Connected Ref Logo

ConnectedRef, Inc. Privacy Protection Policy

We understand the importance of protecting the personal information of our customers and our employees. To earn and maintain your trust we have designed our policy to meet or exceed the requirements of legislation enacted by the United States government and substantially similar state and other legislation (collectively, privacy legislation). In addition, we are constantly looking for new and better ways to secure your personal information and to ensure that it is used in a responsible and respectful manner.

If you have questions or complaints regarding our privacy policy or practices, please contact us at:

ConnectedRef, Inc.
Information Security Officer
600 Coolidge Drive, Suite 300,
Folsom, CA 95630

ConnectedRef, Inc. supports the right to privacy, including the rights of individuals to control the dissemination and use of personal data that describes them, their personal choices, or life experiences. ConnectedRef, Inc. supports domestic and international laws and regulations that seek to protect the privacy rights of such individuals, including legislation enacted by the United States government and substantially similar state and other legislation (collectively, privacy legislation) or the order of any court or other lawful authority.

It does not, however, apply to the collection, use or disclosure of the following information by ConnectedRef, Inc.:

  • information that is publicly available, such as a customer’s name, address, telephone number and electronic address, when listed in a directory or made available through directory assistance;
  • the name, title, business address or telephone number of an employee of an organization; or
  • personal information that ConnectedRef, Inc. collects, uses or discloses for journalistic, artistic or literary purposes and does not collect, use or disclose for any other purpose.

This policy applies to all ConnectedRef, Inc. employees, contractors, temporaries, consultants and other workers. All of these people are expected to be familiar with and fully in compliance with these policies. Workers who are not in compliance are subject to disciplinary action up to and including termination.

This policy also applies to outsourcing organizations that perform information processing services on behalf of ConnectedRef, Inc. Use of outsourcing organizations to process personal data must always include a contractual commitment to consistently observe these policies and related ConnectedRef, Inc. procedures and standards as specified by the Information Security Department. All outsourcing organizations handling personal data provided by ConnectedRef, Inc. must periodically issue certificates of compliance with this policy and permit ConnectedRef, Inc. to initiate independent audits to determine compliance with this policy.

Briefly stated, privacy legislation requires that the consent of an individual be obtained for the collection and use of his or her personal information, that steps are taken to protect personal information and that at least one individual is appointed to monitor compliance with the provisions of applicable privacy legislation.

This privacy policy applies to owned and operated by ConnectedRef, Inc. ConnectedRef, Inc. is committed to controlling the collection, use and disclosure of personal information provided by the customers of ConnectedRef, Inc. and has adopted this Privacy Policy to ensure the accuracy, confidentiality and integrity of such personal information.

The following defined terms are used throughout this Privacy Policy:

ConnectedRef, Inc. – means ConnectedRef, Inc.

Collection – means the act of gathering, acquiring, recording or obtaining personal information from any source, including third parties, by any means.

Consent – means voluntary agreement with the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing but is always unequivocal and does not require an inference on the part of ConnectedRef, Inc. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.

Customer – means an individual who:

  1. subscribes for, uses, or applies to use, the products or services of ConnectedRef, Inc.;
  2. corresponds with ConnectedRef, Inc.; or
  3. browses content or marketing material provided by ConnectedRef, Inc.

Disclosure – means making personal information available to third parties outside ConnectedRef, Inc.

Employee – means an employee, former employee or pensioner of ConnectedRef, Inc., and for the purposes of this Privacy Policy, includes the directors, shareholders and security holders of ConnectedRef, Inc.

Personal information or data – means information about an identifiable individual recorded in any form and includes, but is not limited to, such things as race, ethnic origin, nationality, age, gender, marital status, religion, education, medical information, criminal information, performance reviews, trade union membership, employment and financial history, income, address and telephone number, email address, numerical identifiers such as Social Insurance or Social Security Number, and views and personal opinions. Personal information also includes information about a customer’s product and service subscriptions and usage, credit information, billing records such as credit card number, service and any recorded complaints.

Privacy legislation – means domestic and international laws and regulations that seek to protect the privacy rights of individuals, including legislation enacted by the United States government and substantially similar state and other legislation.

Third party – means an individual, partnership, corporation, public authority, government agency, or any other entity other than the customer or his or her agent or ConnectedRef, Inc.

Use or Processing – means the treatment, handling and management of personal information by ConnectedRef, Inc. Any operation or set of operations performed on personal data, whether by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, combination, blocking, erasure or destruction. No distinction between data, information, knowledge, or wisdom is made in this policy.

This Privacy Policy has been developed in accordance with the standards, laws and regulations of all jurisdictions where ConnectedRef, Inc. does business. This policy identifies ten principles of fair information practices and represents a formal statement of the minimum requirements to be adhered to by ConnectedRef, Inc. for the protection of personal information collected from the customers of ConnectedRef, Inc.

ConnectedRef, Inc. is responsible for the personal information under its control and shall designate one or more individuals who shall be accountable for the company’s compliance with the procedures and principles set out in this Privacy Policy.

1.1 Accountability for compliance by ConnectedRef, Inc. with the policies and procedures set out in this Privacy Policy rests with ConnectedRef’s Chief Information Security Officer, even though other individuals within the company may be responsible for the day–to–day collection and processing of personal information. The Chief Information Security Officer may, from time to time, designate one or more individuals within the company to act on his or her behalf.

1.2 ConnectedRef, Inc. will provide the name and contact information of the Chief Information Security Officer upon request.

1.3 ConnectedRef, Inc. shall be responsible for the personal information in its possession or custody, including information that has been transferred to a third party for processing. ConnectedRef, Inc. shall use contractual or other appropriate means to ensure a comparable level of protection while the information is being processed by a third party.

1.4 ConnectedRef, Inc. has implemented policies and practices to give effect to the principles and procedures set out in this Privacy Policy, including:

  1. procedures to protect personal information such as the adoption of physical, organization and technological security measures; 
  2. procedures for receiving and responding to complaints and inquiries;
  3. training and communicating to staff information about the ConnectedRef, Inc. policies and practices; and
  4. developing public information to explain the ConnectedRef, Inc. policies and procedures.

ConnectedRef, Inc. will identify the purpose for which personal information is collected at or before the time the information is collected. The purposes for which information is collected, used or disclosed by ConnectedRef, Inc. must be those that a reasonable person would consider appropriate in the circumstances.

2.1 ConnectedRef, Inc. will document the purposes for which personal information is collected in order to comply with the Openness requirement (See Principle 8) and the Individual Access requirement (See Principle 9).

2.2 Identifying the purposes for which personal information is collected at or before the time of collection allows ConnectedRef, Inc. to determine the information it needs to collect to fulfill these purposes. The Limiting Collection requirement (See Principle 4) requires ConnectedRef, Inc. to collect only that information necessary for the purposes that have been identified.

2.3 The identified purposes for which personal information is collected shall be specified at or before the time of collection to the customer from whom the personal information is collected. Depending upon the way in which the information is collected, this shall be done orally or in writing.

2.4 When ConnectedRef, Inc. proposes to use personal information that has been collected for a purpose not previously identified, it will identify the new purpose before using such personal information. Unless the new purpose is required by law, or consent is otherwise not required pursuant to privacy legislation, the consent of the individual shall be obtained before the personal information is used for the new purpose.

2.5 Individuals responsible for collecting personal information on behalf of ConnectedRef, Inc. will explain to customers the purposes for which the information is being collected, including any purposes that may not be immediately obvious to the individual.

2.6 The purposes for which the personal information of customers is collected may include, but is not limited to:

  • processing commercial transactions such as order fulfillment;
  • communicating with customers;
  • establishing and maintaining commercial relations;
  • developing, marketing or providing products and services;
  • recommending particular products and services;
  • conducting market research and surveys;
  • managing and developing business opportunities;
  • conducting investigations and complaint resolution processes;
  • facilitating transactional due diligence reviews;
  • complying with legal and regulatory obligations.

2.7 Information gathered automatically by ConnectedRef, Inc. through its website may be used for technical, research and analytical purposes. Information collected through surveys, existing files and public archives may be used by ConnectedRef, Inc. to analyze its markets and to develop or enhance service offerings.

2.8 ConnectedRef, Inc. collects the following personal information from you about your designated third-party representatives: email address, mailing address, phone number, and uses this information for the sole purpose of completing your request or for whatever reason it may have been provided. If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at

The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where consent is not required by privacy legislation as, for example, where the collection, use or disclosure of personal information is solely for journalistic, artistic or literary purposes.

3.1 Consent is required for the collection of personal information and the subsequent use or disclosure of this information. Generally, ConnectedRef, Inc. will seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to the use or disclosure of personal information may be sought after the information has been collected but before the personal information is used (for example, when ConnectedRef, Inc. wants to use information for a purpose not previously identified). In obtaining consent, ConnectedRef, Inc. shall use reasonable efforts to ensure that a customer is advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the customer.

3.2 ConnectedRef, Inc. will not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfill the explicitly specified and legitimate purposes.

3.3 In obtaining consent, ConnectedRef, Inc. will take into account the sensitivity of the personal information and the reasonable expectations of its customers. Consent will not be obtained through deception.

For example:

  • A viewer who browses website or marketing content online from a ConnectedRef, Inc. website, would reasonably expect that his or her relevant contact information (name, phone number, personal identification) would be collected and used to identify the viewer for purposes of website functionality. However, this same viewer would not reasonably expect that this information would be used for a purpose other than the administration of the website, without the viewer’s knowledge and consent.

3.4 The way in which ConnectedRef, Inc. seeks consent may vary, depending on the circumstances and the type of information collected. ConnectedRef, Inc. will generally seek express consent when the information is likely to be considered sensitive. It will rely on implied consent only where collection and use of the personal information is directly related to a transaction or exchange of information in which the individual is directly participating. Consent may also be given by an authorized representative (such as a legal guardian or a person having power of attorney).

3.5 Consent may be obtained in any one of the following ways:

  • an application form may be used to seek consent, collect information and inform the individual of the use that will be made of the information. By completing and signing the form, the individual is giving consent to the collection and the specified uses.
  • a check–off box may be used to allow individuals to request that their names and addresses not be given to other organizations. Individuals who do not check the box are assumed to consent to the transfer of their information to third parties;
  • if a customer chooses not to register or provide personal information via ConnectedRef’s website they may give the information and consent orally over the telephone; or
  • consent may be given at the time that individuals use a product or service.

3.6 Generally, the use of products and services by a customer constitutes implied consent for ConnectedRef, Inc. to collect, use and disclose personal information for all identified purposes.

3.7 An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. ConnectedRef, Inc. will inform individuals of the implications of withdrawing consent. Customers may contact ConnectedRef, Inc. for more information regarding the implications of withdrawing consent.

ConnectedRef, Inc. shall limit the collection of personal information to that which is necessary for the purposes identified by the company. Personal information shall be collected by fair and lawful means. We may collect the following personal information from you:

  • Contact Information, such as name, email address, mailing address, or phone number;
  • Demographic information, such as age, education, gender, interests and zip code;
  • Billing Information, such as credit card number and billing address;
  • Financial Information, such as bank or brokerage account numbers, and types of investments;
  • Social Security Number or Driver's License Number;
  • Unique Identifiers, such as username, account number or password;
  • Preference Information, such as product wish lists, order history, or marketing preferences;
  • Information about your business, such as company name, company size, business type.

4.1 ConnectedRef, Inc. will not collect personal information indiscriminately. Both the amount and the type of information collected shall be limited to that which is necessary to fulfill the purposes identified. ConnectedRef, Inc. shall specify the type of information collected as part of its information handling policies and practices, in accordance with the Openness requirement (See Principle 8).

4.2 The requirement that personal information be collected by fair and lawful means is intended to prevent ConnectedRef, Inc. from collecting information by misleading or deceiving individuals about the purpose for which information is being collected. Consent to the collection of personal information must not be obtained through deception.

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of the purposes for which it was collected. If you wish to cancel your account or request that we no longer use your information to provide you services contact us at We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

5.1 Where ConnectedRef, Inc. intends to use personal information for a purpose not previously identified, ConnectedRef, Inc. shall document the new purpose and shall obtain the consent of the individual prior to using the information for a new purpose.

5.2 Unlike many other websites, it is not necessary to expressly request that ConnectedRef, Inc. not allow access by third parties to your personal information. ConnectedRef, Inc. will not sell, rent, trade or give personal information to other companies. We will share your personal information with third parties only in the ways that are described in this privacy policy.

ConnectedRef, Inc. may disclose the personal information of its customers:

  • to third party service providers, including shipping and mailing companies; these companies are authorized to use your personal information only as necessary to provide these services to us.
  • to internal or external legal counsel and auditors;
  • to an agent retained by ConnectedRef, Inc. in connection with the collection of the customer’s account;
  • to a third party or parties, where the customer consents to such disclosure;
  • to prospective parties in the context of a transactional due diligence review; and
  • where disclosure is required by law, such as to comply with a subpoena, or similar legal process.
  • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request,
  • if ConnectedRef, Inc. is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
  • in certain situations, ConnectedRef, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

5.3 Except as required or permitted by law, when disclosure is made to a party other than ConnectedRef, Inc. or a third party provider of personal information processing services, the consent of the individual shall be obtained and reasonable steps shall be taken to ensure that any such third party has personal information privacy procedures and policies in place that are at least comparable to those implemented by ConnectedRef, Inc. Only that information necessary for the third party to provide services is shared. These third party companies do not have access to any financial information and are not allowed to retain, store, or use personal information for any secondary purposes.

5.4 Personal information shall be kept only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a customer, ConnectedRef, Inc. shall retain, for a period of time that is reasonably sufficient to allow for access by the customer, either the actual information or the rationale for making the decision.

5.5 ConnectedRef, Inc. has guidelines and procedures with respect to the retention of personal information. Personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained, shall be destroyed, erased or made anonymous.

5.6 Our Site may include links to other Web sites whose privacy practices may differ from those of ConnectedRef, Inc. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any Web site you visit.

5.7 Testimonials. We may display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at

5.8 ConnectedRef, Inc. and its partners use cookies or similar technologies to analyze trends, administer the website, track users' movements around the website, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

5.9 As is true of most web sites, we gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.

5.10 Communication Preferences. You may sign-up to receive email or other communications from us. If you would like to discontinue receiving this information, you may update your email preferences by contacting us at

5.11 Our Web site may include Social Media Widgets, such as the Share This button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social Media features and widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the privacy policy of the company providing it.

5.12 Our Web site may offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

Personal information shall be as accurate, complete and up–to–date as is necessary for the purposes for which it is to be used.

6.1 Personal information used by ConnectedRef, Inc. shall be sufficiently accurate, complete and up–to–date to minimize the possibility that inappropriate information may be used to make a decision about the individual customer. The extent to which personal information will be accurate, complete and up–to–date will depend upon the use of the information, taking into account the interests of the individual.

6.2 ConnectedRef, Inc. will not, however, routinely update personal information, unless this is necessary to fulfill the purposes for which the information was collected. Personal information about customers shall be updated only as and when necessary to fulfill the identified purposes or upon notification by the individual.

6.3 ConnectedRef, Inc. shall ensure that personal information that is used on an ongoing basis, including information that is disclosed to third parties, is generally accurate and up–to–date, unless limits to the requirement for accuracy are clearly set out.

Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

7.1 ConnectedRef, Inc. will implement security safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held.

7.2 The nature of the safeguards will vary depending on (i) the sensitivity of the information that has been collected, (ii) the amount, distribution and format of the information, and (iii) the method of storage.

7.3 Physical measures such as locked filing cabinets and restricted access to offices, organizational measures such as security clearances and limiting access on a “need–to–know” basis, and technological measures such as the use of passwords and encryption have been adopted by ConnectedRef, Inc.

7.4 ConnectedRef, Inc. streamlines and expedites its computerized business interactions with individuals, while striving to be forthright and clear about its privacy policies. To support these objectives and to encourage individuals to use Internet commerce sites and other computerized business systems, ConnectedRef, Inc. adopts and supports all generally-accepted standards for web content rating, web site privacy protection, and Internet commerce security, including third–party seals of approval. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL).

No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Web site, you can contact us at

7.5 ConnectedRef, Inc. does not use externally-meaningful identifiers as its own internal individual account numbers. For example, ConnectedRef, Inc. will never create account numbers that are the same as your social security number, driver’s license number, or any other identifier that might be used in an unauthorized fashion by a third party.

7.6 When they are no longer needed, all copies of personal data will be irreversibly destroyed. Documents will be destroyed only if all legal retention requirements and related business purposes have been met.

ConnectedRef, Inc. shall make readily available to its customers specific information about its policies and practices relating to the management of personal information.

8.1 ConnectedRef, Inc. will be open about its policies and practices with respect to the management of personal information. Customers shall be able to acquire information about ConnectedRef, Inc.’s policies and practices with respect to the management of personal information without unreasonable effort.

Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information except where ConnectedRef, Inc. is permitted or required by law not to disclose personal information to the individual customer. An individual customer shall be able to challenge the accuracy and completeness of the information disclosed to him or her and have it amended as appropriate.

9.1 Upon request, ConnectedRef, Inc. shall inform an individual customer whether it holds personal information about that individual (except where permitted or required by law not to disclose personal information) and shall afford the individual a reasonable opportunity to review the personal information in his or her file at minimal or no cost to the individual. ConnectedRef, Inc. shall provide an account of the use that has been made or is being made of the personal information and an account of the third parties to which the personal information has been disclosed. Where reasonably possible, ConnectedRef, Inc. shall indicate the source of the personal information.

9.2 In order to safeguard personal information, a customer may be required to provide sufficient identification information to permit ConnectedRef, Inc. to account for the existence, use and disclosure of personal information and to authorize access to the individual's file. Any such information shall be used only for this purpose.

9.3 In certain situations, ConnectedRef, Inc. may not be able to provide access to all of the personal information that they hold about a customer. For example, ConnectedRef, Inc. is not required to provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Similarly, ConnectedRef, Inc. may not be required to provide access to information if disclosure would reveal confidential commercial information, if the information is protected by privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal, state or provincial law. If access to personal information cannot be provided, ConnectedRef, Inc. shall provide the reasons for denying access upon request.

9.4 In providing an account of third parties to which it has disclosed personal information about a customer, ConnectedRef, Inc. shall attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed personal information, ConnectedRef, Inc. shall provide a list of organizations to which it may have disclosed personal information about the customer.

9.5 ConnectedRef, Inc. will respond to an individual’s request within a reasonable time and in any event within thirty (30) days of the request. The time for responding to a request may be extended for up to an additional thirty (30) days if meeting the time limit would unreasonably interfere with the activities of ConnectedRef, Inc., or if the time required to undertake any consultations necessary to respond to the request would make the time limit impracticable to meet. ConnectedRef, Inc. may also extend the time for responding for such period of time as is necessary to be able to convert the personal information into an alternative format. ConnectedRef, Inc. will provide notice to the individual of any extension taken within thirty (30) days of the individual’s request and will advise the individual of the right to make a complaint to the Chief Information Security Officer about the extension. They will provide the requested information or make it available in a form that is generally understandable. For example, if abbreviations or codes are used to record information, ConnectedRef, Inc. will provide a corresponding explanation.

9.6 Upon request by an individual with sensory disabilities, ConnectedRef, Inc. will give access to personal information about the individual in an alternative format if a version of the information already exists in that format or if its conversion to an alternative format is necessary to allow the individual to exercise rights to request correction, challenge compliance of ConnectedRef, Inc. under the Challenging Compliance Requirement (See principle 10) or file a formal complaint pursuant to applicable privacy legislation.

9.7 ConnectedRef, Inc. shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to the accuracy or completeness shall be noted in the individual’s file. Where appropriate, ConnectedRef, Inc. shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.

9.8 A customer can obtain information or seek access to his or her individual file by contacting ConnectedRef, Inc.

9.9 Customers are entirely responsible for maintaining the confidentiality of their identifying information, including account numbers, User ID numbers and passwords.

An individual customer shall be able to address a challenge concerning compliance with the principles in this Privacy Policy to the Chief Information Security Officer at

10.1 ConnectedRef, Inc. will address and respond to all inquiries or complaints from its customers about the company’s handling of personal information.

10.2 ConnectedRef, Inc. will inform their customers about the availability of complaint procedures.

10.3 ConnectedRef, Inc. will investigate all complaints concerning compliance with this Privacy Policy. If a complaint is found to be justified, ConnectedRef, Inc. will take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A customer will be informed of the outcome of the investigation regarding his or her complaint.

10.4 Any questions about the security of ConnectedRef, Inc.’s website(s) should be addressed to

10.5 If for any reason an individual believes that ConnectedRef, Inc. has not adhered to these privacy principles, notification should be emailed to

This policy is effective as of December 15th, 2021. ConnectedRef, Inc. reserves the right to modify this privacy policy at any time, so please review it frequently.