WHAT BUSINESS ACTIVITIES DOES THIS POLICY COVER?
- Promotional Services. We assist businesses who are seeking to promote the sale of goods and services and the consumers for those goods and services by managing different promotional offerings such as marketing, rebates, coupons, and loyalty programs. We also operate websites and provide mobile applications that enable consumers to choose and redeem discount offers for goods and services that are of interest to them.
- Supply Chain Services. We assist businesses and consumers with supply chain needs related to reverse logistics including facilitating better management of consumer returns processing, managing product recalls, enabling the liquidation of returns or overstocked inventory, and conducting supply chain studies to generate data analytics that facilitate better supply chain management.
- Healthcare Services. We assist and support retailers, hospitals and pharmacies with financial management activities related to the provision of healthcare, such as by processing insurance payments for prescriptions and providing performance analytics.
- Government Services. We assist government entities that administer various consumer benefits programs, including but not limited to the Supplemental Nutrition Assistance Program (“SNAP”) and Temporary Assistance for Needy Families (“TANF”) programs by, among other things, processing electronic benefits transfer (“EBT”) payments and providing informational assistance to benefits recipients through an online cardholder portal and mobile application.
WHAT PERSONAL INFORMATION DOES INMAR COLLECT OR RECEIVE?
We may collect personal information directly from consumers in a variety of ways, such as:
- When a consumer registers and/or creates an account with us, we may collect authentication and other information provided by the consumer as part of the registration, such as a username, password, and contact information such as name, email address, or phone number, and security questions and answers.
- When we provide Government Services, we may collect additional authentication and other information provided by the consumer as part of the registration, such as EBT card number, PIN, date of birth, and the last four digits of the consumer’s Social Security number.
- When a consumer interacts with or makes selections on our websites and applications, we may collect records of those interactions or selections. For example, if a consumer selects a digital coupon that is offered within an application or website, we may make a record of that selection so we will be able to inform retailers that the consumer is entitled to the benefit of the coupon.
- When a consumer submits redemption information to us as part of a rebate program, such as a receipt, or other information that is otherwise necessary for us process the rebate.
- When a consumer otherwise submits information or communicates with us, such as through features like feedback forms or otherwise contacting us via telephone, email, fax, or postal mail.
We may also collect other personal information automatically when a consumer visits or uses our websites, applications, or other online services, including as described below:
- Browser and Device Information. Certain information may be automatically collected by most browsers or devices, such as information about consumer’s devices (such as IP addresses and MAC addresses), operating systems, and browsers. We may use this information to ensure that our websites and applications function properly. We may also collect advertising device identifiers, such as IDFA for iOS devices and AAID for Android devices.
- Pixel Tags and Log Files. Our websites may also use other tracking systems such as log files and pixel tags. For example, pixel tags, sometimes called web beacons, are similar in function to a cookie and can tell us certain information like what content has been viewed.
- IP Address: An IP address is a number that is automatically assigned to the computer that a consumer uses by their Internet Service Provider (“ISP”). An IP address may be identified and logged automatically in our server log files whenever a user accesses our websites, applications, or other online services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications, and other services. We may use IP addresses for purposes such as calculating usage levels, diagnosing server problems, and administering our websites, applications, and other online services.
- Location Information. We may receive consumers’ approximate location or data that indicates their approximate location, such as their IP address and locations where they redeem coupons or discounts. Such data assists us in improving our applications in future versions of our services, and also enables us to offer better services both to consumers and to our Business Customers.
We may also receive various types of personal information about consumers from our Business Customers as part of the services we provide, such as:
- When we manage a retailer’s customer loyalty program, we may obtain a consumer’s registration information, such as the consumer’s name, address, phone number and any unique ID associated with their registration. We may also receive records of consumers’ purchase histories, discounts, and other benefits to which the consumer is entitled.
- When we provide Supply Chain Services, we may receive personal information, such as consumer names, mailing addresses, and other contact information, in order to receive and manage returns for our Business Customers.
- When we provide Healthcare Services, we may receive consumers’ personal information, such as consumer names, insurance providers, insurance plans, prescription purchases, and prescription costs, in order to invoice insurance companies for prescription purchases at our pharmacy customers.
- When we provide Government Services, we may receive consumers’ personal information from government entities, such as consumer names, mailing addresses, phone numbers, languages, case numbers, EBT card numbers, benefit access type, dates of birth, and Social Security numbers.
- When our Business Customers otherwise provide or direct us to receive personal information.
Whenever we receive personal information from our Business Customers, like retailers, manufacturers, or government entities, we may use and disclose such personal information as authorized by those Business Customers. We are not responsible for the policies or practices of our Business Customers with respect to the personal information those Business Customers provide to us or otherwise collect from consumers.
FOR WHAT PURPOSES AND IN WHAT MANNER DO WE USE PERSONAL INFORMATION?
We may use personal information for purposes that include the following:
- Providing and operating our services, including for and on behalf of our Business Customers.
- Completing transactions and performing contractual obligations.
- To update or modify our websites, applications, or other online services features or operation.
- For marketing purposes.
- To communicate with consumers, our Business Customers, and others.
- To create aggregate or deidentified data.
- Storing information about consumer preferences, recognizing consumers’ activities associated with our services, and customizing consumers’ user experiences.
- Determining consumers’ locations in order to provide location-based services to consumers or our Business Customers.
- To evaluate an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceeding.
- To debug, identify, or repair errors or effectuate similar functional enhancements in connection with our websites, applications, or other services.
- To maintain the safety, security, and integrity of our websites, applications, other technology assets, and our business.
- To protect against malicious, deceptive, fraudulent, or illegal activity, and participating in any prosecution or enforcement of laws or agreements meant to prevent or punish such activity.
- Protecting the legal rights, property, safety, and security of our organizations, employees, customers and others.
- To comply with applicable law, other legal requirements, and industry standards.
- For such purposes as consumers may authorize at the time they submit the information.
TO WHOM AND FOR WHAT PURPOSES DO WE DISCLOSE PERSONAL INFORMATION?
We may disclose personal information, including for the purposes described above:
- To our Business Customers and the contractors, service providers, and other third parties our Business Customers may use to support their operations. For example, if a consumer provides us their contact and purchase information to join a retailer loyalty program, we may disclose that contact and purchase information to the retailer for whom we manage that program.
- To our affiliate organizations.
- To our contractors, service providers, and other third parties we use to support our organization.
- To communicate with consumers, our Business Customers, and others.
- To comply with applicable law, other legal requirements, and industry standards.
- To investigate or prevent unlawful activities or misuse of our services.
- To protect the legal rights, property, safety, and security of our organizations, employees, customers and others and to prevent fraud and other harm.
- To a buyer or other successor or organization in the event of an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceeding.
- For such purposes as the consumer may authorize at the time they submit the information.
THIRD-PARTY TREATMENT OF CONSUMER INFORMATION
Inmar’s mobile applications and websites may include links to applications, websites, information and services provided by third parties. Inmar is not responsible for the privacy practices of those third parties. We encourage consumers to review the applicable privacy policies of such third parties if they elect to follow the links provided.
WHAT OPTIONS AND CHOICES DO CONSUMERS HAVE REGARDING PERSONAL INFORMATION?
Consumers may choose not to provide the personal information we collect directly from them. However, not providing information we request may restrict consumers’ ability to use certain features of our services or our Business Customers’ services where we collect or receive personal information on behalf of our Business Customers. For example, consumers may be able to restrict the collection of personal information or functionality through their device’s operating system or by disabling cookies, but doing so may prevent them from using the functionality of the relevant website, application, or online service.
Some internet browsers have a “do not track” feature that lets users tell websites that they do not want to have their online activities tracked. At this time the websites, applications, and online services do not respond to “do not track” signals. We may allow third parties to use our websites, applications, and online services to collect personal information about consumers’ online activities over time and across different websites, applications, and other online products or services.
You may follow instructions contained in our marketing and promotional emails to opt out of future marketing and promotional emails.
Consumers located in the European Union (“EU”) or the United Kingdom (“UK”) may have additional choices. Consumers located in the EU or UK may refer to the “Additional Information Regarding the US-EU Privacy Shield Framework for Residents of the EU and the UK” section for additional information.
As described above, much of the personal information we process is received from or collected on behalf of our Business Customers, such as retailers and manufacturers. Where we are processing personal information received from or collected on behalf of our Business Customers, we may have no direct relationship with the individuals whose personal information we process under these circumstances. If we receive your personal information from one of our Business Customers or if we process your personal information on behalf of one of our Business Customers and you would like to make an inquiry, complaint, or otherwise exercise choices that Business Customer may provide, please contact the Business Customer that you interact with directly.
RETENTION OF INFORMATION
We may maintain personal information in our databases indefinitely. While we may remove personal information from the databases that we use in active operation of our business, some or all of that personal information may be retained in archival backups of those databases.
We maintain security measures intended to protect personal information.
ADDITIONAL INFORMATION REGARDING THE US-EU PRIVACY SHIELD FRAMEWORK FOR RESIDENTS OF THE EU AND THE UK
This section applies only to personal information we receive from EU member countries and the UK (“EU and UK Personal Information”).
We are committed to subjecting all EU and UK Personal Information to the Privacy Shield Principles. We are responsible for the processing of EU and UK Personal Information we receive under the EU-U.S. Privacy Shield Frameworks and subsequently transfer to a third party acting on our behalf. We may be liable under certain circumstances if such a third party processes EU and UK Personal Information in a manner inconsistent with the EU-U.S. Privacy Shield Framework. The U.S. Federal Trade Commission has jurisdiction over our compliance with Privacy Shield. In certain situations, we may be required to disclose EU and UK Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Consumers located in the EU or the UK may have the right to request access to their EU and UK Personal Information, and, subject to certain exceptions, to request the correction, amendment or deletion their EU and UK Personal Information, to the extent we act as a “controller” of such EU and UK Personal Information. Consumers located in the EU or the UK may also have the right to request to make choices about disclosures of their EU and UK Personal Information to third parties other than our agents or service providers or to limit uses of their EU and UK Personal Information. Consumers located in the EU or the UK can exercise these rights, if applicable, by contacting us as described in the “Contacting Us” section below. We may not be able to accommodate all requests, such where we only act as a “processor” with respect to EU and UK Personal Information that we collect or receive from or on behalf of our Business Customers in connection with services we provide to our Business Customers or when we believe the change would violate any law or legal requirement or cause the information to be incorrect. Consumers located in the EU or the UK that would like to make an inquiry, complaint, or otherwise exercise choices that one of our Business Customers may provide should contact the Business Customer that they interact with directly.
ADDITIONAL INFORMATION FOR RESIDENTS OF CALIFORNIA
We provide this “Additional Information for Residents of California” section pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. This section applies only to the extent an Inmar Company directs the purposes and means of processing of California Personal Information (as defined below) and otherwise qualifies as a “business” as defined in the CCPA. This section is not applicable where we act as a “service provider” as defined in the CCPA, such as circumstances where we collect and process California Personal Information (as defined below) from or on behalf of our Business Customers as a service provider.
As used in this section, “California Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household except for:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the California Confidentiality of Medical Information Act (“CMIA”) or clinical trial data;
- Publicly available information from government records;
- Deidentified or aggregated consumer information;
- Personal information, emergency contact information, and benefits administration information we collect about a California resident in the course of that California resident acting as our job applicant, our employee, our owner, our director, our officer, our medical staff member, or our contractor to the extent we use that information within the context of that California resident’s role as our job applicant, employee, owner, director, officer, medical staff member, or contractor; and
- Other information excluded from the CCPA’s scope, including:
- personal information that we may collect, process, sell, or disclose pursuant to the federal Gramm-Leach-Bliley Act, and implementing regulations, or the California Financial Information Privacy Act (Division 1.4 (commencing with Section 4050) of the Financial Code); and
- personal information covered by other sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”) and the Driver's Privacy Protection Act of 1994.
CALIFORNIA PERSONAL INFORMATION WE COLLECT
The table below describes the categories of California Personal Information we may have collected from consumers within the last twelve months:
A real name, alias, postal address, unique personal identifiers (such as device identifiers, internet protocol addresses, cookies, beacons, pixel tags mobile ad identifiers or similar technology, customer numbers, unique pseudonyms, user aliases, telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular customer or device), online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, pregnancy or childbirth and related medical conditions), veteran or military status, genetic information (including familial genetic information).
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
F. Geolocation data.
Physical location or movements.
G. Sensory data.
Audio, electronic, visual, thermal, or similar information.
H. Professional or employment-related information.
Current or past job history or performance evaluations.
I. Inferences drawn from other personal information.
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
SOURCES OF CALIFORNIA PERSONAL INFORMATION
We may obtain the categories of California Personal Information listed above from the following categories of sources:
- Directly from you.
- Indirectly from you.
- From our Business Customers.
USE OF CALIFORNIA PERSONAL INFORMATION
We may use or disclose the categories of California Personal Information described above that we collect for one or more of the business purposes and commercial purposes described in the “For What Purposes and In What Manner Do We Use and Disclose Personal Information” provided above.
SHARING CALIFORNIA PERSONAL INFORMATION
Disclosures of California Personal Information for a Business Purpose
We may disclose the categories of California Personal Information described above that we collect to the categories of third parties described in the “To Whom and for What Purposes Do We Disclose Personal Information” section above. In the preceding twelve months, we may have disclosed categories of California Personal Information described above that we collect for a business purpose.
Sales of California Personal Information
In the preceding twelve months, we have not sold the categories of California Personal Information described above that we collected. We do not sell your California Personal Information.
CALIFORNIA PRIVACY RIGHTS AND CHOICES
The CCPA and other California privacy laws provide California residents with specific rights regarding California Personal Information. This section describes the rights California residents have and explains how California residents can exercise those rights.
Access to California Personal Information and Data Portability Rights
California residents may request that we disclose certain information about our collection, use, and disclosure of their California Personal Information over the past twelve months. If we receive and confirm a verifiable consumer request from a California resident pursuant to the Exercising CCPA Rights section below, we will disclose to that California resident one or all of the following depending on the scope of the request:
- The categories of personal information we collected about that California resident over the past twelve months.
- The categories of sources for the personal information we collected about that California resident over the past twelve months.
- Our business or commercial purpose for collecting that personal information over the past twelve months.
- The categories of third parties with whom we share that personal information over the past twelve months.
- The specific pieces of personal information we collected about that California resident over the past twelve months.
- The categories of personal information about that California resident that we disclosed for a business purpose, to the extent we have made such disclosures over the past twelve months.
Deletion Request Rights
Subject to certain exceptions, California residents may request that we delete the California Personal Information we collected about them. If we receive and confirm a verifiable consumer request from a California resident pursuant to the Exercising CCPA Rights section below, we will delete and direct our service providers to delete that California resident’s California Personal Information, unless an exception applies.
Exercising CCPA Rights
To request that we exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us at 844-392-1073; or
- Submitting this webform.
If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response through email. Any disclosures we provide will only cover the 12-month period preceding your verifiable request's receipt. For data portability requests, we will select an industry-acceptable format to provide your California Personal Information.
Unless a request is manifestly unfounded or excessive, we will not charge a fee to process or respond to your verifiable consumer request. If we determine that a request is manifestly unfounded or excessive, we will tell you why we made that decision and reserve the right to either refuse to act on your request or charge you a reasonable fee to complete your request.
In order to protect your California Personal Information, please note that:
- Only you or an agent that you provide written permission to act on your behalf, may make a verifiable consumer request related to your California Personal Information.
- You may only make a verifiable consumer request for access or data portability twice within a 12-month period.
- The request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected California Personal Information or an authorized agent. In order to verify your request, we may ask you to provide information such as your first and last name, email address, mailing address, phone number, or any other information necessary to verify your identity.
- The description of the request must provide sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with California Personal Information if we cannot verify your identity or authority to make the request and confirm the California Personal Information relates to you. Although you may use an authorized agent to submit a request on your behalf, prior to responding we may require the authorized agent to present written and signed proof of authorization to act on your behalf, verify your identity, and confirm the authorized agent’s permission to act on your behalf directly.
You are not required to create an account with us to make a verifiable request. We will only use California Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
As described above, where we are processing personal information received from or collected on behalf of our Business Customers, we may act as a “service provider” as defined in the CCPA and have no direct relationship with the individuals whose personal information we process under these circumstances. If we receive your personal information from or on behalf of one of our Business Customers or if we process your personal information on behalf of one of our Business Customers and you would like to make an inquiry or complaint, please contact the Business Customer that you interact with directly.
Subject to certain exceptions, you have the right to not receive discriminatory treatment for exercising your access, data portability, and deletion rights described above.
Direct Marketing Disclosure Request Rights
California residents who have an established business relationship with us may request information regarding third parties, if any, to whom Inmar may have disclosed personal information (as defined by Cal. Civ. Code § 1798.83(e)(7)) for the direct marketing purposes of those third parties during the preceding calendar year.
All such requests should be submitted in writing to the Inmar Privacy Office at the postal address provided in the “Contacting Us” section below.
Attention: Privacy Office
635 Vine St.
Winston-Salem, NC 27101
Please include your name, contact information, and the nature of your request so that we can respond appropriately and promptly to your communication.