Effective Date: 5/23/2018

TRUSTe

Your right to privacy is very important to Revulytics, Inc. (“Revulytics”). We recognize that when you choose to provide us with information about yourself, you trust us to act in a responsible manner. We believe this information should only be used to help us provide you with better service. This Privacy Policy covers our collection, use and disclosure of any personal data we collect through our website: www.revulytics.com (the “Web Site”) and also in the applicable Revulytics Compliance Intelligence and Revulytics Usage Intelligence license agreements and terms of use. Our collection, use and disclosure of personal data collected directly from our Clients through any of our customer support or customer services portals is governed by the license agreement we have and the purpose of providing the service with each Client.

DEFINITIONS

“Personal data” means any information that relates to an individual person that is collected and processed in the context of the individual’s working relationship with Revulytics (either directly or through a Client of Revulytics).  The “data subject” is the person to whom the information relates. The term “controller” as used in this Policy means the person or entity who is in the position to determine how and why the personal data is collected and processed.  The term “processing” means all activities involving the personal data, including collecting, handling, updating, storing, deleting, sharing, accessing, using, transferring, and disposing of the data. “Client” means a business enterprise that is using Revulytics’ products and services. 

EU-U.S. PRIVACY SHIELD AND SWISS-U.S. PRIVACY SHIELD

Revulytics (and its subsidiary Software Compliance Group) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Revulytics is committed to subjecting all personal data received from European Union (“EU”) member countries and Switzerland (collectively, “EEA”), in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles of Notice; Choice; Accountability for Onward Transfer; Security, Data Integrity & Purpose Limitation; Access; and Recourse, Enforcement & Liability.  To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s www.privacyshield.gov/list.

Revulytics is responsible for the processing of personal data it receives under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Revulytics complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Revulytics is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Revulytics may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.  For EEA residents, you also have the right to file a complaint with the applicable data protection or other supervisory authority (for a list, please see https://www.dataprotection.ie/docs/Home/4.htm).

Under certain conditions, more fully described on the www.privacyshield.gov/welcome, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

COLLECTION AND USE OF PERSONAL DATA

Revulytics collects and processes personal data (a) for the purpose of meeting its performance obligations under an existing contract with its Clients or to enter into a new contract with Clients, (b) on the basis of consent, or (c) to meet our legitimate interests (such as for business operations, to meet legal obligations, for network security purposes, and for advertising, market research and direct marketing).  The use of personal data collected through the publicly accessible portions of our Web Site shall be limited to the purposes set forth below.  At times, Revulytics may also collect your personal data such as contact information and interests from third-party marketing list suppliers in order to contact you for activities including direct marketing and for content syndication for interest-based advertising.

In the normal course of business activities, Revulytics may process personal data as either a controller or a processor, as follows:

  • Data Controller: Where Revulytics collects and processes personal data for the purpose of its day-to-day business operations, such as marketing and customer relationship management, it is acting as a data controller. This Policy applies solely to those instances in which Revulytics is the data controller.
  • Data Processor: Where Revulytics provides products and services for its Clients, it may process personal data on behalf of those Clients. In such cases, the Client is the data controller. This Policy does not apply to such processing. The processing of such personal data on behalf of Clients is, and will be, carried out by Revulytics in accordance with the terms of the relevant contract or contracts between Revulytics and the Client that provides the personal data to us for processing. For additional information, see the section below on Information on Data Obtained with respect to our Intelligence product platforms specifically.

When you visit our Web Site and access information, you remain anonymous. However, when you engage in certain activities on this site, such as requesting product information or registering for a live event, Revulytics may ask you to provide certain information about yourself such as your name, email address, phone number, or address. You are not required to provide your personal data, but if you decline, Revulytics may not be able to process your request.   We ask only for data that is adequate, relevant and not excessive for those purposes. When we ask you for personal data, we tell you the purposes for which we will process that data. Some of these purposes include the following:

  • We may contact you occasionally to inform you of new services we will be providing, or special offers, events or articles we think will be of interest to you.
  • In some instances, we may provide you with the opportunity to register for webinars co-hosted by select partners with whom we may share the personal data you provide us so they may send you offers which may be of interest to you. If you do not want us to use your personal data for these purposes, you may contact us at privacy@revulytics.com.
  • We may send you requested product information and promotional material.
  • We may use your personal data for marketing purposes and market research.
  • We may use your personal data internally to help us improve our products and services and to help resolve any problems.

When you submit personal data to Revulytics, you understand and agree that Revulytics and its subsidiaries, affiliates and trusted vendors may transfer, store, and process your customer profile in any of the countries in which Revulytics and its affiliates maintain offices, including without limitation, the United States. Such other countries may not have the same level of privacy protections as the EU.

TRACKING TECHNOLOGIES

Revulytics and its partners use cookies or similar technologies to analyze trends, administer the Web Site, track users’ movements around the Web Site, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our Webs Site or service.

As is true of most websites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.

We may combine this automatically collected log information with other information we collect about you. We do this to improve personalized marketing, analytics, and site functionality.

We partner with a third party ad network to either display advertising on our Web Site or to manage our advertising on other sites. Our ad network partner uses cookies and Web beacons to collect non-personal data about your activities on this and other websites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

SHARING OF PERSONAL DATA

We do not share, sell or distribute your personal data with unrelated third parties, except under these circumstances or as otherwise outlined in this Privacy Policy:

  • Personal data may occasionally be transferred to third parties who act for or on behalf of Revulytics, for further processing in accordance with the purposes for which the data was originally collected or for purposes to which you have subsequently consented. For example, sometimes we may provide your personal data to a third party in order to handle communications on our behalf or to assist us in managing our software compliance or host our Web Site.
  • In certain situations, Revulytics may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • We may share or transfer the information in our databases to comply with a legal requirement such as to comply with a subpoena, or similar legal or bankruptcy process, for the administration of justice, to protect your vital interests, and to take precautions against legal liability. In the event that Revulytics is involved in a corporate sale, merger, reorganization, dissolution or similar event, you will be notified via email and/or a prominent notice on our Web Site of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

Where appropriate, before disclosing personal data to a third party, we contractually require the third party to take adequate precautions to protect that data and we may also disclose your personal data to any other third party with your prior consent. If you do not want us to share your personal data with these companies, you may contact us at: privacy@revulytics.com.

SOCIAL MEDIA FEATURES AND WIDGETS

Our Web Site includes Social Media Features, such as the Facebook Like button and Widgets, such as the Share this button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Web Site. Your interactions with these Features are governed by the privacy policy of the company providing it.

LINKS TO OTHER SITES

Our Web Site includes links to other websites whose privacy practices may differ from those of Revulytics. If you submit personal data to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

TESTIMONIALS

We post customer testimonials on our Web Site which may contain personal data. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. If you want your testimonial removed please contact us at privacy@revulytics.com.

PUBLIC FORUMS

Our Web Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal data from our blog or community forum, contact us at privacy@revulytics.com. In some cases, we may not be able to remove your personal data, in which case we will let you know if we are unable to do so and why.

PROTECTING YOUR PRIVACY

We will take appropriate steps to protect your privacy. We will also take reasonable security measures to protect your personal data in storage. For example, access to personal data is limited to individuals needing such access to perform their job function. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Web Site, you can contact us at privacy@revulytics.com.

INFORMATION RELATED TO DATA OBTAINED THROUGH THE REVULYTICS COMPLIANCE INTELLIGENCE (POWERED BY CODEARMOR) AND THE REVULYTICS USAGE INTELLIGENCE PLATFORMS

Revulytics processes data on behalf of our clients that they have obtained through our Compliance and Usage Intelligence Platforms. At all times, the Client is the controller of that data.  Information pertinent to the processing of that data is as follows:

  • Information Related to Data Collected for our Clients:

Revulytics collects information under the direction of its Clients, and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the Client that you interact with directly. We may transfer personal data to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Clients.

  • Access and Retention of Data Controlled by our Clients:

Revulytics acknowledges that you have the right to access your personal data.  Revulytics has no direct relationship with the individuals whose personal data it processes. An individual who seeks access to their data, or who seeks to correct, amend, or delete their data, transfer their data, or otherwise object to or limit the processing of their data, should direct their query to the Revulytics’ Client. If requested by the Client to remove data, we will respond within a reasonable timeframe. 

We will retain personal data we process on behalf of our Clients for as long as needed to provide services to our Client. Revulytics will also retain this personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Please refer to this privacy policy for any questions of the use of Revulytics Compliance Intelligence and Revulytics Usage Intelligence.

FOR REVULYTICS’ EMPLOYEES

Revulytics has further committed to cooperate with the panel established by the EU data protection authorities (EU DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EEA in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs or the EDPIC (as applicable) for more information or to file a complaint. The services of the EU DPAs and the FDPIC are provided at no cost to you.

YOUR FEEDBACK

If you wish to remove your personal data from our marketing files, modify your personal data, comment on or make a complaint under our Privacy Policy, please send an email to privacy@revulytics.com with the following subject line:

“REMOVE PERSONAL DATA”

to remove your  personal data from Revulytics’ marketing database. Please provide your name, address, and email address so we are sure to remove the correct information. We will respond to your request within 30 days. 

“MODIFY PERSONAL DATA”

to modify or request the deletion of your personal data. In addition to providing your name, email address, and address, please include your modifications in the body of the email. We will respond to your request within 30 days. Upon request, Revulytics will provide you with information about whether we hold, or process on behalf of a third party, any of your personal data.

We will retain your information for as long as needed to provide you with the communications and services described above. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

“COMMENT ON PRIVACY POLICY/COMPLAINT”

to give Revulytics feedback on its Privacy Policy or to make a complaint under that Policy. You may also contact us via postal mail at Revulytics, 130 Turner Street, Building 2, Suite 212, Waltham, Massachusetts 02453, or you can email us at privacy@revulytics.com ATTN: Privacy Policy.

Revulytics welcomes comments and questions on this Policy. We are dedicated to protecting your personal data and will make every reasonable effort to keep that information secure.

EEA RIGHTS

For EEA residents, with respect to personal data collected and processed by Revulytics as a data controller, you have the right to access your personal data and to request the correction, amendment, removal, or limitation of the use and disclosure of that personal data. You can also port your data and, for those instances where you have given your consent directly to Revulytics for the collection and processing of your data, you may withdraw that consent.  All such requests should be sent by email to privacy@revulytics.com.

PRIVACY POLICY UPDATES

Due to the rapidly evolving technologies on the Internet, we may occasionally update this Policy. All revisions will be posted to this Web Site. If we make any material changes we will notify you by email (sent to the e-mail address you have provided) or by means of a prominent notice on this Web Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.