REVVABLE, INC. PRIVACY AND COOKIE POLICY

Introduction‍

This privacy and cookie policy (“Policy”) describes how Revvable, Inc. (“Revvable”, “we,” and “our”) collects, uses and shares personal data when using Revvable’s website, applications and plug-ins (collectively, the “Apps”) and the services provided in connection therewith (together with the Apps, the “Services”). Please read the following information carefully to understand our views and practices regarding your personal data and how we will treat it. ‍

Particularly Important Information

Who we are: For the purpose of applicable data protection legislation, the data controller of your personal data is Revvable, Inc. of San Francisco, California. 

Changes to this Policy: We will post any modifications or changes to the Policy on our Apps. We reserve the right to modify the Policy at any time, so we encourage you to review it frequently. The “Last Updated” legend above indicates when this Policy was last changed. If we make any material change(s) to the Policy, we will notify you via email and/or post a notice on our Apps prior to such changes(s) taking effect.

1. COLLECTING YOUR PERSONAL DATA

We collect information about you in the following ways:

Sources.  We collect personal data from the following sources:

• Website visitors
• Individuals purchasing our products or service offerings (“Consumers”)
• Merchants or businesses using our Services to purchase our products or service offerings (“Merchants”)

‍Types of Information. We collect the following types of information:

• Contact data, such as your first and last name, email and mailing address, and phone number;
• Login data, such as your username and password when you create an account on the Services;
• Transaction data, including information about products and service offerings you’ve purchased or expressed interest in;
• Communications that we exchange when you contact us with questions or correspondence with us by email or otherwise, including when you provide feedback, report a problem with our Services or when we provide you with customer support; and
• Marketing data, such as your marketing preferences, and information about your responses to our marketing communications.

Information Automatically Collected. We, our service providers and third party partners may automatically log information about you, your computer or mobile device, and your activity over time on our Apps and other online services, such as:

• Device data, such as your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our Apps, and general location information such as city, state or geographic area.
• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, and access times and information about your use of and actions on our Apps.

Some of our automatic data collection is facilitated by cookies and similar technologies.  Please see Section 2 for more information.

2. COOKIES AND OTHER TRACKING TECHNOLOGIES

What are cookies?

We may collect information using “cookies.” Cookies are small data files placed on your computer when you visit a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Apps.

In addition to cookies, our Apps and emails may use pixel tags (also known as web beacons and clear GIFs) to compile statistics about use of the Services, measure the success of our marketing campaigns, and indicate whether recipients of our emails open or click links within them.

‍Cookies we use

Our Apps use the following types of cookies for the purposes set out below:

‍Type of cookies & purpose

‍Essential Cookies:‍

These cookies are necessary to allow the technical operation of our Apps (e.g., they enable you to move around on a website and to use its features).

‍Functionality Cookies:

These cookies enhance the performance and functionality of our Apps.

‍Analytics Cookies:

These cookies help us understand how our Apps are performing and being used.  These cookies may work with web beacons included in emails we send to track which emails recipients open and which links recipients click. We use Google Analytics for this purpose. Google Analytics uses its own cookies. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies and about how Google protects your data here: www.google.com/analytics/learn/privacy.html. You can prevent the use of Google Analytics relating to your use of our Apps by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB

Advertising Cookies:

These cookies are used by advertising companies to collect information about how you use our Apps and other websites over time.  These companies use this information to show you ads they believe will be relevant to you within our Apps and elsewhere, and to measure how the ads perform.  

Disabling cookies

You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility).  Many browsers are set to accept cookies until you change your settings.  

Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com/uk, or our Online Tracking Opt-out Guide.

If you do not accept our cookies, you may experience some inconvenience in your use of our Apps. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Apps.

3. DO NOT TRACK SIGNALS

Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

4. USING YOUR PERSONAL DATA

We may use your personal data as follows:

Operations:

• to operate and maintain, and improve our Apps/Services, products, and services;
• if you are a Consumer, to provide you with the products and service offerings you have purchased or the information you requested prior to purchase our products or service offerings, and to send you replacement and/or repairs items as applicable;
• if you are a Merchant, to send you invoices;
• to respond to your comments and questions and to provide customer service; and
• to send information including technical notices, updates, security alerts, and support and administrative messages.

Legal compliance:

• As we believe necessary or appropriate (a) to comply with applicable laws; and (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities.

Compliance, fraud prevention and safety:

• As we believe necessary or appropriate (a) to enforce the terms and conditions that govern our Services; (b) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity; and (c) to protect our rights, privacy, safety or property, and/or that of you or others.

Consent:

• In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

5. SHARING YOUR PERSONAL DATA

We may share your personal data as follows:

• Our Third Party Service Providers. We may share your personal data with our third party service providers who provide services such as data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services.
• Advertising Partners.  Our third party advertising partners may collect information about your activity on our Apps and other online services to help us advertise our Services.
• Affiliates. We may share personal data with our affiliates, in which case we will require our affiliates to comply with this Policy.
• Corporate Restructuring. We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
• Legal Compliance. We may share personal data as we believe necessary or appropriate: (a) to comply with applicable laws; and (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements.
• Compliance, Fraud Prevention and Safety. We may disclose personal data to law enforcement, government authorities, and private parties as we believe necessary or appropriate (a) to enforce the terms and conditions governing our Services; (b) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity; and (c) to protect our rights, privacy, safety or property, and/or that of you or others.

6. USER GENERATED CONTENT

We may make available on our Apps or through our Service, or link to, features that allow you to generate your own content or share information online (e.g., on our blog). Please do not embed personal information in the content you generate or share personal information online in public forums, because any such information can be collected and used by others. We have no control over, and take no responsibility for, the use, storage, dissemination or erasure of personal information embedded in user-generated content or shared on the Sites. By posting personal information online in public, you may receive unsolicited messages from other parties. If you provide feedback to us, in a public forum or otherwise, we may use and disclose such feedback on our Apps/Services and/or feature it in case studies and white papers we create, provided we do not publicly associate such feedback with your personal data. If you have provided your consent to do so, we may post your first and last name along with your feedback on our Apps/Services.

7. INTERNATIONAL DATA TRANSFER

Your information, including personal data that we collect from you, may be transferred to, stored at and processed by us or our service providers outside the country in which you reside, including, but not limited to the United States, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. We will take steps designed to ensure that your data is treated securely and in accordance with this Policy. 

8. EU-U.S. PRIVACY SHIELD AND SWISS-U.S. PRIVACY SHIELD

Revvable complies with the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  Revvable (as Revvable Company) has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Revvable may transfer your personal information to third parties as described in this Privacy Policy.  Revvable maintains contracts with its third-party service providers restricting their access, use and disclosure of personal information in compliance with our Privacy Shield obligations.  Revvable may be liable if these third parties fail to meet those obligations and we are responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, Revvable commits to resolve complaints about our collection or use of your personal information.  European individuals with inquiries or complaints regarding our Policy should first contact Revvable at support@revvable.com. Revvable has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States.  If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint.  The services of JAMS are provided at no cost to you.  If neither Revvable nor JAMS resolves your complaint, you may have the ability to engage in binding arbitration through the Privacy Shield Panel.  Additional information on the arbitration process is available on the Privacy Shield website at www.privacyshield.gov.

Revvable may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  The Federal Trade Commission has jurisdiction over Revvable’s compliance with the Privacy Shield. Revvable’s commitments under the Privacy Shield Principles are subject to the investigatory and enforcement powers of the Federal Trade Commission.

9. SECURITY‍

We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us using the details in Section 15 below.

10. RETENTION

We will only retain your personal data as long as reasonably required for you to use the Apps and/or to provide you with the Services unless a longer retention period is required or permitted by law (for example for regulatory purposes).

11. SENSITIVE PERSONAL DATA

We do not collect sensitive personal data as that term is defined by the GDPR (with respect to European users) or other applicable law.

12. JOB APPLICANTS

When you visit the careers portion of our website, we collect the information that you provide to us in connection with your job application. This includes business and personal contact information, professional credentials and skills, educational and work history, and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We use this information to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics, and as otherwise necessary in connection with legal disclosures.

13. YOUR RIGHTS

Depending on the jurisdiction in which you are located, you may have the following rights with respect to your personal data:

• Opt-out. You may contact us anytime to request to opt-out of: (i) direct marketing communications; (ii) automated decision-making and/or profiling; (iii) our collection of sensitive personal data; (iv) any new processing of your personal data that we may carry out beyond the original purpose; or (v) the transfer of your personal data outside the EEA, in each case where we requested your consent prior to such processing. Please note that your use of some of the Apps/Services may be ineffective upon opt-out. Note that at this time, we do not engage in any automated decision-making or profiling, or collect any sensitive personal data.
• Access. You may request to access the information we hold about you.
• Amend. You can also request to update or correct any inaccuracies in your personal data.
• Move. Your personal data is portable – i.e. you may request to move your data to other service providers.
• Erase and forget. In certain situations, for example when the information we hold about you is no longer relevant or is incorrect, you can request that we erase your data.

If you wish to submit a request to exercise any of these rights, please contact us using the details in Section 17 below. In your request, please make clear: (i) what personal data is concerned; and (ii) which of the above rights you would like to enforce.  Applicable law may require or permit us to decline your request.  For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and except as otherwise permitted by law, within one month of your request. Please note that we may need to retain certain information for regulatory or record keeping purposes, to complete any transactions that you began prior to requesting such change or deletion, or to continue to provide our Services. Applicable law may also require or permit us to decline your request.

14. COMPLAINTS

We are committed to resolve any complaints about our collection or use of your personal data. If you would like to make a complaint regarding this Policy or our practices in relation to your personal data, please contact us using the details in Section 15 below. We will reply to your complaint as soon as we can and in any event, within 45 days. We hope to resolve any complaint brought to our attention, however, if you are located in Europe and you feel that your complaint has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority. You can find your data protection regulator here.  

15. LEGAL BASES FOR PROCESSING

Please note that this section applies only to individuals located in Europe.

We have listed in the table below our legal bases for processing the personal data described in this Policy.

Legal basis:

Details regarding each processing purpose listed below are provided in the section above titled “Using Your Personal Data”.

Operations

Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for or otherwise engaging with the Services.  

In other cases, these activities constitute our legitimate interests.  

Marketing, Research and development, Compliance, fraud prevention and safety

These activities constitute our legitimate interests.  We do not use your personal information for these activities where the impact on you would override our interests (unless we have your consent or are otherwise required or permitted to by law).

Legal compliance

Processing is necessary to comply with our legal obligations.

Consent

Processing is based on your consent.  Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service.

16. CONTACT INFORMATION

We welcome your comments or questions about this Policy. You may contact us in writing at [_____________].

17. NOTICE TO CALIFORNIA RESIDENTS

We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide to California residents an explanation of how we collect, use and share their personal Information, and of the rights and choices we offer California residents regarding our handling of their personal information.

Under the CCPA, this Notice to California Residents and the privacy practices and rights it describes do not apply to the information we collect, use or disclose about our business contacts, including Merchants (and representatives of Merchants).

Privacy Practices. We do not sell personal information.  As we explain in our Policy:

• We use cookies and other tracking technologies to analyze website traffic and facilitate advertising. If you would like to learn how you may opt out of our (and our third party advertising partners’) use of cookies and other tracking technologies, please review the instructions provided in the Online Tracking Opt-out Guide.  
• Through our Services – for example, by purchasing products from one of our Merchants or by submitting a claim for repair or replacement – you direct us to disclose your information to the companies that provide the services you request, such as third party administrators.

Here is a description of our relevant privacy practices:

Please note that we may also disclose personal information to our affiliates and third party service providers, in connection with corporate restructuring, to comply with law, or for compliance, fraud prevention and safety purposes, as further described in Section 5 of our Policy.

Privacy Rights. Except as excluded above, the CCPA grants California residents the following rights:

• Information. You can request information about how we have collected, used and shared your personal information during the past 12 months. We have made this information available to California residents without having to request it by including it in this Policy, in the chart above.

• Access. You can request a copy of the personal information that we maintain about you.
• Deletion. You can ask us to delete the personal information that we collected or maintain about you.

Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request.  If we deny your request, we will communicate our decision to you.  

You are entitled to exercise the rights described above free from discrimination.

How to Submit a Request.  To request access to or deletion of personal information, email support@revvable.com with the subject "CCPA Request for Deletion of Personal Information".

Identity verification. The CCPA requires us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request.  

Authorized agents.  California residents can empower an “authorized agent” to submit requests on their behalf.  We will require the authorized agent to have a written authorization confirming that authority.

Online Tracking Opt-Out Guide

Like many companies online, we use services provided by Google, Facebook and other companies that use tracking technology. These services rely on tracking technologies – such as cookies and web beacons – to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:

• Blocking cookies in your browser.  Most browsers let you remove or reject cookies, including cookies used for interest-based advertising.  To do this, follow the instructions in your browser settings.  Many browsers accept cookies by default until you change your settings.  For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.  
• Blocking advertising ID use in your mobile settings.  Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
• Using privacy plug-ins or browsers.  You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
• Platform opt-outs.  The following advertising partners offer opt-out features that let you opt-out of use of your information for interest-based advertising:

• Google: https://adssettings.google.com
• ‍Facebook: https://www.facebook.com/about/ads
• LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

• Advertising industry opt-out tools.  You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:

• Digital Advertising Alliance:  http://optout.aboutads.info
• Network Advertising Initiative: http://optout.networkadvertising.org/?c=1

Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.

Glossary

Biometric Information

An individual’s physiological, biological or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.

Commercial Information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Education Information

Personal information from an educational record, which could include: a student’s name, the names of the student’s parent or other family members, the address of a student or student’s family, a student’s personal identifier (e.g., SSN, student number), other indirect identifiers of the student (e.g., date of birth, place of birth, mother’s maiden name), other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty, or information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.

Financial Information

Bank account number, debit or credit card numbers, insurance policy number, and other financial information.

Geolocation Data

Precise location, e.g., derived from GPS coordinates or telemetry data

Identifiers

Real name, alias, postal address, unique personal identifier, customer number, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

Inferences

The derivation of information, data, assumptions, or conclusions from any other category of Personal Information to create a profile about a person reflecting the person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

Internet or Network Information

Browsing history, search history, and information regarding a person’s interaction with an Internet website, application, or advertisement.

Medical Information

Personal information about an individual’s health or healthcare, including health insurance information.  Does not include (a) medical information governed by California’s Confidentiality of Medical Information Act, (b) protected health information that is collected by a covered entity or business associate governed by the Health Insurance Portability and Accountability Act of 1996 or (c) information collected as part of certain clinical trials.

Online Identifiers

An online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a person or a device to a degree of certainty of more probable than not) that can be used to identify a particular person or device.

Physical Description

An individual’s physical characteristics or description (e.g., hair color, eye color, height, weight).

Professional or Employment Information

This term is not defined in the CCPA, but likely includes any information relating to a person's current, past or prospective employment or professional experience (e.g., job history, performance evaluations).

Protected Classification Characteristics

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Sensory Information

Audio, electronic, visual, thermal, olfactory, or similar information.

GOOGLE AND GMAIL

This section of Privacy Policy explains how we collect, use, and disclose data obtained from Google Gmail through the use of an Application Programming Interface (API).

Disclosure

Revvable’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

1. Information We Collect

When you use our services, we may collect the following types of data from your Gmail account through the API:

• Email content, including subject lines, message body, and attachments.
• Email metadata, such as sender and recipient information, timestamps, and message identifiers.
• Contact information associated with your email account.

2. How We Use Your Gmail Data

We use the Gmail data collected via the API for the following purposes:

Email Syncing: We use the data to sync your email account with our service, allowing you to access and manage your emails through our platform.

Email Analysis: We may analyze email content and metadata to provide features and functionalities within our service, such as categorizing emails, organizing your inbox, and generating insights.

Customized Services: We may use your Gmail data to personalize your experience on our platform, such as offering relevant recommendations and content.

Customer Support: We may access your Gmail data to provide customer support and address any issues or inquiries related to our service.

3. Data Security

We implement appropriate technical and organizational measures to protect your Gmail data from unauthorized access, disclosure, alteration, or destruction. We follow industry best practices to safeguard your information.

4. Data Retention

We will retain your Gmail data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

5. Disclosure of Gmail Data

We do not sell, trade, or rent your Gmail data to third parties. However, we may share your Gmail data with third-party service providers who assist us in delivering our services. These providers are contractually obligated to protect your data and only use it for the purposes specified in this Privacy Policy.

6. Your Rights

You have the right to:

• Request removal of your Gmail data from our systems
• Withdraw your consent to the use of your Gmail data, where applicable.

To exercise these rights or for any inquiries regarding your Gmail data, please contact us at support@revvable.com.

‍