Data Privacy Policy
ReserveBar Holdings Corp. Information Security Policy Program
1. PURPOSE AND SCOPE
1.1 Policy Purpose
This Data Privacy and the ReserveBar Holdings Corp. Information Security Policy Program establishes comprehensive guidelines for the collection, use, storage, sharing, and protection of personal information and confidential data within the Liquid Commerce platform operations. This policy ensures compliance with applicable privacy laws, protects customer rights, and maintains the integrity of business relationships with platform participants.
1.2 Scope of Application
This policy applies to:
- • All employees, contractors, and authorized representatives
- • Platform participants ("Fulfillers") including Beverage Alcohol Licensees, retailers, vendors, and service providers
- • Customer data processing activities across all business operations
- • Third-party service providers with access to protected information
- • All digital platforms, systems, and databases containing personal information
1.3 Regulatory Compliance
This policy ensures compliance with:
- • California Consumer Privacy Act (CCPA) and Section 1798.83 of California Civil Code
- • Federal privacy and data protection regulations
- • State-specific privacy laws and alcohol beverage regulations
- • Industry standards for data security and confidentiality
2. DATA OWNERSHIP AND CLASSIFICATION
2.1 Platform Data Ownership Rights
ReserveBar Holdings Corp. maintains exclusive ownership of all data captured through platform operations, including:
Customer Data Categories:
- • Personally identifiable information of all platform customers
- • Transaction histories and purchase patterns
- • Communication records and service interactions
- • Location data and delivery preferences
- • Payment information and billing details
Covered Customer Definition:
- • Customers who purchase products through platform Fulfillers
- • Individuals known to Fulfillers through platform-facilitated activities
- • Customers acquired through any means enabled by platform participation
- • Any customer relationship that would not exist without platform involvement
2.2 Data Classification
Public Information:
- • General business information
- • Marketing materials
- • Published pricing
Internal Information:
- • Operational procedures
- • Vendor relationships
- • Performance metrics
Confidential Information:
- • Customer PII
- • Financial details
- • Proprietary technology
3. FULFILLER DATA ACCESS AND RESTRICTIONS
3.1 Limited Data License Terms
Fulfillers, service providers and platform participants are granted restricted access to customer data under the following conditions:
Permitted Uses:
- • Order fulfillment and delivery coordination exclusively
- • Customer service for platform-originated transactions only
- • Compliance with legal requirements for beverage alcohol sales
- • Age verification and delivery confirmation/proof-of-delivery processes
License Termination:
- • Immediate termination upon agreement expiration or termination
- • No data retention rights following relationship termination
- • Certification of data destruction must be provided in writing
3.2 Prohibited Data Activities
Fulfillers, service providers and platform participants are strictly prohibited from:
Marketing Restrictions:
- • Direct marketing or solicitation of platform customers and/or platform clients
- • Use of customer data for independent business development
- • Creation of separate customer databases using platform-derived information
Technical Restrictions:
- • Data scraping, mining, or automated collection of customer information
- • Reverse engineering of customer analytics or business intelligence
- • Sharing customer data with unauthorized third parties
- • Using customer data for competitive intelligence purposes
4. CONFIDENTIALITY AND NON-DISCLOSURE OBLIGATIONS
4.1 Confidential Information Definition
Confidential Information encompasses all non-public, proprietary information including:
Business Information:
- • Customer lists and preferences
- • Pricing strategies
- • Vendor relationships
- • Financial performance
Technical Information:
- • System architectures
- • Database structures
- • API documentation
- • Performance metrics
Strategic Information:
- • Business development plans
- • Partnership negotiations
- • Competitive analysis
- • Regulatory compliance
4.2 Confidentiality Duration and Enforcement
Standard Confidentiality Period:
- • Five (5) years following agreement termination for general confidential information
- • Perpetual confidentiality for information specifically designated as trade secrets
- • Continuing obligations for customer personally identifiable information
- • Ongoing compliance with regulatory confidentiality requirements
5. INFORMATION COLLECTION AND PROCESSING
5.1 Lawful Collection Practices
Information collection is conducted under the following principles:
Business Necessity Standard:
- • Collection limited to information necessary for specified business purposes
- • Clear identification of collection purposes at point of data gathering
- • Regular review of collection practices for relevance and necessity
- • Documentation of business justification for all data collection activities
Collection Purposes:
- • Product and service delivery facilitation
- • Customer communication and support services
- • Legal compliance and regulatory requirements
- • Fraud prevention and security monitoring
- • Business analytics and performance improvement
5.2 Technical Data Collection Methods
Website and Platform Analytics:
- • Cookie deployment for user experience optimization
- • Session tracking for security and fraud prevention
- • Performance monitoring for system reliability
- • User behavior analysis for service improvement
6. INFORMATION SECURITY AND PROTECTION
6.1 Technical Security Measures
Encryption and Data Protection:
- • SSL/TLS encryption for all data transmissions
- • End-to-end encryption for sensitive customer information
- • Database encryption for stored PII
- • Secure key management and rotation procedures
Access Controls:
- • Multi-factor authentication for system access
- • Role-based permissions and least-privilege principles
- • Regular access reviews and permission auditing
- • Secure password policies and management requirements
6.2 Physical and Administrative Security
- • Secure data center facilities with controlled access
- • Environmental controls and disaster recovery capabilities
- • Security awareness training for all personnel
- • Background checks for employees with data access
6.3 Data Retention and Disposal
Secure Disposal Procedures:
- • Certified data destruction for electronic media
- • Secure shredding for physical documents
- • Verification of disposal completion and documentation
- • Third-party disposal service vendor management and oversight
7. THIRD-PARTY RELATIONSHIPS AND DATA SHARING
7.1 Service Provider Management
Approved Sharing Categories:
- • Payment processing and financial services
- • Shipping, delivery, and logistics coordination
- • Customer service and technical support functions
- • Legal, compliance, and professional services
Payment Processing Notice:
When you provide personal data in connection with the Liquid Commerce Solutions Platform (owned and operated by ReserveBar), Stripe receives that personal data and processes it in accordance with Stripe's Privacy Policy. Stripe acts as our payment processor and handles payment card information and related personal data necessary for transaction processing, fraud prevention, and compliance with payment card industry standards.
8. INDIVIDUAL RIGHTS AND PRIVACY CONTROLS
8.1 Access and Correction Rights
Individuals have the right to:
- • Request which personal information is maintained in company systems
- • Request correction of inaccurate or incomplete information
- • Receive information about data sharing and processing activities
- • Obtain copies of their personal information in portable formats
8.2 Consent and Opt-Out Management
- • Consent mechanisms for data collection and processing where applicable
- • Opt-out options for marketing and promotional communications
9. INCIDENT RESPONSE AND BREACH MANAGEMENT
9.1 Incident Classification and Response
Level 1: Minor incidents with no customer data exposure
Level 2: Moderate incidents with limited data exposure risk
Level 3: Major incidents with confirmed data exposure
Level 4: Critical incidents with widespread exposure
9.2 Notification Requirements
- • Immediate escalation to senior management and legal counsel
- • Regulatory authorities per applicable breach notification laws
- • Affected individuals per legal timelines and requirements
- • Business partners and service providers as contractually required
10. COMPLIANCE MONITORING AND ENFORCEMENT
10.1 Ongoing Compliance Activities
- • Regular privacy impact assessments for new business activities
- • Quarterly compliance reviews and gap analyses
- • Continuous monitoring of regulatory developments and requirements
- • Third-party security and privacy audits as needed
10.2 Training and Awareness Programs
- • Mandatory privacy training for all personnel upon hire and annually
- • Specialized training for roles with elevated data access
- • Regular updates on policy changes and regulatory developments
11. POLICY GOVERNANCE AND MAINTENANCE
This policy undergoes annual comprehensive review and revision, with quarterly updates for regulatory changes and business developments. Stakeholder input is collected and incorporated through established processes with proper version control and change documentation procedures.
12. CONTACT INFORMATION AND REPORTING
For privacy-related questions, concerns, or to report incidents:
Email: info@liquidcommerce.com
Address: 83 Wooster Heights Road, Suite 125, Danbury, CT 06810
Acknowledgment
By accessing company systems and handling personal information, all personnel acknowledge receipt and understanding of this policy and agree to comply with all provisions outlined herein.