Privacy Notice

inRiver AB (“we”, “our” or “inRiver”) is committed to protecting your information. This Privacy Notice explains why we collect personal information about you and what we do with it, what personal information we collect, for how long we store it and who we may share it with. We encourage you to read the Privacy Notice carefully, as it also specifies the rights you have regarding your personal data and how you can exercise your rights.

We at inRiver take your privacy seriously and we are sensitive to potential concerns about how we use the personal information that we may collect from time-to-time from and about you. This Privacy Notice includes information for U.S. residents and individuals located within the European Union. Note that Personal Information which inRiver processes as a Processor (as defined in the EU General Data Protection Regulation 2016/679) is set forth in the Data Processing Agreement entered into between inRiver and the subscriber.

California customers: Please refer to the California Privacy Addendum available here.

B2B

inRiver is a B2B (“Business to Business”) company. This term means that we are a company that creates services geared toward other businesses. Therefore, we do not typically collect general information from individual consumers except from individuals as authorized users of a business that utilizes or subscribes to one of our services, or who may become a customer.

By registering with us, you are authorizing us to collect, store and use your email address, and other such personal information you provide during registration, in accordance with this Privacy Notice. As used in this Privacy Notice, personal information means information that relates, and is capable of being linked, to a particular person. It does not include de-identified or aggregate information.

Once you register, you also have opted in to receive electronic communications from inRiver.

We collect, store and use personal information if you or the company you represent, use or buy our products or services. inRiver also collects, stores and uses personal information about you for marketing purposes.

We use the personal information to be able to deliver the products or services and to provide support to the services. We need the personal information to send you operational information about the services, and for contractual and financial reasons. We use your personal information to market our services, and to provide information about new services, newsletters and invitations to our events. The personal information that you provide us with will be used for responding to your questions or requests, and will be stored in our systems due to administrative and back-up reasons.

We collect the personal information that you provide us with when you sign up on inRiver’s e-mailing lists or register for inRiver newsletters or other forms on www.inriver.com. We might also collect personal information about you from other sources, such as social media like LinkedIn and/or the website of the company you work for. If we collect personal information about you from any other source than yourself, we always specify where we got the information by e-mail to you. We collect, store and use your personal information when you contact us, for example if you make an enquiry on our website, send us an e-mail or phone us.

The legal basis for our processing of your personal information is that processing is necessary for the purpose of the legitimate interests of inRiver to provide its’ products and services, to provide support to our customers, to market our products and services, to respond to your questions and enquiries and to host inRiver events.

The information we collect will in most cases include your name, e-mail, phone number, address, job title, company, the content of your message to us and other information you provide us with. We might also collect IP addresses, user IDs, Twitter, LinkedIn or other social media accounts, and activities on inRiver’s website, products and/or services. As part of our support processes we may ask you for copies of the database and log files from your inRiver server for the purposes of resolving any technical issues. For the purpose of hosting events our marketing department may also collect food preferences for a specific event. Responses to questions regarding special dietary requirements can potentially reveal the religious affiliation or health information of the attendee and should be treated as sensitive data. We will share that information with our catering vendor, and promptly delete the information at the conclusion of the event.

In an effort to be transparent with our data collection practice and the technologies we use to provide our website, products and/or services, the following explains how we use Cookies. A “Cookie” is a tiny data file that resides on your computer, mobile phone or other device, and allows inRiver to recognize you as a user when you return to our website, product and/or service using the same device and enables inRiver to collect information about how you use our website, product and/or service. Information gathered through Cookies may include the date and time of visits, the pages viewed and time spent at using the website, products and/or services. We use Cookies and web log files to improve the experience and quality of the website, products and/or services, and to customize your experience, by tracking website usage and trends, conducting research and development for additional services and products, determining marketing efforts, improving the quality of our website, products and/or services and to compile anonymous, aggregated information that allow us to understand how our website, products and/or services are used. If you do not agree to our use of Cookies, you should not use the website, products and/or services. Cookies are categorized by how long they are stored and their function.

The Cookies inRiver uses are as follows:

  • Persistent Cookies: Persistent Cookies remain on a visitor’s device for a set period of time specified in the Cookie. They are activated each time that the visitor visits the website, products and/or services that created that particular Cookie.
  • Strictly Necessary Cookies: Strictly necessary Cookies are essential to navigate around the website, products and/or services and to use its features.
  • Performance Cookies: Performance Cookies collect anonymous data for statistical purposes on how users use the website, products and/or services, they don’t contain personal information and are used to improve the user experience.
  • Functionality Cookies: Functionality Cookies allow inRiver to operate the website, products and/or services in accordance with your choices, such as ‘remembering’ you in between visits.

Here is a detailed list of the Cookies we use.

You may remove or block Cookies by adjusting the privacy and security settings, but in some cases that may impact your ability to use the website, products and/or services and/or impact your user experience while using the website, products and/or services. By accessing or using the website, products and/or services, you consent to the placement of Cookies on your device as described in this Privacy Notice.

Your data is stored in our accounts for as long as you interact with us. In most cases, we keep your personal information for no more than 12 months after the last contact or when your contract has expired. Certain information, such as contracts, we keep for legal reasons for a longer period of time.

We may pass your personal data on to third-party service providers contracted by us or to other legal entities within the inRiver group of companies, i.e. inRiver AB, inRiver B.V., inRiver Inc., and inRiver Ltd. We use software service providers for storing of data, providing support to our services, managing and administering customer relations and managing and administering our marketing and sales activities. All contracted third-party service providers are obliged to keep your details securely, and to use them only to fulfill the service they provide us, or our customers on our behalf.

If your personal information is transferred to or accessed by a third party outside the European Union or the European Economic Area (EU/EEA) inRiver will secure that appropriate safeguards are in place which provide adequate levels of protection of your personal information as required by GDPR or other applicable data protection or privacy laws. For example, this may include the use of intercompany or external data processing agreements based on EU approved Standard Contractual Clauses or such other mechanisms as have been recognized or approved by the relevant authorities from time to time.

We have two (2) networked data centers (one in Ireland and another in the U.S.). We utilize Microsoft Azure architecture to host customer environments.

Apart for contracted third-party service providers your information will not be shared with anyone else. Please note however, that we can provide access to your personal information in case of illegal or abusive use, or in case we receive orders from a competent legal authority. We may also disclose your personal data as required by law, such as in response to a subpoena, a lawful request by a public authority, in response to a law enforcement warrant, or similar legal process.

Our processing of your personal data is carried out in accordance with the European Data Protection legislation, which prevents us from making unlawful use of your personal information.

At any time, you have the right to:

  • request a copy of the information that we hold about you
  • correct the data that we hold about you
  • ask for the data we hold about you to be erased from our records
  • ask for restriction of our use of your personal data
  • object to certain types of processing
  • have your personal data transferred to another organization

All this is provided to you free of charge. To exercise your rights, please contact us. If you have a complaint about how we use your personal data, you have the right to lodge a complaint with the supervisory authority (in Sweden; Datainspektionen, Box 8114, 104 20 Stockholm).

inRiver is the responsible controller for the processing of your personal data as described in this Privacy Policy. If you wish to contact us regarding your personal data please use the following contact information:

E-mail legal@inriver.com

You can write to (based in Europe)

inRiver AB
Attn: DPO/Compliance
Södra Tullgatan 4
211 40 Malmö
Sweden

You can write to (based in US)

inRiver Inc.
Attn: DPO/Compliance
125 South Wacker Drive, #2500
Chicago, IL 60606

California Privacy Addendum

Under the California Consumer Privacy Act, California Civil Code Sections 1798.83-1798.84 (“CCPA”), California residents are entitled to receive: (a) information identifying any third-party companies to whom we may have disclosed personal information to for direct marketing, within the past year; and (b) a description of the categories of personal information disclosed. To obtain such information, please email your request to legal@inriver.com and we will provide a list of categories of personal information disclosed within thirty (30) days after receiving such a request. This request may be made no more than once per calendar year. We reserve the right not to respond to requests submitted in ways other than those specified above.

Personal information may be collected from you (directly or indirectly) or you may provide such personal information when you contact us, visit our website, and/or engage us to provide services. This California Privacy Addendum and the Privacy Notice explain our practices for collecting, using, sharing, maintaining, protecting, and disclosing such information.

We have collected the following categories of Personal Information within the last twelve (12) months:

Identifiers: We may collect the following types of personal information from you for the purpose of providing products and services: name, address, online identifiers, IP address, email address, account log in, and account usage information.

Professional or Employment Information: We may collect information from you regarding your employment status, affiliation and job title for the purpose of providing products and services.

Surveys: We may provide you with the opportunity to participate in surveys through our website, products and/or services to determine customer satisfaction levels. If you participate, we may request certain personal information from you. Participation in surveys is completely voluntary and you therefore have a choice whether to disclose such information.

Commercial Information: We may collect from you and from our website, products and/or services about the services you have purchased from us for the purpose of providing products and services.

Internet Information: We may collect other types of information from our website, products and/or services and from our service providers and business partners for the purpose of maintaining appropriate security over computer networks, for use in improving our existing services, developing new services, and for the operational purposes of our service providers and business partners.

We may also collect from our website, products and/or services customer usage information to analyze how you and other customers interact with our website, products and/or services.

Marketing Information: We collect information from you for use in marketing to current and prospective customers. We may also collect information from a customer’s website or social media page for marketing purposes.

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): We may collect from you or from our website, products and/or services the following: your first name, last name, postal address, unique personal identifier, online identifier, internet protocol address, email address, email data, usage data, account name, financial information, or other similar identifiers for the purpose of providing products and services.

Geolocation Information: We may collect information from you or from our website, products and/or services regarding your location or the location where our website, products and/or services are utilized.

Audio/Visual Information: We or our service provider may take photographs or make visual recordings of you with your consent at one of our events.

Biometric Information: We do not collect biometric information from individuals.

We may also use de-identified or aggregate data that is not capable of being linked to any individual for additional purposes not listed above.

For more information about the personal information (as defined in the Privacy Notice) we collect and how we collect it, please see the “What information do we collect from you?” and “How do we use the personal information?” and “Who might we share your information with?” sections of our Privacy Notice.

We share personal information as further described in the “How do we use the personal information?” section of the Privacy Notice. We also disclose the categories of third parties to whom we have disclosed personal information for business purposes in the “Who might we share your information with?” of the Privacy Notice.

The CCPA provides California residents with specific rights regarding their personal information. You have the following rights that may be exercised as further described below:

Access and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. You may make such request for access or data portability twice within twelve (12) month period. Once we receive and confirm your verifiable consumer request, we will disclose the following to you: (i) the categories of personal information we collected about you; (ii) the categories of sources for the personal information we collected about you; (iii) the business purpose for collecting (or selling, if applicable) the personal information; (iv) the categories of third parties with whom we share such personal information; and (v) the specific information we collected about you.

Request for Information

Pursuant to Section 1798.83 of the California Civil Code (California’s “Shine the Light” law), residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third-parties for such third-parties’ direct marketing purposes and the identities of the third-parties with whom the business has shared such information during the immediately preceding twelve (12) month period.

Deletion Requests

Pursuant to the CCPA, you have the right to request that we delete any of your personal information we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete and will direct our service providers to delete your personal information from our records, unless an exception applies. Keep in mind, we may deny your request if it is necessary for us or our service providers to: (i) complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform services pursuant to our contract with you; (ii) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (iii) debug our website and/or identify and repair errors that impair existing intended functionality; (iv) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (v) comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.); (vi) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (vii) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (viii) make other internal and lawful uses of that information that are compatible with the context in which you provided it; or (xi) comply with a legal obligation.

Opt-out and Opt-in Rights for Sale of Personal Information

In the past twelve (12) months we have not sold personal information to a third-party for monetary or other valuable consideration. If you are sixteen (16) years of age or older, you have the right to direct us not to sell your personal information at any time by contacting us at legal@inriver.com or by sending a request in writing to:

inRiver Inc.
Attn: DPO/Compliance
125 South Wacker Drive, #2500
Chicago, IL 60606

In the event you make the foregoing request, we will wait at least twelve (12) months thereafter to request that you opt-in to the sale of personal information (should we change our practices in the future and desire to do so). Please note, you do not need to create an account with us or engage us to provide services to exercise your opt-out rights. We will only use the personal information and other data in the opt-out request to review and comply with the request.

Verification on Consumer Request and Timeline

It is imperative that we verify the consumer request and so you must provide information that allows us to reasonably verify you are the person about whom we collected the personal information or an authorized representative. If you make a request on behalf of another individual, we will need to verify that you have the authority to do so. You must also describe your request with sufficient detail that allows us to properly understand, evaluate and respond to such request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will not honor your request if an exception to the law applies.

We will try and respond to requests within forty-five (45) days after our receipt of such verifiable request (or within such other time as required by applicable law). If we need additional time, we will notify you in writing and inform you of the reason for the extension of time. For the avoidance of doubt, any such requests for personal information will cover the twelve (12) month period immediately preceding the date of such verifiable request. We will provide such information in a commonly used format. We will not discriminate against you for exercising your rights under the CCPA. For more information about requests, please see the “Who might we share your information with?” section of the Privacy Notice.

Changes to this privacy notice

We keep this Privacy Notice under regular review and will place any updates on this website or notify you via the services or products. The Privacy Notice was last updated on September 22, 2020.