PRIVACY POLICY

This Privacy Notice (“Privacy Notice”) describes how RSA America and our subsidiaries and affiliates (hereinafter, variously “RSA”, “Company”, “we”, “us”, or “our”) may collect information about you through your interactions with our products, services, websites, mobile applications, and software-as-a-service. We operate several websites including https://rsaamerica.com (the “Sites”), as well as several mobile applications on behalf of our retailer customers (“Applications”) (collectively, the “Services”). It is our policy to respect your privacy regarding any information we may collect while operating the Services.

By using any of RSA’s Services, you confirm you have agreed to the Terms of Service located at “Terms of Service” and read and understood this Privacy Notice and our Cookie Policy located at “Cookie Policy”. We take the privacy of users very seriously, and we will not share the personal information of users in ways unrelated to those described in this Privacy Notice.

Types Of Information We Collect

We collect various information regarding you or your device. This includes the following:

The following provides examples of the type of information that we collect from you and how we use that information.

Context Types of Data Primary Purpose for Collection
and Use of Data
Customer Information We collect the name, usernames, and contact information, of our customers and their employees with whom we may interact. We have a legitimate interest in contacting our customers and communicating with them concerning normal business administration such as projects, services, and billing.
Customer User Account information We collect the information you provide to create an account, specifically email address, first name, and last name. If you sign up for paid Services, we receive a portion of your payment information from our payment processor (such as the last four digits, the country of issuance, and the expiration date of the payment card) and we ask you to select your jurisdiction. We have a legitimate interest in providing account-related functionalities to our users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, we use this information to fulfill our contract to provide you with Services.
Cookies and first party tracking We use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a website is viewed. See our Cookie Policy for more information. We have a legitimate interest in making our Sites and Services operate efficiently.
Cookies and Third-Party Tracking We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our Sites and Services so that they can provide advertising about products and services tailored to your interests on our Sites, Services or on other websites. We have a legitimate interest in engaging in behavior-based advertising and capturing website analytics.
Demographic Information We collect personal information, such as your age or location. We have a legitimate interest in understanding our users and providing tailored services.
Distance Information When you use our applications we collect your location from the GPS, Wi-Fi, and/or cellular technology in your device to determine your location and your distance from one of our User’s retail locations. We have a legitimate interest in understanding our users and providing tailored services.  In some contexts, our use is also based upon your consent to provide us with geo-location information.
Email Interconnectivity If you receive an email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and makes purchases. We have a legitimate interest in understanding how you interact with our communications to you.
Employment If you apply for a job posting or become an employee, we collect the information necessary to process your application or to retain you as an employee.  This may include, among other things, your Social Security Number.  Providing this information is required for employment. We use information about current employees to perform our contract of employment or the anticipation of a contract of employment with you.  In some contexts, we are also required by law to collect information about our employees.  We also have a legitimate interest in using your information to have efficient staffing and workforce operations.
Feedback/Support We collect personal data from you contained in any inquiry you submit to us regarding our Sites or Services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support requests, or to report an issue. When you communicate with us over the phone, your calls may be recorded and analyzed for training, quality control, and for sales and marketing purposes. During such calls, we will notify you of the recording via either voice prompt or script. We have a legitimate interest in receiving and acting upon your feedback, issues, or inquiries.
Mailing List When you sign up for one of our mailing lists, we collect your email address, phone number, and/or postal address. We share information about our products and services with individuals that consent to receive such information.  We also have a legitimate interest in sharing information about our products or services.
Mobile Devices We collect information from your mobile devices such as unique identifying information broadcast from your device when visiting our Sites or using an application or Services. We have a legitimate interest in identifying unique visitors, and in understanding how users interact with us on their mobile devices.
Order Placement We collect your name, billing address, e-mail address, phone number when you place an order. We use your information to perform our contract to provide you with products or services.
Surveys When you participate in a survey, we collect information that you provide through the survey.  If the survey is provided by a third-party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information. We have a legitimate interest in understanding your opinions and collecting information relevant to our organization.
Website & Application Interactions We use technology to monitor how you interact with our Services. This may include IP addresses, preferences, web pages you visited prior to coming to our or our Users’ Sites, Services or applications, information about your browser, network, or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings), information about how you interact with the Services and our Users’ Sites or applications (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors). We have a legitimate interest in understanding how you interact with our Sites and Services to better improve them and to understand your preferences and interests to select offerings that you might find most useful.  We also have a legitimate interest in detecting and preventing fraud.
Web Logs We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors. We have a legitimate interest in monitoring our networks and the visitors to our Sites.  Among other things, it helps us understand which of our services is the most popular.

In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources.  For example, if you submit a job application, or become an employee, we may conduct a background check.

Our Use of Your Information

In addition to the purposes and uses described above, we use information in the following ways:

  • Provision of the Services. Create and manage your account, provide, and personalize our Services, register, or transfer your domain names, process payments and respond to your inquiries.
  • Communicating with you. Communicate with you, including by sending you emails, text messages (with your consent where required by law), and push notifications through our mobile applications about your transactions and Service-related announcements.
  • Promotion. Promote our Services and send you tailored marketing communications about products, services, offers, programs, and promotions of RSA and our partners and measure the success of those campaigns including by sending you emails, text messages (with your consent where required by law), and push notifications through our mobile applications. For example, we may send different marketing communications to you based on your subscription plan or what we think may interest you based on other information we hold about you.
  • Advertising. Analyze your interactions with our Services and third parties’ online services so we can tailor our advertising to what we think will interest you. For example, we may decide not to advertise our Services to you on a social media site if you already signed up for paid Services or we may choose to serve you a particular advertisement based on your subscription plan or what we think may interest you based on other information we hold about you.
  • Customizing the Services. Provide you with customized services. For example, we use your location information to determine your language preferences or display accurate date and time information.
  • Improving our Services. Analyze and learn about how the Services are accessed and used, evaluate, and improve our Services (including by developing new products and services and managing our communications) and monitor and measure the effectiveness of our advertising. We usually do this based on anonymous, pseudonymized, or aggregated information that does not focus on you individually. For example, if we learn that most Users of Paid Services use a particular integration or feature, we might wish to expand on that integration or feature.
  • Security. Ensure the security and integrity of our Services.
  • Third-party relationships. Manage our vendor and partner relationships.
  • Enforcement. Enforce our Terms of Service and other legal terms and policies.
  • Protection. Protect our and others’ interests, rights, and property (e.g., to protect our Users from abuse).
  • Complying with law. Comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts, and law enforcement requests.

Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose.  For example, if you sign up for Services, we may collect your information to complete that transaction, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your Services.  As a result, our collection and processing of your information are based in different contexts on your consent, our need to perform a contract, our obligations under the law, and/or our legitimate interest in conducting our business.

How We Collect Your Information

We obtain personal information from various sources. We do this in three main ways:

  • When you give it to us. You provide some of it directly (such as by registering for an account). For instance, we ask you to provide your name and email address to register and manage your account. We also maintain your marketing preferences and the emails and other communications that you send us or otherwise contribute, such as customer support inquiries or posts to our customer message boards or forums. You might also provide us with information in other ways, including by responding to surveys, submitting a form, or participating in contests or similar promotions. If you do not provide personal information when requested, you may not be able to use our Services if that information is necessary to provide you with the service or if we are legally required to collect it.
  • When you use our Services. We record some of your information automatically when you use our Services, Users’ Sites, or applications (including technologies like cookies). we collect information about your activity on and interaction with the Services, such as your IP address(es), your device and browser type, the web page you visited before coming to our Sites, what pages on our Sites you visit, and for how long and identifiers associated with your devices. If you’ve given us permission through your device settings, we may collect your location information in our applications.  If you are an End User of our Users’ Sites, Services, or applications, we also get information about your interactions with their sites, though we use this in anonymous, aggregated, or pseudonymized form which does not focus on you individually. We use this data to evaluate, provide, protect or improve our Services (including by developing new products and services).  Some of this information is collected automatically using cookies and similar technologies when you use our Services and our Users’ Sites or applications. We let our Users control what cookies and similar technologies are used through their sites (except those we need to use to properly provide the Services, such as for performance or security-related reasons). You can read more about our use of cookies in our Cookie Policy. Some of this information is similarly collected automatically through your browser or from your device.
  • From Third Parties. We receive some of it from third parties (like when you register for an account using a Third-Party Service or when you make payments to us using our payment processor or via a mobile app store). If you use a Third-Party Service (such as Google) to register for an account, the Third-Party Service may provide us with your Third-Party Service account information on your behalfs, such as your name and email address (we don’t collect or store passwords you use to access Third Party Services). Your privacy settings on the Third-Party Service normally control what they share with us. Make sure you are comfortable with what they share by reviewing their privacy policies and, if necessary, modifying your privacy settings directly on the Third-Party Service. If you sign up for certain services directly with us and pay via credit card or ACH, we obtain limited information about your payment card and banking information from our payment processors, such as the last four digits of your card or account number, the country of issuance and the expiration date.

Sharing Of Information

In addition to the specific situations discussed elsewhere in this Privacy Notice, we share personal information in the following ways:

  • Affiliates. We share personal information with our affiliates when it is reasonably necessary or desirable, such as to help provide services to you or analyze and improve the services we or they provide.
  • We share with our Users data regarding usage by End Users of their sites. For example, we provide a User with information about what web page the End User visited before coming to their site and how their End User interacted with their site. This is so Users can analyze the usage of their sites and improve their services.
  • Business partners. We may share personal information with business partners. For example, we may share your personal information when our Services are integrated with their Third-Party Services, but only when you have been informed or would otherwise expect such sharing.
  • Third-Party Plugins and Social Networks. We may share personal information with website plugins, social media platforms, or similar Third-Party Services to improve your experience, at your direction, or when you intentionally interact with the plug-in. For example, when you use a Third-Party Service to create or log in to your account, we may share your personal information with that Third Party Service.
  • Service providers. We share personal information with our service providers that perform services on our behalf. For example, we may use third parties to help us provide customer support, manage our advertisements on other sites, send marketing and other communications on our behalf or assist with data storage.
  • Process payments. We transmit your personal information via an encrypted connection to our payment processor.
  • Following the law or protecting rights and interests. We disclose your personal information if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests (such as enforcing our Terms of Service) or prevent fraud or abuse of RSA or our Users or End Users. In particular, we may disclose your personal information in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements.
  • Advertising. We share personal information with third parties so they and we can provide you with tailored advertising and measure and monitor its effectiveness. For example, we may share your pseudonymized email address with a third-party social media platform on which we advertise to avoid serving RSA ads to people who already use RSA.
  • Business transfers. If we’re involved in a reorganization, merger, acquisition, or sale of some or all of our assets, your personal information may be transferred as part of that deal or the negotiation of contemplated deals.

Your Choices

You can make the following choices regarding your personal information:

  1. Access To Your Personal Information. You may request access to your personal information by contacting us at the address described below. If required by law, upon request, we will grant you reasonable access to the personal information that we have about you. We will provide this information in a portable format if required.  Note that California residents may be entitled to ask us for a notice describing what categories of personal information (if any) we share with third parties or affiliates for direct marketing.
  2. Changes To Your Personal Information. We rely on you to update and correct your personal information. Our Sites allow you to modify or delete your account profile.  If our Sites do not permit you to update or correct certain information, you contact us at the address described below in order to request that your information be modified. Note that we may keep historical information in our backup files as permitted by law.
  3. Deletion Of Your Personal Information. Typically, we retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law, and as described in this Privacy Notice.  You may, however, request information about how long we keep a specific type of information or request that we delete your personal information by contacting us at the address described below.  If required by law we will grant a request to delete information, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
  4. Objection to Certain Processing. You may object to our use or disclosure of your personal information by contacting us at the address described below.
  5. Online Tracking. We do not currently recognize automated browser signals regarding tracking mechanisms, which may include “Do Not Track” instructions.
  6. Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails by following the unsubscribe instructions in the e-mails that you receive.  If you decide not to receive promotional emails, we may still send you service-related communications.
  7. Promotional Text Messages. If you receive a text message from us that contains promotional information you can opt out of receiving future text messages by replying “STOP.” Text messages sent to your mobile device may be generated using automated technology.  Your consent to receive text messages is not required to use the Services and you may opt-out of receiving text messages at any time by contacting us at support@rsaamerica.com. Your mobile carrier’s rates apply and all charges are billed by and payable to your mobile provider.
  8. Push Notifications. If you receive a push notification from us on your mobile device from one of our mobile applications, you can choose not to receive future push notifications by altering the settings on your mobile device. Your consent to receive push notifications is not required to use the Services.
  9. Revocation Of Consent. If you revoke your consent for the processing of personal information, then we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us at the address described below.

Please address written requests and questions about your rights to privacy@rsaamerica.com or call us at 1-312-471-6700.

Note that, as required by law, we will require you to prove your identity.  We may verify your identity by phone call, text message, or email. Depending on your request, we will ask for information such as your name or other account information. We may also ask you to provide a signed declaration confirming your identity. Following a request, we will use reasonable efforts to supply, correct or delete personal information about you in our files.

In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf.  We will require verification that you provided the authorized agent permission to make a request on your behalf.  You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us.  If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of the following information to the request:

  1. A completed written notice indicating that you have the authorization to act on the consumer’s behalf signed by you and the consumer.
  2. If you are a business, proof that you are registered with the appropriate Secretary of State to conduct business in California.

If we do not receive both pieces of information, the request will be denied.

How We Protect Personal Information

While no service is completely secure, we have a security team dedicated to keeping personal information we hold safe from alteration, disclosure, and/or destruction. The company has adopted appropriate physical, electronic, and managerial procedures to safeguard and secure the personal information we process. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. Your account is protected by a password for your privacy and security.  We periodically review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to systems.  When your bank account information is transmitted via the Services, it will be protected by encryption technology. Because the internet is not a completely secure environment, Company cannot warrant the security of any information a user transmits to the Company or guarantee that information on the Services may not be accessed, disclosed, altered, and/or destroyed by breach of any of our physical, technical and/or managerial safeguards. User is responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails between a user and Company, at all times.  Users should limit access to their computer and/or mobile device and/or browser and sign off after a user has finished accessing their account. We are not responsible for the functionality, privacy, and/or security measures of any other organization and are not responsible for the practices employed by any websites and/or services linked to and/or from the Services, including the information and/or content contained therein.

How We Retain Your Personal Information

We will retain your personal data for as long as necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements. The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use and/or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with a user) for research or statistical purposes in which case we may use this information indefinitely without further notice to a user.  We may retain information (including without limitation your personally identifiable information) for a commercially reasonable time for backup, archival, audit purposes, and/or to comply with legal obligations, resolve disputes and enforce agreements. In some cases, if a user chooses not to provide Company with the requested information, a user may not be able to use and/or access all of the Services. Users can request further details of retention periods for different aspects of their personal data by contacting us.

Please note that in the course of providing the Services, we collect and maintain aggregated, anonymized, or de-personalized information which we may retain indefinitely.

End Users’ Personal Information

Our customers who have created a site using RSA are responsible for what they do with the personal information they collect, directly or through RSA, about their End Users.  This section is directed to such customers.

  • Your relationship with End Users. If you are one of our Users, you will collect personal information about your End Users. For example, during checkout, you may ask your End Users to provide their name, address, email address, and payment information so that you can complete their orders. You may also use cookies and similar technologies to analyze usage and other trends. You are solely responsible for complying with any laws and regulations that apply to your collection and use of your End Users’ information, including personal information you collect about them from us or using RSA functionality or cookies, or similar technologies.  You must publish your own privacy and cookie policies and comply with them. We’re not liable for your relationship with your End Users or how you collect and use personal information about them (even if you collect it from us or using RSA functionality or cookies or similar technologies) and we won’t provide you with any legal advice regarding such matters.
  • End-User Payment Information. Your End Users’ payment information may be processed via a third-party payment processor with which you integrate your account, in accordance with such processor’s terms and policies. We transmit your End Users’ complete payment information when they initially provide or update it only so that we can pass it along to the processor you agree to use. We don’t collect or store your End Users’ payment information.

Other Important Information

The following additional information relates to our privacy practices:

  • Third-Party Applications/Websites. We have no control over the privacy practices of websites or applications that we do not own.
  • The Site is not directed at children, and we do not knowingly collect personal information directly from users under the age of 13 or from other websites or services directed at children. Consistent with the Federal Children’s Online Privacy Protection Act of 1998 (“COPPA”), we will not knowingly request or collect personal information from any child under age 13 without obtaining the required parental consent.
  • Changes To This Privacy Notice. We may change our Privacy Notice and practices over time to reflect changes in technology, law, our business operations, or any other reason we determine is necessary or appropriate.  To the extent that our Privacy Notice changes in a material way, the policy that was in place at the time that you submitted personal information to us will generally govern that information unless we receive your consent to the new Privacy Notice.  When we make updates, we will update the ‘Last Updated’ date above and we encourage you to check back periodically to review this Privacy Notice for any changes since your last visit.  This will help ensure you better understand your relationship with us, including the ways we process your personal information.
  • If you are visually impaired, you may access this notice through your browser’s audio reader.

Other Jurisdictions

Personal information that you submit through the Services may be transferred to countries other than where you live. We also store personal information locally on the devices you use to access the Services. Your personal information may be transferred to countries that do not have the same data protection laws as the country in which you initially provided the information. The following provisions may apply to you depending on where you are located.

  • European Economic Area (EEA) and the United Kingdom (UK).

      Transmission Of Information To Other Countries.

RSA is located in the United States.  The Services are hosted in, provided from the United States, and intended for those visiting the United States. Our service providers and other third parties you may interact with in connection with our Services may be located in the United States and other countries around the world. As a result, your information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where possible we take steps to treat personal information using the same privacy principles that apply pursuant to the law of the country in which we first received your information.  By submitting your personal information to us you agree to the transfer, storage, and processing of your information in a country other than your country of residence including, but not necessarily limited to, the United States. To the extent personal information is collected and subsequently transferred out of the EEA, the transfer will take place consistently with:

The Standard Contractual Clauses.  We transfer, in accordance with Article 46 of the GDPR, personal information to recipients that have entered into the European Commission approved contract for the transfer of personal data outside the European Economic Area.

Other means. We may, in accordance with Articles 45 and 46 of the GDPR, transfer personal information to recipients that are in a country the European Commission or a European data protection supervisory authority has confirmed, by decision, offers an adequate level of data protection, pursuant to an approved certification mechanism or code of conduct, together with binding, enforceable commitments from the recipient to apply the appropriate safeguards, including as regards data subjects’ rights, or to processors which have committed to comply with binding corporate rules.

Complaints

If you are a resident of the EEA and believe we process your information under the scope of the General Data Protection Regulation (GDPR), you may direct your questions or complaints to the Office of the Data Protection Commissioner. If you are a resident of the UK, you may direct your questions or concerns to the UK Information Commissioner’s Office. To exercise your privacy rights set forth in this Privacy Notice, you may contact us as set forth in the Contact Us.

  • Nevada. This notice is provided to you pursuant to state law. Nevada state privacy laws permit us to make marketing calls to existing customers, but if you prefer not to receive marketing calls, you may be placed on our internal opt-out list by emailing us at support@rsaamerica.com or you may also contact the Nevada Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Ste 3900, Las Vegas, NV 89101; telephone 702-486-3132; email: AGCinfo@ag.nv.gov.
  • Texas. If you have a complaint, first contact us by visiting our Site at https://rsaamerica.com.  If you still have an unresolved complaint regarding the company’s money transmission or currency exchange activity, please direct your complaint to the Texas Department of Banking: 2601 North Lamar Boulevard, Austin, TX 78705-4294; 1-877-276-5554 (toll-free); dob.texas.gov.
  • Vermont. In accordance with Vermont law, we will not share information we collect about you with companies outside of RSA except as required or permitted by law. For example, we may share information to service your accounts, complete requested transactions, or provide rewards or benefits to which you are entitled.
  • California – California Consumer Privacy Act (“CCPA”). This section is only applicable to you if you are a resident of the state of California in the US (“California Residents”) and only applies to personal information for which RSA is a “Business” (as defined in the CCPA), but does not apply to the personal information we collect from you in the course of our provision of services to you where you are an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, non-profit or government agency.  It applies to the personal information we collect from California Residents on or through our Services and through other means (such as information collected offline or in-person). With respect to personal information for which you are a “Business” and RSA is a “Service Provider,” please see Section 3.7 of our Terms of Service.

How We Collect, Use, and Disclose your Personal Information

Under the CCPA and subject to certain limitations and exceptions, if you are a California resident, you may have the following rights with respect to the information we have collected about you that constitutes personal information under the CCPA

The Types of Information We Collect section describes the personal information we may have collected about you, including the categories of sources of that information. We collect this information for the purposes described in the Our Use of Your Information section. We share this information as described in the Sharing Of Information section. RSA uses cookies, including advertising cookies, as described in our Cookie Policy.

Your Rights and Choices

  • Right to Know.  You have the right to request disclosure about our personal information collection practices during the prior 12 months, including the categories of personal information we collected, the sources of the information, our business purposes for collecting or sharing the information, and the categories of third parties with whom we shared such information; You may request a copy of the specific pieces of personal information we may have collected about you in the last 12 months.
  • Right to Delete.  You may request that we delete (and direct our service providers to delete) your personal information, subject to certain exceptions.
  • Right to Opt-Out.  You have the right to opt-out of any “sales” of your personal information if a business is selling your information
  • Non-Discrimination.  You have the right to not be discriminated against for exercising these rights.

To exercise your data protection rights California residents contact us at support@rsaamerica.com If you have questions, please contact us as described in the Contact Us section in our Privacy Notice. You may be required to provide additional information necessary to confirm your identity before we can respond to your request, and we will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. We will acknowledge receipt of your request within 10 days and will endeavor to respond within 45 days of receipt of your request, but if we require more time (up to an additional 45 days) we will notify you of our need for additional time. For requests that we do not sell your information, we will comply with your request within 15 days. We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.

You may make a request for disclosure of our information collection practices, the information we collected about you, or our sharing practices up to twice within a 12-month period. You may make a request that we do not sell information or for deletion of your information at any time.

For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.

For requests for deletion of your information, please understand that California law permits us to retain certain information and not to delete it under certain circumstances. By way of example, we are not required to comply with a request to delete information if (1) the information is necessary for us to (a) complete a transaction for you or otherwise perform a contract; or (b) detect, protect against, or prosecute security incidents, fraud or illegal activity; (2) we use the information only internally in ways reasonably aligned with your expectations as our customer (such as maintaining sales records), and (3) we are required to retain the information to comply with legal obligations. If we receive such a request from you, we will notify any service providers we have engaged to delete your information as well.

Selling Information. We do not sell your information for monetary consideration, and we do not disclose your information for other valuable considerations. If in the future, we enter into arrangements that fall within the definition of a “sale” under the CCPA, we will update this Privacy Notice and our compliance with the CCPA.

 Using an Authorized Agent. You may submit a request through someone holding a formal Power of Attorney. Otherwise, you may submit a request using an authorized agent only if (1) the person is registered with the Secretary of State to do business in California, (2) you provide the authorized agent with signed written permission to make a request, (3) you verify directly with us that you have authorized the person to make the request on your behalf, (4) you verify your own identity directly with us, and (5) your agent provides us with proof that they are so authorized. We will require the agent to submit proof to us that they have been authorized to make requests on your behalf.

During the past 12 months, we have collected the following categories of information about California residents from the listed sources, used it for the listed business purposes, and shared it with the listed categories of third parties. This includes information about Site visitors, registered users, employees, vendors, suppliers, and any other person interacting with us either online or offline. Not all information is collected about individuals. For instance, we may collect different information from applicants for employment than from customers.

Categories of Personal Information That We Collect To Whom We Disclose Personal Information for

Business Purpose

Identifiers – this may include name, postal address, phone number, unique personal identifier, online identifier, internet protocol (IP) address, device ID, email address, account name, signature, social security number, driver’s license number, passport number, or other similar identifiers. ·       Advertising networks

·       Affiliates or subsidiaries

·       Business partners

·       Data analytics providers

·       Government entities

·       Internet service providers

·       Operating systems and platforms

·       Other Service Providers

·       Payment processors and banks

·       Product and service fulfillment companies

·       Social media platforms & networks

Financial information – this may include bank account number, credit or debit card number, or other financial information. ·       Government entities

·       Internet service providers

·       Operating systems and platforms

·       Other Service Providers (as defined

·       Payment processors and banks

·       Service fulfillment companies

Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. ·       Advertising networks

·       Affiliates or subsidiaries

·       Business partners

·       Data analytics providers

·       Government entities

·       Internet service providers

·       Operating systems and platforms

·       Other Service Providers

·       Payment processors and banks

·       Product and service fulfillment companies

·       Social media platforms & networks

Network activity data– this may include Internet or other electronic network activity information, such as browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement. ·       Affiliates or subsidiaries

·       Data analytics providers

·       Government entities

·       Internet service providers

·       Operating systems and platforms

·       Other Service Providers

·       Social media platforms & networks

Geolocation data – this may include precise physical location. ·       Data analytics providers

·       Internet service providers

·       Other Service Providers

Professional/employment information – this may include occupation and professional references. ·       Government entities

·       Other Service Providers

Education information – such as information contained in education records. ·       Government entities

·       Other Service Providers

Contact Information

If you have any questions, comments, or complaints concerning our privacy practices please contact us at the appropriate address below.  We will attempt to respond to your requests and provide you with additional privacy-related information.

privacy@rsaamerica.com

Attn: Privacy Team

1604 W Colonial Parkway
Inverness, IL 60067
+1 312-471-6700

If you are not satisfied with our response and are in the European Union, you may have a right to lodge a complaint with your local supervisory authority.