RTR’s Customer Privacy Policy

Information is the cornerstone of our ability to provide superior service. RTR’s most important asset is our customer’s trust. It is RTR’s top priority to keep customer information secure, and to use it only as our customers would want us to.

RTR will safeguard any information collected according to industry best practices, ethical guidelines, legal and regulatory requirements, and our obligations with our customers.

Data Collection and classification

RTR collects the minimum amount of data from and on behalf of our customers and vendors for the purpose of providing services, the sale of assets, and general business operations. This typically includes, but is not limited to:

Personally Identifiable Information PII:

Contact information such as names, addresses, phone numbers, email addresses, organization name, title/position.

History of communications, such as recordings of phones calls, emails, and text messages made with RTR employees.

Information on communication consent such as opt-in/out of SMS.

Information provided to us related to the request for services such as commercial lease numbers, lease contacts, titles, agreements between our customers and their customers, and identification of related assets. Sales information such as offers to purchase an asset, billing information, funding sources and information, shipping information.

Security and compliance information:

Information required to provide secure communications and access to RTR systems, such as login and authentication information for our website, IP Addresses, and machine IDs for devices using our web services for logging and security purposes. Information collected to assess the risk associated with a party or troubleshoot issues with access to RTR systems.

Privacy protections

RTR will keep security controls such as firewalls, anti-virus, encryption, regular security audits, and adherence to industry best practices to protect this data.

We will train our employees on the handling of sensitive data. We will comply with applicable government regulations, such as the TCPA Telephone Consumer Protection Act and OCPA Oregon Consumer Protection Act.

Data collection limits

We will limit the collection and use of customer information to the minimum we require to deliver service. RTR does not collect HIPPA Health Insurance portability and accountability act or PCI Payment Card Industry Data protected information. If data collected outside of the scope of our collection policies is found, we will notify the effected parties and delete the data from our systems.

Data Ownership

RTR acknowledges the ownership of data collected on any party. RTR will act as a custodian of this data, protecting and managing it under the same standards as RTR’s data.

3rd party’s data collected

RTR may collect a 3rd party’s data on behalf of the customer through external means or from information provided by the customer. This data will be shared with the customer only to the extent the customer is legally entitled to, even if the data is collected on behalf of the customer.

Data Sharing

RTR will share customer PII with vendors when specifically authorized by the customer to perform the services we offer.

If RTR collects another party’s data on behalf of the customer, we will share that data to the extent that the customer is legally entitled to.

RTR will share PII with the customer if the data is collected on behalf of, to the extent that the customer is legally entitled to. If any Information is collected beyond this, it will not be shared with the customer.

RTR may share PII, specifically contact information, with established vendors specifically for the purposes of providing the requested and agreed upon services.

RTR’s Vendors used for technical purposes may be given access to environments containing this data after having signed a Service Level Agreement requiring them to conform to our privacy standards. RTR vets our vendors before providing access to any sensitive data.

RTR may provide PII to vendors for the purposes of credit and risk management, when legally authorized too.

RTR does not share PII or any other protected data beyond what is disclosed above. RTR does not sell or train AI on PII or any other protected data.

Data requests

RTR will attempt to keep customer files complete, up to date, and accurate. Any customer can request a copy of what personal or organizational information RTR has stored on its company systems via e- mail at info@rtrservices.com or mail. Customers may request that we remove or correct this data, and we will adhere to legal requirements in doing so.

Text Message Terms and Conditions

RTR Services engages in one-on-one conversational SMS/MMS messaging with vendors, clients, and authorized customer contacts for the purpose of coordinating services related to asset storage, inspection, repair, transportation, recovery, resale, and related operational activities performed on behalf of our clients.

Messages may include service scheduling, coordination instructions, status updates, account-related notifications, billing-related inquiries, and links to RTR Services resources. Messaging is conversational in nature and used to support active service engagements. Messages do not include PCI or HIPAA-protected information.

RTR Services will not send SMS/MMS messages before obtaining and documenting express consent.

Message frequency varies based on the number of active service engagements. Message and data Rates may apply.

Recipients may opt-out at any time by replying STOP and may request assistance by replying HELP.

Consent and Opt-In

RTR Services obtains prior consent to send SMS/MMS messages. At the time consent is obtained, individuals are informed of the nature of messaging, that message frequency may vary, that message and data rates may apply, and that they may Opt-Out at any time by replying STOP, or request assistance by replying HELP.

Consent is obtained through one or more of the following ways:

- Signed service agreements between RTR Services and vendors or clients that explicitly authorize SMS/MMS communication regarding services.

- Signed agreements between our clients and their customers that include authorization for delegated communication by RTR Services.

- Accepted Terms and Services agreement by checking a box when a client submits a web form on our website for service.

- Checked box on a web form provided to an applicant on a job board, on RTR Services Website, or provided in a link via email where the box is unchecked by default.

- Verbally or by email when contacted by a Buyer expressing interest in an asset advertised by RTR services.

- Verbally or by email when contacting a Vendor advertising their services for engaging in business with that vendor.

- Implied consent, such as the public advertisement of a vendor’s number for the purpose of providing services. (Which would be followed up with a request for consent via Opt-In message).

- Replying START, to an Opt-In message sent when consent has been previously obtained for contact but is not sufficient for ongoing SMS/MMS messages.

Opt-in and Opt-Out Handling

Our Opt-In Message will be as follows:

“Hello, this is RTR Services requesting consent to message you. Text START to agree to receive Texts from us regarding our assets or services. Message and data rates apply, frequency may vary. Text STOP at any time to stop receiving messages. Text HELP for more information.”

If we receive an opt-out message, we will return a scripted message confirming that we have received the Opt-Out request and logged the event in our systems. That message will be as follows:

“You have opted out of Text messages; you will not receive any further messages from RTR Services.”

If the keyword “HELP” is used, the following message will be sent:

“Thank you for contacting RTR Services. Visit our website at rtrservices.com for our privacy statement. You can contact us at info@rtrservices.com for more information.”

Data Handling

RTR Services does not sell or share consent, Opt-In, or Opt-Out data with unaffiliated third parties for marketing purposes. Consent records, opt-in, and opt-out events are securely stored for compliance and auditing purposes and may be disclosed only where required by law. RTR Services honors all Opt-Out and help requests.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties