Privacy Policy

Effective Date: October 1, 2022 

This Privacy Policy (“Privacy Policy”) is published by CoreTrust Purchasing Group, LLC (referred to in this Privacy  Policy as “CoreTrust,” “we” “us” or “our”) to explain our privacy practices for any information received via our  website https://www.coretrustpg.com/ (“Website”) or tradeshows, conferences, or conventions (“Events”)  (collectively, “Website & Events”).  

By providing information for our Website & Events, you consent to the terms of this Privacy Policy. If you do not  agree to the terms and conditions of this Privacy Policy, including having your Personal Information used in any of  the ways described in this Privacy Policy, do not provide us with your information. Please note, however, that if you  do not provide us with your information, you may not be able to use or participate in certain features of our Website  & Events. 

1. Changes and Updates to This Privacy Policy 

We reserve the right to revise or update this Privacy Policy at any time, and you should periodically read the Privacy  Policy to learn of any revisions or updates. We will notify you of any changes to the Privacy Policy by posting the  revised or updated Privacy Policy and its “Effective Date” on this Website. Your providing information via the Website  & Events thereafter constitutes your agreement to and acceptance of the Privacy Policy and its revisions or updates.  

2. Collection and Use of Your Personal Information 

Collection Sources. Our Website & Events may permit you the opportunity to provide Us with Personal Information.  As used in this Privacy Policy, “Personal Information” means any information that may be used, either alone or in  combination with other information, to personally identify an individual as defined by applicable laws. We may  collect certain information, including Personal Information, from and about our users in various ways: 

o directly from you or from your Employer on your behalf; 

o automatically when you use our Website.  

3. Information Collected Directly from You or From Your Employers on Your Behalf 

Either from filling out an online contact form or providing information at Events, we may collect the following  Personal Information directly from you or from your employer on your behalf: 

o Name 

o Email 

o Title 

o Company 

o Phone Number 

4. Information Automatically Collected When You Use Our Website 

We may automatically collect data about you when you use our Website. This information is primarily used to  maintain the security and operation of our Website, and for our internal analytics in connection with our GPO  services. This information may include: 

o device and usage information, such as your IP address 

o browser and device characteristics 

o operating system 

o language preferences

o referring URLs 

o device name 

o country or location 

o information, including preferences or characteristics, about how and when you use our Website o Internal automations/system settings 

o “cookies” and other tracking technologies like pixel tags and web beacons, often called “smart  cookies.”  

Cookies and Other Tracking Technologies 

Cookies are text files that are sent by servers to web browsers and stored on your computer. They tell us which parts  of our Website you’ve visited so we can save your preferences for future visits to our Website. Web beacons and  pixel tags are images embedded in a webpage or e-mail for the purpose of measuring and analyzing usage and  activity. Some cookies and other technologies may serve to recall Personal Information previously provided by a  user. Our Website, or third-party service providers acting on our behalf, may use cookies, web beacons, and pixel  tags to help us analyze usage and improve our functionality.  

We use information collected from cookies and other technologies to improve your user experience and the overall  quality of our Website and connected GPO services. We use cookies to help us identify and track visitors, your usage  of our Website, and your access preferences. We may use your Personal Information to see which web pages you  visit our Website, which websites you visited before coming to our Website, and where you go after you leave our  Website. We can then develop statistics that help us understand how our visitors use our Website and how to  improve it. If you do not wish to have cookies placed on your computer, you should set your browsers to refuse  cookies before using our Website. Please understand that if you do so, you may not be able to fully utilize our  Website and therefore we disclaim, and you hereby waive, any claim or liability that may arise due to your partial or  incomplete access to the content of any of our website as a result thereof. 

GOOGLE ANALYTICS 

We use Google Analytics cookies to help us to analyze traffic and understand how our customers use our Website.  For more information on Google Analytics’ processing of Personal Information, please see  http://www.google.com/policies/privacy/partners/. You may opt out of the use of Google Analytics here:  https://tools.google.com/dlpage/gaoptout.  

5. Do Not Track Disclosure 

Many web browsers include a Do-Not-Track (“DNT”) feature or setting that signals your preference not to have data  about your online browsing activities monitored and collected. However, there is currently no uniform standard for  recognizing and implementing the DNT signals. As such, we do not monitor or respond to Do Not Track browser  requests. If a standard is adopted that we must follow in the future, then we will inform you about that practice in  a revised version of this Privacy Policy. 

6. Contests 

We occasionally offer contests via our Website or in-person at Events. To participate in these contests, we may  require you to provide us with Personal Information, such as your name, company, title, email address, and phone  number. We will use the information you provide us for purposes including administering the contest and other  purposes disclosed in contest rules and policy. We do not sell any Personal Information provided to us. If you have  any questions or concerns, please contact us via the Contact Us section below.  

7. How We Use the Information Collected 

We use the Personal Information we collect above to: 

o provide access to the services you have requested

o respond to your questions and support you regarding the use of our Website & Events o communicate with you about our services 

o comply with applicable law and legal requirements, including valid court orders 

o design, improve, and administer our Website & Events 

o analyze trends and statistics regarding use of our Website & Events and future service models o market our services to you 

o protect against and prevent fraud, unauthorized transactions, claims, and other liabilities for any  other purpose  

8. How We Disclose the Information We Collect 

We share some information with service providers and partners who assist us in operating our Website & Events  and connected GPO services and, in some cases, legal authorities. 

o With our service providers and partners. 

▪ We use third parties and vendors to help us operate and improve our Website & Events  and connected GPO services. These third parties assist us with various tasks for business  purposes, including website support and analytics. We do not allow these parties to use  your information for any purpose other than to perform those services. 

o Per your or your employer’s instructions.  

▪ We may share and disclose Personal Information in accordance with a customer’s  instructions and with appropriate consent, including any applicable terms in our Terms of  Use and in compliance with applicable law and legal process.  

o Other situations. We also may use and disclose information outside of our day-to-day business  practices and in ways unrelated to our Website & Events. 

▪ In the Event of Merger, Sale, Divestiture, or Change of Control. We may transfer or assign  Personal Information to an entity that acquires all or substantially all of our assets or stock  whether by merger, acquisition, reorganization, or otherwise. 

▪ Other Disclosures. We may disclose Personal Information about you if we have a good  faith belief that disclosure of such information is helpful or reasonably necessary to: (i)  comply with any applicable law, regulation, legal process, or governmental request; (ii)  enforce our Terms of Use or Terms of Sale, including investigations of potential violations  thereof; (iii) detect, prevent, or otherwise address fraud or security issues; or (iv) protect  against harm to our, your, or third parties’ rights, property, or safety. 

We do not sell your Personal Information for monetary or other valuable consideration.

9. Your Choices About Your Information 

You have choices about how we use your information. Please understand that if you choose not to disclose  information to us, it may affect your ability to use some features of our Website & Events or connected GPO services. 

9.1. Marketing. If you have supplied your email address in relation to our Website & Events, we may further  send you emails or notifications via the membership portal to provide you with information, to inform you  of new events or content, to solicit your feedback, or to keep you up to date on us. You can opt out of our  marketing and promotional communications at any time by clicking Unsubscribe or otherwise following  the opt out prompts on these communications. You also may ask us not to send you other marketing  communications by contacting us as specified in the “Contact Us” section below, and we will honor your  request. Please note that even after you are removed from our marketing lists, we may still send you non promotional communications, such as responding to service requests.

9.2. Advertisements. Advertisements appearing on any of our Website may be delivered to users by  advertising partners, who may set cookies. These cookies allow the ad server to recognize your computer  each time they send you an online advertisement to compile information about you or others who use  your computer. This information allows ad networks to, among other things, deliver targeted  advertisements that they believe will be of most interest to you. This Privacy Policy covers the use of  cookies by us and does not cover the use of cookies by any advertisers. 

9.2.1. We and our service providers may use information about your interactions with our Website to  predict your interests and select the ads you see on and off our Website. This is known as interest based advertising. In providing interest-based ads, we follow the Self-Regulatory Principles for Online  Behavioral Advertising developed by the Digital Advertising Alliance (“DAA”). For more information  about interest-based advertising and how you can opt out, visit: 

• Digital Advertising Alliance: http://www.aboutads.info/choices/ 
• Network Advertising Initiative: http://www.networkadvertising.org/choices/

10. Third Party Links. Our Website may link to third-party websites, online services, or mobile applications and/or  contain advertisements from third parties that are not affiliated with us—and which may link to other websites,  services, or applications. Please be aware that we are not responsible for the privacy or practices of other  websites or third parties. We do not make any guarantee regarding those third-party websites, services, or  applications, and we are not liable for any loss or damage caused by the use of such sites. Any data collected by  third parties is not covered by this Privacy Policy. You should review the policies of the third parties and contact  them directly if you have any questions about their services or practices. 
11. Confidentiality & Security. CoreTrust values your privacy and is committed to protecting your information. We  have appropriate administrative, technical, and physical safeguards in place to ensure the integrity and security  of your information. We undertake commercially reasonable efforts to guard against unauthorized access, use,  alteration, or destruction of Personal Information. 
12. Information Retention. We keep your personal data only as long as necessary to provide you with our services  and for legitimate and essential business purposes, such as maintaining the performance of our Website &  Events, making data-driven business decisions about new features and offerings, complying with our legal  obligations, and resolving disputes. We keep some of your personal information for as long as you are a  registered member of our services.  
13. Children. We do not knowingly collect or solicit personal information from children under the age of 18. By  providing information via the Website & Events, you represent that you are at least 18 years old. If you are  under 18, please do not provide information via our Website & Events. If we become aware that we have  inadvertently received or collected Personal Information from a child who is under the age of 18, we will attempt  to immediately delete that information from our files and records. If you believe a child who is under the age  of 18 has provided us with Personal Information, please contact us at the address listed below in “Contact Us.” 
14. California Privacy Policy. This section applies solely to California residents (“consumers” or “you”) from whom  we receive Personal Information via our website https://www.coretrustpg.com/ (“Website”) or tradeshows,  conferences, or conventions (“Events”) (collectively, “Website & Events”). This section uses certain terms that  have the meaning given to them in the California Consumer Privacy Act of 2018 and any subsequent  amendments or acts, including but not limited to the California Privacy Rights Act (“CCPA”), including  “Personal Information,” which is defined as information that identifies, relates to, describes, is reasonably  capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular  consumer or household. 

14.1. Collection & Sharing of Personal Information. During the 12-month period prior to the effective date of  this Privacy Policy, we may have shared or disclosed the following categories of Personal Information about 

you for a business or commercial purpose with certain categories of third parties, as described below. For  more information on how we disclose Personal Information, please see CoreTrust’s Privacy Policy section  on “How We Disclose the Information We Collect.” We do not sell your Personal Information in exchange  for monetary consideration and have not done so during the preceding 12 months.

Categories of   Personal   Information Sold,  Shared, or   Disclosed	Personal   Information   Collected	Source of   Personal   Information   Collected	Categories of Third  Parties to Whom   Personal Information  Was Sold, Shared, or  Disclosed	Business or Commercial  Purpose of Selling,   Sharing, or Disclosing  Personal Information
Identifiers	real name, email  address, internet  protocol (IP)   address, cookies,  beacons, and   mobile ad   identifiers	Directly from  you or from   your Employer  on your   behalf;   automatically  when you use  our Website.	Service Providers	• Verify  consumer’s   identity  • Provide   customer   service   regarding   products and   features  • Support our   internal and   business   operations  • Fulfill a   consumer’s   request
Additional   Information   Subject to Cal. Civ.  Code § 1798.80	real name	Directly from  you or from   your Employer  on your behalf	Service Providers	• Verify   consumer’s   identity  • Provide   customer   service   regarding   products and   features  • Support our   internal and   business   operations  • Fulfill a   consumer’s   request
Internet or Other  Electronic   Information   Activity	IP address,  browsing history,  search history,   information   regarding a   consumer’s   interaction with  our website,   applications, or	Automatically  when you use  our Website.	Service Providers	• Enable   consumer to   request   information or   purchase a   product from   our services.   • Support our   internal and
	advertisements,  cookies, beacons,  mobile ad   identifiers,   clickstream, time  or date electronic  communication  was created, sent,  or received			business   operations  • Fulfill a   consumer’s   request

 

14.2. California Consumer Privacy Rights 

14.2.1. Shine the Light Law. Under California’s “Shine the Light” law, California residents have the right  to request in writing from businesses with whom they have an established business relationship: (a)  a list of the categories of Personal Information, such as name, e-mail and mailing address and the  type of services provided to the customer, that a business has disclosed to third parties (including  affiliates that are separate legal entities) during the immediately preceding calendar year for the third  parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To  request the above information, please contact us as directed in the Contact Us section below with a  reference to “Shine the Light.” 

14.2.2. Consumer Rights Under CCPA. Under CCPA, consumers have certain rights regarding their  Personal Information, as described below. 

• Right of Access: You have the right to request, twice in a 12-month period, that we disclose  to you the following information about you, limited to the preceding twelve (12) months: 

o The categories of Personal Information that we collected about you; 

o The categories of sources from which the Personal Information is collected; 

o The business or commercial purpose for collecting or selling Personal Information; 

o The categories of third parties with whom we share Personal Information; 

o The specific pieces of Personal Information that we have collected about you; 

o The categories of Personal Information that we disclosed about you for a business  purpose or sold to third-parties; and 

o For each category of Personal Information identified, the categories of third parties  to whom the information was disclosed or sold. 

• Right of Deletion: You have the right to request that we delete any Personal Information  about you which we have collected from you, subject to exceptions within the law.  
• Right to Opt-Out: You have the right to opt-out of the disclosure of Personal Information  about you for monetary or other valuable consideration. However, we do not sell any  Personal Information.  
• Right to Opt-In: Unless proper consent is acquired, a business shall not sell or share the  personal information of consumers if the business has actual knowledge that the consumer is  less than 16 years of age. We do not have actual knowledge that we collect, share, or sell the  Personal Information of minors under the age of 16. 
• Right to Limit Use and Disclosure of Sensitive Personal Information: You may request specific  limitations on further sharing, use, or disclosure of your sensitive Personal Information, as  defined by California privacy laws, which is collected or processed for “the purpose of inferring  characteristics about a consumer.” However, we do not collect or process sensitive Personal  Information for this purpose.
• Right to Correction: You have the right to request that we maintain accurate Personal  Information about you and correct any Personal Information about you which we have  collected from you, subject to exceptions within the law.  

If you would like to exercise your rights, please refer to the below Section “Consumer Requests.”  

14.3. Consumer Requests. You may exercise your consumer rights by contacting us as described in the Contact  Us section below. 

14.3.1. Right to Non-Discrimination. We may not discriminate against you because you exercise any of  your rights, including, but not limited to: 

o Denying goods or services to you; 

o Charging different prices or rates for goods or services, including through the use of discounts or  other benefits or imposing penalties; 

o Providing a different level or quality of goods or services to you; or 

o Suggesting that you will receive a different price or rate for goods or services or a different level  or quality of goods or services. 

14.3.2. Verifying Requests. CCPA requires us to verify your identity when you make a consumer request  to help protect your privacy and maintain security. If you request access to or deletion of your  Personal Information, we may require you to provide additional information, including but not limited  to: name, email address, telephone number, or company. When you make such a request, we will  respond within the time frames legally required and provide an explanation for any denials of  requests. 

14.3.3. Authorized Agents. You may designate an authorized agent to request any of the above rights on  your behalf. You may make such a designation by providing the agent with written permission, signed  by you, to act on your behalf. Your agent may contact us as described in the Contact Us section below  to make a request on your behalf. Even if you choose to use an agent, we may, as permitted by law,  require: 

o The authorized agent to provide proof that you gave written permission to the authorized agent  to submit the request; 

o You to verify your identity directly with us; or 

o You to directly confirm with us that you provided the authorized agent permission to submit the  request. 

15. Contact Us. If you have any questions or concerns about this Privacy Policy or the information practices of our  Website & Events, please contact us at privacy@CoreTrust.com or by calling us toll-free at 855-208-2362.