Effective date: 1 April 2017
This policy relates to the practices of RetailNext Inc. ("RetailNext") regarding our website and the products and services we sell.
This policy tells you how RetailNext handles the data of individuals ("you"). Our products are sold to companies, and we process data at their direction. To understand how these companies handle your data, you should review their privacy policies to determine their practices.
This policy also describes the personal information we collect on our own website.
What We Do
RetailNext offers a set of products and services (the RetailNext "platform") used by retailers to analyze things that happen in and around their stores. Our customers may use our products and services to collect data from sensors, including video cameras, smartphone detectors, Wi-Fi networks, or other devices, to use along with other data, like purchases, loyalty program information, weather, and third-party information. We also provide ways to let our customers' shoppers opt into analytics and marketing programs, like through free Wi-Fi networks or mobile apps.
Our customers can choose to operate our platform entirely on their own, or they may choose to let us operate the software on their behalf as an online service. To understand what our customers do with the data they receive from us or collect directly, please consult their privacy policies directly.
Our customers can elect to share some elements of their data with RetailNext so that we may use it in aggregate to analyze retail traffic and sales trends. For example, we periodically report on US retail performance trends: http://retailnext.net/en/benchmark/.
What We Collect
Smartphone Location Detection. RetailNext determines the location of a smartphone or wireless computing device by observing Wi-Fi or Bluetooth signals broadcast from that device. Individual devices are identified by a unique number (called a "MAC address") assigned to the device when it was manufactured. RetailNext logs the MAC address of these broadcasts along with the time, the signal strength, and the location of the observing sensor. RetailNext does not store the payload of wireless network packets (meaning the data that end users are sending or receiving over a Wi-Fi or Bluetooth network). Unless you explicitly opt into a related service from one of our customers, it is our policy never to use this data to identify a person by name. It is used to measure things like visit duration or the ratio of first-time to returning shoppers.
Video Recording and Location Detection. RetailNext analyzes data from video cameras to determine the paths people take through a physical space and to try to ascertain certain qualities about people, like age or gender. Our customers may use this kind of information for marketing and strategic purposes, such as to improve the layout of their stores and offer the products that most interest their shoppers. For other examples, please visit our website at http://retailnext.net/en/products/. Video is usually available for playback by the customer in the RetailNext platform. In addition to analyzing traffic flow through a store or around a particular feature of a store, video is often used to investigate theft. Additional uses of video are determined by the customer.
Guest Wi-Fi Internet Service. When customers use our service to offer Wi-Fi Internet "hotspots" at their locations, registration is sometimes required. Registration data from these services is sent to us, but the exact nature of the information categories requested is determined by our customers when they create the user registration process. Some customers only require that users read and acknowledge the terms & conditions of use, but others may request information like name, telephone number, or email address. Information about the web browser used for registration, like the device type, operating system, and browser version, is collected automatically and sent to us and the customers.
With consent, we may also collect information about use of the World Wide Web by observing outbound HTTP requests (non-secure web page requests), which may include web browser information, the URL (web address) of each page visited, search terms used, products viewed and saved on retail websites, and information entered into online forms. We do not analyze information transmitted over secure connections.
Marketing Programs. When customers use our service to automate some portions of their marketing programs, including websites, text messages, promotions on printed receipts, and other programs, some personal information may be shared with us to improve and measure the relevance of those offers to a consumer. This information may be linked to an identifier provided by a marketing program user (shopper), including email address, phone number, or loyalty program ID number. We may also use other information provided to us by a retailer.
Who We Share With
Our customers have access to most of the data we collect on their behalf. Their use of the data is governed by their privacy policies and practices.
We also contract with third-party service providers, such as virtual hosting infrastructure providers, to host our servers and databases and to provide other services to us. It is our policy to request that our service providers agree not to access or use any information or data they may have access to while providing services to RetailNext other than as specified by us and for the purpose for which it was originally collected. We shall remain responsible and liable under the Privacy Shield Principles if our service providers process information on our behalf in a manner inconsistent with the Privacy Shield Principles unless we prove that we are not responsible in that event.
Storage of this data is not always in your home country and may be transported across borders. As of the date of writing this, we store data in the United States in addition to the country in which it is collected, but we may add additional storage and processing sites without notice.
Through our platform and standard contractual agreements, it is our policy to place limits on the use of smartphone location data if a user has not explicitly opted into a related service (like a free Wi-Fi network). Unless a user has opted in, it is our policy not to share the actual MAC address of a device except as described in the "Government Requests" section below. It is also our policy to require customers to agree not to use this data to attempt to identify people without their permission.
Once data is received by RetailNext's online service from our customers' sensors, it is our policy to encrypt it as it passes between our internal services, and to encrypt it when it is at rest. We take steps, like employing firewalls and two-factor authentication, to safeguard sensitive data and prevent unauthorized access to it.
When our customers operate our platform on their own, they are responsible for maintaining the security and privacy of the data.
Notwithstanding anything to the contrary in this policy, we may preserve or disclose your information if we believe that it is reasonably necessary to comply with a law, regulation, national security requirement, or legal request or to protect the safety, property, or rights of RetailNext or others. However, nothing in this policy is intended to limit any legal defenses or objections that you may have to a third-party or government request to disclose your information.
In our hosted systems, customers may retain aggregated data indefinitely, but it is our policy to limit the retention of personal data to 2.5 years, and we allow customers to set a shorter limit. Retention of data that customers may export and store outside our hosted systems is governed by their privacy policies and practices.
Data Access, Correction, Deletion
If you wish to access, correct, restrict, or delete data collected about you, you may submit a request to the contact info below. Provided you have given us sufficient information to identify you and verify your identity, we will use reasonable efforts to comply with your request where legally required.
Opting Out of Some Data Collection
You may opt out of data processing by RetailNext for some portions of the service, like Smartphone Location Detection and Guest Wi-Fi Internet Service analytics, by using our online form at https://privacy.retailnext.net/ or by submitting a request to the contact info below.
When you opt out, we will take measures to delete historical data about your device and avoid collecting data about your device in the future.
Change of Control
If RetailNext is involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your information may be sold or transferred as part of that transaction. The promises in this policy will apply to your information as transferred to the new entity, including your right to request to opt out of the service as described above.
U.S.-E.U. Data Processing
RetailNext participates in the EU-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce, and we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
When transferring personal data from the European Union to the United States, we comply with the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity, purpose limitation, access, recourse, enforcement, and liability for data processed under that framework. We are also responsible for ensuring that third parties acting as an agent our behalf do the same.
We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. Visit the program's website at http://privacyshield.gov to learn more about the Privacy Shield program and to view our certification.
We will investigate and attempt to resolve any complaints and disputes submitted to the contact info below. If a complaint or dispute cannot be resolved through our internal process, we agree to participate in the dispute resolution procedures of the American Arbitration Association (http://www.adr.org) pursuant to the Privacy Shield Principles.
In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles.
Visiting our Websites
When you visit our websites, we use third-party services for hosting, analytics, advertising, customer support, content acceleration, and other promotional purposes, including Google (Analytics, Ad Services, Tag Manager, Hosted Libraries), Marketo, Disqus, Gaug.es, Salesforce, BMC RemedyForce, and others.
We collect the email addresses of those who communicate with us via email, information on pages visitors access, and information volunteered by the visitor (such as survey information or form submissions) to improve the content of our web pages and the quality of our service. We may use contact information you provide on our website for marketing and sales purposes. We honor requests to opt out of marketing and sales communications; if you opt out, we will maintain your contact information in our "do not contact" list.
When you purchase or evaluate our products and services we may ask for information such as your name, company name, email address, billing address, and credit card information. We use information that you provide to deliver and bill for those products and services, identify and authenticate you, contact you, and other purposes like research for product improvement.
The information we collect is not shared with or sold to other organizations for commercial purposes, except to provide products or services you’ve requested, when we have your permission, or under the circumstances described in this policy.
Web Browser DNT Notice
We only share your activity on our website with third parties according to the terms described above. Because the websites we operate do not collect or use the type of information that is generally subject to your browser’s "Do Not Track" (DNT) privacy preference, our websites do not look for this signal from your browser. Your DNT settings, however, may affect the third-party services we use (listed above).
Your web browser’s DNT setting does not affect data collection for the Services described in this policy, but the "Data Access, Correction, Deletion" section above describes how you may opt out of other data collection.
Our Policy Toward Children
Our Services are not directed to persons under 13. If you become aware that your child has provided us with personal information without your consent, please contact us using the information below. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we take steps to remove such information using the opt-out process described above.
Changes and Contact Info
60 S. Market Street, Floor 10
San Jose, CA 95113
Updated 1 June 2016 to explain our marketing program automation product, clarify which products are affected by the choice to opt out at https://privacy.retailnext.net/, and update Safe Harbor information based on the changes in that program. - Link - PDF
Updated 1 May 2015 to update Safe Harbor status for RetailNext, add a section header for opting out, and clarify that information you provide to us on our marketing website may be used for sales and marketing purposes. - Link - PDF
From Nearbuy Systems (prior to its acquisition by RetailNext):
You can also track and compare changes to our policies on GitHub at https://github.com/retailnext/privacy-policy.