Skip to Content

Privacy Policy

Design Element

Last Updated: September 1, 2025 

This Privacy Policy (this “Policy”) applies primarily to ROC-P, LLC’s handling of personal data that it processes as a controller or business under applicable data protection laws, including personal data about visitors to the ROC-P website (“Site”) and events, prospective customers and their personnel, partners and their personnel, and individuals that sign up for our marketing or other communications. Please read this Policy carefully to understand how we process your personal data. 

Except where indicated, this Policy does not apply to: 

  • “Customer Data” (as defined under a separate agreement) or personal data ROC-P processes in connection with an organization’s subscription to ROC-P software-as-a-service offerings (“Services”); 
  • Cookies and other similar tracking technologies processed in a non-identifiable way; 
  • Information we anonymize by rendering it unidentifiable to a natural person; 
  • Information we aggregate by combining it with other data in such a way that no natural person can be identified or linked to any specific information (for example, ROC-P collects aggregated statistics on the performance of its services and the occurrences of errors within the services); and 
  • The name, form, contact details, relationship information, transaction history, or financial information of legal persons. By “legal persons,” we refer to legal, business entities other than natural persons, such as corporations, limited liability companies, non-profit organizations, and other business entities. 

With respect to Customer Data, we do not control the content of Customer Data submitted to the Services. ROC-P is considered its customer’s processor and/or service provider under applicable data protection laws related to any personal data in the Customer Data. Therefore, ROC-P processes personal data in connection with its performance of service offerings pursuant to the instructions of the relevant ROC-P customer or as required by applicable law, as described in a separate agreement together with a related Data Processing Addendum (“DPA”). Accordingly, such personal data is subject to the customer’s privacy policy and individuals should contact the relevant customer with any requests relating to personal data about them that may appear in that customer’s Customer Data. If ROC-P receives a request from an individual to exercise rights in Customer Data, we will refer the request to the relevant customer and cooperate with that customer’s handling of the request, subject to any special contractual arrangement with that customer.  

If you have questions regarding your rights under this Policy, please contact us using the contact details provided at the end of this Policy.  

Such personal data is subject to the specific ROC-P client’s privacy policy 

1. What personal data does ROC-P collect? 

ROC-P collects personal data including: 

  • Contact information such as your name, email address, phone number, physical address, username, and password or other professional details such as title and name of company; 
  • Relationship information such as your preferences or potential interest in ROC-P goods and services; 
  • Transactional information such as session data or log data (for example, your computer’s Internet Protocol address, browser type, browser version, device, the pages of our Site that you visit, the time and date of your visit, and the time spent on those pages, to the extent any of the foregoing are kept in a form that may be used to identify you), payment information and inferences drawn from other personal data;  

2. How ROC-P Uses Personal Data 

ROC-P is committed to respecting your privacy and will only process your personal data for the reasons disclosed herein or as requested at the time of collection, and then only in the context of your relationship with ROC-P. ROC-P will not sell, rent, or lease your personal data to others. 

ROC-P uses personal data for the following purposes: 

  • To provide and improve the Services; 
  • To respond to questions, concerns, or customer service inquiries, and to otherwise fulfill individuals’ requests; 
  • To measure and understand the effectiveness of ROC-P’s services; 
  • To comply with applicable laws and regulations; and 
  • To communicate offers for current and future goods and services, including offers based on your interests and purchase of ROC-P’s goods and services, to administer promotional events, and to engage in other marketing activities that may be of interest to you. Please note that we will provide you the opportunity to opt out of direct marketing communications or market research inquiries, but we will still need to gather certain personal data as necessary to provide our goods and services to you. 
  • To enforce legal terms that govern our business and online properties or to otherwise protect our rights, safety and/or property.  
  • For other purposes requested or permitted by you.  

3. Disclosure of Personal Data 

ROC-P shares personal data with third parties for the purposes of providing services which you have requested or expressed interest in, including service providers, vendors, or operators of software we use to operate the Site or support our Services. In addition, we use Google Analytics to improve the operation of our Site, our Services and service offerings, and we may use other technology providers such as Amazon Web Services, or certain products provided by Google, such as Workspace, which may have access to the personal data we process as outlined herein. 

We maintain controls and oversight appropriate to the scope of access to personal data to ensure that any third party who we engage to assist us will only have access to the personal data necessary for it to perform specific, designated tasks on our behalf, will only use the information for such limited purpose, and will commit to contractually binding obligations to protect the personal data to at least the same extent that we commit to as proportionate to the third party’s scope of access to personal data. Please note, however, that this Policy applies only to personal data that we process and share with others—it does not apply to personal data that you share directly with third parties or make publicly accessible. 

ROC-P may also share information to comply with our legal obligations, such as responding to lawful requests from government or judicial entities, or to respond to or address threats to our business or Services. 

Finally, ROC-P may disclose personal data where needed as part of a sale or transfer of our assets, to enforce our rights, protect our property, or protect the rights, property, or safety of others, or as is needed to support external auditing, compliance, and governance functions. 

If ROC-P wishes to share your personal data for a purpose not identified here, we will update this Policy by posting a revised version on the Site and where required by applicable law obtain your consent before doing so.  

4. Legal Bases for Processing Personal Data  

The laws in some jurisdictions require companies to tell you about the legal grounds they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds for processing personal data are as follows: 

a) To honor our contractual commitments to an individual: Some of our processing of personal data is to meet our contractual obligations to the individuals to whom the personal data relate, or to take steps at their request in anticipation of entering into a contract with them.  

b) Consent: Where required by law, and in some other cases, we handle personal data on the basis of consent. For example, some of our direct marketing activities happen on the basis of opt-in consent, such as sending marketing emails to individuals who have requested them. 

c) Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities, such as the following, in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals: customer support; marketing, including, in some cases, direct marketing such as via email; protecting our customers and their users, personnel and property; analyzing and improving our business and Services; and managing legal issues. We may also process personal data for the same legitimate interests of our customers and business partners. 

d) Legal compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations. 

          5. Cookies and Automated Data Collection 

          ROC-P and our service providers may use cookies to receive and store certain automatic information whenever you interact with the Site.  Cookies are small data files that are stored or accessed on one’s browser each time one visits a website.  

          Cookies may store unique identifiers, user preferences, and other information. We use persistent and non-persistent cookies to make it easier for you to navigate the Site, to provide analytics, and to enable certain functions of the Site. If you reject cookies, you may still use the Site, but your ability to use some areas of the Site may be limited. 

          Cookies we use include:  

          • Essential cookies. We may use essential or “strictly necessary” cookies to authenticate visitors and prevent fraudulent use of user accounts. 
          • Functional cookies. We may use functional cookies to provide enhanced functionality and personalization, such as to remember information that changes the way the Site behaves or looks, the “remember me” functionality of a registered user or a user’s language preference. 
          • Analytics cookies. We may use analytics cookies to track information on how the Site is used so that we can make improvements. We may also use analytics cookies to test new advertisements, pages, features or new functionality of the Site to see how our visitors react to them. 
          • Third-party cookies.  We may use various third-party cookies including social media cookies to report usage statistics related to the Site and/or to deliver advertisements on the Site.  

          6. Data Retention 

          ROC-P keeps different kinds of personal data for different lengths of time depending on the purpose for which it is processing the information and depending upon your specific situation. In any event, ROC-P will retain your personal data only for as long as is necessary to accomplish the relevant purpose for its collection and no longer, except as required by applicable law, regulation or other legal obligation. 

          7. Security 

          ROC-P maintains physical, administrative, organizational, and technical safeguards to protect its systems and facilities, including those that store personal data, such safeguards which are subject to periodic changes to maintain pace with industry standards. Despite our security measures, no data transmission over the internet or electronic storage is one hundred percent secure. As a result, we cannot and do not warrant the security of your personal data over through communication methods such as email or phone. Further, third-party software and services integrated into our Site and Services, such as Google Drive, Box, Dropbox, and other integrations, as well as third-party sites hyperlinked from ours, are handled by such third parties and subject to their own privacy and security procedures, which we do not control.  

          You are responsible for notifying us immediately of any known or suspected unauthorized use(s) of your personal data submitted through our Site or Services, or any known or suspected breach of security, including loss, theft, or unauthorized disclosure of your account credentials, or any other personal information. Any fraudulent, abusive, or otherwise illegal activity on your ROC-P account may be reported to appropriate law enforcement agencies by us. In the event of a security incident that involves Site user’s personal data, ROC-P will notify you, the respective regulator, law enforcement, and/or individuals of such incident as required by applicable law or where ROC-P deems appropriate. 

          8. Personal Data Rights and Choices (Including Cookie Management and Direct Marketing Opt-Out)  

          Your first choice is always to limit the personal data you provide. You may also opt out of certain marketing activities by visiting our Site and communicating your choices to us, or by clicking “unsubscribe” at the bottom of marketing emails you might receive from us or on our behalf. 

          Regarding cookies and other tracking technologies, you can manage these by adjusting the settings on your browser, commonly referred to as the browser’s “Do Not Track” settings. All browsers are different, so you may need to visit the “help” section of your browser to learn more about cookie preferences and other privacy settings that may be available. You can also manage how your mobile device and mobile browser share location information with ROC-P, as well as how your mobile browser handles cookies and related technologies by adjusting your mobile device privacy and security settings. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn more. In general, ROC-P will comply with your browser’s “Do Not Track” settings but may require the use of some cookies as necessary to provide the services. For more information regarding cookies, please review ROC-P’s Cookie Policy, here: https://www.roc-p.com/cookies/. For more information about cookies and how to manage them, please visit www.allaboutcookies.org.   

          Residents of the European Economic Area, the UK, some states within the United States with consumer data protection laws, and many other jurisdictions have certain legal rights to do the following with personal data we control:  

          • Obtain confirmation the personal data we process about them, and to receive information about its processing;  
          • Request erasure or deletion of your personal data in our possession; 
          • Obtain a copy of the personal data, and in some cases, receive it in a structured, commonly used and machine-readable format, or have it transmitted to a third party in such form; 
          • Update, correct or delete the personal data;  
          • Object to our processing of the personal data for direct marketing purposes; 
          • Object to other processing of the personal data; and/or 
          • Withdraw consent previously provided for the processing of the personal data (such withdrawal shall not effect the legality of processing of the personal data prior to such withdrawal).   
          • Lodge a complaint with the relevant supervisory authority or regulator.  

          For assistance with exercising your choices, or if you have any questions about your choices, please contact us as described at the end of this Policy. 

          9. Additional Privacy Notice for California Residents 

          Under California Civil Code Section 1798.83 (“Shine the Light” law) California residents have the right to opt-out of disclosure of personal data to third parties for direct marketing purposes at any time.  ROC-P does not share your personal data with third parties for their direct marketing purposes. ROC-P also does not sell your personal data and strives to provide clear notices of our privacy practices at all times.   

          To make a request regarding any of these rights or to ask questions or provide comments about this Privacy Notice for California Residents, please contact us using the information provided below. 

          10. International Data Transfers 

          ROC-P is headquartered in the United States of America. It and its authorized processors may transfer your personal data to the United States of America and access it from the United States of America for the purposes described in this Policy. ROC-P protects the privacy and security of personal data in the manner described in this Policy regardless of where it is collected, stored, accessed, or otherwise processed. 

          This Policy will apply even if we transfer personal data to other countries. We have taken appropriate safeguards to require that your personal data will remain protected wherever it is transferred. When personal data of individuals in the European Economic Area (“EEA”), Switzerland or the United Kingdom (“UK”) is shared by you or to us by our sub-processors or other third-parties, ROC-P relies upon and complies with our certification to the practices set forth within the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce (collectively “the Data Privacy Framework”). To learn more about the Data Privacy Framework (DPF) program, please visit https://www.dataprivacyframework.gov/.  

          Should the Data Privacy Framework become invalidated, ROC-P has agreements in place and will rely  upon the Standard Contractual Clauses (approved by the European Commission and Swiss authorities) and UK Addendum to the Standard Contractual Clauses (approved by the UK authorities) where required to facilitate such personal data transfers in compliance with applicable law.  We also employ additional safeguards where appropriate (such as commercial industry standard secure encryption methods to protect customer data at rest and in transit, TLS for ROC-P hosted sites, web application firewall protection, and other appropriate contractual and organizational measures). 
           
          Data Privacy Framework Notice 

          ROC-P commits to resolve DPF Principles-related complaints about our collection and use of your personal data. We will investigate and attempt to resolve any DPF Principles-related complaints within 45 days. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the DPF Principles should first contact ROC-P.   

          In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ROC-P commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you. 

          Under certain conditions, more fully described on the DPF website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. The Federal Trade Commission has jurisdiction over ROC-P’s compliance with the DPF Principles. 
           
          In the context of an onward transfer, ROC-P is responsible for the processing of personal data it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on our behalf. ROC-P will remain liable under the DPF Principles if our agent processes your personal data in a manner inconsistent with the DPF Principles, unless ROC-P is not responsible for the event giving rise to the damage. 
           
          Please note that under certain circumstances, we may be required to disclose your personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

          11. Children 

          The Site, Site features and ROC-P Services are not directed at minors 16 and under.  ROC-P does not knowingly collect personal data from children aged 16 and under. If you become aware that a minor may have provided us with personal data, please contact us immediately using the contact details provided below.  

          12.  Updates to this Policy 

          ROC-P may modify or update this Policy at any time by posting the updated Policy on this page. Please refer to the “last updated” date above for the most recent version. We encourage you to visit this page periodically for updates. By using ROC-P’s Site or Site features after a change to this Policy, you are deemed to consent to such changes. 

          13. Contact Us 

          If you have any questions about this Policy or our information security and data privacy practices generally, or if you wish to provide comments or exercise any of your rights with respect to your personal data as identified above, contact us at support@roc-p.com.  You may also write us at: 

          ROC-P, LLC; 
          Attn: Privacy 
          215 2nd Ave. SE Ste. 300 
          Cedar Rapids, Iowa 52401