Reyes Holdings Global Privacy Notice
Updated at June 2023
Reyes Holdings, L.L.C, and its affiliates (collectively “Reyes Holdings”, “we”, or “our”) take data privacy very seriously and this privacy notice is designed to help you understand how we use your personal information.
We encourage you to read the whole notice. Alternatively, if you wish to read about specific privacy practices that interest you, please click on the relevant links below.
Table of Contents
The purpose of this privacy notice
Identity
Our use of personal information
This privacy notice
Local differences
Updating this privacy notice
What is personal information?
Our responsibility to you
Data Protection Officer
Your personal information
Why are we collecting personal information about you?
What personal information do we collect about you?
Where do we collect your personal information from?
Our use of your personal information
How do we use your personal information?
Failure to provide your personal information to us
Consent
Do we share your information with anyone else?
Other important things you should know
Keeping your personal information safe
Profiling and automated decision making
How long do we keep your personal information?
Third party services
Cross border transfers of your personal information
Your rights
Contacting us and your rights
Your right to complain
1. The purpose of this privacy notice
1.1 Identity
This privacy notice applies to each of the organizations that form part of the Reyes Holdings group of companies. Click here to find an up-to-date list of the organizations that make up the Reyes Holdings group of companies.
1.2 Our use of personal information
In common with most global organizations, we collect, use, and share information, including personal information, in connection with providing our services and solutions and running our business.
1.3 This privacy notice
This is our main general privacy notice that applies across our business, although we may publish additional privacy statements that apply to:
Our operations in specific jurisdictions to help ensure our compliance with local data protection requirements; and/or
Specific services and solutions that we offer to our customers from time to time.
If an additional privacy statement is relevant to you because of the way in which you engage with us and there is a conflict between the information set out in this notice and the additional privacy statement, then the additional privacy statement will take precedence over the information set out in this notice.
1.4 Local differences
Whilst this privacy notice describes the data protection practices adopted by us generally across the world, local data protection laws may vary and our operations in some jurisdictions may mean that we are subject to different, or additional, local data protection requirements.
This section of our privacy notice lists those countries/states where our data protection practices differ from those set out in the rest of this notice. By clicking on the link to the relevant country/state you can find how our data protection practices differ in that country/state as well as any additional information that we are obliged to provide to you to comply with local data protection laws in that country/state.
If any of the country/state specific privacy practices and additional statements are relevant to you because of the way in which you engage with us and there is a conflict between those practices or statements and the information set out elsewhere in this notice, then the country/state specific practices and statements will take precedence.
Australia
Brazil
Canada
Costa Rica
France
Ireland
New Zealand
Panama
South Korea
United Kingdom
United States
We have a separate privacy notice that sets out how we process the personal information of our staff, which prospective, current, and former members of staff should refer to.
1.5 Updating this privacy notice
This notice may be updated from time to time. When we do so, we will post the revised Privacy Policy on this page with a new “Last Updated” date. This version is dated June 2023. If we make a material change that affects Personal Information that we collected prior to the change, depending on the nature of the change, we might notify you of the change and we might request your consent to the change.
1.6 What is personal information?
Personal information is information that relates to you or allows us to identify you. This includes obvious things like your name, address and telephone number but can also include Reyes Holdings Global Privacy Notice – June 2023 5 ny-2563277 less obvious things like analysis of your use of our websites. There are different types of personal information. The most important types for you to know about are:
Special categories of personal information – these categories of personal information often have additional protection under data protection laws around the world. These categories include information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership, your genetic data and biometric data, and information concerning your sex life or sexual orientation. Local data protection laws may limit the way in which we can use this information when compared to, for example, your name and address.
Criminal convictions information – this is information relating to your criminal convictions and offences. Local data protection laws may restrict the way in which we can use this information when compared to, for example, your name and address.
Please note that under data protection laws around the world, certain other types of personal information may also be deemed to be particularly sensitive and given additional protection, including tax identification numbers issued by government taxing authorities, financial account numbers and insurance information.
Many countries also provide additional protection for children’s/minors’ personal information, but, ordinarily, we do not need, nor do we look, to process children’s/minors’ personal information.
Unless we request it, we ask that you not send us, and you not disclose, any special categories of personal information, criminal convictions information or other types of information such as those listed above which may be deemed to be particularly sensitive.
We describe the various types of personal information we collect in the “Your personal information” section below.
1.7 Our responsibility to you
We process your personal information in our capacity as a controller. This means that we are responsible for ensuring that we comply with relevant data protection laws when processing your personal information.
1.8 Data Protection Officer
We have a Global Data Protection Officer whose job is to oversee our data protection compliance. You can contact our Data Protection Officer by sending an email to: privacy@reyesholdings.com
2. Your personal information
2.1 Why are we collecting personal information about you?
We collect personal information about you in connection with providing our services and running our business. We will hold information about you if:
you are a prospective, actual, or former customer, or you represent, work for, or own a prospective, actual, or former customer;
you are a consumer of goods and services that we distribute;
you provide services to us (or you represent, work for, or own an organisation which provides services to us);
you represent or work for a regulator, certification body or government body which has dealings with us; or
you visit our online properties or enter our contests or sweepstakes;
you attend our events, receive our updates, participate in a promotion that we operate or visit our offices or websites.
2.2 What personal information do we collect about you?
The types of information we process about you may include:
Types of personal information | Details |
|---|---|
Individual details | Name, address (including the state or country within which you are based), other contact details (e.g., email and telephone numbers), gender, date and place of birth, nationality, employer, job title |
Identification details | Identification numbers issued by government bodies or agencies, such as your national insurance number, passport number, tax identification number and driving licence number |
Financial information | Bank account or payment card details, income, or other financial information |
Credit, anti-fraud, and sanctions data | Credit history, credit score and information received from various anti-fraud and sanctions databases relating to you |
Special categories of personal information | Information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership |
Criminal convictions information | Information relating to your criminal convictions and offences |
IP address | Information about your usage of our websites that can be traced back to you, such as an IP address |
2.3 Where do we collect your personal information from?
We collect your personal information from various sources, including:
you;
your employer or the organization that you represent, work for or own;
our affiliates;
the companies that we distribute products for;
our service providers;
data analytics providers;
data brokers;
joint marketing partners;
credit reference agencies;
anti-fraud databases, sanctions lists, court judgements and other databases;
government agencies and publicly accessible registers or sources of information;
social media outlets, including in the context of promotions that we operate; and/or
by actively obtaining your personal information ourselves, for example using website tracking devices or the information we collect through your use of our websites, services, and solutions.
Which of the sources apply to you will depend on why we are collecting your personal information. Where we obtain your information from a third party, in particular your employer or the organization that you represent, we may ask them to provide you with a copy of this privacy notice (or a shortened version of it) to ensure you know we are processing your information and the reasons why.
3. Our use of your personal information
3.1 How do we use your personal information?
We may process your personal information in many different ways – including collecting, recording, organising, storing, analysing, modifying, extracting, sharing, deleting or destroying it. In this section we set out in more detail:
the main purposes for which we process your personal information; and
the legal bases upon which we are processing your personal information.
Purpose | Legal bases |
|---|---|
Operate, maintain and manage our business | To manage our contractual relationship with you |
Know your customer, supplier and counterparty and other legal obligations We also collect and disclose personal information under applicable legislation and under orders from courts and regulators. Our disclosures will be to those bodies and persons who are entitled to receive the required information. In some cases, this information will include special categories of personal data and criminal convictions data. | For all information – compliance with a legal obligation. For special category and criminal convictions data – assessing the risk of, preventing or detecting unlawful acts, and suspicion of terrorist financing or money laundering. |
Enquiries about and use of our services and solutions, conducting research We may collect personal information such as your name and contact details to respond to enquiries from you and to provide you with information about our products, services, and solutions. We do not generally look to collect special categories of personal data and criminal convictions data for this purpose. Access to our services and solutions: When you use our services, we may collect certain personal information to complete certain transactions, to facilitate your use of the services and solutions on a day-to-day basis, including your name, email address and login credentials (for example, your username), or as part of the initial customer on-boarding process. We do not generally look to collect special categories of personal data and criminal convictions data for this purpose. Conducting research about your opinions and developing, improving, repairing, and maintaining our services and solutions: We may use your personal information when carrying out research about your opinion of our current services and solutions and new services and solutions that may be offered and in developing, improving, repairing, and maintaining our services and solutions. We do not generally look to collect special categories of personal data and criminal convictions data for this purpose. | Responding to enquiries and providing information about our services and solutions: Legitimate interests. Access to our services and solutions: Compliance with a legal obligation. To manage our contractual relationship with you. Legitimate interests. Conducting research about your opinions and developing, improving, repairing, and maintaining our services and solutions: Legitimate interests. |
Service providers We do not generally look to collect special categories of personal data and criminal convictions data for this purpose, other than where we are required to do so to meet our legal obligations (see ‘Know Your Customer and other legal obligations’ above). | Legitimate interests. |
Events and updates, contests, sweepstakes, and marketing-related emails | For communications with you – legitimate interests, or with your consent. We have a legitimate interest in keeping you informed about events and developments in our business and the topics, services and solutions that may be of interest to you. When we send you marketing communications, there are separate laws regarding marketing communications that we adhere to, in addition to data protection laws. You may opt out of receiving marketing communications from us. For all other purposes – legitimate interests. Our events, the third-party events we attend, and our updates are intended primarily for customers and potential customers. We have a legitimate interest in confirming that our events and updates are being made available to their intended audience. We also have a legitimate interest in understanding your use of our events and updates, and whether this presents any opportunity for us to improve the services and solutions we offer to you. |
Marketing Where we have a sales opportunity, we may obtain information about relevant decision makers to improve the prospects of our sales pitch or proposal being successful. This information may come from a variety of public databases and information sources. We do not generally look to collect special categories of personal data and criminal convictions data for this purpose. | Legitimate interests. We also have a legitimate interest in understanding relevant information about you where you are likely to be involved in deciding whether you or the person you represent will buy our services and solutions. |
Visitors to our websites Most of our websites use cookies to help them work more efficiently and to provide us with information on how the website is being used. For those of our websites where we are legally obliged to provide you with further information about the cookies we use, we have prepared separate cookies notices which you can find on the relevant websites and which provide you with the information you need to know. We do not generally look to collect special categories of personal data and criminal convictions data on our websites. | Legitimate interests. |
Visitors to our offices We require visitors to our offices to sign in at reception and we keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need-to-know basis – for example, to investigate an incident. We do not generally look to collect special categories of personal data and criminal convictions data for this purpose. | Legitimate interests. |
Establishing our legal position and complying with law We may also use your personal information if this is necessary to comply with a legal obligation (e.g., such as to maintain records), legal process, or internal policies. In some cases, this information will include special categories of personal data and criminal convictions data. | For all information – legitimate interests. We have a legitimate interest in understanding and establishing our legal rights and obligations. For special category and criminal convictions data – the establishment, exercise, or defence of legal claims or prospective legal claims. |
Accomplishing our business purposes | To manage our contractual relationship with you. Compliance with a legal obligation. Legitimate interests. |
We may aggregate and/or anonymize personal information so that it will no longer be considered personal information. We do so to generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual.
3.2 Failure to provide your personal information to us
We cannot force you to provide your personal information to us and you can choose not to provide us with your personal information. Where we need to collect your personal information by law or in order to process your instructions, provide you with our services or perform a contract we have with you and you decide not to provide that information when requested, we may not be able to carry out your instructions, provide our services or perform the contract we have or are trying to enter into with you. In other circumstances where you choose not to provide us with your personal information we request, your decision not to provide us with your personal information may affect our ability to provide certain of our products and services.
3.3 Consent
We do not generally process your personal information based on your consent (as we can usually rely on another legal basis). Where we do process your personal information based on your consent, you have the right to withdraw your consent at any time. To withdraw your consent please email us at privacy@reyesholdings.com or, to stop receiving our marketing emails or updates, please click on the unsubscribe link in the relevant email you receive from us. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose(s) to which you originally consented unless there is another legal ground for the processing. Please note that where we rely on your consent to process your personal information and you choose to withdraw your consent, your decision may affect our ability to provide certain of our products and services.
Do we share your information with anyone else?
We do not sell your information. But we do disclose your information in the following circumstances:
our organization is made up of several different entities around the world. Where it is necessary or appropriate for the purposes for which we hold your information, we share your relevant information across our affiliated companies. All our affiliated companies covered by this notice manage your personal information in the manner and to the standards set out in this notice, subject to any local jurisdictional compliance requirements. Details of the affiliated companies to which this notice applies are set out in Section 1.1 above;
if you are a customer or work for or are a representative or owner of a customer, then we might provide your relevant information to search companies so they can verify your identity;
we use the services of various external organizations to help us run our business efficiently. We may share your personal information with our trusted third-party service providers, to facilitate services they provide to us, such as internet services, call centers, website hosting, data analytics, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing, background checks, event organisation and hosting, and other services. In each case where we share your information with one of our service providers, the service provider is required to keep it safe and secure. They are also not permitted to use your information for their own purposes;
where we use external companies to organise or host events for us, we may need to provide these service providers with your relevant information;
in connection with a sale or business transaction. If we sell our business or undergo another business transaction (such as a reorganization, merger, joint venture, assignment, transfer, or other disposition of any or all portion of our business, assets, or stock, including in connection with any bankruptcy or similar proceedings), then your information may be transferred to a third party;
to protect the rights, property and safety of Reyes Holdings and others. Such information will be disclosed in accordance with applicable laws and regulations. This includes where we share information with other parties in the context of litigation discovery and in response to subpoenas and court orders;
we share your personal information with other third parties, such as relevant public and government authorities, including regulators and law enforcement, where we are required or requested to do so to comply with legal or regulatory requirements;
to comply with applicable law and regulations, which may include laws outside your country of residence;
to enforce our policies;
to prevent, investigate and identify persons or organizations potentially involved in activity that appears to us to be illegal or we believe may expose us to legal liability; and
in situations that we believe to be emergencies involving potential threats to the physical safety of any person or property if we believe that the information in any way relates to that threat.
4. Other important things you should know
4.1 Keeping your personal information safe
We take security issues seriously. We implement appropriate steps to help maintain the security of our information systems and processes and prevent the accidental destruction, loss, or unauthorised disclosure of the personal information we process. Some of the safeguards we use are firewalls and data encryption, physical access controls to data centers, and information access authorization controls. Unfortunately, no data transmission or storage system is guaranteed to be 100% secure.
4.2 Profiling and automated decision making
We do not use profiling (where an electronic system uses personal information to try and predict something about you) or automated decision making (where an electronic system uses personal information to decide about you without human intervention).
4.3 How long do we keep your personal information?
We keep your personal information in accordance with our data retention policy that categorises all the personal information held by us and specifies the appropriate retention period for each category of personal information. Those periods are based on the requirements of relevant data protection laws and the purpose for which the information is collected and used, considering legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice, and our business purposes.
4.4 Third party services
This privacy notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which our websites link.
In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, or any other social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any personal information you disclose to other organizations through or in connection with our social media pages.
4.5 Cross border transfers of your personal information
We are a global business that operates, and provides services and solutions to customers located, in many different countries around the world.
The global nature of our business means that your personal information may well be transferred across national boundaries, including, potentially, to countries that do not require organisations by law to look after your personal information in the way in which you have come to expect in your own country.
Where we transfer your personal information across national boundaries, we will protect your personal information by ensuring that those transfers are made in compliance with all relevant data protection laws. For example, where we transfer personal information from a country located within the European Union to a country outside of the European Union that is not recognised by the European Commission as providing an adequate level of data protection, we normally do so subject to safeguards that assure the protection of your personal information, such as European Commission approved standard contractual clauses.
If you would like further details of how your personal information is protected when transferred from one country to another then please email us at privacy@reyesholdings.com.
5. Your rights
5.1 Contacting us and your rights
If you have any questions or complaints in relation to our use of your personal information, please email us at privacy@reyesholdings.com.
Alternatively you may call us using the number below where the local language is spoken.
US, Canada and Puerto Rico: (888) 295-6392
Brazil: 0800-891-2871
Panama: 001-888-597-1408
United Kingdom: 0808-234-9917
Malaysia: 800-81-6398
Qatar: 704-552-8066
Dubai: 877-635-2795
Ireland: 1-800-559-036
New Zealand: 1-877-635-2795
Australia: 1-800-68-7913
Bahrain: 8000-4322
Costa Rica: 0-800-011-1250
France: 0800-91-5911
Korea: 00308-13-2759
Oman: 001-704-552-8066
Singapore: 800-110-2086
Under certain conditions, you may have the right to require us to:
provide you with further details on the use we make of your personal information
provide you with access to the personal information we hold about you
update any inaccuracies in the personal information we hold about you
delete any of your personal information that we no longer have a lawful ground to use
where processing is based on consent, stop that processing by withdrawing your consent
object to any processing based on our legitimate interests unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights
restrict how we use your personal information whilst a complaint is being investigated
transfer your personal information to a third party in a standardised machinereadable format
In certain circumstances, we may need to restrict your rights to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege).
We are obliged to keep your personal information accurate and up to date. Please help us to do this by advising us of any changes to your personal information.
5.2 Your right to complain
If you are not satisfied with our use of your personal information or our response to any request by you to exercise your rights, or if you think that we have breached any relevant data protection laws, then you have the right to complain to the authority that supervises our processing of your personal information or, where you are based in the UK or the EU, the data protection authority in your country.
If you are unsure of the authority that supervises our processing of your personal information, then please email us at privacy@reyesholdings.com.
Australia
Our main general privacy notice together with the information set out on this page constitutes our privacy notice for the purposes of our compliance with the data protection laws in Australia.
This page sets out the additional information, over and above the information set out in our main general privacy notice, that we are obliged to provide to you to comply with local data protection laws in Australia. It also sets out how our data protection practices differ in Australia compared to the practices described in our main general privacy notice.
The name and address of our Australian business can be found here.
Differences/Additional Information
Any reference to identification details in clause 1.10 of the main general privacy notice does not include your Tax File Number (TFN) unless we are specifically authorised by law to process TFNs for the relevant purpose and, if so, we will inform you of that on collection.
By providing us with any special categories of personal information or criminal convictions information (sensitive information) or continuing with our services you consent to us processing your sensitive information in accordance with our privacy notice.
Under Australian data protection laws, your rights described in clause 4.1 of the main general privacy notice are restricted to only a right of access to, and a right to correct inaccuracies in, the personal information we hold about you. If we refuse to provide access to or correct your personal information, we will give you a written notice within 30 days and outline the reasons for our refusal and avenues available for you to complain about our refusal.
If you make a complaint directly to us in relation to our use of your personal information, we will investigate your complaint and inform you of any steps we will take to resolve the complaint. We will notify you in writing if we require any additional information and also of the outcome of the investigation. If you are not happy with the outcome of our investigation, you may complain to the Office of the Australian Information Commissioner (OAIC) whose contact details can be obtained at www.oaic.au
Brazil
Our main general privacy notice together with the information set out on this page constitutes our privacy notice for the purposes of our compliance with the data protection laws in Brazil.
This page sets out the additional information, over and above the information set out in our main general privacy notice, that we are obliged to provide to you to comply with local data protection laws in Brazil. It also sets out how our data protection practices differ in Brazil compared to the practices described in our main general privacy notice.
The name and address of our Brazilian business can be found here.
Differences/Additional Information
In relation to cross-border transfers of your personal data, we will only transfer your data outside of Brazil to countries that have at least the same level of data protection as provided by the local data protection laws in Brazil.
If we suffer a data incident that may cause risk or relevant damage to you or your rights in relation to the personal data that we hold about you, we will notify you of the incident in a timely manner.
Access to personal data must be provided, upon request of the data subject, within a period of 15 days of the data subject’s request.
The LGPD does not specify how damages are compensated, allowing for damages based on the Brazilian Civil Code, that does not set any limit of methodology, relying on case law.
You can find more information about the Brazilian privacy notice or talk to the Data Protection Officer by writing an email to protecaodedados@martinbrower.com.br.
Canada
Our main general privacy notice together with the information set out on this page constitutes our privacy notice for the purposes of our compliance with the data protection laws in Canada. This page sets out the additional information, over and above the information set out in our main general privacy notice, that we are obliged to provide to you to comply with local data protection laws in Canada. It also sets out how our data protection practices differ in Canada compared to the practices described in our main general privacy notice.
The name and address of our Canadian business can be found here.
Differences/Additional Information
The only legal bases we rely on when processing your personal information for the purposes of local data protection laws in Canada are: consent; or where the privacy laws in Canada set out circumstances under which we may collect, use or disclose your personal information without your consent (such as emergency circumstances or the investigation of a breach of an agreement or law). With exception to such specified circumstances, we will not collect, use or disclose your personal information for the purposes set out in this privacy notice except with your consent.
Costa Rica
Our main general privacy notice together with the information set out on this page constitutes our privacy notice for the purposes of our compliance with the data protection laws in Costa Rica.
This page sets out the additional information, over and above the information set out in our main general privacy notice, that we are obliged to provide to you to comply with local data protection laws in Costa Rica. It also sets out how our data protection practices differ in Costa Rica compared to the practices described in our main general privacy notice.
The name and address of our Costa Rican business is below:
MBrower de Costa Rica S.R.L.
Distribuciones Carma Pinares, S.R.L.Contact:
Rodolfo Madrigal
Martin Brower de Costa Rica
300 Norte La Galera
Curridabat, San Jose, Costa RicaPhone (506) 2272-2271
Email: rmadrigal@martin-brower.com
Differences/Additional Information
Your personal information will be stored and processed in a database that is our property.
The only legal bases we rely on when processing your personal information for the purposes of local data protection laws in Costa Rica are: informed consent; a substantiated order issued by a competent judicial authority or an agreement adopted by a special investigative commission of the Legislative Branch in the exercise of its duties; public personal information; or where the information must be delivered by constitutional or legal provision.
When collecting your personal information, we will inform you whether it is mandatory or optional for you to provide the information requested. If you refuse to provide the personal information that is mandatory, penalties/consequences may apply. There are no consequences if you refuse to provide optional personal data, save that our ability to fully provide some of our services may be compromised.
France
Our main general privacy notice together with the information set out on this page constitutes our privacy notice for the purposes of our compliance with the data protection laws in France.
This page sets out the additional information, over and above the information set out in our main general privacy notice, that we are obliged to provide to you to comply with local data protection laws in France. It also sets out how our data protection practices differ in France compared to the practices described in our main general privacy notice.
The name and address of our French business can be found here.
Differences/Additional Information
• You may have the right to define guidelines related to the management of your data after your death (or alternatively post mortem guidelines). Such guidelines can be delivered directly to us or to a confidential third party that you have appointed.
Ireland
Our main general privacy notice together with the information set out on this page constitutes our privacy notice for the purposes of our compliance with the data protection laws in Ireland.
This page sets out the additional information, over and above the information set out in our main general privacy notice, that we are obliged to provide to you to comply with local data protection laws in Ireland. It also sets out how our data protection practices differ in Ireland compared to the practices described in our main general privacy notice.
The name and address of our Irish business can be found here.
Differences/Additional Information
None.
New Zealand
Our main general privacy notice together with the information set out on this page constitutes our privacy notice for the purposes of our compliance with the data protection laws in New Zealand.
This page sets out the additional information, over and above the information set out in our main general privacy notice, that we are obliged to provide to you to comply with local data protection laws in New Zealand. It also sets out how our data protection practices differ in New Zealand compared to the practices described in our main general privacy notice.
The name and address of our New Zealand business can be found here.
Differences/Additional Information
Where, as described in clause 2.3 of the main general privacy notice, we share your personal information with a third party that is located overseas, please note that the recipient may not be subject to the New Zealand Information Privacy Principles.
Under New Zealand data protection laws, your rights described in clause 4.1 of the main general privacy notice are restricted to only a right of access to, and a right to correct inaccuracies in, the personal information we hold about you.
Panama
Our main general privacy notice together with the information set out on this page constitutes our privacy notice for the purposes of our compliance with the data protection laws in Panama.
This page sets out the additional information, over and above the information set out in our main general privacy notice, that we are obliged to provide to you to comply with local data protection laws in Panama. It also sets out how our data protection practices differ in Panama compared to the practices described in our main general privacy notice.
The name and address of our Panamanian business can be found is below:
Martin-Brower y Compania
Contact:
Itzel de Ayu Prado
Edif. Galores Cold Storage
Calle Jose M. Torrijos Mañanitas
Panama, Rep. de PanamaPhone: (507) 202 5105
Email: iayuprado@martin-brower.com
Differences/Additional Information
The only legal bases we rely on when processing your personal information for the purposes of local data protection laws in Panama are: consent; to comply with a legal obligation; or to fulfil our contractual relationship.
Law No. 81 on Personal Data Protection entered into effect, on 29 March 2021, following its enactment in 2019. Furthermore, the law provides for, among other things:
consent procedures for the processing of personal data;
obligations for the cross-border processing of personal data originating in Panama; and
a Personal Data Protection Council with advising power and functions.
South Korea
Our main general privacy notice together with the information set out on this page constitutes our privacy notice for the purposes of our compliance with the data protection laws in South Korea.
This page sets out the additional information, over and above the information set out in our main general privacy notice, that we are obliged to provide to you to comply with local data protection laws in South Korea. It also sets out how our data protection practices differ in South Korea compared to the practices described in our main general privacy notice.
The name and address of our South Korean business can be found here.
Differences/Additional Information
By providing us with any special categories of personal information or criminal convictions information (sensitive information) or continuing with our services you consent to us processing your sensitive information in accordance with our privacy notice. Where we do not have your consent, we may rely on legislation permitting the processing of sensitive information.
Where we collect your personal information from a third party as described in clause 1.11 of the main general privacy notice, you can require us, on request, to: provide you with the source we collected this personal information from; provide you with the purpose for which we collected this information; and suspend the processing of this personal information.
In respect of how long we keep your personal information that is subject to the data protection laws in South Korea, we intend to process and retain your personal information for no longer it is required to comply with the privacy legislations or legal obligations in the country.
Under South Korean data protection laws, your rights described in clause 4.1 of the main general privacy notice are restricted to only a: right to have confirmed if your personal information is being processed by us; right of access to the personal information we hold about you; right to update any inaccuracies in your personal information; right to require us to suspend the processing of your personal information; and right to require us to erase and destroy the personal information we hold about you.
In addition to our general contact details for data protection queries set out in clause 4.1 of the main general privacy notice, if you have any specific questions relating to our use of your personal information and its protection under the data protection laws in South Korea, please contact the Chief Protection Officer (“CPO”) by writing an email to cposouthkorea@reyesholdings.com
United Kingdom
Our main general privacy notice together with the information set out on this page constitutes our privacy notice for the purposes of our compliance with the data protection laws in the United Kingdom.
This page sets out the additional information, over and above the information set out in our main general privacy notice, that we are obliged to provide to you to comply with local data protection laws in the United Kingdom. It also sets out how our data protection practices differ in the United Kingdom compared to the practices described in our main general privacy notice.
The name and address of our business in the United Kingdom can be found here.
Differences/Additional Information
None.
United States
Our main general privacy notice together with this Notice at Collection set out on this page constitutes our privacy notice for the purposes of our compliance with the data protection laws in the United States.
Reyes Holdings, L.L.C. and its U.S. affiliates (collectively, “Reyes,” “we” or “our”) provide the following details regarding the categories of Personal Information that we collect, use, and disclose about California, Virginia, Colorado, Utah and Connecticut residents who are consumers of our goods and services, visitors to our websites and online services or representatives of businesses that we interact with. This Privacy Policy does not apply to our employees or job applicants.
Collection and Disclosure of Personal Information
The following chart details which categories of Personal Information we collect and process, as well as which categories of Personal Information we disclose to third parties for our operational business purposes, including within the 12 months preceding the date this Privacy Policy was last updated.
We disclose Personal Information to the following categories of third parties:
“Service Providers.” We disclose Personal Information to our trusted third-party service providers, to facilitate services they provide to us, such as internet services, call centers, website hosting, data analytics, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing, background checks, and other services.
“Legal Authorities.” We disclose Personal Information to public and government authorities, including regulators and law enforcement, to respond to requests, as well as to protect and defend legal rights.
“Other Parties in Litigation” We disclose Personal Information in the context of litigation discovery and in response to subpoenas and court orders.
“Our Affiliates” We disclose Personal Information to our parent company, subsidiaries and other corporate affiliates.
Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes |
|---|---|
Identifiers, such as name, contact information, unique personal identifiers, IP address that can reasonably be linked or associated with a particular consumer or household, online identifiers, and government-issued identifiers | Service Providers, Legal Authorities Other Parties in Litigation, Our Affiliates |
Personal information as defined in the California customer records law, such as name, contact information, signature; financial account information; medical, insurance, financial information | Service Providers, Legal Authorities Other Parties in Litigation, Our Affiliates |
Commercial Information, such as transaction information | Service Providers, Legal Authorities Other Parties in Litigation, Our Affiliates |
Geolocation Data, such as device location and location derived from IP address | Service Providers, Legal Authorities Other Parties in Litigation, Our Affiliates |
Audio/Video Data. Audio, electronic, visual and similar information, such as call and video recordings created in connection with our business activities | Service Providers, Legal Authorities Other Parties in Litigation, Our Affiliates |
Education Information subject to the federal Family Educational Rights and Privacy Act such as student transcripts, grade point average, grades, and disciplinary records | Service Providers, Legal Authorities Other Parties in Litigation, Our Affiliates |
Employment Information. Professional or employment- related information, such as work history and prior employer | Service Providers, Legal Authorities Other Parties in Litigation, Our Affiliates |
Sensitive Personal Information.
| Service Providers, Legal Authorities Other Parties in Litigation, Our Affiliates |
We may also disclose your Personal Information to a third party in the context of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
Under California, Virginia, Colorado, Utah and Connecticut laws, if a business shares Personal Information for purposes of cross-context behavioral advertising or processes Personal Information for purposes of targeted advertising, it must allow California, Virginia, Colorado, Utah and Connecticut residents to opt out of such activities pursuant to applicable law. However, we do not share or otherwise process Personal Information, including Sensitive Personal Information, for purposes of cross-context behavioral or targeted advertising, as defined under applicable law. We have not engaged in such activities in the 12 months preceding the date this Privacy Policy was last updated.
We do not sell or knowingly use for cross-context behavioral advertising or targeted advertising the personal Information of minors under 16 years of age.
Under the CCPA, if a business uses or discloses Sensitive Personal Information beyond certain purposes, it must allow California residents to opt out of such uses or disclosures. However, we do not use or disclose Sensitive Personal Information beyond such purposes, nor have we used or disclosed Sensitive Personal Information beyond such purposes in the last 12 months. You can opt-out of our processing your Sensitive Personal Information by electing not to provide it to us.
Purposes of Collection, Use and Disclosure of Personal Information
We may collect, use and disclose each category of Personal Information to operate, manage, and maintain our business; provide, develop, improve, repair, and maintain our products and services; enter into, track and perform agreements with customers and suppliers; personalize, advertise, and market our products and services; provide customer support and respond to requests for information; manage customer and supplier relationships; conduct research, analytics, and data analysis; operate, maintain and improve our website and other online services or applications; operate and maintain our facilities and infrastructure; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, audit, and other internal functions, such as internal investigations; facilitate and implement any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings); comply with law (including anti-money laundering laws), legal process, and internal policies; maintain records; and exercise and defend legal claims. We disclose Personal Information to our service providers and processors so that they can use it on our behalf to provide services to us.
Use of Sensitive Personal Information
Subject to your consent if required by applicable law, we may use Sensitive Personal Information for purposes of performing services for our business or providing goods or services as requested by you, ensuring security and integrity, short term transient use such as displaying first party, nonpersonalized advertising, payment/customer service, verifying customer information, and activities relating to quality and safety control or product improvement. We do not use Sensitive Personal Information beyond these purposes, or to infer characteristics about individuals.
Retention Period
We retain each category of Personal Information for as long as needed or permitted in light of the purpose(s) for which it was collected. The criteria used to determine our retention periods include:
The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you have a relationship with us or keep using our services) and the length of time thereafter during which we may have a legitimate need to reference your Personal Information to address issues that may arise;
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Sources of Personal Information
We collect this Personal Information from you, your employer or the organization that you represent, work for or own, and from the companies that we distribute products for, our affiliates, service providers, data analytics providers, data brokers, credit reference agencies, government agencies and publicly available databases or sources of information (e.g., anti-fraud databases, sanctions lists, court judgements and other databases), joint marketing partners, social media outlets, including in the context of promotions that we operate and by using website tracking devices or collecting information through your use of our websites, services, and solutions.
De-identified data
Where we maintain or use de-identified data, we will continue to maintain and use the deidentified data only in a de-identified fashion and will not attempt to re-identify the data.
Individual Rights and Requests
If you are a resident of California, Colorado, Virginia, Utah or Connecticut, you may have:
The right to know whether we process your Personal Information, and the right to access such Personal Information.
If you are a California resident, you may request that we disclose to you the following information covering the 12 months preceding your request:
The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
The business or commercial purpose for collecting Personal Information about you; and
The categories of Personal Information about you that we disclosed, and the categories of third parties to whom we disclosed such Personal Information.
The right to correct inaccuracies in your Personal Information;
The right to have your Personal Information (or, just your Personal Information that you provided to us directly) deleted;
The right to receive a copy of your Personal Information (or, just your Personal Information that you provided to us directly), including specific pieces of Personal Information, including, where applicable, the right to obtain a copy of such Personal Information in a portable, readily usable format;
If you are a Utah resident, you may additionally have the right to opt out of our processing of your sensitive personal information, as defined by Utah law, that we have collected from you, subject to some exceptions to this right.
If you are a Nevada “consumer” as the term is defined under Nevada’s Revised Statute Chapter 603A (“Nevada Privacy Law”):
Reyes has established privacy@reyesholdings.com as the designated request address for the submission of verified requests not to “sell” covered information, for purposes of the Nevada Privacy Law. Reyes does not “sell”, and does not anticipate that it will “sell”, the covered information of Nevada consumers as defined under the Nevada Privacy Law. Should Reyes ever begin to “sell” your covered information, you may submit a verified request not to sell to privacy@reyesholdings.com.
You have the right to be free from unlawful discriminatory treatment for exercising your rights under California, Virginia, Colorado, Utah or Connecticut law.
To make a request to know, access, correct, delete, or receive a copy of, your Personal Information, please contact us at privacy@reyesholdings.com or 888-295-6392. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. In some instances, we may decline to honor your request where the law or your right does not apply or where an exception applies. We may need to verify your identity in order to action your request we will do this by using existing consumer identity data for example, by requesting you to provide a drivers license or a current utility bill in order to verify your identity and protect against fraudulent requests. If you make a request to delete, we may ask you to confirm your request before we delete your Personal Information.
Appeal Process
If you are a Colorado, Virginia or Connecticut resident and we refuse to take action on your request, you may appeal this refusal within a reasonable period after you have received notice of the refusal. You may file an appeal by contacting us via privacy@reyesholdings.com or 888-295- 6392.
Authorized Agents
If you want to make a request as an authorized agent of a consumer as permitted under applicable law, you may use the submission methods noted above. Under the law, not all kinds of requests can be made by authorized agents in all states. As part of our verification process, we may request that you provide, as applicable, proof concerning your status as an authorized agent. If you are making a request on behalf of a California resident, this may include:
A power of attorney from the California resident pursuant to California Probate Code sections 4121-4130; or
If you have not provided #1:
We may require an authorized agent to provide proof that the resident has provided signed permission authorizing you to make a request on the resident’s behalf. “Signed” means that the permission has either been physically signed or provided electronically in accordance with the Uniform Electronic Transactions Act, Civil Code 1633.7 et seq.
We may require the resident to:
Verify the resident’s own identity directly with us
Directly confirm with us that the resident provided you permission to submit the request.
Your California Privacy Rights
California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Alternately, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. If you wish to opt-out of our sharing of your information with third parties for the third parties’ direct marketing purposes, contact us at privacy@reyesholdings.com (please include your name, mailing address and email address).
Contact Us
If you have any questions regarding this Privacy Policy, please contact us at privacy@reyesholdings.com.