INMAR BRAND SOLUTIONS PRIVACY NOTICE

This Privacy Policy describes the policies and practices of Inmar Brand Solutions, Inc. (referred to as “Inmar,” “we,” “our,” or “us”) regarding our collection, use, and disclosure of consumer personal information. This Privacy Policy does not apply to data collection and usage activities on our corporate website https://www.inmar.com/.

CATEGORIES OF DATA WE COLLECT

The types of personal information we collect depend on how you interact with us and the services we support, such as digital coupons, rebates, loyalty programs, and marketing activities.

We may collect the following categories of personal information:

  • Identifiers

    Such as your name, postal address, email address, phone number, account credentials, or other similar identifiers.

  • Device and Online Identifiers

    Such as IP address, mobile device identifiers (e.g., IDFA, AAID), cookie identifiers, and similar technologies.

  • Demographic Information

    Such as age range, gender, and general household characteristics.

  • Commercial Information

    Such as purchase history, transaction details, and product preferences.

  • Internet or Network Activity

    Such as browsing history, search history, interactions with websites, applications, or advertisements.

  • Geolocation Data

    Such as general location derived from your IP address or, where permitted, more precise location information.

  • Inferences

    Such as preferences, interests, and characteristics derived from other personal information.

HOW WE COLLECT PERSONAL INFORMATION

We may collect personal information about consumers in a variety of ways, such as:

  1. Information You Provide Directly to Us or Our Partners

    We collect data when you interact with us or our partners’ services, including:

    • Account Registration: Information such as your name, contact details, username, password, and security questions.
    • Service Interactions: Records of your activity, such as digital coupon selections or rebate submissions (including receipts).
    • Direct Communication: Information provided via feedback forms, email, phone, fax, or postal mail.
  2. Automated Collection

    When you interact with our online services, we may automatically collect technical and usage data to ensure functionality, security, and performance. This includes:

    • Device & Browser Info: IP addresses, MAC addresses, device identifiers (e.g., IDFA, AAID), and operating system information.
    • Tracking Technologies: Data collected via cookies, pixel tags, log files, and beacons (e.g., pages viewed, time spent, and referring URLs).
  3. Analytics & Interest-Based Advertising

    We use analytics to understand how you engage with our services or our partners’ services and improve user experience. Additionally, we may:

    • Measure Ad Effectiveness: Tailor content to your interests across third-party platforms (e.g., LinkedIn) using pseudonymous or hashed identifiers.
    • Behavioral Tracking: Build audiences for interest-based advertising, provided your settings allow for it.
  4. Information from Business Customers

    We receive data from our retail and manufacturing partners to support specific services, such as:

    • Loyalty Programs: Registration info and purchase history.
    • Service Fulfillment: Data necessary to provide managed services to our Business Customers.

Whenever we receive personal information from our Business Customers, like retailers or manufacturers, we may use and disclose such personal information as authorized by those Business Customers. We are not responsible for the policies or practices of our Business Customers with respect to the personal information those Business Customers provide to us or otherwise collect from consumers.

We may combine the information we obtain from third parties with information that we or our affiliated organizations have collected about you.

HOW WE USE PERSONAL INFORMATION

We may use personal information for purposes that include the following:

Service Delivery & Operations:

  • Fulfilling contractual obligations and completing transactions.
  • Operating services on behalf of our Business Customers.
  • Providing location-based functionality and personalized experiences.

Communication & Marketing:

  • Managing business development and responding to inquiries.
  • Promoting our Business Customers’ products and services through tailored marketing and interest-based advertising.
  • Communicating with you and providing transactional support.

Product Research & Improvement:

  • Conducting research and analytics to evaluate usage trends.
  • Enhancing functionality, debugging technical issues, and updating features.
  • Creating anonymized or aggregated data for internal and permitted external analysis.

Data Enrichment and Tokenization:

  • Collaborating with partners to facilitate identity resolution and mapping across different digital devices.
  • Pseudonymizing and tokenizing identifiers for campaign activation and measurement.

Predictive Modeling and Interest-Based Personalization:

  • Analyzing behaviors including purchase history and web browsing activity to assess trends and draw inferences about consumer preferences.
  • Using predictive insights to build audience segments that anticipate expected future behaviors.
  • Delivering personalized content across third-party platforms based on specific consumer interests.

Creator and Social Services:

  • Aligning creator audiences with relevant brand opportunities using our proprietary technology that enhances personalization by targeting based on interests, location, and browsing history.
  • Measuring and monitoring engagement content and audience sentiment to ensure campaign integrity and regulatory compliance.

Security & Integrity:

  • Protecting the safety and security of our systems, assets, and personnel.
  • Preventing fraudulent, deceptive, or illegal activity.
  • Supporting investigations and ensuring technical integrity.

Legal & Corporate:

  • Complying with applicable laws, regulations, and industry standards.
  • Enforcing our policies, terms of use, and legal rights.
  • Evaluating or participating in business transactions (e.g., mergers, acquisitions, or restructuring).
  • Executing any other purpose authorized by your consent or permitted by law.

Where required by law, individuals may have the right to object to or limit processing, or to withdraw consent where consent is relied upon.

Data Retention: We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

HOW WE DISCLOSE PERSONAL INFORMATION

We may disclose personal information as necessary to support our services or meet legal obligations. We categorize our disclosures as follows:

  • To Support Our Business Customers: We may disclose personal information to retailers, manufacturers, and their designated service providers when you participate in programs we manage for them (e.g., loyalty programs, rebate processing, etc.).
  • To Our Service Providers & Affiliates: We may disclose personal information to our internal affiliates and vetted third-party contractors who perform essential functions on our behalf (e.g., IT support, data hosting, platform analytics, etc.).
  • For Legal & Safety Obligations: We may disclose information when required by law, regulation, or industry standards, or to protect our organization:
    • Legal Compliance: To comply with court orders, subpoenas, or lawful government requests.
    • Enforcement: To enforce our terms of use, contracts, or other legal rights.
    • Safety & Fraud Prevention: To investigate illegal activity, prevent fraud, and protect the property, safety, and security of our employees, customers, and the public.
  • Corporate Transactions: If Inmar is involved in a merger, acquisition, divestiture, or similar corporate restructuring, your information may be transferred as part of that asset sale or transition.
  • With Your Authorization: We may disclose your information for any other purpose that you explicitly authorize or consent to at the time you provide the data.
  • Sale or Share of Personal Information: We may disclose personal information to advertising partners and analytics providers in ways that may constitute a “sale” or “share” under certain U.S. state privacy laws. We may share your personal information with the following categories of recipients:
    • Data platforms
    • Demand-side platforms
    • Supply-side platforms
    • Identity resolution providers
    • Geolocation service providers

INTERNATIONAL USERS

Our services are not targeted to individuals outside of North America. If you are located outside the United States, please be aware that information we collect may be transferred to, processed and stored by us or our service providers outside the country in which you are located, including in the United States, in accordance with this Privacy Policy and applicable laws. By interacting with our services, you understand and consent to the transfer of your information to us or our service providers outside the country where you reside.

CHILDREN’S DATA

Our services and websites are not directed to children and are not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16 without appropriate consent, we will delete it as required by law. We may use information related to children to create audience segments associated with the adult parent of a child (e.g. parent of a newborn, parent of a teen, etc.) but will not collect identifiable information about the child.

PRIVACY RIGHTS AND CHOICES FOR RESIDENTS OF CERTAIN U.S. STATES

Certain U.S. state privacy laws, including the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”), as well as privacy laws in Colorado, Connecticut, Virginia, Utah, Oregon, Texas, Montana, Delaware, Tennessee, Washington, and any other U.S. state with similar requirements (collectively, “Applicable State Laws”), provide eligible residents with specific rights regarding their personal information. This section describes those rights and how eligible residents may exercise them, as applicable.

Depending on the state in which you reside and the nature of our interactions with you, you may have some or all of the following rights under Applicable State Laws:

  1. Right to Know / Access
    The right to request access to the personal information we have collected, used, disclosed, or processed about you.
  2. Right to Delete
    The right to request deletion of personal information we have collected from you or maintain about you, subject to certain exceptions.
  3. Right to Correct
    The right to request that we correct inaccurate personal information we maintain about you.
  4. Right to Data Portability
    The right to request a copy of certain personal information in a portable, readily usable format.
  5. Right to Opt Out of Certain Processing Activities

    Depending on your state, you may have the right to opt out of:

    • Interest-based advertising / cross-contextual behavioral advertising
    • The “sale” or “sharing” of personal information
    • Profiling in furtherance of decisions that produce legal or similarly significant effects

    We will honor browser-based opt-out signals (such as Global Privacy Control) where required by Applicable State Laws.

  6. Right to Limit the Use and Disclosure of Sensitive Personal Information (California Only)
    If we collect information classified as “sensitive personal information” under California law, California residents may have the right to limit certain uses or disclosures of that information.
  7. Right to Appeal (Colorado, Connecticut, Virginia, Oregon, Texas, and others)
    If we deny a privacy rights request, certain states provide residents with the right to appeal our decision. We will provide instructions for submitting an appeal in our response.
  8. Washington My Health My Data Act
    Washington’s My Health My Data Act (“MHMD”) provides Washington residents with specific rights regarding “consumer health data,” as defined under the law. Any health-related information processed by Inmar is collected and processed on behalf of its Business Customers and is governed by applicable agreements. To the extent MHMD applies, Washington residents may direct requests regarding consumer health data to the applicable Business Customer.

EXERCISING YOUR PRIVACY RIGHTS

Eligible residents may submit requests to exercise their privacy rights—such as the rights to access, delete, correct, or obtain a portable copy of their personal information—by submitting a verifiable request through one of the following methods:

You do not need to create an account with us to submit a request. We will use the personal information you provide in connection with your request only to verify your identity or authority to make the request and to respond.

Verification Requirements

To protect personal information, we must verify your identity before processing your request. Verification may require you to provide:

  • Your first and last name,
  • Email address,
  • Mailing address or telephone number,
  • Or other information necessary for us to reasonably confirm your identity and your relationship with us.

We may require additional verification information for sensitive or high-risk requests (such as access or deletion).

If we cannot verify your identity or authority, we will notify you and may deny the request. You may have the right to appeal our decision and we will provide an avenue for appeal if you are eligible.

Authorized Agents

In certain states, you may designate an authorized agent to submit a request on your behalf.

Authorized agents must provide:

  • Written permission signed by you, or
  • A valid power of attorney, and
  • Information sufficient for us to verify both your identity and the agent’s authorization.

We may require you to verify your identity directly with us or confirm that you provided the agent permission.

Response Timing and Format

We will respond to verifiable requests within 45 days of receipt, or as required by Applicable State Laws. If reasonably necessary, we may extend our response period by an additional 45 days (up to 90 days total) and will notify you of the extension and the reason.

When provided, our response will generally cover the 12-month period preceding your request. For data portability requests, we will provide information in a portable, readily usable format that allows you to transmit the data to another entity.

We do not charge a fee to process or respond to verifiable consumer requests unless a request is manifestly unfounded or excessive. If a fee is permitted by law, we will inform you before completing the request.

You may submit up to two access or data portability requests within a 12-month period, as permitted by applicable law.

Requests Involving Information Processed on Behalf of Our Business Customers

As noted above, when we process personal information on behalf of our Business Customers, we act as a service provider or processor under Applicable State Laws. In those circumstances, we may have no direct relationship with the individuals whose personal information we process.

If we received your information from one of our Business Customers, or process your information on their behalf, please contact that Business Customer directly to exercise your rights. Where required, we will assist the Business Customer in responding to verified requests.

NON-DISCRIMINATION

Subject to certain exceptions, you have the right to not receive discriminatory treatment for exercising your privacy rights described above.

RIGHTS OF NEVADA RESIDENTS

Nevada residents have the right to request that we do not sell your personal information (as defined in N.R.S. § 603A), even if your personal information is not currently being sold.

All such requests should be submitted in writing to the Inmar Privacy Officer at the postal address provided below.

DATA BROKER

In some cases, Inmar Brand Solutions, Inc. operates as a “data broker” under certain U.S. state laws. This means we may collect personal information about consumers from third-party sources and share it with our customers and partners for purposes such as analytics, marketing, and measurement.

To the extent we act as a data broker, we are registered with state authorities as required by law, including in Texas. To conduct business in Texas, a data broker must register with the Texas Secretary of State (Texas SOS). Information about data broker registrants is available on the Texas SOS website.

You have the right to opt out of the sale or sharing of your personal information and, where applicable, to request deletion. See the “Privacy Rights and Choices” section below for more information.

PRIVACY POLICY CHANGES

Inmar reserves the right to update this Privacy Policy from time to time. We will make any such updates publicly available for review, and will indicate the date as of which the revised Privacy Policy becomes effective. As permitted under applicable law, by using our services after such notice, you consent to our updates to this policy as of the Effective Date listed below.

CONTACTING US

If you have any questions or comments about this Privacy Policy or would like to exercise any applicable rights under this Privacy Policy, please contact Inmar’s Privacy Office at:

Inmar, Inc.
Attention: Privacy Office
1 W. 4th St., Suite 500
Winston-Salem, NC 27101
Email: privacy@inmar.com

Please include your name, contact information, and the nature of your request so that we can respond appropriately and promptly to your communication.

This Privacy Policy is effective as of and was last updated on: