What is the general nature of Inmar’s business and information usage?
The Inmar Companies provide a variety of services to manufacturers, retailers and consumers. We assist businesses in marketing their products and services to consumers, and we assist consumers as they shop for products and services that match their preferences. For example, Inmar Companies process rebates and coupons that are redeemed by consumers at grocery stores and other locations, and we manage consumer loyalty programs (like grocery store discount cards) for our retailer customers. Inmar Companies also operate websites and provide mobile applications that enable consumers to choose discount offers for goods and services that are of interest to them, and then we provide services that enable consumers to obtain those discounts when they use their loyalty cards at participating retailers. Because Inmar Companies sometimes work with multiple retailers where an individual consumer participates in loyalty programs, we often have an ability to identify categories of products and services that are likely to be of interest to the individual consumer, based on his/her past purchases at a variety of retail locations, so that retailers who send advertisements to their customers are more likely to send only relevant ads that consumers want to receive. Inmar Companies provide services that help business customers identify products and services that consumers want, and that help consumers save money as they shop for those products and services.
What consumer information does Inmar collect? How does Inmar collect that information?
Inmar collects information directly from consumers in a variety of ways.
When a consumer uses one of our mobile applications or websites, he or she may be required to register and/or create an account with us, and we collect the information provided by the consumer as part of the registration.
Our applications and websites provide information to end users, such as digital coupons and other information about available discounts at participating retailers. When a consumer interacts with such an application or website, we may collect a record of each interaction. For example, an end user may select a digital coupon for a product that is offered within the application or website, and we will ordinarily make a record of that selection. Later, when the consumer purchases that product at a retailer whose loyalty program we manage, assuming the consumer meets the coupon’s requirements (e.g., purchase before expiration of the coupon’s validity period) we will be able to inform the retailer that the consumer is entitled to the discount offered by the digital coupon.
We may also collect any information that the consumer’s computer or mobile device tracks about the manner in which the application or website is used, such as the consumer’s geographic locations and/or other statistics regarding his/her use. Such data assists us in improving our applications in future versions, and also enables us to offer better services both to consumers and to our business customers. For example, if we are able to identify the location where a consumer is using an application, our applications may be able to suggest discounts available at nearby retailers.
We may also collect information regarding any preferences that the consumer chooses to indicate in the application or website, such as configurations or optional settings selected by the end user.
We may collect and retain all information that consumers submit to us as part of rebate programs. For example, a consumer may submit information that identifies a recent purchase (e.g., a receipt) or that is otherwise necessary in order to process the rebate. Such information may be collected electronically when consumers submit the information online, or it may be collected from materials submitted via postal mail or other means of physical delivery.
Inmar utilizes a variety of technologies to collect information directly from consumers. Our applications may include features that automatically track usage, and they may include features (such as feedback forms) that enable end users to provide information to us voluntarily. Inmar websites may also use available Web-based technologies to collect consumer data, such as cookies or web beacons, and may collect any information that an end user’s browser provides, such as information identifying the end user’s operating system and Internet protocol address. Inmar may also collect information from consumers from sources like telephone, fax or email.
Inmar also obtains a variety of information about consumers in the course of providing services to our business customers, such as retailers and manufacturers. We may collect that information directly from consumers as we provide such services, or we may receive that information from our business customers after they have collected it from consumers. For example, when we manage a retailer’s customer loyalty program, we may obtain a consumer’s registration information, including the customer’s name, address, phone number and any unique ID associated with his/her registration. When a consumer makes a purchase using his/her loyalty program ID (e.g., by scanning or swiping a loyalty card in a checkout line at the grocery store), our computer systems may manage the loyalty program for the retailer by automatically reviewing items being purchased and identifying any discounts or other benefits to which the consumer is entitled. We may maintain records associated with the consumer’s purchase history in such instances.
Some Inmar Companies provide financial management services to pharmacies, including sending invoices to insurance companies for amounts owed to the pharmacies for things like prescription medications dispensed to consumers. Inmar may receive a variety of information about the consumers as necessary to perform those services, such as the consumer’s name, insurance provider, insurance plan, prescriptions, and prescription costs. Some of that information may be subject to regulation under applicable law (e.g., information that is considered “Protected Health Information” is subject to the Health Insurance Portability and Accountability Act of 1996), and Inmar endeavors always to comply with applicable regulations, as well as any obligations of confidentiality that are created by its contracts with the pharmacies. To the extent not prohibited by applicable law or its obligations to pharmacy customers, Inmar may collect and use information provided by the pharmacy to provide services to the consumers themselves or to assist its business customers in offering products and services of interest to consumers. For example, if Inmar knows that a particular consumer was dispensed prescription allergy medicine by a pharmacy customer, and if Inmar manages a retailer loyalty program where that consumer later shops, Inmar may be able to suggest helpful discounts that are available from the retailer, such as a coupon for a generic version of the same medication. To be clear, however, in all such instances Inmar never discloses a consumer’s Protected Health Information except as necessary to perform the services it has been asked to perform by the pharmacy or by the consumer.
For what purposes and in what manner do we use and disclose consumer information?
Most information collected by Inmar is statistical data that is not capable of identifying a particular individual (“Anonymous Data”). Some information collected by Inmar, like name, address, and phone number, is capable of identifying an individual (“Personal Information”). Information about an individual that is associated with his/her Personal Information is also considered Personal Information. For example, a data record indicating that an anonymous person recently purchased a particular item would be Anonymous Data, but if that same record is associated with a person’s name or other Personal Information, the purchase record is also Personal Information for so long as it is so associated. Together, we refer to Anonymous Data and Personal Information as “Consumer Information.”
In general, we use Consumer Information to provide services to consumers, such as making the benefits of store loyalty programs available and/or processing of digital coupons. We also use Consumer Information to assist our business customers, like retailers and manufacturers, in marketing and providing products and services that will be of interest to consumers. We also use Consumer Information to provide helpful services to businesses such as coupon processing, rebate processing, and loyalty program management.
We may use, process and disclose all Consumer Information as necessary to perform the services for which the information was provided. For example, if a consumer uses one of our mobile applications to select a “digital coupon” available from one of our retailer customers, we will disclose that information to the retailer customer as necessary to enable the consumer to redeem the digital coupon. As another example, if a consumer uses one of our mobile applications to redeem a rebate offered through that application by one of our customers who is a manufacturer, we may disclose Consumer Information both to the manufacturer customer and to applicable third party payment services (e.g., PayPal) as necessary to process the rebate.
If we manage the loyalty programs for more than one retailer where the same consumer shops, in some cases we may have the ability to merge that consumer’s records from all such retailers, which enables us to offer even better services to both the consumer and the retailers. For example, by building a more complete profile of a consumer’s purchasing history via the various loyalty programs we manage, we may be able to help retailers offer better values to their customers, such as discounts on products that are most likely to be of interest to particular consumers.
We may disclose Consumer Information, including Personal Information, to the particular business customers on whose behalf we have collected it, and you consent to their use of such information for their business purposes. For example, when a consumer first signs up for a department store’s loyalty program that happens to be managed by Inmar, we may receive Personal Information such as the individual’s name, address, phone number, email address or other personal information. Later, when that individual purchases a selection of products at that department store, we may collect a variety of data related to the transaction, including a list of items purchased, prices paid, and payment method. We may deliver all such Consumer Information to the retailer.
Inmar may be required to disclose an individual’s Personal Information to comply with the law or an order issued by a court or an authorized administrative agency, to respond to a subpoena, or in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
In addition to the general policies described above, Inmar may disclose Personal Information in any of the following specific circumstances: (i) if such disclosure is made to protect the rights or property of Inmar or any Inmar Companies, prevent a crime, or protect the personal safety or rights of others; (ii) to our service providers for the purpose of providing services on our behalf, such as customer service, information technology services, and hosting services; (iii) as part of a merger or consolidation, or part of the sale of all or substantially all the stock or assets of the business to which the information pertains; (iv) as part of a disposition in a bankruptcy proceeding in a transaction approved by the bankruptcy court; and (v) in other instances when we have gotten your permission before disclosure.
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Inmar is potentially liable. Accordingly, if we disclose Personal Information collected from the EU to another Inmar Company or any other third party, we will (i) transfer such data only for limited and specified purposes, (ii) ascertain that the Inmar Company or other third party is obligated to provide at least the same level of privacy protection as is required by the US-EU Privacy Shield Principles, (iii) take reasonable and appropriate steps to ensure that the Inmar Company or other third party, as applicable, processes such Personal Information in a manner consistent with such Privacy Shield Principles; and (iv) require the Inmar Company or other third party, as applicable, to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles, and, upon receiving such notice, take reasonable and appropriate steps to stop and remediate unauthorized processing.
Treatment of Consumer Information in connection with mergers and acquisitions.
Third-Party Treatment of Consumer Information
Inmar’s mobile applications and websites may include links to applications, websites, information and services provided by third parties. Inmar is not responsible for the Privacy Practices of those third parties. We encourage consumers to review the applicable privacy policies of such third parties if they elect to follow the links provided.
Whenever Inmar receives Consumer Information from its business customers, like retailers and manufacturers, Inmar relies upon the business customers to obtain any consent from consumers that may be required to authorize Inmar’s Privacy Practices related to the applicable Consumer Information. We may use and disclose such Consumer Information as authorized by those business customers. Inmar is not responsible for the policies or practices of those business partners with respect to the Consumer Information those business partners collect.
Inmar does not knowingly collect Personal Information from children.
Protecting the privacy of children is very important to Inmar. Except as noted below, Inmar does not knowingly collect Personal Information from children under the age of 13, and Inmar’s products and services are not designed to attract or provide services to persons under 13 years of age. If we later learn that a user is under 13 years of age, we will make a good faith effort to remove that person’s Personal Information from our databases. We will also ask any Inmar Companies to whom we have disclosed such Personal Information to make good faith efforts to remove the same from their databases.
Choice and Access: What options and choices do consumers have regarding our Privacy Practices? How may a consumer obtain access to Personal Information about himself/herself held by Inmar?
A consumer may elect to withdraw his/her consent to future collections of Sensitive Data by sending a written notice to Inmar’s Privacy Office at the address below. Such notice should state clearly that the individual wishes to withdraw his/her consent to Inmar’s future collection of Sensitive Data directly from the consumer. Following Inmar’s receipt of that notice, Inmar will take steps to stop future collections within a reasonable time. If the consumer so requests, Inmar will make good faith efforts to remove previously collected Sensitive Data about the consumer from Inmar’s databases, except in the limited situations described below. In such instances, Inmar will also ask any Inmar Companies to whom we have disclosed such Sensitive Data to make good faith efforts to remove the same from their databases.
Consumers may write to Inmar’s Privacy Office at the following address:
Attention: Privacy Office
635 Vine St.
Winston-Salem, NC 27101
Notwithstanding Inmar’s policies regarding Sensitive Data described above, unless required to do so by applicable law, Inmar will not attempt to remove Sensitive Data that may be retained solely in archival copies of its databases (e.g., tape backups retained for auditing purposes). Furthermore, Inmar will not be required to remove Sensitive Data from its databases to the extent the same are Partner-Provided Data, or if the burden or expense of accomplishing such removal would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his or her query to the Inmar Privacy Office. If requested to remove data, we will respond within a reasonable timeframe. Inmar will exercise good faith efforts to provide access to such Personal Information to the extent it is available within a reasonable time, and will exercise good faith efforts to correct or amend information that the consumer believes to be inaccurate, except where the burden or expense of providing access, correction or amendment would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
In some circumstances applicable law may provide consumers a right to request a report regarding Inmar’s disclosures of Protected Health Information or other Personal Information about himself or herself, and Inmar will always undertake to provide such information as required by applicable law. For example, pursuant to California Civil Code Section 1798.83 (the “Shine the Light Law”), a California resident may request an information statement from Inmar regarding disclosures of Personal Information about that resident, if any, that Inmar has made to third parties for direct marketing purposes during the preceding calendar year. All such requests should be submitted in writing to the Inmar Privacy Office at the address set forth above. Inmar will endeavor to respond to such requests within a reasonable time by providing a report that includes the information required by applicable law.
Retention of Information
Inmar’s ability to provide valuable services both to consumers and to business customers increases as Inmar develops better, more accurate profiles of consumer purchasing patterns and preferences. For example, if we are able to collect a consumer’s purchasing history from his/her participation in several store loyalty programs, we are better able to understand the kinds of products and services that the consumer ordinarily needs, when he/she ordinarily purchases them, and where he/she ordinarily prefers to purchase them. Over time, our understanding of the consumer’s preferences improves. As a result, we are better able to identify discounts (or suggest that our retailer customers and manufacturer customers offer discounts) that will be of most interest to the consumer. Accordingly, we may maintain Consumer Information in our databases indefinitely, except to the extent we are required to remove such Consumer Information by applicable law, and except as described above regarding Sensitive Data. Even after we remove Consumer Information from the databases that we use in active operation of our business, some or all of that Consumer Information may be retained in our inactive archival backups of those databases.
Information Security and Integrity
We exercise reasonable security measures consistent with industry standards to protect against unauthorized access to Personal Information stored in our databases, and to prevent unauthorized use, alteration, corruption or disclosure of that Personal Information. Personal Information stored in our possession is maintained behind firewalls, and our servers are located within facilities that are subject to physical security measures designed to prevent unauthorized access.
While we believe our policies and practices regarding information security and integrity are reasonable, we cannot guarantee that the security and/or integrity of Personal Information will not be breached or that such Personal Information will not be subject to unauthorized access, alteration, corruption or disclosure. We review our information security policies and practices periodically and may update them as we determine reasonably necessary to achieve information security and integrity consistent with industry standards.
Declaration of Compliance with US-EU Privacy Shield Principles
Verification and Enforcement
Inmar is subject to the investigatory power and enforcement authority of the Federal Trade Commission, and Inmar is committed to resolving your complaints about our Privacy Practices. If you have inquiries or complaints regarding Inmar’s collection, use and/or disclosure of your Personal Information, you may contact the Inmar Privacy Office at the address given above.