Our updated policy complies with the new requirements under the EU General Data Protection Regulation coming into force on May 25, 2018.
This policy is applicable to all clients and all visitors to our sites and apps from May 17, 2018
Sections 1 and 2 define the Rapaport Group of Companies and the services we provide as well as how the policy will be updated. We will never sell or rent your personal data.
Section 3 sets out the type of data we collect.
Section 4 explains out how we use the data we collect, including our approach to marketing, spam and when we will share your data with 3rd parties
Section 5 details out your rights with regard to your personal data
Section 6 explains our approach to data security.
– Updated – May 17, 2018
2 Notification of Changes
2.3 Our Services may include links to third party websites. These sites are governed by their own privacy statements, and Rapaport is not responsible for their operations, including but not limited to their information practices. By submitting your information to or through these third party websites you should review the privacy statement of these sites before providing them with personally identifiable information.
3 WHAT DATA WE COLLECT
3.1 Required Information
To subscribe or use the Services, you must provide personal and company details, address, phone number, and e-mail address. In order to trade through our Trading Division or RapNet trading systems, you may be required to provide trade references, credit card, debit card or bank account information. This information is necessary for us to approve your membership and to process transactions or to contact you should the need arise in administering your membership.
If you choose to register or apply for certain optional/additional features, products or Services offered through Rapaport, you may be required to provide additional information to establish that you qualify for such features or products.
3.2 Use of Services Information
We log all usage data including chats and communications when you visit or otherwise use our Services, including our sites, app and platform technology (e.g., our off-site plugins), such as when you view or click on content (e.g., news article) or ads (on or off our sites and apps), perform a search, install or update one of our mobile apps, share articles or list diamonds. We use log-ins, cookies, device information, location and internet protocol (“IP”) addresses to identify you and log your use.
3.3 Transaction Information
When you list an item for sale (for example, a diamond), purchase or sell an item, or use any of the Services in any way, we record all information related to each transaction.
3.4 Information About You From Third Parties
In order to protect us and our customers against potential fraud or in order to perform compliance obligations, we may verify with third parties the information you provide. In the course of such verification, we receive personally identifiable information about you from such services. This may include background and credit check from a credit bureau or a business information service such as Dun & Bradstreet, as well as OFAC and FBI or other law enforcement information. Rapaport, at its sole discretion, also reserves the right periodically to retrieve and review a business and / or consumer credit report for any account, and reserves the right to close an account based on information obtained during this credit review process or for any reason whatsoever.
3.5 Additional Verification
If we cannot verify the information that you provide we may ask you to send us additional information (such as your drivers’ license, credit card statement, and/or a recent utility bill or other information linking you to the applicable address), or to answer additional questions.
3.6 Website Traffic Information
We automatically receive the web address of the site that you came from or are going to. We also collect information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Services from a mobile device, that device will send us data about your location based on your phone settings. We record which pages of our website you visit and what links or buttons you click on. We also may record screen videos of your mouse movements and data input while you are on the site. We use this information for analytical purposes and to understand our customers’ preferences and usage patterns, so as to improve our Service and your experience with Rapaport.
3.7 Rapaport Inbox and messages
Messages sent to you and from you through any inbox, message center, chat or other Rapaport communication tools are kept and maintained by Rapaport.
3.8 Our Use of “Cookies”, Web Beacons and Similar Technology
3.9 Customer Service Correspondence
We may retain any correspondence you send us and our replies to you. Such information is often placed in the records of your account. We may also record phone calls to or from our various offices. We retain these records in order to measure and improve our customer service, maintain a history of your relationship with us and to investigate potential fraud and violations of our Agreement. We may, over time, delete these records if permitted by law.
3.10 Questionnaires, Surveys and Profile Data
From time to time, we offer optional questionnaires and surveys to our clients for such purposes as collecting demographic information or assessing clients’ interests and needs. The use of the information collected will be explained in detail in the survey itself. If we collect personally identifiable information from our clients in these questionnaires and surveys, the clients will be given notice of how the information will be used prior to their participation in the survey or questionnaire.
4 HOW WE USE YOUR DATA
4.1 Internal Uses
We collect, store and process your personal information on servers located in the United States. We use the information we collect about you in order 1) to provide our services and process your transactions, 2) to provide customer service, 3) to determine your eligibility to receive special trading privileges or products 4) to improve our products and services and 5) for the marketing of our Services to you and others.
We process this information given our legitimate interest in providing and improving our Services, and for the adequate performance of our contract with you.
4.2 Disclosure to Other Rapaport Customers
If you are a registered Rapaport customer, information in your profile (for example your name, company name, telephone numbers) and other personal information, may be displayed to other Rapaport customers via our Services. Should you be expelled or excluded as a member/customer, your name and member details may be posted online. However, your credit card number will NEVER be revealed to anyone other than 3rd party PCI compliant payment processors, except with your express written permission or if we are required to do so pursuant to a subpoena or other legal process. We process this information given our legitimate interest in providing the Services.
4.3 Disclosure to Third Parties Other Than Rapaport Customers
Rapaport will not sell, rent or share any of your personally identifiable information to third parties, except in the limited circumstances described below, or with your express permission (or with other Rapaport customers as described above). We disclose information we collect in response to a law enforcement request, subpoena, warrant, court order, levy, attachment, order of a court-appointed receiver or other comparable legal process, including subpoenas from private parties in a civil action.
We disclose information we collect in circumstances in which Rapaport believes the Services are being used in the commission of a crime; when we have a good faith belief that there is an emergency that poses a threat to the safety or security of you or another person; or when necessary either to protect the rights or property of Rapaport, the Services or our subsidiaries, or affiliates in the Rapaport Group, or for us to render the Services provided. We disclose information we collect to your agent or legal representative (such as the holder of a power of attorney that you grant, or a guardian appointed for you).
Where permissible according to applicable law, we may use certain limited personal information about you, such as your email address, to hash it and to share it with social media or advertising platforms, such as Facebook or Google, to generate leads, drive traffic to our websites or otherwise promote our Services. These processing activities are based on our legitimate interest in undertaking marketing activities to offer you and others products or services that may be in your or their interest.
The social media platforms with which we may share your personal data are not controlled or supervised by Rapaport and they are considered data processors.
Please note that you may, at any time ask Rapaport to cease processing your data for these direct marketing purposes by sending an e-mail to opt-out@Rapaport.com.
We share aggregated statistical data with our business partners or for public relations. For example, we may disclose that a specific percentage of our clients have addresses in New York. However, this aggregated information is not tied to personally identifiable information. We share your information with our parent, subsidiaries, affiliates and joint ventures to help coordinate the Services we provide to you, enforce our terms and conditions, and promote trust and safety.
We share your information with third party companies that perform services on our behalf, including payment and subscription processing, order fulfillment, data analysis, marketing services, e-mail campaigns, hosting services, and customer service. While providing services for us, these companies act as Data Processors and may access your personal information, and are required to use it solely as directed by us for the purpose of our requested service. We may also share your information with third party companies that we partner with to provide certain services to you in connection with the Services. We only share the minimum data needed for Data Processors to perform the services for which they are contracted.
We process this information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you and others our Services. You may opt out of marketing communications by following the unsubscribe instructions in our marketing communications.
4.4 Our Contacts with Rapaport Customers
We will contact you through email, mobile phone, notices posted on our websites or apps, messages to your Rapaport Inbox, and other ways through our Services, including text messages and push notifications. We will send you messages about the availability of our Services, security, or other service-related issues. We also send messages about how to use the Services, network updates, reminders and promotional messages from us. Please be aware that you cannot opt-out of receiving service messages from us, including security and legal notices, as doing so would prevent us from providing the Services to you. We use your information to contact you given our legitimate interest in providing the Services.
We also enable communications between you and others through our Services, including for example Rapaport Inbox.
4.5 Your Use of Information and Our Services
Where applicable, in order to facilitate the transactions between Rapaport clients, our Services may allow you limited access to other clients’ contact or shipping information. In such circumstances, as a member you may have access to the member information, email address or other contact or shipping information of other members. By consenting to the applicable License Agreement, you agree that you will not share Rapaport access logins and you will only use this information for: (a) Rapaport-related communications that are not unsolicited commercial messages, (b) using services offered through Rapaport (e.g. diamond sales, shipping or insurance), and (c) any other purpose that such client expressly agrees to after adequate disclosure of the purpose(s). In all cases, you must provide clients with the opportunity to remove themselves from your database and review any information you have collected about them. In addition, under no circumstances, except as defined in this Section, can you disclose personally identifiable information about another Rapaport client to any third party without our consent and the consent of such other client after adequate disclosure. Note that law enforcement personnel and other rights holders are given different rights with respect to information they access.
4.6 Spam Prohibited
Rapaport does not tolerate spam. You may not add a Rapaport client to your marketing lists (email, phone, physical mail or any other electronic or physical form of communication) without their express consent after adequate disclosure, even if that client has previously made a purchase from you. We strictly enforce our Anti-Spam Policy. To report Rapaport-related spam, please send an email to: email@example.com.
5. YOUR CHOICES & OBLIGATIONS
5.1 Data Retention
We will store your data until such time when you request us to delete it. In some cases you may need to close your Account with us in addition to requesting data deletion. All other data will be retained for as long as is necessary for the purpose(s) for which we originally collected it. We may also retain information as required by law.
5.2 Rights to Access and Control Your Personal Data
Any requests relating to the following rights should be sent to firstname.lastname@example.org
Delete Data: You can ask us to erase or delete all or some of your personal data if it is no longer necessary to provide Services to you.
Change or Correct Data: You can edit some of your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).
Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.
5.3 Account Closure
We keep some of your data even after you close your account.
If you choose to close your account, your personal data will generally stop being visible to others on our Services within 24 hours. We generally remove diamond information and profiles within 24 hours of account closure and this information will no longer be visible to clients of the Services.
We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our License Agreements, or fulfill your request to “unsubscribe” from further messages from us. We will retain de-personalized information after your account has been closed.
Information you have shared with others (e.g., through Inbox, emails, posts etc…) will remain visible after you closed your account or deleted the information from your own profile or mailbox, and we do not control data that other Members copied out of our Services.
5.4 Lawful Bases for Processing
We will only collect and process personal data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you (e.g. to deliver the Services you have requested)) and legitimate interests.
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact our Data Protection Officer (email@example.com).
6 Information Security
6.1 Rapaport is committed to handling your customer information with high standards of information security. We restrict access to your personally identifiable information to employees who need to know that information in order to provide products or services to you. We maintain physical, electronic and procedural safeguards that comply with federal regulations to safeguard your nonpublic personal information.
6.2 The security of your subscription to any of the Services also relies on your protection of your password. You may not share your password with anyone. Rapaport will never ask you to send your password or other sensitive information to us in an e-mail, though we may ask you to enter this type of information on the website.
6.3 Any e-mail or other communication requesting your password, asking you to provide sensitive account information via email, should be treated as unauthorized and suspicious and should be reported to Rapaport immediately. If you do share your Rapaport password with a third party for any reason, the third party will have access to your account and your personal information, and you may be responsible for actions taken using your password. If you believe someone else has obtained access to your password, please contact us immediately on firstname.lastname@example.org.
Defining Cookies and what we use them for:
Cookies can be used to recognize you when you visit our Services, remember your preferences, and give you a personalized experience that’s in line with your settings. Cookies also make your interactions with our Services faster and more secure. Additionally, cookies allow us to bring you advertising both on and off the Rapaport sites, and bring customized features to you.