ReloDirect.com (referred to herein as "the Partnership," "we" or "us' or "our") is committed to protecting the privacy of the users of this Web site. This statement discloses our privacy practices. The purpose of this statement is to inform you about:
- What kinds of information we collect from users of the ReloDirect.com web site at (the 'Web site') and how such information is collected
- How the information is used by us
- Whether we disclose any user information to third parties
- How you can access, update or delete any information that we collect about you and
- The security procedures which we use to protect your personal information
How We Collect Information
Generally, you can visit the Web site without revealing any personal information. Like many Web sites, our Web servers collect the Internet Protocol addresses, but not the e-mail addresses, of visitors. This information can measure the number of visits, average time spent on the site, pages viewed, and other such statistics.
In addition, in order for us, our third-party content suppliers, or licensees to provide certain services to you, you may be asked for information that identifies you, including your name, e-mail address, mailing address, zip code, telephone number, fax (collectively, 'Personal Information'). You may also elect to provide such information to us by sending or responding to e-mails regarding certain listings or services offered on our Web Site, our third-party content suppliers, or licensees. The Partnership, as a customer service, offers links to other sites, and does not assume any responsibility for those sites or their privacy policies and provides those links solely for convenience of the Partnership's visitors. If you access any of these other sites, you must do so at your own risk and may rely only on their terms and conditions and privacy policies.
How we Use and Disclose Your Information
We collect, generate, retain and use your Personal Information for our own internal purposes in connection with the facilitation, recording and processing of any requests, communications, or interactions you may have with our Web site. We also collect and store statistics and other information about you and your online activities on an aggregated, non-personally identifiable basis and in a manner that may allow us or our affiliated or related entities, third-party content suppliers, or licensees to improve services to you.
If ReloDirect is involved in a merger, acquisition, or any form of sale of some or all of its business, personal information may be transferred along with the business.
We may share with third parties’ aggregate information or information that does not personally identify individuals.
Cookies are small pieces of information that are stored by your browser on your computer's hard drive. Cookies allow Web sites to recognize you when you return and can keep track of information specific to you.
Do Not Track Disclosure for California Residents
You may set “Do Not Track” signal preferences in your web browser(s). This is a way for you to communicate to websites that you do not want certain information collected about your web visits collected over time and across websites or via online services. California law requires that websites disclose their practices regarding their response to “Do Not Track” signals. We currently do not track our customers over time and across third party websites. Therefore, at this time we do not respond to “Do Not Track” signals. For more information about “Do Not Track” please visit https://oag.ca.gov/sites/all/files/agweb/pdfs/cybersecurity/making_your_privacy_practices_public.pdf
Information Sharing and Disclosure
Information about our customers is important to our business, and we are not in the business of selling it to others. We share customer information only with our related or affiliated entities.
Data security is critical to us and thus all Personal Information is held in a secured database. While it is impossible to guarantee the complete security of any computer system and the data contained therein, we maintain and implement robust security policies and procedures that combine with available technologies in accordance with prevailing industry standards, all of which are designed to protect the confidentiality, integrity, and availability of your Personal Information.
RDI Is Subject to the Investigatory and Enforcement Powers of the Federal Trade Commission and Complies With Lawful Data Requests
Like most businesses, RDI is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Similar to any legal requirement to provide data, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
RDI’s Liability In Cases of Onward Transfers
In the context of an onward transfer, RDI is responsible for the processing of personal data that it receives and subsequently transfers to a third party. Our third-party providers have committed to the roles and responsibilities of a processor and RDI has and will continue to require provider proof sources that they are managing the data according to the Principals and expectations set forth in their contract addendums.
RDI, based on contractual agreements with its Client, acts as a controller or joint-controller of data in order to deliver the agreed upon services. RDI gains consent directly from the individuals receiving services and outlines the purpose and choice options of each service that requires personally identifiable information (PII) or sensitive PII. It is also possible that our Client will act as the controller of data consent and obtain consent for the services directly from the individual and send to RDI to process the services on their behalf, including where relevant sensitive data from the EU and Switzerland, when required.
Accountability for Onward Transfer
RDI adheres to the Accountability for Onward Transfer Principle and the Obligatory Contracts for Onward Transfer Supplemental Principle.
RDI has strict protocols in place to secure, hold, protect, encrypt and store data. In addition, physical site security includes guards and swipe badges, among other systemic tools deployed to secure the data on our servers and in our offices. Our system is tested every month for vulnerabilities and role-based access governs the systems containing individual PII or special PII. As a processor, we follow the requirements of our contractual obligations to its Clients.
Data Integrity and Purpose Limitation
Following the Data Integrity and Purpose Limitation Principle, RDI personal data collection practices are directly tied to the information required to effectively administer the service or provide a third party with the relevant information they need to support the delivery of services on our behalf. Each service supported by or through RDI as a controller or processor has its own purpose limitation and explanation of why the data set is needed. In some instances, there can be multiple requirements for the use and retention of data, which could include the ability reasonably serve customer relations, compliance and legal considerations, auditing and due diligence, security and fraud prevention, preserving or defending RDI’s legal rights, or other purposes consistent with the expectations of a reasonable person given the context of the collection.
RDI may retain relevant personal data based on its Client engagement requirements. Other considerations of data retention can include: 1) the duration of the individuals assignment whereby RDI requires the personal data to continue services to the assignee, and 2) to support any legal requirements RDI is subject to for its business interests or legal requirements
Individuals from EU and Switzerland can access personal data about them that RDI holds. “Access” conveys the right to: (i) obtain from RDI confirmation of whether or not we are processing personal data relating to them; (ii) have outlined the personal data relating to them enabling them to verify its accuracy and the lawfulness of the processing; and (iii) have their personal data corrected, amended, or deleted where it is inaccurate or processed in violation of the Principles. Individuals from EU and Switzerland may request to access their personal data using the contact information listed in Who to Contact section above. RDI may limit or deny access as provided in the Principles, including where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. In the scenario where RDI may deny access, it will follow the Principles of informing the data subject in a timely manner (45 days) with a clear, concise explanation on the declined request and provision who to contact for further information. Depending on the Client contract, if RDI is a processor, we will defer the request to the Client to manage. The request may result in a fee for providing access where necessary or appropriate.
Recourse for the Data Subject
As noted above, individuals have a variety of options to submit inquiries or complaints. We will receive the complaint or inquiry and action it within RDI for review and resolution with 45 days.
RDI uses JAMS, an alternative dispute resolution provider based in the United States, to investigate and resolve complaints and disputes that cannot be resolved internally, at no cost to the individual, by reference to the Principles. Unresolved complaints may be directed to JAMS using the complaint submission form found here (The use of JAMS should be employed only after the individual has petitioned RDI with a request or explanation of their issue. If, after 45 days, and/or contact with the Privacy Office, the individual may use the JAMS complaint and recourse mechanism described here is available to individuals from EU and Switzerland whose personal data has been collected or processed by RDI under these Principles. This option is not available to individuals from EU whose personal data has been collected or processed by RDI under any other EU data transfer adequacy mechanism.