We at Referral Rock (Referral Rock Inc.) are committed to protecting your privacy. This Privacy Policy applies to our website and blog on referralrock.com (Website), our newsletters (Newsletter), and our Subscription Service (the Subscription Services) owned and controlled by Referral Rock. This Privacy Policy governs our data collection, processing and usage practices. It also describes your choices regarding use, access and correction of your personal information.
By using the Website, Newsletter, or the Subscription Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the data practices described in this Privacy Policy, you should not use the Website, Newsletter, or the Subscription Service.
We periodically update this Privacy Policy. If you subscribe to the Subscription Service, then you will receive notice when this Privacy Policy is modified. We encourage you to review this Privacy Policy periodically.
This Privacy Policy has been compiled to better serve those who are concerned with how their "Personally Identifiable Information" (PII) is being used online. PII is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our Privacy Policy carefully to get a clear understanding of how we collect, use, protect, or otherwise handle your PII in accordance with our website.
Please be aware that this Privacy Policy does not govern all the information Referral Rock may process. Our commitment to customers and service providers is governed by a separate Data Processing Agreement.
Our commitments to employees are governed by our internal employment policies.
In all instances, we are committed to transparency with our customers, employees, and protecting your data privacy.
If you require any more information or have any questions about our Privacy Policy or our treatment of the information you provide us, please contact us using the information below.
Referral Rock Inc.
950 N Washington, Suite 404
Alexandria, VA 22314
What “personal information” do we collect from the people that visit our Blog, Newsletter, Website, or App?
When you sign up for and use the Subscription Services, consult with our sales or customer success team, send us an email, post on our Blog, integrate the Subscription Services with another website or service (for example, when you choose to connect your ecommerce account with Referral Rock), or communicate with us in any way, you are voluntarily giving us information about yourself and your Contacts. That information may include name, email address, IP address, phone number, credit card information, demographic information, and other information about yourself, your Contacts, or your business. By giving us this information, you consent to this information being collected, used, disclosed, transferred to the United States and stored by us, as described in this Privacy Policy and our Terms of Service.
We collect and process payment information from you when you subscribe to the Subscription Service, including credit card numbers and billing information, using third party PCI-compliant service providers. Except for this, we do not collect sensitive information from you.
The Websites are not intended or targeted for children under 16, and we do not knowingly or intentionally collect information about children under 16. If you believe we have collected information about a child under 16, please contact us at privacy@referralroack.com, so we may delete the information.
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under 13.
This refers to information about your computer and your visits, such as your IP address, geographical location, browser type, referral source, length of visit, pages viewed, emails opened, or other computer/visit based information.
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow), which enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information.
For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences, based on previous or current site activity, which enables us to provide you with improved services.
We also use cookies to help us compile aggregate data about site traffic and site interaction so we can offer better site experiences and tools in the future.
We use cookies to:
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (e.g., Chrome, Internet Explorer) settings. Each browser is a little different, so look at your browser’s help menu to learn the correct way to modify your cookies.
If users disable cookies in their browser:
If you disable cookies on your browser, some features will be disabled. It will turn off some of the features that make your site experience more efficient, and some of our services will not function properly, including tracking of referrals and access to some administration features.
We do not include or offer third-party products or services on our website.
Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users.
We use Google AdSense Advertising on our website.
Google, as a third-party vendor, uses cookies to serve ads on our site. Google's use of the DART cookie enables it to serve ads to our users, based on their visit to our site and other sites on the Internet. Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy.
We have implemented the following:
We, along with third-party vendors like Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions, and other ad service functions as they relate to our website.
Opting out:
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out Page or permanently using the Google Analytics Opt Out Browser Add-On.
We honor Do Not Track (DNT) signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place.
Referral Rock is ISO/IEC 27001 and SOC II Type 2 Certified through our third-party systems, including:
Third-Party Data Protection Agreements available upon request.
We will never sell your personal information to any third party.
We may use the information we collect from you when you register, make a purchase, sign up for our Newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
We use navigational information to operate and improve the Websites, Newsletters, and the Subscription Service. We may also use navigational information alone or in combination with personal information to provide you with personalized information about Referral Rock.
Demographic information collected in your account for your referral programs are for your use only. This includes, but is not exclusive to, member and referral demographic information, such as name, email address, IP address (for tracking purposes), and any other custom fields you set in the software. Referral Rock doesn’t contact, share, distribute, sell, or otherwise use account data in any way outside of the built in functionality within the software. It is only accessible by the Referral Rock team for troubleshooting and support purposes.
If you give us credit card information, we use it solely to check your financial qualifications and collect payment from you. We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use information you provide, except for the sole purpose of credit card processing on our behalf.
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website, stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. See more at http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf
According to CalOPPA, we agree to the following:
Your personal information is contained behind secured networks, and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
We retain personal information you provide us as long as we consider it potentially useful in contacting you about the Subscription Service or our other services, or as needed to comply with our legal obligations, resolve disputes, and enforce our agreements, and then we securely delete the information. We will delete this information from the servers at an earlier date if you so request, as described in "Opting Out and Unsubscribing" below.
The Fair Information Practices Principles form the backbone of privacy law in the United States, and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
If a security breach causes an unauthorized intrusion into our system that materially affects you, then Referral Rock will notify you via email within 72 hours (as compliant with both the Fair Information Practices and the General Data Protection Regulation). For more information, see our GDPR page.
We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
To facilitate our global operations, we may transfer and access personal information from around the world, including the United States. This Privacy Policy shall apply even if we transfer personal information to other countries.
Upon request, Referral Rock will provide you with information about whether we hold any of your personal information. If you provide us with your personal information, you have the following rights with respect to that information:
To exercise any of these rights, please contact us at privacy@referralrock.com. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.
The above rights are compliant with the GDPR rulings of right to be forgotten, right to data portability, right of modification, and withdrawal of consent. For more information, see our GDPR page.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
If you need further assistance regarding your rights, please contact us using the contact information provided above, and we will consider your request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
Spam is often in the eye of the beholder. If you ask ten different people for a definition of spam, you'll probably get ten different answers. So here’s our best explanation:
We won’t send unsolicited bulk email, for commercial or non-commercial purposes. Unsolicited bulk email is defined as email sent to more than 10 individuals with whom we do not have a prior business relationship. All of our bulk emails will have an opt-out mechanism and other required information.
Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical, or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information” of the Disclosing Party).
Proprietary Information includes, without limitation, trade secrets, know-how, including software and documentation thereto, marketing, sales, operating, performance, costs, and customer lists, in any form, tangible or intangible. Proprietary information of Referral Rock includes non-public information regarding features, functionality, and performance of the Service. Proprietary Information of the Customer includes non-public data provided by Customer to Referral Rock to enable the provision of the Services (“Customer Data”).
The Receiving Party agrees: (i) to take reasonable precautions to protect such Proprietary Information, and (ii) not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Proprietary Information. The Disclosing Party agrees that the foregoing shall not apply with respect to any information that the Receiving Party can document: (a) is or becomes generally available to the public, or (b) was in its possession or known by the Receiving Party prior to receipt from the Disclosing Party, as evidenced by the Receiving Party’s written records, or (c) was rightfully disclosed to the Receiving Party without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party.
If the Receiving Party is required by applicable law or requested (by legal process, civil investigative demand or similar process) to disclose any of the Disclosing Party’s Proprietary Information, the Receiving Party shall notify the Disclosing Party immediately of such requirement so that the Disclosing Party may seek an appropriate protective order or waive compliance with the confidentiality covenants in this Agreement. Any such disclosure by the Receiving Party pursuant to the preceding sentence shall be limited to the extent required by applicable law, or order, subpoena, regulatory requirement, or litigation disclosure, and the Receiving Party shall reasonably cooperate with the Disclosing Party in any effort made by the Disclosing Party to seek a protective order or other appropriate protection of the Disclosing Party’s Proprietary Information.
Customer shall own all right, title, and interest in and to the Customer Data. Referral Rock shall own and retain all right, title, and interest in and to: (a) the Services and Software, all improvements, enhancements or modifications thereto, (b) any software, applications, inventions or other technology developed in connection with Implementation Services or support, and (c) all intellectual property rights related to any of the foregoing.
Notwithstanding anything to the contrary, Referral Rock shall have the right to collect and analyze data and other information relating to the provision, use, and performance of various aspects of the Services and related systems and technologies (including, without limitation, anonymized, aggregate information derived from Customer Data), and Referral Rock will be free (during and after the term hereof) to use such information and data solely to improve and enhance the Services and for other diagnostic and corrective purposes in connection with the Services. No rights or licenses are granted except as expressly set forth herein.