Privacy policy

As part of our daily business operations, we collect personal information from our users and prospective users in order to provide them with our products and services and ensure that we can meet their needs when providing these products and services, as well as when providing them with any respective information.

Your privacy is of utmost importance to us, and it is our policy to safeguard and respect the confidentiality of information and the privacy of individuals. This Privacy Policy sets out how Re, Inc. and its successors, assigns, subsidiaries, and affiliates (collectively, the “Company”, “we”, “us”) collects, uses and manages the personal information that we receive from you, or a third party, in connection with your use of Site, and other services provided by us or the information which we collect from your use of Site. The Privacy Policy also informs you of your rights with respect to the processing of your personal information.

Our Privacy Policy is reviewed regularly to ensure that any new obligations and technologies, as well as any changes to our business operations and practices are taken into consideration, as well as that it remains abreast of the changing regulatory environment. We may amend this Privacy Policy at any time by posting the amended version on this site including the effective date of the amended version. We will announce any material changes (as we determine in our sole discretion) to this Privacy Policy on our website. Any personal information we hold will be governed by our most recent Privacy Policy. Please see Re’s Terms and Conditions, policies and guidelines for current limitations and services being provided. Please note, this Privacy Policy applies only to the extent required under applicable law to you.

Please note that if you are an employee of the Company, a contractor to the Company or a third-party provider, your personal information may be used in connection with your employment contract or your contractual relationship, whichever applies.

This Privacy Policy applies to the processing activities performed by Company to the personal information of its users and its potential users, including any Site app visitors.

• Our services may include links, or introductions, to third party services. The use of these third-party services may result in the collection and sharing of information about you by these third party services.
• This Privacy Policy does not address the data processing practices of any third party, unless as specified otherwise. Please note, the inclusion of a link on any of our services to a third party’s service does not imply endorsement of the third party’s data handling practices, and does not imply that the third party’s practices are covered by this Privacy Policy. We are not responsible for the privacy practices of these entities.
• We encourage you to be aware when you leave our services, and to read the privacy statements or notices of each website or app on which you land after you click on a link or social networking button.

As used herein, the following terms are defined as follows:

“Site” or “our services” refers to all the services and functionalities available on&nbsp https://www.re.xyz and any pages thereof, mobile app (if any) and any other software, tools, or features provided by the Company.

“Personal information” or “personal data” or “your data” refer to any information relating to you, as an identified or identifiable natural person, including your name, an identification number, location data, or an online identifier or to one or more factors specific to the physical, economic, cultural or social identity of you as a natural person.

“User”, “users” or “you” refer to anyone who accesses or uses Site and other services, websites, or apps provided by the Company.

“We”, “us”, or “Company” refer to Re, Inc. and its successors, assigns, and affiliates.

The Company you are contracting with is your data controller or data policy manager, and is responsible for the collection, use, storage, disclosure, retention and protection of your personal information in accordance with our policies and procedures, this Privacy Policy, as well as any applicable national laws. [The Company uses encryption to protect your information and store decryption keys in separate systems.] We may process and retain your personal information on servers in multiple data center locations, including the European Union, Japan, Australia, the United Kingdom, the United States of America and elsewhere in the world. By using the Site, you agree that your personal information may be transferred to, stored, and handled as described in this Policy.

The Company respects the privacy of users who access Site, and it is therefore committed to taking the reasonable steps to safeguard any existing or prospective users, applicants and app visitors that may be required by applicable law.

The Company seeks to keep any personal data of its users and its potential users in accordance with the applicable privacy and data protection laws and regulations.

While no website or application is absolutely secure, we believe we have the necessary and appropriate technical and organizational measures and procedures in place to seek to ensure that your information remains secure at all times. We regularly train and raise awareness for all our employees to the importance of maintaining, safeguarding and respecting your personal information and privacy. We regard breaches of individuals’ privacy very seriously and will impose appropriate disciplinary measures, including dismissal from employment. Although we have not appointed an official Group Data Protection Officer, you may request to exercise your applicable access, rectification, cancellation, and/or objection rights at the contact set out below.

The personal information that you provide us with when creating a user account or similar engagement with Site is classified as registered information, which is protected in several ways. You can access your registered information after logging in to user account. It is your responsibility to make sure that the password to your user account (if any) is only known to you and not disclosed to anyone else. Registered information is securely stored in a safe location, and only authorised personnel have access to it. All personal information is transferred to the Company over a secure connection, and thus reasonable measures are taken to prevent unauthorized parties from viewing any such information. Personal information provided to the Company that does not classify as registered information is also kept in a safe environment and accessible by authorized personnel of the Company only.

When you are opening a user account with us or using the Site, we may collect from you any of the following information:

• Full name, residential address and contact details (e.g., email address, telephone number, fax etc.);
• Date of birth, place of birth, gender, citizenship;
• Bank account information, digital asset wallet details, credit card details, including details about your source of funds, assets and liabilities, and OFAC information;
• Information on whether you hold a prominent public function (PEP);
• Information on your accounts with third-party websites, platforms, apps, and services and information that you have provided when creating an account with, or using, the third-party websites, platforms, apps, and services;
• Verification information, which includes information necessary to verify your identity (such as a passport, driver’s license or government-issued identity card, social security number or tax identification number);
• Account history, which may include information about the transactions and balances in accounts accessible via the Site;
• Correspondence, which may include written, telephonic or electronic communications; and
• Other personal information or commercial and/or identification information – whatever information we, in our sole discretion, deem necessary to comply with our legal obligations under various laws, such as under the European Union’s 4th AML Directive and the U.S. Bank Secrecy Act (BSA).

Information that we may collect about you automatically:

• Browser Information – Information that is automatically collected via analytics systems providers from your browser, including your IP address and/or domain name, any external page that referred you to us, your login information, Internet browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, your Media Access Control (MAC) address, computer type (Windows or Mac), and screen resolution;
• Log Information – Information that is generated by your use of Site that is automatically collected and stored in our server logs. This may include, but is not limited to, device- specific information, location information, system activity and any internal and external information related to pages that you visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website or app, including date and time; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. We may collect similar information, such as your device type and identifier, if you access the Site through a mobile device. We use this information to ensure that the Service functions properly.

We obtain information about you in a number of ways through your use of our services, including through any of our websites, the user account opening process or similar engagement with Site, webinar sign-up forms, event subscribing, news and updates subscribing, and from information provided in the course of on-going support service communications. We may also receive information about you from third parties such as your payment providers and through publicly available sources. For example:

• The banks you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details;
• Your business partners may provide us with your name and address, as well as financial information; or
• Advertising networks, analytics providers and search information providers may provide us with anonymized or de-identified information about you, such as confirming how you found our website.

We will process your personal information on the following bases and for the following purposes:

Providing the functionality of the Site and fulfilling your requests

We process personal data in order to provide our services and products, as well as information regarding our products and services based on the relationship with our users (i.e., so as to perform our obligations), to provide users with related customer service, to respond to your inquiries and fulfill your requests, such as to send you documents you request or email alerts, to send you important information regarding our relationship with you or regarding the Site, changes to our terms, conditions, and policies and/or other administrative information. We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation. In addition, the processing of personal data takes place to enable the completion of our user on-boarding process.

We must verify your identity in order to open the user account and we will use your personal data in order to effectively manage your use of the Site with us.

Compliance with a legal obligation

There are a number of legal obligations which may ultimately be imposed by relevant laws to which we are subject, as well as specific statutory requirements e.g., anti-money laundering laws, financial services laws, corporation laws, privacy laws and tax laws. There are also various supervisory authorities whose laws and regulations may apply to us. Such obligations and requirements imposed on us necessary personal data processing activities for identity verification, payment processing when appropriate, compliance with court orders, tax laws or other reporting obligations and controls.

These obligations apply at various times, including user on-boarding, payments and systemic checks for risk management.

For the purpose of safeguarding legitimate interests

We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. Example of such processing activities include (but are not limited to) the following:

• Initiating legal claims and preparing our defense in litigation procedures;
• Undertaking means and processes to provide for the Company’s IT and system security, preventing potential crime, asset security and access controls;
• Performing audits, to verify that our internal processes function as intended and we are compliant with legal, regulatory, or contractual requirements;
• Developing and adopting measures for managing the business and for further developing products and services;
• Potentially, in the future, sharing your data within the Re group of companies (e.g., affiliates) for the purpose of updating and/or verifying your personal data in accordance with the relevant anti-money laundering compliance frameworks (if applicable); and
• Risk management.

To provide you with products and services, or information about our products and services, and to review your ongoing needs.

We must use your personal information to perform our services and comply with our obligations to you. It is also in our legitimate interests to try to ensure that we are providing the best products and services so we may periodically review your needs based on our assessment of your personal information to ensure that you are getting the benefit of the best possible products and services from us.

To help us improve our products and services, including support services, and develop and market new products and services.

We may, from time-to-time, use personal information provided by you through your use of our services and/or through user surveys to help us improve our products and services. It is in our legitimate interests to use your personal information in this way to try to ensure the highest standards when providing you with our products and services and to continue to be a market leader within our industry.

To investigate or settle enquiries or disputes.

We may need to use personal information collected from you to investigate issues or to settle disputes with you because it is our legitimate interest to ensure that issues and disputes get investigated and resolved in a timely and efficient manner.

To comply with applicable laws, subpoenas, court orders, other judicial process, or the requirements of any applicable regulatory authorities.

We may need to use your personal information to comply with any applicable laws and regulations, subpoenas, court orders or other judicial processes, or requirements of any applicable regulatory authority. We do this not only to comply with our legal obligations but because it may also be in our legitimate interest to do so.

To send you surveys.

From time to time, we may send you surveys as part of our user feedback process. It is in our legitimate interest to ask for such feedback to try to ensure that we provide our products and services at the highest standard. However, we may from time to time also ask you to participate in other surveys and if you agree to participate in such surveys, we rely on your consent to use the personal information we collect as part of such surveys. All responses to any survey we send out whether for user feedback or otherwise will be aggregated and depersonalized before the results are published and shared.

Data analysis

Our website pages and emails may contain web beacons or pixel tags or any other similar types of data analysis tools that allow us to track receipt of correspondence and count the number of users that have visited our webpage or opened our correspondence. We may aggregate your personal information with the personal information of our other users on an anonymous basis (that is, with your personal identifiers removed), so that more rigorous statistical analysis of general patterns may lead us to providing better products and services.

If your personal information is completely anonymized, we do not require a legal basis as the information will no longer constitute personal information. If your personal information is not in an anonymized form, it is in our legitimate interest to continually evaluate that personal information to ensure that the products and services we provide are relevant to the market.

Marketing purposes

We may use your personal information to send you marketing communications by email or other agreed forms (including social media campaigns), to ensure you are always kept up-to-date with our latest products and services. If we send you marketing communications we will do so based on your consent and registered marketing preferences.

Internal business purposes and record keeping

We may need to process your personal information for internal business and research purposes as well as for record keeping purposes. Such processing is in our own legitimate interests and is required in order to comply with our legal obligations. This may include any communications that we have with you in relation to the products and services we provide to you and our relationship with you. We will also keep records to ensure that you comply with your contractual obligations pursuant to the Terms and Conditions governing our relationship with you and other Site policies, guidelines, and procedures.

Notifications

Often the law requires us to advise you of certain changes to products or services or laws. We may need to inform you of changes to the Terms and Conditions, any other Site policies, guidelines, and procedures. or the features of our products or services. We need to process your personal information to send you these notifications. You will continue to receive this information from us even if you choose not to receive direct marketing information from us.

The Company will not disclose any of its users’ personal information to a third party, except: (a) to the extent that it is required to do so pursuant to any applicable laws, rules or regulations; (b) if there is a duty to disclose; (c) if our legitimate business interests require disclosure; (d) in line with our Terms and Conditions; (e) at your request or with your consent or to those described in this Privacy Policy. The Company will endeavor to make such disclosures on a “need-to-know” basis, unless otherwise instructed by a regulatory authority. Under such circumstances, the Company will notify the third party regarding the confidential nature of any such information.

As part of using your personal information for the purposes set out above, the Company may disclose your personal information to the following:

• Any members, employees, officers, directors, managers, and shareholders of the Company, our affiliates and subsidiaries;
• Any of our service providers and business partners, for business purposes, such as specialist advisors who have been contracted to provide us with administrative, financial, legal, tax, compliance, insurance, IT, debt-recovery, analytics, research or other services;
• Any third parties connected with the sale, merger, bankruptcy, sale of assets, or reorganization of the Company;
• Any enforcement and government agencies, as required under the applicable law; and
• Third-party services to which you’ve connected your Site account.

If the Company discloses your personal information to service providers and business partners, in order to perform the services requested by users, such providers and partners may store your personal information within their own systems in order to comply with their legal and other obligations.

We make efforts to require that service providers and business partners who process personal information acknowledge the confidentiality of this information, undertake to respect any user’s right to privacy and comply with all relevant privacy and data protection laws and this Privacy Policy.

In addition, where allowed by applicable law, we may use and disclose information that is not in personally identifiable form for any purpose. If we combine information that is not in personally identifiable form with information that is identifiable (such as combining your name with your geographical location), we will treat the combined information as personal information as long as it is combined

Our operations are supported by a network of computers, servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. We and our third-party service providers and business partners store and may process your personal data in the European Union, Japan, the United Kingdom, the United States of America and elsewhere in the world.

Your personal information may be stored and processed in any country where we have facilities or service providers, and by using our Site or by providing consent to us (where required by law), your information may be transferred to countries outside of your country of residence, including to the United States, which may provide for different data protection rules than in your country. We may transfer your personal information outside the EEA and UK to other Company subsidiaries, service providers and business partners (i.e., Data Processors) who are engaged on our behalf. To the extent that we transfer your personal information outside of the EEA and UK, we will use reasonable efforts to ensure that the transfer is lawful and that Data Processors in third countries are obliged to comply with the European Union (EU) General Data Protection Act 2016 and the UK Data Protection Act 2018. If transfers of personal information are processed in the US, we may in some cases rely on standard contractual clauses.

By using our products and services, you consent to your personal data being transferred to other countries, including countries that have differing levels of privacy and data protection laws than your country. In all such transfers, we will use reasonable organizational, technical, and administrative measures to protect your personal information as described in this Privacy Policy and ensure that appropriate information sharing contractual agreements are in place.

Your transactions and some other activities on Site relating to Digital Assets may be recorded on a public blockchain. Please note, to be clear, the Company is entitled to limit payments for any products or services to any one or more Digital Assets and/or to fiat. Public blockchains are distributed ledgers, intended to immutably record transactions across wide networks of computer systems. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of private financial information, especially when blockchain data is combined with other data.

Because blockchains are decentralized networks which are not controlled or operated by Company or its affiliates, we are not able to erase, modify, or alter personal data from such networks.

As used above, Digital Asset” means a digital representation of value (also referred to as “cryptocurrency,” “virtual currency,” “digital currency,” “crypto token,” “crypto asset,” or “digital commodity”), such as bitcoin, XRP or ether, which is based on the cryptographic protocol of a computer network that may be (i) centralized or decentralized, (ii) closed or open-source, and (iii) used as a medium of exchange and/or store of value.

Safeguarding the privacy of your personal information is of utmost importance to us, whether you interact with us personally, by phone, by email, over the internet or any other electronic medium. We will hold personal information, for as long as we have a business relationship with you, in secure computer storage facilities, and we take reasonable measures to protect the personal information we hold from misuse, loss, unauthorized access, modification or disclosure.

When we consider that personal information is no longer necessary for the purpose for which it was collected, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time (after you cease being our user). For example, we may be subject to certain laws that require us to retain certain information for a period of 5 years after our business relationship with you has ended.

We may keep your data for longer than 5 years if we cannot delete it for legal, regulatory, or technical reasons.

Also, the personal information we hold in the form of a recorded information, by telephone, electronically or otherwise, will be held in line with local regulatory requirements (i.e., 5 years after our business relationship with you has ended or longer if you have legitimate interests (such as handling a dispute with you). If you have opted out of receiving marketing communications, we will hold your details on our suppression list so that we know you do not want to receive these communications.

When you use our products and services, we may make use of the standard practice of placing tiny data files called cookies, flash cookies, pixel tags, or other tracking tools (herein, “Cookies”) on your computer or other devices used when engaging with us. We use Cookies to help us recognize you as a customer, collect information about your use of our products and services, to better customize our services and content for you, and to collect information about your computer or other access devices to ensure our compliance with our legal obligations. We may receive reports based on the use of Cookies from third-party service providers on an individual as well as aggregated basis. For more information, including the information on how you may disable these technologies, please see the Cookie Policy below.

The rights that are available to you in relation to the personal information we hold about you are outlined below.

Information Access

If you ask us, we will confirm whether we are processing your personal information and, if so, what information we process and, if requested, provide you with a copy of that information within 30 days from the date of your request.

Rectification

It is important to us that your personal information is up to date. We will take all reasonable steps to make sure that your personal information remains accurate, complete and up-to-date. If the personal information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have disclosed your personal information to others, we will let them know about the rectification where possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your personal information so that you can contact them directly.

You may inform us at any time that your personal details have changed by emailing us at the email address indicated below. The Company will change your personal information in accordance with your instructions. To proceed with such requests, in some cases we may need supporting documents from you as proof, i.e., personal information that we are required to keep for regulatory or other legal purposes.

Erasure

You can ask us to delete or remove your personal information in certain circumstances such as if we no longer need it, provided that we have no legal obligation to retain that data. Such requests will be subject to the contract that you have with us, and to any retention limits we are required to comply with in accordance with applicable laws and regulations. If we have disclosed your personal information to others, we will let them know about the erasure request where possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your personal information so that you can contact them directly. Erasure is subject to the limitations set forth in the Terms and Conditions and any other Site policies, guidelines, and procedures.

Processing restrictions

You can ask us to block or suppress the processing of your personal information in certain circumstances such as if you contest the accuracy of that personal information or object to us processing it. It will not stop us from storing your personal information. We will inform you before we decide not to agree with any requested restriction. If we have disclosed your personal information to others, we will let them know about the restriction of processing if possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your personal information so that you can contact them directly.

Data portability

In certain circumstances you might have the right to obtain personal information you have provided us with (in a structured, commonly used and machine readable format) and to re-use it elsewhere or ask us to transfer this to a third party of your choice.

Objection

Please see limitations and procedures set forth in the Terms and Conditions and any other Site policies, guidelines, and procedures published on the Site. Please be aware that information cannot be deleted from the public blockchain. Otherwise, you can ask us to stop processing your personal information, and we will do so, if we are:

• Relying on our own or someone else’s legitimate interests to process your personal information except if we can demonstrate compelling legal grounds for the processing;
• Processing your personal information for direct marketing; or
• Processing your personal information for research unless we reasonably believe such processing is necessary or prudent for the performance of a task carried out in the public interest (such as by a regulatory or enforcement agency).

Automated decision-making and profiling

If we have made a decision about you based solely on an automated process (e.g., through automatic profiling) that affects your ability to access Site and our products and services or has another significant effect on you, you can request not to be subject to such a decision unless we can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us or for the compliance with applicable law. Even if a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention. We may not be able to offer our products or services to you in such a case.

Our Privacy Policy is reviewed regularly to ensure that any new obligations and technologies, as well as any changes to our business operations and practices are taken into consideration, as well as that it remains abreast of the changing regulatory environment. Any personal information we hold will be governed by our most recent Privacy Policy.

If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and other places we deem appropriate.

[Except to the extent permitted by the Terms and Conditions, our products and services are not directed to persons under the age of majority in such person’s jurisdiction (e.g., 18 years old in the United States), hereinafter “Children”, “Child” and we do not knowingly collect personal information from Children. If we learn that we have inadvertently gathered personal information from a Child, we will take legally permissible measures to remove that information from our records. The Company will require the user to delete his or her account and will not allow the use of our products and services. If you are a parent or guardian of a Child, and you become aware that a Child has provided personal information to us, please contact us at the email address indicated below. You may request to exercise your applicable access, rectification, cancellation, and/or objection rights by contacting us at hello@re.xyz.

If you have a problem reading or accessing information or materials on Site, please inform us at the email address indicated below.

We give you choices regarding our use and disclosure of your Personal Information for marketing purposes. You may opt out from:

Receiving marketing communications from us: If you no longer want to receive marketing communications from us on a going forward basis, you may opt out of receiving them by contacting us at the email address indicated in the section “Contact Information” below. In your request to us, please provide your name, identify the form(s) of marketing communications that you no longer wish to receive, and include the address(es) to which it/they are sent. For example, if you no longer wish to receive marketing emails or direct mail from us, tell us that, and provide your name and email or postal address.

Receiving reminders from us: If you no longer want to receive reminders from us on a going-forward basis, you may opt out of receiving them by contacting us at the email address indicated in the section “Contact Information” below. In your request to us, please provide your name and the email address or phone number at which you receive reminders from us.

Our sharing of your personal information with affiliates and third-party partners: If you previously opted in to receiving marketing communications from our affiliates or third-party partners, you may opt out of our sharing of your personal information with those parties for their direct marketing purposes on a going-forward basis by contacting us at the email address indicated in the section “Contact Information” below. In your request to us, please state that we should no longer share your personal information with our affiliates and/or third party partners for their marketing purposes, and include your name and email address.

We will seek to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out as described above, we will not be able to remove your personal information from the databases of our affiliates with which we have already shared your information (i.e., as of the date that we implement your opt-out request). Please also note that if you opt out of receiving marketing-related messages from us, we may still send you important transactional and administrative messages, from which you cannot opt out.

If you would like to review, correct, update, restrict, or delete your personal information, or if you would like to request to receive an electronic copy of your personal information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), please contact us the email address indicated in the section “Contact Information” below. We will respond to your request as soon as reasonably practicable and no later than one month after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.

Any questions, complaints, comments and requests regarding this Privacy Policy are welcome and should be addressed to hello@re.xyz.

If you are not satisfied with our response to your complaint, you have the right to submit a complaint to the regulator in your country. Here are the contact details of some of the regulators:

For residents of Australia:

For residents of Canada:

Please visit https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/.

For residents of the United Kingdom:

For residents of Japan:

For residents of Singapore:

Please click here  for contact information for EU national data protection authorities.

Our Cookie Notice (the “Notice”) explains how Re, Inc. and its affiliates (“we”) worldwide use cookies and similar tracking technology when you visit our website, interact with online advertisements or marketing emails, or engage with any other websites, pages, features, or content we own or operate that direct you to this Notice (collectively the “Services”). Please read this Notice carefully so that you can be informed about our cookie handling practices when accessing or using our Services.

1. Address

   This Cookie Notice is part of, and is governed by, the Re’s Terms and Conditions. You should also read our General Privacy Policy to be informed about our data handling practices.

   By accessing or using our Services, you accept the data practices and terms detailed in this Notice.

   If you decide at any time that you no longer wish to accept cookies from our Services for any of the purposes described below, you can change your browser settings to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Consult your browser’s technical information to learn more. [You can also click the “Cookie Settings” link in our website footer to update your browser’s cookie preferences for our Service at any time.] If you do not accept cookies, however, you may not be able to use all portions of the Service or all functionality of the Service.

2. Change to this Notice

   We may update this Notice at any time so that we can keep you updated about our new data handling practices. If we make any material changes to this Notice, we will notify you when you first visit our Services after the changes are posted or via the email address we have on file for you (if any). Once the Notice is posted, the changes become effective upon your continued use of the Services. We will update the Last Updated date located at the top of this Notice whenever we make changes to the Notice.

3. What are cookies?

   Cookies are small data files that we transfer to your device to collect information about your use of our Services. Cookies can be recognized by the website that downloaded them or other websites that use the same cookies. This helps websites know if your browsing device has visited them before.

   Generally, information collected by cookies and other tracking technologies does not constitute personal information as defined by GDPR. However, if exceptionally such collected information does constitute personal information (such as IP addresses or similar identifiers), we will treat it as personal information in accordance with our Privacy Policy.

   We use both first-party and third-party cookies on our Services. First-party cookies are cookies that are placed on your device by us, while third-party cookies are set by parties other than GT. Third-party cookies are operated by third parties that can recognize your device both when it visits our Services and when it visits other websites or mobile apps. GT does not control how third-party cookies are used, and we encourage you to check the websites of any third-party cookie providers for more information about how they use cookie information.

4. How long will cookies stay on my browsing device?

   Our retention periods for cookie information depend on whether the cookie is a “persistent” or “session” cookie. Each category of cookie listed below is either a session cookie or persistent cookie.

   We use “persistent cookies” to save information about you for longer periods of time, while “session” cookies are deleted when you close your browser or after a short period of time. Persistent cookies are stored for varied lengths of time depending on the purpose of the cookie collection and tool used. You can delete cookie data as described below.

5. Why do we use cookies?

   Cookies can be used for multiple purposes. We use cookies to help us understand how the Services are being used, such as whether you spent more time on a certain part of the Services, whether you experienced any technical issues, and more. Some of the functions performed by cookies are strictly necessary for us to be able to offer you our services, while other cookies provide us with valuable insight about how we can improve our services or help us with marketing our products and services to you based on your interests and preferences

6. What types of cookies do we use?

   We use the cookies described below on our Services:

   Strictly Necessary Cookies

   These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

   Functional Cookies

   These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

   Performance Cookies

   These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

   Here is the list of cookies / tracking technologies served by service providers and other companies (third party cookies):

   • Twilio Segment
   • Google Analytics

Possible addition depending on Company’s practices

Please note that we do not currently respond to web browser “do not track” signals or other mechanisms that may allow you to opt out of the collection of information across networks of websites and online services as there is no standard for how online services should respond to such signals. As standards develop, we may develop policies for responding to do-not-track signals that we will describe in this Privacy Policy.

This US Supplemental Privacy Notice (“Supplemental Notice”) applies only to information collected about California, Colorado, Virginia, Utah, and Connecticut consumers. It provides information required under the following laws (collectively, as amended from time to time, “US State Privacy Laws”):

• California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020 (collectively, the “CPRA”)
• Colorado Privacy Act of 2021 (the “CPA”)
• Connecticut Data Privacy Act (“CTDPA”)
• Utah Consumer Privacy Act of 2022 (the “UCPA”)
• Virginia Consumer Data Protection Act of 2021 (the “VCDPA”)

We also provide information collected about Nevada consumers under the heading “Privacy Notice for Nevada Residents” at the end of this Supplemental Notice. The other portions of this Supplemental Notice do not apply to Nevada consumers.

This Supplemental Notice describes practices carried out by Re, Inc. (collectively, the “Company”, “we”, “us”) regarding the collection, use, and disclosure of Personal Information and provides instructions for submitting data subject requests. This Supplemental Notice is parallel in scope to our General Privacy Policy and should be read in conjunction with our General Privacy Policy.

Some portions of this Supplemental Notice apply only to consumers of particular states. In those instances, we have indicated that such language applies only to those consumers.

Please note that if you are an employee of the Company, a contractor to the Company or a third-party provider, your personal information may be used in connection with your employment contract or your contractual relationship, whichever applies.

A. Definitions

• “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information includes “personal data” as that term is defined in the applicable US State Privacy Law. Personal Information also includes “Sensitive Personal Information,” as defined below, except where otherwise noted.
• “Sensitive Personal Information” means Personal Information that reveals a consumer’s social security, driver’s license, state identification card, or passport number; account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious beliefs, or union membership; contents of email or text messages; and genetic data. Sensitive Personal Information also includes processing of biometric information for the purpose of uniquely identifying a consumer and Personal Information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation. Sensitive Personal Information also includes “sensitive data” as that term is defined in the applicable US State Privacy Law.
• “Third Party” has the meanings afforded to it in the applicable US State Privacy Law.
• “Vendor” means a service provider, contractor, or processor as those terms are defined in the applicable US State Privacy Law.

To the extent other terms used in this Supplemental Notice are defined terms under the applicable US State Privacy Law, they shall have the meanings afforded to them in those statutes, whether or not capitalized herein. As there are some variations between such definitions in each of the state statutes, the definitions applicable to you are those provided in the statute for the state in which you are a consumer. For example, if you are a Virginia consumer, terms used in this Supplemental Notice that are defined terms in the VCDPA shall have the meanings afforded to them in the VCDPA as this Supplemental Notice applies to you.

B. Collection & Processing of Personal Information

We, and our Vendors, may have collected and processed the following categories of Personal Information about you in the preceding 12 months:

1. Identifiers, such as name, alias, online identifiers, account name, physical characteristics, or description;
2. Contact and financial information, including phone number, address, email address, financial information, medical information, health insurance information;
3. Commercial information, such as transaction information, payment information, tax withholding information and purchase history;
4. Geolocation data, such as device location;
5. Professional or employment-related information, such as specialty, education history, professional qualifications, work history and prior employer;
6. Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics; and
7. Sensitive personal information, including:
   1. Personal Information that reveals:
      1. Social security, driver’s license, state identification card, or passport number;
      2. Account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials for allowing access to an account;
      3. Precise geolocation;
      4. Racial or ethnic origin, religious or philosophical beliefs, or union membership;
      5. Genetic data.
   2. Biometric data processed for the purpose of uniquely identifying a consumer;
   3. Personal Information collected and analyzed concerning a consumer’s health; and
   4. Personal Information collected and analyzed concerning a consumer’s sex life or sexual orientation.

Retention of Personal Information. We retain your Personal Information for the period reasonably necessary to provide goods and services to you and for the period reasonably necessary to support our business operational purposes listed in Section E.

C. Categories of Personal Information We Disclose to Vendors & Third Parties

We may disclose the following categories of Personal Information to Vendors and Third Parties:

1. Identifiers, such as name, alias, online identifiers, account name, physical characteristics or description;
2. Contact and financial information, including phone number, address, email address, financial information, medical information, health insurance information;
3. Characteristics of protected classifications under state or federal law, such as age, [gender, race, physical or mental health conditions], and marital status;
4. Commercial information, such as transaction information, payment information, tax withholding information and purchase history;
5. Biometric information;
6. Internet or other electronic network activity information, such as browsing history, search history and interactions with our websites or advertisements;
7. General Geolocation data, such as device location;
8. Audio, electronic, visual and similar information, such as call and video recordings;
9. Professional or employment-related information, such as specialty, education history, professional qualifications, work history and prior employer;
10. Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics; and
11. Sensitive personal information, including:
    1. Personal Information that reveals:
       1. Social security, driver’s license, state identification card, or passport number;
       2. Account log-in, financial account number, debit card number, or credit card number in combination with any required security or access code, password, or credentials for allowing access to an account;
       3. Precise geolocation
       4. Racial or ethnic origin, religious or philosophical beliefs, or union membership;
       5. Genetic data.
    2. Biometric data processed for the purpose of uniquely identifying a consumer;
    3. Personal Information collected and analyzed concerning a consumer’s health; and
    4. Personal Information collected and analyzed concerning a consumer’s sex life or sexual orientation.

Disclosure for California Consumers: Unless specifically stated, we have not sold or shared Personal Information about California consumers to third parties for their own use in the past twelve months. Relatedly, we do not have actual knowledge that we collect, sell, or share Personal Information of California consumers under 18 years of age. If you are a parent or guardian of a California consumer under 18 years of age and you become aware that this consumer has provided personal information to us, you may request to exercise your applicable access, rectification, cancellation, and/or objection rights by contacting us at hello@re.xyz.

However, we may share your personal information with our affiliates and trusted partners in arrangements that may meet the broad definition of “sale” or “share” under California law. In these arrangements, use of the information we share is limited by policies, contracts, or similar restrictions.

For purposes of the CPRA, a “sale” is the disclosure of Personal Information to a Third Party for monetary or other valuable consideration, and a “share” is the disclosure of Personal Information to a Third Party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.

Disclosure for Colorado, Virginia, Utah, and Connecticut Consumers: Unless specifically stated, we do not sell or share Personal Information to Third Parties for their own use. However, we may share or process one or more of the above categories of personal information with our affiliates and trusted partners in arrangements for purposes of targeted advertising, as the terms “sell,” “share,” “process,” and “targeted advertising” are defined in the CPA, VCDPA, UCPA, and CTDPA. In these arrangements, use of the information we share is limited by policies, contracts or similar restrictions.

D. Sources from Which We Collect Personal Information

We may collect Personal Information directly from California, Colorado, Virginia, Utah, and Connecticut consumers, as well as from our affiliates, business partners, joint marketing partners, public databases, providers of demographic data, publications, professional organizations, social media platforms, caregivers, third party information providers, affiliates with whom you have a business relationship, service providers with which we have a contractual relationship and to which you have provided your personal information, cookies and other tracking technologies, and Vendors and Third Parties when they share the information with us.

E. Purposes for Processing Personal Information

We, and our Vendors, collect and process the Personal Information (excluding Sensitive Personal Information) described in this Supplemental Notice to:

• Operate, manage, and maintain our business;
• Respond to your inquiries and to fulfill your requests;
• Send you important information regarding our relationship with you or regarding this website, changes to our terms, conditions, and policies and/or other administrative information;
• Conduct audits, to verify that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements;
• Prevent fraud or crime, and for risk and technical security monitoring purposes;
• Facilitate the development of new products and services;
• Enhance, improve or modify our website or products and services;
• Perform research, analytics and, data analysis;
• Determine the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users;
• Personalize, advertise, and market our products and services;
• Comply with law (including regulations and rules), legal process, and internal policies;
• Maintain records;
• Exercise and defend legal claims; and
• Otherwise accomplish our business purposes and objectives

To the extent that We and our Vendors collect and process Sensitive Personal Information, We, and our Vendors, collect and process the Sensitive Personal Information described in this Supplemental Notice for:

• Performing the services or providing the goods reasonably expected by an average consumer who requests those goods or services;
• Ensuring security and integrity to the extent the use of the consumer's Personal Information is reasonably necessary and proportionate for these purposes;
• Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on our behalf;
• Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us;
• Personalizing, advertising, and marketing our products and services;
• Conducting research, analytics, and data analysis;
• Performing accounting, audit, and other internal functions, such as internal investigations;
• Complying with law, legal process, and internal policies;
• Maintaining records;
• Exercising and defending legal claims; and
• Otherwise accomplishing our business purposes and objectives.

F. Categories of Entities to Whom We Disclose Personal Information

• Affiliates & Vendors. We may disclose your Personal Information to our affiliates and Vendors for the purposes described in Section E (“Purposes for Processing Personal Information”) above. Our Vendors provide us with services for our websites, as well as other products and services, such as web hosting and moderating, mobile application hosting, data analysis, payment processing, order fulfillment, customer service, infrastructure provision, technology services, email and direct mail delivery services, auditing, legal services, and other similar services. We grant our Vendors access to Personal Information only to the extent needed for them to perform their functions, and require them to protect the confidentiality and security of such information.
• Third Parties. We may disclose your Personal Information to the following categories of Third Parties:
  • At Your Direction. We may disclose your Personal Information to any Third Party with your consent or at your direction.
  • Business Transfers or Assignments. We may disclose your Personal Information to other entities as reasonably necessary to facilitate a reorganization, merger, sale, joint venture or collaboration, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
  • Third Party Co-Branding and Co-Marketing Partners. We may share your Personal Information with our third-party partners with whom we offer a co-branded or co-marketed promotion (if any).
  • Third Party Advertising Partners. To improve the effectiveness of our communication with you and our marketing campaigns, we may share our data with our third party advertising partners, including social media, medical journals and publishers.
  • Legal and Regulatory. We may disclose your Personal Information to government authorities, including regulatory agencies and courts, as reasonably necessary for our business operational purposes, to assert and defend legal claims, and otherwise as permitted or required by law.

G. Data Subject Rights

• Exercising Data Subject Rights. California, Colorado, Virginia Utah, and Connecticut consumers have certain rights with respect to the collection and use of their Personal Information. Those rights vary by state. As required by the CPRA, we provide detailed information below regarding the data subject rights available to California consumers. Colorado, Virginia, Utah, and Connecticut consumers have similar rights and can find more detail by referencing the applicable US State Privacy Law.

You may exercise the data subject rights applicable to you under the applicable US State Privacy Law by contacting us at hello@re.xyz. While we will make reasonable efforts to accommodate your request, we reserve the right to impose certain restrictions or requirements on your request, if allowed by or required by applicable law.

Consumers in some states, including California, may also authorize an agent to make data subject requests on their behalf.

• Verification of Data Subject Requests. We may ask you to provide information that will enable us to verify your identity in order to comply with your data subject request. In particular, when a California or Connecticut consumer authorizes an agent to make a request on their behalf, we may require the agent to provide proof of signed permission from the consumer to submit the request, or we may require the consumer to verify their own identity to us or confirm with us that they provided the agent with permission to submit the request. In some instances, we may decline to honor your request if an exception applies under applicable law. We will respond to your request consistent with applicable law.
• Non-Discrimination. We will not discriminate against you for exercising your data subject rights. For example, we will not deny goods or services to you, or charge you different prices or rates, or provide a different level of quality for products or services as a result of you exercising your data subject rights.
• Data Subject Rights Disclosure
• Right to Receive Information on Privacy Practices: You have the right to receive the following information at or before the point of collection:
  • The categories of Personal Information to be collected;
  • The purposes for which the categories of Personal Information are collected or used;
  • Whether or not that Personal Information is sold or shared;
  • If the business collects Sensitive Personal Information, the categories of Sensitive Personal Information to be collected, the purposes for which it is collected or used, and whether that information is sold or shared; and
  • The length of time the business intends to retain each category of Personal Information, or if that is not possible, the criteria used to determine that period.

We have provided such information in this Supplemental Notice, and you may request further information about our privacy practices by contacting us at hello@re.xyz.

• Right to Deletion: You may request that we delete any Personal Information about you that we collected from you.
• Right to Correction: You may request that we correct any inaccurate Personal Information we maintain about you.
• Right to Know: You may request that we provide you with the following information about how we have handled your Personal Information in the 12 months preceding your request:
  • The categories of Personal Information we collected about you;
  • The categories of sources from which we collected such Personal Information;
  • The business or commercial purpose for collecting Personal Information about you;
  • The categories of Personal Information about you that we shared or disclosed and the categories of Third Parties with whom we shared or disclosed such Personal Information; and
  • The specific pieces of Personal Information we have collected about you.
• Right to Receive Information About Onward Disclosures: You may request that we disclose to you:
  • The categories of Personal Information that we have collected about you;
  • The categories of Personal Information that we have sold or shared about you and the categories of Third Parties to whom the Personal Information was sold or shared; and
  • The categories of Personal Information we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
• Right to Non-Discrimination: You have the right not to be discriminated against for exercising your data subject rights. We will not discriminate against you for exercising your data subject rights.
• Right to Restrict or Limit the Use of Sensitive Personal Information: You have the right to restrict the use and disclosure of Sensitive Personal Information to certain purposes related to the offering of goods or services as listed in the CPRA. To exercise this right, you or your authorized representative may submit a request by contacting us at hello@re.xyz  or by clicking on the relevant button on the landing page of our website.
• Right to Opt Out of Sharing, Disclosure, or Sale of Personal Information: You have the right to direct us to not share, disclose, or sell your personal information. To exercise this right, you or your authorized representative may submit a request by contacting us at hello@re.xyz or by clicking on the relevant button on the landing page of our website.

H. Other Disclosures

• California Residents Under Age 18. If you are a resident of California under the age of 18 and a registered user of our website, you may ask us to remove content or data that you have posted to the website by contacting us at hello@re.xyz. Please note that your request does not ensure complete or comprehensive removal of the content or data, as, for example, some of your content or data may have been reposted by another user.
• Disclosure About Direct Marketing for California Residents. California Civil Code § 1798.83 permits California residents to annually request certain information regarding our disclosure of Personal Information to other entities for their direct marketing purposes in the preceding calendar year. [We do not distribute your Personal Information to other entities for their own direct marketing purposes.]
• Financial Incentives for California Consumers. We may offer various types of financial incentives in exchange for your personal information, such as coupons, discounts, promotions, loyalty points, sweepstakes, contests, surveys, and other exclusive offers for California consumers who sign up to receive our marketing emails or join our loyalty program. The amount and terms of such offers will be presented to you at the time of the offer. When you participate in a financial incentive, we collect personal information from you, such as identifiers (like your email address) and commercial information (like your purchase history). Solely for purposes of California privacy law, we reasonably estimate the value of the discount, coupon, or other financial incentive that we offer to you to be equal to or greater than the value we receive from a consumer’s personal information collected in connection with the offer. We reasonably estimate the value of a consumer’s data by estimating the expenses related to the provision of each incentive program per consumer. We incur a variety of expenses for providing financial incentives, such as administrative and technical expenses associated with maintaining a loyalty program and costs associated with discounts on purchases. Participation in our financial incentives is voluntary. You may opt into a financial incentive by following the sign-up or participation instructions provided, and you have the ability to opt out by unsubscribing from our emails or closing your loyalty member account.
• Changes to our Supplemental Notice. We reserve the right to amend this Supplemental Notice at our discretion and at any time. When we make material changes to this Supplemental Notice, we will notify you by posting an updated Supplemental Notice on our website and listing the effective date of such updates.

This Privacy Notice for Nevada Residents adds to the information contained in the Company’s General Privacy Policy, and applies only to Nevada residents (“You,” “your” or “consumer”).

Personal Information Collection and Purposes of Use

We collect certain personal information of Nevada consumers through our Internet websites or other online service. This information includes one or more of the following elements of personally identifiable information:

1. A first and last name.
2. A home or other physical address that includes the name of a street and the name of a city or town.
3. An electronic mail address.
4. A telephone number.
5. A Social Security Number.
6. An identifier that allows a specific person to be contacted either physically or online.
7. Any other information concerning a person collected from the person through the Internet website or online service of the operator, and maintained by the operator in combination with an identifier in a form that makes the information personally identifiable.

We collect this personal information for the following purposes:

• to respond to your inquiries and to fulfill your requests;
• to send you important information regarding our relationship with you or regarding this website, changes to our terms, conditions, and policies and/or other administrative information;
• for audits, to verify that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements;
• for fraud or crime prevention, and for technical security monitoring purposes;
• to facilitate the development of new products and services;
• to enhance, improve or modify our website or products and services;
• for data analysis that will allow us to understand website usage trends;
• to determine the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users.
• to better understand you, so that we can personalize our interactions with you and provide you with information and/or offers tailored to your interests.

Your Privacy Rights: Right to access and/or correct your personal information, or opt out of sale of personal information.

If you would like to review, correct, or update your personal information, you or your authorized representative may submit your request to hello@re.xyz. We will respond to your verified request as soon as reasonably practicable, but no later than sixty (60) days after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.

We generally do not disclose or share personal information for profit. Under Nevada law, you have the right to direct us to not sell or license your personal information to third parties. To exercise this right, if applicable, you or your authorized representative may submit a request to hello@re.xyz. We will respond to your verified request as soon as reasonably practicable, but no later than sixty (60) days after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.