Effective Date: 20th October 2020

Revision 1.0

This “Privacy Policy” explains how RETAIL REALM DISTRIBUTION, INC. (“Company” or “we”) collects, uses, discloses, and otherwise processes personal data on behalf of our customers – typically, merchants (any, a “Merchant”) – in connection with “our application”.  

Our application is defined as RMH Payment Bridge in conjunction with Retail Management Hero Point of Sale application, which has the various sub-components that are capable of processing payments:

• RMH POS application for Windows

This Privacy Policy does not apply to Company’s privacy practices in any other context.

The Company’s processing of personal data in connection with our application is governed by this Privacy Policy and our agreements with Merchants. In the event of any conflict between this Privacy Policy and a customer agreement, the customer agreement will control to the extent permitted by applicable law.

This Privacy Policy is not a substitute for any privacy policy that a Merchant may be required to provide to their customers, personnel, or other individuals.

1.0 Definitions with respect to specific Payment Providers:

1.1 Information We Collect

We may collect data from or on behalf of Merchants. Merchants determine the scope of the personal data transferred to us or that we collect, and the information we receive may vary by Merchant. Typically, the information we collect on behalf of Merchants includes:

1.1.1 Information that we collect when a Merchant’s customers make a payment

When a customer makes a payment via a Retail Management Hero POS, we collect information about the transaction, which may include personal data. Information about transaction includes the type of payment card used, the name associated with the payment card, the location of the merchant’s store, date and time of the transaction, the transaction amount, and information about the goods or services purchased in the transaction, the expiry date of the payment card, the last four digits of the card and any payment references that are provided by Retail Management Hero POS, or the Payment Provider.

1.1.2 Additional information Merchants’ customers provide through the Retail Management Hero POS,, ancillary to a payment:

The Merchant may collect additional information ancillary to the payment. This information may include:

• Customers’ email address or phone number, such as when the customer chooses to receive an electronic receipt
• Customers’ marketing preferences, such as whether the customer wishes to receive marketing communications or newsletters
• Information about participating customers’ activity in a merchant loyalty program
• Customers’ physical address, where needed for delivery of goods or services
• Other information the customer provides, such as birth date, interests or preferences, reviews, and feedback
• Purchase history

The above information in 1.1.2 is not collected by the Company.

1.1.3 Information that the Merchant collects about the Merchants’ personnel

Likewise, the Merchant may collect information about Merchants’ personnel and interactions with the Retail Management Hero POS,, such as clock-in and clock-out time and tips earned.

The above information in 1.1.3 is not collected by the Company.

1.2 How We Use the Information We Collect

We use the personal data we collect for or on behalf of Merchants, to provide our services and the functionality of our application:  When the Merchant initiates a payment, information required (as defined above in 1.1.1) to initiate the payment is collected from the Retail Management Hero POS application and processed via the Retail Realm RMH Payment Bridge application.   The Retail Realm RMH Payment Bridge application then passes this information to the Payment Provider API for processing by the Payment Provider.  Once the payment has been processed, Retail Realm RMH Payment Bridge will pass information relating to the payment back to the Retail Management Hero POS to be stored and surfaced within the Merchant’s database and environment.

This personal information is not stored or retained by the Company.

We may also provide the Merchant the facility to store information relating to the payment transaction, for example for:

• Reporting and Reconciliation purposes.
• Payment receipt reprinting.
• To log various events to aid troubleshooting.

1.3 How We Share Information

We may share personal data that we collect with:

• The Merchant from whom or on whose behalf we collected the personal data.
• The platform on which our application runs, the Payment Provider Hardware.  You may view the Payment Provider’s Privacy Notice here

The Company may disclose personal data to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal processes, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our application; (d) protect our rights, privacy, safety or property, and/or that of you or others; and (e) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
Company may sell or transfer some or all of its business or assets, including your personal data, in connection with a business transaction (or potential business transaction) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy.

1.4 Your Rights and Choices

1.4.1 Data Subject Rights

To the extent that applicable law provides individuals with rights pertaining to their personal information, such as to review and request changes to their personal information, individuals should contact the Merchant with any requests pertaining to the Merchant’s use of our application. To the extent that the Payment Provider is responsible for responding to data subject rights requests under applicable law, individuals may contact the Payment Provider with applicable requests as explained in the Payment Provider's privacy notice.  The Company will assist a Merchant, or the Payment Provider, as applicable, in responding to such requests subject to our contract with a Merchant or the Payment Provider.

1.4.2 Complaints

If you have a complaint about our handling of personal data, you may contact us via the contact information provided below.

Updates

We reserve the right to modify this Privacy Policy at any time. We will notify you of updates by updating the date of this Privacy Policy.

1.4.3 Contact Us

You may contact us with any questions, comments, or complaints, about this Privacy Policy or our privacy practices via: https://retailrealm.com/contact/

1.5 Additional Information for Merchants Located in Europe

1.5.1 Controller

The Company is a data processor acting for and on behalf of the Merchant that has installed our application on their Payment Provider POS. That Merchant is the controller of personal data that we process on its behalf. The Payment Provider is also a controller of personal data in some circumstances.

The Payment Provider’s Privacy Notice is available here

1.5.2 Legal Bases for Processing

The Company processes personal data as directed or permitted by the Merchant that uses the RMH Payment Bridge. The Merchant is responsible for establishing a legal basis for our processing of personal data for or on behalf of the Merchant.

1.5.3 Cross Border Data Transfer

The Company does not transfer any personal data from the Merchant’s environment, other than to connect to the Payment Provider in order to process payments.

1.5.4 Data Retention

The Company does not retain any personal data.

1.5.5 Data Subject Rights

Under certain circumstances, data subjects in Europe have certain rights relating to their personal data, which include the rights to request from the Controller (a) access to the data subject’s personal data; (b) correction of incomplete or inaccurate personal data; (c) erasure of personal data; (d) restriction of processing concerning the data subject; and (e) that the controller provide a copy of the data subject’s personal data that the data subject provided to the controller in a structured, commonly used and machine-readable format. Data subjects may also object to a controller’s processing of personal data under certain circumstances. Where processing is based on a data subject’s consent, the data subject has the right to withdraw consent at any time; however, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Data subjects may also file a complaint with a supervisory authority. You may view contact information for supervisory authorities at https://edpb.europa.eu/about-edpb/board/members_en. Data subjects in Europe should direct any rights request to the appropriate Controller.