Privacy Policy
Effective: September 13, 2021
Digital River’s Commitment to Privacy
Digital River, Inc. and its subsidiaries (collectively “Digital River”, “we”, and “us”) is a world-class online global reseller services provider. We provide essential compliance, fraud, tax and payment services to the supplier or manufacturer (“Supplier”) whose name appears on the website or commerce solution where this privacy policy (“Privacy Policy”) appears (“Site”). When we make products and service rights (“services”) available for sale through the Site, we do so as an authorized reseller on behalf of our Supplier.
We are committed to earning and keeping your trust, while giving you control over the information that is personal to you. Being accountable to you is a responsibility we take seriously. Our commitment to privacy, including processing and protecting personal data, is demonstrated in this privacy policy ("Privacy Policy").
This Privacy Policy applies to our processing of personal information collected from the Site where this Privacy Policy appears. This Privacy Policy does not apply to our Supplier’s use of information nor does it apply to information collected by other third parties. Please carefully review each privacy policy posted on each Site you visit.
Contents
- Contents
- Key Terms
- Information We Collect
- Our Legal Basis for Processing Personal Data
- How We Use Your Information
- How We Share Your Information
- How We Protect Your Information
- Your Rights to Access and Control Your Personal Data
- Data Retention Policy
- Do Not Track Requests
- Children's Privacy Policy
- Failure to Provide Personal Data or Grant Consent When Requested
- Data Controller
- Automated Processing
- Privacy Policy for European Residents
- Privacy Policy for California Residents
- Privacy Policy for Brazilian Residents
- Privacy Policy for South Korea Residents
- Notice to Japan Residents
- Changes to This Privacy Policy
- Grievance Officer/Data Protection Officer
- How to Contact Us
Key Terms
The following key terms shall be used in this Privacy Policy:
- Aggregated Data: Data that is consolidated and presented in a summarized manner, not by individual.
- Anonymous Information: Information that has undergone anonymization such that it can no longer be used to identify an individual and cannot be combined with other information to re-identify an individual.
- Data Controller: The natural person or legal entity which, alone or jointly with others, determines the purpose for which data is used and the means of the processing of Personal Data.
- De-identified Data: Data where certain identifiers are removed to prevent a person's identity from being directly connected with the information (such as masking certain personal identifiers).
- Personal Data: Any information relating to or regarding an identified or identifiable natural person or information that can be used to identify you (or your household), either alone or in combination with other information available to us. This may include your name, shipping and billing address, e-mail address, phone number, identification number (where applicable), date of birth (where applicable), time and location data, bank account information, transaction and payment records, delivery records and other information associated with your account.i
- Special Categories of Data: Categories of Personal Data that require a heightened level of protection under data protection legislation in some jurisdictions because it reveals or concerns sensitive information, such as health matters, race, or ethnic origin.
- Standard Contractual Clauses: Any set of contractual clauses, approved by the European Commission, for the transfer of personal data to processors established in a third country (outside of the EU/EEA) where that third country does not ensure an adequate level of protection.
- Supervisory Authority: Supervisory Authority (or its equivalent under any data protection legislation) is the independent public authority to whom consumers may lodge a complaint.
Information We Collect
When you place an order from or otherwise use the Site, we collect the following types of information:
Information You Manually Provide
In the process of placing an order on the Site, you provide information required to complete your transaction, validate your identity, confirm compliance with regulations related to the purchase, and to complete the transaction. This may include information such as address, credit card data, or stored wallet billing information. This information is provided to us under the conditions established under this Privacy Policy and the privacy policy of our Supplier. In addition to transactional information, you may provide additional information when seeking support for your purchase or other services from us, such as when you use customer service or download or register products. We may also collect information you provide us if you enter a contest or promotion, or sign-up to receive newsletters or related services. We may also collect information when you apply for a job opening or otherwise submit employment data to us.
Special Categories of Data
Generally, we do not collect or process Special Categories of Data. However, there could be a situation (such as for employment purposes) where we may process such data. In this case, we will be sure to comply with applicable data protection legislation, including relying on the necessary legal grounds to process the data (e.g., processing health data for an insurance contract). We shall use reasonable security practices and procedures to safeguard your Special Categories of Data.
Information from Your Browser or Device
We may also receive information from your web browser. This may include information that does not identify you personally (such as the date and time of your visit). The information we receive depends on the settings on your web browser. Unless prohibited by law, creating a user identity during a visit to the Site constitutes your consent to processing your Personal Data, and we may link the information your browser provides to information that identifies you personally, as described below. Please consult your browser’s help function to learn how to change the settings. We may also collect limited Personal Data (e-mail address) through web technologies in connection with your use of the Site, as described below.
Geolocation Information
When you use a smart phone, mobile device or computer to access the Site or use our mobile application, we may collect information about your physical location. We may combine this information with other location-based information (e.g., your IP address and billing/postal code), to provide you with other services on your mobile device. We share your location information only with third parties that help us provide you with services. You can opt out of sharing this information by changing the permissions in your mobile device.
Cookies and Other Similar Technologies
The information we collect using cookies and similar technologies is not typically personally identifiable, but we may link it to Personal Data that you provide. We use cookies and other similar technologies to collect information and support certain features of the Site. As the Internet evolves, we may use different types of technologies for this purpose. For example, we may use these technologies to collect information about how visitors use the Site (such as which pages they visit, links they use). We analyze this information to better understand our visitors' interests, needs and to improve the content and functionality of the Site. We may also use the information to support Site features by not asking you to re-enter information we already possess. We also use this information to personalize your experience when you use the Site and to improve marketing efforts, including through use of targeted advertising.
If you do not wish to receive cookies, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. Although you are not required to accept cookies, you may be unable to use all the Site functionality if your browser rejects our cookies.
For more about our use of cookies and similar technologies, see our cookies statement.
Third-Party Cookies and Other Similar Technologies
Web technologies may also be placed on the Site by third party providers. Also, we or third-party providers may place web technologies on behalf of the Supplier whose branding appears on the Site or its service providers. In this way, our Supplier would be allowed to use the data collected. This information is used to enhance your experience with the Site, for marketing analysis, for targeted and display advertising, and for quality improvement. We may collect your IP address through web technologies.
We and our Suppliers may use third party service providers in connection with the Site, which may include but are not limited to: Alexa Metrics, Google Analytics, Omniture, and ClickTale. These and other service providers may collect information about your visits to websites, your interaction with that website, and the products and services offered by us or our Suppliers. Their collection and use of information are subject to their own privacy policies.
For more information regarding these third-party services and how to opt out, please visit www.networkadvertising.org/consumer/opt_out.asp, www.aboutads.info/choices, or https://www.youronlinechoices.com/ (in the EU and UK).
Information from Third Parties
We may also receive certain information about you from third parties, such as through your use of a social network authentication to sign-in to the Site, your use of an authenticated payment method, or through other online data sources, according to the rules of the use and processing of such information established by the respective source. If any Personal Data are freely available or accessible in the public domain, we will not have any obligations to you regarding the same.
Our Lawful Basis for Processing Personal Data
In certain jurisdictions, the processing of your Personal Data is lawful only if it is permitted under data protection legislation. We rely on several legal grounds to ensure that our processing and use of your data is compliant with applicable laws and that we have a lawful basis for processing activities as outlined below:
- Performance of a Contract. By completing a transaction through this Site, you are entering into a contract for the sale of products or services, which is governed by our Terms of Sale. We must process your personal information to fulfill our obligations under that contract.
- Consent. By using the Site or otherwise submitting your Personal Data to us, you consent to our collection, use and sharing of your information as described in this Privacy Policy. If you do not consent to this Privacy Policy, please do not use or submit your information through the Site.
- Legitimate Interest.We may process Personal Data where processing is necessary for our (or a third party’s) legitimate interests where those interests are not overridden by the interests or rights and freedoms of the data subject. We will process your data based on legitimate interest, for reasons such as for fraud screening, payment optimization, and compliance with any applicable regulatory scheme governing the transaction. We may process your Personal Data to market to and contact you or to start a conversation using data collected from public sources. We may also, in compliance with applicable law, process your data based on legitimate interest in the employment context.
- Other Lawful Basis.We may also process your data based on another lawful basis such as where the processing is necessary to comply with legal obligations.
How We Use Your Information
When you visit the Site to complete a transaction, we will use your Personal Data in the following manner:
In Connection with Your Transaction
When you visit the Site to complete a transaction, we must process your data to complete the transaction and to comply with our transactional obligations, including processing necessary to:
- ensure security and monitor and prevent fraud;
- determine the country where you are located for trade compliance;
- process your order and payment, verify your tax status, contest chargebacks, determine your eligibility for a line of credit, or to send you transactional notifications;
- provide you with a personalized shopping experience;
- register your purchase with the manufacturer or service provider for warranty, technical support or similar purposes;
- provide you with keys, access codes or other information necessary to access your purchased products and services;
- provide notice of your purchase of a service right to the provider of that service;
- where you have consented, establish an account for future purchases;
- facilitate the renewal of subscriptions for subscription products or services; and
- provide you with an effective experience and support. As allowable by law, this may include contacting you if you start a checkout process to follow-up on the incomplete session or to see if there was a problem with your use of the Site.
Marketing and Related Communications
When you provide Personal Data, we may offer you a choice as to whether you would like to receive further marketing and related communications from us or our Supplier. Where you have consented to receive them in accordance with applicable law, these communications could be in the form of direct mail, e-mail or telephone and will contain information relating to our or our Supplier’s products and services. At any time, you may opt-out of receiving these communications by e-mailing us at remove@digitalriver.com, or by following any unsubscribe instructions in e-mail communications.
Except where otherwise required by law, if you give us consent to add your contact information to our Supplier's mailing list and later withdraw this permission, you must contact our Supplier (or follow the unsubscribe instructions in the e-mails from our Supplier) to have your name removed from our Supplier's mailing lists.
Our Use of Anonymous Information
We may use a process called anonymization to make data collected by us Anonymous Information. In this case, all personal data elements, such as name, street address, phone number, email address, and others will be anonymized in accordance with applicable law. We may use the Anonymous Information to:
- perform fraud prevention activities, such as device fingerprinting;
- personalize and support your use of the Site and/or the services of our Supplier;
- improve the Site, the customer experience, our advertising systems, and our products and services;
- identify transactions as originating through an affiliate marketing or referral program;
- deliver targeted advertisements on the Site and other commerce solutions;
- provide reporting to our current and prospective Suppliers and service providers; and
- conduct other historical or statistical research and analysis.
We may also use De-identified Data for the same purposes as described in this section, as well as for related purposes, as allowed by applicable law.
Other Ways We Use Your Personal Data
We may also use your Personal Data:
- to verify compliance with applicable laws;
- to verify that data we have about you is accurate;
- as identified in any supplemental privacy notice posted on the Site;
- to contact you if you have requested communication from us; and
- for human resources such as to collect your email address if you are applying for a position online.
Joint Use
Digital River may use and jointly share Personal Data with other Digital River entities listed here. The scope of the joint use is explained below.
- Consumer data we collect while providing of our global reseller services, such as name, shipping and billing address, e-mail address, phone number, transaction and payment records, delivery records and other information associated with your consumer account;
- Human Resource data, such as employee data or prospective employee data; and
- Other data we collect when you visit the Site or otherwise utilize our services.
Digital River, Inc., Digital River GmbH, and/or Digital River Ireland Ltd. are responsible for managing Personal Data subject to the joint use.
How We Share Your Information
Digital River will never sell your Personal Data. However, we may share your Personal Data as explained in this section.
We will take reasonable steps to ensure any person or entity receiving Personal Data for the purposes described within this Privacy Policy are obligated to keep the Personal Data secure. If we collect or receive Special Categories of Data and it is necessary for us to transfer that Data to a third party, we will share the details of that entity with you where we are required to do so by applicable law. Our obligations will not apply to information shared with any government entity mandated under law to obtain such information or by an order under law for the time being in force.
External Processing
We utilize other companies, including our corporate affiliates, service providers, and other processors to provide certain services to us (or on our behalf), based on our instructions, and in compliance with appropriate confidentiality and security measures. These service providers provide services globally, including:
- providing fraud monitoring or detection services;
- hosting or maintaining the Site;
- performing data integrity checks;
- providing optimization services;
- processing credit card payments;
- offering you a line of credit;
- collecting payments;
- fulfilling your order;
- delivering advertisements on the Site and third-party websites;
- sending mail or e-mail;
- providing employment and human resources related services; and/or
- providing customer service.
We will not share your Personal Data with our service providers unless it is required for the purposes of our legitimate interests or for fulfilling our obligations to you. These service providers may be contractually required to use any information we share with them only to perform services to us or on our behalf and to protect the confidentiality of your Personal Data. We may also allow these companies to use Anonymous Information for their business purposes. We will not share your Personal Data with our affiliates or unrelated third parties to use for their own marketing purposes without your consent.
With Our Suppliers
We will provide certain Personal Data, Anonymous Information or De-identified Data to our Suppliers to fulfill our obligations to you and to otherwise assist our use as described in the "How We Use Your Information" section, including:
- for reporting purposes;
- fulfilling your order;
- to allow our Supplier or its service provider to register your purchase;
- to enable your access to products or services provided by our Supplier or its suppliers;
- to facilitate warranty, technical support, or after-sales service;
- providing customer service;
- to allow our Supplier or its service provider to provide services in connection with the Site (such as customer support or single sign-on functionality);
- to allow our Supplier or its service provider to send communications if you have consented to receive them; or
- for other similar purposes which are necessary for us to fulfill our obligations to you.
To Comply with Legal Requirements, Prevent Fraud and Crimes
As permitted by applicable law, we may disclose Personal Data about you when we believe disclosure is appropriate to:
- comply with a legal requirement;
- cooperate with law enforcement or other governmental investigations or report any activities that may be in violation of legal or regulatory requirements;
- prevent or investigate a possible crime (such as fraud or identity theft) or breaches (also suspected breaches) of security or of this Privacy Policy;
- protect the legal rights or safety of Digital River, our employees, Suppliers, third parties, the general public, or you.
In connection with a Sale, Merger or Related Event
If one of our corporate affiliates or a third party has acquired our business, specific assets or the business of one of our operating divisions (such as part of a sale, merger, reorganization, or similar event), your Personal Data will become owned by that company, unless otherwise provided for by local legislation. In that event, the acquiring company's use of your Personal Data will be subject to the governing Privacy Policy, any applicable supplemental privacy notices, and the privacy preferences you have expressed to Digital River prior to merger.
Aggregated or De-Identified Data
We may use or share information that has been aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may use or share this information in several ways, including for fraud prevention services or for analytical purposes.
How We Protect Your Information
We will process your Personal Data on secure, cloud-based computer servers. Your commerce transaction will be optimally processed in or near the region from which you initiated your session. This means that the processing of your Personal Data will take place in either the United States and/or Ireland. A copy and/or back-up of your Personal Data may be stored and otherwise processed in our cloud service provider in Ireland in accordance with Digital River’s disaster recovery program.
No method of transmitting or storing data is completely secure, however, we take reasonable steps to provide a level of security appropriate to the sensitivity of the information we collect. We have implemented physical, technical, and administrative security practices and safeguards reasonably designed to protect your Personal Data from unauthorized access and disclosure. When we collect or transmit sensitive information such as a financial account number, we use industry standard methods to protect that information as required by applicable laws. Although we use reasonable measures to protect your information, we cannot guarantee the security of information provided over the Internet or stored in our databases. You are also responsible for taking reasonable steps to protect your information against unauthorized disclosure or misuse, for example, by protecting your password and signing off when finished using a shared computer or mobile device. We leverage industry best practices to mitigate potential compromises. If the Personal Data under the custody of Digital River is (or is likely to be) divulged, damaged or lost, we will immediately take remedial measures, inform you, if impacted, in a timely manner and report to the competent government agencies as required by applicable laws.
Your Rights to Access and Control Your Personal Data
We respect your right to make choices about the ways we collect, use, and share your Personal Data.
- Accessing Your Data. If you would like to review, correct, restrict the processing of, object to direct marketing, or request erasure of your Personal Data, please send us a request using the information in the "How to Contact Us" section of this Privacy Policy.
- Editing and Deleting Data.if there is any error in the Personal Data that you have submitted to us or if you would like to request erasure or deletion of your Personal Data, please contact us using the information in the “How to Contact Us” section of this Privacy Policy and we will take appropriate measures.
- Objecting to Data Use.You have the right to object to our processing of Personal Data for direct marketing purposes. We do not sell your Personal data, nor will we use it for Direct Marketing purposes without your consent.
If you contact us, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide enough information to verify your identity or to satisfy our legal and business requirements as noted in our data retention policy. When we delete your Personal Data or Special Categories of Data, it will be disposed of in a manner that prevents loss, theft, misuse, or unauthorized access in-line with our data retention policy.
You have the right to report to your local Supervisory Authority where you feel as though your rights under data protection legislation have not been appropriately considered. However, before doing so, please contact us directly as we are committed to working with you to help resolve any concerns about your privacy.
Data Retention Policy
Digital River may retain your Personal Data and transactional data for as long as you continue to use the Site, and thereafter as permitted or required by applicable law or to satisfy our business requirements.
Do Not Track Requests
If you opt-out of having your information collected through cookies and other web technologies, your existing display advertising cookie(s) will be deleted and a new cookie will attempt to be placed that instructs service providers not to track your future activities when that cookie is detected (a "no-track" cookie). If your browsers are configured to reject cookies when you visit our opt-out page, a "no-track" cookie cannot be set on your computer. Also, if you subsequently erase "no-track" cookies, use a different computer or change web browsers, you will need to opt out again. We currently do not respond to browser "no-track" signals.
Children's PrivacyChildren's Privacy Policy
Digital River’s services are not directed at nor targeted to children. If you have not reached the age of majority or are not able to enter into legally binding agreements in your country, you may not use the Site unless necessary parental consent has been obtained. If you believe that we have received information from a person protected under child protection laws where necessary parental consent was not obtained, please notify us immediately, and we will take reasonable steps to securely remove that information.
Failure to Provide Personal Data or Grant Consent When Requested
Where we are required to collect Personal Data under the law or in order to perform our contract with you and you fail to provide us with that data when requested, we may not be able to perform our contract with you. Consequently, we may not be able to provide you with the products and/or services you requested. For example, if you fail to provide your address information or if you fail to check the box agreeing to our Terms of Sale and Privacy Policy, we may not be able to complete your order.
Data Controller
All Personal Data collected by visiting the Site is controlled by Digital River, Inc., 10380 Bren Road West, Minnetonka, Minnesota 55343, USA. However, where, another Digital River entity is the global reseller service provider, as identified during the transaction, that entity is the Data Controller for any Personal Data provided to or collected during the transaction:
- Digital River Australia Pty Ltd.
Richard Clayton, 8 Denison Street
South Hobart, Tasmania, AU 7004 Australia - Digital River Do Brasil Importação e Comércio de Produtos de Informática Ltda
Av. Roque Petroni Jr, 1089 - conj. 905 - sala 1
Sao Paulo-SP Brazil
CEP: 04707-900 - Digital River GmbH
Scheidtweiler Strasse 4
Cologne, DE 50933 Germany - Digital River Hong Kong
Unit 908-915, Level 9, Core F, Room 25, Cyberport 3
100 Cyberport Road, HK Hong Kong - Digital River India Private Ltd.
1302, Tower-3, Indiabulls Finance Centre Senapati Bapat Marg, Elphinstone Road
Mumbai Maharashtra 400013 India - Digital River Ireland Ltd.
3rd Floor Kilmore House
Park Lane
Spencer Dock
Dublin 1
Ireland D01 XN99 - Digital River Japan K.K.
Tokyo Club Building 11F 3-2-6 Kasumigaseki Chiyoda-ku
Tokyo 100-0013 Japan - Digital River Korea, Limited
4 Floor 92, Hangang daero Yongsan-gu
(Hangang ro 2 ga, LS Yongsan Tower), Seoul, Republic of Korea - Digital River Mexico, S. de R.L. de C.V.
Avenida Presidente Masaryk 111, Piso 1 Polanco V Seccion, Miguel Hidalgo
Ciudad de Mexico Mexico - Digital River Singapore Pte. Ltd.
35th Floor UOB Plaza 1
80 Raffles Place
Singapore, SG 048624 - Digital River Trading (Shanghai) Co., Ltd. AKA China
Suite 1710 Building A, No. 331, North Caoxi Road
Xuhui District Shanghai 200030 China - Digital River UK Ltd
13th floor
One Angel Court
London
EC2R 7HJ
United Kingdom - DR APAC, LLC., Taiwan Branch
23F, 105, Sec.2 Tun Hwa S. Rd.
Taipei 106 Taiwan, Province Of China - DR globalTech, Inc.
10380 Bren Road West
Minnetonka, MN 55343 - DigRiv North America, Inc.
10380 Bren Road West
Minnetonka, MN 55343 - DigRiv Brasil Ltda
Av. Roque Petroni Jr, 1089 - conj. 905 - sala 3
Sao Paulo-SP Brazil
CEP: 04707-900 - DigRiv Ireland, Ltd 3rd Floor, Kilmore House, Park Lane, Spencer Dock Dublin 1, Ireland
- DigRiv UK Ltd
13th floor
One Angel Court
London
EC2R 7HJ
United Kingdom
Automated Processing
In limited situations, we may use your Personal Data to help us make automated decisions to further improve our business. For example, where you have (if applicable) given consent in the context of marketing, we could use data to segment and target users with personalized messages, or we may use a job title to determine the user’s persona and alter the content accordingly. We may also use that users' geographic location and company data. In some circumstances, for account-based marketing, this could include "likes" that we find in the public domain.
We rely on automated processing in our fraud monitoring tools to help us reduce the amount of manual review necessary to review orders for fraud. We could also rely on automated processing in the context of employment and to ensure our employees are adhering to our internal security policies. You have the right to avoid any decisions based on automated data processing where they can be characterized as profiling. However, we will not be able to process your transaction without using our fraud monitoring tools.
Privacy Policy for European Residents
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, any transfer of your Personal Data outside of that area is protected under Standard Contractual Clauses, or other appropriate data protection safeguards. Your Personal Data may be transferred to Digital River, Inc.'s cloud-based servers in the United States and the processing of your Personal Data in the United States. Your Personal Data may also be transmitted by us to other Digital River entities for the purposes set out in this Privacy Policy, for company administration purposes, and to other third-party data processors. For details of the transmission of your Personal Data to other Digital River entities, please see the "Joint Use" section of this policy.
Exercising Your Legal Rights
If wish to exercise you rights under the data protection legislation, please review the “Your Rights to Access and Control Your Persona Data” to find out how to exercise your rights.
If you need further assistance regarding your rights, please contact our Data Protection Officer, John Murray, Chief Administrative Officer at Digital River, Phone Number: 1 (952) 253-1234, E-mail: privacy@digitalriver.com.
You have the right to report to your local Supervisory Authority where you feel as though your rights under data protection legislation have not been appropriately considered. However, before doing so, please contact us directly as we are committed to working with you to help resolve any concerns about your privacy.
Privacy Policy for California Residents
Your Rights
In addition to the above, California residents have the right to make the following requests with respect to their personal information under the California Consumer Privacy Act (“CCPA”):
- Data Access and Portability. You have the right to request that we disclose certain information to you about the personal information we have collected, used, disclosed, or sold about you in the previous 12 months.
- Deletion. You can request that we delete your personal information that we collected from you to the extent required under the CCPA.
- Disclosure. You have the right to request that we disclose certain information about our collection and use of your Personal Information over the last twelve (12) months, including:
- the categories of personal information we collected about you,
- the categories of sources for the personal information we collected about you,
- our business or commercial purpose for collecting that personal information,
- the categories of third parties with whom we share that personal information,
- the specific pieces of personal information we collected about you (also called a data portability request).
- where there has been a disclosure for a business purpose, identifying the personal information categories that each category of recipient obtained.
To exercise any of your rights under the CCPA, please send us a request using the information in the “Your Rights to Access and Control Your Persona Data” section of this Privacy Policy or by calling (866) 585-3251. We may ask you for additional information to verify your identity and reserve the right to limit or deny your request if you have failed to provide information enough to verify your identity or satisfy our legal and business requirements. We will respond to the e-mail we have on file within forty-five days of your verifiable request.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that you request warrants a fee, we will advise you as to the ground for that decision and provide you with an estimate of the cost before we complete your request.
Our Use and sharing of your Personal Information
As discussed in more detail above, Digital River may disclose your personal information to a third party for a business purpose. However, Digital River will not sell your personal information as that term is defined by the CCPA. When we disclose personal information for a business purpose, we enter a contract that requires the recipient to both keep that personal information confidential and not use it for any purpose except in performance of our contractual commitments.
In the preceding 12 months, Digital River has collected or disclosed the following categories of information. Digital River has not, and does not today, sell personal information:
Category | We Collect | We Disclose | We Sell |
---|---|---|---|
Identifiers | Yes | Yes | No |
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Yes | No | No |
Protected classification characteristics under California or federal law | Yes | No | No |
Internet or other similar network activity | Yes | Yes | No |
Geolocation data | Yes | Yes | No |
Professional or employment-related information | Yes | Yes | No |
California Shine the Light Law
California's "Shine the Light" law (Civil Code Section §1798.83) permits users of the Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@digitalriver.com.
Privacy Policy for Brazilian Residents
Your Rights
If you are located in Brazil, Article 18 of the Brazilian General Data Protection Law (“LGPD”) provides you with certain rights with respect to your Personal Data. You have the right to obtain the following information from the Data Controller:
- confirmation of the existence of processing;
- access to the data;
- correction of incomplete, inaccurate, or outdated data;
- anonymization, blocking, or elimination of unnecessary or excessive data or of data processed in noncompliance with the provisions of the LGPD;
- portability of the data to other service providers or suppliers of products, at your express request, according to the LGPD, and subject to the protection of business and industrial secrets in the process;
- deletion of Personal Data processed with your consent, except in the situations set forth in Article 16 of the LGPD;
- information on the public and private entities with which we have shared data;
- information on the possibility of not providing consent and on the consequences of such denial;
- revocation of the consent, pursuant to the provisions of paragraph 5 of Article 8 of the LGPD; and
You also have the right to review decisions that are based on automated processing of personal data where the decision is carried out exclusively by automated means and affects your interests. In processing your transaction, Digital River does not make decisions using exclusively automated means where the decision would also negatively affect your interests.
Exercising Your Rights
If wish to exercise you rights under the LGPD, please review the “Your Rights to Access and Control Your Persona Data” section for how to exercise your rights.
If you need further assistance regarding your rights, please contact our Data Protection Officer, John Murray, Chief Administrative Officer at Digital River, Phone Number: 1 (952) 253-1234, E-mail: privacy@digitalriver.com.
You have the right to report to your local Supervisory Authority where you feel as though your rights under data protection legislation have not been appropriately considered. However, before doing so, please contact us directly as we are committed to working with you to help resolve any concerns about your privacy.
Privacy Policy for South Korea Residents
By finalizing a sale on the Site, you are consenting to Digital River’s processing of your personal information as described in this Privacy Policy. In processing your personal information, it may be necessary for us to transfer your personal information or consign the processing to the following parties:
Third-Party Provision of Personal Information
Digital River, Inc. and Digital River Ireland Ltd
- Type of Information: Email address, name, IP address, address, phone number, account information
- Purpose: Transaction processing and execution, product registration, account opening, customer support, general product and service marketing, and other accompanying purpose
- Retention Period: As long as you continue to use the Site, and thereafter as permitted or required by applicable law or to satisfy Digital River’s business requirements
The Supplier Whose Name and/or Logo Appears on this Site
- Type of Information: Transaction information, such as email address, name, IP address, address, phone number
- Purpose: Transaction reporting and fulfillment, product registration, warranty and technical support, account opening
- Retention Period: As detailed in Supplier’s privacy policy
You are entitled to withhold your consent to the sharing of data with the above entities by not checking the appropriate boxes during the checkout process. In that event, we will not be able to complete your transaction and will not be able to provide you with products or services.
Consignment of Handling of Personal Information
In processing your transaction or order, Digital River currently consigns processing activities to third parties as follows:
NHN Korea Cyber Payment Co., Ltd
- Type of Information: Billing information such as, email address, name, IP address, address, phone number, account information
- Purpose: Transaction payment processing
- Retention Period: 7 Years
Adyen
- Type of Information: Billing information, such as email address, name, IP address, address, phone number, account information
- Purpose: Transaction payment processing
- Retention Period: 7 years
Cybage Software Pvt Ltd.
- Type of Information: Email address, name, IP address, address, phone number, account information
- Purpose: System development and maintenance
- Retention Period: As long as you continue to use the Site, and thereafter as permitted or required by applicable law or to satisfy Digital River’s business requirements
Sutherland Global Services, Inc.
- Type of Information: Email address, name, IP address, address, phone number, account information
- Purpose: Customer service support
- Retention Period: As long as you continue to use the Site, and thereafter as permitted or required by applicable law or to satisfy Digital River’s business requirements
Notice to Japan Residents
As required under the Japanese data protection law, we have appointed a grievance officer/data protection officer. Digital River Japan K.K.'s Data Protection Officer is: John Murray, Company Representative at Digital River Japan K.K., Phone Number: 03-6770-2741, E-mail: privacy@digitalriver.com.
Changes to This Privacy Policy
We keep this Privacy Policy under review and will post any updates to the Site. Our changes will become effective immediately upon posting. We may also supplement or amend this Privacy Policy by placing other privacy notices on the Site. Such privacy notices will explain how we handle information specific to where that privacy notice appears and should be read together with this Privacy Policy.
A link to our previous privacy policy is included here.
Grievance Officer/Data Protection Officer
As required under certain data protection laws, we have appointed a grievance officer/data protection officer. Digital River’s grievance officer/data protection officer is: John Murray, Chief Administrative Officer at Digital River, Phone Number: 1 (952) 253-1234, E-mail: privacy@digitalriver.com. If you are located in Germany, we will direct you to our external Data Protection Officer.
How to Contact Us
If you have a question about this Privacy Policy or requests related to your Personal Data pursuant to applicable laws, no matter where you are in the world, please email us at privacy@digitalriver.com. If you are located in Germany, we will direct you to our external Data Protection Officer.
i The definition of “Personal Data” is intended to encompass “Personal Information” as defined by the California Consumer Privacy act and should be interpreted as such.