Close Menu

XY Retail, Inc.
Privacy Policy

XY Retail is committed to protecting the privacy and security of you and your customers. This Privacy Policy describes how XY Retail collects, uses and discloses information received through its website and online platform and what choices Users and Visitors to our Site have with respect to this information.

There are a few terms that we will use frequently in this Privacy Policy that we want to define clearly for your understanding:

  • We use "XY Retail," "we" or "us" to refer to XY Retail, Inc.
  • The “Platform” refers to XY Retail’s online platform for its registered Users.
  • We use “Site” to refer to the website http://www.xyretail.com.
  • We use “Services” to refer to the services provided through the Platform.
  • We use “Visitor” to refer to anyone who visits our Site.
  • We use “User,” “Users,” “you” or “your” to refer to people or entities registered to use the Services

Users and Visitors accept and agree to the practices described in this Privacy Policy by accessing and/or using our Site and Platform. If you have comments, suggestions, questions or concerns about our Privacy Policy, please contact us at legal@xyretail.com.

Our Privacy Policy was last updated on June [1st], 2018.

Information We Collect

Information You Provide to Us. When you request a product demonstration through the Site, register with us to use the Platform or otherwise communicate with us through the Site or Platform, we may collect and use personally identifiable information about you ("Personal Information"), as well as other information. For the purposes of the GDPR (as defined and described more fully below), we are the “data controller” of this information and we collect and store it for the purposes of communicating with Visitors, providing Services to Users and maintaining records and contact details for our business purposes. More specifically, we may collect and store the following information:

  • Name
  • Email address
  • Phone number2
  • Company name
  • Information about your company, such as website URL, number of employees and type of business
  • Information you provide when communicating with us by e-mail, mail or otherwise

Registration Information. Use of our Platform is restricted to registered Users of the Services and their authorized personnel. Once you have completed the User registration process with XY Retail, you will be able to securely access the Platform online using a unique username and password. Your password is exclusively for your use and should not be shared except as needed to facilitate use of the Platform by your authorized personnel. It is the responsibility of the User to safeguard its password. If you believe your password has been lost, stolen or otherwise compromised or that your Platform account security has been compromised in any way, please contact XY Retail immediately.

Information We Collect About Your Interaction With The Site and Platform. We may collect additional information about your interaction with our Site and the Platform without identifying you as an individual (“Anonymous Information”), by using cookies or other automated technologies. For example, we may receive certain standard information that your browser sends to every website you visit, such as your IP address, browser and operating system type and information about the device you are using (such as whether it is a mobile device or a desktop computer). We may use Anonymous Information for any purpose in our discretion. For clarity, Anonymous Information means information that is not associated with or linked to your Personal Information and does not permit the identification of individual persons.

Analytics Partner. XY Retail has partnered with an analytics partner (“Analytics Partner”) to collect Anonymous Information about how our Site and Platform are used. Our Analytics Partner may use cookies or other automated technologies to collect information about you; for example, how many times you visit the Platform and what parts of the Platform you access. In order to make sure you understand how our Analytics Partner handles your information and how it interacts with our Site and Platform, we’ve shared a hyperlink below to its Terms of Use. You should visit this page as XY Retail has no ability to control or monitor our Analytics Partner’s data collection or data use practices.

User Customer Data and User Business Information

User Customer Data. Our Users utilize the Platform to run their businesses and interact with their customers. "User Customer Data" is Personal Information relating to individuals with whom our Users interact in connection with their business (such as customers of their e-commerce stores). Our Users are solely responsible for establishing 3policies for and ensuring compliance with all applicable laws and regulations, as well as all privacy policies, agreements or other obligations, relating to the collection of Personal Information in connection with the use of our Services by individuals with whom our Users interact. XY Retail has no direct relationship with individuals whose Personal Information Users collect in connection with their use of our Services. If you are an individual who interacts with one of our Users - for instance if you’re a customer of a User’s online retail store – that User is the controller of your information and you should contact them directly for assistance with any requests or questions relating to your Personal Information.

User Business Information. We also store any other information that Users upload to or send through the Platform (“User Business Information”), including:

  • Information about products and services; and
  • Other business-related information.

Please be advised that XY Retail does not access, use or commercialize User Customer Data or User Business Information except such data that has been anonymized and aggregated with other anonymized data from our other users. We may use anonymized and aggregated data for any purpose in our discretion

How We Use Cookies

A “cookie” is a small computer file that is sent to your computer when you visit a website to make each visit more efficient. Cookies may store user preferences and other information. You may opt out of receiving cookies by instructing your browser to stop accepting cookies or to prompt you before accepting a cookie from websites you visit, by changing your browser options. Please note, however, that by blocking or deleting cookies used with our Services, you may not be able to use all aspects of the Services. You can learn more about cookies by visiting www.allaboutcookies.org, which includes useful information on cookies and how to block cookies on different types of browsers and mobile devices.

XY Retail and its Analytics Partner use session cookies in our Site and Platform, which means we do not collect these cookies for use in connection with your future visits. We also do not use cookies for ad serving. We use cookies to give you a better and more personalized use of the Services, to save you logging in every time and to count the number of visits.

Please note that when using our Services, Users may deploy their own cookies to collect information about their customer’s use of websites and applications made available to them through our Platform.

“Do Not Track” Requests

The Site and Platform currently do not respond to “do not track” or similar signals

Use of Your Information

We use the information we collect from you to enable us to provide the Services to you in the best possible manner. In addition, your information may be used for the following purposes:

  • To operate the Site and Platform and to provide products and services to you;
  • To respond to your requests and inquiries and to provide you with requested customer support;
  • To contact you to resolve disputes, collect fees and troubleshoot problems;
  • To review Site and Platform usage in order to customize, measure and improve our Services and the content, layout and functionality of the Site and Platform;
  • To communicate with you about important changes to the Site, the Platform and/or our business;
  • To protect the security or integrity of the Site, Platform and/or our business; and
  • To tailor the Site and Platform to your needs and the needs of other Users and Visitors

Direct Marketing. We may send out marketing messages (such as a newsletter or alert) to Users and Visitors who have provided us with contact information to communicate about developments with our business, to offer special promotions, or to announce important happenings in our industry. We will ask for your consent to receive marketing communications when we collect your contact information, and you can always choose to stop receiving newsletters or other communications from us by clicking the “unsubscribe” link at the bottom of a marketing message. Please understand that if you choose not to receive promotional correspondence from us, we may still contact you in connection with your relationship, activities, transactions and/or communications with us.

Sharing Your Information

Service Providers. We may share your personally identifiable information with trusted third parties, including

  • Service providers under contract with XY Retail who help with our business operations; and
  • Other third parties to whom you explicitly ask us to send your information

Such third parties have access to Personal Information as needed to perform their functions, or as requested by you, but they are not allowed to use it for other purposes. We do not sell or rent your Personal Information collected through the Site or Platform.

Aggregated Research. We may also share aggregated non-identifiable information about our customers with third parties in order to help market our products and develop new vendor and customer relationships.

Other Circumstances. As with any business, it is possible that in the future we could merge with or be acquired by another company. If this occurs, the successor company would have access to the information we collect, but would continue to be bound by this Privacy Policy unless and until it is amended. For clarity, we may disclose your Personal Information if we are involved in a merger, acquisition or sale of any or all of our business and/or our assets to such third parties, or if we have a good faith belief that disclosure is necessary to:

  • Comply with applicable laws, regulations, legal process (such as a subpoena) or enforceable government request;
  • Enforce our Terms of Use, including investigation of potential violations of such Terms of Use, or to detect, prevent or otherwise address fraud, security or technical issues with respect to the Site and/or Platform;
  • Facilitate fraud prevention, risk assessment, investigation, product development and debugging purposes; and
  • Protect against harm to the rights, property or safety of XY Retail, our Users, Visitors to the Site or the public as required or permitted by law.

Text Messages

We can only communicate with you by text message if we have your express consent. If you would like to receive notifications from us through the Platform, you will need to provide your mobile phone number through the Platform and indicate your consent to receive text messages from XY Retail. Please be advised that standard text messaging rates may apply as provided in your wireless plan and you will be responsible for all charges incurred from your mobile carrier for such communications. Through the Platform you may revoke your consent for use of your phone number at any time by opting out of receiving future text messages.

Security

We use commercially suitable physical, electronic and managerial procedures designed to safeguard and secure the information we collect on our Site and through the Platform. These procedures include, but are not limited to, encryption, passwords and physical security. We also limit access to Personal Information we receive to our employees, contractors, professional advisors and Business Partners (as defined below) who need access to that information in order to do their jobs or provide services to us. However, no data protection procedures are entirely infallible. As a result, while we strive to protect your Personal Information, we cannot guarantee that it will be 100% secure. Your transmission of data to our Site or Platform thus is done entirely at your own risk.

Business Partners

We use and work with certain third party application and technology companies (“Business Partners”) to provide hosting, payment processing, marketing, database integration, technology development, business intelligence and analytics, shipping and fulfillment and other services for us or for our Users. These Business Partners may have access to or process your information for the purpose of providing those services. Some 6 functionality in the Platform uses white-labelling techniques to serve content from Business Partners while providing the look and feel of our Platform. Please note that, in some instances, you are providing your information to these third parties acting on behalf of XY Retail. We have discussed certain of our Business Partners in more detail below.

Payment Processors

XY Retail does not collect credit and debit card information directly through the Site and/or Platform and kindly asks you not to share this information with us when submitting requests for additional information. XY Retail does partner with third-party payment card processors (“Payment Processor”) so that Users may process online transactions with their customers.

For Users accepting payments through the Platform using one of our Payment Processors, please note that your customers’ credit and debit card information (number, expiration date, security code) is provided directly to the Payment Processor and is stored by the Payment Processor and not by you or by XY Retail, and as such, it is important to review the Payment Processor’s privacy policy and terms to understand its information security practices. The Payment Processor may share all or some of the following information with you (and not XY Retail) so that you may complete orders to your customers: first and last name, physical address, email address, phone number and information about the transaction and the items purchased. Here are links to the policies of the current Payment Processors we make available to you through the Platform

Stripe

  • Stripe’s privacy policy: https://stripe.com/us/privacy
  • Stripe’s checkout terms of service agreement: https://stripe.com/us/checkout/legal

Square

  • Square’s privacy notice: https://squareup.com/legal/privacy
  • Square’s terms of service: https://squareup.com/legal/ua

Braintree by PayPal

  • Braintree’s privacy policy: https://www.braintreepayments.com/legal/braintreeprivacy-policy

Authorize.Net

  • Authorize.Net’s private statement: https://www.authorize.net/about-us/privacy/
  • Authorize.Net’s terms of use: https://www.authorize.net/about-us/terms/

Omise

  • Omise’s privacy policy: https://www.omise.co/privacy
  • Omise’s terms and conditions: https://www.omise.co/terms

Links to Third Party Websites

The Site and Platform may contain links to other websites, including those of third parties or Business Partners. While we seek to link only to websites that share our high 7 standards and respect for privacy, we cannot be responsible for the privacy practices of other websites. By accessing other third party websites or applications through our Site or the Platform, you are consenting to the terms and privacy policies of those websites. It is possible that other parties may collect Personal Information about your online activities over time and across different web sites when you use the Site and/or Platform.

International Users/Visitors and the General Data Protection Regulation

The Site and Platform are operated in the United States (“US”) and we host all data received through the Site and Platform using Amazon Web Services in the United States. By using the Site and Platform, you are consenting to the transfer of your Personal Information to the US.

If you are a User or Visitor from outside the US, please be advised that the Platform and our Services are designed to facilitate compliance with the privacy regulations imposed by the European Union, principal among them the General Data Protection Regulation (the “GDPR”).

XY Retail’s Compliance with the GDPR. XY Retail is committed to complying with the GDPR and has technology and business practices in place so that Users and Visitors may take advantage of the choices and protections offered by the GDPR. For example:

  • Users can easily access their Personal Information stored in the Platform at any time. Users and Visitors to the Site may also request a copy of their Personal Information stored by XY Retail by contacting us directly.
  • If requested by a User or Visitor to our Site, XY Retail will promptly delete any information we store about the User or Visitor.
  • XY Retail only stores Personal Information in its identifiable form for a defined period of time when we have an ongoing legitimate business need to do so. When we no longer have an ongoing legitimate business need to process and/or store your Personal Information, we will either purge the Personal Information or convert it into anonymous values in accordance with our internal policies.

You may review and edit the information XY Retail collects about you at any time by contacting us using the contact information set forth below. If your information has been shared with a third party, as described elsewhere in this Privacy Policy, then that third party has received its own copy of your data. If you have been contacted by one of these third parties and wish to correct or delete your information, please contact them directly.

Please also know that you have the right to complain to your local information protection authority should you have concerns with respect to how we are processing your Personal Information. Your local data protection authority will be able to give you more information on how to submit a complaint.

Your Compliance with the GDPR. The Platform is built on the following core principles which form the bedrock of the GDPR.

  • Data Isolation. All User transactions and engagements are separated from personal data through a "link". This concept is a pre-requisite to compliance with the GDPR and is called pseudonymization, which is fully implemented in the Platform to ensure the isolation of User data, including User Customer Data and User Business Information, from Personal Information.
  • Data Protection. All of your data in the Platform, including User Customer Data and User Business Information, has privacy controls that can be managed by you when operating your business. All traffic on the Platform, including e-commerce, is based on Secure Sockets Layer (SSL) technology.
  • Data Audit. The Platform may be used for reporting and audit of your data, including User Customer Data and User Business Information.
  • Data Consent. All marketing and transactional features of the Platform rely on opt-in and opt-out features.
  • Data Deletion. The GDPR imposes a responsibility on businesses to allow their consumers to request that certain of their personal data is deleted upon request. In the Platform, there is a simple mechanism to eliminate User Customer Data while still providing sales and marketing analytics.
  • Virtual Compliance Officer. The GDPR requires every business to appoint a compliance officer reachable by any consumer. The Platform can provide you with a simple way to establish a virtual compliance contact for your business.
  • Features for Managing User Customer Data.The Platform provides you and your customers a number of choices:
    • You can use the Platform to select a customer and select applicable data to extract and package in a format ready to e-mail to your customers.
    • Your customers can be provided access to a portal where they are able to access and review the personal data they provided to you, as well as their order history.
    • Your customers can also use a portal to request deletion of their personal data. Following this deletion request, the Platform will allow you to purge the data of selected customers.
    • The Platform permits you to establish policies that control the expiration interval for customer order histories based on “last order”

California Privacy Rights

California law allows California residents to ask a company with whom they have an established business relationship to provide certain information about the company’s sharing of Personal Information with third parties for direct marketing purposes. 9 California customers who wish to request further information about our compliance with this law or have questions or concerns about our privacy practices may contact us using the contact information set forth below.

Canadian Privacy Rights

Canadian citizens, except under circumstances defined by law, are entitled to access their Personal Information collected by XY Retail. If you believe that the Personal Information about you that we have collected is incomplete or inaccurate, please contact us and we will correct the information upon verification of the omission or error and of the identity of the person requesting the change.Canadian citizens who wish to request further information about our compliance with this law or have questions or concerns about our privacy practices may contact us using the contact information set forth below.

Users Only of Legal Age of Majority

Our Site and Platform are designed and intended for those who are at least 18 years old. By using our Site and/or Platform, you affirm that you are at least 18 years of age or older. We are not liable for any damages that may result from a Visitor’s or User’s misrepresentation of his or her age. No one under age 13 is authorized to submit any information to XY Retail, directly or through the Site or Platform, whether or not it is Personal Information. Under no circumstances may anyone under age 13 visit our Site or use the Platform. Parents or legal guardians of children under 13 cannot agree to these terms on a minor child’s behalf.

Privacy Policy Updates

We update the Privacy Policy from time to time, so please review it regularly. If we materially change our Privacy Policy, we will notify you by contacting you through your account e-mail address or by posting a notice on our Site and/or the Platform. All amended terms automatically take effect thirty (30) days after they are initially notified to you and/or posted via the Site or Platform. Your continued use of the Site and/or Platform will be deemed your agreement that your information may be used in accordance with the new policy. If you do not agree with the changes, then you should stop using the Site and Platform and notify us immediately that you do not want your information used in accordance with the changes.

Contacting Us

Please contact us at to submit any questions, comments or complaints you may have regarding this Privacy Policy. You may contact us at legal@xyretail.com, by phone at (646) 883-2533, or at XY Retail’s physical address: 50 E 28th St, Suite 16K, New York, NY 10016