Table of Contents
1. TRE’s Privacy Practices as a Service Provider
TRE’s Software is a Software-as-a-Service solution, which provides recommendations to Retailers on how to process requests for returns, exchanges, post-sale adjustments, or re-shipment transactions (“Transactions”). Retailers use the Software to detect and protect against fraudulent or abusive activity, such as returning stolen merchandise or abusing a return policy. The Software does this by receiving an individual’s transaction information from a Retailer, and connecting such data with an identification number belonging to the individual at issue, which has been supplied by the Retailer, such as a form of payment or government-issued ID. When a consumer attempts to make a Transaction at that Retailer, the Software then analyzes that individual’s history at that Retailer and, based on the Retailer’s criteria, provides a recommendation about Transaction (i.e., a recommendation that a Retailer approve, warn, or deny a return or exchange). Notably, this analysis is based solely on each consumer’s purchase and Transaction history at the Retailer at issue (which may include the brands within the Retailer’s portfolio). Although TRE provides Retailers with Transaction authorization recommendations, the ultimate decision to accept or deny a Transaction rests solely with the Retailer. In this role, TRE operates as a “service provider” acting on behalf of each individual Retailer and in accordance with the Retailer’s Software contract. “Service providers” are often referred to as “data processors” under various privacy laws.
1.1. Personal Information We Collect as a Service Provider
We may collect certain types of personal information in our role as a service provider, including those listed below. This information may be sent to us by a Retailer or submitted by you directly to TRE (e.g., if you are requesting a copy of a “Retail Activity Report” in connection with a specific Retailer).
- Full name
- Residential address
- Telephone number
- Date of birth
- Driver’s license number, passport number, or other similar identifier
- Unique personal identifiers (e.g., a loyalty ID number with a specific Retailer)
- E-mail address
- Commercial information, including records of merchandise purchased, exchanged or returned
1.2. How We Use/Share Personal Information We Collect as a Service Provider
Any personal information we collect as a service provider (i.e., in our provision of the Software) is used and shared only in accordance with the written contract entered into between TRE and each Retailer. Generally, these processing activities enable Retailers to achieve any one or more of the following purposes:
- Conducting risk management activities for which there is a substantial public interest, including the prevention of retail fraud;
- Providing information that may impact a Retailer’s organization, brand, or customer base; and
- Enabling informed commercial and business risk decisions.
2. TRE’s Privacy Practices as a “Controller”
Generally, the personal information TRE collects and processes is in connection with its provision of the Software to Retailers, as described above in Section 1. In that context, TRE only processes your personal information in the “service provider” capacity. However, there are limited situations in which the law would designate TRE as the “controller” of the personal information we collect. When we are the “controller” of your personal information, we are responsible for how your information is collected, used, and processed.
This section outlines the limited types of personal information we collect in the “controller” context, and explains how we use and share such information.
2.1 Personal Information We Collect as a Controller
TRE may collect the following types of personal information as a controller:
- Information relating to your computer or mobile device, and activity occurring on or through our Site, including, but not limited to, your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, your media access control (MAC) address, general location information such as city, state or geographic area; and browser preferences.
- Internet or other electronic network activity information, including, but not limited to, information about your use of and actions on the Site, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access; and other similar types of information that may constitute personal information.
- Information you may voluntarily submit to TRE.
Generally, we collect the information above on our Site using cookies. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser.
Web browsers may offer users of our Site the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our Site may not function correctly. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Site may not work properly.
2.2 How We Use Personal Information as a Controller
We use the personal information we collect in the “controller” context for the following purposes:
- provide, operate, and improve the Site and our products and services
- provide support and maintenance for the Site
- respond to your requests, questions and feedback
TRE may also use your personal information as we believe necessary or appropriate to (i) comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities or others; (ii) for compliance, fraud prevention, and safety; and (iii) resolve disputes and enforce our agreements.
2.3 How We Share Personal Information as a Controller
- Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate the Site. These third parties may use your personal information only as directed or authorized by us and are prohibited from using or disclosing your information for any other purpose, unless otherwise stated herein.
- Professional advisors. We may disclose your personal information to TRE’s professional advisors, such as lawyers and auditors, where necessary in the course of the professional services that they render to us.
- For compliance, fraud prevention and safety. We may share your personal information for compliance, fraud prevention and safety purposes.
- Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
3. Children’s Privacy
TRE’s Site is directed to persons 18 years of age or older. As a general rule, children are not allowed to use the Site, and TRE does not knowingly request or collect personal information from any person under 13 years of age. If you believe that your child under the age of 13 has submitted personal information to TRE, please contact us so that we can take steps to the delete the personal information that they may have provided.
4. Security Practices
TRE implements a variety of organizational, technical, and physical safeguards, which are designed to protect the integrity, confidentiality, and availability of your personal information. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.
6. Governing Law
7. How to Contact Us
8. Important Information for California Residents (California Consumer Privacy Act of 2018)
This section applies only to California residents. It describes how we collect, use and share personal information of California residents when we are the “controller” of that information, and their rights with respect to that personal information.
California residents who want to exercise their privacy rights with respect to the personal information TRE processes on behalf of each Retailer should contact the Retailer to which the request relates. The Retailer is the one with which you have made a merchandise Transaction, or with which you otherwise interact. Because we are acting as a “service provider” when processing personal information on behalf of each Retailer, we cannot act upon any privacy right-related requests with respect to a Retailer that may be submitted directly to TRE.
8.1 Categories and Sources of Personal Information TRE Collects
8.2. Purposes for Which We Use Personal Information
8.3. Categories of Personal Information We Have Disclosed for a Business Purpose
8.4 We Do Not Sell Personal Information
TRE does not provide your personal information to other companies for money, or otherwise “sell” personal information of consumers, including consumers under 16 years of age.
8.5 Privacy Rights
Subject to certain exceptions, California law affords you with the following rights with respect to your personal information:
- Request to Know. You have a right to request that TRE disclose what personal information it collects, uses, discloses, and sells. As noted above, however, TRE does not sell personal information.
- Request to Delete. You have a right to request that TRE delete the personal information we have collected about you.
- Request to Opt-Out of the Sale of Personal Information. California law affords consumers the right to opt-out of the sale of their personal information. As noted above, however, TRE does not sell personal information.
- Right to Non-Discrimination. You have a right not to receive discriminatory treatment for the exercise of the rights outlined above.
8.6 Submitting a Request
You can submit a Request to Know or a Request to Delete by contacting us through the methods designated below:
- Email us at firstname.lastname@example.org
- Write to us at the following address: The Retail Equation, Attention: Privacy, P.O. Box 51373, Irvine, CA 92619-1373
Once you submit a request, we will verify that you are the consumer to which the request pertains by matching certain data points (e.g., name, email address and/or telephone number) with information we maintain. Depending on the type of request you submit, we will attempt to match either two or three of these data points to the information maintained in our systems. If we are unable to verify your request with the data points you provided, we may reach out to you for additional information to verify your request. We may also reach out to you for additional verifying information for requests requiring a higher degree of verification because of the type or sensitivity of the request.
You may designate an authorized agent to submit a request on your behalf. We may require that you provide the authorized agent with written permission to act on your behalf and that you verify your identity directly with us.
Last Updated: March 29, 2022