Effective Date: 5/23/2018
“Personal data” means any information that relates to an individual person that is collected and processed in the context of the individual’s working relationship with Revulytics (either directly or through a Client of Revulytics). The “data subject” is the person to whom the information relates. The term “controller” as used in this Policy means the person or entity who is in the position to determine how and why the personal data is collected and processed. The term “processing” means all activities involving the personal data, including collecting, handling, updating, storing, deleting, sharing, accessing, using, transferring, and disposing of the data. “Client” means a business enterprise that is using Revulytics’ products and services.
Revulytics (and its subsidiary Software Compliance Group) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Revulytics is committed to subjecting all personal data received from European Union (“EU”) member countries and Switzerland (collectively, “EEA”), in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles of Notice; Choice; Accountability for Onward Transfer; Security, Data Integrity & Purpose Limitation; Access; and Recourse, Enforcement & Liability. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s www.privacyshield.gov/list.
Revulytics is responsible for the processing of personal data it receives under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Revulytics complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Revulytics is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Revulytics may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. For EEA residents, you also have the right to file a complaint with the applicable data protection or other supervisory authority (for a list, please see https://www.dataprotection.ie/docs/Home/4.htm).
Under certain conditions, more fully described on the www.privacyshield.gov/welcome, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Revulytics collects and processes personal data (a) for the purpose of meeting its performance obligations under an existing contract with its Clients or to enter into a new contract with Clients, (b) on the basis of consent, or (c) to meet our legitimate interests (such as for business operations, to meet legal obligations, for network security purposes, and for advertising, market research and direct marketing). The use of personal data collected through the publicly accessible portions of our Web Site shall be limited to the purposes set forth below. At times, Revulytics may also collect your personal data such as contact information and interests from third-party marketing list suppliers in order to contact you for activities including direct marketing and for content syndication for interest-based advertising.
In the normal course of business activities, Revulytics may process personal data as either a controller or a processor, as follows:
When you visit our Web Site and access information, you remain anonymous. However, when you engage in certain activities on this site, such as requesting product information or registering for a live event, Revulytics may ask you to provide certain information about yourself such as your name, email address, phone number, or address. You are not required to provide your personal data, but if you decline, Revulytics may not be able to process your request. We ask only for data that is adequate, relevant and not excessive for those purposes. When we ask you for personal data, we tell you the purposes for which we will process that data. Some of these purposes include the following:
When you submit personal data to Revulytics, you understand and agree that Revulytics and its subsidiaries, affiliates and trusted vendors may transfer, store, and process your customer profile in any of the countries in which Revulytics and its affiliates maintain offices, including without limitation, the United States. Such other countries may not have the same level of privacy protections as the EU.
As is true of most websites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
We may combine this automatically collected log information with other information we collect about you. We do this to improve personalized marketing, analytics, and site functionality.
Where appropriate, before disclosing personal data to a third party, we contractually require the third party to take adequate precautions to protect that data and we may also disclose your personal data to any other third party with your prior consent. If you do not want us to share your personal data with these companies, you may contact us at: firstname.lastname@example.org.
We post customer testimonials on our Web Site which may contain personal data. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. If you want your testimonial removed please contact us at email@example.com.
Our Web Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal data from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal data, in which case we will let you know if we are unable to do so and why.
We will take appropriate steps to protect your privacy. We will also take reasonable security measures to protect your personal data in storage. For example, access to personal data is limited to individuals needing such access to perform their job function. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Web Site, you can contact us at email@example.com.
Revulytics processes data on behalf of our clients that they have obtained through our Compliance and Usage Intelligence Platforms. At all times, the Client is the controller of that data. Information pertinent to the processing of that data is as follows:
Revulytics collects information under the direction of its Clients, and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the Client that you interact with directly. We may transfer personal data to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Clients.
Revulytics acknowledges that you have the right to access your personal data. Revulytics has no direct relationship with the individuals whose personal data it processes. An individual who seeks access to their data, or who seeks to correct, amend, or delete their data, transfer their data, or otherwise object to or limit the processing of their data, should direct their query to the Revulytics’ Client. If requested by the Client to remove data, we will respond within a reasonable timeframe.
We will retain personal data we process on behalf of our Clients for as long as needed to provide services to our Client. Revulytics will also retain this personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Revulytics has further committed to cooperate with the panel established by the EU data protection authorities (EU DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EEA in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs or the EDPIC (as applicable) for more information or to file a complaint. The services of the EU DPAs and the FDPIC are provided at no cost to you.
to remove your personal data from Revulytics’ marketing database. Please provide your name, address, and email address so we are sure to remove the correct information. We will respond to your request within 30 days.
to modify or request the deletion of your personal data. In addition to providing your name, email address, and address, please include your modifications in the body of the email. We will respond to your request within 30 days. Upon request, Revulytics will provide you with information about whether we hold, or process on behalf of a third party, any of your personal data.
We will retain your information for as long as needed to provide you with the communications and services described above. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Revulytics welcomes comments and questions on this Policy. We are dedicated to protecting your personal data and will make every reasonable effort to keep that information secure.
For EEA residents, with respect to personal data collected and processed by Revulytics as a data controller, you have the right to access your personal data and to request the correction, amendment, removal, or limitation of the use and disclosure of that personal data. You can also port your data and, for those instances where you have given your consent directly to Revulytics for the collection and processing of your data, you may withdraw that consent. All such requests should be sent by email to firstname.lastname@example.org.
Due to the rapidly evolving technologies on the Internet, we may occasionally update this Policy. All revisions will be posted to this Web Site. If we make any material changes we will notify you by email (sent to the e-mail address you have provided) or by means of a prominent notice on this Web Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.