PRIVACY POLICY

Last updated January 4, 2023

INTRODUCTION

Bison Transport uses Registry Monitoring Insurance Services, Inc. and its parent, subsidiary and affiliated entities (individually referred to herein as “RMIS” or “the Company” or “we” or “us” or “our”) for the purposes set forth on this web site and subject to this Privacy Policy. RMIS created and hosts this web site for Bison Transport and provides its services for Bison Transport through this web site as well as directly at www.rmis.com. Accordingly, this Privacy Policy applies to your use of this web site and any information you submit through this web site or to RMIS through any of its other Sites. For purposes of this web site and the Privacy Policy, Bison Transport would be considered a “Client” (as defined below) and if you are providing your information to RMIS through this web site for our onboarding and/or compliance purposes to consider using you and/or your business’ services, you would be considered a “Provider” (as defined below).

This Privacy Policy applies to information that RMIS collects about you on or through www.rmis.com or one of our other websites, applications or other services from RMIS or that you otherwise provide to us (each referred to herein as a “Site” and collectively, the “Sites”). Sites include Client-branded web sites that RMIS builds and hosts for our Clients that enable provisioning of Provider Personal Information for the purposes set forth below.

THE RMIS SERVICE

RMIS provides tools to capture information to provide onboarding and/or compliance services, which includes Personal Information (as defined below) about our Client’s carriers, vendors and other service providers (“Providers”) to provide compliance data for our Clients by sharing that information with the Providers’ and RMIS’ mutual customers or potential customers (“Client” or “Clients”). This data is used by the Client to determine if the Provider meets the Client’s business rules and requirements for working for the Client and the Client’s customers or clients and partners (“End Users”). This data and the RMIS analysis of the data will be used by the Client to determine if the Provider meets their requirements to provide services to the Client or the applicable End User and for them to conduct business together.

GENERAL

Providers may visit the RMIS Sites to supply their Personal Information to onboard with an RMIS Client via an RMIS provided Site. RMIS may share this information with other RMIS Clients and may also share information with other third parties to conduct the services required by RMIS Clients (such as data validation, credit card processing, email management, or screening). RMIS may also provide the Personal Information to the Client through Client’s software partners via data integration and API’s. Most information captured by RMIS during this process would be considered business to business information that the Provider would need to supply to the Client in order to conduct business. This Privacy Policy describes how we collect such information, how we use it and to whom and under what circumstances we may disclose it. Personal Information may include, but is not limited to, name, postal address, zip or postal code, email address, telephone number, date of birth, payment information, demographic information, profile information, insurance information, W9/W8 data, government data, agreement/contract information, operating areas, diversity data, payment preferences, banking information, certification data, licenses, principals, and other information we may collect or a Provider may choose to provide us, and for purposes of the California Consumer Privacy Act (CCPA), any information that directly or indirectly identifies, describes, relates to, is capable of being associated with, or can reasonably link to a particular consumer or household such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Information”). In some cases, RMIS may capture other personal or professional information as required by a Client to conduct compliance services, such as, but not limited to: information to conduct criminal or OFAC screening, professional license validation, and banking validation. This information is also included in the definition of Personal Information. The Personal Information we collect is stored and/or controlled by Registry Monitoring Insurance Services, Inc. in Westlake Village, California and/or the relevant local corporate affiliate(s) or at RMIS’ cloud provider -- AWS. This Privacy Policy applies solely to information collected at or through the Sites or provided to RMIS by a Provider or collected on our Clients’ behalf. However, we may link to other online destinations, so we advise you carefully review their respective privacy policies. Please be aware that RMIS is not responsible for the contents and the privacy practices of such other sites. As discussed above, the Provider discloses this information to RMIS and RMIS provides this Personal Information to its Clients specifically for the reasons set forth above. Once the Personal Information is passed on to a Client, RMIS assumes no responsibility or liability for what that Client does with the Personal Information; provided that the Client has contractually agreed to use the information for screening and other legitimate and lawful purposes set forth above.

CALIFORNIA PRIVACY RIGHTS

Section 1798.83 of the California Civil Code provides that residents of California can obtain certain information about their personal information (as defined under Section 1798.83(e)(6) of the California Civil Code) that companies have shared with third parties for direct marketing purposes during the preceding calendar year, as well as the identity of those third parties. Personal information, as defined under the California Civil Code, includes, but is not limited to, data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller. To request a copy of your personal information maintained by us, please contact us at privacy@rmis.com. or 800-400-4924.

CATEGORIES OF INFORMATION COLLECTED

The CCPA requires us to disclose the categories of information we have collected in the last 12 months in the way that the CCPA prefers. These categories are meant to include within them the more specific Personal Information set forth elsewhere in this Privacy Policy. In the last 12 months we may have collected and may in the future collect the following categories of information from you:

Identifiers (such as contact information, government IDs, cookies, etc.),

Information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password),

Protected classification information (like race, gender, ethnicity, etc.),

Commercial information,

Internet/electronic activity, geolocation, audio/video data, professional or employment related information

ACCESS TO YOUR PERSONAL INFORMATION AND YOUR RIGHTS

At any point while we are in possession of or processing your Personal Information, you have the following rights:

  • Right of access – you have a right to request disclosure of your Personal Information, and to receive additional details regarding the Personal Information we collect and its use purposes, including any third parties with which we share your Personal Information. You also have the right to request a copy of the information that we hold about you.
  • Right to be forgotten/Have Personal Information deleted – in certain circumstances you can ask for the data we hold about you to be erased from our records and request that we instruct our third party service providers to so the same.
  • Right of portability – in response to a request for disclosure, you have the right to have the Personal Information we hold about you in a readily usable format.
  • Right to Opt-Out – you have the right to opt-out of sales of your Personal Information to third parties. While we do not sell or send Personal Information to online marketers or similar third parties, as discussed above, RMIS’ services necessarily entail providing Personal Information of Providers to our Clients for the purposes described above, and RMIS receives compensation from its Clients for this service. If a Provider opts-out of this, then the Client will likely not consider that Provider as suitable to provide services and will likely not hire that Provider since that is the entire purpose of hiring RMIS to provide its services (i.e., vetting and onboarding the Provider) in the first place.
  • Non-Discrimination - You have the right not to be discriminated against by denying goods or services to you, charging a different price or rate for goods or services, providing a different level or quality of goods or services, or suggesting that we will do any of these things based upon your exercise of any CCPA rights. As discussed above, while RMIS will never refuse to permit you to use RMIS’ services or change the conditions for you to use RMIS services based on exercise of CCPA rights, the very nature of RMIS’ services necessarily entails providing Personal Information of Providers to our Clients for the purposes described above. As discussed, if a Provider opts-out or exercises deletion rights or other relevant CCPA rights, Clients may decide not to hire the Provider or do business with them since the entire purpose of the services is to vet the Provider through the RMIS onboarding process and/or delivery of compliance services.
  • Third parties must also give consumers explicit notice and an opportunity to opt out before re-selling personal information that the third party acquired from another business.

In the event that RMIS has not taken action with respect to a request to exercise any of your rights listed above, we will provide you with a reason as to why. For example, there may be circumstances when we cannot delete data, such as if you have entered into an agreement with us or a Client, we may need to retain a copy of the agreement, or if you provided a W9 for payment purposes, we may need to retain it for tax purposes.

EXERCISING YOUR RIGHTS

To exercise your rights described above, you may submit a verifiable consumer request to us by:

  • Emailing us at privacy@rmis.com
  • Calling us at 800-400-4924

Requests to access Personal Information can only be made twice within a twelve (12) month period. We will respond within forty-five (45) days of receiving a Personal Information request.

SHARING PERSONAL INFORMATION

In the preceding twelve (12) months, we have not sold any Personal Information to third party marketers and have no plans to do so in the future. Our site allows the sharing of information about Providers and their contact information that is otherwise publicly available through other means or voluntarily disclosed by a Provider, but in a user-friendly format, with RMIS’ Clients. By using RMIS services Providers expressly consent to this. While RMIS does not sell or share your Personal Information to third party marketing companies, upon a Client’s request, as part of RMIS’s services, RMIS will provide Personal Information to vendors and service providers of our Clients, including software processing vendors and financial services companies, among others, for purposes of providing services to or on behalf of our Clients (“Client Vendors”).

INFORMATION YOU PROVIDE TO US

RMIS collects Personal Information through the Site at several points.

We (or our service providers) collect information from you when you: (1) register with us on our Sites or otherwise use the services; (2) create a profile with us (the “Profile”), or otherwise sign up for a service or feature; (3) complete a survey or fill out information on our Sites or in response to one of our inquiries or a Client request; (4) communicate with us via third-party social media sites; (5) apply for a job with us; or (6) contact us, or otherwise communicate with us or provide information to us.

When you visit our Sites, we also collect anonymous information such as your IP address or domain name to analyze Site traffic, but this information is not personally identifiable. We will use this information to help diagnose problems with our server, to administer our Sites, or to display the content according to your preferences. Traffic and transaction information may also be shared with business partners and advertisers on an aggregate and anonymous basis.

In some cases, you may provide information to us about another person, such as when you share Site content or use RMIS as a service provider and relay information to RMIS or ask us to inquire about one or more Providers. Examples include when a Provider supplies information to RMIS for a Client or about a Client, when a Provider goes directly on an RMIS Site and provides information, when a Client supplies information it has about a Provider for account or Profile set up or services or when a person at the Provider supplies information about another person from the Provider or one of the Provider’s representatives. In such cases, you represent that you have the authorization of such person to provide us with or ask us to obtain such information.

We may combine your (and others’) information that we have collected from you (or others) with information we may receive from other sources, such as government websites, insurance companies, address update services and co-promotion partners. By accessing our Sites, you signify your consent to the above collection of your Personal Information.

When you are creating a Profile for the first time on a Site you might supply identifying data (such as an RMIS ID, email address, or government issued ID) that you have previously provided to us in another circumstance (e.g., when onboarding for another Client or requesting another RMIS service), we may recognize that identifying data or other information previously provided and, once you have completed the account set-up process, you may be able to see your contact information already included in your new online Profile. This is happening because we have recognized your identifying data or other previously provided information and, for your convenience, have added your information to your Profile.

If you do not want us to collect your Personal Information, please do not provide it to us. In addition, you can revoke your consent in accordance with the procedures set forth below.

If you receive an email or other correspondence requesting that you provide any sensitive information (including your Site credentials or credit card or other personal information) via email or to a web site that does not seem to be affiliated with the Site, or that otherwise seems suspicious to you, please do not provide such information, and report such request to us at privacy@rmis.com or 800-400-4924.

SITE INFORMATION & OTHER INFORMATION COLLECTED AUTOMATICALLY

As part of the standard operation of the Sites, certain information is collected automatically or passively from or about you in connection with your visit to the Sites. Our servers may automatically gather some of the Site Usage Information (as defined below) or we (or our service providers) may use cookies and other tracking technologies to collect and track such information.

Site Usage Information includes, but is not limited to: (i) your browser type, device type, carrier (if applicable), device address, operating system, operating system address, IP address and the domain name from where you accessed a Site; (ii) information about your region, continent, country, city, zip code, time zone, and general location; and (iii) information about your browsing activities on and through a Site (also known as “Click Stream” data), such as (a) the date and time you visit one of the Sites, (b) the areas or pages of a Site that you visit, (c) the amount of time you spend viewing a Site or specific areas of a Site, (d) the number of times you return to a Site or a specific area of a Site, (e) the web sites or pages you visited prior to visiting a Site, (f) the websites or pages you visit after you leave a Site; (g) searches you have performed on a Site and on other websites that led you to our Sites; (h) social plug-ins with RMIS you have interacted on our Sites; and (j) other similar Site usage data (collectively, the “Site Usage Information”).

If you provide or connect your third-party account credentials to an account with our Site, some content and/or information in those accounts may be transmitted into your account with us. For example, when you connect with Facebook, we receive and collect your name, email address and profile photo.

COOKIES AND OTHER TRACKING TECHNOLOGIES

We and our service providers may use cookies, pixel tags, web beacons, and other similar technologies, which allow us to, among other things, optimize our Sites and to understand traffic and usage patterns. Additionally, if the settings on your location-aware device allow us to receive geo-location data or information, we may collect that information automatically.

A cookie is a small data file that is sent to your web browser and placed on your computer or device when you access a website. Cookies allow parties (including us, our service providers and others) to: (i) track your activities on the Sites,(ii) recognize your computer or device so that you are able to save your preference and stay logged in to the Sites without having to re-enter your Account credentials; (iii) deliver customized content to you; (iv) preserve the contents of your session during your visit to a Site; (v) and otherwise enhance and personalize your experience on the Sites. If you do not want information collected through the use of cookies, most devices allow you to decline the use of cookies. We recommend that you leave cookies turned on because if you elect not to allow them, you may not be able to use or to enjoy all of the services and features of the Sites.

We may use third party web analytics services, such as Google Analytics and AWS, to help us track and analyze the use of our Site and to measure the effectiveness of our systems, Site content, and communications.

DO NOT TRACK

We currently do not participate in any “Do Not Track” frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your information. We may engage third parties, such as marketing or analytics partners, who may collect information about your online activities over time and across different websites when you use our website. To learn more about browser tracking signals and “Do Not Track,” please visit http://allaboutdnt.org.

INFORMATION USE

We may use the information we collect from and about you for a variety of purposes, including but not limited to as discussed above and the following:

(i) To fulfill requests for services and to keep Providers and Clients informed about Provider Profiles; (ii) to provide you with targeted offers and advertising on and at the Sites; (iii) subject to your communications preferences and, where required by applicable law, subject to your consent, to contact you (via postal mail, email and the like) with promotional materials about us, our products, our services and our events, as well as about select partners (in addition we send transactional emails to you regarding your Profile, our services and our business relationship); (iv) to contact you when necessary or appropriate to discuss your Profile and the services we are providing and to review and improve our customer service, online and offline operations and overall experience; (v) to protect the security or integrity of the Sites and our business; (vi) and otherwise, with your permission or as permitted by law.

If you provide us with information about another person (as described above in the “Information You Provide To Us” section), where permitted applicable by law, we use that information to fulfill your requests and treat such information in accordance with this Privacy Policy.

FINANCIAL INFORMATION

To use certain aspects of our services, we may require credit or debit card account information or bank account information. By submitting such information through the services, you expressly consent to the sharing of your information with Clients, third party merchants, billing processors, and payment processors. These third parties may store your credit or debit card account information so you can use our services in the future. We do not have your complete credit or debit card account information, store your credit or debit card account information, or have direct control over or responsibility for your credit or debit card account information. While we require that such third party merchants, billing processors, and payment processors use reasonable procedures to help protect your credit or debit card information, we cannot guarantee that transmissions of your credit or debit card account information or Personal Information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by us or our third-party service providers. We assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control. In addition, as previously discussed above in this Privacy Policy, RMIS will pass on Personal Information to a Client or a Client Vendor to process that information for the Client, which may include the financial information discussed above as part of its services, and RMIS assumes no responsibility or liability for what that Client or the Client Vendor does with the Personal Information; provided that the Client has contractually agreed to use the information for screening and other legitimate and lawful purposes set forth above.

INFORMATION DISCLOSURE

We may disclose information we collect (including Site Usage Information and Personal Information) in the following ways to third parties, to the extent permitted by law:

  • To our Clients and their Client Vendors and data partners for the purposes set forth in this Privacy Policy;
  • To our service providers and suppliers, who collect or use such information for us or on our behalf (such as website or database hosting companies, address list hosting companies, email service providers, analytics companies, distribution companies, fulfillment companies, and other similar entities that help us to operate the Site and/or provide functionality, content and services);
  • RMIS companies and affiliated entities;
  • Auditors and professional advisers like bankers, lawyers, accountants and insurers;
  • As necessary, if we believe that there has been a violation of the Sites’ Terms of Use or any other policy of the Sites, or if we have reason to believe that our rights or property, or the rights or property of any third party, may be or have been harmed;
  • To respond to subpoenas or other judicial processes, or to provide information as requested by law;
  • In the event that RMIS or substantially all of its assets are acquired by one or more third parties as a result of an acquisition, merger, sale, consolidation, bankruptcy, liquidation or other similar corporate reorganization, where your information may be one of the transferred assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy; and
  • As otherwise, with your permission or as permitted by law.

YOUR CHOICES / YOUR PRIVACY RIGHTS

If you would like to opt out of receiving direct marketing mail or promotional emails from us, please contact us at privacy@rmis.com or 800-400-4924. Please understand that if you opt out of receiving promotional correspondence from us, we may still contact you in connection with your Profile, relationship, activities, transactions and communications with us.

If you would prefer that we not share your Personal Information with third-party marketers, please contact us at privacy@rmis.com or 800-400-4924 and/or click the Do Not Sell My Personal Information link on our website. Please understand that if you do request that we stop sharing your Personal Information with third parties for their direct marketing purposes, such request will only apply as of the date of your request, and we will not be responsible for any communications that you may receive from third parties that received your Personal Information prior to that request. In these cases, please opt out from or contact the third party directly. If you request that we do not share your Personal Information with any third parties at all, then do not use our service, do not provide any Personal Information in a Profile and if you have already done so and later ask that we do not share such information, then we will have no choice but to terminate our services concerning you as a Provider and the applicable Client may decide you are not eligible to be hired or provide services to them since that is the entire reason for engaging RMIS’ services in the first place.

CONSENT

By consenting to this Privacy Policy you are giving us permission to process your Personal Information specifically for the purposes identified.

You may withdraw consent at any time by contacting us at privacy@rmis.com or 800-400-4924. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Again, if you withdraw consent for processing your Personal Information, we will have no choice but to terminate our services concerning you as a Provider and the applicable Client may decide you are not eligible to be hired or provide services to them since that is the entire reason for engaging RMIS’ services in the first place.

SECURITY

We have implemented measures in an effort to safeguard the Personal Information in our custody and control. Such measures include, for example, limiting access to Personal Information only to employees and authorized service providers who need to know such information for the purposes described in this Privacy Policy, as well as other administrative, technical and physical safeguards consistent with the best industry custom and practice. Additionally, our service providers are not authorized to use or disclose your Personal Information for any purpose other than providing the services to us or on our behalf, or as otherwise may be required by applicable law. While we endeavor to always protect our systems, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.

You are responsible for maintaining the confidentiality of your account or Profile credentials, and we strongly recommend that you do not disclose your account or Profile credentials to anyone. We will never ask you for your password in any unsolicited communication. Please notify us immediately of any unauthorized use of your Account credentials or any other suspected breach of security.

CHILDREN’S PRIVACY

The Sites are not directed to children under the age of thirteen (13). If you are under thirteen (13), do not provide your Personal Information on or to the Site. We do not knowingly collect on the Sites any Personal Information from children under thirteen (13). If a parent or guardian becomes aware of his or her child has provided us with Personal Information without their consent, please contact us at: privacy@rmis.com or 800-400-4924. Moreover, the CCPA prohibits us from selling any Personal Information of children under the age of 16 without express consent, but in any event we do not under any circumstances sell such Personal Information.

THIRD-PARTY WEBSITES

The Sites may contain links (which may take the form of hyperlinks, widgets, clickable logos, plug-ins, images or banners) to websites and services operated by entities other than us. This Privacy Policy does not apply to such websites or services, so we recommend that you review their posted privacy policies so that you understand the relevant information collection, use and disclosure practices.

CHANGES TO THIS PRIVACY POLICY

We may change this Privacy Policy from time to time and the amended policy will be posted to the Sites. We reserve the right to update, change, amend or modify this Policy at any time and from time to time without prior notice. When we post changes to this Privacy Policy, we will revise the “Last Updated” date at the top of the Privacy Policy. Your continued use of the Sites after any changes or revisions to this Privacy Policy become effective shall indicate your agreement with the terms of such revised and then-current Privacy Policy.

RETENTION

We will process (collect, store and use) the information you provide in a manner compatible with the CCPA. We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary. Please be advised that due to the nature of RMIS’ business, RMIS may store certain Provider Personal Information for its Clients indefinitely, particularly if the Provider continues to provide services for a Client over a long period of time. RMIS is also required to retain information in accordance with the law, such as information needed for income tax and audit purposes. Otherwise, we will only process Personal Information for so long as reasonably required to provide the services.

HOW TO FIND OUT PERSONAL INFORMATION HELD BY RMIS

RMIS at your request can confirm what information we hold about you and how it is processed. If RMIS does hold Personal Information about you, you can request the following information:

  • Identity and the contact details of the person or organization that has determined how and why to process your data.
  • The purpose of the processing.
  • If the processing is based on the legitimate interests of RMIS or a third party, information about those interests.
  • The categories of Personal Information collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • How long the data will be stored.
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • The source of Personal Information if it was not collected directly from you.

RMIS accepts the following forms of identification when information on your personal data is requested: Passport or Driver’s License.

GOVERNING LAW/DISPUTE RESOLUTION/ARBITRATION

All matters relating to the Site and this Privacy Policy and any dispute or claim arising therefrom or related thereto (in each case, including non-contractual disputes or claims), shall be governed by and construed in accordance with the internal laws of the State of California without giving effect to any choice or conflict of law provision or rule (whether of the State of California or any other jurisdiction).

By using the Site or Sites created by RMIS for a Client, you agree that any dispute, claim or controversy arising out of or relating to this Privacy Policy or the breach, termination, enforcement, interpretation or validity thereof, including the determination of the scope or applicability of this agreement to arbitrate, shall be determined by arbitration in Los Angeles, California before a single neutral arbitrator. The arbitration shall be administered by Judicial Arbitration and Mediation Services, Inc. (“JAMS”) pursuant to its Comprehensive Arbitration Rules and Procedures. The parties to arbitration may use legal counsel at their own expense, and the prevailing party shall be entitled to its reasonable attorney’s fees. All costs of arbitration (including arbitrator fees) shall be paid by RMIS, except only that if you bring the arbitration, you may be charged an initial filing fee that shall not exceed the filing fees that you would incur for bringing an action in court. Without limiting the generality of the foregoing, in the event that any party seeks injunctive or equitable relief with respect to any actual or threatened breach of this Privacy Policy, or with respect to public injunctive relief, such party may seek relief in a court of competent jurisdiction. Notwithstanding anything else in this Privacy Policy or the JAMS rules, any parties subject to this arbitration provision shall be barred from bringing or participating in any Class Action (as defined below) related to a dispute covered by this arbitration provision. Notwithstanding anything else in this Privacy Policy or the JAMS rules, it is agreed that the arbitrator is specifically denied the authority to consider or certify any Class Action under this Privacy Policy. However, if these Class Action restrictions are ever deemed illegal or unenforceable, they shall be severed from this arbitration provision. In that event, any Class Action shall by exempted from this arbitration provision and brought in court of competent jurisdiction, in connection therewith and each of the parties consent to the sole and exclusive jurisdiction of the state and federal courts of the State of California, County of Los Angeles, Central District. For purposes of this Privacy Policy, the term “Class Action” shall mean claims brought on behalf of or allegedly representing or including other persons or entities, including but not limited to any class, consolidated, representative, collective or private attorney general action. This arbitration provision is subject to the Federal Arbitration Act, and may be enforced in any court of competent jurisdiction.

CONTACT US

If you have any questions about this Privacy Policy, please contact us via email at privacy@rmis.com or 800-400-4924.

For help or questions regarding the registration process on this website, contact RMIS at 888-643-8174.
© 2024 Registry Monitoring Insurance Services, Inc.