XY Retail, Inc.
- We use "XY Retail," "we" or "us" to refer to XY Retail, Inc.
- The “Platform” refers to XY Retail’s online platform for its registered Users.
- We use “Site” to refer to the website http://www.xyretail.com .
- We use “Services” to refer to the services provided through the Platform.
- We use “Visitor” to refer to anyone who visits our Site.
- We use “User,” “Users,” “you” or “your” to refer to people or entities registered to use the Services
Information We Collect
Information You Provide to Us. When you request a product demonstration through the Site, register with us to use the Platform or otherwise communicate with us through the Site or Platform, we may collect and use personally identifiable information about you ("Personal Information") , as well as other information. For the purposes of the GDPR (as defined and described more fully below), we are the “data controller” of this information and we collect and store it for the purposes of communicating with Visitors, providing Services to Users and maintaining records and contact details for our business purposes. More specifically, we may collect and store the following information:
- Email address
- Phone number2
- Company name
- Information about your company, such as website URL, number of employees and type of business
- Information you provide when communicating with us by e-mail, mail or otherwise
Registration Information . Use of our Platform is restricted to registered Users of the Services and their authorized personnel. Once you have completed the User registration process with XY Retail, you will be able to securely access the Platform online using a unique username and password. Your password is exclusively for your use and should not be shared except as needed to facilitate use of the Platform by your authorized personnel. It is the responsibility of the User to safeguard its password. If you believe your password has been lost, stolen or otherwise compromised or that your Platform account security has been compromised in any way, please contact XY Retail immediately.
Information We Collect About Your Interaction With The Site and Platform. We may collect additional information about your interaction with our Site and the Platform without identifying you as an individual (“ Anonymous Information ”), by using cookies or other automated technologies. For example, we may receive certain standard information that your browser sends to every website you visit, such as your IP address, browser and operating system type and information about the device you are using (such as whether it is a mobile device or a desktop computer). We may use Anonymous Information for any purpose in our discretion. For clarity, Anonymous Information means information that is not associated with or linked to your Personal Information and does not permit the identification of individual persons.
Google Analytics’ terms are available here:
User Customer Data and User Business Information
User Customer Data. Our Users utilize the Platform to run their businesses and interact with their customers. "User Customer Data" is Personal Information relating to individuals with whom our Users interact in connection with their business (such as customers of their e-commerce stores). Our Users are solely responsible for establishing 3policies for and ensuring compliance with all applicable laws and regulations, as well as all privacy policies, agreements or other obligations, relating to the collection of Personal Information in connection with the use of our Services by individuals with whom our Users interact. XY Retail has no direct relationship with individuals whose Personal Information Users collect in connection with their use of our Services. If you are an individual who interacts with one of our Users - for instance if you’re a customer of a User’s online retail store – that User is the controller of your information and you should contact them directly for assistance with any requests or questions relating to your Personal Information.
User Business Information. We also store any other information that Users upload to or send through the Platform ( “User Business Information” ), including:
- Information about products and services; and
- Other business-related information.
Please be advised that XY Retail does not access, use or commercialize User Customer Data or User Business Information except such data that has been anonymized and aggregated with other anonymized data from our other users. We may use anonymized and aggregated data for any purpose in our discretion
A “cookie” is a small computer file that is sent to your computer when you visit a website to make each visit more efficient. Cookies may store user preferences and other information. You may opt out of receiving cookies by instructing your browser to stop accepting cookies or to prompt you before accepting a cookie from websites you visit, by changing your browser options. Please note, however, that by blocking or deleting cookies used with our Services, you may not be able to use all aspects of the Services. You can learn more about cookies by visiting www.allaboutcookies.org, which includes useful information on cookies and how to block cookies on different types of browsers and mobile devices.
Please note that when using our Services, Users may deploy their own cookies to collect information about their customer’s use of websites and applications made available to them through our Platform.
“Do Not Track” Requests
The Site and Platform currently do not respond to “do not track” or similar signals
Use of Your Information
We use the information we collect from you to enable us to provide the Services to you in the best possible manner. In addition, your information may be used for the following purposes:
- To operate the Site and Platform and to provide products and services to you;
- To respond to your requests and inquiries and to provide you with requested customer support;
- To contact you to resolve disputes, collect fees and troubleshoot problems;
- To review Site and Platform usage in order to customize, measure and improve our Services and the content, layout and functionality of the Site and Platform;
- To communicate with you about important changes to the Site, the Platform and/or our business;
- To protect the security or integrity of the Site, Platform and/or our business; and
- To tailor the Site and Platform to your needs and the needs of other Users and Visitors
Direct Marketing . We may send out marketing messages (such as a newsletter or alert) to Users and Visitors who have provided us with contact information to communicate about developments with our business, to offer special promotions, or to announce important happenings in our industry. We will ask for your consent to receive marketing communications when we collect your contact information, and you can always choose to stop receiving newsletters or other communications from us by clicking the “unsubscribe” link at the bottom of a marketing message. Please understand that if you choose not to receive promotional correspondence from us, we may still contact you in connection with your relationship, activities, transactions and/or communications with us.
Sharing Your Information
Service Providers. We may share your personally identifiable information with trusted third parties, including
- Service providers under contract with XY Retail who help with our business operations; and
- Other third parties to whom you explicitly ask us to send your information
Such third parties have access to Personal Information as needed to perform their functions, or as requested by you, but they are not allowed to use it for other purposes. We do not sell or rent your Personal Information collected through the Site or Platform.
Aggregated Research . We may also share aggregated non-identifiable information about our customers with third parties in order to help market our products and develop new vendor and customer relationships.
- Comply with applicable laws, regulations, legal process (such as a subpoena) or enforceable government request;
- Facilitate fraud prevention, risk assessment, investigation, product development and debugging purposes; and
- Protect against harm to the rights, property or safety of XY Retail, our Users, Visitors to the Site or the public as required or permitted by law.
We can only communicate with you by text message if we have your express consent. If you would like to receive notifications from us through the Platform, you will need to provide your mobile phone number through the Platform and indicate your consent to receive text messages from XY Retail. Please be advised that standard text messaging rates may apply as provided in your wireless plan and you will be responsible for all charges incurred from your mobile carrier for such communications. Through the Platform you may revoke your consent for use of your phone number at any time by opting out of receiving future text messages.
We use commercially suitable physical, electronic and managerial procedures designed to safeguard and secure the information we collect on our Site and through the Platform. These procedures include, but are not limited to, encryption, passwords and physical security. We also limit access to Personal Information we receive to our employees, contractors, professional advisors and Business Partners (as defined below) who need access to that information in order to do their jobs or provide services to us. However, no data protection procedures are entirely infallible. As a result, while we strive to protect your Personal Information, we cannot guarantee that it will be 100% secure. Your transmission of data to our Site or Platform thus is done entirely at your own risk.
We use and work with certain third party application and technology companies (“ Business Partners ”) to provide hosting, payment processing, marketing, database integration, technology development, business intelligence and analytics, shipping and fulfillment and other services for us or for our Users. These Business Partners may have access to or process your information for the purpose of providing those services. Some 6 functionality in the Platform uses white-labelling techniques to serve content from Business Partners while providing the look and feel of our Platform. Please note that, in some instances, you are providing your information to these third parties acting on behalf of XY Retail. We have discussed certain of our Business Partners in more detail below.
XY Retail does not collect credit and debit card information directly through the Site and/or Platform and kindly asks you not to share this information with us when submitting requests for additional information. XY Retail does partner with third-party payment card processors ( “Payment Processor” ) so that Users may process online transactions with their customers.
- Stripe’s checkout terms of service agreement: https://stripe.com/us/checkout/legal
- Square’s privacy notice: https://squareup.com/legal/privacy
- Square’s terms of service: https://squareup.com/legal/ua
Braintree by PayPal
- Authorize.Net’s private statement: https://www.authorize.net/about-us/privacy/
- Omise’s terms and conditions: https://www.omise.co/terms
Links to Third Party Websites
The Site and Platform may contain links to other websites, including those of third parties or Business Partners. While we seek to link only to websites that share our high 7 standards and respect for privacy, we cannot be responsible for the privacy practices of other websites. By accessing other third party websites or applications through our Site or the Platform, you are consenting to the terms and privacy policies of those websites. It is possible that other parties may collect Personal Information about your online activities over time and across different web sites when you use the Site and/or Platform.
International Users/Visitors and the General Data Protection Regulation
The Site and Platform are operated in the United States (“US”) and we host all data received through the Site and Platform using Amazon Web Services in the United States. By using the Site and Platform, you are consenting to the transfer of your Personal Information to the US.
If you are a User or Visitor from outside the US, please be advised that the Platform and our Services are designed to facilitate compliance with the privacy regulations imposed by the European Union, principal among them the General Data Protection Regulation (the “GDPR” ).
XY Retail’s Compliance with the GDPR . XY Retail is committed to complying with the GDPR and has technology and business practices in place so that Users and Visitors may take advantage of the choices and protections offered by the GDPR. For example:
- Users can easily access their Personal Information stored in the Platform at any time. Users and Visitors to the Site may also request a copy of their Personal Information stored by XY Retail by contacting us directly.
- If requested by a User or Visitor to our Site, XY Retail will promptly delete any information we store about the User or Visitor.
- XY Retail only stores Personal Information in its identifiable form for a defined period of time when we have an ongoing legitimate business need to do so. When we no longer have an ongoing legitimate business need to process and/or store your Personal Information, we will either purge the Personal Information or convert it into anonymous values in accordance with our internal policies.
Please also know that you have the right to complain to your local information protection authority should you have concerns with respect to how we are processing your Personal Information. Your local data protection authority will be able to give you more information on how to submit a complaint.
Your Compliance with the GDPR . The Platform is built on the following core principles which form the bedrock of the GDPR.
- Data Isolation . All User transactions and engagements are separated from personal data through a "link". This concept is a pre-requisite to compliance with the GDPR and is called pseudonymization, which is fully implemented in the Platform to ensure the isolation of User data, including User Customer Data and User Business Information, from Personal Information.
- Data Protection . All of your data in the Platform, including User Customer Data and User Business Information, has privacy controls that can be managed by you when operating your business. All traffic on the Platform, including e-commerce, is based on Secure Sockets Layer (SSL) technology.
- Data Audit . The Platform may be used for reporting and audit of your data, including User Customer Data and User Business Information.
- Data Consent . All marketing and transactional features of the Platform rely on opt-in and opt-out features.
- Data Deletion . The GDPR imposes a responsibility on businesses to allow their consumers to request that certain of their personal data is deleted upon request. In the Platform, there is a simple mechanism to eliminate User Customer Data while still providing sales and marketing analytics.
- Virtual Compliance Officer . The GDPR requires every business to appoint a compliance officer reachable by any consumer. The Platform can provide you with a simple way to establish a virtual compliance contact for your business.
Features for Managing User Customer Data.
The Platform provides you and your customers a number of
- You can use the Platform to select a customer and select applicable data to extract and package in a format ready to e-mail to your customers.
- Your customers can be provided access to a portal where they are able to access and review the personal data they provided to you, as well as their order history.
- Your customers can also use a portal to request deletion of their personal data. Following this deletion request, the Platform will allow you to purge the data of selected customers.
- The Platform permits you to establish policies that control the expiration interval for customer order histories based on “last order”
California Privacy Rights
California law allows California residents to ask a company with whom they have an established business relationship to provide certain information about the company’s sharing of Personal Information with third parties for direct marketing purposes. 9 California customers who wish to request further information about our compliance with this law or have questions or concerns about our privacy practices may contact us using the contact information set forth below.
Canadian Privacy Rights
Canadian citizens, except under circumstances defined by law, are entitled to access their Personal Information collected by XY Retail. If you believe that the Personal Information about you that we have collected is incomplete or inaccurate, please contact us and we will correct the information upon verification of the omission or error and of the identity of the person requesting the change.Canadian citizens who wish to request further information about our compliance with this law or have questions or concerns about our privacy practices may contact us using the contact information set forth below.
Users Only of Legal Age of Majority
Our Site and Platform are designed and intended for those who are at least 18 years old. By using our Site and/or Platform, you affirm that you are at least 18 years of age or older. We are not liable for any damages that may result from a Visitor’s or User’s misrepresentation of his or her age. No one under age 13 is authorized to submit any information to XY Retail, directly or through the Site or Platform, whether or not it is Personal Information. Under no circumstances may anyone under age 13 visit our Site or use the Platform. Parents or legal guardians of children under 13 cannot agree to these terms on a minor child’s behalf.