Privacy Policy and Terms of Use

Who we are.

Our website address is: https://retaildesigninstitute.org.

What personal data we collect and why we collect it.

The Retail Design Institute cares about your privacy.  For this reason, we collect and use personal data only as it might be needed for us to deliver to you membership experience, services, websites and mobile applications (collectively, our “Services”). Your personal data includes information such as:

  • Name
  • Address
  • Telephone number
  • Date of birth
  • Email address
  • Other data collected that could directly or indirectly identify you.

Our Privacy Policy is intended to describe to you how and what data we collect, and how and why we use your personal data. It also describes options we provide for you to access, update or otherwise take control of your personal data that we process.

If at any time you have questions about our practices or any of your rights described below, you may reach our Data Protection Officer (“DPO”) and our dedicated team that supports this office by contacting us at [email protected].  This inbox is actively monitored and managed so that we can deliver an experience that you can confidently trust.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Contact form submissions are sent to us via email, and we keep that correspondence as long as is needed for customer service and visitor purposes. We do not use the information submitted for marketing purposes. In the case of technical issues, we may share this information with our technical consultants so that they can follow up with you directly.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me,” your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after one (1) day.

Embedded content from other websites, including analytics

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

Embedded content on this site comes from Youtube, Vimeo, Linkedin, Facebook, Membershipworks, Google Analytics, PayPal, and Google Maps, all other content is blocked by our Content Security Policy Headers.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Below are links to those providers’ privacy policies, including their GDPR:

Google Privacy Policy (includes Adwords, Youtube, Google Maps, and other Google services)

Membershipworks Privacy Policy

Vimeo Privacy Policy

Paypal Privacy Policy

Mailchimp Privacy Policy

Constant Contact Privacy Policy

Eventbrite Privacy Policy

Who we share your data with.

The Retail Design Institute does not share your data with any third parties other than our data processors and service providers listed above. Your data may be shared with our data processors and service providers in order to process payments for physical or digital merchandise, manage memberships, receive payment for membership, receive event payments, measure the success of promotional email campaigns, contact members with announcements and/or membership related emails as per their preferences set in their account settings.

How long we retain your data.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Your rights as a data subject

As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email [email protected], or use the information supplied in the Contact us section below. In order to process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:

  • The right to be informed
    As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy policy and any related communications we may send you.
  • The right of access
    You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:
  • a) The purposes of the processing
    b) The categories of personal data concerned
    c) The recipients to whom the personal data has been disclosed
    d) The retention period or envisioned retention period for that personal data
    e) When personal data has been collected from a third party, the source of the personal data
  • If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.
  • The right to rectification
    When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
  • The right to erasure (the ‘right to be forgotten’)
    Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
  • The right to restrict processing
    You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:a) The accuracy of the personal data is contested
    b) Processing of the personal data is unlawful
    c) We no longer need the personal data for processing but the personal data is required for part of a legal process
    d) The right to object has been exercised and processing is restricted pending a decision on the status of the processing
  • The right to data portability
    You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
  • The right to object
    You have the right to object to our processing of your data where

    • Processing is based on legitimate interest;
    • Processing is for the purpose of direct marketing;
    • Processing is for the purposes of scientific or historic research;
    • Processing involves automated decision-making and profiling.

Where we send your data.

Visitor comments may be checked through an automated spam detection service.

Visitors who sign up for email notifications may be added the Retail Design Institute’s or a Chapter’s MailChimp, Constant Contact, or Eventbrite email list. This is a double-opt in process and participants may opt out at any time via a link in their MailChimp, Constant Contact, or Eventbrite, emails, or by contacting us directly.

Users who sign up for membership will receive emails from the Retail Design Institute and automated emails from the membership system, but may choose within their account settings to receive no emails other than emails related to their membership account. Users who are members may also opt out of emails at any time from there on, except for emails related to their membership account. Opting out of all emails requires termination of the user’s membership account, which any user with a membership account can do at any time through their member account control panel.

Payments for purchases made in our online store are processed by PayPal. Payments for membership dues, donations, and other membership extras are also processed by PayPal.

This website is hosted by GoDaddy.

Godaddy Privacy Policy.

Google Privacy Policy (includes Adwords, Youtube, Google Maps, and other Google services)

Membershipworks Privacy Policy

Paypal Privacy Policy

Mailchimp Privacy Policy

Constant Contact Privacy Policy

Eventbrite Privacy Policy

How we secure, store and retain your data.

The Retail Design Institute has appointed a Data Protection Officer in order to give a point of contact for data inquiries and other personal data related concerns.

The Retail Design Institute has also put in place methods and devices to deliver or remove your data at your request in a manner that is in accordance with the terms listed within this page.

The Retail Design Institute uses only hosting, services, and processors with strict privacy policies who adhere to the standards set within the GDPR.

The Retail Design Institute has installed a Firewall for this website to protect and monitor this website and its data, and receives notifications regarding attempt against the security of this website and its data, as well as notifications should a breach occur.

All our payment card processing is in compliance with PCI DSS.

We have what we believe are appropriate security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.

We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including utilization of encryption where appropriate.

We retain personal data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:

  • mandated by law, contract or similar obligations applicable to our business operations;
  • for preserving, resolving, defending or enforcing our legal/contractual rights; or
  • needed to maintain adequate and accurate business and financial records.

If you have any questions about the security or retention of your personal data, you can contact us at [email protected].

What data breach procedures we have in place.

In the case of access by an unauthorized third party, deliberate or accidental action (or inaction) by a controller or processor, sending of personal data to an unintended recipient, lost or stolen computing devices containing personal data, unauthorized alteration of personal data, or loss of availability of personal data, the Data Security Officer at Retail Design Institute will notify those affected within 72 hours of learning of the breach.

How you can access, update or delete your data.

To easily access, view, update, delete or port your personal data (where available), or to update your subscription preferences, please sign into your Account and visit “Account Settings.”

If you make a request to delete your personal data and that data is necessary for the products or services you have purchased, the request will be honored only to the extent it is no longer necessary for any Services purchased or required for our legitimate business purposes or legal or contractual record keeping requirements.

If you are unable for any reason to access your Account Settings or our Privacy Center, you may also contact us by one of the methods described in the “Contact Us” section below.

‘Do Not Track’ notifications.

Some browsers allow you to automatically notify websites you visit not to track you using a “Do Not Track” signal. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” you may wish to visit www.allaboutdnt.com.

Age restrictions.

Our Services are available for purchase only for those over the age of 18.  Our Services are not targeted to, intended to be consumed by or designed to entice individuals under the age of 18. If you know of or have reason to believe anyone under the age of 18 has provided us with any personal data, please contact us.

Changes in our Privacy Policy.

We reserve the right to modify this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and any other places we deem appropriate, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make material changes to this Privacy Policy, we will notify you here, by email, or by means of a notice on our home page, at least thirty (30) days prior to the implementation of the changes.

Data Protection Authority.

If you are a resident of the European Economic Area (EEA) and believe we maintain your personal data subject to the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority, the UK’s Information Commissioner’s Office, as noted below:

www.ico.org.uk

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

Phone: 0303 123 1113

Contact us.

If you have any questions, concerns or complaints about our Privacy Policy, our practices or our Services, you may contact our Office of the DPO by email at [email protected].  In the alternative, you may contact us by either of the following means:

  • By Mail: Attn: Office of the Data Protection Officer, Retail Design Institute, 126A West 14th Street, Cincinnati, Ohio 45202 USA.
  • By Phone: +1 513 751 5815.

We will respond to all requests, inquiries or concerns within thirty (30) days.