collect the above information through the following means and technologies:
4.1 Registration. In order to provide you with certain Services, we need to collect certain Personally Identifiable Information, including those specified in Section 3.1 (Personally Identifiable Information). For example, when you register an account with our Storefront Service, you must provide a variety of Personally Identifiable Information to us in connection with creating a user account.
4.2 Contacting Red River. You can contact us via the Site with questions or comments – for example, you can contact us to learn more about Red River’s supplier diversity program and the various contract vehicles, such as the California Multiple Award Schedules, in which we participate. In order to communicate with us, you must provide certain Personally Identifiable Information.
4.3 User-Generated Content. We give you the ability through the Platform to engage with us and others in public exchanges, and this may include opportunities for you to provide comments, reviews, recommendations, and other input via the Platform (collectively, “User-Generated Content“). Please understand that, if you include Personally Identifiable Information in User-Generated Content, others will be able to read, collect, re-publish, and otherwise freely use the Personally Identifiable Information. We are not responsible for Personally Identifiable Information you decide to include in User-Generated Content, and we will not take down, remove, or edit User-Generated Content, except as required by Applicable Law. If you include in your User-Generated Content any Personally Identifiable Information relating to others, you represent that you have full permission and authority to do so.
4.4 Requesting a Quote. You can request a quote directly from Red River via the Site. To do so, you must provide certain Personally Identifiable Information, such as your name, the agency or organization that you represent, your mailing address, other specified contact information, and a description of the product for which you are requesting a quote.
4.5 Newsletters and Special Offers. You can provide us with Personally Identifiable Information so that we can send you (i) newsletters about Red River, our Services, and information about issues that we believe may be of interest to you, and (ii) special offers about our products and Services.
4.6 Beacons and Tags. The Platform may use certain data collection technologies that rely on (i) beacons; (ii) pixel tags and object hyperlinking tags, and (iii) other means to link an object to an Internet address, a remote software application, a remote database, or other remote means of receiving or processing information. We may use these technologies to tell us what parts of our Platform have been visited or to measure the effectiveness of searches that users perform on our Platform. These technologies also enable us to send email messages in a format users can efficiently read, to learn whether these email messages have been opened, and to help ensure, for example, that our messages are of interest to our users. These technologies provide us with Anonymous Information, Non-Personally Identifiable Information and, in certain instances, Personally Identifiable Information.
4.7 Device Identifiers; Logs; IP Addresses. To determine whether your device is supported by our Platform, we may collect certain information about your device and network, including your IP address, your operating system and browser, your device model, information about your use of the Platform, as well as the presence of any software that our Platform may require to operate with your device, or other third party software or mobile apps on your device. We automatically receive and record this information in log files, and this is generally Non-Personally Identifiable Information.
4.8 Cookies. A cookie is a small amount of data that is sent to your browser from a website’s computers and stored on your computer’s hard drive. Cookies can be used to provide you with a tailored user experience and to make it easier for you to use a website upon a future visit. We may include cookies on our Platform and use them to recognize you when you return to our Platform. You may set your browser so that it does not accept cookies; however, you may need to enable cookies on your web browser if you wish to access certain personalized features of our Services. Cookies alone are typically Non-Personally Identifiable Information.
4.9 Click-Throughs. We may send email messages or display links that use a “click-through URL” linked to our Platform or to another resource. When you click one of these URLs, you pass through our web server before arriving at the destination website page or other resource. Click-throughs may use and collect Anonymous Information and Non-Personally Identifiable Information. We may track this click-through data to help determine interest in particular topics and measure the effectiveness of our user communications.
- How We Use this Information
We use the information we collect or process, including Anonymous Information, Non-Personally Identifiable Information, and Personally Identifiable Information, as permitted under Applicable Law, including where the use is based on (i) the consent you provide to us at the point of collection as set out in Section 2.2 (Consent by Registered Users); (ii) performance of our agreement to provide you with the Services; (iii) compliance with our legal obligations; and/or (iv) our Legitimate Interests, as well as a third party’s Legitimate Interests. More specifically, we use the information we collect for some or all of the following:
Note that when determining the bases for our use of your information, we rely on what we consider to be the most appropriate basis, even if there are multiple bases available in connection with our use.
- How We Share this Information
We value your privacy, and we share the information we collect only in the manner set out below.
6.1 Our Service Providers. We engage third parties to perform functions on our behalf, and these may include maintaining the Platform, collecting information, responding to and sending email or other messages, and other functions useful to our business. In this capacity, we may provide service providers with Personally Identifiable Information, Non-Personally Identifiable Information, and Anonymous Information as applicable. The following are examples:
- We may use service providers: (i) to fulfill your orders; (ii) to provide customer service (where applicable); (iii) to process and distribute email; and (iv) to manage promotions, special offers, and similar activities. These service providers generally require access to your Personally Identifiable Information in order to perform these services.
- We may use analytics service providers to assist us in understanding and using Non-Personally Identifiable Information and other information that we collect via the Site. A service we use in this regard is Google Analytics, and information concerning how Google uses the information is available at https://policies.google.com/privacy/partners, and opt-out options specific to Google Analytics are available at https://tools.google.com/dlpage/gaoptout.
- We may use service providers to anonymize and aggregate Personally Identifiable Information in order to generate Anonymous Information.
- We may engage service providers to analyze the interests and attributes of our users and, using techniques based on Anonymous Information and Non-Personally Identifiable Information, identify others who might share those interests and attributes. We then use this information to reach out to relevant market segments to provide them information concerning the Platform.
We do not permit our service providers to use the information we give them for any purpose other than providing services to us.
6.2 Questions of Harm; Legal Process. We may disclose your Personally Identifiable Information and Non-Personally Identifiable Information to third parties, including law enforcement agencies, attorneys, and private investigator organizations, where it is necessary, or where we have a good faith belief that it is necessary:
- To comply with legal process;
- To protect and defend our rights and property, including the Platform and associated content;
- To protect against misuse or unauthorized use of our Services;
- To protect the personal safety or property of Platform users or the public, including your personal safety or property (it being understood that we assume no duty to provide, or monitor the need for, such protections); and
- To cooperate with public and government authorities including, where required, authorities outside your jurisdiction.
While you are not able to opt out of this use of information, we will take reasonable steps to limit such use, and disclose only the information we reasonably believe is necessary for the above purposes. If we receive legal process calling for the disclosure of your Personally Identifiable Information, we will attempt to notify you within a reasonable amount of time, unless such notification is not permitted.
- Information to Third Parties
- How We Safeguard the Information We Collect
We recognize the sensitivity of our users’ Personally Identifiable information and we have put in place security systems designed to prevent unauthorized access to or disclosure of this Information. Our security systems include physical, technical, and administrative information security controls, and we take commercially reasonable steps to secure and safeguard such Personally Identifiable Information in accordance with Applicable Law.
- Our Retention of Data
We retain Personally Identifiable Information for the period of time necessary to fulfill the purposes for which we obtained the Personally Identifiable Information and consistent with Applicable Law. We use the following criteria to set our retention periods: (i) the duration of our relationship with you; (ii) the existence of a legal obligation as to the retention period; and (iii) the advisability of retaining the information in light of our legal position (for example, in light of applicable statutes of limitations, litigation, or regulatory investigations).
- Accuracy and Minimization of Data
We take reasonable steps (i) to maintain the accuracy of the Personally Identifiable Information we process, and (ii) to limit the Personally Identifiable Information that we process to that which is reasonably necessary for the purposes for which we obtained the information.
- Accessing and Updating Your Information
If you would like to review, correct, or update the Personally Identifiable Information that you have provided to us, or if you would like to request an electronic copy of this Personally Identifiable Information for purposes of transmitting it to another company (to the extent Applicable Law provides you with this right to data portability) you may make such requests by us as provided in Section 18 (Contact Us).
- Your Right to Opt-Out; Object to Processing; Deleting Information
12.1 Unsubscribing to Email. If you no longer wish to receive email messages from us, you can opt out of this Service by either (1) following the “unsubscribe” instructions located near the bottom of each email message, or (2) contacting us as provided in Section 18 (Contact Us).
12.3 Objections. If you object to our processing of your Personally Identifiable Information, and a request for us to delete this Information is not, in your view, sufficient, please contact us as provided in Section 18 (Contact Us).
12.5 Your “Right to be Forgotten.” If you are protected by the GDPR with respect to our use of your information, upon proper request, we will take the steps set out in the GDPR to erase your Personally Identifiable Information, including information that has may be publicly available via our Platform, such as, for example, Personally Identifiable Information made publicly available through User-Generated Content.
- Advisory Regarding Participation by Children and Teens
Under U.S. Federal Law (as reflected in the Children’s Online Privacy Protection Act), WE DO NOT COLLECT OR STORE ANY PERSONALLY IDENTIFIABLE INFORMATION FROM INDIVIDUALS THAT WE KNOW ARE UNDER THE AGE OF 13. If you wish further information concerning privacy policies in general, and concerning online social networking and safety, you should visit the following website: http://www.ftc.gov/privacy/index.html.
- Notice of Privacy Rights to California Residents
California law requires certain businesses to respond to requests from California users who ask about business practices related to disclosing Personally Identifiable Information to third parties for direct marketing purposes. The California “Shine the Light” law further requires us to allow California residents to opt out of certain disclosures of Personally Identifiable Information to third parties for their direct marketing purposes.
We want your feedback. If you have a suggestions on how we can improve our Services or complaints you would like us to address, please contact us at the address set out in Section 18 (Contact Us). If you are a California resident, you may report complaints to the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs. Other states may provide similar avenues for lodging complaints. Please check with your state’s consumer protection authority.
If you are protected by the GDPR with respect to our use of your information, you may lodge a complaint with a data protection authority for your country or region. A list of EU data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
- Contact Us
- Effective Date
20.1 “Anonymous Information” has the meaning set out in Section 3.3 (Anonymous Information). If you are protected by the GDPR with respect to our use of your information, the term “Anonymous Information” has the same meaning as information generated by a “pseudonymisation” processes, as that term is defined under the GDPR.
20.2 “Applicable Law” means statutes, regulations, and any other laws that apply to the Website, the Services, or the Platform. For example, if you are protected by the GDPR with respect to our use of your information, the term “Applicable Law” includes the GDPR.
20.3 “GDPR” means the European Union General Data Protection Regulation.
20.4 “Legitimate Interest” means, for purposes of the GDPR, that there is a good reason for the processing your Personally Identifiable Information, and that the processing is carried out in a way that minimizes impacts (if any) on your privacy rights and interests. The term “Legitimate interest” also refers to our use of information in ways that you would reasonably expect, based on your relationship to us. For example, there is a Legitimate Interest in collecting and processing your Personally Identifiable Information: (i) to safeguard our Platform, networks, content, and related information and resources; (ii) to administer and generally conduct our business; and (iii) to prevent fraud.
20.5 “Non-Personally Identifiable Information” has meaning set out in Section 3.2 (Non-Personally Identifiable Information).
20.6 “Personally Identifiable Information” has meaning as set out in Section 3.1 (Personally Identifiable Information). If you are protected by the GDPR with respect to our use of your information, the term “Personally Identifiable Information” has the same meaning as the term “personal data” under the GDPR.