RICH PRODUCTS PRIVACY POLICY

TABLE OF CONTENTS

I. INFORMATION WE COLLECT ABOUT YOU

III. HOW WE USE YOUR INFORMATION

A. Use and Purpose Of Processing Your Information

IV. SHARING OR DISCLOSING YOUR INFORMATION

V. CATEGORIES OF INFORMATION SOLD

VI. LINKS TO OTHER WEBSITES

VII. INFORMATION SECURITY

XIV. DIFFICULTY ACCESSING OUR PRIVACY POLICY

XV. “DO NOT TRACK” SIGNALS

XVI. CHANGES TO THIS PRIVACY POLICY

XVII. HOW TO CONTACT US

Rich Products Corporation and our affiliates and subsidiaries (hereinafter referred to as “Rich’s,” “us,” “we,” “our,” or “Company”) has created this Privacy Policy to describe, among other things, the types of personal information we collect, how we use it, and how you can access your information. We collect information about you in a variety of ways depending on how you interact with us and our products and services, including through our websites, social media pages, online and mobiles services, and through our business relationships (hereinafter referred to as our “Services”). Some of the information we collect may include personal information that can be used to identify you. In the event that you apply for a position with Rich’s, your information will be handled in accordance with the Candidate Privacy Policy.

This Privacy Policy is integrated into our Terms & Conditions of Use (“Terms & Conditions”) and explains how we will process your personal information when you make contact with us or use our Services. 

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, or the European Union (EU), European Economic Area (“EEA”), and UK, you may be entitled to certain individual rights under the California Consumer Privacy Act of 2018 [as amended by the California Privacy Rights Act of 2020 (“CPRA”)] (collectively, “CCPA”), Virginia Consumer Data Protection Act (“VCDPA”), Colorado Privacy Act (“CPA”), Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”), Utah Consumer Privacy Act (“UCPA”), Texas Data Privacy And Security Act (“TDPSA”), or the General Data Protection Regulation (“GDPR”) and the UK Data Protection Act 2018 respectively.  Please see the Notice to Certain Residents of Data Subject Rights Section of our Privacy Policy for your rights and how to exercise them for users located in California, Virginia, Colorado, Connecticut, Utah, Texas, and the EEA and UK only.

I. INFORMATION WE COLLECT ABOUT YOU

We may collect the following categories of information about you which are described in more detail below: (A) information you provide to us, (B) sensitive information, (C) information we may automatically collect, and (D) information we may receive from third parties. All of the information listed in (A)-(D) above, is detailed below, and hereinafter referred to as “Information.”

A. Information You Provide to Us

In using our Services, you may provide us with Information, including, without limitation:

  • Individual identifiers such as name, username, and contact information such as mailing address, phone number, and email address;  
  • Payment and transactional information such as Services purchased. Note that we may use third-party payment processors to facilitate your payments;
  • Demographic information such as gender and birthdate; 
  • Communications with us, preferences, and other Information you provide to us such as any messages (including via online chat feature), opinions and feedback that you provide to us, your user preferences (such as in receiving updates or marketing information or information related to career opportunities from our Rich’s Careers page), and other Information that you share with us when you contact us directly (such as for support services); and
  • Additional Information as otherwise described to you at the point of collection or pursuant to your consent.

B. Sensitive Information

We may process the following categories of sensitive personal Information when you use our Services:

  • Geolocation data; and
  • Financial account log-in information.

C. Information We May Automatically Collect About You

Our Services may automatically collect the following categories of usage and technical Information about you. This Information is used by Rich’s for the operation of the Services, to maintain quality of the Services, and to provide general statistics regarding use of the Services.This Information may include:

  • IP address, which is the number associated with the service through which you access the Internet, like your ISP (internet service provider);
  • Date and time of your visit or use of our Services;
  • Domain server from which you are using our Services;
  • Type of computer, web browsers, search engine used, operating system, or platform you use;
  • Data identifying the web pages you visited prior to and after visiting our website or use of our Services;
  • Your movement and activity within the website, which is aggregated with other Information; 
  • Mobile device Information, including the type of device you use, operating system version, and the device identifier (or “UDID”); and
  • Mobile application identification and behavior, use, and aggregated usage, performance data, and where the application was downloaded from.

D. Information We May Receive from Third Parties

We may collect additional Information about you from third-party websites, social media platforms, such as but not limited to, Facebook, Twitter, LinkedIn, or Instagram (“Social Media Platforms”) and/or sources providing publicly available information (e.g., from the U.S. postal service) to help us provide services to you, help prevent fraud, and for marketing and advertising purposes.
This Privacy Policy only applies to Information collected by our Services. We are not responsible for the privacy and security practices of those other websites or Social Media Platforms or the Information they may collect (which may include IP address). You should contact such third parties directly to determine their respective privacy policies. Links to any other websites or content do not constitute or imply an endorsement or recommendation by us of the linked website, Social Media Platform, and/or content.

II. Cookies & Technologies Used to Collect Information About You

We and/or certain service providers operating on our behalf may collect information about your activity, or activity on devices associated with you over time, on our sites and applications, and across non-affiliated websites or online applications.  We may collect this information by using certain technologies, some of which are described in more detail below, such as cookies, web beacons, pixels, software developer kits, third party libraries, and other similar technologies.  Third-party service providers, advertisers, and/or partners may also view, edit, or set their own cookies or place web beacons.  

  • Cookies (or browser cookies).  A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website.
  • Session Replay. Session replay is third-party software on our sites and applications which record visitors’ mouse clicks, keystrokes, search terms, and other ways in which you interact with the Services. The use of this technology may involve the transmission of Information either directly to us or to a third party authorized by us to collect Information on our behalf.
  • Web Beacons. Website pages may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity). We also use these technical methods to analyze the traffic patterns, such as the frequency with which our users visit various parts of the Services. These technical methods may involve the transmission of Information either directly to us or to a third party authorized by us to collect Information on our behalf. Our Services use retargeting pixels from Google, Facebook, and other ad networks. We also use web beacons in HTML emails that we send to determine whether the recipients have opened those emails and/or clicked on links in those emails.
  • Analytics.  Analytics are tools we may use, such as Google Analytics, to help provide us with information about traffic to our website and use of our Services, which Google may share with other services and websites who use the collected data to contextualize and personalize the ads of its own advertising network. You can view Google’s Privacy Practices here:  Privacy Policy – Privacy & Terms – Google.
  • Mobile Application Technologies. If you access our website and Services through a mobile device, we may automatically collect Information about your device, your phone number, and your physical location.

Our use of online tracking technologies may be considered a “sale” or “sharing” under certain laws. To the extent that these online tracking technologies are deemed to be a “sale” or “sharing” under certain laws, you can opt out of these online tracking technologies by submitting a request via Rich’s Privacy Web Form or by broadcasting an opt-out preference signal, such as the Global Privacy Control (GPC). Please note that some features of our website may not be available to you as a result of these choices.

III. HOW WE USE YOUR INFORMATION

A. Use and Purpose of Processing Your Information

We use and process your Information for things that may include, but are not limited to, the following:

  • To provide you with the Services and Information you request;  
  • To respond to your inquiries and questions and provide customer service;
  • To process your product sample or rebate request;
  • To fulfill transactions and process your registration, orders, and payments across Rich’s ecommerce platform and Rich’s portals;
  • To send you our newsletter and other correspondence you request;
  • To help you locate retailer, distributor, and wholesaler location near you;
  • For general or targeted marketing and advertising purposes, including sending you promotional material or special offers on our behalf or on behalf of our marketing partners and/or their respective affiliates and subsidiaries and other third parties, provided that you have not already opted out of receiving such communications;
  • To fulfill contracts we have with you;
  • To manage, improve, and foster relationships with third-party service providers, including vendors, suppliers, and parents, affiliates, subsidiaries, and business partners;
  • To maintain, improve, customize, or administer the Services, perform business analyses, or other internal purposes to improve the quality of our business, the Services, resolve technical problems, or improve security or develop other products and services;
  • To comply with our Terms & Conditions;
  • Analytics for business purposes and business intelligence;
  • To verify the accuracy of Information you provide in conjunction with any application to a position with Rich’s, evaluate your candidacy for a position, and complete our recruitment process;
  • To comply with any applicable laws and regulations and respond to lawful requests; and/or
  • For any other purposes disclosed to you at the time we collect your Information and/or pursuant to your consent.

We may also use Information that has been de-identified and/or aggregated for purposes not otherwise listed above.

IV. Sharing or Disclosing Your Information

We may share and/or disclose your Information as set forth in the Privacy Policy and in the following circumstances:

  • Third-Party Service Providers.  We may share your Information with third-party service providers that perform certain functions or services on our behalf (such as to host the Services, manage databases, perform analyses, process credit card payments, provide customer service, or send communications for us). These third-party service providers are authorized to use your Information only as necessary to provide these services to us. In some instances, we may aggregate Information we collect so third parties do not have access to your identifiable Information to identify you individually.  
  • Disclosure of Information for Legal and Administrative Reasons. We may disclose your Information without notice: (i) when required by law or to comply with a court order, subpoena, search warrant, or other legal process; (ii) to cooperate or undertake an internal or external investigation or audit; (iii) to comply with legal, regulatory, or administrative requirements of governmental authorities (including, without limitation, requests from the governmental agency authorities to view your Information); (iv) to protect and defend the rights, property, or safety of us, our subsidiaries and affiliates, and any of their officers, directors, employees, attorneys, agents, contractors, and partners, and the website Service users; (v) to enforce or apply our Terms & Conditions; and (vi) to verify the identity of the user of our Services.
  • Business Transfers. Your Information may be transferred, sold, or otherwise conveyed (“Conveyed”) to a third party where we: (i) merge with or are acquired by another business entity; (ii) sell all or substantially all of our assets; (iii) are adjudicated bankrupt; or (iv) are liquidated or otherwise reorganize. You agree to any and all such Conveyances of your Information. We also share your Information with prospective purchasers to evaluate the proposed transaction.
  • Information Shared with our Subsidiaries and Affiliates. We may share your Information with our subsidiaries and affiliates. If you do not want us to share your Information with our subsidiaries and affiliates, please contact [email protected] or call 1-877-352-0077.
  • De-Identified or Aggregated Data. We may share your Information on an aggregated basis for any purpose in which your specific personal Information is blinded, masked, or otherwise not identifiable.
  • Online Communications. Any Information you submit in a public forum (e.g., a blog or social network) may be read, collected, or used by us and other participants, and could be used to personalize your experience. You are responsible for the Information you choose to submit in these instances. We may also decide to allow users to participate in surveys or provide us with information regarding their experience.
  • Advertising Partners. We may share your Information with third parties that support our advertising and marketing efforts, including for the purposes of behavioral advertising.
  • Professional Advisors. We may share your Information with our professional advisors.
  • With Your Consent. We may share Information consistent with this Privacy Policy with your consent.

V. Categories of Information Sold

We may sell the below categories of personal Information. For purposes of this Privacy Policy, “sell,” “sold,” or “sale” means the disclosure of personal Information for monetary or other valuable consideration but does not include, for example, the transfer of personal Information as an asset that is part of a merger, bankruptcy, or other disposition of all or any portion of our business.

 

Category of Information

 

Examples of Information Disclosed

Identifying Information Name, mailing address, email address, phone number, date of birth, and other identifiers.
 

Payment Information

 

Your name and billing totals for payment and invoice processing. Note that we use third-party payment processors to facilitate your payments and do not store your payment card information.

Usage and Technical Information Information about your interaction with our website and content on third-party sites or platforms, such as social networking sites (e.g., IP address; browsing history; search history; device information; information about user’s interaction with website, such as scrolling, clicks, and mouse-overs via cookies, pixel tags, web beacons, transparent GIFs; browser information; operating system and platform; geolocation information; user content (e.g., photos, videos, audio, images, social media /online posts, first-party works).

Our Services may contain links to other websites or services that are not owned or controlled by us, including links to Social Media Platforms such as Facebook, LinkedIn, Twitter, Instagram, or YouTube, or may redirect you off our website away from our Services.

This Privacy Policy only applies to Information collected by our Services. We are not responsible for the privacy and security practices of those other websites or Social Media Platforms or the Information they may collect (which may include IP address). You should contact such third parties directly to determine their respective privacy policies. Links to any other websites or content do not constitute or imply an endorsement or recommendation by us of the linked website, Social Media Platform, and/or content.

VII. INFORMATION SECURITY

We use commercially reasonable and appropriate administrative, physical, and technical security measures to provide our Services and safeguard your Information. However, no data transmitted over the Internet or stored or maintained by us or our third-party service providers can be 100% secure. Therefore, although we believe the measures implemented by us reduce the likelihood of security problems to a level appropriate to the type of data involved, we do not promise or guarantee, and you should not expect, that your Information or private communications will always remain private or secure. We do not guarantee that your Information will not be misused by third parties. We are not responsible for the circumvention of any privacy settings or security features. You agree that we will not have any liability for misuse, access, acquisition, deletion, or disclosure of your Information.

If you believe that your Information has been accessed or acquired by an unauthorized person, you should promptly Contact Us so that necessary measures can quickly be taken.

VIII. DATA RETENTION

We will retain your Information for as long as needed to provide you Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. We will retain and use your Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. In accordance with our routine record keeping, we may delete certain records that contain Information you have submitted to us. We are under no obligation to store such Information indefinitely and disclaim any liability arising out of, or related to, the destruction of such Information.

In the event you apply for a position with Rich’s, we will retain your data as described in the Candidate Privacy Policy. Additionally, in the event you accept a position with Rich’s, we will retain your data for the duration of your employment with us, and for a period of time thereafter, as set forth in the Associate Privacy Policy.

IX. YOUR CHOICES

A. Marketing Communications. If you have consented to receive marketing communications and no longer want to receive marketing and promotional emails from us, you may click on the “unsubscribe” link in the email to unsubscribe and opt out of marketing email communications or see How to Contact Us below for more information.

B. Opting Out of Direct Marketing by Third Parties. To exercise choices regarding the marketing information you receive, you may also review the following links:

C. Cookies and Similar Tracking Technologies. Most web browsers allow you to reject or delete cookies through their settings preferences. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our websites. For more information about how certain of our websites use cookies and, where applicable, to update your preferences, click the “Cookie Settings” link available on the applicable website.

D. Opt Out of Targeted Advertising/Sharing. We recognize the Global Privacy Control (GPC) signal and other user-enabled opt-out preference signals as valid opt-out requests where required by applicable law. Please note that your opt-out preference signal will be applied only to your current browser and device. To learn more about the GPC, you can visit its website here.

X. NOTICE TO CERTAIN RESIDENTS OF DATA SUBJECT RIGHTS

A. NOTICE TO CALIFORNIA RESIDENTS

To the extent any California data privacy law applies to the collection of your Information, this supplemental section of our Privacy Policy outlines the rights that California residents may have, and how they can exercise those rights. This notice applies solely to California residents. We provide the supplemental section below to comply with the California Consumer Privacy Act [as amended by the California Privacy Rights Act (referred to collectively hereinafter as CCPA)] and any terms defined in the CCPA have the same meaning when used below.

1. Your Rights under CCPA

  • Right to Know and Access Specific Information.  You have the right to request that we disclose certain information to you about our collection and use of your Information over the past twelve (12) months. Once we receive and confirm a verifiable consumer request from you, we will disclose to you, to the extent permitted by law:
    • The categories of Information we collected about you, and whether we sell or share your Information to third parties.
    • The specific pieces of Information we hold about you.
    • The categories of personal Information sold within the last twelve (12) months.
    • The categories of sources from which Information about you is collected.
    • Our business or commercial purpose for collecting, selling, or sharing your Information.
    • The categories of third parties with whom your Information is sold, shared, or disclosed for a business purpose.

You have the right to request that the Information described above be provided to you in a commonly used, machine-readable format, to the extent technically feasible.

  • Deletion Request Rights.  You have the right to request that we delete the Information that we collected from you, subject to certain exceptions. To the extent that we can delete your Information, once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Information, unless an exception applies.
  • Right to Correct Inaccurate Information.  To the extent that we may maintain inaccurate personal Information, you have the right to request that we correct such inaccurate personal Information taking into account the nature of the personal Information and the purposes of the processing of the personal Information. Once we receive and verify your verifiable consumer request, we will use commercially reasonable efforts to correct your personal Information, if we find that it is inaccurate.
  • Sale and Sharing of Personal Information and the Right to Opt Out. You have the right to opt out of the processing of your Information for the following purposes:

    • Sale of your Information.
    • Sharing of your Information for cross-context behavioral advertising.

The use of online tracking technologies may be considered a “sale” or “sharing” under California law. To the extent that these online tracking technologies are deemed to be a “sale” or “sharing” under California law, you may opt out of these online tracking technologies by submitting a request via Rich’s Privacy Web Form or by broadcasting an opt-out preference signal, such as the Global Privacy Control (GPC).

  • Right to Limit Use and Disclosure of Sensitive Personal Information. You have the right to request that we limit the ways we use and disclose your sensitive personal Information (as defined by CCPA) to uses which are necessary for us to perform the Services, or deliver the goods reasonably expected by you, or and as authorized by law.
  • Right to Non-Discrimination. You have a right to not be discriminated against in the Services or quality of Services you receive from us for exercising your rights. We may not, and will not, treat you differently because of your data subject request activity. As a result of your data subject request activity, we may not and will not deny goods or Services to you, charge different rates for goods or Services, provide a different level quality of goods or Services, or suggest that we would treat you differently because of your data subject request activity.
  • Right to Disclosure of Direct Marketers. You have a right to the categories and names/addresses of third parties that have received your personal Information for their direct marketing purposes upon simple request, and free of charge.

You may make an authenticated consumer request exercising your Right to Know and Access Specific Information including Right to Know what Personal Information is being Sold or Shared or under the CCPA twice within a twelve (12) month period. To exercise the rights described above, see the Exercising Your Rights section below.

2.  Authorized Agent

You may use an authorized agent to submit verifiable consumer requests on your behalf provided that the authorized agent is a natural person or a business entity that you have authorized to act on your behalf. If you use an authorized agent, we will require: (1) proof of written permission for the authorized agent to make requests on your behalf, and identity verification from you; or (2) proof of power of attorney pursuant to California Probate Code sections 4000 to 4665. We may deny a request from an authorized agent that does not submit proper verification proof.

3. Notice of Financial Incentive

As an incentive for providing us with your Information, you may receive a financial benefit in the form of an email coupon, discount, rebate, free sample, promotions, or other similar reward that will be sent to you. This discount may constitute a financial incentive under the California Consumer Privacy Act (“Financial Incentive”). The categories of personal Information required for us to provide the Financial Incentives include personal identifiers such as full name and contact information including email address as well as personal and demographic information you choose to provide.

To offer these discounts, we may track your personal Information, such as purchase history and other demographic data. You have the right to withdraw from the Financial Incentive at any time by submitting a request to [email protected]. Please note that if you request deletion of part or all your personal Information, that could affect your ability to qualify for the discount.

4. Additional Information

To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

B. NOTICE TO VIRGINIA RESIDENTS

To the extent any Virginia data privacy law applies to the collection of your Information, this supplemental section of our Privacy Policy outlines the individual rights guaranteed to Virginia residents and how to exercise those rights and applies solely to Virginia residents. We provide the supplemental section below to comply with the Virginia Consumer Data Protection Act (“VCDPA”) and any terms defined in the VCDPA have the same meaning when used below.

1. Your Rights under VCDPA

Subject to certain exceptions you may be entitled to the following rights:

  • Right to Access & Data Portability.. You have the right to request that we disclose certain information to you about our collection and use of your Information at any time.  Once we receive and confirm an authenticated consumer request from you, we will, subject to certain exceptions:

    • Disclose whether we are processing your Information.
    • Provide you with access to your Information.

Where the processing is carried out by automated means, and subject to certain exceptions, you have the right to request and obtain a copy of your Information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the Information to another data controller without hindrance.

  • Right to Correct Inaccurate Information. To the extent that we may maintain inaccurate Information, you have the right to request that we correct such inaccurate Information taking into account the nature of the personal Information and the purposes of the processing of the personal Information. Once we receive and verify your authenticated consumer request, we will use commercially reasonable efforts to correct your Information.
  • Right to Delete. You have the right to request that we delete certain of your Information provided by or obtained about you. To the extent that we can delete your Information, once we receive and confirm your authenticated consumer request, we will delete (and direct our service providers to delete) your Information, subject to certain exceptions.
  • Sale of Personal Information, Targeted Advertising, Profiling, and the Right to Opt Out.  You have the right to opt out of the processing of your Information for the following purposes:
    • Targeted advertising.
    • Sale of your Information.
    • Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
  • Right to Appeal.  You have the right to appeal our denial of any request you make under this section. To exercise your right to appeal, please submit an appeals request via the information in the How To Contact Us section below. Within sixty (60) days of receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, you may contact the Virginia Office of the Attorney General by:

    • If calling from Virginia, call the Consumer Protection Hotline at 1-800-552-9963.
    • If calling from the Richmond area or from outside Virginia, call the Consumer Protection Hotline at 1-804-786-2042.

Right to Non-Discrimination. You have a right to not be discriminated against in the Services or quality of Services you receive from us for exercising your rights. We will not discriminate against you for exercising any of your rights in this section including denying goods or Services, charging different prices or rates for goods or Services, or providing a different level of quality of goods and Services. However, we may offer a different price, rate, level, quality, or selection of goods or Services, including offering goods or Services for no fee, if you have exercised your right to opt out or the offer is related to your voluntary participation in a bona fide loyalty, rewards, premium features, discounts, or club card program.

You may make an authenticated consumer request under the VCDPA twice within a twelve (12) month period. To exercise the rights described above, see the Exercising Your Rights section below.

2.  Additional Information 

To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

C. NOTICE TO COLORADO RESIDENTS

To the extent any Colorado data privacy law applies to the collection of your Information, this supplemental section of our Privacy Policy outlines the individual rights guaranteed to Colorado residents and how to exercise those rights and applies solely to Colorado residents. We provide the supplemental section below to comply with the Colorado Privacy Act (“CPA”) and any terms defined in the CPA have the same meaning when used below.

1. Your Rights under CPA

Subject to certain exceptions you may be entitled to the following rights:

  • Right to Access & Data Portability. You have the right to request that we disclose certain information to you about our collection and use of your Information at any time. Once we receive and confirm an authenticated consumer request from you, we will, subject to certain exceptions:

    • Disclose whether we are processing your Information.
    • Provide you with access to your Information where we process it.

Where exercising your right to access, you have the right to request and obtain a copy of your Information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the Information to another data controller without hindrance (“data portability”).

  • Right to Correct Inaccurate Information. To the extent that we may maintain inaccurate personal Information, you have the right to request that we correct such inaccurate personal Information taking into account the nature of the personal Information and the purposes of the processing of the personal Information. Once we receive and verify your authenticated consumer request, we will use commercially reasonable efforts to correct your personal Information.
  • Right to Delete. You have the right to request that we delete certain of your Information provided by or obtained about you. To the extent that we can delete your Information, once we receive and confirm your authenticated consumer request, we will delete your Information, subject to certain exceptions.
  • Sale of Personal Information, Targeted Advertising, Profiling, and the Right to Opt Out.  You have the right to opt out of the processing of your Information for the following purposes:
    • Targeted advertising.
    • Sale of your Information.
    • Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
  • Right to Appeal.  You have the right to appeal our denial of any request you make under this section. To exercise your right to appeal, please submit an appeals request via the information in the How To Contact Us section below. Within forty-five (45) days of receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions. If you have concerns regarding the results of your appeal, you may contact the Colorado Office of the Attorney General by:

You may make an authenticated consumer request free of charge under the CPA once within a twelve (12) month period. We reserve the right to charge a reasonable fee for a second or subsequent request within the same twelve (12) month period. To exercise the rights described above, see the Exercising Your Rights section below.

2. Sensitive Data

We do not process sensitive data including sensitive data inferences.  When we process sensitive data, we do so with your consent.

3. Authorized Agent

You may use an authorized agent to submit verifiable consumer requests on your behalf. An authorized agent is a natural person or a business entity that you have authorized to act on your behalf. If you use an authorized agent, we will require: (1) proof of written permission for the authorized agent to make requests on your behalf, and identity verification from you; or (2) proof of power of attorney pursuant to Colo. Rev. Stat. § 15-14-705. We may deny a request from an authorized agent that does not submit proper verification proof.

4.  Notice of Financial Incentive

As an incentive for providing us with your Information, you may receive a financial benefit as part of our bona fide loyalty program in the form of an email coupon, discount, rebate, free sample, promotions, or other similar reward that will be sent to you. This discount may constitute a financial incentive under the Consumer Privacy Act (“Financial Incentive”). The categories of personal Information required for us to provide the Financial Incentives include personal identifiers such as full name and contact information including email address as well as personal and demographic information you choose to provide.

To offer these discounts, we may track your personal Information, such as purchase history and other demographic data. You have the right to withdraw from the Financial Incentive at any time by submitting a request to [email protected]. Please note that if you request deletion of part or all your personal Information, that could affect your ability to qualify for the discount.

D. NOTICE TO CONNECTICUT RESIDENTS

To the extent any Connecticut data privacy law applies to the collection of your Information, this supplemental section of our Privacy Policy outlines the individual rights guaranteed to Connecticut residents and how to exercise those rights and applies solely to Connecticut residents. We provide the supplemental section below to comply with the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”) and any terms defined in the CTDPA have the same meaning when used below.

1. Your Rights under CTDPA

Subject to certain exceptions you may be entitled to the following rights:

  • Right to Access & Data Portability. You have the right to request that we disclose certain information to you about our collection and use of your Information at any time. Once we receive and confirm an authenticated consumer request from you, we will, subject to certain exceptions:
    • Disclose whether we are processing your Information.
    • Provide you with access to your Information where we process it.

Where the processing is carried out by automated means, and subject to certain exceptions, you have the right to request and obtain a copy of your Information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the Information to another data controller without hindrance.

  • Right to Correct Inaccurate Information. To the extent that we may maintain inaccurate personal Information, you have the right to request that we correct such inaccurate personal Information taking into account the nature of the personal Information and the purposes of the processing of the personal Information. Once we receive and verify your authenticated consumer request, we will use commercially reasonable efforts to correct your personal Information.
  • Right to Delete. You have the right to request that we delete certain of your Information provided by or obtained about you. To the extent that we can delete your Information, once we receive and confirm your authenticated consumer request, we will delete (and direct our service providers to delete) your Information, subject to certain exceptions.
  • Sale of Personal Information, Targeted Advertising, Profiling, and the Right to Opt Out.  You have the right to opt out of the processing of your Information for the following purposes:
    • Targeted advertising.
    • Sale of your Information.
    • Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
  • Right to Non-Discrimination.  You have a right to not be discriminated against in the Services or quality of Services you receive from us for exercising your rights. We will not discriminate against you for exercising any of your rights in this section including denying goods or Services, charging different prices or rates for goods or Services, or providing a different level of quality of goods and Services. However, we may offer a different price, rate, level, quality, or selection of goods or Services, including offering goods or services for no fee, if you have exercised your right to opt out or the offer is related to your voluntary participation in a bona fide loyalty, rewards, premium features, discounts, or club card program.
  • Right to an Appeal.  You have the right to appeal our denial of any request you make under this section. To exercise your right to appeal, please submit an appeals request to us by either:
    • Calling us at 1-877-352-0077 

Within sixty (60) days of receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, you may contact the Connecticut Office of the Attorney General by:

You may make an authenticated consumer request under the CTDPA once within a twelve (12) month period. To exercise the rights described above, see the Exercising Your Rights section below.

2. Authorized Agent

You may use an authorized agent to submit verifiable consumer requests on your behalf. An authorized agent is a natural person or a business entity that you have authorized to act on your behalf. If you use an authorized agent, we will require: (1) proof of written permission for the authorized agent to make requests on your behalf, including through technological means, and identity verification from you; or (2) proof of power of attorney. We may deny a request from an authorized agent that does not submit proper verification proof.

3. Additional Information 

To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

E. NOTICE TO UTAH RESIDENTS

To the extent any Utah data privacy law applies to the collection of your Information, this supplemental section of our Privacy Policy outlines the individual rights guaranteed to Utah residents and how to exercise those rights and applies solely to Utah residents. We provide the supplemental section below to comply with the Utah Consumer Privacy Act (“UCPA”) and any terms defined in the UCPA have the same meaning when used below.

1. Your Rights under UCPA

Subject to certain exceptions you may be entitled to the following rights:

  • Right to Access & Data Portability. You may have the right to request that we disclose certain information to you about our collection and use of your Information at any time. Once we receive and confirm an authenticated consumer request from you, we will, subject to certain exceptions:
    • Disclose whether we are processing your Information.
    • Provide you with access to your Information where we process it.

Where the processing is carried out by automated means, and subject to certain exceptions, you have the right to request and obtain a copy of your Information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the Information to another data controller without hindrance (“data portability”).

  • Right to Delete.  You have the right to request that we delete certain of your Information provided by or obtained about you.  To the extent that we can delete your Information, once we receive and confirm your authenticated consumer request, we will delete (and direct our service providers to delete) your Information, subject to certain exceptions. 
  • Right to Non-Discrimination.  We will not discriminate against you for exercising any of your rights in this section including denying goods or Services, charging different prices or rates for goods or Services, or providing a different level of quality of goods and services.  
  • Sale of your Personal Information, Targeted Advertising, and Right to Opt Out.  You have the right to opt out of the processing of your Information for the following purposes:
    • Targeted advertising.
    • Sale of your Information.

You may make an authenticated consumer request free of charge under the UCPA once within a twelve (12) month period.  We reserve the right to charge a reasonable fee for a second or subsequent request within the same twelve (12) month period.  To exercise the rights described above, see the Exercising Your Rights section below.

F. NOTICE TO TEXAS RESIDENTS

To the extent any Texas data privacy law applies to the collection of your Information, this supplemental section of our privacy policy outlines the individual rights guaranteed to Texas residents and how to exercise those rights and applies solely to Texas residents. We provide the supplemental section below to comply with the Texas Data Privacy and Security Act (“TDPSA”) and any terms defined in the TDPSA have the same meaning when used below.

1. Your Rights Under TDPSA

Subject to certain exceptions you may be entitled to the following rights:

  • Right to Access & Data Portability. You have the right to request that we disclose certain information to you about our collection and use of your Information at any time. Once we receive and confirm an authenticated consumer request from you, we will, subject to certain exceptions:
    • Disclose whether we are processing your Information.
    • Provide you with access to your Information where we process it.

Where exercising your right to access, you have the right to request and obtain a copy of your Information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the Information to another data controller without hindrance (“data portability”).

  • Right to Correct Inaccurate Information. To the extent that we may maintain inaccurate personal Information, you have the right to request that we correct such inaccurate personal Information taking into account the nature of the personal Information and the purposes of the processing of the personal Information. Once we receive and verify your authenticated consumer request, we will use commercially reasonable efforts to correct your personal Information.
  • Right to Delete. You have the right to request that we delete certain of your Information provided by or obtained about you. To the extent that we can delete your Information, once we receive and confirm your authenticated consumer request, we will delete your Information, subject to certain exceptions
  • Sale of Personal Information, Targeted Advertising, Profiling, and the Right to Opt Out. You have the right to opt out of the processing of your Information for the following purposes:
    • Targeted advertising.
    • Sale of your Information.
    • Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
  • Right to Appeal. You have the right to appeal our denial of any request you make under this section. To exercise your right to appeal, please submit an appeals request via the information in the how to contact us section below. Within sixty (60) days of receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions. If you have concerns regarding the results of your appeal, you may contact the Texas office of the attorney general by:
    • Contacting online: https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint
    • Calling: (800) 621-0508

You may make an authenticated consumer request free of charge under the TDPSA twice within a twelve (12) month period. We reserve the right to charge a reasonable fee for a third or subsequent request within the same twelve (12) month period. To exercise the rights described above, see the Exercising Your Rights section below.

2. Sensitive Data

We may process sensitive data. When we process sensitive data, we do so with your consent.

3. Authorized Agent

You may use an authorized agent to submit verifiable consumer requests on your behalf. An authorized agent is a natural person or a business entity that you have authorized to act on your behalf. If you use an authorized agent, we will require: (1) proof of written permission for the authorized agent to make requests on your behalf, and identity verification from you; or (2) proof of power of attorney. We may deny a request from an authorized agent that does not submit proper verification proof.

G. NOTICE TO INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA AND THE UK

This section applies only to individuals coming to our Services from within the European Union (EU), the European Economic Area (EEA), and the UK, and only if we collect through the Services any Information from you that is considered “Personal Data,” as defined in the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Personal Data includes any information relating to an identified or identifiable natural person, who could be identified either directly or indirectly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (which may include some or all your Information as defined in this Privacy Policy).

1. Identity and Contact Details of Controller and EU Representative

Unless otherwise stated, we are the Data Controller for the Information we process.

Contact Details:

Email:  [email protected]

Call us: +44 03300605174

Write us: Rich Andover Realty Limited

Unit 5 Pioneer Road

Andover Business Park

Andover, GB SP11 8EZ

2. Your Data Protection Rights

To the extent the GDPR and Data Protection Act 2018 apply, and we hold your Information in our capacity as a Data Controller as defined under those laws, you may request that we:

  • Restrict the way that we process and share your Information;
  • Transfer your Information to a third party;
  • Provide you with access to your Information; 
  • Remove your Information if no longer necessary for the purposes collected;
  • Update your Information so it is correct and not out of date; and/or
  • Object to our processing of your Information. 

You may also revoke your consent for processing of your Information. If you wish to object to the use and processing of your Information or withdraw consent to this Privacy Policy, you can contact us in the following ways:

Email:  [email protected]

Call us: +44 (0)330 060 5100

Write us: Rich Andover Realty Limited
Unit 5 Pioneer Road
Andover Business Park
Andover, GB SP11 8EZ

We have also appointed a Data Protection Officer (DPO) for the EEA and UK. You can contact the DPO at [email protected].

The requests above will be considered and responded to in the time period stated by applicable law. Note, certain Information may be exempt from such requests. We may require additional Information from you to confirm your identity in responding to such requests.

You have the right to lodge a complaint with the supervisory authorities applicable to you and your situation, although we invite you to contact us with any concern as we would be happy to try and resolve it directly. Otherwise, you may contact the UK Information Commissioner’s Office by the following means:

Form: www.ico.org.uk/global/contact-us/email/

Telephone: 0303 123 1113.

Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire
SK9 5AF

3. Lawful Basis for Processing Your Information

The lawful basis for our processing of your Personal Data will depend on the purpose of the processing. For most Personal Data processing activities covered by this Privacy Policy, the lawful basis is that the processing is necessary for our legitimate business interests. Where we process Personal Data in relation to a contract, or a potential contract, with you, the lawful basis is that the processing is necessary for the performance of our contract with you or to take steps at your request prior to entering into a contract. If we are required to share Personal Data with law enforcement agencies or other governmental bodies, we do so on the basis that we are under a legal obligation to do so. We will also use consent as the legal basis where we deem appropriate or to the extent required by applicable law, for example, before we collect precise location data from your mobile device.

Depending on what Personal Data we collect from you and how we collect it, we may also rely on various grounds for processing your Personal Data, including the following reasons:

  • Processing on the basis of legitimate business interests. When we process Personal Data on the basis that the processing is necessary for our legitimate business interests, such interests include: (i) providing, improving, and promoting our Services; (ii) communicating with current and potential customers, candidates for employment with Rich’s, other business partners, and their individual points of contact; (iii) managing our relationships with our customers and other business partners, and their individual points of contact; (iv) other business development purposes; (v) sharing information within the Company, as well as with service providers and other third parties; and (vi) maintaining the safety and security of our products, Services, and employees, including fraud protection.
  • Processing on the basis of performance of a contract.  Examples of situations in which we process Personal Data as necessary for performance of a contract include e-commerce transactions in which you purchase a service from us.
  • Processing on the basis of consent.  Examples of processing activities for which we may use consent as its legal basis include: (i) collecting and processing precise location information from your mobile device; (ii) sending promotional emails when consent is required under applicable law; and (iii) processing Personal Data on Company Services through cookies and similar technologies when consent is required by applicable law.
  • Processing because we are under a legal obligation to do so.  Examples of situations in which we must processes Personal Data to comply with our legal obligations include: (i) providing your Personal Data to law enforcement agencies and other governmental bodies when required by applicable laws; (ii) retaining business records required to be retained by applicable laws; and (iii) complying with court orders or other legal process.

If the processing of your Personal Data is based on your consent, the GDPR and Data Protection Act 2018 also allow users the right to access, revoke, or modify your consent at any time. Please see the How to Contact Us section, below, to review or modify your consents.

We are operated in the United States, and we may use service providers based in the United States to operate our business and our relationship with you. Please be aware that Information, including your Personal Data, that we collect will be transferred to, stored, and processed in the United States, a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside and/or are a citizen. We maintain measures to address the transfer of your Personal Data between our group companies and between us and our third-party providers in accordance with applicable data protection laws and regulations.

5. Retention

We will retain your Information for as long as needed for the purposes described in this Privacy Policy. More specifically, the time we maintain your Information depends on the following factors:

  • Whether we need the Information to provide the Services. We will maintain any data needed to provide you with the Services, such as contact information and payment or transaction information, for as long as needed for us to provide you with the Services, respond to your questions and requests, and/or administer your account (if applicable).
  • Whether we need the Information to comply with our legal obligations. We may have legal obligations to maintain your Information where a legal or regulatory body may ask for it in the future, for example in response to a data subject request or complaint. This information may include contact information and location information.
  • Whether we need the Information for a legitimate business interest. We may store Information like contact information, cookies, and location information in order to perform analytics, troubleshoot errors, or improve our Services. In any event, we delete the Information when it is no longer needed for our legitimate interest.

Regardless of our reason for retaining your Information, we delete all Information in accordance with our routine record keeping policies.

In the event you apply for a position with Rich’s, we will retain your data as described in the Candidate Privacy Policy. Additionally, in the event you accept a position with Rich’s, we will retain your data for the duration of your employment with us, and for a period of time thereafter, as set forth in the Associate Privacy Policy.

XI. EXERCISING YOUR DATA SUBJECT RIGHTS

To exercise any of the rights described above, please submit a verifiable consumer request to us via the methods described below.

Email:  [email protected]
Submit a request: Rich’s Privacy Web Form
Global Headquarters
Call us: 1-877-352-0077
Write us: Rich Products Corporation
One Robert Rich Way
Buffalo, New York 14213

EEA & UK
Call us: +44 (0)330 060 5100
Write us: Rich Andover Realty Limited
Unit 5 Pioneer Road
Andover Business Park
Andover, GB SP11 8EZ

We have also appointed a Data Protection Officer (DPO) for the EEA and UK. You can contact the DPO at [email protected].

 

The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Information, or an authorized representative; and
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

To help protect your privacy and maintain security, if you request access to, correction, or deletion of your Information, we will take steps and may require you to provide certain information to verify your identity before granting you access to your Information or complying with your request. In addition, if you ask us to provide you with specific pieces of Information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose Information is the subject of the request. Only you or your authorized agent may make a verifiable consumer request related to your Information. If you designate an authorized agent to make a request on your behalf, we may require you to provide the authorized agent written permission to do so and to verify your own identity directly with us (as described above). You may also make a verifiable consumer request on behalf of your minor child.

XII.GEOGRAPHIC LOCATION OF DATA STORAGE AND PROCESSING

Our Services are targeted to individuals located in the United States. As such, the Services collect Information and process and store that Information in databases located in the United States. If you are visiting the Services from a country outside the United States, you should be aware that you may transfer personally identifiable Information about yourself to the United States, and that the data protection laws of the United States may not be as comprehensive as those in your own country. By visiting the Services and submitting any personally identifiable Information you consent to the transfer of such personally identifiable Information to the United States.

XIII. CHILDREN’S INFORMATION

To Rich’s knowledge, we do not collect, sell, share, or disclose Information for users under the age of sixteen (16). The Services are intended only for users over the age of sixteen (16). If we become aware that a user is under sixteen (16) (or a higher age threshold where applicable) and has provided us with Information, we will take steps to comply with any applicable legal requirement to remove such Information. Contact us if you believe that we have mistakenly or unintentionally collected Information from a child under the age of sixteen (16).

XIV. DIFFICULTY ACCESSING OUR PRIVACY POLICY

Individuals with disabilities who are unable to usefully access our Privacy Policy online may contact us to inquire how they can obtain a copy of our policy in another, more easily readable format.

XV. “DO NOT TRACK” SIGNALS

We do not support “Do Not Track.” Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable “Do Not Track” by visiting the “Preferences” or “Settings” page of your web browser. Do Not Track is different from Global Privacy Controls (“GPC”), which may notify websites of consumers’ privacy preferences regarding the sale or sharing of personal Information, or the use of sensitive personal Information.

XVI. CHANGES TO THIS PRIVACY POLICY

We reserve the right to change, modify or amend this Privacy Policy at any time to reflect changes in our products and service offerings, accommodate new technologies, regulatory requirements, or other purposes. If we modify our Privacy Policy, we will update the “Effective Date” and such changes will be effective upon posting. It is your obligation to check our current Privacy Policy for any changes.

XX. HOW TO CONTACT US

If you have any questions about this Privacy Policy or the Information we have collected about you, please contact us at the following:

Email:  [email protected]
Submit a request: Rich’s Privacy Web Form

GLOBAL HEADQUARTERS
Call us: 1-877-352-0077
Write us: Rich Products Corporation
One Robert Rich Way
Buffalo, New York 14213

EEA & UK
Call us: +44 (0)330 060 5100
Write us: Rich Andover Realty Limited
Unit 5 Pioneer Road
Andover Business Park
Andover, GB SP11 8EZ

We have appointed a Data Protection Officer (DPO) for the EEA and UK. You can contact the DPO at [email protected].

Effective Date: September 10, 2024