Introduction

This Privacy Policy explains what information Cresco Data Pty Ltd collects about Customers, why and what we do with that information, how we share it, and how we handle the content Customers place in our platform. It also explains the choices available to you regarding our use of your Personal Information and how you can access and update this information.

 

Scope of Privacy Policy

In order to perform the Services, The Cresco Data Platform-as-a-Service Cresco is required to collect and store Customer Data. This Privacy Policy applies to the information that we obtain through your use of The Cresco Data Platform-as-a-Service and Commerce-as-a-Service as well as Personal Information you may send us in order to interact with our services.

 

Definitions

Cresco Data Platform” means Cresco’s cloud-based commerce software platform that allows a Customer to automate and synchronise the delivery of product information to Publishing Destinations, which may include marketplaces, webstores and product listing advertisements.

“Customer Data” is information required from the Customer in order to deliver the Cresco Data services. This includes Customer and company information. Publishing Channel details and log-ins

“Content” is any information or data that you upload, submit, post, create, transmit, store or display whilst using a Cresco service.

Product Data” means all information and materials related to Seller products and brands that Sellers provide to Customer that is uploaded, processed or otherwise stored in the Cresco Data Platform, or that The Customer directs Cresco to collect on its behalf, including image files, text, stock availability, templates, product descriptions, trade and service marks and other related information

“Services” This includes any and all data services provided by Cresco Data and as requested by Customers.

“Order Data” Order data is the data that is sent from a Publishing Destination surrounding the purchase of a product. This includes but not restricted to: Product ID, sale price RRP, shipping label information

Publishing Destination” means the third party marketplaces, commerce sites, search engines, shopping sites, social commerce channels, digital ad networks and other third party channels supported by Cresco from time to time that are the subject of the Services, as set out in each Statement of Work.

“Personal Information” information that may be used to readily identify or contact you as an individual person, such as: name, address, email address, or phone number. Personal Information does not include information that has been anonymised such that it does not allow for the ready identification of specific individuals.

 

Changes to our Privacy Policy

We may change this Privacy Policy from time to time. If we make any changes, we will notify you by revising the “Effective Starting” date at the top of this Privacy Policy. If we make any material changes, we will provide you with additional notice (such as by adding a notice on the CrescoData homepages, login screens, or by sending you an email notification). We encourage you to review our Privacy Policy whenever you use Cresco Data Services to stay informed about our information practices and the ways you can help protect your privacy.

If you disagree with any changes to this Privacy Policy, you will need to stop using Cresco Data Services and deactivate your account(s), as outlined below.

 

Information you provide to us

We collect the following information:

Customer Data: for account and Profile Information: We collect information about you and your company as you register for an account, create or modify your profile, make a purchases through, use, access, or interact with The Cresco Data Platform and Services

Information we collect includes:

  • Contact information such as name, email address, mailing address, and phone number
  • Billing information such as credit card details and billing address
  • Profile information such as a username, and job title
  • Preferences information such as notification and marketing preferences

You may provide this information directly when you sign up for a Cresco Service

In some cases another user (such as a system administrator) may create an account on your behalf and may provide your information, including Personal Information (most commonly when your company requests that you use our products). We collect Information under the direction of our customers and often have no direct relationship with the individuals whose personal data we process. If you are an employee of one of our customers and would no longer like us to process your information, please contact your employer. If you are providing information (including Personal Information) about someone else, you must have the authority to act for them and to consent to the collection and use of their Personal Information as described in this Privacy Policy.

Content: We collect and store Content that you create, input, submit, post, upload, transmit, store or display in the process of using our PaaS or CaaS Products or Website. This includes participating in interactive features including surveys, requesting customer support or communicating with us via a third party social media website. For example, information regarding a problem you are experiencing with a Cresco product could be submitted to our Support Services or posted in our public forums.

Such Content includes any Personal Information or other sensitive information that you choose to include (“incidentally-collected Personal Information”).

 

Information we collect from your use of Cresco Services

Storing Product Data is necessary in order to enable the listing of products on the Publishing Destinations. Cresco stores product and order data to enable reporting and to also enable Cresco to fix any support issues.

As shown in the examples above, the information we collect is required in order for us to deliver the Cresco Services.

As such, the analytics information we collect may include Personal Information or sensitive business information.

 

Information sharing and disclosure

We will not share or disclose any of your Personal Information or Content with third parties except as described in this policy. We do not sell your Personal Information or Content.

Access by your account administrator:
You should be aware that the administrator of your Cresco Account may be able to:

  • access information in and about your Cresco PaaS
  • access account and sales history
  • disclose, restrict, or access information that you have provided or that is made available to you when using your Cresco account, including your Content; and
  • control how your Cresco account may be accessed or deleted.

Service Providers, Business Partners and Others:
Cresco Data works with third party service providers to provide, hosting, back-up, storage, virtual infrastructure, payment processing and other services for us. These service providers may have access to or process your Information for the purpose of providing those services for us.

Compliance with Laws and Law Enforcement Requests; Protection of Our Rights:
We may disclose your Information (including your Personal Information) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of Cresco’s products and services, (d) to protect Cresco, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.

Business Transfers:
We may share or transfer your Information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on the Cresco Services of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.

Aggregated or Anonymized Data:
We may also share aggregated or anonymized information that does not directly identify you with the third parties described above.

With Your Consent:
We will share your Personal Information with third parties when we have your consent to do so.

 

Information we do not share

We do not share Personal Information about you with third parties for their marketing purposes (including direct marketing purposes) without your permission.

 

Data storage, transfer and security

Cresco ensures that Customer Data is secure from any outside intrusion.

The Cresco Data Platform is hosted with Amazon’s cloud service AWS. None of the AWS components or data stores can be accessed directly from outside the Cresco account.

Restricted access

Access to any data is only possible through the GUI or the APIs. Access to Customer Data is only available to limited Cresco staff members. Access to Customer Data is not available to contractors or third parties.

Platform security

The GUI is a single page app hosted on a public file share and communicates with the Cresco APIs to retrieve data. Without access to the APIs, the GUI has no data available.

Access to customer data is restricted by company ID.

Any data retrieved is associated with a company id. Data can only be forwarded or sent to systems setup with the same company id. There is no way to overlap orders or access orders from other accounts as this is password protected on The Cresco Data Platform. All authentication data is stored encrypted. The public facing APIs are secured with OAuth 2.

Cresco has taken advantage of AWS expertise to help solve challenges in complying with the EU’s GDPR using AWS’s advanced toolset for identifying, securing, and managing all types of data, including personal data. 

While we take reasonable efforts to guard your Personal Information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers.

Where data is transferred over the Internet as part of a Website or SaaS Product, the data is encrypted using industry standard SSL (HTTPS).

Where Downloadable Products are used, responsibility of securing access to the data you store in the Downloadable Products rests with you and not Cresco. We strongly recommend that administrators of Downloadable Products configure SSL to prevent interception of data transmitted over networks and to restrict access to the databases and other storage used to hold data.

 

Your Choices

You may opt out of receiving promotional communications from Cresco by using the unsubscribe link within each email, updating your email preferences emailing us at privacy@crescodata.com to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding Cresco’s Services.

 

Accessing and updating your information

You may often correct, update, amend, or remove your Personal Information in your account settings or by directing your query to your account administrator. You may also contact us at privacy@crescodata.com or contact us by postal mail using the address listed below. We will respond to your request for access within 30 days.

CrescoData, 99 Duxton Road, Singapore. 089 543

This post is also available in: Chinese (Simplified) Chinese (Traditional) Indonesian