Privacy Policy

INTRODUCTION

This General Rimrock Privacy Policy (also referred to as the ‘Privacy Policy’) provides information on the collection, use, and sharing (collectively referred to ‘processing’ or ‘process’) as of personal information by Rimrock Corporation and its affiliates (“Rimrock”, “we” or “us”) in connection with your use of Rimrock websites, mobile applications, and social media pages that link to this Privacy Policy, your interactions with Rimrock during in-person meetings at Rimrock facilities or at Rimrock events, and in the context of other online or offline sales and marketing activities. This Privacy Policy also explains the privacy rights you have in relation to these processing activities.

This Privacy Policy was last updated on December 21, 2021. However, the Privacy Policy can change over time, for example to comply with legal requirements or to meet changing business needs. The most up-to-date version can be found on this website. In case there is an important change that we want to highlight to you, we will also inform you in another appropriate way (for example via a pop-up notice or statement of changes on our website). See the previous version of this Privacy Policy.

As used in this Privacy Policy, ‘personal information’ or ‘personal data’ means information that relates to an identified individual or to an identifiable individual. For example, this could include among other things your name, address, email address, business contact details, or information gathered through your interactions with us via our websites or at events. Personal information is also referred to as ‘information about you.’ For more detail about the types of information about you that we may process, please refer to Section 4 below.

SCOPE OF THE PRIVACY POLICY

This Privacy Policy applies to the processing of personal information by Rimrock visitors and users of the various Rimrock sites, attendees of Rimrock events, customers and prospective customers and their representatives; subscribers to Rimrock publications or newsletters; visitors to Rimrock facilities and suppliers and business partners and their representatives.

This Privacy Policy applies to the processing of personal information by Rimrock of:

  • visitors and users of the various Rimrock sites, including our websites on Rimrock.com, computer or mobile software applications and our social media pages that link to this Privacy Policy (collectively referred to as the sites);

  • attendees of Rimrock events or Rimrock-sponsored events;

  • customers and prospective customers and their representatives;

  • subscribers to Rimrock publications and newsletters;

  • visitors to Rimrock facilities; and

  • suppliers and business partners and their representatives.


The Privacy Policy does not apply to the following activities:

  • Personal information collected about you by Rimrock customers. Rimrock customers are responsible for their own personal information collection and processing practices, including when customers use Rimrock products or services to process your personal information. To find out more about our customers’ use of personal information about you, you are encouraged to review the relevant privacy policy of the company who collected your information from you. Please consult that company directly if you have any further questions about its use of information about you.

  • Personal information processed by Rimrock to provide Cloud, Technical Support, Consulting/ACS, or other services to Rimrock customers. “Services personal information” is personal information processed by Rimrock on behalf of a customer in order to provide and perform contracted services.

  • Personal information you provide on third party sites not controlled by Rimrock. When interacting with our websites, you also have the ability to link or connect with non-Rimrock websites, services, social networks, applications, or other features. Enabling these features will lead to other parties than Rimrock processing information about you. Rimrock does not have any control over these features of other parties. We encourage you to review the privacy policies of these parties before using these features.

WHO IS RESPONSIBLE FOR YOUR PERSONAL INFORMATION?

Rimrock Corporation and its affiliated entities are responsible for processing your personal information described in this Privacy Policy.

WHICH CATEGORIES AND SPECIFIC PIECES OF PERSONAL INFORMATION DO WE PROCESS?

Rimrock can process information about you collected directly from you both offline and online, including when you create a Rimrock account to access Rimrock products and services or attend a Rimrock-sponsored event. Information about you may also be provided to Rimrock by selected third party sources, such as data aggregators who may not have a direct relationship with you or by third parties who collect information about you on behalf of Rimrock such as when you download a Rimrock whitepaper.

Specific pieces of information about you that Rimrock may collect and process depending on your interaction with Rimrock, includes:

  • name and physical address, email addresses, and telephone numbers;

  • demographic attributes, when tied to personal information that identifies you;

  • photographs that identify you and testimonials;

  • transactional data, including products and services ordered, financial details and payment methods;

  • company data such as the name, size, and location of the company you work for and your role within the company as well as publicly available company information and activity associated with company data;

  • data from surveys conducted by Rimrock or by third parties on behalf of Rimrock and publicly available information, such as social media posts;

  • call recording and chat transcript data from Sales and customer support calls and live chat sessions or interviews;

  • unique IDs such as your mobile device identifier or cookie ID on your browser;

  • IP address and information that may be derived from IP address, such as geographic location;

  • information about a device you use, such as browser, device type, operating system, the presence or use of “apps”, screen resolution, and the preferred language;

  • certain location or geolocation information you provide directly or through automated means, if you choose to enable location-based services from your device or Rimrock app; and

  • behavioral data of the internet connected computer or device you use when interacting with the sites, such as advertisements clicked or viewed, sites and content areas, date and time of activities or the web search used to locate and navigate to a site.

Certain online information about you or device information may originate from the use of cookies and similar technologies (for example, pixel tags and device identifiers) on our sites or sites of third parties. For more information on cookies and similar technologies, please see Section 11 below.

Please note that Rimrock does not control the content that you may post to Rimrock Communities forums or social networks; in some cases, such content may be publicly available on the Internet. You should carefully consider whether you wish to submit personal information to these forums or social networks and whether you wish to make your profile available to other users, and you should tailor any content you may submit accordingly.

WHY AND HOW DO WE USE YOUR PERSONAL INFORMATION?

We use your personal information to respond to your requests; to deliver functionality on our sites; to administer our subscriptions; to market and tailor products and services to you and your company’s interests; to engage in transactions with and process orders; to develop, improve the performance of, and secure our sites, products, and services; and to comply with applicable laws such as to comply with an opt-out request.

We may use personal information for the following business purposes:

  • to communicate and respond to your requests and inquiries to Rimrock;

  • to create and administer a Rimrock single sign-on (SSO) account (also referred to as an ‘Rimrock Account’) and to deliver functionality on our sites and for their technical and functional management;

  • to engage in transactions with customers, suppliers, and business partners and to process orders for Rimrock products and services;

  • to analyze, develop, improve and optimize the use, function and performance of our sites and products and services;

  • to manage the security and operation of our sites, facilities, and networks and systems; and

  • to comply with applicable laws and regulations and to operate our business.


We may use personal information for the following commercial purposes:

  • to administer subscriptions of Rimrock publications and newsletters;

  • to market our products and services or related products and services, and to tailor our marketing and sales activities to your or your company’s interests; and

  • to provide select business-to-business services to Rimrock customers using publicly available information about companies which may include personal information such as the name of a company’s CEO that is publicly available.

These purposes are described below in further detail.

To communicate and respond to your requests and inquiries to Rimrock

If you get in touch with us (such as by submitting contact forms on our sites, reaching out to us via Rimrock Sales chat, attending Rimrock events or other occasions, sending an email or by visiting social media platforms), we process information about you to communicate with you and to respond to your requests or other inquiries. We can also process personal information to interact with you on third party social networks.

To create a Rimrock SSO account and deliver functionality on our sites and for their technical and functional management

When you choose to register with us (such as to make use of our communities), we need to process the personal information provided by you so that we can create a Rimrock account for you. Please note, this only applies to personal information controlled by Rimrock, not personal information Rimrock processes on behalf of our customers.

To engage in transactions with customers, suppliers, and business partners and to process purchases of our products and services

If you place an order for our products and services, or if you provide services to Rimrock, our employees, customers or partners as a supplier or business partner, Rimrock processes information about you to engage in and administer the relevant transactions (such as by sending invoices and making payments), administer your order, and help you get started and adopt our products and services (e.g., by contacting you to activate your Cloud services credits). If you download products or services from our sites, Rimrock uses information about you to confirm certain information about your order (for example, that you did not experience problems in the download process).

To analyze, develop, improve and optimize the use, function and performance of our sites and products and services

We may process personal information in order to analyze, develop, improve and optimize the use, function and performance of our sites and products and services, including for quality assurance and training purposes, as well as for marketing and sales campaigns. This includes processing personal information to conduct surveys to improve Rimrock products and services. In case the sites permit you to participate in interactive discussions, create a profile, post comments, opportunities or other content, or communicate directly with another user or otherwise engage in networking activities on Rimrock sites, Rimrock may process personal information when moderating these activities.

To manage the security of our sites, facilities, networks, and systems

We may collect site use data for security and operations management to help keep our sites, facilities, networks, and systems secure, or to investigate and prevent potential fraud, including ad fraud and cyber-attacks and to detect bots.

To comply with applicable laws and regulations and to operate our business

In some cases, we have to process personal information to comply with applicable laws and regulations. For example, to respond to a request from a regulator or to defend a legal claim. We may also process personal information in the performance and operation of our business, such as to conduct internal audits and investigations or for finance and accounting and archiving and insurance purposes.

To administer subscriptions of Rimrock publications and newsletters

If you subscribe to our magazines (such as “Rimrock” or “Profit”), we process information about you to administer your subscription to our magazines (including the renewal process) and newsletters.

To market our products, services, events, or related products and services and to tailor marketing and sales activities

Rimrock may use information about you to notify you about new product releases and service developments, events, alerts, updates, prices, terms, special offers and associated campaigns and promotions (including via newsletters). Rimrock may also use personal information to advertise Rimrock’s products and services or related products and services, and also to have our distributors, resellers or partners notify you about our products or services or their related products or services (such as via joint sales or product promotions). We do our best to tailor your website visit, marketing experience and our communications to your expressed interests. This happens, for example, if you sign up for a Rimrock community or program like the Rimrock Partner Network or Rimrock Technology Network.

If you attend an event, Rimrock may process information about you gathered in relation to the event and can share information about your attendance with your company. Rimrock may also permit designated event partners or conference sponsors to send you up to two communications related to your event attendance. Please note that our partners or conference sponsors may directly request information about you at their conference booths or presentations, and their use of your information that you provide to them will be subject to their privacy policies.

We may also process your personal information to post testimonials on our sites but will first obtain your consent to use your name and testimonial.

To provide select services to Rimrock customers using publicly available information which may include personal information such as the name of a company’s CEO

For some business-to-business services, we may collect the publicly available names of company directors and officials to better understand the status of these companies and help inform our services which relate to providing customers information about other companies.

WHAT IS OUR BASIS FOR PROCESSING INFORMATION ABOUT YOU?

For personal information collected about you in the EU/EEA, the UK and other relevant jurisdictions, our basis for processing is the following:

  • We rely on our legitimate interest in processing contact and related information about you in order to communicate adequately with you and to respond to your requests.

  • In order to engage in transactions with customers, suppliers and business partners, and to process purchases and downloads of our products and services, we need to process information about you as necessary to enter into or perform a contract with you.

  • We process personal information for marketing and sales activities (including events) based on your consent where so indicated on our sites at the time your personal information was collected, or further to our legitimate interest to keep you updated on developments around our products and services which may be of interest to you.

  • We rely on our legitimate interest to analyze, develop, improve, and optimize our sites, facilities, products and services, and to maintain the security of our sites, networks and systems.

  • In order to comply with applicable laws and regulations, such as to comply with a subpoena or other legal process, or to process an opt-out request.

 FOR WHAT PERIOD DO WE RETAIN PERSONAL INFORMATION

Rimrock maintains personal information for the following retention periods:

  • Information about you we collect to engage in transactions with our customers, suppliers and business partners, and to process purchases of our products and services, will be retained for the duration of the transaction or services period, or longer as necessary for record retention and legal compliance purposes.

  • If you have registered for a Rimrock SSO account (Rimrock Account) to access Rimrock sites or to sign up for Rimrock marketing materials, your account information will be retained for as long as you maintain an active account. Your account and account information will be deleted if you do not log in for 18 consecutive months. Rimrock retains records of that deletion for 90 days.

  • If you opened a Rimrock Cloud account, your account information will be retained for as long as you maintain an active account. After service termination, minimal account information will be held for records retention purposes. Please note the Rimrock Privacy team cannot delete, correct, or access service account data or terminate your contracted Rimrock product or service account. Please refer to the Contact Rimrock page for resources and contact information to administer service account data.

  • If you have registered for our newsletters and blogs, including Rimrock magazine or Profit magazine, your subscription data will be retained for as long as you are subscribed to our distribution lists. Rimrock retains records of that deletion for 30 days.

  • Contact information such as your email address or phone number collected online on our sites or offline from our interactions with you at Rimrock events and conferences and used for direct marketing and sales activities will be retained for as long as we have an active (customer) relationship with you. We treat you as an active contact if (i) you have interacted with Rimrock or updated your contact details and preferences in the past 18 months; and (ii) you have not made a deletion request.

  • If you have reached out to us via Rimrock Sales chat, we will delete all chat transcripts 90 days after the chat has concluded.

  • If you have reached out to us via our support line and you have not opted out of call recording, we will delete call recordings 60 days after the call has concluded unless otherwise specified during the call.

  • If you have visited a Rimrock facility, the personal information needed to allow you to enter the facility will be held for one year after your last visit for records retention purposes.

  • Personal information needed to retain your opt-out preferences is retained for 20 years (or longer as necessary to comply with applicable law).


WHEN AND HOW CAN WE SHARE YOUR PERSONAL INFORMATION?

Sharing within Rimrock

As a global organization, information about you may be shared globally throughout Rimrock’s worldwide organization. See the list of Rimrock entities. Please select a region and country to view the registered address and contact details of the Rimrock entity or entities located in each country.

Rimrock employees are authorized to access personal information only to the extent necessary to serve the applicable purpose(s) and to perform their job functions.

Sharing with third parties

We may share personal information with the following third parties for a business purpose:

  • Third-party service providers (for example, credit card processing services, order fulfilment, analytics, event/campaign management, website management, information technology and related infrastructure provision, customer service, e-mail delivery, auditing, and other similar service providers) in order for those service providers to perform business functions on behalf of Rimrock;

  • Relevant third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings);

  • As required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes.

We may share personal information with the following third parties for a commercial purpose:

  • Rimrock distributors or resellers for further follow-up related to your interests, specific partners that offer complementary products and services or with third parties to facilitate interest-based advertising; and

  • Event partners or conference sponsors for Rimrock events such as when you scan your badge at a sponsored booth.


When third parties are given access to personal information, we will take appropriate contractual, technical, and organizational measures designed to ensure that personal information is processed only to the extent that such processing is necessary, consistent with this Privacy Policy, and in accordance with applicable law.

HOW IS PERSONAL INFORMATION HANDLED GLOBALLY?

Rimrock is a global corporation with operations in over 80 countries and personal information is processed globally as necessary in accordance with this policy. If personal information is transferred to a Rimrock recipient in a country that does not provide an adequate level of protection for personal information, Rimrock will take adequate measures designed to protect the personal information, such as ensuring that such transfers are subject to the terms of the EU Model Clauses or other adequate transfer mechanism as required under relevant data protection laws. Additional country-specific information on data transfers may be provided if you sign up for a Rimrock SSO account (Rimrock Account) or register for an event.

HOW IS YOUR PERSONAL INFORMATION SECURED?

Rimrock has implemented appropriate technical, physical, and organizational measures designed to protect personal information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as all other forms of unlawful processing.

WHAT COOKIES AND SIMILAR TECHNOLOGIES DO WE USE ON OUR SITES?

Cookies and similar technologies (e.g., pixels tags and device identifiers) are used by Rimrock and our advertising technology partners to recognize you and/or your device(s) on, off and across different services and devices for the purposes specified in Section 5 above.

When do we use cookies and similar technologies?

Cookies are small text files that contain a string of characters and uniquely identify a browser on a device connected to the Internet. We place cookies in your browser when you visit Rimrock sites and non-Rimrock sites that host our plugins or tags. Depending on your jurisdiction, you may be presented with different consent options, including the option to reject all non-essential cookies, prior to Rimrock placing cookies on your browser. Visitors from all jurisdictions are provided with functionality to opt out of non-required cookies using the cookie preferences tool.

We use cookies and other technologies on all our sites to ensure the best possible and secure experience on our sites and to provide you with tailored information on products and services. Rimrock also uses cookies or similar technologies on its sites to collect online information such as your mobile device ID, IP address, and other information about your device, as well as behavioral data of your device usage on our sites (e.g., pages viewed, links clicked, documents downloaded).

How can I manage my cookie preferences?

If you are a visitor or our sites, you can use our cookie preferences tool to opt out of cookies that are not required to enable core site functionality, such as advertising and functional cookies.

You can also access the Rimrock Data Cloud opt-out tool to opt out of interest-based advertising by Rimrock and other participating advertising technology companies serving interest-related ads to you on behalf of Rimrock. Please note that the Rimrock Data Cloud opt-out tool will only work on the Internet browser on which they are deposited, and they will only function only if your browser is set to accept third-party cookies.

If you do not want to receive cookies, you can also change your browser settings on your computer or other device you are using to access our services. Most browsers also provide functionality that lets you review and delete cookies, including Rimrock cookies.

WHAT ARE YOUR PRIVACY RIGHTS?

You can exercise your privacy rights in accordance with applicable laws as specified on our Privacy Choices page, or by filling out our inquiry form. You have multiple privacy rights, subject to applicable law, in respect of the information we process about you:

  • Opt-out of our use or sharing of your personal information
    You may withdraw consent you have previously provided for the processing of information about you, including for email marketing by Rimrock.

  • Delete personal information
    You can ask us to erase or delete all or some of the information about you.

  • Change or correct personal information
    You can edit some of the information about you by. You can also ask us to change, update or fix information about you in certain cases, particularly if it is inaccurate.

  • Object to, or limit or restrict use of personal information
    You can ask us to stop using all or some of the information about you (for example, if we have no legal right to keep using it) or to limit our use of it (for example, if the information about you is inaccurate).

  • Right to access and/or have your information provided to you
    You can also ask us for a copy of information about you and can ask for a copy of information about you provided in machine readable form if you reside in the EU, California or other jurisdiction that provides you this right as a matter of law.

If you are authorized to make an access or deletion request on behalf of a data subject, please reach out to us via the inquiry form and indicate that you are an authorized agent. We will provide you with instructions on how to submit a request as an authorized agent on behalf of a data subject.

In the event you have previously created an account for a certain Rimrock portal, you can access and manage your personal information stored in these portals (i) by clicking the links and following the corresponding instructions, and (ii) taking the actions within each portal with regards to your personal information, such as updating your contact details, deleting certain entries or records, or downloading a copy of your profile. Please note that these actions are available to the extent permitted by each portal’s functionality.

If your inquiry relates to your company’s service account or support of Rimrock products or services, please note the Rimrock Privacy team cannot delete, correct, or access service account data or terminate your contracted Rimrock product or service account. Please go to the Contact Rimrock page for resources and contact information to administer service account data.

DO YOU COLLECT SENSITIVE INFORMATION AND INFORMATION FROM CHILDREN?

Sensitive personal information

We ask that you do not send us, and do not share any sensitive personal information (for example, government-issued IDs, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, genetic, or biometric data, criminal background, or trade union membership).

Children’s privacy

As a company focused on serving the needs of businesses, Rimrock’s sites are not directed to minors and Rimrock does not promote or market its services to minors, except in very limited circumstances as part of specific educational outreach programs with parental permission. If you believe that we have mistakenly or unintentionally collected personal information of a minor through our sites without appropriate consent, please notify us through our inquiry form so that we may immediately delete the information from our servers and make any other necessary corrections. Additionally, please use this same form to request removal of content or information that was posted to our sites when the registered user was under the age of 16. Please note that such requests may not ensure complete or comprehensive removal of the content or information, as, for example, some of the content may have been reposted by another user.

14. WHAT ARE YOUR RIGHTS UNDER THE California Consumer Privacy Act (CCPA)?

If you are a California resident, you may request that we:

  • 1. disclose to you the following information covering the 12 months preceding your request:

    • the categories and specific pieces of personal information we collected about you and the categories of personal information we sold (see Section 4);

    • the categories of sources from which we collected such personal information (see Section 4);

    • the business or commercial purpose for collecting or selling personal information about you (see Section 5); and

    • the categories of third parties to whom we sold or otherwise disclosed personal information (see Section 8).

  • 2. delete personal information we collected from you (see Section 12); or

  • 3. opt-out of any future sale of personal information about you (see Section 12).


We will respond to your request consistent with applicable law. If you are an authorized agent making an access or deletion request on behalf of a Californian resident, please reach out to us via the inquiry form and indicate that you are an authorized agent. We will provide you with instructions on how to submit a request as an authorized agent on behalf of a Californian resident.

If you are a California resident, you may obtain information about exercising your rights, as described above, by contacting us at 1-800-633-0748. For information on the CCPA requests Rimrock received, complied with, or denied for the previous calendar year, please visit Rimrock’s Annual Consumer Privacy Reporting page, available here.

DATA PROTECTION OFFICER

Rimrock has appointed a Global Data Protection Officer. If you believe your personal information has been used in a way that is not consistent with the Privacy Policy or your choices, or if you have further questions, comments or suggestions related to this Privacy Policy, please contact the Global Data Protection Officer by filling out an inquiry form.

Written inquiries to the Global Data Protection Officer may be addressed to:

Rimrock Corporation
Global Data Protection Officer
1210 Eglinton Avenue West
Toronto, Ontario M6C2E3
Canada

For personal information collected from individuals INSIDE the Canada/U.S.A, written inquiries to the EU Data Protection Officer may be addressed to:

DISPUTE RESOLUTION OR FILING A COMPLAINT

If you have any complaints regarding our compliance with this Privacy Policy, please contact us first. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this Privacy Policy and in accordance with applicable law.

If you have an unresolved privacy or data use concern that you believe we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. You also have the right to file a complaint with a competent data protection authority if you are a resident of a European Union member state.

Last Updated: January 2022