LAST UPDATED: Nov 13, 2023
This privacy policy (“Policy”) describes how Revenue Grid collects and processes Personal Information (as defined below) about you and the privacy rights you have.
Where applicable, this Policy shall be considered a “privacy notice” or “privacy statement” in the context of requirements of the applicable Data Protection Laws (as defined below), containing all the information Revenue Grid must provide you with under the applicable Data Protection Laws before the Personal Information processing.
DEFINITIONS
Any references to the capitalized definitions in this Policy shall have the following meaning:
“Services” / “Revenue Grid Services” means Revenue Grid’s products, services, apps, and software.
“Revenue Grid,” “we,” us” means Avora Holdings Ltd, d/b/a Revenue Grid, a Delaware corporation, with a registered office address at 3511 Silverside Road, Suite 105, Wilmington, DE 19810, USA.
“Data Protection Laws” mean data protection legislation, including the General Data Protection Regulation (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”), the California Privacy Rights Act (CPRA), PIPEDA, and any other legislation applicable to the processing of Personal Information or the provision of Services by Revenue Grid.
“Website” means the Revenue Grid’s site available at the following link: https://revenuegrid.com/ and any other Revenue Grid sites available to you.
“Customer” means an individual or legal entity that intends to use or use our Services.
“Permitted User” means an individual who uses the Services on behalf of a Customer.
“Controller” means an entity that determines the purposes and means of the Personal Information processing.
“Processor” means an entity that processes Personal Information on behalf of the Controller.
“you” means a natural person who may act as a Prospect, Customer, or Permitted User.
“Prospect” means a natural person who visits/browses the Revenue Grid’s Website or otherwise interacts with Revenue Grid. When the Prospect begins using the Services he will be treated as the Customer.
“Subprocessors” meansthird-party service providers engaged by Revenue Grid, which may process Personal Information on behalf of Revenue Grid in connection with the provision of Services.
“Personal Information” means any information that relates to an identified or identifiable natural person, such as but not limited to names, addresses, email addresses, phone numbers, or other identifiers.
1. INTRODUCTION TO PRIVACY
Revenue Grid always respects your privacy and your privacy rights. Therefore, we hereby declare that Revenue Grid is committed to protecting your privacy and handling your Personal Information openly and transparently in accordance with the applicable Data Protection Laws, implementing relevant security measures to ensure the highest level of privacy and Personal Information protection.
When you use Revenue Grid Services and/or browse the Website or otherwise interact with Revenue Grid as described below, we may collect and process your Personal Information. Services are not designed for personal or household use and are intended for business use only. When the Prospect is browsing the Website or otherwise interacting with Revenue Grid, we always treat the Prospect as a natural person acting on behalf of a business. By starting to browse the Website or use the Services, you acknowledge that you have acquainted yourself with and accepted this Privacy Policy and consented to the terms specifying the collection, use, sharing, or processing of your Personal Information by Revenue Grid as described in this Policy.
2. ROLE OF PROCESSOR AND CONTROLLER
2.1. Revenue Grid as Controller
When Revenue Grid collects and processes Personal Information on its own behalf and sets the purposes for Personal Information processing, Revenue Grid is deemed a Controller concerning the Personal Information. When acting as a Controller, Revenue Grid is responsible for the privacy and Personal Information protection measures imposed on it as a Controller by the applicable Data Protection Laws.
2.2. Revenue Grid as Processor
When Revenue Grid collects and processes Personal Information on behalf of the Customers, Revenue Grid is deemed a Processor, and the Customer is a Controller.
When acting as a Processor, Revenue Grid is responsible for the privacy and Personal Information protection measures imposed by the applicable Data Protection Laws and/or the data processing agreement between the Customer and Revenue Grid. Furthermore, privacy protection measures implemented by the Customer may vary from those specified in this Policy.
While acting on behalf of the Customer, Revenue Grid processes the Personal Information of Permitted Users solely based on the Customer’s instructions and for the purposes defined by the Customer. The Customer ensures that all the Personal Information of Permitted Users transferred to Revenue Grid or Revenue Grid gets access to was lawfully collected and transferred by the Customer under the applicable Data Protection Laws. Even if we ask you to share some additional information with us, it should be deemed to be asked on behalf and in the Customer’s interest. Revenue Grid and the Customers may agree on additional interaction conditions in the data processing agreement.
3. PERSONAL INFORMATION WE COLLECT
3.1. When acting as Controller
Personal Information the Prospect shares with Revenue Grid or Revenue Grid collects from the Prospect may include your identification information, contact details, and other data that may help us to identify you as may be required for the purposes described in this Policy and ensure that you can interact with the Website or the Services properly.
We may cooperate with third parties that help us in conducting business activities, including but not limited to developing and enhancing the Services. Revenue Grid may collect Personal Information from such third parties, or third parties may share Personal Information with us. When Revenue Grid receives Personal Information from third parties, we always ask such third parties to provide guarantees ensuring that the Personal Information they share was lawfully collected and transferred to Revenue Grid. Please note that the privacy documents of the third parties sharing the Personal Information with Revenue Grid govern the use of the Personal Information by such third parties and its transfer to Revenue Grid.
We collect Personal Information, including data collected automatically, based on the Revenue Grid’s legitimate interests that do not override your interests or fundamental rights and freedoms, or the collection of Personal Information is necessary to perform a services contract or take steps before entering into a services contract.
Revenue Grid may collect the following Personal Information:
Information collected directly from you | |
Categories of Personal Information | Conditions for the collection |
|
When you use or interact with the Website, submit a Services demo request, or ask us to provide you with a Services free trial, communicate with us through the Website online contact form or chat form, or other channels authorized by Revenue Grid and available to you. |
When you decide to purchase our Services and/or enter into a service contract with Revenue Grid. | |
When you visit offline events in which Revenue Grid is in the status of a participant, we may ask you to share your Personal Information with us for further business interaction. | |
|
When you submit Services use or any other feedback, request, or complaint, download marketing materials, participate in surveys or promotions, engage with interactive features, or email us. |
|
When you share any information, including Personal Information, with Revenue Grid through the Website. |
|
You will be asked to provide additional data if you are identified as a technical contact, open a support ticket, speak to one of our representatives directly, or engage with our support and Client Service Management teams. |
Information collected from other sources | |
Categories of Personal Information | Conditions for the collection |
|
You have previously made your Personal Information publicly available online and do not mind third parties accessing it (e.g., social media sites). |
Revenue Grid’s partners provide Revenue Grid with Information about potential customers (prospects) or their representatives (e.g., lead-generating platforms, resellers, referrals, OEM partners). | |
The Customer provides Revenue Grid with Personal Information about you (e.g., when it is required to conclude a commercial contract or any other document or resolve technical Customer onboard/offboard issues). | |
|
The Customer designates you, or you identify yourself as responsible for the transaction operations while paying by card. Our payment transaction services partner may share some data with us in such cases. |
|
Some of our third-party partners that help us to understand your interest in and engagement with our Services may provide us with Information about you. |
3.2. When acting as a processor
Revenue Grid may collect the following Information:
Information collected from you | |
Categories of Personal Information | Conditions for the collection |
|
Permitted User may share Personal Information when registering an account on the Service’s sign-up or sets personal Service preferences. |
|
Permitted User may share additional Personal Information if they are identified as a technical contact, opens a support ticket and speaks to one of our representatives directly, or engages with our support or CSM teams. |
|
Permitted User shares Personal Information with Revenue Grid through their Service account or by uploading it within the Services in any other accessible way. |
|
When the Customer subscribes to Activity Capture 360 Services, such Customer may grant Revenue Grid access to the Permitted User’s Personal Information for Service provision. |
|
When the Customer subscribes to Sales Engagement module Services, such Customer may grant Revenue Grid access to the Permitted User’s Personal Information for the Service provision. |
|
When the Customer subscribes to Revenue Forecasting module Services, such Customer may grant Revenue Grid access to the Permitted User’s Personal Information for Service provision. |
|
Where the Permitted User uses a tracking feature enabling them to track sent emails’ status (opened/not opened by a recipient) and clicks of links contained in emails’ bodies, we may access some information on behalf of the Customer to provide our Services properly. |
Other Permitted Users or the administrator of the system (“Administrator”) you work in (e.g., Salesforce CRM) may share Personal Information with us when submitting and spreading content through the Services (e.g., your Administrator may mention you when submitting an issue to our technical support).
We may also receive Personal Information when you or your Administrator integrate or link a third-party service or solution with our Services ( e.g., when you create an account or log into the Services using your credentials, we may receive your name and email address to authenticate you to the extent permitted by the system profile settings). You or your Administrator may also integrate our Services with other services you use to allow you to access, store, share, and edit certain content from a third party through our Services. You may also authorize our Services to connect with a third-party calendaring service to make your meetings and connections available through the Services. The Personal Information we receive when you link or integrate our Services with a third-party service or solution depends on the settings, permissions, and privacy policy controlled by that third-party service or solution.
3.3. Automatically collected Personal Information
Revenue Grid collects Personal Information automatically through web beacons, pixels, clear gifs, and other cookie files and similar technologies used on the Website. The automatically collected Information is not always identifiable. However, it may be considered Personal Information when combined with the data or Personal Information Revenue Grid possesses.
Revenue Grid may automatically collect the following Information:
Data collected automatically | |
Categories of Personal Information | Conditions for the collection |
|
When you interact with the Website or Services, we may collect some information about you that may include Personal Information. In some cases, the scope of collected data depends on the type of device you use to access the Services and settings made on the device or the web browser you use. |
Cookies. Revenue Grid uses cookie files and other tracking technologies to track your activities on the Website or when using the Services. We use such tools to recognize you across different Services and devices and enhance your experience concerning browsing the Website and using the Services. Please see our Cookie Policy for more Information.
3.4. Sensitive Personal Information
We never intend to collect or process sensitive Personal Information about you that may reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification of a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, or any other data that can be considered sensitive under the applicable Data Protection Laws. We will immediately delete sensitive Personal Information if we become aware that such Personal Information was accidentally collected by Revenue Grid or received from you or any other third party.
4. HOW WE PROCESS PERSONAL INFORMATION
4.1. Purposes
Following legal basis requirements determined in the applicable Data Protection Laws, Revenue Grid collects and processes Personal Information for the following purposes:
Website functioning. We use Personal Information to operate and administer the Website and provide you with the content you access and request, enhance the Website’s functionality, and perform internal operations, including but not limited to troubleshooting, data analysis, software testing, and statistical calculations, make Website elements more accessible to you due to your preferences, and communicate with Revenue Grid through the Website more effectively.
Contact requests handling. We process your Personal Information to handle your contact request when you communicate with us through the Website online contact form, chat form, or other communication channels authorized by Revenue Grid and available to you.
Safety and security ensuring. We process Personal Information to provide the security of our systems, websites, and Services you may have access to, particularly through investigating, detecting, and preventing suspicious activity, fraud, and cybercrime affecting or that may affect Revenue Grid.
Promotional communication. We may use Personal Information, including information on the use of the Website, to send you relevant promotional communication that may be of specific interest to you, including promotion emails, or display our ads on other Revenue Grid’s sites, applications, and platforms, such as Facebook, LinkedIn and Google. These communications may include marketing information, information about new Services, functionalities, features, modules, survey requests, newsletters, and marketing events that may interest you and aim to drive engagement and maximize the Services’ value for you. You may control and restrict the use of your Personal Information for promotional activities through the opt-out ability as described in this Policy below.
Non-commercial communication. We use your Personal Information to communicate with you via email and through the Services functionality to confirm your purchases, send reminders about subscription expiration dates, respond to your questions and requests, provide customer support, send out technical notices, updates, security alerts, administrative messages, etc. We also send you communications as you onboard to a particular Service to help you become more proficient in using that Service.
Contract conclusion. If you wish to buy, order, and use the Services, or if you already use them, Revenue Grid uses Personal Information about you to communicate with you on issues related to the conclusion of the service contract or any other commercial document governing the use of the Services.
Services provision. We use Personal Information about you to provide the Services to Customers. For this purpose, we may communicate with you on issues related to the Services, confirm your purchases within the Services, send reminders about Services subscription expiration dates, respond to your questions and requests, provide customer support, perform user authentication and transactions processing, send out technical notices, updates, security alerts, administrative messages, and others. We also provide tailored communications based on your activity and interactions with us to help you become more proficient in using the Services.
Support activities. Our support team is always open to your requests. You may always contact us on any support issue related to the Website or Services, and we use our best efforts to resolve any issues you may encounter with the Website or Services. We use some Personal Information about you to handle and respond to your support request, resolve the issue, analyze crash information, and repair and improve the Services.
Payment management. Where you identify yourself as a person responsible for the transaction operations and provide Revenue Grid with financial Information, we use Personal Information about you to verify you and the Information you provide. We may also process your Personal Information for invoicing or financial reporting (if applicable).
Service development and optimization. We process your Personal Information to develop, optimize, and improve the performance of the Services.
4.2. Legal basis
We collect and process your Personal Information relying on the legal bases described below. Legal bases applied depend on the interaction between Revenue Grid and you, the Personal Information processing purposes, and the categories of the processed Personal Information.
Contract performance. We may process Personal Information when it is required to perform a service contract for the use of the Services or take particular steps before entering into such a service contract. For instance, to conclude a service contract, you may contact us through the Website or our support team or provide financial or business information to complete a service contract correctly.
Legitimate interest. We process your Personal Information when Revenue Grid pursues its legitimate interests unless your interests or fundamental rights and freedoms override such Revenue Grid’s legitimate interests. The Revenue Grid’s legitimate interests may cover research and development of the Website, advertisement, marketing, and promotional activities, or protecting our legal rights and interests.
Legal obligations. Data Protection Laws may impose on Revenue Grid legal obligations. Therefore, when cooperating with public and government authorities, courts, or regulators in accordance with our legal obligations to the extent this requires the processing or disclosure of Personal Information to protect Revenue Grid’s rights, we may process Personal Information about you to cover such obligations.
Consent. If the applicable Data Protection Laws require us to obtain consent to process your Personal Information, we ask you to give us consent. Your right to provide us consent is voluntary, and you have a choice whether to give us your consent or not. If we process your Personal Information based on your consent, you have the right to change your mind and withdraw the consent at any time as described in this Policy below. We may ask you to give us your consent when we want to share your Personal Information with a third party for a specific purpose (e.g., we sometimes display personal testimonials of satisfied Customers on our public sites. We may post your first and last name in a testimonial with your consent).
In the event of changing or extending Personal Information processing purposes or a legal basis, we take all reasonable steps to inform you without delay. We may update and/or revise the legal basis applied to the Personal Information processing or require you to provide us with additional consent if required by the applicable Data Protection Laws.
4.3. How we process Personal Information as a processor
When Revenue Grid acts on behalf of the Customer, we do not determine our own purposes for Personal Information processing unless otherwise specified in this Policy. Generally, we process your Personal Information for Service provision purposes or as may be additionally instructed by the respective Customer or agreed upon in the contract between the Customer and Revenue Grid.
Revenue Grid Processes your Personal Information as a Permitted User, including but not limited to:
The scope of Personal Information we process and how we use your Personal Information depends on the Services the Customer is subscribed to, as well as the preferences and customizations the Customer may request from Revenue Grid concerning the Services.
4.4. Non-personal Information
Revenue Grid is constantly looking for ways of making our Website and Services better, faster, secure, more integrated, user-friendly, and valuable for you. Therefore, we may use the anonymized findings of how people use our Services and your feedback provided to us to troubleshoot issues and identify Service usage trends, activity patterns, and areas for Service integration enhancement and general improvement. We may sometimes apply findings across our Services to improve and develop similar features or better integrate them with other solutions. For research and development purposes, we may use the information to uncover collective insights about using the Services in a consolidated manner without analyzing any personal characteristics.
5. PERSONAL INFORMATION SHARING
5.1. Who we share Personal Information with
Service Providers/Vendors. We may sometimes need help in running our business, maintaining the Website, or providing Services. Therefore, we engage third-party service providers/vendors (“service providers”) to provide (without limiting) the following services:
This involvement may require Revenue Grid to provide service providers access to Personal Information in our possession. Where a service provider accesses some Personal Information to perform relevant services on our behalf, they do so under strict instructions from Revenue Grid and our strict control. We make all reasonable efforts to ensure that the service providers involved in the processing of Personal Information possessed by Revenue Grid adhere to Revenue Grid’s privacy and security policies and have implemented appropriate privacy and security measures.
We engage service providers based on a written contract governing the processing of Personal Information and ensuring the respective service provider has implemented all required security measures. Where a service provider cannot enter into a written agreement with Revenue Grid due to its specific type of services, it may offer Revenue Grid to accept its agreement publicly placed on the service provider’s site instead. Such agreement will be considered a written agreement signed between Revenue Grid and the respective service provider for the purposes of this Policy.
Partners. We may share your Personal Information with our business partners, who are not service providers and may resell Revenue Grid Services, to conclude a service contract between Revenue Grid and a Customer or provide Services to a Customer.
Personnel. We grant Revenue Grid’s officers, directors, managers, members, shareholders, employees, consultants, and contractors (together “Personnel”) access to Personal Information, provided Revenue Grid authorizes them to process the Personal Information and commit themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. We ensure that all Personnel members are obliged to adhere to Revenue Grid privacy and security policies and that their access is reasonably restricted and controlled. Providing access to the Revenue Grid’s Personnel by Revenue Grid shall not be deemed a transfer of Personal Information as the Personnel is an inherent part of the Revenue Grid.
Links to third-party sites. The Services may include links that direct you to other sites or services whose privacy practices may differ from ours. If you submit Personal Information to any of those third-party sites, your Personal Information will be deemed governed by the privacy policies of those third-party sites and not by the present Policy. We encourage you to read the third-party site’s privacy policy carefully.
Enforcement requests and applicable laws. We may be forced to share your Personal Information with public, state, or competent supervisory authorities if it is reasonably necessary to comply with any applicable legislation, regulation, legal process, or governmental request, including those related to national security issues.
Professional advisers. In individual instances, we may share your Personal Information with professional advisers – including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services, and to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Information. In such cases, we ensure that the disclosure is secure and is subject to a separate contract unless otherwise provided by the applicable legislation.
Unordinary disclosure. In exceptional circumstances, where required by the applicable legislation or public interest, we may share your Personal Information with a third party if it is required to (i) enforce our agreements, policies, and terms of the Services; (ii) protect the security and integrity of the Services; (iii) protect Revenue Grid, you, our Customers, or the public from possible harmful and illegal activities; or (iv) respond to an emergency which we believe in good faith requires us to disclose Personal Information to assist in preventing the death or severe harm to any individual. In such cases, we ensure that the disclosure is secure and is subject to a separate contract unless otherwise provided by the applicable legislation.
5.2. How we share Personal Information as a processor
When acting on behalf of a Customer, Revenue Grid may share Personal Information about the Customer’s Permitted Users with service providers involved by Revenue Grid in the Personal Information processing on behalf of the Customers (“Subprocessors“). We make all reasonable efforts to ensure that the Subprocessors adhere to the Customer’s and Revenue Grid’s privacy and security policies and have implemented appropriate privacy and security measures not less than those implemented by Revenue Grid. You can always find the updated list of the Subprocessors involved here: List of Subprocessors, which Revenue Grid may amend from time to time depending on its needs. The Customer may also ask us to provide the then-current list of Subprocessors submitting the appropriate written request.
6. THIRD-PARTY APPLICATIONS
The Customer on whose behalf we act, you, your Administrator, or other Permitted Users may choose to add new functionality or change the behavior of the Services by installing third-party applications within the Services. By installing third-party applications, such third-party applications may access your Service account, your Personal Information, and any content you choose to use in connection with those applications. We encourage you to review the privacy policies of the third-party operators of such applications. We also recommend learning more about third-party operators’ privacy and information-handling practices. If you object your Personal Information to be shared with such third parties, please uninstall the respective applications.
7. INTERNATIONAL TRANSFER OF INFORMATION
7.1. Transfer to third countries
Generally, we store and process all the Personal Information on the protected cloud servers of Microsoft Azure in the United States of America. When processing Personal Information, we may be required to transfer it to recipients who are in various countries to complete purposes specified in this Policy. We make reasonable efforts to document all the transfers of Personal Information. We always ensure that all required security measures during the transfer of Personal Information are implemented, and the recipients of the Personal Information who are in third countries provide an adequate level of privacy protection and security.
Where we process the Personal Information of individuals who are in the European Union, the EEA, Switzerland, or the United Kingdom, we may be required to transfer Personal Information to countries that do not ensure adequate Personal Information protection under the applicable Data Protection Laws or decisions of the local authorities or the European Commission. In such cases, we use the legal transfer mechanisms stipulated by the applicable Data Protection Laws of the European Union, Switzerland, or the United Kingdom and adhere to official recommendations of the state authorities regarding the transfer of data to third countries. For example, we may use measures stipulated by GDPR Art. 46, including the Standard Contractual Clauses approved by the European Commission in its Implementing Decision (EU) 2021/914 of June 4 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council. In such cases, we ensure that the Personal Information is transferred and further processed securely and that appropriate privacy protection and security measures are applied. By accepting the terms of this Policy, you acknowledge and agree that we may share your Personal Information with the recipients in other countries where it is required to provide Services to you or for other purposes specified in this Policy.
7.2. Transfer to the US
Revenue Grid complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the US Department of Commerce. Revenue Grid has certified to the US Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Revenue Grid has certified to the US Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and to view our certification, please visit https://www.dataprivacyframework.gov/.
The DPF Principles set forth our accountability for EU/UK/Switzerland Personal Data that we receive under the DPF and subsequently transfer to a third party. As described in this Privacy Policy, we may use third parties to process data on our behalf. We remain liable if they do so in a manner inconsistent with the DPF Principles.
Should you have any DPF-related complaints about our collection or use of your Personal Information or any inquiries, please, contact us at: [email protected]. We will respond within 45 days.
If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, you may contact your relevant data protection authority using the information provided at https://ec.europa.eu/info/law/law-topic/data-protection_en and/or the Swiss Federal Data Protection and Information Commissioner (FDPIC). Revenue Grid commits to cooperate with the panel established by the EU, UK DPAs and/or the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by the panel established by the EU, UK DPAs and/or FDPIC with regard to unresolved DPF complaints concerning data transferred from the EU, UK and/or Switzerland.
Under certain conditions, more fully described on the DPF website, you may be entitled to invoke binding arbitration through the DPF Panel if neither we nor the panel established by the DPAs/FDPIC resolves your DPF complaint.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
8. SECURITY OF PERSONAL INFORMATION
We use reputed data hosting service providers in the United States, Western Europe, and other regions, including those selected by the Customer, to host the Personal Information we collect and process. We use industry-standard technical measures to secure your Personal Information at the highest level.
Taking into account state-of-the-art architecture, the costs of implementation, and the nature, scope, context, and purposes of data processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, we have taken steps to implement appropriate security, technical, and administrative measures to prevent unauthorized disclosure, use, or access to the Personal Information.
Revenue Grid is ISO 27001 certified and subject to an annual SOC 2 Type II audit. To learn more about the security policies and measures we apply and get acquainted with the ISO 27001 certificate and the latest SOC 2 Type II report, please visit the following page: https://trust.revenuegrid.com/.
9. PERSONAL INFORMATION RETENTION
9.1. How long we retain Personal Information as a controller
Revenue Grid, acting as a Controller, processes and uses Personal Information for as long as it is required to complete the purposes defined by Revenue Grid or as required to fulfill our legal obligations under the applicable legislation. We retain some of your Personal Information for as long as we consider you a Revenue Grid’s potential Customer pursuing our legitimate interests.
We define the retention period for Personal Information based on the amount, nature, and sensitivity of the Personal Information being processed and the potential risk of harm from unauthorized use or disclosure of the Personal Information. If you want more details on how we retain your Personal Information, please request us using the instructions described below in this Policy.
9.2. How long we retain Personal Information as a processor
When Revenue Grid acts as a Processor, we may retain Personal Information to provide Services to Customers.
Activity Capture 360 Services never store any of the Customer’s Salesforce or Exchange/Google data (contacts, emails, and so on). That data is only passed through the cloud app, temporarily kept in memory, and never written to any persistent storage (data minimization).
Revenue Sales Engagement module and Revenue Forecasting module Services may keep some Permitted User’s data throughout the Service subscription term and then for three calendar months after the end or expiration of the subscription. Three calendar months after the end/expiry of the subscription, all the Permitted User’s data gets permanently deleted from our servers.
Revenue Grid’s Services may keep telemetry data, Service logs, and diagnostics logs solely for Customer support and troubleshooting purposes. All the diagnostic logs and data are kept securely and automatically purged after 90 days.
10. HOW TO ACCESS AND CONTROL YOUR PERSONAL INFORMATION
10.1. Privacy rights you have
We respect your rights relating to your Personal Information subject to the applicable Data Protection Laws. Therefore, to the extent applicable under Data Protection Laws, we provide you, but not limited to, with the possibility to exercise the following rights:
10.1.1. Common Rights. The most common rights you have under applicable Data Protection Laws:
10.1.2. If the processing of Personal Information is subject to GDPR. In addition to the common rights, GDPR grants you the following rights:
10.1.3. Rights Specific to CCPA and CPRA. In addition to the common rights, the CCPA and CPRA provide you with unique rights, including:
10.1.4. Rights under Swiss and UK laws. Swiss data protection laws, such as the Federal Data Protection Act (FADP) and UK GDPR include rights similar to those found in the GDPR considering national legislation features.
10.1.5. Submission procedure. You must submit all rights requests electronically to the following email address: [email protected]. You should explicitly specify the subject matter of each request submitted clarifying the right you wish to exercise. Where your request’s subject matter is unclear, or it is difficult for us to identify the natural person submitting the request, we may ask you to fill out a request form and provide additional information to clarify your request’s subject matter or identify your personality (if required) to process the request correctly. Requests are free of charge, and we make reasonable efforts to respond to them as soon as possible or as required by the applicable Data Protection Laws.
If your Personal Information is processed based on the consent, please, put “Consent Withdrawal” in the subject line when submitting a request. We may additionally ask you to fill out a consent withdrawal form. The request is free of charge, and we make reasonable efforts to respond to it as soon as possible or as required by the applicable Data Protection Laws.
If you wish us not to use your Personal Information for direct marketing purposes, please put “Stop Marketing” in the subject line when submitting a request. You may also opt out of receiving promotional communications from us using the unsubscribe link in each email or message we send to you. Please note that after you opt out of receiving promotional communications, you will continue receiving our obligatory Service transactions and service messages.
Where there is a dispute on whether we have the right to continue using your Personal Information, then we may restrict any further use of your Personal Information until the request is honored or the dispute is resolved, provided the respective Customer does not object (wherever applicable).
Where there is a dispute on whether we have the right to continue using your Personal Information, then we may restrict any further use of your Personal Information until the request is honored or the dispute is resolved, provided the respective Customer does not object (wherever applicable).
10.1.6. Limitations. Your requests and choices may have some limitations in some instances. For example, you should not request information about another person or ask us to delete Personal Information that your Administrator or Revenue Grid can keep under the applicable Data Protection Laws. If you share your Personal Information with third parties, for example, by installing third-party applications, you must request that third parties delete the Personal Information if you wish. If you object to Personal Information about you being shared with an installed auxiliary third-party applications, please turn off the applicationsor ask your local Administrator to do that.
You may designate your authorized agent to exercise the above rights on your behalf. If necessary, we may need to verify your identity by the appropriate method or verify your authorized agent’s identity.
10.2. Revenue Grid as a processor
When Revenue Grid acts on behalf of the Customer, please submit requests concerning your rights to the respective Customer acting as a Controller concerning your Personal Information. When you, being a Permitted User of the Customer, submit the request concerning your rights to Revenue Grid, we will immediately direct such request and all the related information to the respective Customer and inform you of that fact. Please provide all further communication concerning your request to the respective Customer.
11. ADDITIONAL INFORMATION FOR EU RESIDENTS
11.1. GDPR Commitments
When Personal Information (for this section, hereinafter referred to as the “Personal Data”) processing is subject to the GDPR, we process your Personal Data solely under the principles and based on legal grounds stipulated by the GDPR. Revenue Grid implements, maintains and requires the Subprocessors to implement and maintain security and organizational measures to ensure your Personal Data is protected in compliance with the GDPR.
We respect your rights provided under the GDPR and ensure that you can exercise these rights (if applicable) without hindrance. The list of your privacy rights granted under GDPR and the procedure you should follow to exercise these privacy rights is described in section 10 of the Policy.
You can find more Information about the GDPR compliance assurance in our GDPR Statement, accessible at the following location: https://revenuegrid.com/gdpr-compliance-assurance/
11.2. Data Protection Officer
Following the requirements of GDPR Art. 37, we designated the Data Protection Officer (DPO). You may contact the DPO regarding Personal Data processing issues and exercising your rights under the GDPR.
Contact details of the DPO:
Address: 13110 NE 177th Place, Suite 135 Woodinville, WA 98072.
Email address: [email protected]
11.3. EU and UK Representative
Following the requirements of GDPR Art 27, we have appointed Maetzler Rechtsanwalts GmbH & Co KG together with its subsidiary SMAARC GmbH (together “Prighter”) as our privacy representative (“Representative”) and your point of contact in the EU. The Representative is also a point of contact for UK citizens. Therefore, you can submit a request to exercise your privacy-related rights via our Representative’s web form available at the following link: https://prighter.com/q/17757937
12. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
Considering the conditions specified in this Policy, this Section provides additional information to California residents whose Personal Information may be collected or processed by Revenue Grid. We collect and process Personal Information under the California Consumer Privacy Act of 2018 (CCPA), the California Consumer Privacy Act of 2020 (CPRA), and other Data Protection Laws. Revenue Grid implements, maintains (and requires the Subprocessors to do the same) security and organizational measures to ensure your Personal Information is protected and our compliance with the CCPA and the CPRA.
We process your Personal Information for the purposes specified in this Policy and never sell your Personal Information to any third parties or make it subject to trading. We may share or disclose the Personal Information only in the ways that are described in this Policy, provided the involved parties have adopted the appropriate security and confidentiality measures.
We respect your rights provided under the CCPA and the CPRA and ensure that you can exercise these rights (if applicable) without hindrance. The list of your privacy rights granted under the CCPA and the CPRA and the procedure you should follow to exercise these privacy rights are described in section 10 of the Policy.
13. SAP CLOUD FOR CUSTOMER SERVER-SIDE INTEGRATION FOR GROUPWARE
Our Services synchronize business communication and CRM data between the Permitted User’s CRM account and the Permitted User’s mail client over API technologies, including Google APIs, as specified below.
SAP Cloud for Customer Server-Side Integration for Groupware (for this subsection, hereinafter referred to as the ” SAP Cloud Service”) performs specific data processing between SAP Cloud for Customer and the Permitted User’s mailbox (“Permitted User data” processing) and provides a dedicated Sidebar panel for Microsoft Outlook (as an add-in) or Gmail (as a Chrome browser extension) that allows to interactively view and modify CRM context associated with the currently selected email or calendar item. The SAP Cloud Services can access and handle items of the following types: calendar items, tasks, contacts, emails, and attached files from the Permitted User’s mail client, as well as various item types available in the CRM. Using the SAP Cloud Services’ settings pages, the authorized CRM user can configure which item types to synchronize or access via the SAP Cloud Services.
Any Permitted User data, including Personal Information, is processed or transferred by the SAP Cloud Services solely to provide the SAP Cloud Services to the Permitted Users. Permitted User data is only passed through the SAP Cloud Service, temporarily kept in our servers’ memory for performing a specific operation initiated by the Permitted User, such as records data synchronization, data access, or update, and is not written to any persistent storage. While processing the Personal Information in connection with the SAP Cloud Services on behalf of the Customers, we process such Personal Information in the capacity of a Processor.
14. GOOGLE API SERVICES USER DATA POLICY DISCLOSURE
Revenue Grid’s use and transfer to any other applications of Personal Information received via Google APIs adhere to Google API Services User Data Policy, including the Limited Use requirements.
15. OUR POLICY TOWARD CHILDREN
The Website and Services must not be used by individuals under 16. We do not knowingly collect Personal Information from or about individuals under 16. If we become aware that an individual under 16 has provided us with any Personal Information, we will delete such Personal Information immediately. If you become aware that an individual under 16 has provided us with Personal Information, please contact our support service immediately.
16. CHANGES TO PRIVACY POLICY
This version of the Privacy Policy is the latest one. We may change this Privacy Policy from time to time depending on the requirements of the applicable Data Protection laws, changes in the Revenue Grid’s business activities, or if we believe such changes are reasonable. We will post any Privacy Policy changes on this page by updating this version of the Privacy Policy. If the changes are significant, we will provide more prominent notices by adding a notification on the Services’ home pages and login screens or sending you an email notification. We encourage you to review our Privacy Policy regularly whenever you browse the Website or use the Services to stay informed and aware of our privacy protection practices and how you can use your privacy rights and help us protect your Personal Information.
If you disagree with any changes made to this Privacy Policy, you must stop using the Services and deactivate your account(s) by contacting Revenue Grid through the contact channels specified in the contact section below.
17. CONTACT US
If you have questions or concerns about how your Personal Information is handled, please contact us using the following contact details:
Avora Holdings LTD d/b/a Revenue Grid.
Address: 13110 NE 177th Place Suite 135, Woodinville WA 98072, USA
Email: [email protected]