Effective Date: September 10, 2024

Our Commitment to Privacy

Your privacy is as important to Rimini Street, Inc. and its subsidiaries RSI International Holdings, Inc., and RSI International Holdings, LLC.  (“Rimini Street,” “company,” “we,” “us,” or “our”) as it is to you (“you” or “your”). We will never sell your personal information to any third parties.  

This Privacy Notice is a general notice about the ways in which we gather, use and disclose personal information for the legitimate business purposes of Rimini Street and how we protect your rights.  This Privacy Notice applies to the website located at www.riministreet.com and applications that use this domain and that are controlled by Rimini Street (the “Sites”), to any events, tradeshows, interactions with our business representatives (“Business Activities”), to our use of personal information to protect Rimini Street’s legal rights, property and security (“Security”), to our use of past, current, and prospective employee personal information for human resources purposes (“HR”) as supplemented by Rimini Street’s internal HR Privacy Policy to which all employees have access, and to any services activities under contract to the extent not superseded by a duly executed written agreement with a client (“Services”). We protect your personal information in accordance with this Privacy Notice whenever we use it for these purposes and provide you with information about your rights and choices with regard to your personal information herein.   

APEC CBPR Certification and Participation

Rimini Street’s privacy practices described in this Privacy Notice comply with the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules System (CBPR). The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies.  More information about the APEC framework can be found here. 

E.U.-U.S. Data Privacy Framework, U.K. Extension to the E.U.-U.S. Data Privacy Framework, and Swiss-U.S. Data Privacy Framework

Rimini Street Inc. and its subsidiaries RSI International Holdings, Inc., and RSI International Holdings, LLC.  (“Rimini Street”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Rimini Street has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Rimini Street has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. 

For information regarding the types of personal information processed by Rimini Street as a controller and the purposes, please see “The Personal Information That We Collect and Receive” and “Why and How We Use Personal Information” sections of this Notice. As a processor to our customers, Rimini Street processes personal information that customers provide for the provision of services such as an employee’s title, business email address, business address, time zone, language preference, office location or any personal data intentionally attached or shared with Rimini Street as part of a support request. 

For information on types of third parties to which Rimini Street discloses personal information and purposes, please see “Disclosure of Personal Information” section of this Notice.  

The Personal Information That We Collect and Receive

We may receive certain personal information through the following means: 

• When you (in person, over the phone, or electronically) exchange messages with us (including our personnel working in Business Activities, HR, and Services functions), to the extent such messages or sender address information contains Personal Information that you choose to send or display to us, such as name, company name, business email, telephone number and address. 
• When you interact with Business Activities such as events, online documents and interactive activities, exchanging your business card with us, discussing our services with one of our representatives, or when interacting with our representatives or branded company accounts on social media, we may collect the information that you enter or share, such as business contact information, including your title, and whether you have the interest and ability to influence a business entity’s purchase of our services. 
• When you interact with our marketing emails, in which case such information is limited to letting us know whether you opened or clicked on an email.  
• When we acquire, verify, or supplement your business contact information using third party business directories and services where you have allowed your business contact information to be generally available.  
• When you interact with our Sites, during which you may enter information into fields such as in web forms (e.g., to express interest in obtaining information about our Services, we may ask you to provide us with your business contact information including your business email).   
• When our Security function collects information when you visit our business office locations or interact with our networks and computing systems.  On premises, video surveillance and visitor logs may capture your appearance, time and location.  While using our computing systems, your logins and interactions will be recorded, and, in some cases, your precise geographic location may be collected. 
• When you browse our Sites, during which, analytics information may be passively collected such as IP addresses, web browser settings, operating system information, the date, time and duration of visits and referring/exit pages are collected.  Third parties such as social media and advertising partners may also receive information about or your devices when you visit our Sites or utilize social media features such as “share” or “like” buttons.  Such collection occurs through Cookies and Passive Data Collection Technology, as further discussed below.   

Your Consent – In certain circumstances noted above, it may be appropriate for us to obtain your explicit prior consent, in such event, we will present more specific information and a choice to you, and that choice may also be freely changed without penalty or consequence to your rights.  In other cases, where we have presumed or inferred consent for lawful reasons, you will be presented with ample opportunity to inform us of your preferences or opt out from further such uses. 

Children or Minors – We do not knowingly collect, use, or disclose personal information from children or minors. Our marketing and services are of interest to businesses and are not intended or designed to appeal to children or minors.  

Why and How We Use Personal Information

We use personal information in the pursuit of lawful, legitimate business interests, for example: 

• For Services, such as when you interact with technical support team or consultants for purposes of the Services or when we improve or develop new offerings based upon your preferences and feedback, including updating your information in parts of the Sites that are provided to you as a support portal under an agreement. 
• For external HR purposes, such as talent recruitment and scouting, managing job applications, and interactions that you may have with our HR staff including when using a job application portal that we include in our Sites. 
• For internal HR purposes, such as administering benefits, managing employees, career development, and employee engagement.  Current employees should refer to Rimini Street’s internal HR Privacy Policy for more details. 
• For Security purposes, such as protecting the health and safety of employees or other parties to whom we may owe a duty or protecting the property or legal rights of the company, including fulfilling ethical duties. 
• For purposes of the Sites’ analytics and visitor tracking, such as understanding the general location and demographics of visitors to our Site and the popularity and interest in our promotional materials and messages.  Passively collected information is also sometimes related to visitor information or customer user information in order to understand an individual visitor’s browsing journey or a customer’s interests in current or prospective products or services.  Please see section below on Cookies and our displayed Cookie Notice for further information and choices. 
• For Business Activities, such as communicating with you about our webinars, events, downloadable information and assets, and our service offerings and understanding the popularity and interest in such activities. 
• We do not make decisions based solely on automated processing, artificial intelligence (generative or otherwise) that produces legal or similarly significant effects concerning you. 

Retention of Personal Information – We may retain your personal information for the duration of the valid business purpose for which it was originally collected, or if the aforementioned Security purposes require longer retention, such as when we need to retain sufficient information to honor an unsubscribe request. 

Disclosure of Personal Information

Rimini Street discloses information for business purposes in the following circumstances, and only when the recipient demonstrates and agrees to appropriate safeguards for the security and privacy of your personal information: 

• When disclosing information to affiliates and third parties under this section, whenever international transfer would occur, we will apply appropriate measures design to ensure the lawful transfer of such personal information. 
• When we share information with fully or majority-owned corporate affiliates under the brand of Rimini Street. 
• When we disclose personal information to third party service provider companies who assist us in Business Activities, the Sites, HR, Security, or the Services.  
• When we must respond to regulatory and/or judicial authorities for information as required by law, such as to comply with a subpoena or other legal process, to protect our rights, to investigate fraud, or to respond to a regulatory request. 
• When we create or acquire another entity that becomes a part of Rimini Street or are acquired by another entity.  If Rimini Street is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information. 
• When we partner with third parties to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on these Sites and other sites in order to provide you advertising based upon your browsing activities and interests if you have consented/not opted out of these disclosures in interacting with our cookie notice dialog. To understand more about these technologies, see About Cookies and Passive Data Collection Technologies.   

Our Commitment to Security

Rimini Street processes personal information only in ways compatible with the purpose for which it was collected, except where Security purposes may apply. Under any circumstance, we take reasonable steps to make sure that Sites users’ personal information is accurate, complete, current and otherwise reliable with regard to its intended use based on the personal information that has been provided to us.  

Rimini Street takes reasonable and appropriate measures to maintain the confidentiality and integrity and availability of personal information in order to prevent its unauthorized use or disclosure. This includes maintaining a system of appropriate and generally accepted administrative, physical and technical safeguards to secure such personal information.  Rimini Street undergoes audit and maintains ISO 27001 certification with respect to information security management and ISO 9001 with respect to quality of services management.  

About Cookies and Passive Data Collection Technology

Tracking technologies have different names, and below is some background on the various kinds in use on this site. 

Cookies are small text files that store information about your interactions with a particular website, either temporarily (known as a “temporary” or “session” cookie and deleted once you close your browser window) or more permanently on the hard drive of your computer (known as a “permanent” or “persistent cookie”). Cookies can make it easier to use a website by allowing servers to access certain information quickly: 

Session cookies can be used to help a user’s browser navigate a website more smoothly and may show up if the user comes from a website with which the subsequent website has some relationship (for example, a website of an affiliated company) and can give helpful information. 

Persistent cookies can be used to customize a website for a user, such as by storing passwords, preferences, and registration and account information so that users do not have to reenter this information each time they visit a website. 

The Sites may use both session/temporary cookies and persistent/permanent cookies to store information that allows us to offer you better customer service and easier site navigation. To make the Sites easier to use, we combine information collected via cookies with your personal information. Most internet browsers accept cookies automatically, but you can change the settings of your browser to erase cookies after each session or prevent automatic acceptance of first or third-party cookies if you prefer. Note that if you configure your browser to reject cookies, you might not be able to access important functions or areas of the Sites or enjoy certain conveniences at the Sites. For more information how to exercise your cookie preference using browser controls, visit your browser’s or device’s help material. We have obtained links to instructions to block cookies depending on the browser you rely on, and such links are maintained and subject to changes by manufacturers of these major browsers:  

• Internet Explorer
  https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies 

• Firefox
  https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences 

• Safari
  https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac 

• Google Chrome
  https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en-GB 

Clear GIFs (a.k.a. Web Beacons/Web Bugs), can track an individual visitor’s journey on our Sites to help us better manage content by informing us what content is effective.  Clear GIFs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We tie the information gathered by clear GIFs to personal information entered by visitors in order to understand how that visitor interacted with the Sites. 

Browser Fingerprinting means generating an identifier for a browser visiting a website based upon the potentially unique combination of settings that it automatically transmits. 

Local Storage, such as used by HTML5, is used to store content information and preferences. Various browsers may offer their own management tools for removing HTML5. 

Cross-Border Data Transfers

We transfer, store and otherwise process personal data within our global family of companies as well as to third party service providers located in approved jurisdictions around the world.  Whenever we do so, we implement a legally adequate transfer mechanism such as Standard Contractual Clauses approved by the relevant data protection authority(ies) or may rely upon mechanisms or certifications, including the APEC Cross Border Privacy Rules, the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF  described above. If you are an EU, UK, or Swiss individuals, where we transfer your personal information to third party service providers (see “Disclosure of Personal Information”) who perform services for us or on our behalf, we are responsible for the processing of that personal information by them and shall remain liable if they process your personal information in a manner inconsistent with the DPF principles referred to below unless we prove that we are not responsible for the event giving rise to the damage.  

Your Rights

Upon request we will provide you with personal information about whether, as a data controller, we hold any of your personal information as well as further details about other entities with whom we have disclosed personal information.  

You may access, correct, or request deletion of your personal information.  You are also entitled to object to or restrict processing or opt-out of sale or sharing of personal information for targeted advertising at any time, and you have the right not to be discriminated against for exercising your rights. You have the right to receive your personal information in a commonly used electronic form. If we have collected your personal information with your consent, you have the right to withdraw your consent. We will respond to your request in accordance with applicable laws and regulations. In any case, you also have the right to lodge a complaint with your data protection authority regarding the processing of your personal information. Certain US state privacy laws provide their residents with the right to appeal. If we deny your request, you may appeal our decision by contacting us at [email protected]. We do not make decisions based solely on automated processing that produces legal or similarly significant effects concerning you. To exercise your rights, please contact us using the contact details at the bottom of this Privacy Notice. To process your request, we may request personal information from you to enable us to confirm your identity and right to access such personal information, as well as to search for and provide you with the personal information we maintain. Applicable laws or regulatory requirements may allow or require us to refuse to provide or delete some or all of the personal information that we maintain, for example if we must maintain minimal information to be able to ensure that we will not contact you in the future. 

Marketing Preferences

If at any time after registering to receive information you change your mind and no longer wish to receive any information or marketing emails from us, send a request to [email protected], use the unsubscribe link contained in our marketing emails, or visit www.riministreet.com/unsubscribe specifying your new choice. 

Cookies Preferences

As stated in the above Cookies and Passive Data Collection Technologies, you may be presented with an option to consent to or opt-out from specific categories of non-essential visitor tracking technology as further detailed in our Cookies List, and you may adjust your Cookies Settings at any time (See Cookie Settings link at the bottom of this web page).  

Your Testimonials

We post customer testimonials on our Site upon prior consent from the customer, which may contain personal information such as the customer’s name. If you wish to update or delete your testimonial, you may contact us at [email protected]. 

E.U.-U.S., U.K., and Switzerland Data Privacy Framework Rights

With respect to personal information received or transferred pursuant to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Rimini Street is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Rimini Street commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Rimini Street at [email protected]. 

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Rimini Street commits to refer unsolved complaints concerning our handling of personal information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States at no cost to you.  

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Rimini Street commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs),  the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the context of employment relationship. 

Under certain conditions, more fully described on the Data Privacy Framework website, How-to-Submit-a-Complaint, you may invoke binding arbitration when other methods have been exhausted.  

Your Rights with Respect to Our Customers

In situations where we are a data processor and provide services to customers, we generally have no knowledge of or relationship with the individuals whose personal information exists in systems that we are engaged to support. An individual who seeks access to, or who seeks to correct, amend, or delete inaccurate personal information that has been provided to a Rimini Street customer or partner should direct their query to that customer or partner. 

Your Rights with Respect to Our Marketing Partners

Tracking Choices 

Depending upon the purpose of the tracking technology (functionality, analytics, advertising) and the laws of your local jurisdiction, you may be presented with an option for prior consent, implied consent, or no prior consent to tracking occurring on our Sites by marketing partners.  

You may learn more about and enable or disable different categories of cookies and other tracking technology at any time by referring to the Cookies Settings page. 

Advertising Choices 

If you would prefer to not receive personalized ads based on your browser or device usage, you may generally express your opt-out preference to no longer receive tailored advertisements. Please note that you will continue to see advertisements, but they will no longer be tailored to your interests. 

To opt-out of interest-based advertising by participating companies, please visit: 

• Digital Advertising Alliance (DAA)’s self-regulatory opt-out page (http://optout.aboutads.info/) and mobile application-based “AppChoices” download page (https://youradchoices.com/appchoices) 
• Network Advertising Initiative (NAI)’s self-regulatory opt-out page (http://optout.networkadvertising.org/).  
• For individuals located in Europe, please visit European Interactive Digital Advertising Alliance (EDAA)’s consumer opt-out page (http://youronlinechoices.eu).  

Your Rights with Respect to Unaffiliated Third Parties  

The Sites may provide links from our Sites to websites, content, products and services from third parties that do not process personal information in connection with us.  Whenever following or interacting with such links, you should refer to the policies posted by these third-parties regarding privacy and other topics before you use them, as this Privacy Notice applies solely to personal information collected or used by Rimini Street or its marketing partners subject to an agreement. 

Choice  

If personal information covered by this Privacy Notice is to be used for a new purpose that is materially different from that for which the personal information was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party in a manner not specified in this Notice, Rimini Street will provide you with an opportunity to choose whether to have your personal information so used or disclosed. Request to opt out of such uses or discloses of personal information should be sent to us as specified in the “Contact Us” section below.  

Certain personal information, such as information about medical or health conditions, racial or ethnic origin is considered “Sensitive Personal Information.” Rimini Street will not use Sensitive Personal Information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless Rimini Street has received your affirmative and explicit consent (opt-in). 

Contact Us

f you have questions regarding this Privacy Notice, Rimini Street’s privacy program or privacy practices or wish to exercise your rights, you may contact us by email directed to [email protected], or by regular mail addressed to:   

Rimini Street, Inc.
Attn: Privacy
1700 South Pavilion Center Drive
Suite 330
Las Vegas, NV, 89135 

For Unresolved Privacy Concerns of European Economic Area and Switzerland Residents

If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Rimini Street, and your inquiry, you may have your complaint considered by an independent recourse mechanism: for EU/EEA Data Subjects, a panel established by the EU data protection authorities (“DPA Panel”), and for Swiss Data Subjects, the Swiss FDPIC. To do so, you should contact the state or national data protection or labor authority in the jurisdiction where you work. Rimini Street agrees to cooperate and comply with the decisions of the DPA Panel and FDPIC. 

Rimini Street commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship. 

For Unresolved Privacy Concerns of Residents of APEC CBPR Member Economies

If you have an unresolved privacy or personal data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. 

Changes to this Privacy Notice

We reserve the right to change this Privacy Notice at any time, and any non-material modifications are effective when they are posted on the Sites. For any significant change, we will post a prominent notice of a material change to our privacy notice on the home page of the Sites prior to the change becoming effective. The date of the newest version of the Privacy Notice will be posted below. Please check back frequently, especially before you submit any personal information at the Sites, to see if this Privacy Notice has changed.