A Guide to RevOps for Salesforce Admins Get the Guide >>


Purpose of this statement

Avora Holdings Ltd, d/b/a Revenue Grid (“Revenue Grid” / “we,” / “us,” / “our,”) hereby confirms its compliance with the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation/GDPR), which came into force on May 25, 2018.

The General Data Protection Regulation is designed to give individuals in the EU/EEA more control over their personal information (“personal information”) and to unify various existing privacy and security laws under one comprehensive law.

We hereby confirm that privacy protection is very important to us nowadays and remains one of the high-priority goals we are striving to achieve. We endeavor to integrate privacy protection considerations into everything we do. Therefore, Revenue Grid applies essential privacy and security guidelines and practices to safeguard all personal information that passes through our services. We have developed and implemented various security organizational and technical measures to ensure our compliance with the GDPR. Simultaneously, we have prepared internal policies and procedures aimed at structuring and maintaining a privacy program, which is a core element of our privacy and data protection strategy. We have dedicated significant and strategic resources to these efforts.

Revenue Grid Initiatives

Taking into account state-of-the-art and the most modern privacy protection approaches, Revenue Grid implements and maintains various initiatives aimed at achieving GDPR compliance. These initiatives apply to both Revenue Grid and our customers.

  • Our Services are designed considering the privacy-by-design and privacy-by-default concepts to achieve the best level of compliance with the applicable data protection laws, including GDPR.
  • We are an ISO27001 and ISO27701 certified company and strive to maintain the level of conformity to the certificate requirements on an ongoing basis. These standards mirror many of the security and privacy requirements of GDPR and help us build a transparent framework to measure our software development and data management practices.
  • We implement supplementary security and privacy measures required by the GDPR and guidelines issued by the competent official authorities.
  • We use secure data transfer mechanisms stipulated by GDPR when transferring data outside the EEA to ensure proper privacy protection, including the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and Standard Contractual Clauses approved by the  European Commission.
  • We exploit prompt notification mechanisms and methods of communication of personal information breaches to the competent data protection authorities, our customers, and affected individuals.
  • We ensure that all our personnel authorized to access and process personal information have been trained in secure data handling and are bound to maintain the confidentiality and privacy of the personal information.
  • While involving other service providers in personal information handling, we perform due diligence on each service provider to ensure it adheres to the same data security management and privacy protection practices and standards to which Revenue Grid is subject.
  • We use modern mechanisms and tools to carry out privacy impact assessments and data protection impact assessments to identify risks and alleged influences on the personal information we access or process.

Where does Revenue Grid process personal information?

We operate our services using industry-standard operational practices through a framework distributed across multiple jurisdictions. Currently, Revenue Grid’s data transfer and computing resources are hosted within the secure Microsoft Azure Architecture established in data centers located in the EU and the USA.

Wherever personal information is hosted, Revenue Grid personnel may access such data from countries within the EU/EEA, the United States of America, and Ukraine for technical and customer support-related reasons. In these instances, the personal information is not transferred, as Revenue Grid personnel are part of our company.


We seriously adhere to the requirements concerning the appointment of the representative Maetzler Rechtsanwalts GmbH & Co KG together with its subsidiary SMAARC GmbH (“Prighter”) in the EU stipulated by GDPR. Following the requirements of GDPR Art 27, we have appointed a representative and a point of contact in Austria. More details on the representative can be found in the Privacy Policy on the Revenue Grid website.

External and internal application security testing

To ensure that Revenue Grid complies with GDPR requirements, we engage independent third parties to audit our practices and procedures according to the world’s most sought-after information security and privacy management standards. These reviews occur regularly and are conducted by globally respected audit and security firms that are independent and thorough in their evaluations. We take their reports and feedback very seriously and have established processes to address any issues related to personal information protection.

Our security team performs automated and manual application security testing and network vulnerability testing on an ongoing basis to identify and fix potential information security vulnerabilities and bugs in our desktop, web, and mobile applications involved in service provision. At the same time, the privacy team maintains the privacy program to protect privacy and ensure compliance with GDPR at the appropriate level.

Revenue Grid is committed to collecting and integrating feedback from different internal teams, customers, and internal and third-party auditors and to improving our security, privacy, and compliance processes and controls.

For our customers

Revenue Grid is fully committed to customers’ success with our Services and maximum protection of customer data. Our mission is to provide our customers with secure, fast, and reliable Services. Our customers can completely count on our dedication to GDPR compliance.

We are aware that some of our customers have requirements under GDPR that are directly impacted by their use of our products and services, and we are committed to helping our customers fulfill all their requirements under GDPR and other applicable data protection laws.

Revenue Grid takes the following steps to ensure its loyalty to our customers:

  • When accessing and/or processing personal information provided by you, we commit to protecting privacy and data protection;
  • Our customer-focused approach ensures that data security and privacy remain top priorities;
  • We strive to adhere to widely accepted security and privacy standards to provide customers with peace of mind. More information on the security and privacy measures can be found in the Revenue Grid Trust Center;
  • We maintain transparency with our policies to help you understand how we manage your personal information. Additionally, where required, we enter into data processing agreements to provide more details on privacy protection;
  • We assist our customers to the extent possible and as required by GDPR to ensure their compliance with its regulations.

Privacy Policy and ongoing improvement of privacy protection

Our publicly available Privacy Policy provides more information on how we collect and process individuals’ personal information under GDPR and outlines our general approach to privacy protection. The Privacy Policy specifically includes, but not limited to, the following information:

  • Contact details of the company, its representative, and the designated Data Protection Officer;
  • Categories of personal information we collect and for what purposes we process it;
  • Lawful basis for collecting personal information;
  • Categories of recipients of personal information we collect;
  • How we store and safeguard the personal information we collect;
  • How we transfer personal information to third countries;
  • How to access and control personal information we collected, and how to use individuals’ rights ensured by GDPR;
  • Other important information on privacy protection to be provided to individuals under GDPR.

If you have any questions on how we use your personal information or how to use the rights granted to you under GDPR, feel free to contact us.

Avora Holdings LTD.

13110 NE 177th Place, Suite 135
Woodinville, WA 98072

E-Mail: [email protected]