About This Privacy Notice
Personal Information We Collect
Sources of Personal Information
Information We May Generate or Collect Automatically
How We Use Personal Information
How We Disclose Personal Information
Retention of Personal Information
International Data Transfers
Links to Other Websites and Services
Your Data Privacy Rights
Changes to This Privacy Notice
How to Contact Us
Important Information for California Residents – California Privacy Rights
TRE’s Privacy Practices as a Service Provider or Processor
1. About This Privacy Notice
This Privacy Notice describes how TRE Holdings, Inc. (“TRE”) and its family of companies collects and processes information as a “business” or “controller” that relates to you (“personal information”) both online and offline, including through our website, www.theretailequation.com, and other websites and digital properties that link to this Privacy Notice (collectively, the “Sites”).
This Privacy Notice does not apply to:
1.1. The information TRE collects and processes on behalf of its customers, including Retailers. We use the term “Retailer” to refer to retail companies that have entered into a contract with TRE to license TRE’s loss prevention software (the “Software”). When processing information on behalf of a its customers, TRE is acting as a “service provider” (sometimes referred to as a “processor”). A Retailer may choose to use the Software on behalf of itself and on behalf of the other store brands affiliated with the Retailer. Additional information about TRE’s role as a service provider is included in the section below titled, “TRE’s Privacy Practices as a Service Provider or Processor.”
1.2 The information practices of Retailers or other third parties. We do not control the privacy practices of any Retailers, third party websites, mobile applications, or online services, and we are not responsible for their actions. Retailers, third parties, other websites, mobile applications, and online services follow different rules regarding the collection, use, and sharing of your information. We encourage you to read the privacy policies of the Retailers, third parties, other websites, mobile applications, and online services you use. Individuals who want to exercise their privacy rights with respect to personal information TRE processes on behalf of its customers, including Retailers, should contact the customer/Retailer to which the request relates. Concerning the Software, the Retailer is the one with which you have made a merchandise transaction, or with which you otherwise interact. Because we are acting as a “service provider” when processing personal information on behalf of our customers, we cannot act upon any privacy right-related requests pertaining to a customer/Retailer that may be submitted directly to TRE.
2. Personal Information We Collect
TRE may collect the following types of personal information:
2.1. Identifiers, such as your first and last name, email address, physical address, phone number, social media profile information, usernames, signature, profile pictures or similar photos, online identifiers (e.g., marketing ID or cookie identifier), or other similar identifiers.
2.2. Professional Information, such as your current or previous employers, job title, business contact information (e.g., address and telephone number), areas of expertise, or other information about the organization with which you are affiliated.
2.3. Device Information, such as information pertaining to the device through which you interact with our Sites, such as your IP address, the type of device used to interact with the Services, that device’s operating system and version, MAC address, user settings, carrier information, or your browser type.
2.4. Internet or Other Electronic Network Activity, such as browsing history, search history, IP address, MAC address, information on a consumer’s interaction with us and our services, which may include pages that you visit before, during and after using our services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our services, including your operating system, your web browser software, the type of handheld or mobile device you used to access the web page, and the language and time zone settings on your web browser.
2.5. User Content, such as comments or other material you post to our social media pages, blogs, or other forums. If you publicly post any personal or other information to the Sites or any web-based or app-based online community that we host, which information may include your tips, updates, alerts, comments, feedback, or any other information that you voluntarily provide (your “Submissions”), we may display your Submissions on any of our Sites, apps, mobile platforms, or any web-based or app-based online community that we host.
2.6. Preferences, such as your stated interests, how frequently you wish to receive our newsletters, or other communication preferences.
2.7 Inferences drawn from other information we collect to create a profile about you, which may reflect your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, or aptitudes.
3. Sources of Personal Information
We collect the categories of information above from the following sources:
- Directly from you, such as when you request information about our products or services, request customer support, use our “Contact Us” or similar features on our Sites, or register to attend our seminars, webinars, or other presentations.
- Indirectly from you, which includes information that we generate or collect automatically. For more information about this source of information, please visit the “Information We Generate or Collect Automatically” section below.
- Other Third Parties. We may also collect information about you from other third parties, including but not limited to:
- Social networks, when you grant us permission to access your data on one or more networks.
- Third-party business partners, such as those we may offer co-branded services or engage in joint marketing activities.
- Publicly available sources and data suppliers from which we obtain data.
- Social networks, when you grant us permission to access your data on one or more networks.
4. Information We May Generate or Collect Automatically
5. How We Use Personal Information
We use your personal information for a variety of business purposes, including to provide our products and services, for administrative purposes, and to market our products and services, as described below. We only use your information when we have a lawful basis for doing so, including when processing your information is necessary for the provision of products and services you requested, to fulfill a contractual obligation, for compliance with a legal obligation, with your consent, or when the processing is necessary to pursue our legitimate interest (including for security purposes or some of our marketing and advertising purposes).
Examples of how we may use personal information are as follows:
- To carry out our business and to provide services or carry out a contract with you:
- To provide our products and services, including to operate, troubleshoot, and improve our products and services.
- To interact with you on behalf of the organization you are affiliated with, including with respect to the products and services the organization uses or has expressed interest in.
- For our administrative purposes to operate our business (including where we have a justifiable reason for example where we pursue our legitimate interest to market our products and advertise, or to secure our systems and data):
- For research and analytical purposes, including to conduct market research; understand how you use our Sites, products, and services; conduct customer surveys; understand the methods and devices you use to access, and the effectiveness of, our Sites and other digital properties; and to make improvements to our Sites, products, and services.
- For marketing and advertisement purposes, including to market, provide, and assess the effectiveness of our Sites and products and services, which may include us sending communications to you that are tailored to you and your interests or more generally in nature.
- To respond to or notify you, including when you reach out to us with a comment, request or question; or to send you technical notices, updates, security alerts, and other administrative messages.
- For other legitimate business purposes, including to operate and improve or business, internal administration, data analysis, billing, detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement, and for any other business purpose permitted by law.
- For legal, fraud prevention, and safety purposes, including to defend or protect us, you, our client, or third parties, from harm or in legal proceedings; maintain the security of our clients, employees, and property; respond to court orders, lawsuits, subpoenas, and government requests; address legal and regulatory compliance; notify you of any other legal or safety issues; and comply with our legal obligations.
- For purposes that you have otherwise consented to.
6. How We Disclose Personal Information
We disclose personal information only as described below or as otherwise communicated to you at the time of collection.
6.1 Service Providers. We may disclose your personal information with third party companies and individuals that provide services on our behalf or help us operate the Sites and our products and services (e.g., hosting, research and analytics, marketing, customer support, and data enrichment). These third parties may use your personal information only as directed or authorized by us and are prohibited from using or disclosing your information for any other purpose, unless otherwise stated herein.
6.2 Advertising or Analytics Providers. As mentioned above, we may use personal information in support of our: (1) advertising and marketing efforts, including to serve interest-based advertisements across the Internet; track and categorize your activity, interests and device(s) used over time on our websites and applications, and on third-party websites and mobile applications; and (2) research and analytics efforts, including to better understand your use our websites and applications to improve those technologies and optimize your experience and interactions. To do this, we may disclose personal information with certain third-party advertising or analytics providers (collectively, “Analytics and Advertising Providers”) through our use of Collection Technologies. These Advertising and Analytics Providers may use Collection Technologies on our digital properties to collect and store information about you and your use of the services.
Our Advertising or Analytics Providers include, for example:
For additional information about our use of Collection Technologies and the Advertising or Analytics Providers that we use, please visit our Cookie Notice.
6.3 Professional Advisors. We may disclose your personal information to our professional advisors, such as lawyers and auditors, where necessary in the course of the professional services that they render to us.
6.4 For Compliance, Fraud Prevention and Safety. We may disclose your personal information for the legal, fraud prevention and safety purposes described in the “How We Use Personal Information” section.
6.5 Business Transfers. We may sell, transfer, or otherwise disclose some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
6.6 Your Consent or Instruction. We may disclose your personal information in situations where we have your consent or instruction to do so.
We may disclose anonymous, de-identified, or aggregate information that cannot reasonably identify you with others for any purpose, as permitted by applicable law. Please note that any personal information that you post to a profile, blog, comment section, or forum on our Sites or social media pages may be available to other users of those forums or, in some cases, made publicly available.
7. Retention of Personal Information
We retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law. Please note that in many situations we must retain all, or a portion, of your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, to protect against fraudulent, deceptive, or illegal activity, or for another one of our business purposes.
8. Security Practices
TRE implements a variety of organizational, technical, and physical safeguards, which are designed to protect the integrity, confidentiality, and availability of your personal information. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.
By using our Site and services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your uses of our Site and services and our processing of your information. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Site, by mail, or by sending an email to you.
9. International Data Transfers
All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.
If we transfer personal information which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses. For more information about the safeguards we use for international transfers of your personal information, please contact us using the contact methods provided below.
10. Children’s Privacy
The Sites and our products and services are directed to persons 18 years of age or older. We do not knowingly request or collect personal information from any person under 13 years of age. If you believe that your child under the age of 13 has submitted personal information to TRE, please contact us so that we can take steps to the delete the personal information.
11. Links to Other Websites and Services
Our Sites may provide links to Internet sites, content, or videos (embedded or direct links) maintained by third parties. We are not responsible for the sites, content, or videos available via those links, and we have not reviewed the privacy practices of those third parties. We encourage you to review the privacy practices of any third-party sites you choose to access.
12. Your Data Privacy Rights
In accordance with applicable law, you may have the right to:
- Access to and Portability of Your Personal Information, which includes the right to: (1) confirm whether we are processing your Personal Information; (2) confirm the categories of your Personal Information that we process; and (3) receive an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine readable format.
- Correct Your Personal Information. In some cases, we may provide self-service tools that enable you to do so.
- Delete Your Personal Information.
- Opt-Out of Your Personal Information Being Used for Certain Purposes, such as: (1) when we are relying on our own or someone else’s legitimate interests to process your personal information, except if when can demonstrate compelling legal grounds for the processing; (2) direct marketing; (2) targeted advertising; (3) the “sale” of your Personal Information (as that term may be defined by applicable law); and (4) certain profiling activities that result in legal or similarly significant effects on you.
- Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing and will not affect the lawfulness of processing before the withdrawal.
To exercise the Privacy Rights identified above, as they may apply to our information practices, or if you have questions about your privacy rights or would like to appeal a decision made concerning a privacy request you submitted, please contact us by sending an email to firstname.lastname@example.org.
Only you or someone legally authorized to act on your behalf may make a verifiable request regarding your personal information. To verify your request, we must collect certain pieces of information about you that confirm your identity. We will use such information for verification and compliance purposes only.
13. Communications Preferences
If you no longer wish to receive marketing communications from us, you can let us know by contacting us using the information available in the “How to Contact Us” section below. Our digital marketing communications may provide unsubscribe or opt-out mechanisms that allow you to modify your communications preferences. Please note that if you opt-out of marketing communications, we may still contact you with non-promotional communications, such as those about ongoing business relations or administrative messages.
14. Changes to this Privacy Notice
We will update this Privacy Notice from time-to-time to reflect changes in our practices, technology, legal requirements, and other factors. If we do, we will post the revised version here with an updated revision date. We encourage you to periodically review this Privacy Notice to stay informed about our collection, processing and sharing of your personal information.
Any modifications to this Privacy Notice will be effective upon our posting the new terms and/or upon implementation of the new changes on the Site (or as otherwise indicated at the time of posting). In all cases, your continued use of the Site after the posting of any modified Privacy Notice indicates your acceptance of the terms of the modified Privacy Notice. If you do not accept this Privacy Notice, you must discontinue use of the Site immediately.
15. Governing Law
This Privacy Notice shall be governed by, and will be construed under, the laws of the State of California, without regard to choice-of-law principles.
16. Supervisory Authorities
If your personal information is subject to the applicable data protection laws of the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority if you believe our processing of your personal information violates applicable law.
- EEA Data Protection Authorities (DPAs)
- Swiss Federal Data Protection and Information Commissioner (FDPIC)
- UK Information Commissioner’s Office (ICO)
17. How to Contact Us
Attn: Data Protection Officer (Legal)
Irvine, CA 92618
TRE is committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EU, you have the right to lodge a complaint with the competent supervisory authority.
18. Important Information for California Residents – California Privacy Rights
18.1. Categories of Personal Information Collected and Sources
The “Personal Information We Collect” section of this Privacy Notice identifies the categories of Personal Information we may have collected in the preceding 12 months. The “Sources of Personal Information” section identifies the sources from which we obtain such information. We do not collect, use, or disclose “sensitive personal information,” as that term is defined by California law.
18.2. Purposes for Collection
We collect and use personal information for the business or commercial purposes described in the “How We Use Personal Information” section above.
18.3. Categories of Personal Information Disclosed and Categories of Recipients
We may have disclosed any Personal Information collected in the preceding 12 months to our Service Providers for purposes consistent with this Notice. We may also disclose any Personal Information we collect: (1) to our Professional Advisors; (2) for compliance, fraud prevention, or safety purposes; (3) as a result of a Business Transfer; or (4) based on your consent or instruction, all four of which are also described in the “How We Disclose Personal Information” section above.
We may have disclosed the following categories of personal information in the past twelve months for our business or commercial purposes to the Categories of Recipients listed below.
|Categories of Personal Information||Categories of Recipients|
|Identifiers (Online Identifiers Only)||Advertising or Analytics Providers|
|Device Information||Advertising or Analytics Providers|
|Internet and Other Electronic Network Activity||Advertising or Analytics Providers|
|Inference Information||Advertising or Analytics Providers|
18.4 California Privacy Rights
Subject to certain limitations, California residents have the following rights regarding their personal information:
- Request to Know. You have a right to request that we disclose what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose, share, or sell personal information, and the specific pieces of personal information that we have collected about you.
- Request to Delete. You have a right to request that we delete personal information that we have collected about you, subject to certain exceptions.
- Request to Correct Inaccurate Personal Information. You have a right to request that we correct inaccurate personal information that we may maintain about you.
- Request to Opt-Out of the “Selling” or “Sharing” of Your Personal Information. Our use of Collection Technologies may be considered a “sale”/ “sharing” under California law. You can exercise your right to opt-out of the “sale” or “sharing” of your personal information by either:
- Global Privacy Control. You may exercise your opt-out right by broadcasting an opt-out preference signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use. Please note that even after opting out, your use of our websites may still be tracked by us or our Service Providers.
The chart below summarizes the categories of Personal Information disclosed that may be considered “selling” or “sharing” under California law. Each category of Personal Information may have been “sold” or “shared” in the last 12 months to our Advertising or Analytics Providers for the purposes outlined in our Cookie Notice . We do not knowingly sell or share the Personal Information of consumers under 16 years of age.
|Categories of Personal Information Sold or Shared|
|Identifiers (Online Identifiers Only)|
|Internet and Other Electronic Network Activity|
- Request to Limit Use and Disclosure of Sensitive Personal Information. California law allows California residents to limit the use of their Sensitive Personal Information to those uses which are necessary to perform the services or provide the goods reasonably requested. As noted above, however, TRE does not collect sensitive personal information.
- Right to No Discrimination. You have a right not to receive discriminatory treatment for the exercise of your privacy rights.
18.5 Exercising Your California Privacy Rights
- How to Submit a Request to Know, Request to Delete, or Request to Correct. You may submit a Request to Know, a Request to Delete, or a Request to Correct by: (1) emailing us at: email@example.com; (2) by writing to us at: TRE, Attention: Data Protection Officer (Legal), 220 Progress, Suite 175, Irvine, California 92618; or (3) by contacting us at 1-866-277-7477.
- How to Submit a Request to Opt-Out of “Selling” or “Sharing”. You may submit a Request to Opt-Out by following the instructions outlined above in the “Request to Opt-Out of the ‘Selling’ or ‘Sharing’ of Your Personal Information” section.
- Authorized Agent. You may designate an authorized agent to submit a request on your behalf. We may require that you provide the authorized agent with written permission to act on your behalf and that you verify your identity directly with us.
- Verification. Once you submit a request, we will verify that you are the consumer to which the request pertains by matching certain data points (e.g., name, email address and/or telephone number) with information we maintain. Depending on the type of request you submit, we will attempt to match either two or three of these data points to the information maintained in our systems. If we are unable to verify your request with the data points you provided, we may reach out to you for additional information to verify your request. We may also reach out to you for additional verifying information for requests requiring a higher degree of verification because of the type or sensitivity of the request.
18.6 California Shine the Light
California residents may request information concerning the categories of personal information, if any, we share with third parties or affiliates for their direct marketing purposes. If you would like more information, please contact us at: firstname.lastname@example.org.
18.7 Do Not Track Disclosures
Some browsers offer a “Do Not Track” privacy preference. Generally, when a user turns on the Do Not Track Signal, their browser sends a message to websites requesting that the user not be tracked. Our websites currently do not respond to “Do Not Track” signals.
18.8 Alternative Format
If you have a disability that prevents or limits your ability to access this notice, please contact us at email@example.com. We will work with you to provide this notice in an alternative format.
19. TRE’s Privacy Practices as a Service Provider or Processor
Among other products and services that TRE provides to its customers, TRE provides the Software, which is a Software-as-a-Service solution, that provides recommendations to Retailers on how to process requests for returns, exchanges, post-sale adjustments, or re-shipment transactions (“Transactions”). Retailers use the Software to detect and protect against fraudulent or abusive activity, such as returning stolen merchandise or abusing a return policy. The Software does this by receiving an individual’s transaction information from a Retailer, and connecting such data with an identification number belonging to the individual at issue, which has been supplied by the Retailer, such as a form of payment or government-issued ID. When a consumer attempts to make a Transaction at that Retailer, the Software then analyzes that individual’s history at that Retailer and based on the Retailer’s criteria, provides a recommendation about the Transactions (i.e., a recommendation that a Retailer approve, warn, or deny a return or exchange). Notably, this analysis is based solely on each consumer’s purchase and Transaction history at the Retailer at issue (which may include the brands within the Retailer’s portfolio).
Although TRE provides Retailers with Transaction authorization recommendations, the ultimate decision to accept or deny a Transaction rests solely with the Retailer. In this role, TRE operates as a “service provider” acting on behalf of each individual Retailer and in accordance with the Retailer’s Software contract. “Service providers” are often referred to as “data processors” under various privacy laws.
Last Updated: June 29, 2023