1. Introduction
Retail Technology Group, Inc. (“RTG,” “we,” “our,” or “us”), a subsidiary of Advantech Co., Ltd., is committed to protecting the privacy of individuals who visit our website, use our customer portal, purchase products or services, or otherwise interact with us. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information in connection with our website and related services (collectively, the “Services”).
This Policy applies to all visitors, registered users, customers, and business partners who interact with our Services. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.
RTG operates as a U.S.-based subsidiary of Advantech Co., Ltd. (Taiwan). Certain data processing activities described herein may involve the transfer of personal information to Advantech or its affiliates in jurisdictions outside the United States. Section 11 of this Policy addresses international data transfers in detail.
2. Information We Collect
We collect personal information through several mechanisms, depending on how you interact with our Services:
2.1 Information You Provide Directly
- Contact and Inquiry Forms: Name, email address, phone number, company name, job title, and the content of your inquiry or message.
- Account Registration: Username, password, email address, company affiliation, billing and shipping addresses, and payment information.
- Purchases and Transactions: Order details, payment card information (processed via PCI-compliant third-party processors), shipping preferences, and transaction history.
- Customer Support: Communications you send to us, including service requests, technical support inquiries, and feedback.
- Business Partner Information: Contact details, company information, and contractual data provided in connection with partnership or reseller relationships.
2.2 Information Collected Automatically
- Analytics Data: We use Google Analytics 4 (GA4), HubSpot, and similar tools to collect information about your browsing behavior, including pages visited, time on site, click patterns, referral sources, and conversion events.
- Cookies and Tracking Technologies: We deploy first-party and third-party cookies, pixel tags, web beacons, and similar technologies to recognize your browser, remember your preferences, and analyze site traffic. See Section 7 (Cookie Policy) for detailed information.
- Device and Log Information: IP address, browser type and version, operating system, device identifiers, screen resolution, language preferences, and access timestamps.
- Location Data: Approximate geographic location derived from your IP address.
2.3 Information from Third Parties
- Business intelligence and marketing data from third-party providers to supplement our records.
- Publicly available information from business directories, social media profiles, and industry databases.
- Information from Advantech Co., Ltd. and its affiliates in connection with joint business operations.
3. How We Use Your Information
We process personal information for the following purposes:
3.1 Service Delivery and Operations
- Fulfilling orders, processing payments, and managing customer accounts.
- Providing technical support, customer service, and warranty administration.
- Operating and maintaining the customer portal and related service platforms.
- Communicating order confirmations, shipping updates, and account notifications.
3.2 Business Development and Marketing
- Responding to inquiries submitted through contact forms and lead generation channels.
- Sending marketing communications, product announcements, and promotional offers (subject to your opt-out preferences).
- Personalizing your experience and tailoring content to your interests.
- Conducting market research and analyzing customer trends to improve our offerings.
3.3 Analytics and Improvement
- Analyzing website traffic, user behavior, and conversion metrics through GA4, HubSpot, and similar tools.
- Testing and optimizing website performance, functionality, and user experience.
- Developing new products, services, and features based on aggregated usage patterns.
3.4 Legal and Compliance
- Complying with applicable laws, regulations, and legal processes.
- Enforcing our terms of service, contracts, and other agreements.
- Protecting our rights, property, and safety, and those of our users and the public.
- Detecting, preventing, and responding to fraud, security incidents, and unauthorized access.
4. Legal Bases for Processing (GDPR)
For individuals in the European Economic Area (EEA), United Kingdom, or other jurisdictions that require a legal basis for processing, we rely on the following:
| Legal Basis | Processing Activities |
| Contractual Necessity | Fulfilling orders, managing accounts, providing services you have requested, and administering customer portal access. |
| Legitimate Interests | Direct marketing to existing customers, analytics and site optimization, fraud prevention, and intra-group data transfers to Advantech for operational purposes. |
| Consent | Deploying non-essential cookies and tracking technologies, sending marketing emails to prospective customers, and processing sensitive personal data where applicable. |
| Legal Obligation | Tax reporting, responding to lawful government requests, maintaining records required by applicable law, and complying with PCI-DSS requirements. |
5. Disclosure of Your Information
We may share your personal information with the following categories of recipients:
5.1 Corporate Affiliates
We share information with Advantech Co., Ltd. (our parent company, headquartered in Taiwan) and its global subsidiaries for operational coordination, shared service delivery, financial reporting, and strategic planning purposes. Such transfers are subject to appropriate safeguards as described in Section 11.
5.2 Service Providers
We engage third-party vendors who process personal information on our behalf, including cloud hosting providers, payment processors, CRM platforms (e.g., HubSpot), analytics providers (e.g., Google), email service providers, shipping and logistics companies, and IT support vendors. These processors are contractually obligated to use your information only as directed by us and in accordance with this Policy.
5.3 Business Partners and Resellers
In connection with our distribution and reseller network, we may share relevant contact and transaction information with authorized business partners to facilitate order fulfillment and post-sale support.
5.4 Legal and Regulatory Disclosures
We may disclose personal information when required by law, subpoena, court order, or governmental regulation, or when we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud, or respond to a government request.
5.5 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or other corporate transaction involving RTG or Advantech, your personal information may be transferred as part of that transaction. We will notify you via prominent notice on our website of any change in ownership or use of your personal information.
6. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by applicable law. Our retention criteria include:
- Transactional Data: Retained for the duration of your customer relationship plus seven (7) years to satisfy tax, audit, and regulatory requirements.
- Account Information: Retained for the duration of your active account plus two (2) years following account closure or inactivity.
- Marketing Data: Retained until you withdraw consent or opt out, plus a reasonable suppression period to honor your preferences.
- Analytics and Log Data: Retained in identifiable form for up to twenty-six (26) months; aggregated or de-identified data may be retained indefinitely.
- Legal Hold Data: Retained as required in connection with litigation, regulatory investigations, or other legal obligations, regardless of the standard retention period.
7. Cookie Policy
Our website uses cookies and similar tracking technologies. This section describes the types of cookies we use, their purposes, and your options for managing them.
7.1 Types of Cookies
| Category | Purpose | Examples |
| Strictly Necessary | Essential for site functionality, security, and authentication. Cannot be disabled. | Session cookies, CSRF tokens, load balancer cookies |
| Performance / Analytics | Collect anonymized data on how visitors use our site to improve performance and user experience. | Google Analytics (_ga, _gid), HubSpot (__hstc, hubspotutk) |
| Functional | Remember your preferences, language settings, and login status. | Language preference, region selection, user display settings |
| Marketing / Targeting | Track activity across sites to deliver relevant advertising and measure campaign effectiveness. | HubSpot tracking, retargeting pixels, UTM parameters |
7.2 Managing Your Cookie Preferences
When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies. You may update your preferences at any time through the cookie settings link in our website footer. Additionally, most web browsers allow you to control cookies through their settings, including blocking all cookies, accepting only first-party cookies, or deleting cookies upon closing the browser. Please note that disabling certain cookies may impair website functionality.
8. Your Privacy Rights
8.1 Rights Under the California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, our business purposes for collecting or selling such information, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions (e.g., legal obligations, ongoing transactions, security purposes).
- Right to Correct: You may request correction of inaccurate personal information we maintain about you.
- Right to Opt Out of Sale/Sharing: You have the right to opt out of the “sale” or “sharing” of your personal information. RTG does not sell personal information in the traditional sense; however, certain analytics and advertising activities may constitute “sharing” under the CPRA. You may exercise this right via our “Do Not Sell or Share My Personal Information” link.
- Right to Limit Use of Sensitive Personal Information: Where applicable, you may direct us to limit the use of sensitive personal information to purposes authorized by the CPRA.
- Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
To submit a request, contact us using the information in Section 14. We will verify your identity before processing your request and will respond within forty-five (45) calendar days, with one extension of an additional forty-five (45) days if reasonably necessary.
8.2 Rights Under the General Data Protection Regulation (GDPR)
If you are located in the EEA, United Kingdom, or Switzerland, you have the following rights under the GDPR:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data (“right to be forgotten”), subject to applicable exceptions.
- Restriction of Processing: Request that we restrict certain processing activities.
- Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
- Objection: Object to processing based on legitimate interests or for direct marketing purposes.
- Withdraw Consent: Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of prior processing.
- Lodge a Complaint: File a complaint with your local data protection supervisory authority.
Requests should be directed to our contact information in Section 14. We will respond within thirty (30) days, with the possibility of a sixty (60) day extension for complex requests.
8.3 Rights Under U.S. State Privacy Laws
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with comprehensive privacy legislation may have similar rights to those described above, including rights of access, deletion, correction, data portability, and the right to opt out of targeted advertising, profiling, and the sale of personal data. We honor these rights in accordance with applicable state law. If your request is denied, you may appeal by contacting us, and we will respond to your appeal within the timeframe required by your state’s law.
9. Data Security
We implement administrative, technical, and physical security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:
- Encryption of data in transit (TLS/SSL) and at rest where technically feasible.
- Role-based access controls and multi-factor authentication for internal systems.
- Regular vulnerability assessments and penetration testing.
- Employee security awareness training and confidentiality obligations.
- PCI-DSS compliant payment processing through qualified third-party processors.
- Incident response procedures to detect, contain, and remediate security events.
No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.
10. Children’s Privacy
Our Services are not directed to individuals under the age of sixteen (16). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us using the information in Section 14.
11. International Data Transfers
As a U.S. subsidiary of Advantech Co., Ltd. (Taiwan), certain personal information collected through our Services may be transferred to and processed in jurisdictions outside your country of residence, including the United States and Taiwan. These jurisdictions may not provide the same level of data protection as your home jurisdiction.
For transfers of personal data from the EEA, UK, or Switzerland, we implement appropriate safeguards, which may include:
- Standard Contractual Clauses (SCCs): EU Commission-approved contractual provisions governing international data transfers.
- Data Processing Agreements: Binding agreements with Advantech and its affiliates incorporating appropriate data protection obligations.
- Supplementary Measures: Technical and organizational measures to ensure the transferred data is afforded an essentially equivalent level of protection.
You may request a copy of the applicable transfer safeguards by contacting us at the address in Section 14.
12. Do Not Track Signals
Some web browsers transmit “Do Not Track” (DNT) signals to the websites you visit. There is currently no universally accepted standard for how companies should respond to DNT signals. Our website does not currently respond to DNT signals, but we honor opt-out preferences expressed through our cookie consent mechanism and the Global Privacy Control (GPC) signal as required by applicable law.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will post the updated Policy on our website with a revised effective date and, where required by law, provide additional notice (such as a banner on our website or direct communication). We encourage you to review this Policy periodically. Your continued use of our Services after the effective date of a revised Policy constitutes acceptance of the updated terms.
14. Contact Information
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a concern regarding our data practices, please contact us at:
Retail Technology Group, Inc.
Attn: Privacy Officer
[Street Address]
[City, State ZIP Code]
Email: [privacy@retailtechnologygroup.com]
Phone: [XXX-XXX-XXXX]
For GDPR-related inquiries, you may also contact our EU representative (if appointed) at the address above.
For CCPA/CPRA requests, you may submit a verifiable consumer request through [designated intake method, e.g., web form, toll-free number].
15. Supplemental Notice for California Residents
In the preceding twelve (12) months, RTG has collected, used, and disclosed personal information in the categories described below. This supplemental disclosure is provided in compliance with CCPA/CPRA requirements.
| Category of PI | Sources | Business Purpose | Categories of Recipients |
| Identifiers (name, email, IP address, account ID) | Directly from you; automatically via website | Service delivery, marketing, analytics | Advantech, service providers, analytics vendors |
| Commercial information (purchase history, products/services) | Directly from you; transaction records | Order fulfillment, customer support, reporting | Advantech, payment processors, shipping providers |
| Internet/network activity (browsing history, interactions with site) | Automatically via cookies, GA4, HubSpot | Site optimization, marketing, analytics | Google, HubSpot, analytics vendors |
| Geolocation data (approximate, from IP address) | Automatically via website | Content personalization, analytics | Analytics vendors |
| Professional/employment information (job title, company) | Directly from you; third-party sources | B2B lead generation, customer management | Advantech, CRM providers |
RTG does not “sell” personal information as traditionally defined. However, certain data sharing activities with advertising and analytics partners may constitute a “sale” or “sharing” under the CPRA’s broad definitions. Consumers may opt out by clicking the “Do Not Sell or Share My Personal Information” link on our website.
Last Updated: February 12, 2026