Last Modified Date: March 2024
CoreTrust Purchasing Group, LLC (“CoreTrust,” “we,” “us,” or “our”) provides our website https://www.coretrustpg.com/ (“Website”) and the services available therein, including the CoreTrust Experience Platform (“Platform”) and the group purchasing services (“GPO Services”), to you (“you” or “your”), and hosts tradeshows, conferences, or conventions (“Events”) (collectively, “Services”) where your information may be collected. This privacy policy (“Privacy Policy”) explains our privacy practices when you use the Services and the types of information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, as defined by applicable privacy laws (“Personal Information”) that we may collect or receive from the Services or any other web address, application, or mobile site controlled by CoreTrust that links to this Privacy Policy.
By accessing and using the Services, or otherwise providing information to CoreTrust, you consent to the terms of this Privacy Policy, and consent to our privacy practices described herein including our use and disclosure of your Personal Information. If you do not agree to the terms and conditions of this Privacy Policy, including having your Personal Information used in any of the ways described in this Privacy Policy, do not provide us with your information. Please note, however, that if you do not provide us with your information, you may not be able to use or participate in certain features of the Services.
We reserve the right to revise or update this Privacy Policy at any time, and you should periodically read the Privacy Policy to learn of any revisions or updates. We will notify you of any changes to the Privacy Policy by posting the revised or updated Privacy Policy and its “Last Modified” date on this Website. If the revision or modification is material, we will provide you notification via email or via the Services. Your continued use of the Services after the “Last Modified” date constitutes your acceptance of and agreement to the Privacy Policy and its revisions or updates.
The Services may permit you the opportunity to provide us with Personal Information. We may collect certain information, including Personal Information, from and about you in various ways, including:
directly from you or from your authorized agent on your behalf;
directly when you use the Platform; and
automatically when you use our Website.
a. Information Collected Directly from You or From Your Authorized Agent on Your Behalf
Either from filling out an online contact form or providing information at Events, we may collect the following Personal Information directly from you or from your authorized agent, such as your employer, portfolio company, or private equity firm, on your behalf:
Contact Information, including name, email, title, company, and phone number
b. Information Collected Directly from You When You Use the Platform
We may collect the following Personal Information directly from you when you use the Platform:
Platform Information, including usernames, passwords, and business information you upload to the Platform to evaluate our services or engage our analytics dashboards (subject to our Terms of Use).
c. Information Automatically Collected When You Use Our Website
We may automatically collect data about you when you use our Website. This information is primarily used to maintain the security and operation of our Website, and for our internal analytics in connection with our GPO services. This information may include:
Internet and Electronic Activity, including device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country or location, information, including preferences or characteristics, about how and when you use our Website
Cookies, are small data files that we transfer to your computer’s hard disk for record-keeping purposes. Cookies do not personally identify you; they merely identify the computer or device with which you access the Website. The Website uses cookies to analyze trends and to detect and prevent fraud. You can instruct your browser, by changing its options, to disable cookies or to prompt you before accepting a cookie from the Website. If you disable cookies, however, you may not be able to use all portions or functionality of the Website.
We use information collected from cookies and other technologies to improve your user experience and the overall quality of our Website and connected GPO services. We use cookies to help us identify and track visitors, your usage of our Website, and your access preferences. We may use your Personal Information to see which web pages you visit our Website, which websites you visited before coming to our Website, and where you go after you leave our Website. We can then develop statistics that help us understand how our visitors use our Website and how to improve it. If you do not wish to have cookies placed on your computer, you should set your browsers to refuse cookies before using our Website. Please understand that if you do so, you may not be able to fully utilize our Website and therefore we disclaim, and you hereby waive, any claim or liability that may arise due to your partial or incomplete access to the content of any of our website as a result thereof.
Third Party Cookies
Google Analytics, visitors to the Website may be tracked using Google Analytics. The Personal Information collected by Google Analytics is primarily used to optimize the Website for users; however, we may also use this data for marketing purposes. The Personal Information we automatically collect using Google Analytics is shared with Google. For more information on Google’s Privacy Policies, visit: https://policies.google.com/privacy. You can also optout of having your personal data used by Google Analytics by following the instructions located at https://tools.google.com/dlpage/gaoptout/. Without limitation, Google Analytics may collect the following types of data from users of the Website:
Type of web browser used, software manufacture and version number.
Type of operating system
Color processing ability of the users screen
JavaScript support
Flash version
Screen resolution
Network location and IP address
Country, city, state, region, county, or any other geographic data
Hostname
Bandwidth (internet connection speed)
Time of visit
Pages visited
Time spent on each page of the Website
Referring site statistics
The website the user came through in order to arrive at the Website
Search engine query used
CoreTrust may process your Personal Information for the following lawful business and commercial purposes, in accordance with the practices described in this Privacy Policy:
Provide the Services. We may use your Personal Information to provide the Services, and any other services you may request from us.
Monitor the Website. We collect your Personal Information for monitoring purposes to help us diagnose problems with our servers, administer and troubleshoot the Website, calculate usage levels, analyze industry standards, and analyze transactions, trends, and statistics regarding the use of the Website.
Respond to Inquiries and Fulfill Requests. We may use your Personal Information to respond to your inquiries and to fulfill your requests for information.
Communicate with You. We may use your Personal Information to communicate with you about Events, the Services, newsletters, and other items that may be of interest to you. We may also contact you on behalf of our third-party business partners about a particular offering of theirs that may be of interest to you.
Improve the Services. We may use your Personal Information to make the Services more stable and user-friendly, to analyze service issues, improve the design and content of the Services, personalize your experience, analyze how the Services are used, offer new services, and to develop new marketing programs relating to the Services.
Customer Service. We may use your Personal Information when contacting you regarding customer service, Events, the Services, resolve disputes, or in response when you provide feedback. We may also use your information to send administrative emails regarding the Services or to inform you of any changes to this Privacy Policy, our terms or other agreements with you, or our third-party partner’s terms.
Support Business Operations. We may use your Personal Information to support our internal and business operations, including account management, marketing, security, and advertising. This may include via the use of artificial intelligence or machine learning systems.
Enforce Agreements. We may use your Personal Information to enforce separate agreements between you and us, enforce this Privacy Policy, our Terms of Use or other agreements with you, or our third-party partner’s terms of use, or in connection with a transaction with a similar effect.
Fulfill Other Purposes. We may use your Personal Information to fulfill: (a) any other purpose for which you provide it; (b) any legal or regulatory requirements and any of our internal policies; (c) other purposes disclosed at the time of collection; (d) any other purpose with your consent; and (e) any other purposes set forth in this Privacy Policy.
Except as otherwise described in this Privacy Policy, we do not sell, share, rent, or otherwise disclose your Personal Information that we collect from the Services to any third parties for monetary or other valuable consideration, unless stated below or with your consent:
Subsidiaries and Affiliates. We may disclose Personal Information about you to our subsidiaries and affiliates.
CoreTrust Vendors. We may disclose your Personal Information to vendors of CoreTrust, subject to your or your company’s Participation Agreement.
Per Your Authorized Agent’s Instructions. We may share and disclose Personal Information in accordance with a customer’s instructions and with appropriate consent, including any applicable terms in our Terms of Use and in compliance with applicable law and legal process.
Service Providers & Contractors. To help us provide superior service, your Personal Information may be shared with our service providers, contractors, and other third parties we use to support our business and who will safeguard it in accordance with this Privacy Policy. Such third parties may help us with web hosting, providing customer service, maintaining and analyzing data, and sending customer communications on our behalf.
Marketing Partners. We may share your Personal Information with entities that perform marketing or data aggregation services on our behalf, or with which we or an affiliate has joint marketing arrangements. We may also share your Personal Information with our marketing partners for marketing and promotional purposes.
Advertising Partners. We may share your Personal Information with third party advertising partners, including but not limited to Google Display Advertising and Remarketing services. These advertising partners may use first- and third-party cookies together to inform, optimize, and serve ads based on your past visits to the Services. You can opt out of these services using the Ads Preferences Manager or you can use the Google Analytics opt-out browser add-on. These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks, commonly referred to as “interest-based advertising.”
Analytics Partners. We may use analytics-based technologies to assist with personalization, advertising, and marketing. These technologies capture how you interact with the Services through behavioral metrics, heatmaps, and session replay to improve and market our products and Services.
Intelligent Feature Partners: We may share your Personal Information with entities we have contracted with to provide artificial intelligence-powered chats with commercial data protection for CoreTrust’s internal business operations. For example, we may use Microsoft CoPilot for internal operations. For more information regarding Microsoft’s privacy practices, please see: Microsoft Privacy Statement – Microsoft privacy.
Authorized Representatives. If another individual or entity is managing or associated to your account with us or your email account which the Services connect to on your behalf (for example, a company manager controlling access to a company account), as authorized by you or as a personal representative under applicable law, that person can view all Personal Information about you on the Services.
In the Event of Merger, Sale, Divestitures, or Change of Control. CoreTrust reserves the right to transfer Personal Information to a buyer or other successor in interest that acquires rights to that information as a result of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of CoreTrust or substantially all of its assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about you is among the assets transferred.
With Your Consent. We may share your information for other purposes pursuant to your consent or at your direction.
Other Disclosures. We may disclose your Personal Information if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) conform to legal requirements and comply with any court order, law, or legal process, including responding to any government, law enforcement, or regulatory request; (ii) enforce our terms located on the website or successor website, other agreements, including between you and us, and any other documents included or referenced therein (all of which are incorporated into and made a part of this Privacy Policy by reference); (iii) fulfill the purpose for which you provide it; (iv) detect, prevent, or otherwise address fraud or security issues; or (v) protect against harm to our, your, or third parties’ rights, property, or safety.
We may share and disclose de-identified and/or aggregate analytics with third-party partners for the purposes described in this Privacy Policy or where it is collected, or any other legal purpose, including, when and where applicable, sharing and disclosing non-personally identifiable information combined with Personal Information.
You have choices about how we use your information. Please understand that if you choose not to disclose information to us, it may affect your ability to use some features of our Services or connected GPO services.
a. Marketing. If you have supplied your email address in relation to our Services, we may further send you emails or notifications via the membership portal to provide you with information, to inform you of new events or content, to solicit your feedback, or to keep you up to date on us. You can opt out of our marketing and promotional communications at any time by clicking Unsubscribe or otherwise following the opt out prompts on these communications. You also may ask us not to send you other marketing communications by contacting us as specified in the “Contact Us” section below, and we will honor your request. Please note that even after you are removed from our marketing lists, we may still send you non promotional communications, such as responding to service requests.
b. Advertisements. Advertisements appearing on any of our Website may be delivered to users by advertising partners, who may set cookies. These cookies allow the ad server to recognize your computer each time they send you an online advertisement to compile information about you or others who use your computer. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. This Privacy Policy covers the use of cookies by us and does not cover the use of cookies by any advertisers.
We and our service providers may use information about your interactions with our Website to predict your interests and select the ads you see on and off our Website. This is known as interest-based advertising. In providing interest-based ads, we follow the Self-Regulatory Principles for Online Behavioral Advertising developed by the Digital Advertising Alliance (“DAA”). For more information about interest-based advertising and how you can opt out, visit:
Digital Advertising Alliance: http://www.aboutads.info/choices/
Network Advertising Initiative: http://www.networkadvertising.org/choices/
c. Do Not Track Disclosure. Many web browsers include a Do-Not-Track (“DNT”) feature or setting that signals your preference not to have data about your online browsing activities monitored and collected. However, there is currently no uniform standard for recognizing and implementing the DNT signals. As such, we do not monitor or respond to Do Not Track browser requests. If a standard is adopted that we must follow in the future, then we will inform you about that practice in a revised version of this Privacy Policy.
Our Website may link to third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us—and which may link to other websites, services, or applications. Please be aware that we are not responsible for the privacy or practices of other websites or third parties. We do not make any guarantee regarding those third-party websites, services, or applications, and we are not liable for any loss or damage caused by the use of such sites. Any data collected by third parties is not covered by this Privacy Policy. You should review the policies of the third parties and contact them directly if you have any questions about their services or practices.
CoreTrust values your privacy and is committed to protecting your information. We have appropriate administrative, technical, and physical safeguards in place to ensure the integrity and security of your information. We undertake commercially reasonable efforts to guard against unauthorized access, use, alteration, or destruction of Personal Information.
We keep your personal data only as long as necessary to provide you with our services and for legitimate and essential business purposes, such as maintaining the performance of our Services, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. We keep some of your personal information for as long as you are a registered member of our services.
We do not knowingly collect or solicit personal information from children under the age of 18. By providing information via the Services, you represent that you are at least 18 years old. If you are under 18, please do not provide information via our Services. If we become aware that we have inadvertently received or collected Personal Information from a child who is under the age of 18, we will attempt to immediately delete that information from our files and records. If you believe a child who is under the age of 18 has provided us with Personal Information, please contact us at the address listed below in “Contact Us.”
We occasionally offer contests via our Website or in-person at Events. To participate in these contests, we may require you to provide us with Personal Information, such as your name, company, title, email address, and phone number. We will use the information you provide us for purposes including administering the contest and other purposes disclosed in contest rules and policy. We do not sell any Personal Information provided to us. If you have any questions or concerns, please contact us via the Contact Us section below.
This section explains how we collect, use, and disclose Personal Information about users, customers, and visitors who reside in California (“consumers” or “you”). It also explains certain rights afforded to consumers under California’s Shine the Light law and the California Consumer Privacy Act of 2018 (“CCPA”), as revised and updated by the California Privacy Rights Act (“CPRA”). This section uses certain terms that have the meaning given to them in the CCPA including Personal Information.
a. Shine the Light Under California Civil Code Section 1798.83 (“Shine the Light”), California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of Personal Information, such as name, e-mail and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us as directed in the Contact Us section below with a reference to California Disclosure Information.
b. Categories, Purpose, & Sources of Personal Information Collected We may collect (and have collected during the 12-month period prior to the “Last Modified” date of this Privacy Policy) the categories of Personal Information from the sources and for the purposes as described in the above sections Collection of Personal Information, Purpose of Collection, and Collection of Personal Information.
c. Selling and Sharing Personal Information We do not sell or share your Personal Information in exchange for monetary consideration; however, we may use tools described above such as Google Analytics, which may be interpreted as sharing your Personal Information. As such, please see the above Personal Data Automatically Collected and Choices sections for more information regarding opting out of use of these tools.
During the 12-month period prior to the “Last Modified” date of this Privacy Policy, we may have shared or disclosed the following categories of Personal Information about you for a business or commercial purpose with certain categories of third parties, as described below:
d. California Consumer Privacy Rights Under CCPA, consumers have certain rights regarding their Personal Information, as described below.
Right of Access: You have the right to request, twice in a 12-month period, that we disclose to you the following information about you, limited to the preceding twelve (12) months:
The categories of Personal Information that we collected about you;
The categories of sources from which the Personal Information is collected;
The business or commercial purpose for collecting or selling Personal Information;
The categories of third parties with whom we share Personal Information;
The specific pieces of Personal Information that we have collected about you;
The categories of Personal Information that we disclosed about you for a business purpose or sold to third-parties; and
For each category of Personal Information identified, the categories of third parties to whom the information was disclosed or sold.
Right of Deletion: You have the right to request that we delete any Personal Information about you which we have collected from you, subject to exceptions within the law.
Right to Opt-Out: You have the right to opt-out of the disclosure of Personal Information about you for monetary or other valuable consideration. However, we do not sell any Personal Information.
Right to Opt-In: We do not have actual knowledge that we collect, share, or sell the Personal Information of minors under the age of 18.
Right to Limit Use and Disclosure of Sensitive Personal Information: You may request specific limitations on further sharing, use, or disclosure of your Sensitive Personal Information that is collected or processed for “the purpose of inferring characteristics about a consumer.” However, we do not collect or process Sensitive Personal Information for this purpose.
Right to Correction: You have the right to request that we maintain accurate Personal Information about you and correct any Personal Information about you which we have collected from you, subject to exceptions within the law.
If you would like to exercise your California privacy rights, please refer to the Consumer Requests and Verification section below.
a. Right to Non-Discrimination We may not discriminate against you because you exercise any of your privacy rights contained in this Privacy Policy including, but not limited to:
Denying goods or services to you;
Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
Providing a different level or quality of goods or services to you; or
Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
b. Verifying Requests You may request to exercise your rights of access, deletion, or correction by contacting us as described in the Contact Us section below. To help protect your privacy and maintain security, we will take steps to verify your identity before processing your request. If you request access to or deletion of your Personal Data, we may require you to provide any of the following information: name, date of birth, email address, telephone number, or postal address. When you make such a request, you can expect the following:
As required under applicable law, we will verify your identity. You will need to provide us with your email address and full name. We may ask for additional information if needed.
We will confirm that you want your information accessed, corrected, and/or deleted.
We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
We will respond to your request within 45 days upon receipt of your request. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
In certain cases, a request for access, correction, or deletion may be denied. For example, if we cannot verify your identity, the law requires that we maintain the information, or if we need the information for internal purposes such as providing Site or completing an order. If we deny your request, we will explain why we denied it and delete any other information that is not protected and subject to denial.
c. Authorized Agents You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf. Your agent may contact us as described in the Contact Us section below to make a request on your behalf. Even if you choose to use an agent, we may, as permitted by law, require:
The authorized agent to provide proof that you provided signed permission to the authorized agent to submit the request;
You to verify your identity directly with us; or
You to directly confirm with us that you provided the authorized agent permission to submit the request.
If you have any questions or concerns about this Privacy Policy or the information practices of our Services, please contact us at privacy@coretrustpg.com or by calling us toll-free at 855-208-2362.