RAY ALLEN, Inc. Privacy Policy

Effective Date: May 2024

Introduction

We are RAY ALLEN, Inc. (“we” or “us” or “our” or “RAI”), a global leader in IT Asset Management. RAI helps companies leverage asset information as well as real-time market data to drive efficiencies through customized management across environments and technologies. Our software and services help enterprises connect, analyze, and manage their global IT environment in new efficient methodologies with proven results.

For more information about our services, please refer to our website: https://rayalleninc.com/

This site is owned and operated by RAI, headquartered in Chicago, IL. RAI has a designated data protection officer who is available to answer questions and concerns related to the privacy and protection of your data. The RAI Data Protection Officer (“DPO”) is Greg Bjorkquist, who can be contacted via the contact information listed at the end of this policy in the Contact Us section.

RAI takes privacy seriously and understands the importance of the security of the personal data of our users (“user” or “you”).

This Privacy Policy is applicable as related to our services, which collectively include:

• the use of rayalleninc.com (“our website” or “site”)
• social media messages and marketing campaigns

This Privacy Policy sets out the essential details relating to your personal data relationships with RAI as:

• Website visitor;
• Prospective client;
• Job applicant and;
• A partner, vendor, consultant, or contractor.

As defined by the GDPR, RAI adheres to the following data privacy and protection principles:

• Lawfulness, fairness, and transparency
• Purpose Limitation
• Data Minimization
• Accuracy
• Storage Limitation
• Integrity and confidentiality (security)
• Accountability

We want to ensure that when visiting our website you understand what data is collected and how it may be used or tracked. Please read this policy statement carefully. By reading this statement, you are accepting the terms and conditions of this policy, as outlined herein, upon your first visit to our site. If after reading this policy statement you do not accept the terms and conditions as outlined, we request that you discontinue use of our site.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, including any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively, the “Site”).

To Which Site(s) Does This Policy Apply?

Our site may contain links to external websites, however, this Privacy Policy only applies to our website.

Should you click on a link while visiting our site that takes you to a site external to rayalleninc.com, please be aware that we are not responsible for the privacy practices of such other resources or third parties. Please be sure to review the Privacy Policy published for that website.

Definitions

Personal Data

Personal Data, also referred to as Personal Information, is considered any identifying information that can be used to identify an individual, and may include, but is not limited to: name, email address, postal or other physical address, title, company, and other information required in order for us to provide information or a service that you have requested.

Non-Personal Data

Non-personal data is considered data other than personal data, such as anonymous data.

Personal Data Processing

Processing of any personal data refers to any operation or operations that may be performed on this type of data. This may include operations, manual or automated, such as collecting, recording, organizing, storing, or using data.

Data Protection Officer

A Data Protection Officer, or DPO, is an enterprise leadership role focused on the security of data and information. As required by the General Data Protection Regulation (GDPR), a DPO is responsible for overseeing the data protection strategy and its implementation throughout the entire organization to ensure compliance with GDPR requirements

Cookie

A cookie is a small string of data stored on a device (computer, mobile, tablet) that a site visitor uses to access the site.

General Data Protection Regulation

Also referred to as “GDPR,” is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU).

What Information Do We Collect?

We collect any personal information you choose to supply to us. In general, navigating through our site will not result in the collection of any personal data.

We may ask you to provide personal information when:

• You use the website to download articles, datasheets, or eBooks.
• You request a free trial or demo of products.
• You refer a potential client or other people to us.
• You connect with us directly via phone calls, email, or video conferencing platforms.
• You participate in a marketing/sales promotion.
• You attend trade events and other industry networking events.
• You register or attend a webinar or other event.
• You participate in programs we may offer from time to time.
• You participate in chats.
• You pay for our services.

If you choose to provide us with a third party’s personal information (the person’s name, email, and company) when referring a potential client or other people, you represent that you have the permission of the third party.

RAI is the sole owner of the information collected on this site. We only have access to/collect information that you voluntarily give us via online forms on our site, email, or any other direct contact from you such as through telephone and mailing address. The personal information that we collect may include first and last name, business email address, phone number, and/or company name.

Our site may also collect non-identifying information, or non-personal information, while you use this site through cookies and similar tracking technology (for further information about the types of cookies, refer to the Do We Use Cookies? section of this policy). This data is used to help us understand how the site is being used and to identify patterns or trends in usage. Such information may be analyzed internally in order for us to update and maintain the site for a better overall user experience. Note that this type of information can in no way be tied to any individual. The types of non-identifying information collected may include:

Derivative Data

Information our servers automatically collect when you access the site, such as IP address, browser type, operating system, your access times, and the pages you have viewed directly before and after accessing the Site. This information may be collected via use of a “web beacon” or a hidden pixel image/object embedded on a page to collect various derivative data and communicate with analytical software such as Google Analytics.

Mobile Device Data

Device information, such as your mobile device ID, model, and manufacturer, and information about the location of your device, if you access the Site from a mobile device.

Do We Use Cookies?

Yes, our site does incorporate the use of cookies.

The use of cookies on our site helps us to improve user experience and content. Usage of a cookie is in no way linked to any personally identifiable information on our site. Users who wish not to have cookies placed on the device(s) used to access this site should change individual browser settings to refuse or block site web cookies. Be aware that refusing or blocking web cookies may negatively impact site functionality.

Please refer to the RAY ALLEN, Inc. Cookie Notice for further details on cookies in use on this site. Click here.

Do Not Track Signals

Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from consumers who use or visit a website or online service as they move across different websites over time. How browsers communicate the Do Not Track signal is not yet uniform.

As a result, our website is not yet set up to interpret or respond to Do Not Track signals communicated by your browser. Even so, as described in more detail throughout this Privacy Policy, we limit our use and collection of your Personal Information. For a description of Do Not Track protocols for browsers and mobile devices or to learn more about the choices available to you, visit internetcookies.com.

How Do We Use Information Collected?

We will use any personal information you provide to:

• Respond to you regarding the reason you contacted us (e.g. request for more information about a specific product or service).
• Communicate with you directly through emails, calls, chats, and video conferencing.
• (Unless we are specifically asked not to) Contact you via email in the future about items that may be of interest to you such as additional service offerings or changes to our terms and policies.
• Track Site traffic analytics to improve user experience and maximize usage of our services.
• Create and manage marketing campaigns.
• Enforce our website terms and/or separate contracts (if applicable) with you.
• As required by law or for legal purposes, such as subpoena or court order.

If RAI needs to use personal information for an unrelated or new/secondary purpose, RAI. will notify the appropriate individual and obtain their consent for the new purpose or rely on another prescribed exception under the applicable privacy legislation for the use or disclosure. Where consent is used as the basis for the secondary use or disclosure, individuals have the right to withdraw their consent at any time. Where the secondary use or disclosure includes sensitive information, RAI will take reasonable steps to ensure that the information is de-identified before it is disclosed or used. 

Setting Marketing Communications Preferences

Unsubscribe

You may choose to receive or not receive marketing communications from us. Please click the “Unsubscribe” link in the email we sent you to stop receiving marketing communications. 

Cookie Control

You may choose which information we collect automatically from your device by controlling cookie settings on your browser or by selecting your preferences through our Cookie Policy.    

Contact Us

To speak to someone about unsubscribing from RAI communication(s), contact us via the contact information listed at the end of this policy in the Contact Us section.

Note: Even if you unsubscribe or opt-out of receiving marketing communications, we may still communicate with you regarding security and privacy issues, servicing your account, fulfilling your requests, or administering any promotion or any program in which you may have elected to participate. 

Who Is This Information Shared With?

RAI does not share your information with any unaffiliated third party outside of our organization, unless necessary for us to fulfill your request, in which case you will first be notified. We do not sell or rent this information to anyone.

Data Analytics

RAI utilizes third-party service provider analytic tools that use persistent cookies, web beacons, or other similar information-gathering technologies to collect standard internet activity and usage information. The information gathered is used to compile statistical reports on a user’s activity such as how often users visit our website, what pages they visit and for how long, etc. We use the information obtained from these analytic tools to monitor the performance and improve our website. Third-party service providers we use include:

• Google Analytics:
• HubSpot:

You can read more about how Google collects and processes information about you and you can prevent Google from recording and processing data on your use of our websites and storing this information in a cookie. You can read more on HubSpot’s Privacy and Cookie Policy.

Legal Disclosures

It is possible that we may need to disclose personal information when required by law, subpoena, or other legal processes as identified in the applicable legislation. We attempt to notify our clients about legal demands for their personal data when appropriate in our judgment unless prohibited by law or court order or when the request is an emergency.

Change in Control

We may also share your personal data as part of a sale, merger, change in control, or in preparation for any of these events. Any other entity that buys us or part of our business will have the right to continue to use your data, but only in the manner set out in this Privacy Policy. You have the right to withdraw your consent at any time.

Email Marketing and Form Submissions

We use third-party services to handle our form submissions and electronic newsletter to which you may voluntarily subscribe at any time. Your personal information and any other information you submit is stored securely by our third-party service providers and maintained in accordance with applicable laws and regulations.

Third-party service provider(s) we use include:

• HubSpot

We require just basic information from our electronic newsletter subscribers and form submitters which include the following:

• Name
• Email Address
• Phone Number
• Company Name

By subscribing to our electronic newsletter or submitting a form, you agree to receipt of emails. Email addresses of our subscribers, as well as the contact data described above, are stored on HubSpot servers. You can read more on HubSpot’s Privacy Policy.

We track the performance of our forms and emails using metrics provided by HubSpot.

Individuals who provide optional information may also be contacted by telephone. We do not share this personal information with anyone outside of RAI staff or its authorized agents (which includes HubSpot). Only RAI staff and our authorized agents have access to personally identifiable information provided by visitors to our site and subscribers to our emails.

In compliance with the CAN-SPAM Act, all emails sent from us will clearly state who the email is from and provide clear information on how to contact the sender. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us.

How Do We Secure Your Information?

When you submit sensitive information via our website, your information is protected both online and offline.

Personal information collected via our website (submission through Contact page) is encrypted and transmitted to us securely. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (e.g., Sales) are granted access to personally identifiable information. Any RAI internal servers in which we may store personally identifiable information are kept in a secure environment and not accessible to any third parties.

How Long Is This Information Retained?

We retain your Personal Information for as long as it is reasonably necessary to provide you with our services and offerings and to maintain and expand our relationship; to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes all in accordance with applicable laws and regulations.

Please note that except as required by applicable law or our specific agreements with you, we will not be obligated to retain your personal data for any particular period, and we are free to securely delete it or restrict access to it for any reason and at any time, with or without notice to you. If you have any questions about our data retention policy, please contact us.

What Are Your Data Protection Rights?

You may opt out of any future contact from us at any time by contacting us via the contact information provided at the end of this policy. Written requests are preferred. If you make a request, we have one month to respond to you.

United States Privacy Acts

Under the California Privacy Rights Act (‘CPRA’) – which amended and expanded on CCPA, Connecticut Data Privacy Act (‘CTDPA’), Virginia Commonwealth Data Protection Act (‘CDPA’), Utah Consumer Privacy Act (‘UCPA’), and the Colorado Privacy Act (‘CPA’), consumers may be able to exercise the following rights in relation to the personal information about them that we have collected (subject to certain limitations at law):

• The right to access/know any or all of the information relating to your personal information that we have collected, processed or disclosed in the preceding 12 months (upon verification of your identity). For details on the categories of personal information we have collected and/or shared, refer to section “What Information Do We Collect?” and “How Do We Use Information Collected?” in the notice. RAI will provide a copy of the consumer’s personal data in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another controller without hindrance.
• The right to request the deletion of personal information we have collected from you.
• The right to opt-out of personal information sales to third parties now or in the future. However, we do not sell your personal information.
• The right to opt-in to personal information sales to third parties for consumers under the age of 16. However, we do not sell personal information of minor consumers.
• The right to opt-out of sharing of personal information to third parties now or in the future. To view the information we have shared in the preceding 12 months, refer to section “4.0 How We Share Personal Information” <link to the section above here> in the notice.
• The right to request rectification/correction of inaccurate personal information, considering the nature and purposes of the processing of the information. (Not Applicable under UCPA)
• The right to limit use and disclosure of sensitive personal information to that which is necessary to perform the services or provide the goods reasonably expected by an average consumer. (Applicable under CCPA, as amended by CPRA)
• The right to opt-out of the processing of sensitive personal information (I.e., data that reveals ethnic or racial origin, mental or physical health diagnosis, religious beliefs, sexual orientation, or citizenship or immigration status. (Applicable under UCPA)
• The right to opt-out of targeted advertising. (Applicable under CPA, CTDPA, UCPA, VCDPA)
• The right to opt-out of profiling in connection with automated decisions. (Applicable under CPA, CTDPA, UCPA)

Please note that if exercising these rights limits our ability to process personal information (such as a deletion request), we may no longer be able to provide you with our products and services or engage with you in the same manner. Additionally, RAI has established processes (including reviewing business processes, systems, and resources on a periodic basis) to ensure consumers who exercise any of the above rights under US state privacy laws are not discriminated against.

How To Exercise Your Consumer Rights

To exercise any of your right mentioned above, please submit a request by contacting us at security@raioam.com.

We will need to verify your identity before processing your request. 

In order to verify your identity, we will generally require sufficient information from you so that we can match it to the information we maintain about you in our systems. Sometimes we may need additional personal information from you to be able to identify you. We will notify you. 

We may decline a request where we cannot verify your identity or locate your information in our systems or as permitted by law. In this case, we may request that you provide additional information reasonably necessary to authenticate you and your request.

You may choose to designate an authorized agent to make a request under the CCPA on your behalf. No information will be disclosed until the authorized agent’s authority has been reviewed and verified. Once an authorized agent has submitted a request, we may require additional information (i.e., written authorization from you) to confirm the authorized agent’s authority.

If RAI does not take action on your Consumer Rights Request within the 45 days, or in the event of an extension, within the maximum 90-day response period, we will inform you in writing of the reasons for not taking action, as well as provide an explanation of any rights you have to appeal the decision. For opt-out or limit use and disclosure requests submitted under the CCPA, RAI will respond as soon as feasibly possible, with up to a maximum of 15 days. 

For consumers residing in Virginia, within 60 days of receipt of an appeal, and for consumers residing in Colorado, within 45 days of receipt of an appeal, RAI will inform the consumer, in writing, of any action taken/not taken in response to the appeal, including an explanation of the reasons for the decisions. If the appeal is denied, RAI will provide consumers with an online mechanism, if available, or another method that allows the consumer to contact the Attorney General to submit a complaint.

Minors Under Age 16

Our website and services are intended for business use, and we do not expect them to be of any interest to minors. We do not intentionally collect any personal information of consumers below the age of 13. If you believe that a child under 13 may have provided us their Personal Information, please contact us at security@raioam.com. Following contact, RAI will request the age of data subject that is minor and get the consent of the holder of the parental responsibility for the minor, where RAI needs to process that personal information. 

General Data Protection Regulation (GDPR)

For Individuals Based in the European Economic Area (EEA), United Kingdom (UK), and Switzerland:       

If you are based in one of these jurisdictions, RAI. is the controller of your personal data collected in the following instances:

• When you visit our websitehttps://rayalleninc.com/
• When we process your personal data for sales and marketing purposes

We only process personal data if we have a lawful basis for doing so. The lawful bases applicable to our processing as controller are:

• Consent: We will ask for your express and informed consent every time we collect your personal data on this legal basis.
• Contractual basis: We process the personal data as necessary to fulfill our contractual terms with you or our clients.
• Legitimate interest: We process the names, contact details, job titles, companies of our existing and prospective clients for our marketing purposes, including market research and sales leads generation. 

You have the following rights under the GDPR:

• Right to be informed: Receive complete and concise notice of what data may be collected, how it is used, data retention, and third-party access, with the request for consent.
• Right of access: Request and obtain the data we have about you.
• Right of rectification: Change/correct any data we have about you.
• Right to be forgotten: Have us delete any data we have about you.
• Right of portability: Request that we transfer any data that it holds on them to another company.
• Right to restrict processing: Restrict the processing of your personal data, under certain conditions.
• Right to object: Object to the processing of your personal data, under certain conditions.
• Right related to automated decision-making including profiling (if applicable): request a review of any automated processes where you believe the rules are not being followed.

We process personal data in the United States. We use standard contractual clauses, approved by the European Commission or competent UK authority (as applicable), as the data transfer mechanism for transferring personal data from the EEA or UK to other countries subject to data transfer requirements.

You may contact us at security@raioam.com.

You may also lodge a complaint with your local supervisory authority:

• EU Data Protection Authorities (DPAs). See their contact details here National Data Protection Authorities.
• Information Commissioner’s Office (ICO)
• Swiss Federal Data Protection and Information Commissioner (FDPIC). 

Information Security

We will do our best to make sure your data is secured.

RAI has implemented industry-standard security systems, applications, and procedures to secure your Personal Information and to protect it from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information that is in our control and custody. However, although we make efforts to protect your privacy, no data transmission over the Internet or wireless network can be guaranteed. We cannot and do not guarantee the absolute protection and security of any Personal Information stored with us or with any of our third-party service providers.

Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet that are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our website cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.

Data Processing

Please note that we process data in multiple locations (within and external to the United States) and rely on legally provided mechanisms to lawfully transfer data across borders, such as contracts incorporating data protection and sharing obligations. We provide the capability for the return, transfer, and/or disposal of personal data in a secure manner.

Data Breach

In the event that we become aware that the security of our website has been compromised or users’ Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting as well as notification to and cooperation with law enforcement authorities.

In the event of a data breach, we will make reasonable efforts to notify affected users if we believe that there is a reasonable risk of harm as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on our website and send a notification email.

Policy Management

This policy is under regular review; we reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Privacy Policy. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy on the Site, and you waive the right to receive specific notice of each such change or modification.

You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Site after the date such revised Privacy Policy is posted.

Policy Acceptance

You acknowledge that you have read this Privacy Policy. By accessing and using our website and submitting your information you agree to be bound by this Privacy Policy.

 

Contact Us

If you have questions or concerns regarding this policy or personal information you may have provided, please contact our DPO, Greg Bjorkquist, or our Information Security Team via:

Email:	security@raioam.com
Phone:	+1-312-895-0222
Mail:	RAY ALLEN, Inc. Attn: Information Security Team/Privacy 400 West Erie Street Floor 4 Chicago, IL 60654

We will attempt to resolve complaints and disputes and make every reasonable effort to honor your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by applicable data protection laws.