PIMS Data Retention and Privacy Policy

This Data Retention and Privacy Policy (“Policy”) is set forth by PIMS New York Inc. and PIMS New Jersey Inc. (collectively “we”, “us”, “our” and/or “PIMS”) and describes how PIMS collects, uses, and retains personal information that you provide to PIMS or that we collect when you use PIMS’ services.

1. Who is PIMS?

PIMS provides global warehousing solutions, real-time inventory management and personalized logistics and fulfillment services (collectively “Services”). In order to deliver your Services, it is necessary for us to collect and process personal information. We care about your privacy. This Privacy Policy explains the policies and practices we follow to protect personal information that we hold. This Policy applies to information we collect about you either through your use of our website, www.pimsinc.com through other means, including but not limited to providing Services.

2. Data Protection Questions.

If you have privacy requests or questions not answered in this policy, please contact us at privacy@pimsinc.com.

3. Collection of Personal Information.

“Personal information” is any information used to identify a person. PIMS may collect personal information provided by you in order to provide you with the Services you have requested. In most cases, it consists of:

  • Full Legal Name;
  • Email Address;
  • Postal mailing/shipping; and/or
  • Phone number.

PIMS may collect other information to assist with order fulfillment and the provision of Services.

4. Collection of Personal Data Regarding Customers.

We understand that in using our Services, you will provide to us personal data regarding your customers. This data remains under your sole control. We only process this data in accordance with your instructions. This is explained in further detail below.

This Policy is intended to help you understand:

  • What information we collect about you;
  • How we use the information we collect;
  • How we share information we collect;
  • How we secure, store and retain your data;
  • How you can access, update or delete your data;
  • How we transfer information we collect internationally;
  • How you can access, update or delete your data;
  • Other important privacy information.

We collect information so that we can provide the best possible experience when you use our Services.

Personal data is collected directly from you when you:

  • utilize any of our Services (e.g., customer information, including name, shipping address, telephone number and personal email address);
  • request assistance from our customer support team (e.g., email address); or complete contact forms or request other information from us (e.g., email).

We also collect additional information when delivering our Services to you to ensure necessary and optimal performance. These methods of collection may not be as obvious to you, so we wanted to highlight and explain what these might be (as they vary from time to time), and how they work.

4.1 Methods of Collection of Personal Data and other Data

We collect other information, such as your IP address, search terms, and site pages you visit while on our site, whenever you visit our site and use our Services. The technologies we use for this automatic data collection may include the following:

4.1.1 Log Data

This is automatically collected when you use and interact with our Services, including metadata, log files, cookie/device IDs and location information. This information includes specific data about your interactions with the features, content and links (including those of third parties, such as social media plugins) contained within the Services, Internet Protocol (IP) address, browser type and
settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data, information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and error data, and some of this data collected might be capable of and be used to approximate your location.

4.1.2 Cookies
A “cookie” is data that a website server stores on your computer. Cookies enable websites to recognize your computer and to “remember” your entries as you move from page to page, or even when you revisit the site from time to time using the same computer. We may also collect information pertinent to our Services. We collect and analyze this information to measure the number of visitors to the different sections of our site and to evaluate how visitors use our site. We also use the information we collect to understand customer needs and trends. However, we we do not tie the cookies to any personal information that you provide to us. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

4.1.3 Information from Other Sources.
We may receive data about you from other sources, including publicly available databases or third parties from whom we have purchased data, in which case we may combine this data with information we already have about you so that we can update, expand and analyze the accuracy of our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason or which it was provided to us.

4.1.1 Website Analytics
We use web analytics tools provided by service partners such as Google Analytics to collect information about how you interact with our website including what pages you visit, what site you visited prior to visiting our website, how much time you spend on each page, what operating system and web browser you use and network and IP information. We use the information provided by these tools to improve our Services. These tools place persistent cookies in your browser to identify you as a unique user the next time you visit our website.  Each cookie cannot be used by anyone other than the service provider (ex: Google for Google Analytics). The information collected from the cookie may be transmitted to and stored by these service partners on servers in a country other than the country in which you reside. Though information collected does not include personal data such as name, address, shipping information, etc., the information  collected is used and shared by these service providers in accordance with their individual privacy policies.

5. Use, Sharing , Retention and Storage of Personal Information

5.1. How We Use Your Information.

Our policy is to minimize the data we collect and limit its use and purpose to only that (1) for which we have been given permission, (2) as necessary to deliver the Services you engage with us, or (3) as we might be required or permitted for legal compliance or other lawful purposes including:

5.1.1 Providing Services
We collect various information relating to your use and/or interactions with our Services. We utilize this information to improve and optimize the user experience, operation and performance of our Services as well as locate and identify any and all security risks, errors or necessary upgrades to our Services. Further, we use information to collect statistics about the use of our
Services. Our Services also include tailored features that personalize your experience, enhance your productivity, and improve your ability to collaborate effectively with others. In most cases, statistical data about how individuals use our Services is not linked to any personal data. To the extent it comprises personal data, or is linked or linkable to personal data, we treat it accordingly.

5.1.2 Doing Business with You
We use the personal information we have collected to allow us to provide the products and Services you have chosen, or to manage and develop our business and operations, including:

  • Establishing, managing and terminating business relations with you;
  • Reviewing the products (if any) and Services that we provide to you;
  • Informing you of our products (if any) and services other than those that you have
    specifically requested;
  • Informing you of products and services carefully selected third parties may wish to offer
    you;
  • Responding to your comments or requests for information;
  • Investigating and preventing fraudulent activities, unauthorized access to the services and
    other illegal activities;
  • Protecting us against error, fraud, theft, and damage to our goods and property;
  • Enabling us to comply with applicable law or regulatory requirements;
  • For any other purposes about which we notify customers and users; and
  • For any other reasonable business purpose to which you consent.

5.1.3 Email Communications
If you send us an email with questions or comments, we may use your email address to respond to your questions or comments, and we may save your questions or comments for future reference.

5.2 How We Share Your Information.

5.2.1 Third Party Providers

We may use third parties to assist in fulfilling your services requests or providing other important information to you. We require all such services providers to act in compliance with this Policy. We may also share your personally identifiable information (“PII”) with third parties, including our affiliates, or with employees, agents, consultants and other parties who require the information to assist us to establish, maintain and manage our business relationship with you. Further, we may share your personal information with our partners and affiliates to promote other services to you that you might like or to show you ads in which you might be interested.

5.2.2 Email Communications

We may share your email contact information with our partners to assist with marketing our products and services. You may unsubscribe from receiving future commercial email communications from us by clicking the “unsubscribe” link included at the bottom of any
marketing emails we send, or by emailing us as provided in the “Contact Us” section below. However, we reserve the right to send you transactional emails such as customer service communications in connection with the products you have purchased. For security reasons, we do not recommend that you send PII, such as passwords, social security numbers, or bank account information, to us by email.

5.2.3 Legal Necessity

Notwithstanding anything herein to the contrary, we reserve the right to disclose any information about you if we are required to do so by law, with respect to copyright and other intellectual property infringement claims, or if we believe that such action is necessary to:

  • fulfill a government request;
  • conform with the requirements of the law or legal process;
  • protect or defend our legal rights or property, or our site; or
  • in an emergency to protect the health and safety of our site’s users or the general public.
  •  

5.3 How We Retain, Secure and Store Your Data

We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorization. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.

We retain personal data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes.
These might include retention periods:

  • mandated by law, contract or similar obligations applicable to our business operations;
  • for preserving, resolving, defending or enforcing our legal/contractual rights; or
  • needed to maintain adequate and accurate business and financial records.

You can help maintain the security of your personal data by keeping your passwords and account information private. Remember, you, not PIMS, is responsible for ensuring that no unauthorized person has access to your password or account information. In addition, you need to implement appropriate security measures for the third party data you store when you use our Services (see below).

6. Privacy of Children’s Information

Our site and our Services are not directed to children. We do not sell products or services for purchase by children. We will not knowingly collect personal information from children. If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed personally identifiable information to us, please contact us at the email address, privacy@pimsinc.com. A parent or guardian of a child under the age of 13 may review and request deletion of such child’s personally identifiable information as well as prohibit the use of that information.

7. Privacy Rights for Residents of California

If you are a resident of the State of California, you have certain rights under California law to request information concerning our data sharing activities with third parties. This Privacy Notice for California Residents supplements the information contained in our Policy
above and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). This notice is intended to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this notice.

7.1 Information Collected

For information concerning specific information collected, our use, sharing, retention and storage of your personal information see Sections 3, 4 and 5 above.

  • Exclusions: Personal information does not include:
  • Publicly available information from government records.
  • De-identified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, such as:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

7.2 Information Sources: We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from forms and/or information you complete on our website.
  • Indirectly from you. For example, from observing your actions on our website.

7.3 Use of Personal information

See Section 5 above.

We will not collect additional categories of personal information or use the personal information we collected for materially different,  unrelated, or incompatible purposes without providing you notice.

7.4 Sharing of Personal Information

See Section 5 above.

In the preceding twelve (12) months, PIMS has disclosed personal information to the following categories of third parties:

  • Service providers and subcontractors of PIMS for the purposes of delivering Services on behalf of PIMS
  • Suppliers and channel partners for the purpose of delivering Services

7.5 Sales of Personal information

In the preceding twelve (12) months, PIMS has NOT sold personal information. Under the CCPA, the sale of personal information means “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration. If we do sell any personal information, we will update this privacy policy to list the categories of personal information sold.

7.6 Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer  request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • If applicable, the categories of personal information we have sold and the categories of personal information that we sold about  the consumer and the categories of third parties to whom the personal information was sold by category or categories of personal information for each category of recipient to whom or which the personal information was sold; and
  • If we disclosed your personal information for a business purpose, identifying the business purpose and the personal information categories that each category of recipient obtained.

7.7 Deletion Request Rights:

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete)  your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take  actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.). • Engage in public or peer- reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously  provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

7.8 Exercising Access, Data Portability, and Deletion Rights: To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us at privacy@pimsinc.com. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the  request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer  request to verify the requestor’s identity or authority to make the request.

7.9 Response Timing and Format:

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one
entity to another entity without hindrance, specifically by electronic mail communication. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

7.10 Personal information Sales Opt-Out and Opt-In Rights: We do not sell the personal information of consumers. If you are 16 years of  age or older, you have the right to opt out of future sales of data. We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is  between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time. Once you make an opt-out request, we will wait at least twelve (12) months  before asking you to reauthorize personal information sales. However, you may change your mind and opt back into personal  information sales at any time by visiting our website and sending us a message. We will only use personal information provided in an opt-out request to review and comply with the request. To exercise any of your rights under the CCPA, please refer to the Data Protection Questions section above for our contact information. All privacy-related requests and inquires can also be communicated by submitting  a request to privacy@pimsinc.com.

7.11 Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we  will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing  penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or service.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels.  Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that  describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

7.12 Shine the Light

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request  certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a  request, please refer to the Data Protection Contact section above.

8. Information for Residents of the European Union

Residents of the European Union are afforded certain rights as a data subject under  the General Data Protection Regulation (2016/679). If you reside within the European Economic Area (EEA), our processing of your  personal information with be legitimized as follows:

  • Whenever we require your consent for the processing of your personal information such processing will be justified pursuant to  Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This article in the GDPR describes when  processing can be done lawfully.
  • If processing of your personal information is necessary for the performance of a contract between you and PIMS or for taking any  pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b). If this data is not processed,  PIMS will not be able to execute a contract with you.
  • Where processing is necessary for us to comply with a legal obligation (e.g. detection of fraud) we will process your information on basis of GDPR Article 6(1) lit. (c).
  • Where processing is necessary for the purposes of PIMS’s legitimate interests, such processing will be made in accordance with  GDPR Article 6(1) lit. (f), for example to detect fraud.
  • You may also receive personalized advertising where you indicate to PIMS specific interests by requesting information about a  product or service or by otherwise communicating your marketing preferences.

8.1 Transferring personal information from the EU to US: PIMS operations are based in the United States. By using our sites or providing  any personal information to us, where applicable law permits, you consent to the transfer, processing, and storage of such information in  the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. For more information concerning our use, sharing, retention and storage of your personal information see Section 5 above.

This Privacy Policy is intended to provide you with information about what personal information PIMS collects about you and how it is  used. The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for “Data  Subjects” (these are persons that can be identified).

As a Data Subject under GDPR, you have the following rights:

  • The right to be informed
  • The right of access
  • The right of rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • The right NOT to be profiled or evaluated based on automated processing

To exercise any of your rights under the GDPR, please refer to the Data Protection Questions section above for our contact information.  All privacy-related requests and inquires can be communicated by submitting a request to privacy@pimsinc.com.

9. Modifications to this Privacy Policy

PIMS may from time to time make changes to this Policy to reflect changes in legal or regulatory obligations or changes in the manner in  which we deal with personal information. We will post any revised version of this Policy on our Site. Any changes will be effective on  the effective date stated in the revised Policy. We reserve the right to amend this Policy at any time, for any reason, without notice to you,  other than the posting of the amended Policy on our websites. If there are significant changes, we may provide more prominent  notice or obtain your consent as required by law. If you do not wish to accept the changes, you should cease using the Site or Services, or providing personal information to PIMS. Your continued use of the Site after we have posted a revised Policy you will be bound by the revised Policy.

10. Linked Sites

This Policy does not apply to your use of unaffiliated websites to which our Site is linked. PIMS is not responsible for the privacy practices  or the content on linked sites. We recommend that you carefully read the privacy policies of each site you visit.

11. Sole Statement This Policy as posted on this Site is the sole statement of our privacy policy with respect to this Site, and no  summary, modification, restatement or other version thereof, or other privacy statement or policy, in any form, is valid unless we post a  new or revised policy to the Site.

12. Questions, Concerns or Complaints To get more information about PIMS’ privacy and information security practices, or if you:

  • have questions or comments about our Policy; • wish to make corrections to any personal nformation you have provided;
  • want to opt-out from receiving future commercial correspondence, including emails, from us or our affiliated companies; or
  • wish to withdraw your consent to sharing your personal information with others, contact us as follows: By Email: privacy@pimsinc.com