Privacy Policy

This Global Data Privacy Policy (“Global Privacy Policy” or this “Policy”) represents the minimum standards that the Revevol Group and its affiliates, including Revevol France SAS, Revevol Italia SRL, Revevol North America Corporation, Altirnao Inc (including its affiliates Altirnao France and Altirnao UK) and Talarian SARL (“Revevol ”, “we”, “our”) have set with respect to data privacy, for ensuring that we collect, use, retain and disclose Personal Data in a fair, transparent and secure way.

This Policy aligns with (and in some cases exceeds) the main requirements of applicable laws and regulations. It is also aligned with other specific policies of Revevol relating to the collection and use of information of Personal Data implemented by each entity of the Revevol Group to cover the specific Personal Data processing purposes needed for the day to day activity (e.g. cookies policy, specific local policies such as employees privacy policies specific information notices for customers, etc.). This Policy acknowledges that certain Revevol affiliates are located in countries with varying legal and cultural approaches to privacy and data protection. This Global Privacy Policy may thus be supplemented by other policies and procedures in certain geographic regions as may be appropriate to comply with applicable laws and meet cultural norms.

In the event of a conflict between this Global Privacy Policy and the local applicable privacy policies and/or applicable local law as relevant, or inapplicability of the provisions of this Global Privacy Policy, the local applicable policy and local law should prevail.

Some useful definitions are provided in section 2 of this Global Privacy Policy for your ease of reference.

If you require a Data Processing Agreement (DPA), please send your request at: legal@talarian.io

Scope

  1. The Policy covers all Personal Data (“Personal Data”) in any form, including but not limited to electronic data, disks and paper documents and all types of processing, whether manual or automated, that is in Revevol’s possession or under Revevol’s control, in all geographical areas where Revevol operates. This will include information held about Revevol members, partners, employees, contractors, consultants, clients, consumers, suppliers, business contacts and any third parties.
  2. This Policy also applies to any Third Parties who perform services for or on behalf of Revevol and who are expected to embrace standards of conduct consistent with the principles set out in this Global Privacy Policy.

Definitions

  1. Revevol shall mean the relevant Revevol entity processing the Personal Data and the various Revevol affiliates which are part of the Revevol Group.
  2. Third Party shall mean a third party or business Partner who receives from Revevol or who is granted access to or is otherwise entrusted with Personal Data on behalf of Revevol, for example suppliers, contractors, sub-contractors and other service providers.
  3. Data Subject shall mean an identified or identifiable natural person whose Personal Data is being processed by Revevol.
  4. Informed Consent shall mean any freely given specific and informed indication of the Data Subject’s agreement to the processing of his/her Personal Data, when required.
  5. Personal Data shall mean any information enabling to identify a natural person, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity. Data is considered Personal Data when it enables anyone to link said data to a natural person, even if the person or entity holding that information cannot make that link.
  6. Sensitive Data (or Special Category of Data) shall include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
  7. Personal Data relating to criminal convictions and offences are a subset of Personal Data, which due to their nature have been classified by law or by an applicable policy as deserving additional privacy and security protections.
  8. Process / Processing shall mean any operation or set of operations that is performed upon Personal Data, whether or not by automated means, including but not limited to, collection, recording, organization, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deleting, erasure, or destruction (“Process” shall be interpreted accordingly).

3. With whom does Revevol share the information?

Personal Data is processed on the basis of legal grounds with the informed knowledge of the Data Subjects.

  1. We will only use Personal Data on the basis of a legal ground:
  1. We consider that it is important to assess the privacy risks before we collect, use, retain or disclose Personal Data, such as in a new system or as part of a new project.
  2. Revevol will only Process Personal Data in the way described in its specific privacy notices or privacy policies and in accordance with any Informed Consent we may have obtained from the Data Subject.
  3. Revevol will not carry out profiling activities based on automated decision making, unless legally grounded on a requirement of applicable law or the performance of a contract or the Data Subject’s consent and provided that suitable safeguards are implemented to protect the Data Subjects rights.
  4. We use cookie technologies on our websites to allow us to evaluate and improve the functionality of our websites. We can also use cookies for advertising or analytics purposes, subject to your consent and depending on your choice by using our cookie setting tool. For more information about how Revevol uses cookies, please read our online [Cookie Policy](/cookie-policy).
  5. Where legally required, we will ensure that Data Subjects are provided with relevant information concerning the processing of their Personal Data, unless there is an impossibility to provide such information or if it requires disproportionate efforts to provide such information. Such information will notably include the purposes of the Personal Data processing, the types of Personal Data collected (if the Personal Data have not been obtained directly from the data subject), the categories of recipients, the list of rights which may be exercised by the Data Subjects, the consequences of a failure to reply or provide Personal Data, the conditions of the transfer of Personal Data outside the European Economic Area (“EEA”), if any, and the mechanism used to protect the Personal Data in the event of a transfer, etc. This requirement may be satisfied by issuing a privacy notice to Data Subjects at the point where Personal Data are originally collected from them. Privacy notices shall be written in language which provides Data Subjects with a clear understanding as to how their Personal Data will be used.

How do we process Personal Data for specific and legitimate purpose and verify that Personal Data is minimized and accurate?

  1. Personal Data will only be collected and processed specified, explicit and legitimate purposes (which could be multiple), complying with the Personal Data minimization principle and ensuring the accuracy of the Personal Data processed.
  2. Personal Data will not be further processed in a manner that is incompatible with those purposes.
  3. We carefully evaluate and define the purposes of any Personal Data Processing before launching a project (e.g. management of HR data, management of recruitment data, payroll purpose, accounting and financial management, allocation of IT tools and any other digital solutions or collaborative platforms, IT support management, health and safety management, information security management, client relationship management, bids, sales and marketing management, supply management, internal and external communication and events management, compliance with anti-money laundering and anti-bribery obligations or any other legal requirements, data analytics operations, implementation of compliance processes).
  4. We will ensure that the Personal Data we collect are relevant, adequate and not excessive in relation to the purpose of the Processing and its eventual use (e.g. insights, marketing, promotions). This means that only necessary and relevant information for the purpose sought can be collected and processed.
  5. When collecting Sensitive Data or Personal Data relating to criminal convictions and offences, proportionality is fundamental. We do not collect Sensitive Data or Personal Data relating to criminal convictions and offences, unless required by applicable law or when allowed by applicable law with the Data Subject’s prior express consent.
  6. Every reasonable step will be taken to ensure that Personal Data are maintained in an appropriately accurate and up-to-date form at every step of Personal Data Processing (i.e. collect, transfer, storage and retrieval).
  7. We encourage the Data Subjects to help us maintaining your Personal Data up to date by exercising your rights, notably of access and rectification.

What Security and confidentiality measures are implemented?

Since employees, contractors, customers, suppliers, consumers and business partners put their trust in Revevol when they provide us with their Personal Data, Revevol ensures the security and confidentiality of the Personal Data it processes.

  1. We protect any Personal Data collected, used, retained and disclosed to support our business activities by following the relevant usage, technical and organizational policies, standards and processes.
  2. Industry standard technical and organizational measures are implemented to prevent against accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access, or any other unlawful or unauthorized forms of Processing.
  3. Where processing is to be carried out on behalf of Revevol, it will select service providers providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of applicable data protection laws and ensure the protection of the rights of the data subject.
  4. Revevol endeavors to take reasonable measures based on Privacy by design and Privacy by default as appropriate to implement necessary safeguards when processing Personal Data. Revevol will thus implement technical and organizational measures, at the earliest stages of the design of the Processing operations, in such a way that safeguards privacy and data protection principles right from the start (‘Privacy by design’). By default, Revevol should ensure that Personal Data is processed with privacy protection (for example only the data necessary should be processed, short storage period, limited accessibility) so that by default Personal Data is not made accessible to an indefinite number of persons (‘Privacy by default’).
  5. When Personal Data Processing is likely to result in a high risk to the rights and freedoms of Data Subjects, we will carry out a privacy impact assessment or “Personal Data impact assessment” prior to its implementation.
  6. No breach is too small for action. We will examine all claims related to any breach to this Global Privacy Policy or applicable data protection laws, potential or actual, that are brought to our attention or that we become aware of and will take all reasonable measures to limit their impact.
  7. Further information on the IT security measures are described in Revevol Information Security Policy.

For how long do we keep your Personal Data?

  1. Any person or entity handling Personal Data for Revevol will keep it only for as long as it is necessary for the purpose for which it has been collected and processed (and other compatible purposes) which may include:
  1. Personal Data is retained and destroyed in a manner consistent with applicable law and in accordance with Revevol Data Retention Policy.

What are your rights as Data Subject?

We are receptive to queries or requests made by Data Subjects in connection with their Personal Data and, where required by law, we provide Data Subjects with the ability to access, correct, restrict and erase their Personal Data as set forth by applicable law. We also allow them to oppose the processing of their personal data, and to exercise their right to portability.

  1. Access right: We will provide access to all Personal Data related to a Data Subject as required by law, to the purposes of the Processing, categories of Personal Data processed, categories of recipients, data retention term, rights to rectify, delete or restrict the Personal Data accessed if applicable, etc.
  2. Right to portability: We may also provide a copy of any Personal Data that We hold in our records in a format compatible and structured to allow the exercise of right to data portability to the extent it is relevant under applicable law.
  3. Right to rectification: Data Subjects can request that We correct, amend, erase, any Personal Data which is incomplete, out of date or inaccurate.
  4. Right to erasure: Data Subjects can request the deletion of their Personal Data (i) if such Personal Data is no longer necessary for the purpose of the data processing, (ii) the Data Subject has withdrawn his/her consent on the Processing based exclusively on such consent, (iii) the Data Subject objected to the Processing, (iv) the Personal Data Processing is unlawful, (v) the Personal Data must be erased to comply with a legal obligation applicable to Revevol. Revevol will take reasonable steps to inform the other entities of the Revevol of such erasure.
  5. Right to restriction: Data Subjects can request the restriction of their Personal Data (i) in the event the accuracy of the Personal Data is contested to allow Revevol to check such accuracy, (ii) if the Data Subject wishes to restrict the Personal Data rather than deleting it despite the fact that the processing is unlawful, (iii) if the Data Subject wishes Revevol group to keep the Personal Data because he/she needs it for his/her defense in the context of legal claims (iv) if the Data Subject has objected to the Processing but Revevol conducts verification to check whether it has legitimate grounds for such Processing which may override the Data Subject’s own rights.
  6. Right to withdraw his/her consent: when the Personal Data Processing is based on Data Subject’s consent, Data Subject may withdraw such consent at any moment, without affecting the lawfulness of Processing based on consent before its withdrawal
  7. Right to object: Data Subject can also indicate his/her objection to the Processing of his/her Personal Data at any time:
  1. Digital legacy. Data Subjects have the right to define (general or specific) directives regarding the usage of their personal data after their death.

To exercise these rights, please use the contact details provided below in Section 10 of this Global Privacy Policy. Data Subject has also the right to lodge a complaint with the competent Personal Data supervisory authority.

When and how do we disclose your Personal Data to third parties?

Personal Data is only disclosed outside Revevol where there is an overarching legal justification to do this.

  1. Disclosure is made on a strictly limited ‘need to know’ basis where there is clear justification for transferring Personal Data - either because the Data Subject has consented to the transfer or because disclosure is required to perform a contract to which the Data Subject is a party, or for a legitimate purpose that does not infringe the Data Subject’s fundamental rights, including the right to privacy (e.g. sharing in the context of a merger and acquisition operation). In each case the Data Subject will be aware that the disclosure is likely to take place. Assurances will also be sought from the recipients that they will only use the Personal Data for legitimate / authorized purposes and keep it secure.
  2. If a particular disclosure is required to meet a legal obligation (for example to a government agency or police force / security service) or in connection with legal proceedings, generally the Personal Data may be provided as long as the disclosure is limited to that which is legally required and, if permitted by law, the Data Subject has been made aware of the situation (i.e. the Data Subject was told of the possibility of such an event in an Informed Consent or is notified at the time of the request for disclosure).

How are international transfers of Personal Data from EU protected?

Personal Data originating from those Revevol entities operating within the EU will not be transferred outside the EEA to a third country which does not ensure an adequate level of protection unless appropriate safeguards are implemented in accordance with applicable laws.

  1. International Personal Data transfer is a very sensitive topic and is taken seriously before transferring any Personal Data from its EEA country of origin to another non-EEA country, whether such transfer is done for technical purposes (e.g. storage, hosting, technical support, maintenance) or the main purposes (e.g. centralization of client’s database management).
  2. We never carry out international transfers of Personal Data from an EEA country to another non-EEA country without ensuring that appropriate transfer mechanisms as required by applicable data protection laws are in place, to ensure adequate protection of the data when transferred (e.g. adequacy decision, signature of EU Commission Model Clauses as appropriate).

How do we handle complaints?

  1. Revevol is committed to resolving the legitimate privacy issues of its staff, clients and other contacts. If a member of staff feels that he/she has done something in breach of this Global Privacy Policy, he/she must contact Revevol Privacy Contact at the following address: legal@talarian.io and report the matter.
  2. Data Subjects are informed that they can complain about privacy issues by writing an email to Revevol Privacy Contact at the address above mentioned and that they may file a complaint with a supervisory authority. In particular, this shall be expressly specified in the privacy notices communicated to and/or accessible by Data Subjects.

Update of this Global Privacy Policy

As our business and the regulatory environment regularly change, this Global Privacy Policy may also change. You are thus invited to consult it on a regular basis.

Q&A

Why is my information needed?

Revevol products are web based; because of this they may require the use of first and last names, billing contact information, and a G Suite account as a login. Therefore, at a minimum, we may require such necessary information in order to establish your account with us.

What information does Revevol gather/track and how is it used?

PERSONAL INFORMATION: We collect personal information from users including (at minimum) first and last names, and a G Suite email address to be used as a login. Your email address may be used to send you periodic product newsletters, offers and usage tips from Revevol. You can opt out of promotional emails at any time, but will still receive communications such as receipts, confirmation emails and customer service updates that are considered necessary to provide the service to you. We use the information collected to deliver services, process payments, update our records, communicate with you about products and services, and generally maintain your accounts with us. We will retain your information for as long as your account is active, as needed to provide you services, to comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to cancel your account or request that we no longer use your information to provide you services contact us at legal@playengo.com.

BUSINESS INFORMATION: Information that is collected by our products is considered confidential. We will not view Business Information except as necessary to appropriately support the service or as required by law. (Business Information includes app data, documents, files, configuration settings and any other business information stored on Revevol products).

SECURITY INFORMATION: Revevol also collects certain standard information about your computer for security and identification purposes. This information may include: IP addresses, domain names, access times, cookies and other unique identifying information of machines that have our software downloaded and installed on them. This information is used for the operation of the service, to identify and protect our customers and to control unauthorized use or abuse of our services. All information is encrypted during transmission and is stored securely within our servers.

With whom does Revevol share the information?

Ensuring your privacy is important to us. We do not sell, trade or rent your personal information to third parties. Any third parties which need to access your information may occasionally do so to perform functions on our behalf. Examples include processing credit card payments, sending postal mail and email, analyzing data and providing marketing assistance. They must process the personal information in accordance with this Privacy Policy and may not use it for any other purpose. 4. Who can I ask if I have additional questions? For additional inquiries about the privacy of your information, you can contact our Customer Support team via email at legal@playengo.com.