- Merchants using our Services;
- Shoppers on a Merchant’s ecommerce platform; or
- Website visitors.
We also provide notices specific to residents of California, the European Union, and Canada. If you have questions about our privacy practices or would like to make a complaint, please contact us at [email protected].
2. PERSONAL INFORMATION
When we say, “Personal Information,” we mean information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual consumer or device, such as:
- Identifiers (e.g., name, address, telephone number, email address, username);
- Sensitive Personal Information (e.g., birthdate, government ID, health information);
- Protected classification information (e.g., race, citizenship, marital status, medical condition, sex, sexual orientation, veteran or military status);
- Biometric information (e.g., voice, keystrokes, behavioral or biological characteristics);
- Internet or other similar activity (e.g., geolocation, browsing history);
- Employment-related information (e.g., current or past employment);
- Non-public educational information, including information protected under FERPA; or
- Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies).
Personal Information does not include (a) publicly available information (b) aggregated information, meaning data about a group or category of services or users from which individual identities and other Personal Information has been removed; or (c) deidentified information that cannot be easily linked back to the individual.
3. COLLECTION AND USE OF PERSONAL INFORMATION
Rally’s collection and use of your Personal Information depends on how you use our Services, whether as a Shopper, Merchant, or website visitor. We collect Personal Information (a) with your consent, (b) in our role as a service provider to a Merchant, (c) if we have a legitimate interest in doing so, or (d) as authorized or required by law. We only collect, use, retain or disclose Personal Information as reasonably necessary and proportionate to achieve our purposes, or for other purposes that we disclose to you and are compatible with the context of how we collected the Personal Information.
- Categories. During the preceding 12 months, we have collected these categories of Personal Information:
- Commercial information
- Employment-related information
- Internet or other similar activity
- Sources of Collection. We collect Personal Information from these sources:
- Directly from Shoppers at Checkout, with consent. When you make a purchase as a Shopper with a Merchant that uses our Checkout, we collect identifiers like your name, email address, mobile phone number, and shipping address. Rally uses a payment processor collect and process your payment information. If you opt-in to save your shipping and payment information for future purchases, Rally stores your identifiers and a tokenized version of your payment information (your “Saved Information”) for authentication purposes and to enable one-click checkout the next time you shop with a Merchant. We collect this information with your consent, and we use it to facilitate your use of the Checkout and to provide Merchants with our Services.
- Indirectly when a Shopper uses the Checkout, with a legitimate interest. When you shop with one of our Merchants, the Checkout places a token on your device that collects commercial information about the products in your shopping cart to offer you tailored product recommendations. If you choose to add a recommended product to your purchase, the Checkout will add the purchase to your order and then direct you to the next step in the Checkout process. Rally collects and uses this information to achieve our legitimate interest of providing and improving the Services to Merchants and Shoppers.
- From Merchants about their Shoppers, in our role as a service provider. Merchants that collect technical information about their Shoppers’ online activities may share that information with Rally. We may combine this information with other data to gather feedback about the Checkout and to run reports on behalf of our Merchants. We only use this information in our capacity as a service provider to the Merchant and as permitted by law. Note that Merchants may use this information to provide their Shoppers with interest-based (behavioral) advertising or other targeted content. Rally is not responsible for the privacy practices of any of Merchants or any third party. If you have any questions about a third-party advertisement or targeted content, you should contact the third party directly.
- Directly from Merchants that sign up for Services, with consent. When you install and use the Checkout as a Merchant, you must create an account with Rally or link Rally to your existing merchant account with one of our affiliated payment processors. Rally will collect identifiers like your name, address, and email address, as well as your employment information like your company name and store URL. If you contact us through our website, by email or other means, we will collect your contact information and any other information you choose to share with us. We may keep a record of our correspondence with you. If you complete a survey, we will collect your responses. We collect this information with your consent, and we use it to provide you with the Checkout and facilitate your use of our Services for your ecommerce platform.
- From third parties, with a legitimate interest. Advertisers, analytics companies, or your mobile service provider may provide Rally with publicly or commercially available information related to your internet or similar activities across different websites, applications, and other online services. We collect, use, and maintain copies of this information for our marketing purposes and in accordance with applicable law. If you have any questions about a third-party advertisement or other targeted content, please contact the third party directly.
- Other Uses. In addition to the specific uses above, we might also use your Personal Information to:
- Monitor your compliance with any of your agreements with us.
- Identify, contact, or bring legal action against persons or entities who may be causing injury to you, to Rally, or to others, if we believe it is necessary.
- Comply with a law, regulation, legal process, or court order.
- Fulfill any other purpose to which you consent.
Rally will not collect additional categories of Personal Information or use your Personal Information for purposes that are incompatible with the purpose stated at the time of collection without first notifying you, either by updating this Privacy Notice or through other means.
- Children’s Privacy. Our Services are not intended for children under 16 years of age. Rally does not knowingly collect Personal Information from children under 16 without verification of parent or guardian consent. If we discover that a child under 16 has provided us with Personal Information without parent or guardian consent, we will delete such information from our systems. If you believe Rally might have any information from or about a child under 16, please contact us at [email protected]. RALLY IS NOT RESPONSIBLE A MERCHANT OR THIRD PARTY’S COLLECTION OR USE OF PERSONAL INFORMATION FROM A CHILD UNDER 16.
- Rally Is Not A Payment Processor. The Checkout does not collect or store payment information, process payments or receive, transmit, or otherwise handle or process any funds. Rally uses a PCI-DSS compliant payment processor to collect and store all payment information and to process all purchases that take place on through Checkout.
4. RETENTION OF PERSONAL INFORMATION
Rally retains Personal Information as long as you use our Services or as necessary to fulfill the purposes for which it was collected. If you are a Shopper, we will retain your Personal Information until you ask us to delete it. We retain data associated with a Merchant as long as the Merchant uses the Checkout on their ecommerce platform. Rally may retain Personal Information for longer periods if needed to resolve a dispute, conduct audits, enforce our agreements, or comply with applicable laws. We reserve the right to delete, anonymize, or aggregate Personal Information on our systems at any time as we deem necessary for our business purposes.
5. DISCLOSURE OF PERSONAL INFORMATION
- Categories. In the preceding 12 months, Rally has disclosed all of the categories of Personal Information collected for one or more business purposes.
- Recipients. Rally may disclose Personal Information for a business purpose to the following:
- Service Providers. Our service providers like analytics companies, data and hosting providers, and payment processors may have access to your Personal Information while they are performing their contractual obligations. The type of information that we disclose to a service provider will depend on the service that they provide to us. We prohibit our service providers from selling or sharing your Personal Information, and we require our service providers to maintain confidentiality standards that are commercially reasonable to ensure the security of your Personal Information.
- Law enforcement or other government agencies, as legally permitted or required.
- Other Third Parties, as permitted by applicable law, for example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate in order to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.
- Aggregated and Deidentified Information. We reserve the right to share aggregate, anonymized, or deidentified information about any individuals with nonaffiliated entities for marketing, advertising, research or other purposes, without restriction.
6. YOUR PRIVACY RIGHTS
Rally provides you with a variety methods and options to control how we collect and use your Personal Information. Depending on where you reside, you may have additional privacy rights or be entitled to additional controls over your Personal Information. Please see our supplemental notices specific to residents of California, the European Union, and Canada.
- Saved Checkout Information. You can access, correct, or update your saved Checkout information by editing your payment or shipping information the next time you make a purchase with a Merchant. To delete your saved Checkout information, contact us at [email protected]. Rally may retain cached or archived copies of information about you for up to two months, or for other periods as required by law or for legitimate business purposes.
- Texting Consent. By providing us with your wireless phone number, you consent to Rally sending you text messages for authentication and informational purposes. The number of texts that we send to you will be based the number of purchases you make using the Checkout. You can unsubscribe from text messages by replying STOP or UNSUBSCRIBE to any of these text messages, but this may impact our ability to authenticate you for future purchases. Messaging and data charges may apply to any text message you receive or send. Please contact your wireless carrier if you have questions.
- Email Communications. By providing your email address when you opt-in to save your Checkout information for future purchases, you consent to Rally sending you authentication emails related to your future purchases with Merchants. Additionally, with your consent we may send you promotional emails about Rally or alert you of service changes via our product support system. If you do not wish to receive emails from us, you may change your preferences via the links provided in the emails or by sending a request to [email protected] to be removed from our email list. Note that if you opt-out of marketing communications, we may still send you authentication or non-promotional communications related to your use of the Services.
- Limited Sensitive Personal Information. Rally does not knowingly collect any Sensitive Personal Information, and in no case will we use or disclose any Sensitive Personal Information for the purpose of inferring characteristics about you. If this ever changes in the future, we will update this Privacy Notice and provide you with methods to limit use and disclosure of Sensitive Personal Information.
- No Sale or Sharing with Third Parties. Rally does not sell your Personal Information or share your Personal Information with third parties for cross-contextual advertising purposes. If this ever changes in the future, we will update this posting and provide you with methods to opt-out of such sale and sharing.
- Other Requests. If you wish to exercise your privacy rights beyond the methods described above, or if you want to express concerns, lodge a complaint, or request information, please submit a request via our Consumer Privacy Request form or by email to [email protected]. We can only fulfill a request when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Information, and to properly understand, evaluate, and respond to the request. We endeavor to respond to Consumer Privacy Requests in accordance with the requirements of the law applicable to your jurisdiction, subject to statutory exceptions and limitations. We do not charge a fee to process or respond to a verifiable request unless we have legal grounds to do so. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
7. CONSENT TO CROSS-BORDER DATA TRANSFERS
8. CALIFORNIA PRIVACY RIGHTS
This section provides residents of the State of California (“California Consumers”) with the disclosures and notices required under the California Consumer Privacy Act of 2018 (“CCPA”). The following paragraphs apply solely to California Consumers and describe the specific rights afforded under the CCPA. If you are a Merchant, some of the Personal Information we collect about you is in a business-to-business context when you are acting as an employee to a Merchant in the performance of your job duties or in our role as a service provider to the Merchant. Please note that Personal Information collected and used in this context is not protected Personal Information under the CCPA. Without limiting the foregoing, California Consumers have the following rights under the CCPA:
- Right to Disclosure. You have the right to request that we disclose information to you about our collection and use of your Personal Information over the past 12 months, such as (a) the categories of Personal Information we have collected about you; (b) the categories of sources for the Personal Information we have collected about you; (c) our business purpose for collecting or selling that Personal Information; and (d) the categories of third parties with whom we disclose that Personal Information. Additionally, if Rally ever sells or shares your Personal Information for cross-contextual behavioral advertising purposes, you would have the right to request two separate lists stating sales, identifying the Personal Information categories that each category of recipient purchased. Rally is only required to respond to two disclosure requests within a 12-month period.
- Right to Access. You have the right to request that we provide you with access to specific pieces of Personal Information we have collected about you over the past 12 months (also called a data portability request). If you submit a right to access request, we will provide you with copies of the requested Personal Information in a portable and readily usable format. Please note that Rally may be prohibited by law from disclosing copies of certain Personal Information when the disclosure would create a substantial, articulable, and unreasonable risk to the security of the information, our systems, or your account. We are only required by law to respond to two access requests from you within a 12-month period.
- Right to Correct. If you discover that we maintain inaccurate Personal Information about you, or if your Personal Information changes, please inform us and we will update our records to reflect the correct information.
- Right to Deletion. You have the right to request that we delete Personal Information that we collected from you and retained, with certain exceptions. Rally may permanently delete, deidentify, or aggregate the Personal Information in response to a request for deletion. If you submit a right to deletion request, we will confirm the Personal Information to be deleted prior to its deletion, and we will notify you when your request is complete.
- Right to Nondiscrimination. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by law, we will not: (a) deny you goods or services; (b) charge you different prices or rates for goods or services; (c) provide you a different level or quality of goods or services; or (d) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under the CCPA.
- Right to Disclosure of Marketing Information. Under California’s Shine the Light Act (Ca. Civ. Code § 1798.83-1798.84), California Consumers are entitled to request certain disclosures about Personal Information sharing with affiliates and/or third parties for marketing purposes. Please contact us if you wish to obtain these disclosures.
California Consumers may exercise the following rights over their Personal Information, subject to our receipt of a verifiable request via our Consumer Privacy Request form or email at [email protected] and any exceptions and limitations that may apply. Note that if we process your Personal Information in our capacity as a service provider, then we cannot fulfill your request directly. In that case, we will relay your request to the appropriate Merchant for further processing and fulfillment.
9. EUROPEAN UNION PRIVACY RIGHTS
We adopted this section to comply with the European Union’s General Data Protection Regulations (“GDPR”). This section applies solely to residents of the European Union (“EU Residents”). Rally offers the Checkout to Merchants offering products or services to EU Residents in our role as a data processor. If you are an EU Resident, you have the following rights in relation to the Personal Information we hold about you:
- Right to access your Personal Information. You can request to access your Personal Information. Upon request, we will provide you with a copy of your Personal Information, along with details about the types of Personal Information we process, why we process it, and any third parties we work with to collect Personal Information on our behalf. We may have one or more legally valid reasons to refuse your request in whole or in part, for example in order to protect the rights of other individuals.
- Right to restrict processing of your Personal Information. You can request that we restrict the processing of your Personal Information if (a) the data is inaccurate, (b) the processing is unlawful, (c) we no longer need the Personal Information, or (d) you exercise your right to object.
- Right to rectify your Personal Information. If you become aware that the Personal Information that we hold about you is incorrect, or if your situation changes (e.g., you change address), please inform us and we will update our records.
- Right to data portability. In some circumstances, we are required to provide your Personal Information to another organization at your request and in a structured, commonly used machine-readable format, so that the other organization can read and use it.
- Right to erasure (a.k.a. the “right to be forgotten”). Upon your request, and in certain circumstances and where we are required to do so by law, we are required to delete your Personal Information. This right is not absolute, and we may be entitled to retain and process your Personal Information despite your request. If you make this request, we balance certain legal, contractual and business interests against your right to request the deletion of your Personal Information.
- Right to object to certain processing of your Personal Information. Upon your request, and in certain circumstances and where we are required to do so by law, we will limit our processing of your Personal Information as you request.
- Right to not be subject to automated decision-making (“ADM”). A key feature of the Solution is offering Shoppers tailored recommendations for additional or future purchases at the Merchant’s checkout. The Checkout uses ADM to generate these tailored recommendations based on the Shopper’s internet activities and commercial information. The exact logic of the ADM may change from time to time based on the machine learning model employed. Rally uses ADM in this manner based on our legitimate interest to support Merchants’ efforts to increase sales and to provide Shoppers with a tailored experience. The Checkout only collects the minimum Personal Information needed for this feature to function. You have rights over your Personal Information processed using ADM. If you wish to opt-out of ADM, you have the option of deleting and blocking the token from your browser.
EU Residents may exercise the following rights over their Personal Information, subject to our receipt of a verifiable request via our Consumer Privacy Request form or email at [email protected] and any exceptions and limitations that may apply.
10. CANADIAN PRIVACY RIGHTS
We adopted this section to provide supplemental information in compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). This section applies solely to residents of Canada where PIPEDA applies (“Canadian Consumers”). PIPEDA gives Canadian Consumers specific rights regarding Personal Information offering details on an identifiable person without the inclusion of name, title, telephone number and business address of an employee of a business or organization. The following paragraphs describe PIPEDA rights and explain how to exercise those rights.
- Right to accuracy of your Personal Information. We take steps to reasonably ensure that your Personal Information we are using is accurate. In most cases, we rely on you to ensure that your information is current, complete, and accurate. We provide methods for you to correct, update, and delete inaccurate Personal Information in your account, and we will provide you with reasonable assistance to ensure that your Personal Information is accurate in our systems and with our service providers.
- Right to access your Personal Information. Upon written request and identity authentication, we will provide you with your Personal Information under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within 30 days or provide written notice where additional time is required to fulfil the request. If limited by law or potential infringement on another’s privacy rights, we may not be able to provide access to some or all of the Personal Information you request. If we must refuse an access request, we will notify you in writing, document the reasons for refusal and outline further steps that are available to you.
Canadian Consumers may exercise the following rights over their Personal Information, subject to our receipt of a verifiable request via our Consumer Privacy Request form or email at [email protected] and any exceptions and limitations that may apply.
Cookies are small text files downloaded and stored on your computer or mobile device when you visit or use an online platform. Cookies help the platform recognize your device, store your preferences, or perform certain functions for the platform. Cookies are generally used for functionality, security, analytics, or advertising. Some cookies are strictly necessary to the function of the website or other platform, while others enable certain features.
Rally uses a functionality cookie called rally_pay_authenticated during the checkout process on the App. The cookie verifies and authenticates a Shopper’s device for shipping and billing data.
12. DATA SECURITY
Rally uses reasonable and appropriate security procedures and practices to help protect your Personal Information from unauthorized or illegal access, destruction, use, modification, or disclosure. Rally uses technical safeguards like two-factor authentication, password management, SSL Certificates, VPN, secure access, and encryption in transit and at rest to protect data on our systems. We ensure that Rally employees, contractors, and agents responsible for handling user inquiries are informed of applicable privacy law requirements and we restrict access to those who need that information to process it. We also require contractors and third parties that work with us to adhere to strict privacy standards. Please note, however, that no transmission of data over the Internet or mobile platforms is 100% secure, and we cannot guarantee that unauthorized third parties will not defeat our security measures or use your Personal Information for improper purposes.
13. THIRD PARTY WEBSITES