Privacy Policy

Last updated: November 1, 2023

I. Introduction

This Privacy Policy informs you of Registrar Corp’s (“Registrar Corp.”, “us”, “we”, or “our”) policies regarding the collection, use, and disclosure of personal information we collect from users of RegistrarCorp.com (the “Site”) or from users of any of our products (“Products”) or services (“Services”). By using the Website or its Products or Services, you agree to be bound by this Privacy Policy.

We respect your privacy and commit ourselves to the highest standard for data protection and privacy. Our global footprint requires compliance with several data protection regulations and, as a guiding principle, we apply the strictest regulation to protect your data and privacy globally. In addition to informing you about the policies regarding the collection, use, and disclosure of personal information we collect from users, this Privacy Policy also outlines your rights and choices regarding your personal information.

To exercise your data protection rights or for more information about our data protection practices, please contact us here or send us an email at: [email protected]“.

II. Information Collection and Use

Registrar Corp. may collect personal information through our communications with you or through your use of the products and services offered by Registrar Corp. Consequently, personal information can be directly provided by you or indirectly collected by us. You can always opt not to disclose information to us, but if you do not provide the personal information we are requesting, it may delay or prevent us from providing our products and/or services to you.

A. The Information We Collect:

  1. Information Provided by Users
    1. Information that facilitates communication between you and Registrar Corp., such as name, email and physical address, telephone number, and passwords.
    2. Surveys and feedback submissions.
    3. Product and service information.
    4. Customer contact records.
  1. Information Created During Use of Our Services
    1. Geographic information (country, city, and geographic coordinates) based on IP address.
    2. Device type, operating system and version, browser, browser language, domain and other systems data, platform types, IP address, device IDs, and cookie information.
    3. Uniform Resource Locator (“URL”) of the website you came from and which URL you go to next.
  1. Information from Other Sources
    1. Financial information such as credit/debit card or other payment information, billing address, shipping address, and zip code are collected directly by established third party banking, processing agents, and distribution institutions.
    2. Information from publicly available sources.
    3. Information collected through tracking and automated means. Please see our Cookie and Third Party Technology Party Policy in part C below.

B. How We Use Personal Information

Registrar Corp. collects and uses personal information for the following purposes:

  1. Provide, maintain, and improve our services.
    1. Delivering the services, including FDA Registration, Detention Assistance, Food Safety Services, Import Alerts and DWPE, Label and Ingredients Review, TTB Tax Benefit Assignments, Prior Notice Help, Radiation Emitting Device Compliance, Food Canning Establishment Services, GACC Services
    2. Managing your account and billing.
    3. Enabling secure login and single sign on.
    4. Performing necessary operations to maintain our services, including troubleshooting software, performing backups, addressing operational problems, and system status monitoring.
    5. Improving the Site and its contents.
    6. Third Party Integrations. We will share your Personal Data with affiliated businesses only if you set up an integration, and we will only share your information to the extent that it is related to the transaction or service. In addition, we may offer access to third party sharing functionality, such as third party social media widgets/tools/buttons. If you use that functionality, your use is subject to the third party’s privacy policy and terms. As with all links to non-Pfizer websites/content/services, we recommend that you read the privacy policies and terms associated with third party properties carefully.
  1. Customer Support
    1. Providing customer support, including investigating and addressing customer concerns.
  1. Compliance with legal and regulatory requirements
    1. Registrar Corp. uses the data it collects to defend itself, investigate, or otherwise address claims or disputes relating to Registrar Corp’s services.
    2. Registrar Corp. uses the data it collects to satisfy requirements under applicable laws, regulations, operating licenses or agreements, or pursuant to legal process or governmental requests.
    3. Using IP addresses to identify a user when we feel it is necessary to protect our services, website, vendor, visitors, or others. We also reserve the right to protect the security or integrity of the Site and our business, such as by protecting or preventing fraud, unauthorized transactions, claims and other liabilities, violations of our Terms of Service and Acceptable Use Policy, and managing risk exposure, including by identifying potential hackers and other unauthorized users.
  1. Marketing and Advertising
    1. Based on your consent for marketing purposes or agreement to participate in customer surveys, you can withdraw your consent at any time.
    2. We process information collected through cookies, such as location data, IP address, and content viewed on our website, for marketing purposes. You can manage or disable cookies at any time by adjusting your browser settings.
  1. Research and Development
    1. Analyzing the use of the Site or services.
    2. For data analytics including research on usage patterns, product development, online site customization, customer habits, or other analyses.
    3. Registrar Corp. utilizes third party tracking software provided by Google Analytics, Bing, Hotjar, Baidu, and Pendo.io.

Under the General Data Protection Regulation (“GDPR”), we only process personal data when there is a legal basis for doing so. For the data processing described in this policy, we rely on the following legal grounds:

  1. Performance of a Contract: The data processing is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract.
  2. Consent: When we rely on this basis, you have given consent for the processing of your personal data for one or more specific purposes. Where we process data based on your consent, you have the right to withdraw consent for processing at any time. This election will be effective going forward but will not affect the lawfulness of processing based on consent before its withdrawal.
  3. Substantial public interest: Processing of personal data is necessary for performance of a task carried out in the public interest or in the exercise of official authority vested in Registrar Corp.
  4. Protect Vital Interest: Processing personal data is necessary to protect your vital interest or the vital interests of another person.
  5. Compliance with a Legal Obligation: We are obliged to process the relevant personal data to comply with the law.
  6. Legitimate Interests: Processing personal data is necessary in pursuit of our own or your legitimate interests. When we do this, we must ensure that the interests we pursue do not override your fundamental rights and freedoms. Specifically, the only processing that is solely justified by Legitimate Interests is processing required to improve our services.

C. Cookies and Third-Party Technologies

Cookies are small text files that a website transfers to a customer’s hard drive or web browser and that are used to track user preferences. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.

Registrar Corp. uses cookies to collect anonymous traffic data including browser information, device information, and language information to help analyze site usage and improve user experience. These cookies do not provide Registrar Corp with personally identifiable information. Registrar Corp. uses the third party services Google Analytics, Bing, Hotjar, Baidu, and Pendo.io to help understand traffic on our Site and track information for statistical purposes.

You can accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser settings to disable cookies if you prefer (check your browser’s Help page). If you choose to decline cookies, you may not be able to experience all the features of the Website and Services. For more information on how to manage or restrict the use of cookies and to opt out of all interest-based advertising, please visit the Network Advertising Initiative or Your Ad Choices. For End Users located in European Territories, visit the EDAA opt-out page here: https://youronlinechoices.eu/

D. Data Sharing and Disclosure

To provide, maintain, improve, secure, and promote our Services, Registrar Corp. needs to disclose certain personal data to third parties. We do not license or sell your personal data to third parties, including advertisers, without your consent.

Disclosures are made to the following third parties:

  1. General Public
    1. Questions or comments from users submitted through public channels such as social media pages may be viewable by the public, including any data included in the question or comment submitted by the user.
  1. Service providers We disclose your personal data to third party service providers whom we engage to perform services for us. These companies are bound by contractual obligations to keep personal data confidential and use the data only for the purposes for which it has been disclosed to them. These service providers include:
    1. Information Technology Service Providers: We engage information technology service providers to help service our platform, facilitate the functioning of the platform and our services, troubleshoot and resolve issues, secure the platform, and prevent fraud and abuse. The categories of personal data we share with our information technology service providers are identifiers, profile information, user account information, commercial information, shared content, device type information, internet activity, and sensitive information.
    2. Analytics or Marketing Service Providers: We engage analytics or marketing service providers to help us analyze traffic, purchases, and usage patterns for the purpose of helping us understand our users so that we develop products, customize our online platform, engage in targeted marketing, and market and administer surveys and promotions. The categories of personal data we share with our analytics or marketing service providers are identifiers, device type information, internet or other electronic network activity, and social media information.
    3. Payment Processors: We engage payment card service providers to collect and process payment card data for purchases made on our sites. This data is collected directly by our payment processing partners, but Registrar Corp. itself does not store full credit card numbers or card authentication data. The categories of personal data we share with our payment card service providers are identifiers and financial information.
  1. Government and Law Enforcement:
    1. We disclose any and all categories of personal data as required by a court order or any other legal or regulatory requirement, including in response to requests from public and government authorities, or to protect our rights, privacy, safety, or property as necessary if we believe that there has been a violation of our terms of use or of our rights or the rights of any third party.
  1. Successors:
    1. In the event of a sale, merger, consolidation, change in control, transfer of substantial assets, reorganization, or liquidation, we may transfer, sell, or assign to third parties information concerning your relationship with us, including, without limitation, any and all categories of personal data that we have collected about you in accordance with applicable law. We also may disclose this information in connection with the due diligence for any such transaction. Any acquirer or successor may continue to use your data as set forth in this Privacy Notice.
  1. With User’s Consent
    1. Registrar Corp. may share a user’s data other than as included in this Policy only after notification to the user and consent by the user to share the information.
  1. International Data Transfers
    1. The Site is controlled and operated by us from the United States and is not intended to subject Registrar Corp. to the laws or jurisdiction of any state, country, or territory other than that of the United States. Registrar Corp. operates at a global level and therefore personal data may need to be transferred to countries outside of where it was originally collected. In such a case, Registrar Corp. only makes such cross-border transfers according to applicable laws.

E. Data Retention and Deletion

  1. In accordance with applicable data protection laws, we do not store your personal data for longer than needed for the purposes of the respective processing activity.
  2. At the appropriate time, Registrar Corp. will take all reasonable steps to destroy your personal data in a safe manner.
  3. You always have the right to implement a customizable retention policy that will delete data routinely based on your specific deletion request.
  4. Registrar Corp. may retain personal data after a user’s deletion request if retention of the data is necessary to comply with legal requirements or due to issues related to a user’s account.

F. Data Protection

  1. We take reasonable measures to protect personal data from accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, or misuse.
  2. We strive to comply with the controls set forth in applicable data protection laws.
  3. Registrar Corp. has implemented appropriate technical and organizational safeguards to protect your data including compliance with ISO/IEC 27001 Information Security Management Systems (ISMS).
  4. Unfortunately, no method of transmission over the Internet or method of electronic storage is 100% secure. As a result, while we will strive to protect your personal data, we cannot and do not guarantee or warrant the absolute security of any of your personal data. We will not be and are not liable for disclosures of your personal data due to errors in transmission, networks that we do not control, nor unauthorized acts of third parties.
  5. In the event that we are required by law to inform you of any unauthorized access to your personal data, we may notify you electronically or in writing in accordance with applicable laws.

III. Choice and Transparency

A. Below is a summary of rights for those individuals in the United States:

  1. Data Access
    1. You may request the following information relating to our collection, use, and disclosure of your personal data during the past 12 months:
      1. The categories and specific pieces of personal data we have collected, sold, shared, or disclosed for a business purpose;
      2. The categories of sources from which we collected the data;
      3. The business or commercial purpose(s) for collecting, selling, or sharing the data, and
      4. The categories of third parties to whom we disclosed, sold, or shared your data (as applicable).
  1. Portability
    1. You have the right, upon request, to obtain a copy of your personal information from us by mail or electronically without charge and in a readily usable format.
  1. Correction
    1. You may request that we correct inaccurate information about you.
  1. Deletion
    1. You may request that we delete your account and personal data.
  1. Opt-out of Sales and Sharing
    1. Registrar Corp. requires users to opt-in to having their data collected, processed, and stored. This opt-in requirement is required under the GDPR and is more restrictive that the opt-out method required in the United States. The Opt-In method allows you, the user, to make the initial choice regarding whether you agree to having your data processed. Should you later choose you no longer consent to these activities, you have the right to later direct Registrar Corp. not to sell or share your personal information. A link to an opt-out page on our website is available here.
      1. “Sale” refers to the disclosure of personal information to a third party in exchange for money or other value.
      2. “Share” refers to the disclosure of personal information to a third party for purposes of targeted advertising.
  1. Limit the Use and Disclosure
    1. You may request that we limit our use of your sensitive personal information to uses that are:
      1. Necessary to perform or provide the goods reasonably expected by an average consumer who requests those goods or services.
      2. Necessary for business purposes.
      3. Authorized by law.
  1. No Discrimination or Retaliation
    1. You have the right not to be discriminated against or retaliated against for exercising these rights.

B. Below is a summary of rights for those individuals subject to the GDPR:

  1. Right of Access
    1. You can request access to the personal data we hold about you, including:
      1. The categories of data we process.
      2. The purposes of the data processing.
      3. The period during which we retain that data.
      4. Third parties to which we disclose that data.
      5. Upon request, we can either provide an overview of the data we hold, or we can provide you with a copy of your Personal Data.
  1. Right to Rectification
    1. If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your personal data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
  1. Right to Erasure
    1. You may ask us to erase your personal data in the following circumstances:
      1. in case your personal data is no longer needed for the purposes for which it was collected.
      2. if you have withdrawn your consent and there is no other legal basis for the processing of your personal data.
      3. if you have filed an objection to our processing of certain of your personal data and there are no overriding legitimate reasons for continued processing such personal data.
      4. if your personal data is being processed unlawfully.
      5. if your personal data must be deleted to fulfil a legal obligation.
      6. If we share your personal data with others, we will alert them to the need for erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data with so you can contact them directly.
  1. Right to Restrict Processing
    1. You may ask us to restrict or ‘block’ the processing of your personal data in the following circumstances:
      1. we processed or will process inaccurate personal data.
      2. we processed your personal data unlawfully.
      3. we don’t need to process your personal data, but we need to keep it to allow you to establish, exercise, or defend a legal claim.
      4. you exercised your right to object processing, but we are still validating your request.
    2. We will tell you before we lift any restriction on processing. If we shared your personal data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
  1. Right to Data Portability
    1. You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you where we process that personal data in an automated way. We will give you your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  1. Right to Object
    1. You may ask us at any time to stop processing your personal data, and we will do so if we are relying on a legitimate interest to process your personal data — unless we demonstrate compelling legitimate grounds for the processing.
    2. If your objection is related to receiving marketing communications or our newsletter, please hit the unsubscribe link on the communication you no longer wish to receive.
  1. Rights in relation to automated decision-making and profiling
    1. You have the right to be free from decisions based solely on automated processing of your personal data, including profiling, unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use. Registrar Corp. does not perform automated decision-making.
  1. Right to Withdraw Consent
    1. If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.

C. Exercising Users’ Rights

  1. Users can exercise their rights by submitting a personal data request or erasure request here, via email at [email protected], or by calling the toll-free telephone number: +1-800-926-5086
  1. Only you or an authorized agent acting on your behalf may make a request related to your personal data. We may need to verify your identity (and if applicable, your agent’s authority to make the request on your behalf) before we are able to process your request. We will ask you to provide certain information to verify your identity: name, e-mail address, and telephone number. If you have an authorized agent who makes the request, then (i) we need proof that you have provided the agent with power of attorney; or (ii) you must provide the agent with signed permission to submit a request to know or delete; you must verify your identity directly with us; or you must confirm with us that you provided the authorized agent permission to submit the request. During the verification process, we will try to match the information you provided against known information in our databases. If we still need additional information, we also may contact you or your authorized agent by e-mail or telephone number to ask you additional questions about the products or services you purchased or your last order with us, so that we can match your identity with the personal data we have about you. In some instances, we may ask you to declare under penalty of perjury that you are the consumer whose personal information is the subject of the request.
    1. If we cannot verify your identity or sufficiently differentiate you from another consumer or cannot confirm an agent’s authority to act on your behalf, we are not required to fulfill your request.
  1. We will respond within 30 days of receiving a personal information request.

IV. Privacy of Minors

Registrar Corp. does not provide services designed for use by children under the age of 18, nor does it knowingly collect or solicit personal data from anyone under the age of 18. If we learn that we have collected such information, we will delete that information as quickly as possible. If you believe that a child under 18 has provided us Personal Data, please contact us at [email protected].

V. Updates

We may occasionally update this Notice. Use of services after an update constitutes consent to the updated notice to the extent permitted by law.. If the Privacy Policy changes in a way that significantly affects how we handle personal data, we will not use the personal data we previously gathered in the manner described in the new policy without providing notice and/or obtaining your consent, as appropriate. Minor changes to the policy may occur that will not significantly affect our use of personal data without notice or consent. Registrar Corp. encourages you to periodically review this Policy for the latest information regarding our privacy practices.

VI. Region Specific Provisions

A. GDPR – General Data Protection Regulation (EU)

  1. Registrar Corp. believes that the GDPR provides the gold standard for personal data protection and therefore has based its entire privacy policy on the premise that all users should be afforded the rights guaranteed by the GDPR. As such, many of the specific provisions of the GDPR are covered in the main privacy policy.
  2. Under the GDPR and when processing your data, Registrar Corp. will act as either a processor (or sub-processor, as applicable) or a controller, depending on the purpose for the data processing. While processing Personal Data for the provision of Registrar Corp.’s Services, Registrar Corp.’s Customer is the Controller (or a Processor processing Personal Data on behalf of a third-party Controller), and Registrar Corp. is a Processor (or sub-Processor, as applicable). In this case, the end-user of the service is the data subject.
  3. As Processor, Registrar Corp. will comply with the instructions contained in this document, in the Registrar Corp. Terms of Service, and in any agreements between you and Registrar Corp., or other instructions that you provide later.
  4. As Controller, Registrar Corp. will use, with your consent, your Personal Data for improving our services.
  5. Registrar Corp. ensures that the collection, use, and retention of Personal Data transferred from the European Union, Switzerland, and the United Kingdom to the United States is authorized via a suitable legal vehicle, such as the relevant Standard Contractual Clauses.
  6. As noted in the Section titled “Choice and Transparency” above, you have a right to access your data, correct or remove it, or completely withdraw your consent for processing it at any time. Such requests may be submitted here. The withdrawal of a consent does not affect the lawfulness of processing based on consent before its withdrawal.
  7. Registrar Corp. maintains a record of the processing activities it carries out in the course of using personal data to deliver its services, and it will provide this report (Art. 30 “Record of Processing Activities”) to supervisory authorities upon written demand.
  8. If you have questions about our Privacy Policy or data practices, you may contact Registrar Corp.’s Data Protection Officer (DPO), Philip Edge, at [email protected]. You also have the right to lodge a complaint with the national supervisory authority of your residence, place of work, or where you believe an infringement of your GDPR rights may have occurred.

B. CCPA/CPRA – California Consumer Protection Act / California Privacy Rights Act

  1. The California Consumer Privacy Act of 2018 (“CCPA”) and the subsequent California Privacy Rights Act (“CPRA”) requires businesses that collect personal data of California residents to make certain disclosures regarding how they collect, use and disclose such information. This CCPA/CPRA-specific section addresses those requirements.
  2. Personal Data Collection and Sharing: Registrar Corp. collects the Personal Data as set forth in the Section titled “When and How Registrar Corp. Collects Personal Data” of the Privacy Policy. For the purposes of the CCPA/CPRA, the term “Personal Data” means “Personal Data,” as defined in the CCPA. For purposes of CCPA/CPRA, we collect the following categories of Personal Data from you when you Interact with us and we share that Personal Data for a business purpose as follows:
    1. You can find the types of Personal Data we collect about you in the Section titled “The Information We Collect” of the Privacy Policy, but since California regulations have specific terms, please find below the correct applicable terms:
      1. Identifiers (e.g., unique personal identifiers)
      2. Any categories of Personal Data described in subdivision (e) of Section 1798.80. (e.g., name, address, telephone number, passport number, employment history, bank account number, etc.)
      3. Characteristics of protected classifications under California or federal law (e.g., gender, marital status)
      4. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding the interaction with the website, applications, or advertisements (e.g. email conversations).
      5. Geolocation data (e.g., your location).
      6. Professional or employment-related information.
    2. Sources and Uses of Personal Data: The sources from which we collect Personal Data are described in the Section titled “The Information We Collect” of the Privacy Policy.
    3. Purposes and Uses for Collecting Personal Data: We collect Personal Data identified in the list above to communicate with you, for marketing and promotional purposes, and to provide and improve our services and other purposes set forth in the Section titled “How We Use Personal Information” of the Privacy Policy.
  3. Subprocessors. Our subprocessors have privacy and security practices in place to ensure compliance with the CCPA and have contractual requirements to protect the privacy and security of the personal data that they sub-process. As described in the Section titled “How We Use Personal Information” of the Privacy Policy, we share some personal data with these sub-processors to help us provide, manage, secure, and improve the Services we provide. A current list of our third party sub-processors is available here.
  4. Sale or Sharing of Personal Data. In this context, the word “sale” means any “selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating orally, in writing, or by electronic means, a consumer’s Personal Data by the business to another business or a third party, for monetary or other valuable consideration.” Similarly, the word “share” means the disclosure of Personal Data “for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.”
  5. Registrar Corp. does not sell or share your Personal Data as those terms are defined under California law. Registrar Corp. will only disclose your Personal Data as detailed in this Privacy Policy.
  6. California Consumer Rights: California law gives California residents the right to make the following requests with regard to certain information we collect about them, at no charge, two times every 12 months.
    1. Disclosure Right. The right to request disclosure of Registrar Corp.’s data collection and sales practices, including categories of information we have collected, the source of the information, our use of the information and, if the information was disclosed or sold to third parties, the categories of Personal Data disclosed or sold to third-parties and the categories of third-parties to whom such information was disclosed or sold.
    2. Copy Right. The right to request a copy of the specific Personal Data we collected about you in the past 12 months.
    3. Deletion Right. The right to request deletion of Personal Data we have collected, subject to certain exemptions (for example, where the information is used by us to detect security incidents, debugging or to comply with a legal obligation, and where the Personal Data is being used on an anonymized and aggregated basis consistent with the requirements of the CCPA/CPRA).
    4. Opt-out Right. The right to opt-out of the sale or sharing of your Personal Data, if applicable. However, Registrar Corp. strictly does not sell or share, as defined by the CCPA and the CPRA, as applicable, your Personal Data.
    5. Non-discrimination Right. The right not to be discriminated against when exercising any of these rights.
    6. Exercising Your Rights: You may exercise those rights by submitting a request through any of the methods listed above for the GDPR rights. Following the submission of your request, Registrar Corp. will verify your identity and respond to you within 30 days of receipt of the request. When you update information, we may maintain a copy of the unrevised information in our records. Registrar Corp. does not and will not discriminate against you for exercising your rights under the CCPA/CPRA.
  7. Appealing Registrar Corp.’s Decision
    1. If Registrar Corp. declines to take action on your request as permitted by law, Registrar Corp. will provide you with a written explanation of the reasons for our decision within 30 days of receipt of the request, or as otherwise permitted by law.
    2. Users are permitted the opportunity to appeal such decision. Instructions on how to appeal the decision will be included in the letter providing justification for its decision not to act on the user’s request.