Effective on: April 28, 2023

Last updated on: November 6, 2024

Privacy Summary

 OUR CONTACT INFORMATION
Production Resource Group, L.L.C.
Address: Attn: Legal – Privacy, 539 Temple Hill Rd, New Windsor, NY 12553
Phone number: 1-800-237-0860
Email address: dataprivacy@prg.com
Contact details of our Data Protection Officer: click here.
Identity and contact details of the Representative in the EU: click here.
Identity and contact details of the Representative in the UK: click here.

GENERAL INFORMATION

 

Do we collect Personal Data?                                                                                                                                                                                                                                                       

YES
Some categories include the personal and contact information of our users; information related to the commercial activities of our users; and geolocation data.

Click here to know which categories of Personal Data we collect and how we obtain them.

Do we sell Personal Data?

 NO

TRACKING

Do we use cookies or similar tracking technologies on our websites?

YES
Please read our cookie notice.

Do we track your activities in other websites?

YES
Please read our cookie notice.

PRIVACY RIGHTS

Can you request to receive a copy of the Personal Data we have collected about you?

YES
Click here to learn how.

Can you withdraw your consent to our processing of your Personal Data?

YES
Click here to learn how.

Can you request to have your data deleted?

YES
Click here to learn how.

Do we discriminate you for exercising your privacy rights?

NO
Click here to learn more about your right not to be discriminated.

Do we offer you financial incentives for your Personal Data?

 NO

SECURITY

Do we protect your Personal Data?

YES
Click here to learn more about how we protect your Personal Data.


Introduction

Production Resource Group, L.L.C. and all affiliates listed below under “Entities Covered by This Privacy Notice” (collectively “PRG”, “we”, “us”, “our”) take the protection of personal data (“Personal Data”) very seriously. Please read this privacy notice (the “Notice”) to learn what we are doing with your Personal Data, how we protect it, and what privacy rights you may have under applicable data protection and privacy laws, such as each of the European Union and United Kingdom General Data Protection Regulation (collectively, the “GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”).

What Is Covered by this Privacy Notice?

This Notice addresses data subjects (which includes both individuals and households) whose Personal Data we collect directly through our websites; receive from our business partners; or process to promote our products and services.

What Is Not Covered by this Privacy Notice?

Customer Personal Data

This Notice does not address data subjects (which includes both individuals and households) of our customers whose Personal Data we may receive from our customers (“Customers”) (other than B2B data pursuant to any services agreement entered into between PRG and our Customers, which personal data is accounted for further in this Notice) pursuant to any services we render to our Customers (collectively, the “Services”). In these cases, we do not decide why or how that Personal Data will be processed. Our Customers use our platform to store and process their own customers’ Personal Data. In these cases, we act only as a storage and service provider. We do not decide what Personal Data is being stored, and in general we will only access such Personal Data at our Customer’s request in connection with Customer support or account administration matters. We will only access Personal Data to provide the Services that our Customer has directed us to provide, or if we are required to do so by law.

When you give your data to one of our Customers or when we collect your Personal Data on their behalf, our Customer’s privacy notice, rather than this Notice, will apply to our processing of your Personal Data. If you have a direct relationship with one of our Customers, please contact them to exercise your privacy rights.

Human Resources Personal Data

This Notice does not apply to the Personal Data of employees, job applicants, contractors, business owners, directors, officers, and medical staff of PRG.

Information Which Does Not Constitute Personal Data

If we do not maintain information in a manner that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual or household, such information is not considered Personal Data and this Policy will not apply to our processing of that information.

What Can You Find in this Notice?

This Notice tells you, among other things:

Our Role With Respect to Your Personal Data

Within the scope of this Notice, PRG acts as a data controller or “business” for the Personal Data we process. This means that we decide how and why Personal Data is collected and further processed.

Entities Covered by this Privacy Notice

This Notice covers PRG and the following affiliate entities (the “Affiliates”):

We must have a valid reason to use your Personal Data. This is called the "lawful basis for processing".

We may process your Personal Data on the basis of:

When we rely on legitimate interests as a lawful basis of processing, you have the right to ask us more about how we decided to choose this legal basis. To do so, please use the contact details provided here.

Where we process your Personal Data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect the validity of our processing of Personal Data performed on other lawful grounds.

Where we receive your Personal Data as part of providing our Services to you to fulfill a contract, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to provide the Services to you.

What Personal Data We Process and How We Obtain It

The table below describes the categories of Personal Data we have collected about you in the last twelve months.

Personal Data We Collect, Process, or Store

How We Obtain It 

Identifiers and User Information

Information about our users, such as full name, alias, mailing address, billing address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.

Collected directly from our users, such as through users completing a contact form; and collected automatically from our users, such as through our IT systems or anonymous identifiers when users visit our websites.

Special categories of Personal Data

Information about our users, such as a mailing address, billing address, telephone number, employment, and employment history, bank account number, credit card number, debit card number, or any other financial information. Some Personal Data included in this category may overlap with other categories.

Collected directly from our users, such as through users completing a contact form. 

Commercial Information

Our users’ records of products, or Services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Collected directly from our users, such as through users completing a contact form; and collected automatically from our users, such as through our IT systems or anonymous identifiers when users visit our websites.                                                                                                                                                                        

 

Internet or other similar network activity

Information about our users’ browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

Collected automatically from our users, such as through our IT systems or anonymous identifiers when users visit our websites.

 

Geolocation data

Our users’ approximate physical location or movements.

Collected automatically from our users, such as through our IT systems or anonymous identifiers when users visit our websites. 

We will not collect additional categories of Personal Data without informing you.

Cookies

A “cookie” is a small file stored on your device that contains information about your device. We may use cookies to provide basic relevant ads, website functionality, authentication (session management), usage analytics (web analytics), to remember your settings, and to generally improve our websites and Services.

We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser, but always have an expiration date. Most of the cookies placed on your device through our websites are first-party cookies which are placed directly by us. Other parties, such as Google, may also set their own (third-party) cookies through our websites. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.

If you would prefer not to accept cookies, you can change the setup of your browser to reject all or some cookies. Note, if you reject certain cookies, you may not be able to use all features of our websites. For more information, please visit https://www.aboutcookies.org/.

Responses to Opt-Out Signals

You may also configure your browser or install a plugin to send a Do Not Track (DNT) signal or Global Privacy Control (GPC) signal. For more information, please visit https://allaboutdnt.com/ and https://globalprivacycontrol.org/. We have set up the OneTrust cookie management consent tool to respect your DNT and GPC signals on prg.com. However, please note that the technology to detect whether a website honors DNT and GPC signals does not always work as intended.

For more information about our use of cookies, please see our cookie notice.

For What Purposes Do We Use Your Personal Data?

We may process your Personal Data for the following purposes:

How Long We Keep Your Personal Data

We will retain your Personal Data for as long as is necessary to fulfill the purpose for which we collected your Personal Data and any other permitted linked purpose and in compliance with our data retention policies. For example, we will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Generally, we retain usage data for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods.

If your Personal Data is used for more than one purpose, we will retain it until the purpose with the longest retention period expires; but we will stop using it for the purpose with a shorter retention period once that period expires. Our retention periods are also based on our business needs and good practice.

Your Personal Data may need to be retained in our backup systems and will only be deleted or overwritten at a later time, our backup schedules vary by system and the nature of the data. This may be the case even when you or a Supervisory Authority has validly asked us to delete your Personal Data or when we no longer have a legal basis for processing such Personal Data. Please note that our backups are protected, and we have implemented a system to remind us to delete the data again when we restore a backup to production systems.

Sharing Personal Data with Third Parties

The following table describes, in the last twelve months, the categories of information we have disclosed to third parties for business purposes, and the categories of those third parties.

 

Personal Data Disclosed for Business Purposes? 

Personal Data Sold?

 Category 

Yes or No? 

 Categories of Third Parties Receiving Personal Data

 Yes or No?

Identifiers and User Information                

 

YES                                         

● The PRG family of companies, including the Affiliates;
● Our service providers, such as credit card processors;
● Our business partners, such as freight companies;
● Our advisors, such as lawyers, accountants, auditors; and
● Other third parties as required to comply with legal and regulatory obligations.

NO

Special categories of personal information   

YES

● The PRG family of companies, including the Affiliates;
● Our service providers, such as credit card processors; and
● Our business partners, such as freight companies.

NO

Commercial information 

YES

● The PRG family of companies, including the Affiliates; and
● Our service providers, such as Customer service providers.

NO

Internet or similar network activity

YES 

● The PRG family of companies, including the Affiliates; and
● Our service providers, such as internet service providers and web analytics providers.

NO 

Geolocation data

YES

● The PRG family of companies, including the Affiliates; and
● Our service providers, such as Customer service providers and project management tool providers.

NO

Professional or employment-related information

YES

● The PRG family of companies, including the Affiliates; and
● Our service providers, such as Customer service providers.

NO 

International Transfers of Your Personal Data

We are a global company headquartered in the U.S., and our Affiliates, service providers and other third parties with whom we share Personal Data also operate globally. When you use our Services and websites, certain third parties may collect Personal Data about your online activities over time and across different websites or online Services. Please refer to the privacy notices of these third parties to learn more about the way in which they collect and process information about you.

Transfers of Your Personal Data: Europe

When your Personal Data is safeguarded by the EU or UK GDPR, or Swiss data protection law, before sending it to parties outside of the European Economic Area (“EEA”) , the UK, or Switzerland, we will do one of two things:

In some cases, the authorities of a country may have determined that the laws of other countries, territories or sectors within a country provide a level of protection equivalent to domestic law. You can see here the list of countries, territories and specified sectors that the European Commission recognized as providing an adequate level of protection for personal data; here the list of the UK; and here the list of Switzerland.

We will only transfer your Personal Data to third parties in countries not recognized as providing an adequate level of protection to personal data when there are appropriate safeguards in place. These safeguards may include the Standard Contractual Clauses as approved by the European Commission under Article 46.2 of the GDPR

When you use our Services and websites, certain third parties may collect Personal Data about your online activities over time and across different websites or online Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.

Other Disclosures of Your Personal Data

We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.

We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to the Affiliates, but only if necessary for business purposes, as described in the section above.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and Customers.

What Privacy Rights Do You Have?

You have specific rights regarding your Personal Data that we collect and process. Please note that you can only exercise these rights with respect to Personal Data that we process about you when we act as a data controller or as a “business” under the CCPA.

In this section, we first describe those rights and then we explain how you can exercise them.

Right to Know What Happens to Your Personal Data

This is called the right to be informed. It means that you have the right to obtain from us all information regarding our data processing activities that concern you, such as how we collect and use your Personal Data, how long we will keep it, and who it will be shared with, among other things.

We are informing you of how we process your Personal Data with this Notice.

We will always try to inform you about how we process your Personal Data. However, if we do not collect the Personal Data directly from you, the GDPR exempts us from the obligation to inform you (i) when providing the information is either impossible or unreasonably expensive; (ii) the gathering and/or transmission is required by law, or if (iii) the Personal Data must remain confidential due to professional secrecy or other statutory secrecy obligations.

Right to Know What Personal Data PRG Has About You

This is called the right of access. This right allows you to (1) get confirmation of whether we process Personal Data about you (2) ask for full details of the Personal Data we hold about you and certain related information; and (3) get a copy or access to the Personal Data.

Once we receive and confirm that the request came from you or your authorized agent, we will disclose to you information required under applicable legislation or regulations, which may include

Under some circumstances, we may deny your access request. In that event, we will respond to you with the reason for the denial.

The CCPA does not allow us to disclose Social Security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific numbers, passwords etc. to you for security and legal reasons.

Right to Change Your Personal Data

This is called the right to rectification. It gives you the right to ask us to correct without undue delay anything that you think is wrong with the Personal Data we have on file about you, and to complete any incomplete Personal Data.

If your account settings do not allow you to change the information yourself, please contact us and we will do our best to change the Personal Data for you.

Right to Delete Your Personal Data

This is called the right to erasure, right to deletion, or the right to be forgotten. This right means you can ask for your Personal Data to be deleted. You can request deletion by sending an email to dataprivacy@prg.com.

Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit how we use it. We will also inform you of our reason for denying your deletion request.

Right to Ask Us to Limit How We Process Your Personal Data

This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain instances, such as where you believe the data is inaccurate or the processing activity is unlawful.

Right to Ask Us to Stop Using Your Personal Data

This is called the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). You may also object at any time to the processing of your Personal Data for direct marketing purposes (i.e. request to unsubscribe from marketing communication).

We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.

Right to Port or Move Your Personal Data

This is called the right to data portability. It is the right to ask for and receive a portable copy of your Personal Data that you have given us or that you have generated by using our Services, so that you can:

We will provide your Personal Data in a structured, commonly used, and machine readable format. When you request this information electronically, we will provide you a copy in electronic format.

Right Related to Automated Decision Making

We sometimes use computers to study your Personal Data. We might use this Personal Data so we know how you use our Services. For decisions that may seriously impact you, you have the right not to be subject to automatic decision making, including profiling. But in those cases, we will always explain to you when we might do this, why it is happening and the effect.

To learn more about how to turn off personalized advertising, and how to change your cookie settings please see the ‘Cookies’ section of this Notice, as well as our cookie notice.

Right to Withdraw Your Consent

Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful.

If you have given consent for your details to be shared with a third party and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:

How Can You Exercise Your Privacy Rights?

To exercise any of the rights described above, please submit a request by either:

1. Calling us at1-800-237-0860

2. Contacting us by email at dataprivacy@prg.com;

3. Writing to us at: Attn: Legal – Privacy, 539 Temple Hill Rd, New Windsor, NY 12553;

4. Filling out our online form at:

- If you are based in the U.S, please submit the form available at https://www.prg.com/en/Legal/GDPR-Form.

  - If you are based outside of the U.S, please submit the form available at https://www.prg.com/en-GB/Meta/GDPR-Form.

Verification of Your Identity

In order to correctly respond to your privacy rights requests, we need to confirm that YOU made the request. Consequently, we may require additional information to confirm that you are who you say you are.

For requests submitted via password-protected accounts, your identity is already verified. For requests sent by other means, we will verify your identity via the following method: we will verify your identity via the same means you use to contact us to make the request, unless you specifically request that we contact you by another means. We will request the minimum amount of information from you required to verify your request and will only request information that we already hold pertaining to you – this is usually your full name, physical address, email address and telephone number.

We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.

Verification of Authority

If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual. When contacting us, please provide us with proof that the individual gave you signed permission to submit this request, a valid power of attorney on behalf of the individual, or proof of parental responsibility or legal guardianship. Alternatively, you may ask the individual to directly contact us by using the contact details above to verify their identity with PRG and confirm with us that they gave you permission to submit this request.

Response Timing and Format of Our Responses

We will confirm the receipt of your request within ten (10) business days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.

Please allow us up to a month to reply to your requests, from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why and the extension period in writing.

If we cannot satisfy a request, we will explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.

We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

Privacy of Children

Our website and Services are not directed at, or intended for use by, children under the age of 13. We do not knowingly collect personal information from children under the age of 13. If you are a parent or guardian and you are aware that any of your children has provided us with personal information without your consent, please contact us with the subject line "COPPA Information request", and we will take steps to remove that information from our servers.

Data Integrity & Security

We are strongly committed to keeping your Personal Data safe. We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect your Personal Data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction. Some of those measures include encryption and redaction and we also have dedicated teams to look after information security and privacy. 

Right to Lodge a Complaint with a Supervisory Authority

If the GDPR applies to our processing of your Personal Data, you have the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your Personal Data.

Specifically, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or the alleged violation of the GDPR.

Changes to this Notice

If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date. By continuing to use our websites and Services after we post any of these changes, you accept the modified Notice.

Contact Us

If you have any questions about this Notice or our processing of your Personal Data, or want to submit a verifiable consumer request, please write to us by email at dataprivacy@prg.com, filling out our online form available at the section “How Can You Exercise Your Privacy Rights” or call at 1-800-237-0860 or by postal mail at:

Production Resource Group, L.L.C.
Attn: Chief Information Officer
539 Temple Hill Rd,
New Windsor,
NY 12553

Please allow up to four weeks for us to reply.

European Union Representative

We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

United Kingdom Representative

We have appointed VeraSafe as our representative in the UK for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or via telephone at: +44 (20) 4532 2003.

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London
SE1 7TL
United Kingdom

Data Protection Officer

We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:

VeraSafe LLC
100 M Street S.E., Suite 600
Washington, D.C.
20003
USA

Email: experts@verasafe.com
Web: https://www.verasafe.com/about-verasafe/contact-us/
Telephone: +1 (617) 398-7067