Data Protection Notice
Effective Date: May 26, 2025 Last Updated: May 26, 2025
Riaren Corporation (“Riaren,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the Personal Information we collect, use, and share in connection with our websites, client portals, products, services, and business operations (collectively, the “Services”). This Notice describes how we handle Personal Information, your privacy rights, and the choices available to you under U.S. federal law and all applicable U.S. state consumer-privacy laws—including, without limitation, the Texas Data Privacy and Security Act (TDPSA), California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and Virginia Consumer Data Protection Act (VCDPA).
1. Definitions
| Term | Meaning |
|---|---|
| Personal Information | Information that identifies, relates to, describes, or could reasonably be linked—directly or indirectly—to an identified or identifiable individual. |
| Processing | Any operation performed on Personal Information, such as collection, storage, use, disclosure, or deletion. |
| Texas Resident | A natural person who is a resident of the State of Texas acting in an individual or household context, as defined by the TDPSA. |
| Sensitive Personal Information | Personal Information revealing precise geolocation, SSNs, driver-license numbers, biometric identifiers, medical or health data, or data concerning children under 13. |
| Service Providers | Vendors that Process Personal Information on our behalf under binding contracts. |
2. Scope
This Notice applies to Personal Information we collect:
- Through riaren.com, sub-domains, and any mobile applications we publish;
- When you communicate with us (email, phone, events, social media);
- In the course of providing products or professional services; and
- From job applicants and prospective employees.
It does not apply to:
- Employee records handled under separate internal policies;
- Information classified as CUI or defense technical data subject to GOV-PLN-001(Current Revision);
- Third-party websites or services that link to or from our Services.
3. Categories of Personal Information We Collect
| Category | Examples | Collected? |
|---|---|---|
| Identifiers | Name, postal address, email, phone, IP address, credentials | ✔ |
| Commercial Information | Purchase history, transaction details, contract data | ✔ |
| Internet/Network Activity | Log files, device IDs, browsing data, cookies | ✔ |
| Geolocation Data | Approximate location via IP or device settings | ✔ |
| Professional Information | Job title, employer name, certifications, clearance status | ✔ |
| Sensitive Personal Information | SSNs (for background checks), medical fitness data | Limited/By Notice |
4. Sources of Personal Information
- Directly from you (forms, contracts, support tickets);
- Automatically from devices (cookies, logs);
- Business partners & government portals (SAM.gov, FPDS, EMALL);
- Public sources (LinkedIn, press releases, SEC filings);
- Background-check providers (with consent).
5. Purposes of Processing
- Contract fulfillment & order management;
- Account creation & authentication;
- Customer support & technical service;
- Regulatory & export-compliance screening;
- Quality-management & continuous improvement;
- Marketing & events (opt-out available);
- Network-security & fraud prevention;
- Recruitment & talent management;
- Legal, audit, and risk management;
- Corporate transactions (mergers, financing, asset sales).
6. Legal Bases & Authority
- Contract Performance: executing or preparing a contract;
- Legitimate Interests: security, quality assurance, compliance;
- Legal Obligation: statutory requirements (FAR, tax, export controls);
- Consent: where required (cookies, marketing emails, sensitive data).
7. Sharing & Disclosure
| Recipient | Purpose | Safeguards |
|---|---|---|
| Service Providers | Hosting, payment processing, logistics | Contracts, confidentiality, CMMC flow-down |
| Affiliates & Subsidiaries | Internal administration, reporting | Policies, access controls |
| Government Authorities | Licensing, vetting, lawful requests | Scope-limited disclosure |
| Professional Advisers | Legal, tax, audit, insurance | NDAs, professional secrecy |
| Business Transferees | Mergers, acquisitions, financing | Data-room safeguards, commitments |
8. Security Measures
- Frameworks: NIST SP 800-171, CMMC 2.0, ISO 27001;
- Encryption: TLS 1.3 in transit; AES-256 at rest;
- Zero-Trust: MFA, least-privilege, continuous monitoring;
- Incident Response: 24/7 SOC, DoD rapid-reporting;
- Penetration Testing: annual third-party assessments.
9. Data Retention
We retain Personal Information only as long as necessary to fulfill the purposes above, satisfy legal obligations (e.g., ITAR record retention—5 years), resolve disputes, and enforce agreements.
10. Your Rights & Choices
- Texas Residents (TDPSA): Up to twice per 12-month period—Know, Correct, Delete, Opt-Out; 45-day response (one extension); appeals available.
- U.S. Federal Rights: FAR 24.1 privacy act rights for government contractor employees.
- International Users (GDPR): Access, rectification, erasure, portability, restriction, objection; EU representative on request.
11. Cookies & Similar Technologies
We use first-party cookies for core functionality and optional analytics. Manage preferences via our Cookie Banner or browser settings.
12. Do-Not-Track & GPC
We honour Global Privacy Control (GPC) as a valid opt-out of targeted advertising.
13. Children’s Privacy
Our Services are not directed to children under 13. We do not knowingly collect from children; we delete data promptly if discovered.
14. International Transfers
By accessing Services outside the U.S., you consent to transfer, storage, and processing of your Personal Information in the U.S., where data-protection laws may differ.
15. Data Breach Notification
In the event of a breach, we will notify affected individuals and regulators without unreasonable delay and within timeframes required by federal and Texas law.
16. Changes to This Notice
We may update this Notice periodically. Material changes will be posted here with a new “Last Updated” date and, where appropriate, notified via email.
17. Contact Us
For questions or complaints, please contact [email protected].