Appriss Services Processing Notice

About this Processing Notice
Collection and Use of Personal Data Content

Our Purpose

Editorial Control and Use

Types of Personal Information Processed
Information Recipients
Legal Bases For Processing EU Personal Data
Locations of Processing
Data Subject Rights

How to exercise your rights regarding Personal Data

Data Retention
Data Privacy and Security
Changes to Processing Notice
Contact Us
About this Processing Notice

This processing notice applies to the personal information relating to individuals (“Personal Data” or “Personal Data Content”) processed in Appriss Commerce products and services (collectively, the “Services”). The customers of the Services that we provide are referred to in this processing statement as our “Customers”.

Services may include, but are not limited to, the following Appriss Commerce software products, services, and data analytics activities:

  • Engage
  • Verify
  • Secure
  • Incent
  • Systems Integration / RTI
  • LPMS
  • Any other Appriss Commerce software product or service not listed herein.
Collection and Use of Personal Data Content

Our Purpose
The Personal Data Content processed by Appriss Commerce Services enables our Customers to conduct risk management activities for which there is a substantial public interest. Appriss Commerce’s Services are also designed to provide organizations with information that may impact their organization, brand or customer base, and enable informed commercial and business risk decisions.

Personal Data Content we collect and process may be used for the following purposes:

  • Loss Prevention – Immediately impacting total loss by reducing consumer fraud, retail shrink and procedural errors, while fostering a positive customer experience.
  • Store Operations – Lifting store performance by increasing sales, cutting costs, and reducing loss with solutions that enhance customer service and achieve full ROI in six months or less.
  • Marketing – Capitalizing on in-store foot traffic to generate new revenue by incentivizing Customers to spend more, following merchandise returns.
  • Cost Management – Reducing total loss from consumer fraud, employee dishonesty and procedural errors to immediately reduce shrink and returns.
  • Systems Integration – Rapid, cost-effective integration of complex multiple systems, streamlining workflow and enhancing processing, analysis, and information capabilities.

Editorial Control and Use
As a data processor, we do not exercise editorial control over the personal information that appears in the source material we collect. We use the Personal Data Content for research and analytical purposes to improve the Services we offer to our Customers as detailed above.

Our Customers make their own decisions as to how to use the personal information within our Personal Data Content. We do not make any decisions about an individual. Furthermore, our Customers are required to conduct their own checks to verify the accuracy of the data, and, are prohibited from using our data as the sole basis of any decision making that may affect individuals whose personal information is contained within the content. Our Customers’ privacy notices and policies will tell you more about how they use personal information, including information regarding the Appriss Commerce Services they have used and the information they have obtained from our Personal Data Content.

Types of Personal Information Processed

Appriss Commerce only provides a Customer with Personal Data Content that we obtained directly from that Customer.

Such Personal Data Content may include, but is not limited to:

  • name, age, date of birth, gender, country of residence; and
  • government identification numbers such as driver’s license numbers.
Information Recipients

Your personal information may be shared with our Customers and our processors through our provision of Services.

We also will disclose your Personal Data if we have a good faith belief that such disclosure is necessary to:

  • meet any applicable law, regulation, legal process or other legal obligation;
  • detect, investigate and help prevent security, fraud or technical issues;
  • protect the rights, property or safety of Appriss Commerce, our users, employees or others; and
  • as part of a corporate transaction, such as a transfer of assets to or an acquisition by or merger with another company.

When we collect or otherwise process any Personal Data within the scope of data privacy laws and regulations applicable to the EU, including but not limited to the General Data Protection Regulation (GDPR) (EU) 2016/679, we do so where necessary under the following legal bases:

  • To provide one or more Services, fulfill a transaction or otherwise perform a contract with you or at your request prior to entering into a contract;
  • To comply with applicable laws or other legal obligations;
  • For the performance of a task carried out in the public interest;
  • To enable our Customers to comply with their legal obligations;
  • Where applicable, with your consent; and/or
  • To operate our business, protect the security of our systems, Customers and users, detect or prevent fraud, or fulfill our other legitimate interests, except where our interests are overridden by your privacy rights.

In particular, we note that there is a substantial public interest in our processing of Personal Data in order to enable our Customers to comply with their legal obligations and to effectively manage their risks, make informed decisions, and run themselves in an ethical manner.

Where we rely on your consent to process Personal Data, you have the right to withdraw your consent at any time, and where we rely on legitimate interests, you may have the right to object to our processing.

Locations of Processing

Your Personal Data may be stored and processed in your region or another country where Appriss Commerce, its affiliates, and their service providers maintain servers and facilities, including but not limited to the U.S., Poland, and the UK.

Therefore, your Personal Data may be processed outside the European Union (“EU”), and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as in the EU. In this event, we will ensure that such recipient offers an adequate level of protection, for instance by entering into Standard Contractual Clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers.

Data Subject Rights

You may have certain rights regarding your Personal Data, subject to local data protection laws.

If you are located outside the EU:

Consult the data protection laws applicable to your particular locality for more information on your possible rights regarding your Personal Data.

If you are located in the EU, you may have the following Individual Rights:

You have the right under EU and certain other privacy and data protection laws, as may be applicable, to request free of charge:

access to your personal information;
rectification or erasure of your personal information;
restriction of our processing of your personal information, or to object to our processing; and
portability of your personal information.
How to exercise your rights regarding Personal Data
To exercise your rights, please contact us in accordance with the “Contact Us” section below. We are enhancing our existing online request portal to handle these requests and will also accept emails sent to DPO@appriss.com. If you are located in the EU, we will comply with the GDPR requirement to provide information without undue delay, and in any event within one month of receipt of the request. We will contact you if we need additional information from you in order to process your request. It may take us longer than one month, taking into account the complexity of your request, and the overall number of requests we receive.

If your Personal Data has been submitted to us by a Customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the Customer directly. If you are an employee of a Customer, we recommend you contact your company’s system administrator for assistance in correcting or updating your information.

Data Retention

Where Appriss Commerce processes your Personal Data, the applicable retention period is determined by contract with the relevant Customer. We will only retain your Personal Data as long as it is needed to provide the Services and fulfill the transactions our Customers have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements.

Data Privacy and Security

Appriss Commerce implements a variety of data privacy and security measures, including organizational, technical, and physical measures, which are designed to protect the integrity, confidentiality, and availability of Personal Data. While we follow generally accepted standards to protect Personal Data, no method of storage or transmission can be totally secure. You are solely responsible for protecting your password, limiting access to your computer and mobile devices, and signing out of websites, apps, and mobile platforms after your sessions. If you have any questions about the security of our websites, apps, or mobile platforms, please contact us at DPO@appriss.com.

Changes to Processing Notice

We will update this Processing Notice from time to time to reflect changes in our practices, technology, legal requirements, and other factors. If we do, we will post the revised version here with an updated revision date. We encourage you to periodically review this Processing Notice to stay informed about our collection, processing and sharing of your Personal Data.

Contact Us

To exercise your rights regardTo exercise your rights regarding your Personal Data, or if you have questions regarding this Processing Notice or our privacy or processing practices, please contact Appriss Commerce’s Data Protection Officer at DPO@appriss.com, or write to us at either of the following mailing addresses:

If in the U.S., to:

Appriss Commerce

Attn: Data Protection Officer
6430 Oak Canyon
Suite 250
Irvine, CA 92618
Phone: 1-866-277-7477

If in the EU, to:

Appriss Commerce
Attn: Data Protection Officer
120 Leman Street
London E1 8EU, UK
Phone: +44 (0)20 7430

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EU, you have the right to lodge a complaint with the competent supervisory authority.

Last Revised:  January 2022