Privacy Policy - Redpath and Company

Last updated: April 30, 2024

Redpath and Company, Ltd. (“Redpath,” “us”, “we”, or “our”) operates the www.redpathcpas.com website (together with all services provided by us through or in connection with such website or any applications we offer, the “Website ”).

This Privacy Policy (the “Policy”) informs you, as a user of the Website (“you,” “your,” or “your”) of our policies regarding the collection, use, and disclosure of personal data when you use the Website and the choices you have associated with that data. This Policy applies to information you provide to us through interaction with us or our Website.

By using the Website, you agree to the collection and use of your information in accordance with this Policy. We reserve the right to revise this Policy at any time without notice to you. Any such changes to this Policy will be effective when posted to our Website. We encourage you to check this Policy regularly for changes.

This Policy specifies:

What Personal Data we collect about you through the Website.
How Personal Data is used and with whom it may be shared.
What choices are available to you regarding the use of your Personal Data.
What our security practices are to protect the misuse of your Personal Data.
How you can correct any inaccuracies in your Personal Data.

Definitions

In addition to terms defined elsewhere in this Policy, the following terms have the means below.

Personal Data

Personal Data means all personally identifiable information that is specific to you (e.g. name, address, phone number, email address, shipping address, billing address, etc.).

Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit). Usage Data may include, but is not limited to, your computer’s IP address, the type and version of browser and operating system you use, your internet domain, the time and date of your visit to the Website, the time spent on the Website and its various pages, and, if you arrived at the Website via a link from another Website, the URL of the linking page.

When you access the Website through a mobile device, we may collect certain Usage Data automatically, including but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use, unique device identifiers and other diagnostic data, the time and date of your visit to the Website, the time spent on the Website and its various pages, and, if you arrived at the Website via a link from another website, the URL of the linking page.

Cookies

Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognize you and make your next visit easier and the Service more useful to you.

Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

Data Controller

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

Data Processors (or Service Providers)

Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.

We may use the services of various Data Processors or Service Providers in order to process your data more effectively.

Data Subject

Data Subject is any living individual who is using our Service and is the subject of Personal Data.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you. While using our Service, we may ask you to provide us with Personal Data. The Personal Data and other information we collect may include, but is not limited to the below categories of information.

Tes of Data Collected

Registration Information. Certain areas and features of the Website require registration. To register you may need to provide your address, email address, first and last name, organization, phone number and other contact information. We also may collect additional optional information from you. We may also collect information you submit to us on the Website, such as through the “Contact Us” page, or that you post to the Website (e.g., comments).
Usage Data. We may also collect information about how the Website is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of the Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, location and language information, and other diagnostic data.
Data From Cookies and Other Tracking Technologies. We use cookies and similar tracking technologies to track the activity on the Website and hold certain information. See the below “Cookie” section for more information.
Payment Details. We will also collect your credit or debit card information and billing address to process payments you submit through the Website. We may use third party payment processors to process such payments.

Marketing and Other Communications. We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or sending an opt-out request to us as specified in the “Contact Us” section below.

Use and Disclosure of Data

We may use the data collected about you, including Personal Data, in order to:

Provide and maintain the Website;
Notify you about changes to the Website (though we are not required to provide any such notification);
Allow you to participate in interactive features of the Website when you choose to do so;
Provide customer support and respond to requests and inquiries from you;
Tailor the content and information that we send or display, to offer location customization, and personalized help and instructions, and to otherwise personalize your experience using the Website;
Gather analysis or valuable information so that we can improve the Website;
Monitor the usage of the Website;
Detect, prevent and address technical issues, investigate suspicious activity or wrongdoing in connection with the Website, and enforce our terms and policies or protect us against legal liability;
Protect the personal safety of users of the Website or the public;
Allow us to disclose your Personal Data to the extent permitted or required by applicable law; and
Provide you with news, special offers and general information about other goods, services and events which we offer unless you have opted not to receive such information. We may also use the information that we collect to assist us in advertising the Website on third party websites.

Your Rights

You may opt out of any future contact from us at any time. Depending on where you live, you may have certain legal rights under applicable law. For example, you may have the following rights:

Your right to Access – means that you can ask us for a copy of any Personal Data we hold about you.
Your right to Correct - if you believe that any of the Personal Data we hold about you is incorrect or out of date, you have the right to correct such Personal Data by providing us with the correct up-to-date Personal Data.
Right to Erasure – you can ask us to delete the incorrect or out-of-date Personal Data and we will be happy to do so unless we are prevented from doing so by law or regulation. In certain circumstances you may also have the right to ask us to erase your Personal Data.
Right to Portability – you have the right to request a copy of your Personal Data in a commonly used and machine readable format to be provided to you or to such other third party as you specify.
Right to Limit – you have the right to opt out of any ancillary use of your Personal Data (e.g., for marketing purposes).

Please contact us (as specified below) to request any of the above rights. Upon confirmation that you are making the request, we will confirm whether we have an obligation under applicable law. Please note that event if a request is made to delete your Personal Data, we may be permitted or required to retain a copy for our business and legal obligations as permitted or required under applicable law. See the Addendum below for more information.

Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will also retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Website, or we are legally obligated to retain this data for longer time periods.

Please note that in the event we elect to de-identify your Personal Data, such de-identified information is no longer your Personal Data, and we may use such de-identified information, alone or in an aggregated form to analyze the Website, or as we deem appropriate.

Who We Share Information With

Disclosure for Law Enforcement

We may share information we collect through the Website, including Personal Data, with third parties listed below (the “Third Parties’):

Affiliates. We may disclose Personal Data we collect from you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your Personal Data will be subject to this Policy.
Service Providers. Your Personal Data may also be provided to certain third party service providers as necessary to provide the Website, including third party vendors, service providers, contractors, or agents who perform functions on our behalf. We are responsible for assuring that these service providers comply with the terms of this Policy.
Other Third Parties. We may partner with third parties to make certain programs or offers available to you. If you elect to participate in such programs we may share certain of your Personal Data with these third parties. We do not sell or share Personal Data with third parties for their direct marketing use.

In the previous twelve months, we may have shared certain categories of Personal Data with Third Parties for business purposes. The information shared may include the following categories of Personal Data: (1) identifiers; (2) commercial information; (3) Usage Data; and (4) other information that can be associated with you.

Except for the Third Parties listed in this section, we will not share Personal Data with an unaffiliated third party without your prior authorization, unless doing so is necessary (1) to enforce this Policy, to comply with law, regulation or other legal processes or to protect the rights, property, or safety of us or others, (2) to comply with a valid order or process from a public authority, (3) to protect against misuse or unauthorized use of the Website, (4) to detect or prevent criminal activity or fraud, or (5) in the event we or substantially all of our assets are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation, or liquidation, in which case such information may be one of the transferred assets. We do not sell or share your Personal Data with third parties for them to market their products or services to you.

Security of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Cookies

We use cookies and other tracking mechanisms to track information about the use of the Website. We may combine this information with other Personal Data we collect Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze the Website. We may combine this information with other information that we have collected, including where applicable, Personal Data. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Do Not Track. We do not support or recognize Do Not Track (“DNT”) requests. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with the Website to, among other things, track activities on the Website, help us manage content, and compile statistics about usage of the Website. We also use clear GIFs in HTML e-mails to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.
Third Party Analytics. We use automated devices and applications on the Website, such as Google Analytics, to evaluate usage of the Website. We also may use other analytic means to evaluate the Website. We use these tools to help us improve the Website, performance and user experiences. These entities may use cookies and other tracking technologies to perform their services.
Targeted Advertising and Ad Networks. We may use third party services, such as Google AdWords, to send users targeted ads, based on their visit to the Website. We may also participate in third-party ad networks and allow third parties to use cookies, pixel tags and other tracking technologies on the Website to display targeted ads. These third parties may use cookies and other technologies to track your activities and display ads to you; they also may be able to associate the information they collect with other information they have about you from other sources. You may also opt-out of many third-party ad networks.

Links to Other Sites

The Website may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time without notice to you. Changes will be made by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: contact@redpathcpas.com
By mail: 400 Robert Street North, Suite 1600 Saint Paul, MN 55101, United States

ADDENDUM

United States

The following additional terms may apply to you depending on where you reside in the United States. To the extent of any inconsistency, these terms take precedence over the terms in our Policy in relation to personal information that is collected and/or held in the United States.

Please use the contact information in the Policy if you wish to access or correct any of your personal information that we hold or if you would like to report a potential breach by us of any applicable laws of the United States, our Policy, or this Addendum. We will promptly acknowledge and investigate any such reports.

The laws of the states described below are the ones we are currently aware of that require giving individual notice and/or consent with respect to the Website, and that provide for specific individual rights. We recognize that other states also have laws that may affect your privacy rights with respect to the Website, and we direct you to the information in our Policy for a description of such rights.

For Residents of California

If you are a California resident (as defined by the California Consumer Privacy Act), you may have certain rights.

This Notice for California Residents supplements the information in our Policy, and except as provided herein, applies solely to California residents (as defined by the California Consumer Privacy Act (CCPA) and amended by the Consumer Privacy Act Regulations (CPRA)). It may apply to personal information (as defined by CCPA / CPRA) we collect on or through the Website and through other means (such as information collected offline, in person, and over the telephone). Until the CCPA / CPRA has specifically regulated business information, this Notice for California Residents does not apply to business information that does not constitute personal information. If you wish to exercise any rights you believe you may have under California law, please contact us and we will evaluate our obligations under such laws in connection with your request.

Summary of Information We Collect

California law requires us to disclose information regarding the categories of personal information that we have collected about California consumers, the categories of sources from which we collect personal information, the business or commercial purposes (as each of those terms are defined by applicable law) for which we collect personal information, and the categories of parties with whom we share personal information. See the details as noted in our Policy for categories of information and uses.

Rights

If you are a California resident (as defined by the CCPA / CPRA), you may have certain rights. California law may permit you to request that we:

Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information, if applicable (note, at this time we do not sell or share personal information with unaffiliated third parties); and the categories of third-parties with whom we shared personal information, if applicable.
Provide access to and/or a copy of certain information we hold about you.
Request to opt-out of the sale or sharing of personal information. As noted above, we do not currently sell or share personal information.
Delete certain information we have about you.

You may have the right to receive information about the financial incentives that we offer to you, if any. You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights referenced herein. Certain information may be exempt from such requests under applicable law. In addition, we need certain types of information so that we can provide the Website to you. If you ask us to delete it, you may no longer be able to access or use the Website.

If you would like to exercise any of these rights, please submit a request at contact@redpathcpas.com or visit www.redpathcpas.com. You will be required to verify your identity before we are able to fulfil your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

Metrics

California law may require us to compile the following metrics for the previous calendar year: the number of rights requests received, complied with, and denied, as well as the median number of days within which we responded to those requests. To the extent this obligation applies to us, we will update this section after the CCPA / CPRA has been in effect for a year.

California Shine the Light

If you are a California resident, you may ask for a list of third-parties that have received your information for direct marketing purposes during the previous calendar year. If we have shared your information (which we currently do not), this list will contain the types of information shared, and we will provide this list at no cost. To make such a request, contact us at contact@redpathcpas.com.

California Do-Not-Track Disclosure

We are committed to providing you with meaningful choices about the information collected on the Website third-party purposes. However, we do not currently recognize or respond to browser-initiated Do-Not-Track signals, as the Internet industry is currently still working on Do-Not-Track standards, implementations, and solutions.

For Residents of Colorado

If you are a resident of Colorado and you meet the definition of a “consumer,” you may have certain rights.

Summary of Information We Collect

Colorado law requires us to disclose information regarding the categories of personal information that we have collected about Colorado consumers, the categories of sources from which we collect personal information, the business or commercial purposes (as each of those terms are defined by applicable law) for which we collect personal information, and the categories of parties with whom we share personal information. See the details as noted above for categories of information and uses.

Rights

Colorado law may permit you to request that we act on a consumer’s following rights:

Right of access to and/or a copy of certain information we hold about you.
Right to correct for any inaccuracies in your personal information.
Right to request that we delete your personal information.
Right to obtain your personal information in a portable (and if technically feasible readily usable) format.
Right to request to opt-out of the sale of personal information, targeted advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not currently sell such personal information or profiling.

If you would like to exercise any of these rights, please submit a request at contact@redpathcpas.com or visit www.redpathcpas.com. You will be required to verify your identity before we are able to fulfill your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

For Residents of Connecticut

If you are a resident of Connecticut and you meet the definition of a “consumer,” you may have certain rights.

Summary of Information We Collect

Connecticut law requires us to disclose information regarding the categories of personal information that we have collected about Connecticut consumers, the categories of sources from which we collect personal information, the business or commercial purposes (as each of those terms are defined by applicable law) for which we collect personal information, and the categories of parties with whom we share personal information. See the details as noted above for categories of information and uses.

Rights

Connecticut law may permit you to request that we act on a consumer’s following rights:

Right of access to and/or a copy of certain information we hold about you.
Right to correct for any inaccuracies in your personal information.
Right to request that we delete your personal information.
Right to obtain your personal information in a portable (and if technically feasible readily usable) format.
Right to request to opt-out of the sale of personal information, targeted advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not currently sell such personal information or engage in profiling

For Residents of Illinois

Rights

Residents of Illinois may have certain rights under the Biometric Information Privacy Act. Please note that we do not collect or process “biometric information.”

For Residents of Nevada

Rights

Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a person to be contacted either physically or online. We do not currently sell such personal information.

Contact us at contact@redpathcpas.com with any questions about your rights. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will evaluate our legal obligations in connection with your question or request.

For Residents of Virginia

If you are a resident of Virginia and you meet the definition of a “consumer,” you may have certain rights.

Summary of Information We Collect

Virginia law requires us to disclose information regarding the categories of personal information that we have collected about Virginia consumers, the categories of sources from which we collect personal information, the business or commercial purposes (as each of those terms are defined by applicable law) for which we collect personal information, and the categories of parties with whom we share personal information. See the details as noted above for categories of information and uses.

Rights

Virginia law may permit you to request that we act on a consumer’s following rights:

Right to confirm if we are processing personal information we hold about you.
Right to correct for any inaccuracies in your personal information.
Right to request that we delete your personal information.
Right to obtain your personal information in a portable (and if technically feasible readily usable) format.
Right to request to opt-out of the sale of personal information, targeted advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not currently engage in the sale of such information or profiling.

For Residents of Utah

If you are a resident of Utah and you meet the definition of a “consumer,” you may have certain rights.

Summary of Information We Collect

Utah law requires us to disclose information regarding the categories of personal information that we have collected about Utah consumers, the categories of sources from which we collect personal information, the business or commercial purposes (as each of those terms are defined by applicable law) for which we collect personal information, and the categories of parties with whom we share personal information. See the details as noted above for categories of information and uses.

Rights

Utah law may permit you to request that we act on a consumer’s following rights:

Right to confirm if we are processing personal information we hold about you.
Right to correct for any inaccuracies in your personal information.
Right to request that we delete your personal information.
Right to obtain your personal information in a portable (and if technically feasible readily usable) format.
Right to request to opt-out of the sale of personal information, targeted advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects. We do not currently engage in the sale of such information or profiling.

EU/EEA

The following additional terms apply to you if you reside in the European Union/European Economic Area (EU/EEA). To the extent of any inconsistency, the following terms take precedence over the terms in our Policy in relation to personal data that is collected and/or held relating to individuals (i.e., data subjects) residing in the EU/EEA.

The EU/EEA’s General Data Protection Regulation (GDPR) governs our processing (as defined under GDPR) of your personal data, as well as your rights regarding the same. As used in this Addendum, the following terms have the following meanings:

“Breach”, "data controller", “data processor”, “Data Protection Authority”, "data subject", “data subject rights”, “Member State”, “personal data”, “personal data breach”, "processing" (and "process") (regardless of whether capitalized herein) have the meanings given to them in GDPR. GDPR may regard a video as “personal data” if the image can be used to identify you.

“Standard Contractual Clauses”, for purposes of our Policy, means the template agreement contained in the Annex of the European Commission’s Implementing Decision of 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, and any replacement, amendment or restatement of the foregoing issued by the European Commission.

Data controller; processing

We are a data controller of your personal data. GDPR sets forth specific obligations of a data processor and data controller in each of these roles.

Lawful Basis for our Processing of Your Personal Data.

As the data controller, we are responsible for establishing a lawful basis for the processing of your personal data. We rely on our legitimate interests under GDPR Article 6 in order to engage in the processing of your personal data. This means that we have a legitimate interest in receiving and processing your personal data in order to provide the Website. We may, in some cases, also rely on obtaining your consent under GDPR Article 6 as the lawful basis of their processing of your personal data (e.g., for a research project). If so, this means that we have requested your explicit consent (or “opt-in”) to their processing of your personal data.

Data Protection Officer.

We have appointed a Data Protection Officer (DPO).

Individual Rights

As also noted in our Policy, you may make the following requests from us as the data controller. In each case these rights are subject to restrictions and/or exceptions as specified in the GDPR. The following is a summary of your rights:

The right of access, enabling you to receive a copy of your personal data

The right to rectification, enabling you to correct any inaccurate or incomplete personal data we hold about you

The right to erasure, enabling you to ask us to delete your personal data in certain circumstances

The right to restrict processing, enabling you to ask us to halt the processing of your personal data in certain circumstances

The right to object, enabling you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party), and

The right to data portability, enabling you to request us to transmit personal data that you have provided to us to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.

Under GDPR, a data subject also has the right to lodge a complaint with a Data Protection Authority, in particular in the Member State of the data subject’s residence, place of work or place of an alleged infringement, if the data subject considers that the processing of the personal data infringes the GDPR.

If you wish to exercise any of these rights, please contact us using the contact information provided in our Policy. Please note that the GDPR specifies when the data controller may refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive.

Special Categories of Personal Data

The Website do not require the collection or processing of any sensitive personal data or sensitive information, as defined in applicable data protection laws (e.g., racial, ethnical origin, political opinions, religious beliefs, etc.). We may nevertheless collect such sensitive personal data about you or we may collect it incidentally if you provide such data to us. By providing any sensitive personal data or by providing information by a recording, you consent to our collection of such information, however, we do not require or use such data for the Website.

International Transfers of Data

Personal data originating in the EU/EEA will generally be stored on servers in the EEA but may be accessed and/or processed in a limited manner outside of the EEA. We adhere to the GDPR where it applies to the Website. Where your personal data is processed outside of the EEA, we will put in place appropriate safeguards. Where appropriate, we may enter into Standard Contractual Clauses with importers or processors and/or other relevant third parties for the transfer of your personal data and may carry out a risk assessment and/or take necessary security measures in order to fulfill our obligations under GDPR.

If we determine we are unable to provide equivalent protection of your personal data, including by entry into the Standard Contractual Clauses, we may seek to rely on derogations authorized by the GDPR, including the derogation of consent/contract/request of data subject. If relying on your consent, we will seek your explicit consent in advance.