Referral Rock Privacy Policy

We at Referral Rock (Referral Rock Inc.) are committed to protecting your privacy. This Privacy Policy applies to our website and blog on referralrock.com (Website), our newsletters (Newsletter), and our Subscription Service (the Subscription Services) owned and controlled by Referral Rock. This Privacy Policy governs our data collection, processing and usage practices. It also describes your choices regarding use, access and correction of your personal information. By using the Website, Newsletter, or the Subscription Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the data practices described in this Privacy Policy, you should not use the Website, Newsletter, or the Subscription Service. 

We periodically update this Privacy Policy. If you subscribe to the Subscription Service, then you will receive notice when this Privacy Policy is modified. We encourage you to review this Privacy Policy periodically.

This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally identifiable information’ (PII) is being used online. PII is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

Scope of this Privacy Policy

Please be aware that this Privacy Policy does not govern all the information Referral Rock may process. Our commitment to customers and service providers is governed by a separate Data Processing Agreement.

Our commitments to employees are governed by our internal employment policies.

In all instances, we are committed to transparency with our customers, employees and protecting your data privacy.

Contact Us

If you have any questions about this Privacy Policy or our treatment of the information you provide us, please contact us using the information below.

Referral Rock Inc.

privacy@referralrock.com

 950 N Washingston, Suite 404

Alexandria, VA 22314

Last Edited on 2018-08-08

Personal Information

What “personal information” do we collect from the people that visit our blog, newsletter, website or app?

When you sign up for and use the Subscription Services, consult with our sales or customer success team, send us an email, post on our blog, integrate the Subscription Services with another website or service (for example, when you choose to connect your e-commerce account with Referral Rock), or communicate with us in any way, you are voluntarily giving us information about yourself and your Contacts. That information may include name, email address, IP address, phone number, credit card information, demographic information, and other information about yourself, your Contacts, or your business.  By giving us this information, you consent to this information being collected, used, disclosed, transferred to the United States and stored by us as described in this Privacy Policy and our Terms of Service.

Payment Information

We collect and process payment information from you when you subscribe to the Subscription Service, including credit cards numbers and billing information, using third party PCI-compliant service providers. Except for this, we do not collect Sensitive Information from you.

Information About Children

The Websites are not intended for or targeted at children under 16, and we do not knowingly or intentionally collect information about children under 16. If you believe that we have collected information about a child under 16, please contact us at privacy@referralroack.com, so that we may delete the information.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under 13.

Navigational Information

What “navigational information” do we collect from the people that visit our blog, newsletter, website or app? 

This refers to information about your computer and your visits such as your IP address, geographical location, browser type, referral source, length of visit, pages viewed, emails opened, or other computer/visit based information.

Do we use ‘cookies’?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

We use cookies to:

  • Understand and save user’s preferences for future visits.
  • Personalize and improve your online experience.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.

If users disable cookies in their browser:

If you disable cookies off, some features will be disabled It will turn off some of the features that make your site experience more efficient and some of our services will not function properly including tracking of referrals and access to some administration features.

Third party links

We do not include or offer third party products or services on our website.

Google

Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en 

We use Google AdSense Advertising on our website.

Google, as a third party vendor, uses cookies to serve ads on our site. Google’s use of the DART cookie enables it to serve ads to our users based on their visit to our site and other sites on the Internet. Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy.

We have implemented the following:

  • Remarketing with Google AdSense
  • Google Display Network Impression Reporting
  • Demographics and Interests Reporting

We along with third-party vendors, such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions, and other ad service functions as they relate to our website.

Opting out:

Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics Opt Out Browser add on.

How does our site handle do not track signals?

We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

How We Use Information We Collect

We Never Sell Personal Information

We will never sell your Personal Information to any third party. 

How do we use your personal information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

  • To personalize user’s experience and to allow us to deliver the type of content and product offerings in which you are most interested.
  • To improve our website in order to better serve you.
  • To quickly process your transactions.
  • To send periodic emails regarding your order or other products and services related to the Subscription Service or that you have opted in to receive.
  • Provide other companies with statistical information about our users — but this information will not be used to identify any individual user. 
  • To meet legal requirements including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
  • To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements. 
  • To provide, support and improve the Subscription Services. This may include sharing your or your Contacts’ information with third parties in order to provide and support our Subscriptions Services or to make certain features available to you (for example, we use Tango Card to process and distribute Gift Cards).

Use of Navigational Information

We use Navigational Information to operate and improve the Websites, Newsletters, and the Subscription Service. We may also use Navigational Information alone or in combination with Personal Information to provide you with personalized information about Referral Rock.

How do we use the information inside your Referral Rock account?  

Demographic information collected in your account for your referral programs are for your use only. This includes but is not exclusive to member and referral demographic information such as name, email address, IP address (for tracking purposes), and any other custom fields you set in the software. Referral Rock doesn’t contact, share, distribute, sell or otherwise use account data in any way outside of the built in functionality within the software. It is only accessible by the Referral Rock team for troubling shooting and support purposes.

Use of Credit Card Information

If you give us credit card information, we use it solely to check your financial qualifications and collect payment from you. We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use information you provide except for the sole purpose of credit card processing on our behalf.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

According to CalOPPA, we agree to the following:

Users can visit our site anonymously.

Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website.

Our Privacy Policy link includes the word ‘Privacy’, and can be easily be found on the page specified above.

Users will be notified of any privacy policy changes on our Privacy Policy Page.

Users are able to change their personal information by logging in to their account .

Security of your Personal Information

How do we protect personal information?

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.

All transactions are processed through a gateway provider and are not stored or processed on our servers.

Retention of Personal Information

We retain Personal Information that you provide us as long as we consider it potentially useful in contacting you about the Subscription Service or our other services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements, and then we securely delete the information. We will delete this information from the servers at an earlier date if you so request, as described in “Opting Out and Unsubscribing” below. 

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

If a security breach causes an unauthorized intrusion into our system that materially affects you, then Referral Rock will notify you via email within 72 hours (as compliant with both the Fair Information Practices and the General Data Protection Regulation – GDPR). If looking for more GDPR information, see our GDPR page.

We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.

International Transfer of Information

To facilitate our global operations, we may transfer and access Personal Information from around the world, including the United States. This Privacy Policy shall apply even if we transfer Personal Information to other countries.

Opting Out and Unsubscribing 

Reviewing, Correcting and Removing Your Personal Information

Upon request, Referral Rock will provide you with information about whether we hold any of your Personal Information. If you provide us with your Personal Information, you have the following rights with respect to that information:

  • To review the user information that you have supplied to us 
  • To request that we correct any errors, outdated information, or omissions in user information that you have supplied to us 
  • To request that your user information not be used to contact you 
  • To request that your user information be removed from any solicitation list that we use 
  • To request that your user information be deleted from our records

To exercise any of these rights, please contact us at privacy@referralrock.com. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.

The above rights are compliant with the GDPR rulings of right to be forgotten, right to data portability, right of modification, and withdrawal of consent. If looking for more GDPR information, see our GDPR page.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.  If you need further assistance regarding your rights, please contact us using the contact information provided above and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

Anti-Spam Policy

Spam is often in the eye of the beholder. If you ask ten different people for a definition of Spam, you’ll probably get ten different answers. So here’s our best explanation:

  • Spam, as applied to email, means “Unsolicited Bulk Email”.
  • Unsolicited means that the recipient has not granted the sender affirmative consent (permission) to email them.
  • Bulk means that the message is sent as part of a larger collection of messages, all having materially similar content.

We won’t send unsolicited bulk email, for commercial or non-commercial purposes. Unsolicited bulk email is defined as email sent to more than 10 individuals with whom we do not have a prior business relationship. All of our bulk emails will have an “opt-out” mechanism and other required information. 

Privacy Shield

Referral Rock complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries transferred to the United States pursuant to Privacy Shield.  Referral Rock has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
 
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Referral Rock is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
 
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States.  Upon request, we will provide you with access to the personal information that we hold about you.  You may also may correct, amend, or delete the personal information we hold about you.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to privacy@referralrock.com.  If requested to remove data, we will respond within a reasonable timeframe.
 
We will provide an individual opt-out choice (for personal data) or opt-in choice (for sensitive data) before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To request to limit the use and disclosure of your personal information, please submit a written request to privacy@referralrock.com. 
 
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
 
Referral Rock is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. Referral Rock complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
 
In compliance with the Privacy Shield Principles, Referral Rock commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints should first contact Referral Rock at: privacy@referralrock.com
 
Referral Rock has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
 
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Confidentiality; Proprietary Rights

Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information” of the Disclosing Party). Proprietary Information includes, without limitation, trade secrets, know-how, including software and documentation therefor, marketing, sales, operating, performance, cost and customer lists, in any form, tangible or intangible. Proprietary Information of Referral Rock includes non-public information regarding features, functionality and performance of the Service. Proprietary Information of Customer includes non-public data provided by Customer to Referral Rock to enable the provision of the Services (“Customer Data”). The Receiving Party agrees: (i) to take reasonable precautions to protect such Proprietary Information, and (ii) not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Proprietary Information. The Disclosing Party agrees that the foregoing shall not apply with respect to  any information that the Receiving Party can document (a) is or becomes generally available to the public, or (b) was in its possession or known by the Receiving Party prior to receipt from the Disclosing Party as evidenced by the Receiving Party’s written records, or (c) was rightfully disclosed to the Receiving Party without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party. If the Receiving Party is required by applicable law or requested (by legal process, civil investigative demand or similar process) to disclose any of the Disclosing Party’s Proprietary Information, the Receiving Party shall notify the Disclosing Party immediately of such requirement so that the Disclosing Party may seek an appropriate protective order or waive compliance with the confidentiality covenants in this Agreement.  Any such disclosure by the Receiving Party pursuant to the preceding sentence shall be limited to the extent required by applicable law, or order, subpoena, regulatory requirement, or litigation disclosure, and the Receiving Party shall reasonably cooperate with the Disclosing Party in any effort made by the Disclosing Party to seek a protective order or other appropriate protection of the Disclosing Party’s Proprietary Information. 

Customer shall own all right, title and interest in and to the Customer Data. Referral Rock shall own and retain all right, title and interest in and to (a) the Services and Software, all improvements, enhancements or modifications thereto, (b) any software, applications, inventions or other technology developed in connection with Implementation Services or support, and (c) all intellectual property rights related to any of the foregoing.

Notwithstanding anything to the contrary, Referral Rock shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, anonymized, aggregate information derived from Customer Data), and Referral Rock will be free (during and after the term hereof) to use such information and data solely to improve and enhance the Services and for other diagnostic and corrective purposes in connection with the Services. No rights or licenses are granted except as expressly set forth herein.