Privacy Policy
1. Introduction
At REI Supply (“we”, “our”, “us”), accessible via rei-supply.com, we are committed to protecting the privacy and personal data of our users, customers, and partners. We prioritize transparency, data integrity, and robust security practices that respect your rights under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy is designed to inform you about how we collect, process, store, and protect your personal information, and what rights you have in relation to the data we hold about you.
2. Scope of Policy and Role of Data Controller
This Privacy Policy applies to all personal data collected through our website (rei-supply.com), communications, and services. For the purpose of applicable data protection legislation, REI Supply is the data controller of your personal data. As a data controller, we determine the purposes and means of processing your personal data.
3. Categories of Data Processed
We process various categories of personal data to operate our business and offer our products and services. These categories include:
a. Usage Data:
Includes information about how you use our website and services, such as IP address, browser type and version, device identifiers, pages viewed, time spent, clickstream data, and referring/exit pages.
b. Account Data:
Personal data provided when you create an account or place an order through rei-supply.com, such as your full name, billing and shipping addresses, email address, and phone number.
c. Profile Data:
Information stored as part of your account profile, including purchase history, saved preferences, wish lists, and behavioral information inferred from your interaction with our services.
d. Communication Data:
Covers data provided through correspondence with us, such as inquiries sent via email (e.g., [email protected]), support tickets, chat sessions, or contact forms.
e. Technical Data:
Includes data collected via cookies, pixels, and similar technologies, such as device type, operating system, browser settings, language preferences, and system configuration.
f. Transaction Data:
Information related to payments and fulfillment, including payment method details (payment processor tokens), order value, delivery address, and invoicing history.
g. Preference Data:
Includes your marketing preferences, subscription status to communications, and indicated interests in specific types of products or services.
4. Legal Bases for Processing
We process your personal data based on the following legal grounds under GDPR, and as necessary for compliance with CCPA:
– Performance of a Contract: Where processing is necessary for fulfilling purchases or service requests you initiate.
– Legitimate Interests: For improving our services, detecting fraud, ensuring network security, and marketing similar products unless consent is required by law.
– Consent: When you opt in to receive newsletters or allow cookies for analytics or advertising.
– Legal Obligation: Where processing is necessary to comply with a legal duty or enforce and defend legal claims.
5. Your Rights
Subject to applicable law, you may exercise the following rights regarding your personal data:
– Right of Access: You may request a copy of the personal information we hold about you.
– Right to Rectification: You may request correction of any inaccurate or incomplete data.
– Right to Erasure: You have the right to request the deletion of your personal data in certain circumstances.
– Right to Restriction: You may request us to limit or restrict certain processing.
– Right to Data Portability: Where applicable, you may request your data in a structured, commonly used format and have it transmitted to another data controller.
To exercise any of these rights, please contact us at [email protected]. We may require verification of your identity before responding to your request.
California residents may also have additional rights under the CCPA, including the right to opt out of the sale of personal information and non-discrimination for exercising their rights.
6. Security Measures
We implement a wide array of technical and organizational security measures to ensure the confidentiality, integrity, and availability of your personal data. These safeguards include, but are not limited to:
– End-to-end encryption for sensitive communications and transactions.
– Role-based access controls and authentication procedures.
– Secure backups and disaster recovery protocols.
– Staff training and internal privacy policies to ensure awareness and compliance.
While we strive to use industry-standard practices to protect your data, no system is completely infallible, and users should also take precautionary steps to protect their information when online.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside your country of residence, including to the United States. When such transfers occur, we ensure appropriate safeguards are in place, such as:
– Standard Contractual Clauses approved by the European Commission.
– Compliance with the European Data Protection Board (EDPB) recommendations or other recognized data transfer mechanisms.
You may request additional information on our international transfer measures by contacting us at: [email protected].
8. Data Retention
We retain personal data for only as long as necessary to fulfill the purposes for which we collected it, including for legal, regulatory, tax, accounting, or reporting requirements. Specific retention periods may include:
– Account and Transaction Data: retained for a minimum of seven (7) years for compliance and audit obligations.
– Communication Data: retained for three (3) years from the last interaction.
– Marketing Preferences and Analytics Data: retained for two (2) years from consent or interaction.
Where personal data is no longer required, it is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies on rei-supply.com to provide functionality, personalize content, measure user engagement, and analyze site usage. Our cookies fall under the following categories:
– Essential Cookies: Required for website functionality, such as login and cart features.
– Functional Cookies: Enhance site performance, saving preferences and settings.
– Analytical Cookies: Collect statistical data to help us understand user behavior and improve services.
– Performance Cookies: Measure the performance of ads and content.
10. Cookie Management and Compliance
Upon your first visit to rei-supply.com, you are presented with a cookie consent banner allowing you to accept or customize your preferences. You may also manage or revoke your consent at any time through your browser settings or our website’s Cookie Settings tool. We honor the Global Privacy Control (GPC) signal where supported by your browser.
Under GDPR and CCPA, we ensure user consent is obtained before deploying non-essential cookies, and provide transparency about how these technologies operate.
11. Protection of Children’s Privacy
Our services are not intended for use by individuals under the age of 13, and we do not knowingly collect personal data from children. If we become aware that a child under 13 has provided us with personal data, we will take appropriate steps to delete such information. Parents or guardians with concerns may contact us at [email protected].
12. Policy Updates and Notification
We reserve the right to revise this Privacy Policy at any time to reflect changes in our practices, legal obligations, or service offerings. Revisions will be posted on rei-supply.com and, where appropriate, notified to you via email or prominent disclosure on our website.
We encourage you to review this policy periodically to stay informed of how we are protecting your personal information.
13. Contact Information
For questions, requests, or concerns related to this Privacy Policy or your personal data, you may contact us at:
Email: [email protected]
REI Supply is committed to full compliance with all applicable data protection laws, including GDPR and CCPA. We take your privacy seriously and invite you to reach out with any concerns, requests, or feedback related to how your personal data is handled.