Last update: 27 April 2021
We access the data you provide us with which is strictly necessary in order to make the application function properly. We carefully evaluate and define the purposes of any personal data processing before launching a project. We will ensure that the personal data we collect are relevant, adequate and not excessive in relation to the purpose of the processing and its eventual use (e.g. insights, marketing, promotions). This means that only necessary and relevant information for the purpose sought can be collected and processed. How do we use your data? We will only use Personal Data on the basis of a legal ground: If necessary to perform a contract with the Data Subject (e.g. our employees, contractors, clients, suppliers); or If required to comply with a legal obligation (e.g. when we need to satisfy our obligations as employer); or Where we have a legitimate business need or a legitimate business reason to use Personal Data as part of our business activities (e.g. when carrying out a processing to better know our clients and send them promotional offers) ; or Where we have obtained the Data Subject’s Informed Consent when it is specifically required by law or by applicable policy. This may notably be the case where none of the other legal grounds described above is applicable and to the extent permitted under applicable law.
Our application stores your data in Google Sheets. We store only the data that is absolutely necessary for our application to function in its entirety. Deleting some of this data will interrupt our application functionality. However, if you do not want us to store your data, you can send us your request to firstname.lastname@example.org and we will permanently delete it from our database.
will never transfer, sell, make copies, or share any of your data stored by the application to third party services or companies unless strictly necessary to enable the application to function properly. Accordingly, personal data will be disclosed to third parties on a strictly limited 'need to know' basis where there is clear justification for transferring Personal Data - either because the Data Subject has consented to the transfer or because disclosure is required to perform a contract to which the Data Subject is a party, or for a legitimate purpose that does not infringe the Data Subject's fundamental rights, including the right to privacy (e.g. sharing in the context of a merger and acquisition operation).
Revevol shall mean the relevant Revevol entity processing the Personal Data and the various Revevol affiliates which are part of the Revevol Group. Third Party shall mean a third party or business Partner who receives from Revevol or who is granted access to or is otherwise entrusted with Personal Data on behalf of Revevol, for example suppliers, contractors, sub-contractors and other service providers. Data Subject shall mean an identified or identifiable natural person whose Personal Data is being processed by Revevol. Informed Consent shall mean any freely given specific and informed indication of the Data Subject’s agreement to the processing of his/her Personal Data, when required. Personal Data shall mean any information enabling to identify a natural person, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity. Data is considered Personal Data when it enables anyone to link said data to a natural person, even if the person or entity holding that information cannot make that link. Sensitive Data (or Special Category of Data) shall include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. Personal Data relating to criminal convictions and offences are a subset of Personal Data, which due to their nature have been classified by law or by an applicable policy as deserving additional privacy and security protections. Process / Processing shall mean any operation or set of operations that is performed upon Personal Data, whether or not by automated means, including but not limited to, collection, recording, organization, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deleting, erasure, or destruction, either by Revevol’s software application(s), whether by Revevol or by Third Parties who perform services for or on behalf of Revevol, when applicable (Application Data) or through other means, such as Revevol’s websites (“Process” shall be interpreted accordingly).
Personal Data is processed on the basis of legal grounds with the informed knowledge of the Data Subjects. We will only use Personal Data on the basis of a legal ground: If necessary to perform a contract (e.g. with our employees, contractors, clients, suppliers); in particular, we will use Application Data only for the purpose of providing online services as provided in such contract; or If required to comply with a legal obligation (e.g. when we need to satisfy our obligations as employer); or Where we have a legitimate business need or a legitimate business reason to use Personal Data as part of our business activities (e.g. when carrying out a processing to better know our clients and send them promotional offers), except that this shall not apply to Application Data; or Where we have obtained the Data Subject’s Informed Consent when it is specifically required by law or by applicable policy. This may notably be the case where none of the other legal grounds described above is applicable and to the extent permitted under applicable law. We consider that it is important to assess the privacy risks before we collect, use, retain or disclose Personal Data, such as in a new system or as part of a new project. Revevol will only Process Personal Data in the way described in its specific privacy notices or privacy policies and in accordance with any Informed Consent we may have obtained from the Data Subject. Revevol will not carry out profiling activities based on automated decision making, unless legally grounded on a requirement of applicable law or the performance of a contract or the Data Subject's consent and provided that suitable safeguards are implemented to protect the Data Subjects rights. Where legally required, we will ensure that Data Subjects are provided with relevant information concerning the processing of their Personal Data, unless there is an impossibility to provide such information or if it requires disproportionate efforts to provide such information. Such information will notably include the purposes of the Personal Data processing, the types of Personal Data collected (if the Personal Data have not been obtained directly from the data subject), the categories of recipients, the list of rights which may be exercised by the Data Subjects, the consequences of a failure to reply or provide Personal Data, the conditions of the transfer of Personal Data outside the European Economic Area (“EEA”), if any, and the mechanism used to protect the Personal Data in the event of a transfer, etc. This requirement may be satisfied by issuing a privacy notice to Data Subjects at the point where Personal Data are originally collected from them. Privacy notices shall be written in language which provides Data Subjects with a clear understanding as to how their Personal Data will be used.
Personal Data will only be collected and processed for specified, explicit and legitimate purposes (which could be multiple), complying with the Personal Data minimization principle and ensuring the accuracy of the Personal Data processed. Personal Data will not be further processed in a manner that is incompatible with those purposes. We carefully evaluate and define the purposes of any Personal Data Processing before launching a project (e.g. management of HR data, management of recruitment data, payroll purpose, accounting and financial management, allocation of IT tools and any other digital solutions or collaborative platforms, IT support management, health and safety management, information security management, client relationship management, bids, sales and marketing management, supply management, internal and external communication and events management, compliance with anti-money laundering and anti-bribery obligations or any other legal requirements, data analytics operations, implementation of compliance processes). We will ensure that the Personal Data we collect are relevant, adequate and not excessive in relation to the purpose of the Processing and its eventual use (e.g. insights, marketing, promotions). This means that only necessary and relevant information for the purpose sought can be collected and processed. When collecting Sensitive Data or Personal Data relating to criminal convictions and offences, proportionality is fundamental. We do not collect Sensitive Data or Personal Data relating to criminal convictions and offences, unless required by applicable law or when allowed by applicable law with the Data Subject's prior express consent. Every reasonable step will be taken to ensure that Personal Data are maintained in an appropriately accurate and up-to-date form at every step of Personal Data Processing (i.e. collect, transfer, storage and retrieval). We encourage the Data Subjects to help us maintaining your Personal Data up to date by exercising your rights, notably of access and rectification.
Any person or entity handling Personal Data for Revevol will keep it only for as long as it is necessary for the purpose for which it has been collected and processed (and other compatible purposes) which may include: To meet or support Revevol business activity; or To comply with a legal or regulatory requirement and comply with applicable statute of limitation requirements; To defend against legal or contractual actions (in which case, the Personal Data may be retained until the end of the corresponding statute of limitation or in accordance with any applicable litigation hold policies). Personal Data is retained and destroyed in a manner consistent with applicable law and in accordance with Revevol Data Retention Policy.
Personal Data is only disclosed outside Revevol where there is an overarching legal justification to do this. Disclosure is made on a strictly limited 'need to know' basis where there is clear justification for transferring Personal Data - either because the Data Subject has consented to the transfer or because disclosure is required to perform or reach an agreement , or for a legitimate purpose that does not infringe the Data Subject's fundamental rights, including the right to privacy (e.g. sharing in the context of a merger and acquisition operation). In each case the Data Subject will be aware that the disclosure is likely to take place. Assurances will also be sought from the recipients that they will only use the Personal Data for legitimate / authorized purposes and keep it secure. If necessary and relevant, Personal data can be disclosed: To Revevol affiliates which are part of the Revevol Group for purposes described in the Policy; To Revevol’s authorised employees, representatives, agents and intermediaries for purposes described in the Policy; To partners, agencies and service providers, including IT service providers for technical reasons, who assist Revevol in providing its products/services. Revevol’s main providers, where applicable, are: Google Inc., notably for data hosting and prospects sales cycle management process; SalesForce, for the automation of marketing services; Hubspot, for marketing, sales, and customer service management; Zendesk, for customer service and sales CRM; Salesloft, for sales engagement management; Revevol may also disclose Personal Data to the extent required by law and/or competent authorities. If a particular disclosure is required to meet a legal obligation (for example to a government agency or police force / security service) or in connection with legal proceedings, generally the Personal Data may be provided as long as the disclosure is limited to that which is legally required and, if permitted by law, the Data Subject has been made aware of the situation (i.e. the Data Subject was told of the possibility of such an event in an Informed Consent or is notified at the time of the request for disclosure).
Personal Data originating from those Revevol entities operating within the EU will not be transferred outside the EEA to a third country which does not ensure an adequate level of protection unless appropriate safeguards are implemented in accordance with applicable laws. International Personal Data transfer is a very sensitive topic and is taken seriously before transferring any Personal Data from its EEA country of origin to another non-EEA country, whether such transfer is done for technical purposes (e.g. storage, hosting, technical support, maintenance) or the main purposes (e.g. centralization of client’s database management). We never carry out international transfers of Personal Data from an EEA country to another non-EEA country without ensuring that appropriate transfer mechanisms as required by applicable data protection laws are in place, to ensure adequate protection of the data when transferred (e.g. adequacy decision, privacy shield certification if the transfer is made to the USA, signature of EU Commission Model Clauses as appropriate).