GDPR Privacy Addendum
RACO Manufacturing & Engineering Co., Inc.
Last Updated: June 2026
Overview
This GDPR Privacy Addendum supplements the Master Privacy Policy and applies to residents of the European Union, European Economic Area, and the United Kingdom.
Applicability: If you are a resident of or located in the EU, EEA, or UK, the rights and procedures in this Addendum apply to you in addition to the Master Privacy Policy.
Scope: This Addendum addresses compliance with:
- Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR")
- Data Protection Act 2018 (c. 12) (UK GDPR)
- Any successor or supplementary regulations in EU/UK member states
Hierarchy: In case of conflict between this Addendum and the Master Privacy Policy, this Addendum controls for EU/UK residents.
1. Legal Basis for Processing
Under GDPR, RACO must identify a legal basis for processing your personal data. RACO processes your data under the following legal bases:
Basis 1: Contractual Necessity (Article 6(1)(b))
RACO processes personal data that is necessary to:
- Perform a contract with you (e.g., provide products/services you've ordered)
- Fulfill pre-contract obligations (e.g., respond to inquiries about our products)
- Account management and subscription services
Data Types: Contact information, account data, payment information, communication records, usage data
Duration: For the duration of the contract plus 7 years (for legal/tax compliance)
Basis 2: Legal Obligation (Article 6(1)(c))
RACO processes personal data when required by law, including:
- Tax and accounting obligations
- Fraud prevention and anti-money laundering
- Compliance with government requests
- Data retention for regulatory requirements
- Export control and sanctions compliance
Data Types: Transaction data, payment information, identity verification data
Duration: As required by applicable law (typically 7 years for tax purposes)
Basis 3: Legitimate Interests (Article 6(1)(f))
RACO processes personal data based on legitimate business interests, provided the processing does not override your rights and interests. RACO's legitimate interests include:
- Product Improvement: Analyzing usage patterns, errors, and feature popularity to improve the Service
- Marketing and Communications: Sending newsletters and product updates (see marketing consent below)
- Security and Fraud Prevention: Detecting and preventing unauthorized access, fraud, abuse, and other security threats
- Analytics: Understanding how users interact with the Service to optimize user experience
- Legal and Compliance: Establishing, exercising, or defending legal claims; detecting and preventing fraud
Data Types: Usage data, interaction data, device information, analytics data
Duration: Typically 13 months for analytics data; longer where necessary for legal claims
Your Right to Object: You have the right to object to processing based on legitimate interests. See Section 3 below for procedures.
Basis 4: Consent (Article 6(1)(a))
RACO obtains your explicit consent for processing that is not covered by other legal bases, including:
- Marketing emails and newsletters
- Certain analytics or tracking (where not strictly necessary)
- Profiling for personalized recommendations
- Non-essential cookies and tracking technologies
Consent Mechanism: RACO obtains consent through:
- Affirmative opt-in checkboxes (not pre-checked)
- Double opt-in for email marketing (confirmation email required)
- Explicit cookie consent banners
Your Right to Withdraw: You may withdraw consent at any time by:
- Clicking "Unsubscribe" in marketing emails
- Updating your preferences in your account
- Emailing privacy@racoman.com
Withdrawal Effect: Withdrawal is effective immediately for future processing; past processing under the consent is lawful.
2. Your GDPR Data Protection Rights
Right to Access (Article 15)
You have the right to access what personal data RACO holds about you and receive confirmation of whether the data is being processed.
What You Can Request:
- Whether RACO is processing your personal data
- Categories of personal data collected
- Purposes of processing
- Categories of recipients
- How long the data will be retained
- Your rights regarding the data
- How we collect the data (if not provided directly)
How to Request: Submit a "Data Subject Access Request" (DSAR) to privacy@racoman.com with the subject line "GDPR Article 15 - Right of Access Request"
Response Timeline:
- Acknowledgment: Within 5 business days
- Response: Within 30 calendar days of request verification
- Possible extension: 60 additional days for complex requests (with notice)
Format: RACO will provide the information in a clear, intelligible format, typically as a PDF or exported data file.
Right to Rectification (Article 16)
You have the right to request correction or completion of inaccurate or incomplete personal data.
What You Can Request:
- Correction of factually inaccurate information
- Completion of incomplete information
- Addition of missing information
How to Request: Email privacy@racoman.com with the subject line "GDPR Article 16 - Right to Rectification" and describe the inaccurate/incomplete data.
Response Timeline:
- RACO will correct the data or provide the reason why correction is refused within 30 days
Effect: Once corrected, RACO will notify third parties who have received the data (where possible) so they may also correct their records.
Right to Erasure / "Right to be Forgotten" (Article 17)
You have the right to request deletion of personal data under certain circumstances.
Grounds for Erasure:
- The data is no longer necessary for its original purpose
- You withdraw consent and no other legal basis exists
- You object to processing based on legitimate interests and RACO has no overriding reason
- The data has been unlawfully processed
- Deletion is required by EU/UK law
- The data was collected from you as a child
Exceptions (When RACO May Not Delete):
- Processing is necessary to comply with legal obligations
- Processing is necessary to establish, exercise, or defend legal claims
- Processing is necessary for fraud detection or crime prevention
- Data is necessary to protect your vital interests or those of others
- Processing is necessary for archival, statistical, or research purposes
How to Request: Email privacy@racoman.com with the subject line "GDPR Article 17 - Right to Erasure" and explain the ground for deletion.
Response Timeline:
- Within 30 days (or 60 days for complex requests), RACO will delete the data or explain why deletion is refused
Effect of Deletion:
- Data will be permanently deleted from active systems within 30 days
- Backup copies will be deleted within 90 days of the deletion request
- Exceptions: Data required by law or for legal claims may be retained and marked as restricted
Right to Restrict Processing (Article 18)
You have the right to restrict RACO's processing of your personal data in certain circumstances.
Circumstances for Restriction:
- You contest the accuracy of the data (while RACO verifies accuracy)
- You believe processing is unlawful and request restriction instead of deletion
- RACO no longer needs the data, but you need it for a legal claim
- You have objected to processing and RACO is determining whether its interests override yours
How to Request: Email privacy@racoman.com with the subject line "GDPR Article 18 - Right to Restrict Processing" and explain the reason for restriction.
Effect of Restriction:
- Once restricted, RACO will process the data only with your consent, for legal claims, or to protect others' rights
- RACO will not share restricted data with third parties (except with your consent or for legal reasons)
- You will be notified before restriction is lifted
Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit that data to another controller.
Scope:
- Applies to data you have provided to RACO (not inferred data)
- Applies to data processed based on consent or contract
- Does not apply to data processed based on other legal bases
Formats Available:
- CSV (comma-separated values)
- JSON (JavaScript Object Notation)
- Excel (.xlsx)
- PDF (human-readable format)
How to Request: Email privacy@racoman.com with the subject line "GDPR Article 20 - Right to Data Portability Request" and specify your preferred format.
Response Timeline:
- Within 30 days of request verification
Direct Transfer: If technically feasible, RACO will transmit your data directly to another data controller you specify (e.g., a competitor's service).
Right to Object (Article 21)
You have the right to object to RACO's processing of your personal data.
Right to Object to Legitimate Interest Processing (Article 21(1))
You may object at any time to processing based on legitimate interests. If you object, RACO must:
- Cease processing unless it can demonstrate legitimate overriding interests
- Not use your data for marketing, profiling, or similar purposes
How to Object: Email privacy@racoman.com with the subject line "GDPR Article 21 - Objection to Processing" and explain your concerns.
Effect: RACO will stop processing your data for the specified purpose, effective immediately (or shortly thereafter).
Right to Object to Marketing and Profiling (Article 21(3))
You have an absolute right to object to processing for:
- Direct marketing (including unsolicited emails)
- Profiling linked to direct marketing
- Automated decision-making for marketing or profiling purposes
How to Object:
- Click "Unsubscribe" in any marketing email, or
- Email privacy@racoman.com with the subject line "Object to Marketing"
Effect: RACO will immediately cease marketing communications and profiling.
Rights Related to Automated Decision-Making and Profiling (Articles 22, 21(4))
You have the right not to be subject to decisions based solely on automated processing, including profiling, if the decision produces legal or similarly significant effects on you.
Current RACO Practices: RACO uses automated decision-making for:
- Email filtering and spam detection
- Fraud detection and risk assessment
- Marketing audience segmentation
- Product recommendation algorithms
No Legal/Significant Effects: RACO does not use automated decision-making for decisions that have legal or significant effects, such as:
- Denying service
- Pricing or rate-setting
- Employment decisions
- Credit decisions
Your Rights: If automated processing does affect you significantly, you have the right to:
- Request human review
- Obtain information about the logic of the decision
- Contest the automated decision
- Express your point of view
How to Request: Email privacy@racoman.com with the subject line "Request Information About Automated Decision" or "Request Human Review of Automated Decision."
3. Data Protection Standards and Safeguards
Data Minimization (Article 5(1)(c))
RACO collects and processes only the personal data necessary for the stated purposes. We do not collect data "just in case" it might be useful in the future.
Purpose Limitation (Article 5(1)(b))
RACO processes your personal data only for the purposes disclosed in this Addendum and the Master Privacy Policy. We do not use data for purposes incompatible with the original purpose without obtaining fresh consent.
Storage Limitation (Article 5(1)(e))
RACO retains personal data only as long as necessary for the purpose for which it was collected. See Section 5 below for retention periods.
Accuracy (Article 5(1)(a))
RACO takes reasonable steps to keep your personal data accurate, complete, and up to date. You may request corrections under Article 16 (Right to Rectification).
Integrity and Confidentiality (Article 5(1)(f), Article 32)
RACO implements technical and organizational security measures to protect your personal data against:
- Unauthorized or accidental access
- Accidental loss, alteration, or destruction
- Unauthorized disclosure
- Unlawful processing
Security Measures Include:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of sensitive data at rest
- Access controls and authentication
- Regular security assessments and penetration testing
- Employee data protection training
- Incident response procedures
- Vendor security audits
4. International Data Transfers
RACO is based in the United States. Processing your personal data involves transfer to the United States, where data protection laws may be less protective than EU/UK laws.
Legal Mechanism for Transfers
RACO ensures adequate safeguards for international transfers through:
Standard Contractual Clauses (SCCs)
RACO has implemented Standard Contractual Clauses (Module One or Two, as applicable) approved by the European Commission. These clauses impose contractual obligations on data importers to provide an adequate level of protection equivalent to EU/UK standards.
SCCs Include:
- Limitations on processing to stated purposes
- Sub-processor requirements
- Data subject rights and remedies
- Data deletion upon request
- Audit and inspection rights
- Security obligations
- Breach notification requirements
Supplementary Measures
RACO implements supplementary technical and organizational measures to ensure protection, including:
- Data encryption in transit and at rest
- Restricted access to data on a need-to-know basis
- Data minimization during transfers
- Transparent privacy policies and procedures
Your Rights Regarding Transfers
You have the right to:
- Request information about the transfer mechanism
- Obtain a copy of the SCCs
- Raise concerns about inadequacy of safeguards
- Lodge a complaint with your supervisory authority
To Request SCC Information: Email privacy@racoman.com with the subject line "GDPR Transfers - Request SCC Information"
Risk of Onward Transfer
RACO's sub-processors and vendors may transfer data to their own affiliates and sub-processors. RACO contracts with all vendors to ensure they:
- Implement equivalent protections
- Use compliant transfer mechanisms
- Notify RACO of any requests for data disclosure by authorities
5. Data Retention and Deletion
Retention Periods by Category
RACO retains personal data for the periods necessary for the purposes specified, or as required by law:
| Data Category | Purpose | Retention Period |
|---|---|---|
| Account & Profile Data | Service provision, contract performance | Duration of account + 3 years after closure |
| Payment & Billing Data | Transaction processing, tax compliance, fraud prevention | 7 years (EU VAT, German tax law) |
| Communication Records | Customer support, dispute resolution | 2 years after last interaction |
| Marketing Data | Email marketing, newsletter distribution | 3 years after last opt-in or unsubscribe |
| Website Analytics | Performance optimization, trend analysis | 13 months (Google Analytics default) |
| Cookies & Tracking Data | Site functionality, analytics, advertising | Per cookie type (see Privacy Policy Section 6) |
| Support Tickets & Logs | Technical support, quality assurance | 2 years after ticket closure |
| Backup & Archive Data | Disaster recovery, business continuity | 90 days after deletion request; longer for legal holds |
Right to Erasure After Retention Period
Once the retention period expires, RACO will delete or anonymize your personal data unless:
- You consent to continued processing
- An exception applies (legal obligation, legal claim, security)
- Data is necessary for archival, statistical, or research purposes
Data Deletion Process
When you request deletion:
- Active System: Data will be deleted from active systems within 30 days
- Backup Systems: Backup copies will be deleted within 90 days
- Legal Holds: Data subject to legal proceedings may be retained and marked as "restricted"
- Notification: You will receive confirmation of deletion (unless doing so would reveal information about other people)
6. Data Breach Notification
In the event of a personal data breach affecting you, RACO will:
Notification to You
- Notify you without undue delay (typically within 3 days)
- Provide information about the nature of the breach
- Explain what data was affected
- Describe measures taken to address the breach
- Provide contact information for RACO's Data Protection Officer
Notification Methods:
- Email to your registered email address
- SMS to your registered phone number
- Prominent notice on the website
- Press release (for widespread breaches)
Notification to Authorities
RACO will notify the relevant supervisory authority (Data Protection Authority) within 72 hours of discovering a breach unless:
- The breach is unlikely to result in risk to your rights
- RACO has taken mitigating measures
Notification to Other Parties
If your data has been shared with third parties, RACO will, where feasible, notify those parties of the breach so they can take appropriate action.
7. Your Supervisory Authority Rights
Filing a Complaint
If you believe RACO has violated your GDPR rights, you have the right to lodge a complaint with your supervisory authority (Data Protection Authority):
Supervisory Authorities by Country:
| Country | Authority | Website |
|---|---|---|
| EU (General) | European Data Protection Board | edpb.eu |
| Austria | Austrian Data Protection Authority | dsb.gv.at |
| Belgium | Belgian Data Protection Authority | autoriteprotectiondonnees.be |
| Bulgaria | Commission for Personal Data Protection | cpdp.bg |
| Croatia | Croatian Personal Data Protection Agency | azop.hr |
| Cyprus | Office of the Commissioner | dpa.cy |
| Czech Republic | Office for Personal Data Protection | uoou.cz |
| Denmark | Danish Data Protection Agency | datatilsynet.dk |
| Estonia | Estonian Data Protection Inspectorate | aki.ee |
| Finland | Office of the Data Protection Ombudsman | tietosuoja.fi |
| France | National Commission for Data Protection (CNIL) | cnil.fr |
| Germany | Federal Data Protection Commissioner | bfdi.bund.de |
| Greece | Hellenic Data Protection Authority | apd.gr |
| Hungary | National Authority for Data Protection | naih.hu |
| Ireland | Data Protection Commission | dataprotection.ie |
| Italy | Guarantor for Personal Data Protection | garanteprivacy.it |
| Latvia | State Data Inspection | dvi.gov.lv |
| Lithuania | State Data Protection Inspectorate | vdai.lrv.lt |
| Luxembourg | National Commission for Data Protection | cnpd.lu |
| Malta | Office of the Information and Data Protection Commissioner | idpc.org.mt |
| Netherlands | Dutch Data Protection Authority | autoriteitpersoonsgegevens.nl |
| Poland | President of the Personal Data Protection Office | uodo.gov.pl |
| Portugal | National Data Protection Commission | cnpd.pt |
| Romania | National Supervisory Authority | autoritatea.info.ro |
| Slovakia | Office for Personal Data Protection | uoou.sk |
| Slovenia | Information Commissioner | ip-rs.si |
| Spain | Spanish Data Protection Authority | aepd.es |
| Sweden | Swedish Data Protection Authority | datainspektionen.se |
| United Kingdom | Information Commissioner's Office | ico.org.uk |
Filing a Complaint
You can typically file a complaint by:
- Visiting your supervisory authority's website
- Downloading a complaint form
- Submitting the form (usually online or by post)
- Providing details about the alleged violation
What to Include in Your Complaint:
- Your name and contact information
- Description of RACO's conduct
- Specific GDPR articles violated
- Dates of the alleged violation
- Documents or evidence supporting your claim
- Details about previous attempts to resolve the issue with RACO
8. RACO's Data Protection Officer and Contact Information
Data Protection Officer
RACO is required to maintain a Data Protection Officer (DPO) for organizational/operational reasons.
DPO Contact: [To be added once DPO is designated]
Privacy Contact
For privacy and GDPR-related inquiries, contact:
Email: privacy@racoman.com
Subject Line: "GDPR - [Your Request Type]" (e.g., "GDPR - Right of Access Request")
Mailing Address: RACO Manufacturing & Engineering Co., Inc. Privacy Team 727 Allston Way, Suite B Berkeley, CA 94710
Phone: 1-510-658-6713
Response Time: RACO will acknowledge your request within 5 business days and respond within 30 days (or 60 days for complex requests).
9. Data Subject Rights Execution Procedures
Request Submission
All data subject rights requests must include:
- Your full name
- Email address used with RACO
- Phone number (optional)
- The specific right you are exercising (access, erasure, restriction, etc.)
- Detailed description of your request
- Any supporting information
Verification
RACO will verify your identity by:
- Checking your email address and account information
- Requesting additional information if necessary
- In some cases, requesting a copy of government ID
Verification Standards: RACO will verify your identity with reasonable care to prevent unauthorized access to others' data.
Response Format
RACO will provide responses in:
- Electronic format (PDF, email, downloadable file)
- Accessible format (plain language, accessible to people with disabilities)
- Language: RACO will respond in the language of your request if possible
Appeal/Complaint
If RACO denies your request (wholly or partially), you have the right to:
- Request an explanation of the denial
- File an appeal with RACO
- Lodge a complaint with your supervisory authority
10. Special Categories of Data (Article 9)
RACO minimizes collection of "special categories" of personal data (sensitive data) that receive heightened protection under GDPR:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data (for identification purposes)
- Health data
- Sex life or sexual orientation data
Current Practices:
RACO does not deliberately collect special category data, except:
- Precise geolocation data (from water utility monitoring devices) — collected to provide the Service
- Limited communication data that may incidentally contain information about beliefs/religion — retained only if necessary for support purposes
Processing Basis:
Where RACO processes special category data, it does so because:
- The data subject has explicitly consented, or
- Processing is necessary to perform the contract with you, or
- Processing is necessary for our legal obligations
- Processing is carried out by RACO in the context of its legitimate activities (fraud detection, security)
Your Rights:
You may request deletion of special category data under Article 17 (Right to Erasure) or restriction of processing under Article 18 (Right to Restrict Processing).
11. Children's Data (Articles 8, GDPR; 14, UK GDPR)
RACO does not knowingly collect personal data from children under 13 years of age (or the relevant age of digital consent in your jurisdiction).
If You Are Under 18:
- If you are between 13 and 18 years old and wish to use RACO's services, parental consent may be required in some jurisdictions
- Contact privacy@racoman.com if you have questions about age requirements
Parental Rights:
Parents and guardians of children may:
- Request information about their child's data
- Request deletion of their child's data
- Exercise any data subject right on their child's behalf
12. Privacy by Design and Default (Article 25)
RACO commits to:
- Implementing data protection from the design phase of any new service
- Conducting Privacy Impact Assessments for high-risk processing
- Minimizing data collection by default
- Implementing privacy-enhancing technologies
- Ensuring transparency in our data practices
- Regular audits of privacy compliance
13. Processor Agreements and Sub-processors (Articles 28, 29)
Data Processing Agreements
RACO has entered into Data Processing Agreements (DPAs) with all vendors who process personal data on RACO's behalf. Each DPA includes:
- Restrictions on use to authorized purposes only
- Obligations to implement security safeguards
- Prohibition on sub-processing without authorization
- Assistance with data subject rights requests
- Assistance with supervisory authority requests
- Deletion of data upon contract termination
- Audit and inspection rights for RACO
List of Sub-processors
RACO maintains a list of authorized sub-processors and their processing locations. You may request a current list by emailing privacy@racoman.com with the subject line "GDPR - Request Sub-processor List."
Sub-processors Include:
- Cloud hosting providers
- Email marketing platforms
- Analytics vendors
- Payment processors
- Customer support tools
- Telecommunications carriers (for Cellularm)
Changes to Sub-processors
If RACO engages a new sub-processor or changes the processing location of a sub-processor, RACO will:
- Notify you in advance (at least 4 weeks before the change)
- Provide an opportunity to object (if you object within 2 weeks, RACO will either suspend the contract or allow you to terminate at no additional cost)
- Document the change in our records
14. Data Protection Impact Assessments (DPIA)
RACO conducts Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including:
- Large-scale processing
- Processing using new technologies
- Automated decision-making with legal/significant effects
- Processing of sensitive categories of data
Consultation with Supervisory Authorities:
If RACO determines that processing presents a high risk despite mitigating measures, RACO will consult with the relevant supervisory authority before processing commences.
15. Automated Decision-Making and Profiling Under GDPR
Right to Explanation (Article 15(1)(h))
If RACO uses automated decision-making, you have the right to:
- Be informed that automated processing is taking place
- Request an explanation of the decision-making logic
- Request human review and express your point of view
- Contest the decision
Restrictions on Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing if the decision produces legal or similarly significant effects.
Significant Effects Include:
- Denial of service or goods
- Pricing or contract terms determined automatically
- Creation of profiles that affect access to services
Non-Significant Effects (RACO may use automated processing):
- Product recommendations
- Content personalization
- Marketing segmentation
Current RACO Practices
RACO uses automated processing for:
- Email filtering and detection of spam/malware
- Fraud detection and security risk assessment
- Marketing audience segmentation
- Website analytics and optimization
No Significant Legal Effects:
RACO does not use automated decision-making for decisions with significant legal effects such as:
- Denying service
- Setting prices for individual customers
- Employment decisions
- Credit determinations
Your Right to Request Human Review:
If you believe automated processing has affected you significantly, email privacy@racoman.com with the subject line "GDPR - Request Human Review of Automated Decision" and explain your concerns.
16. Conflicting Requirements and Waivers
No Waiver of GDPR Rights
RACO cannot ask you to waive or restrict your GDPR rights as a condition of providing the Service. Any terms that purport to do so are unenforceable under GDPR.
Conflicting Terms
If any provision of RACO's Terms of Service, Privacy Policy, or other agreement conflicts with your GDPR rights:
- This Addendum controls
- The conflicting provision is unenforceable to the extent it violates GDPR
- Your GDPR rights remain in full effect
Retaliation Prohibited
RACO will not retaliate against you for:
- Exercising any GDPR right
- Filing a complaint with a supervisory authority
- Objecting to processing
- Requesting access to or deletion of data
17. Updates to This Addendum
RACO may update this Addendum to reflect:
- Changes in GDPR case law or guidance
- New supervisory authority decisions
- Regulatory updates
- Changes in RACO's processing practices
Notification of Changes:
- Updated Addendum will be posted on this page
- Material changes will be communicated via email or prominent website notice
- Changes take effect upon posting (unless specified otherwise)
18. Relationship to Other Agreements
Product-Specific Terms
Certain RACO products (AlarmAgent, Cellularm) have product-specific terms that may include data processing details. For conflicts:
- Product-Specific Terms control for product-specific processing
- This Addendum controls for general GDPR compliance
Master Privacy Policy
The Master Privacy Policy provides general privacy practices. For conflicts:
- This Addendum controls for EU/UK GDPR compliance
19. Contact Information Summary
For Data Subject Rights Requests
Email: privacy@racoman.com
Mailing Address: RACO Manufacturing & Engineering Co., Inc. Privacy Team 727 Allston Way, Suite B Berkeley, CA 94710
Phone: 1-510-658-6713
Response Time: 5 business days acknowledgment; 30 days response (60 days for complex requests)
20. Frequently Asked Questions (FAQ)
Q: Does RACO comply with GDPR?
A: Yes. RACO is committed to GDPR compliance for all EU/UK residents. This Addendum describes our compliance framework and your rights.
Q: Can I transfer my data to another service?
A: Yes. You have a right to data portability under Article 20. Request a portable copy by emailing privacy@racoman.com.
Q: How long does RACO keep my data?
A: Retention periods vary by data category (see Section 5). Most data is retained for 2-7 years depending on its purpose.
Q: Can RACO sell my data?
A: No. RACO does not sell personal data for monetary value. RACO may share data with vendors and marketing partners based on legitimate interests or consent.
Q: What if RACO is acquired?
A: If RACO is acquired, your data would transfer to the new owner, who would be bound by GDPR. We will notify you and provide opt-out opportunities if the new owner's practices change materially.
Q: Can I delete my account and all my data?
A: Yes. You can request account deletion and data erasure under Article 17. However, RACO may retain some data for legal or tax compliance purposes.
Q: Who is RACO's Data Protection Officer?
A: [To be added once DPO is designated. For now:] Contact privacy@racoman.com for GDPR-related matters.
Effective Date: June 2026
Last Updated: June 2026
Quick Reference Links
- Master Privacy Policy
- California Privacy Notice
- Multi-State Privacy Addendum
- Data Subject Rights Request Form [To be added]
- European Data Protection Board
End of GDPR Privacy Addendum