Privacy Documents

Updated June 2024

Here you’ll find all the information regarding Revinate’s privacy practices, including our handling of any personal data. Revinate is committed to transparency and the safeguarding of your information, and we therefore want to make it easy for you to understand our privacy practices. Below, you can access the following: (i) Revinate’s Solutions Privacy Policy for details regarding the privacy measures implemented within our solution offerings, (ii) our Website Privacy Policy which explains how we collect, use, and protect your personal information when you use our website, (iii) Revinate’s DPA which outlines our contractual obligations as a data Processor under applicable laws and regulations, and (iv) Revinate’s Sub-processor list as referenced in our DPA.

Quicklinks

Revinate® Solutions Privacy Policy

What you’ll find

This Policy outlines how Revinate processes the data provided by our customers. Importantly, it also clarifies that our customers are independently responsible for establishing their own privacy policies and fulfilling their legal obligations to their guests regarding the collection, use, and protection of guest data.

Last updated June 2025

Top sections

Summary

This Revinate Solutions Privacy Policy describes how Revinate, LLC, its subsidiaries and affiliated entities (collectively, “Revinate,” “we,” “our” or “us”) collect, store, use and share consumer data received from its customers in connection with its various proprietary product and services offerings, including Revinate Marketing, Reservation Sales, Revinate Ivy, Guest Feedback (including Reputation and Surveys), and RezForce (collectively, the “Revinate Solutions”). This Revinate Solutions Privacy Policy (“Revinate Solutions Privacy Policy”) does not apply to information that we collect and use for our own operational purposes in connection with our corporate website, located at www.revinate.com (“Site”). Please see the Revinate Website Privacy Policy posted on the Site for information on our privacy practices as they relate to the Site.

The Revinate Solutions are utilized by our third-party hospitality industry customers (“Revinate Customers”) including, in certain instances, as embedded on Revinate Customer websites and mobile applications (collectively, the “Customer Venues”), as well as on other web venues/applications hosted by Revinate. The Revinate Solutions may enable the current and prospective guests of our Revinate Customers (collectively, “Guests”) to interact with Revinate Customers, including via Guest- satisfaction surveys, Guest feedback forms, Guest outreach and marketing efforts, and virtual concierge services via the Ivy interactive text messaging platform (collectively, “Guest-Customer Interactions”). In connection with the Guest-Customer Interactions, Revinate Customers may submit or allow Revinate to process Guests’ personally identifiable information, such as their names, telephone numbers, email addresses and mailing addresses and other information related to their hospitality preferences, stays and events (collectively, “Submitted Data”). The Submitted Data that is accessed by Revinate (“Revinate Collected Data”): (a) may contain personally identifiable information; or (b) may, in certain circumstances, be maintained in a deidentified format. Certain data related to Guest-Customer Interactions that occur by and through the Revinate Solutions (such as testimonials and feedback) may be linked by Revinate Customers to personally identifiable information contained in the Submitted Data.

Your California Privacy Rights

Revinate may share your “personal information” with its Revinate Customers for financial gain and marketing purposes. Other than as set forth in the preceding sentence, Revinate will never share, sell, rent, exchange or barter your “personal information” (as defined in the Shine the Light Law, Cal. Civ. Code § 1798.83) to or with any other third-party for financial gain or marketing purposes. Nevertheless, we may, in certain limited instances, share your personal information with third parties who perform administrative functions on our behalf.

If you are a resident of the State of California and would like to learn how your personal information is shared with third parties, what categories of personal information that we have shared with third parties in the preceding year, as well as the names and addresses of those third parties, please call us at: (415) 671-4703; email us as at: support+privacy@revinate.com; or send us U.S. Mail to: Revinate, LLC, 2345 Yale St., First Floor, Palo Alto, CA 94306.

Your Nevada Privacy Rights

If you are a resident of the State of Nevada and would like to opt-out from the sale of your personal information to any third party data broker, please call us at: (415) 671-4703; email us as at: support+privacy@revinate.com; or send us U.S. Mail to: Revinate, LLC, 2345 Yale St., First Floor, Palo Alto, CA 94306.

Personal Information Collected

In connection with the Guest-Customer Interactions, Submitted Data may include some or all of the following: (a) full name; (b) mailing address; (c) e-mail address; (d) telephone number; (e) information pertaining to a past, current or prospective stay at a Customer Venue; and (f) any other information collected by and through the Revinate Solutions as determined by each Revinate Customer. In addition, certain data related to Guest-Customer Interactions that occur by and through the Revinate Solutions (such as testimonials and feedback) may be linked by Revinate Customers to personally identifiable information contained in the Submitted Data.

The collection, storage, use, sharing or other data processing of any Submitted Data by Revinate that is provided in connection with a Guest-Customer Interaction shall remain, at all times, subject to the respective privacy policy of the respective Revinate Customer as posted on the subject Customer Venue. Revinate has no ability to control or impact the privacy practices of its Revinate Customers or the content of their respective Customer Venues. We encourage you to review the privacy policies and settings of the Customer Venues with which you interact to help you understand those Revinate Customers’ respective privacy practices. If you have questions about the security and privacy practices of any Customer Venue that you use, please refer to the respective Customer Venue‘s privacy notices.

Opt-Out/Unsubscribe

We do not use Revinate Collected Data to send e-mail or other forms of communications to Guests other than as instructed by Revinate Customers. We process Revinate Collected Data on behalf of our Revinate Customers, who may use the same to contact you directly. If you wish to opt-out of the processing of your Submitted Data by a Revinate Customer, please refer to the opt-out mechanisms set forth in the applicable privacy policy of that Revinate Customer with whom you established a business relationship.

Individual Rights: Deleting, Modifying and Updating Your Personal Information

We will support our Revinate Customers as instructed in order to carry out your data protections rights, as applicable by law, in order to: (a) identify what personal information we have on file for an individual in a machine- readable format; (b) amend the personal information that we have on file when instructed to do so; and/or (c) promptly coordinate with our Revinate Customers to implement the deletion of the personal information we maintain in our servers/databases. When deleting personal information, such deletion will permanently remove the information within Revinate Solutions accessed by or on behalf of Revinate Customers and will further delete your preferences, if any, such as loyalty programs or stay history.

Data Retention

With respect to our retention of Revinate Collected Data, as set forth above, we retain Revinate Collected Data only for as long as we continue to have a business purpose to do so unless a longer period is required by applicable law. Such business purposes may include handling the contractual relationship that we have with our Revinate Customer, optimizing the performance and functionality of the Revinate Solutions, as well as legal, taxation, accounting, risk management and other operational purposes.

Use and Sharing of Personal Data

Our Revinate Customers will have direct access to, and we will share with our Revinate Customers, the Submitted Data provided in connection with the Guest-Customer Interactions. Revinate may further use your Submitted Data to evaluate and analyze your transactions, past commercial interactions, prospective commercial activity and hospitality related needs (“Profile Data”) in order to predict and personalize the services offered to you by Revinate Customers. Revinate may use your Profile Data to optimize marketing efforts undertaken on behalf of its Revinate Customers and share the same with its Revinate Customers in order to better serve you.

In addition to the foregoing, Revinate may transfer, share and/or sell anonymous, aggregate or group data that is compiled from Guests’ data, including Revinate Collected Data, for its legitimate business purposes. We use Submitted Data, Revinate Collected Data and Profile Data to personalize your experience with the Revinate Solutions and to facilitate the provision of the applicable Revinate Solutions to you, including in connection with customer service and to otherwise respond to your inquiries. We may also employ other companies and individuals to perform certain functions on our behalf. The agents performing these limited functions on our behalf may have access to such data only as needed to perform these functions for us, and we do not permit them to use Revinate Collected Data for other purposes.

We may also use Revinate Collected Data for internal business purposes, such as product development, product improvement, analysis and of our service offerings including, without limitation, the Revinate Solutions.

By submitting your personal information by and through the Revinate Solutions, you agree that such act constitutes an inquiry and/or application for purposes of the Amended Telemarketing Sales Rule (16 CFR §310 et seq.), as amended from time to time (the “Rule”) and applicable state do-not-call regulations. As such, notwithstanding that your telephone number may be listed on the Federal Trade Commission’s Do-Not-Call List, and/or on applicable state do-not-call lists, we retain the right to contact you via telemarketing in accordance with the Rule and applicable state do-not-call regulations.

Where you provide “prior express consent” within the meaning of the Telephone Consumer Protection Act (47 USC § 227), and its implementing regulations adopted by the Federal Communications Commission (47 CFR § 64.1200), as amended from time-to-time (“TCPA”), you consent to receive telephone calls from Revinate, including artificial voice calls, pre-recorded messages and/or calls (including SMS text messages) delivered via automated technology, to the telephone number(s) that you provided. Please note that you are not required to provide consent under the TCPA in order to obtain access to the Revinate Solutions, and your consent simply allows Revinate to contact you via these means. Please be advised that by agreeing to this Privacy Policy, you are obligated to immediately inform us if and when the telephone number that you have previously provided to us changes. Without limiting the foregoing, if you: (i) have your telephone number reassigned to another person or entity; (ii) give up your telephone number so that it is no longer used by you; (iii) port your telephone number to a landline or vice versa; or (iv) otherwise stop using that telephone number for any reason (collectively “Phone Number Change”), you agree that you shall promptly notify Revinate of the Phone Number Change via e-mail at: support+privacy@revinate.com, or by using one of the methods set forth in the “Contact Us” section below.

Revinate may release current or past Revinate Collected Data: (a) if we reasonably determine that such information is required to be released by subpoena or court order; (b) if we are sold, merge with a third-party or are acquired by a third-party (collectively, “M&A Transactions”) (including where we share such information in connection with the due diligence process associated with a potential M&A Transaction); (c) if we are the subject of bankruptcy proceedings; (d) as otherwise required or permitted by law; or (e) when we deem it necessary or appropriate. For circumstances involving Revinate in a bankruptcy proceeding, merger, acquisition or sale of all or a portion of its assets, you will be notified via e-mail and/or a prominent notice on the Site of any change in ownership or uses of your personal information, as well as any choices that you may have regarding your personal information.

You hereby consent to the disclosure of any record or communication to any third-party when we, in our sole discretion, determine the disclosure to be required by applicable law, including sharing your e-mail address with third-parties for suppression purposes in compliance with the CAN-SPAM Act of 2003, as amended from time to time, and other e-mail marketing laws. Users should also be aware that courts of equity, such as U.S. Bankruptcy Courts, might have the authority under certain circumstances to permit personal information to be shared or transferred to third-parties without permission.

Automatically Collected Personal Data; Non-Personal Data Collection and Use

IP Addresses/Browser Type
We may collect certain non-personally identifiable information about you and your desktop computer and/or mobile device when you access a Revinate Solution. For example, this information includes, without limitation, the type of browser that you use (e.g., Safari, Chrome, Internet Explorer), the type of operating system that you use (e.g., Windows or iOS) and the domain name of your Internet service provider (e.g., Verizon, AT&T). We use the non-personally identifiable information that we collect to improve the design and content of the Revinate Solutions and to enable us to improve your Internet experience. We also may use this information in the aggregate to analyze usage and functionality of the Revinate Solutions.

Cookies/IP Addresses/Browser Type
When a Guest accesses a Revinate Solution, we may process IP addresses, user agent strings, cookies and other website tracking technologies to identify users and improve Revinate Solutions. We may send one (1) or more cookies and/or gif files (collectively, “Cookies”) to assign a unique identifier to the applicable Guest’s computer which we retain and use to store Guest preferences, identify usage trends, help improve Revinate Solutions and otherwise enhance your experience with the Revinate Solutions. To find out more about Cookies, please visit www.cookiecentral.com.

Most Internet browsers are initially set up to accept Cookies, but you can reset your browser to refuse all Cookies or to indicate when a Cookie is being sent. To disable and reject certain Cookies, follow the instructions associated with your Internet browser. Even in the case where a Guest rejects a Cookie, she or he may still use the Revinate Solutions; provided, however, that certain Revinate Solutions-related functions may be impaired or rendered inoperable if the use of Cookies is disabled. In general, Guests may also be able to disable some, or all, Internet tracking activity by utilizing the “Do Not Track” setting or similar options within most major Internet browsers.

Behavioral Tracking
The Revinate Solutions do not track Guest activity on, or after Guests leave, the subject Customer Venues.

Cross Device Tracking
The Revinate Solutions do not track Guests across various devices, including personal computers and mobile devices.

Aggregate Data
Revinate may process and transfer and/or sell data that is not personally identifiable information, such as de-identified, aggregate or group data about Guests, including Revinate Collected Data for lawful purposes, such as business needs or product development. Aggregate or group data is data that describes the demographics, usage and other characteristics of Guests as a group, without disclosing personally identifiable information.

Ivy Interactive Text Messaging Platform

Where you opt-in to the Ivy interactive text messaging platform (“Ivy Platform”) in order to facilitate Guest- Customer Interactions via SMS text message, you may receive an SMS message to confirm your signup.

You can cancel your use of the Ivy Platform at any time by texting “STOP” to the number that contacted you. For assistance, you may send the reply text “HELP” to the number that contacted you.

We are able to deliver messages to customers of the following mobile phone carriers: AT&T, Verizon Wireless, Sprint, T-Mobile, MetroPCS and U.S. Cellular.

Message and Data Rates May Apply for messages sent and/or received by and through the Ivy Platform. If you have any questions about your text or data plan, please contact your wireless provider. For questions about the Ivy Platform, please feel free to email us at: support+privacy@revinate.com.

Security

We endeavor to safeguard and protect Guest Data, and we have appropriate security measures in place to protect against the unauthorized access, loss, misuse or alteration of such data. To the extent our registration/application process prompts Guests to enter sensitive information (such as credit card information), if any, and if we store and transmit such sensitive information, that personal information will be encrypted with advanced TLS (Transport Layer Security).

Systems access is strictly limited, and we take commercially reasonable measures to prevent unauthorized access to Guest data. Only personnel who have a specific job function that requires it, shall have access to Guest data. Our employees are dedicated to maintaining the security and privacy of such data, and employees not adhering to our firm policies are subject to disciplinary action.

While we take these and many other precautions to protect Guest data, no technology, software or security protocol can be guaranteed to be 100% secure. For these reasons, we cannot warrant that any personal information will be absolutely secure.

Third-Party Websites

The Revinate Solutions may contain links to third-party owned and/or operated websites including, without limitation, websites associated with Revinate Clients and Client Venues. Revinate® is not responsible for the privacy practices or the content of such websites. These third-party websites have separate privacy and data collection practices and Revinate has no responsibility or liability relating to them.

Transfer of Data Internationally

If you are accessing a Revinate Solution and/or visiting a Customer Venue from a country other than the United States, your communications with us may result in the transfer of information across international boundaries. Additionally, for data security, redundancy, integrity and business continuity purposes, Revinate Collected Data may be stored, accessed and otherwise processed in a country other than the country in which it was collected.

Revinate complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Revinate has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF. Revinate has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Revinate is responsible for the processing of personal data it receives, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf. Revinate complies with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over Revinate’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Revinate may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Revinate commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

Changes to this Revinate Solutions Privacy Policy

Revinate reserves the right to change or update this Revinate Solutions Privacy Policy at any time by posting a notice on our Site that we are changing our Revinate Solutions Privacy Policy. We encourage you to visit our privacy page from time to time and to read this notice to learn of our current privacy practices and protections.

Contact Us

If you have any questions about this Revinate Solutions Privacy Policy or our privacy practices in general, you may call us at: +1 (415) 671-4703; email us as at: support+privacy@revinate.com.

To submit a request to exercise your privacy rights, please send your request to the Revinate Customer with whom you have a relationship. If you are a resident of the European Union, United Kingdom or Switzerland and would like to contact the Revinate Data Protection Officer (DPO) please direct your message to dpo@revinate.com.

Revinate® Website Privacy Policy

What you’ll find

This Policy outlines how Revinate collects, uses, and protects the personal information of its website visitors.

Last updated June 2024

Top sections

Summary

The following Revinate Website Privacy Policy (“Privacy Policy”) sets forth our policy with respect to the collection, storage, use and sharing of your personal information and other information that we collect from you when you access the Revinate website located at www.revinate.com (the “Site”). The Site is owned and operated by Revinate, LLC, its subsidiaries and affiliated entities (collectively, “Revinate,” “we,” “our” or “us”).

This Privacy Policy applies solely to the information we collect and use on our corporate Site. This Privacy Policy does not apply to information about guests (“Guests”) of our third-party hospitality industry customers (“Revinate Customers”) that is processed, tracked and/or collected by us in connection with our various proprietary product and services offerings, including Revinate Marketing, Reservation Sales, Revinate Ivy, Guest Feedback, and RezForce (collectively, the “Revinate Solutions”). Please see our Revinate Solutions Privacy Policy for information on our privacy practices and Guest choices as they relate to the Revinate Solutions.

In connection with the Revinate Solutions, Guests may submit personal information, answers to survey questions, reviews, testimonials and other materials. Any information submitted by Guests in connection with the Revinate Solutions shall be subject to the separate privacy policies of our various Revinate Customers. Our Revinate Customers have separate privacy and data collection practices and Revinate has no responsibility or liability relating to them. Please review the privacy policies of the applicable Revinate Customer prior to submitting any information in connection with your engagement with any of the Revinate Solutions.

Background

This Privacy Policy covers our treatment of personal information and other information that we collect when an end-user visitor to the Site (“User,” “you” or “your”): (a) accesses or uses the Site; (b) accesses and/or downloads any of the product/service descriptions, blog posts, podcasts, webinars, testimonials, text, audio, video, photographs, graphics, artwork and/or other content featured on the Site (collectively, “Content”); (c) accesses and/or provides information in connection with employment opportunities with Revinate (“Career Opportunities”); and/or (d) utilizes the various contact forms and/or contact information made available on the Site (collectively, the “Contact Services”) as a means to contact directly, or request to be contacted by, Revinate regarding the Revinate Solutions. For purposes of this Privacy Policy, the Site, Content, Contact Services, Career Opportunities and Revinate Solutions shall be referred to, collectively, as the “Revinate Offerings.” In order to purchase Revinate Solutions, you must separately execute a Service Order with Revinate.

IF YOU DO NOT AGREE TO TERMS OF THIS PRIVACY POLICY, IN THEIR ENTIRETY, YOU MAY NOT ACCESS OR OTHERWISE USE THE REVINATE OFFERINGS.

Your California Privacy Rights

Revinate will never share, sell, rent, exchange or barter your “personal information” (as defined in the Shine the Light Law, Cal. Civ. Code § 1798.83) to or with any third-party for financial gain or marketing purposes. Nevertheless, we may, in certain limited instances, share your personal information with third parties who perform administrative functions on our behalf.

Your Nevada Privacy Rights

If you are a resident of the State of Nevada and would like to opt-out from the sale of your personal information to any third-party data broker, please call us at: (415) 671-4703; email us as at: support+privacy@revinate.com; or send us U.S. Mail to: Revinate, LLC, 2345 Yale St., First Floor, Palo Alto, CA 94306.

Personal Information Collected

In connection with requesting information concerning the Revinate Offerings, Revinate will collect some or all of the following information applicable to the User and/or the business entity that the User represents (the “Entity”): (a) the User’s full name; (b) the Entity’s name; (c) the User’s personal e-mail address and/or work e-mail address; (d) the User’s telephone number; (e) the User’s current employer; (f) the User’s current role with her/his employer; (g) the User’s resume (where applying for a Revinate Career Opportunity); (h) the User’s gender, race and military status (where applying for a Revinate Career Opportunity); (i) whether the User would require sponsorship for employment visa status (where applying for a Revinate Career Opportunity); (j) the User’s LinkedIn® URL (where applying for a Revinate Career Opportunity); and/or (k) any other information requested on the applicable form.

For purposes of this Privacy Policy, items (g) through (j) in the preceding paragraph shall be referred to as “Sensitive Information.”

Use of Personal Information

Revinate will never share, sell, rent, exchange or barter your personal information to or with any third party for financial gain or marketing purposes. By making that personal information available to Revinate, you grant Revinate the right, subject to applicable law, to: (a) use that personal information to contact you regarding your use of the Revinate Offerings; (b) use that personal information (but not Sensitive Information) to contact you regarding other Revinate products and/or services that we think may be of interest to you; and/or (c) use that personal information (but not Sensitive Information) to contact you regarding third-party products and/or services that we think may be of interest to you. If you wish to stop receiving future communications from us, please follow the instructions at the end of each such e-mail message or see the “Opt-Out/Unsubscribe” section below.

Where you submit personal information, we use the personal information that you make available to personalize your experience with the Site and to facilitate the provision of the applicable Revinate Offerings to you, including in connection with customer service and to otherwise respond to any inquiries made by you. By submitting information in connection with the Career Opportunities, you agree that we may contact you regarding the employment opportunities for which you applied. You also agree that we may contact you at any time with updates and/or any other information that we may deem appropriate for you to receive in connection with your continued use of the Revinate Offerings.

We may also employ other companies and individuals to perform certain functions on our behalf. Examples include sending direct and electronic mail, removing duplicate information from User lists, analyzing data and providing marketing analysis. The agents performing these limited functions on our behalf shall have access to our Users’ personal information as needed to perform these functions for us, but we do not permit them to use User personal information for other purposes.

We may also use your personal information for internal business purposes, such as analyzing and managing our service offerings including, without limitation, the Revinate Offerings. We may also combine the information we have gathered about you with information from other sources.

By submitting your personal information by and through the Revinate Offerings, you agree that such act constitutes an inquiry and/or application for purposes of the Amended Telemarketing Sales Rule (16 CFR §310 et seq.), as amended from time to time (the “Rule”) and applicable state do-not-call regulations. As such, notwithstanding that your telephone number may be listed on the Federal Trade Commission’s Do- Not-Call List, and/or on applicable state do-not-call lists, we retain the right to contact you via telemarketing in accordance with the Rule and applicable state do-not-call regulations.

Where you provide “prior express consent” within the meaning of the Telephone Consumer Protection Act (47 USC § 227), and its implementing regulations adopted by the Federal Communications Commission (47 CFR § 64.1200), as amended from time-to-time (“TCPA”), you consent to receive telephone calls from Revinate, including artificial voice calls, pre-recorded messages and/or calls (including SMS text messages) delivered via automated technology, to the telephone number(s) that you provided. Please note that you are not required to provide consent under the TCPA in order to obtain access to the Revinate Offerings, and your consent simply allows Revinate to contact you via these means. Please be advised that by agreeing to this Privacy Policy, you are obligated to immediately inform us if and when the telephone number that you have previously provided to us changes. Without limiting the foregoing, if you: (i) have your telephone number reassigned to another person or entity; (ii) give up your telephone number so that it is no longer used by you; (iii) port your telephone number to a landline or vice versa; or (iv) otherwise stop using that telephone number for any reason (collectively “Phone Number Change”), you agree that you shall promptly notify Revinate of the Phone Number Change via e-mail at: support+privacy@revinate.com, or by using one of the methods set forth in the “Contact Us” section below.

We reserve the right to release current or past personal information (including Sensitive Information): (A) in the event that we believe that the Revinate Offerings are being or have been used in violation of any Site-related agreement or to commit unlawful acts; (B) if the information is subpoenaed; provided, however, that, where permitted by applicable law, we shall provide you with e-mail notice, and opportunity to challenge the subpoena, prior to disclosure of any personal information pursuant to a subpoena; (C) if we are sold, merge with a third-party or are acquired by a third-party (collectively, “M&A Transactions”) (including where we share your personal information in connection with the due diligence process associated with a potential M&A Transaction); or (D) if we are the subject of bankruptcy proceedings; provided, however, that if Revinate is involved in a bankruptcy proceeding, merger, acquisition or sale of all or a portion of its assets, you will be notified via e-mail and/or a prominent notice on the Site of any change in ownership or uses of your personal information, as well as any choices that you may have regarding your personal information.

Non-Personal Information Collection and Use

IP Addresses/Browser Type
We may collect certain non-personally identifiable information about you and your desktop computer and/or mobile device when you visit many of the pages of the Site. This non-personally identifiable information includes, without limitation, the type of browser that you use (e.g., Safari, Chrome, Internet Explorer), your IP address, the type of operating system that you use (e.g., Windows or iOS) and the domain name of your Internet service provider (e.g., Verizon, AT&T). We use the non-personally identifiable information that we collect to improve the design and content of the Revinate Offerings and to enable us to personalize your Internet experience. We also may use this information in the aggregate to analyze usage of the Revinate Offerings.

Cookies
When a User visits the Site, we send one (1) or more cookies and/or gif files (collectively, “Cookies”) to assign an anonymous, unique identifier to the applicable User’s computer. A Cookie is a piece of data stored on your hard drive containing non-personally identifiable information about you. Cookies have many benefits to enhance your experience at the Site. To find out more about Cookies, please visit www.cookiecentral.com. We use Cookies to improve the quality of the Revinate Offerings, including for storing User preferences and tracking Site-User trends (including pages opened and length of stay at the Site).
Most Internet browsers are initially set up to accept Cookies, but you can reset your browser to refuse all Cookies or to indicate when a Cookie is being sent. To disable and reject certain Cookies, follow the instructions associated with your Internet browser. Even in the case where a User rejects a Cookie, she or he may still use the Revinate Offerings; provided, however, that certain Revinate Offerings-related functions may be impaired or rendered inoperable if the use of Cookies is disabled. We reserve the right to retain Cookie data as long as they are beneficial for business needs.

Behavioral Tracking and Data Collection
We place cookies on your device in order to identify you in our system, and we may use this information to help us send targeted marketing communications to our Users. From time to time we may also display advertising on our Site, and in that capacity use cookies to provide display advertising targeted to your interests. You may opt out of our display advertising partner(s)and their partners’ targeted advertising using the following links: https://www.aboutads.info/choices/, https://www.networkadvertising.org/choices/, and https://www.youronlinechoices.eu/, if located in the European Union.

Revinate also uses web analytics services provider Google® Analytics. Google® Analytics is a web analytics service provided by Google Inc. (“Google®“). Google® Analytics uses cookies and similar technologies to analyze how Users use the Site. The information generated about Site usage (including your shortened IP address) is transmitted to Google® in the U.S. This information is used to evaluate visitors’ use of the Site, compile statistical reports on Site activity, and provide other services related to the Site Offerings. Google® may also collect information about Site visitors’ use of other websites. For more information about Google® Analytics, or to opt out of Google® Analytics, please go to: https://tools.google.com/dlpage/gaoptout/.

In addition, Revinate uses the following third party services in order to better understand Site-User needs and to optimize the Revinate Offerings:

(a) Revinate uses Chili Piper® to help collect, manage and filter some of the personal information collected on the Site. For further details, including opt-out methods, please see Chili Piper’s® privacy policy by clicking here.

(b) Revinate uses Gravity Forms® to help create and maintain certain of the registration forms used to collect personal information on the Site. For further details, including opt-out methods, please see Gravity Forms® privacy policy by clicking here.

(c) Revinate uses Google® Fonts to optimize the Site-User’s experience with the Revinate Offerings. Google® Fonts may track Site-User IP addresses. Revinate will obtain Site-User consent prior to making Google® Fonts available to the subject Site-User(s).

We also use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the Site, the events that occur within the Site, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application. Users may also be able to disable some, or all, Internet tracking activity by utilizing the “Do Not Track” setting or similar options within most major Internet browsers.

Cross Device Tracking
Revinate may track Users’ use of the Revinate Offerings across multiple devices, including personal computers and mobile devices.

Aggregate Data
Revinate reserves the right to transfer and/or sell aggregate or group data about Users of the Revinate Offerings for lawful purposes. Aggregate or group data is data that describes the demographics, usage and other characteristics of Revinate Offerings Users as a group, without disclosing personally identifiable information.

Third-Party Websites

This Site may contain links to third-party owned and/or operated websites including, without limitation, third- party podcast hosting websites. Revinate is not responsible for the privacy practices or the content of such websites. In some cases, you may be able to make a purchase through one of these third-party websites. In these instances, you may be required to provide certain information, such as a credit card number, to register or complete a transaction at such website. These third-party websites have separate privacy and data collection practices and Revinate has no responsibility or liability relating to them.

Security

We endeavor to safeguard and protect our Users’ personal information. When Users make personal information available to us, their personal information is protected both online and offline (to the extent that we maintain any personal information offline). Where our registration/application process prompts Users to enter Sensitive Information and when we store and transmit such Sensitive Information, that personal information is encrypted with advanced TLS (Transport Layer Security).

Access to your personal information is strictly limited, and we take reasonable measures to ensure that your personal information is not accessible to the public. All of our Users’ personal information is restricted in our offices, as well as the offices of our third-party service providers. Only employees or third-party agents who need User personal information to perform a specific job are granted access to User personal information. Our employees are dedicated to ensuring the security and privacy of all User personal information. Employees not adhering to our firm policies are subject to disciplinary action. The servers that we store User personal information on are kept in a secure physical environment. We also have security measures in place to protect the loss, misuse and alteration of personal information under our control.

Please be advised, however, that while we take every reasonable precaution available to protect your data, no storage facility, technology, software, security protocols or data transmission over the Internet or via wireless networks can be guaranteed to be 100% secure. Computer hackers that circumvent our security measures may gain access to certain portions of your personal information, and technological bugs, errors and glitches may cause inadvertent disclosures of your personal information; provided, however, that any attempt to breach the security of the network, our servers, databases or other hardware or software may constitute a crime punishable by law. For the reasons mentioned above, we cannot warrant that your personal information will be absolutely secure. Any transmission of data at or through the Site, other Revinate Offerings or otherwise via the Internet or wireless networks, is done at your own risk.

In compliance with applicable federal and state laws, we shall notify you and any applicable regulatory agencies in the event that we learn of an information security breach with respect to your personal information. You will be notified via e-mail in the event of such a breach. Please be advised that notice may be delayed in order to address the needs of law enforcement, determine the scope of network damage, and to engage in remedial measures.

Minors

Visitors under eighteen (18) years of age are not permitted to use and/or submit their personal information at the Site. Revinate does not knowingly solicit or collect information from visitors under eighteen (18) years of age. Revinate encourages parents and guardians to spend time online with their children and to participate and monitor the interactive activities of their children.

Opt-Out/Unsubscribe

To opt-out of receiving e-mail and other forms of communications from us, you can: (a) follow the instructions included in the applicable e-mail message or other communication; or (b) e-mail us at: support+privacy@revinate.com.

Notwithstanding the foregoing, we may continue to contact you for the purpose of communicating information relating to your request for Revinate Offerings, as well as to respond to any inquiry or request made by you. To opt-out of receiving Revinate Offerings-related and/or inquiry response-related messages from Revinate, you must cease requesting and/or utilizing the Revinate Offerings and/or cease submitting inquiries to Revinate, as applicable.

Individual Rights: Deleting, Modifying and Updating Your Personal Information

At your request, we will: (a) inform you of what personal information we have on file for you, in a machine- readable format; (b) amend the personal information that we have on file for you; and/or (c) completely remove personal information that you have provided to us, or that we have collected, from our servers/databases. You may make such a request by e-mailing us at: support+privacy@revinate.com. We ask individual Users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests.

Please be advised that deleting your personal information may terminate your access to certain of the Revinate Offerings. If you wish to continue using the full complement of Revinate Offerings, you may not be able to delete all of the personal information that we have on file for you. Please be further advised that, after you delete your personal information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems.

Transfer of Personal Information Internationally

If you are visiting the Site from a country other than the country in which our servers are located, your communications with us may result in the transfer of personal information across international boundaries. By visiting the Site and/or otherwise communicating electronically with us, you consent to such transfers. Even if your jurisdiction does not have the same privacy laws as the jurisdiction where our servers are located, we will treat your information as subject to the protections described in this Privacy Policy.

Changes to this Privacy Policy

Revinate reserves the right to change or update this Privacy Policy at any time by posting a notice on the Site that we are changing our Privacy Policy. If the manner in which we use personal information changes, Revinate will notify Users by: (a) sending the modified policy to our Users via email; and/or (b) by any other reasonable means acceptable under applicable state and federal law. You will have a choice as to whether or not we use your information in this different manner, and we will only use your information in this different manner where you affirmatively consent to such use.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices in general, please call us at: (415) 671-4703 or email us as at: support+privacy@revinate.com.

Revinate Data Processing Addendum

What you’ll find

This Addendum outlines Revinate’s responsibilities as a data processor when handling personal data pursuant to instructions from its customers, the data controllers, in compliance with applicable data protection laws. It ensures that personal data is processed securely and lawfully, and protects the rights of individual data subjects.

Last updated December 2023

Top sections

Introduction

This Revinate Data Processing Addendum (“DPA”) is incorporated into, and is subject to the terms and conditions of, the Agreement (defined below) between Revinate and the Customer entity that is a party to the Agreement. All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement. For the avoidance of doubt, all references to the “Agreement” shall include this DPA (including the SCCs (where applicable), as defined herein).

1. Definitions

For the purposes of this DPA:

1.1 “Affiliate(s)” has the same meaning ascribed to it in the Agreement and, if not defined in the Agreement, the term means any legal entity directly or indirectly controlling, controlled by or under common control with a party, where control means the ownership of a majority share of the stock, equity or voting interests of such entity.

1.2 “Agreement” means Revinate’s Master Services Agreement, or other written or electronic agreement, which governs the provision of the Services to Customer, as such terms or agreement may be updated from time to time.

1.3 “Controller,” “Processor”, “Data Subject,” “Personal Data,” “Processing” and “Process” (whether or not capitalized) have the meanings given to them under applicable Data Protection Laws or if not defined thereunder, the GDPR, and “Process”, “Processes” and “Processed”, with respect to any Customer Data shall be interpreted accordingly.

1.4 “Customer” means the non-Revinate party to both the Agreement and this DPA that has access to the Services.

1.5 “Customer Data” means any Personal Data that Revinate processes on behalf of Customer via the Services, as more particularly described in this DPA.

1.6 “Data Protection Laws” means all data protection laws and regulations applicable to a party’s processing of Customer Data under the Agreement, including, where applicable, European Data Protection Laws and Non-European Data Protection Laws.

1.7 “Europe” means, for the purposes of this DPA, the European Economic Area and its member states (“EEA”), Switzerland and the United Kingdom (“UK”).

1.8 “European Data Protection Laws” means all data protection laws and regulations applicable to Europe, including (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) applicable national implementations of (i) and (ii); (iv) the GDPR as it forms part of UK law by virtue of section 3 of the UK European Union (Withdrawal) Act 2018 and the UK Data Protection Act 2018 (together, “UK Data Protection Laws”); and (v) the Swiss Federal Data Protection Act of 19 June 1992 and its Ordinance, and the new Federal Act on Data Protection effective as of September 1, 2023 (“Swiss DPA”).

1.9 “Non-European Data Protection Laws” means US Data Protection Law and the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”).

1.10 “Revinate” means the Revinate entity that is a party to both the Agreement and this DPA, which may be Revinate, LLC, a Delaware limited liability corporation, or a Revinate Affiliate as applicable.

1.11 “SCCs” or “Standard Contractual Clauses” means (i) the Standard Contractual Clauses between Controllers and Processors adopted by the European Commission in its Implementing Decision (EU) 2021/91 of 4 June 2021 (the “2021 Controller-to-Processor Clauses”); or (ii) the Standard Contractual Clauses between Processors adopted by the European Commission in its Implementing Decision (EU) 2021/91 of 4 June 2021 (the “2021 Processor-to-Processor Clauses”), set out at https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en (or such other URL as the European Commission may designate); as applicable in accordance with Section 6.

1.12 “Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, or alteration of, or unauthorized disclosure of or access to, Customer Data on systems managed or otherwise controlled by Revinate.

1.13 “Sensitive Data” means (a) social security number, tax file number, passport number, driver’s license number, or similar identifier; (b) credit or debit card number (other than the truncated (last four digits) of a credit or debit card); (c) employment, financial, credit, genetic, biometric or health information; (d) racial, ethnic, political or religious affiliation, trade union membership, information about sexual life or sexual orientation, or criminal record; (e) account passwords; or (f) other information that falls within the definition of “special categories of data” under applicable Data Protection Laws.

1.14 “Sub-processor” means any Processor engaged by Revinate or its Affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA. Sub-processors may include third parties or Affiliates of Revinate, but shall exclude Revinate’s employees, contractors, or consultants.

1.15 “UK Addendum” means the International Data Transfer Addendum (version B1.0) issued by the Information Commissioner’s Office under S.119(A) of the UK Data Protection Act 2018, as updated or amended from time to time.

1.16 “US Data Protection Law” means the California Privacy Rights Act (“CPRA”); Colorado Privacy Act; Connecticut Personal Data Privacy and Online Monitoring Act; Indiana Consumer Data Protection Act (effective 1 Jan. 2026); Iowa Consumer Data Protection Act (effective 1 Jan. 2025; Montana Consumer Data Privacy Act (effective 1 Jan. 2024); Oregon Consumer Privacy Act; Tennessee Information Protection Act (effective 1 July 2025); Texas Data Privacy and Security Act (effective 1 July 2024); Utah Consumer Privacy Act; Virginia Consumer Data Protection Act; and all applicable comprehensive state data protection laws and regulations that are or are not yet in effect as of the date of this DPA; in each case as may be amended or superseded from time to time.

2. Roles and Responsibilities

2.1 Parties’ roles. If European Data Protection Laws apply to either party’s Processing of Customer Data, the parties acknowledge and agree that with regard to the Processing of Customer Data, Revinate is a Processor acting on behalf of Customer (whether itself a Controller or a Processor). For the avoidance of doubt, this DPA shall not apply to instances where Revinate is the Controller (as defined by European Data Protection Laws) unless otherwise described in Annex C (Jurisdiction-Specific Terms) of this DPA.

2.2 Purpose limitation. Revinate shall Process Customer Data, as further described in Annex A (Details of Data Processing) of this DPA, only in accordance with Customer’s documented lawful instructions as set forth in this DPA, as necessary to comply with applicable law, or as otherwise agreed in writing (“Permitted Purposes”). The parties agree that the Agreement, including this DPA, along with the Customer’s configuration of or use of any settings, features, or options in the Services (as the Customer may be able to modify from time to time) constitute the Customer’s complete and final instructions to Revinate in relation to the Processing of Customer Data (including for the purposes of the SCCs), and Processing outside the scope of these instructions (if any) shall require prior written agreement between the parties.

2.3 Prohibited Data. Customer will not provide (or cause to be provided) any Prohibited Data to Revinate for Processing under the Agreement, and Revinate will have no liability whatsoever for Prohibited Data, whether in connection with a Security Incident or otherwise. For the avoidance of doubt, this DPA will not apply to Prohibited Data.

2.4 Customer compliance. Customer represents and warrants that (i) it has complied, and will continue to comply, with all applicable laws, including Data Protection Laws, in respect of its Processing of Customer Data and any Processing instructions it issues to Revinate and (ii) it has provided, and will continue to provide, all notice and has obtained, and will continue to obtain, all consents and rights necessary under Data Protection Laws for Revinate to Process Customer Data for the purposes described in the Agreement. Customer shall have sole responsibility for the accuracy, quality, and legality of Customer Data and the means by which Customer acquired Customer Data. Without prejudice to the generality of the foregoing, Customer agrees that it shall be responsible for complying with all laws (including Data Protection Laws) applicable to any campaigns or other content created, sent, or managed through the Services, including those relating to obtaining consents (where required) to send messages, the content of the messages and its message deployment practices.

2.5 Lawfulness of Customer’s instructions. Customer will ensure that Revinate’s Processing of the Customer Data in accordance with Customer’s instructions will not cause Revinate to violate any applicable law, regulation, or rule, including, without limitation, Data Protection Laws. Revinate shall promptly notify Customer in writing, unless prohibited from doing so under European Data Protection Laws, if it becomes aware or believes that any data Processing instruction from Customer violates European Data Protection Laws. Where Customer acts as a Processor on behalf of a third-party Controller (or other intermediary to the ultimate Controller), Customer warrants that its Processing instructions as set out in the Agreement and this DPA, including its authorizations to Revinate for the appointment of Sub-processors in accordance with this DPA, have been authorized by the relevant Controller. Customer shall serve as the sole point of contact for Revinate and Revinate need not interact directly with (including to provide notifications to or seek authorization from) any third-party Controller other than through regular provision of the Services to the extent required under the Agreement. Customer shall be responsible for forwarding any notifications received under this DPA to the relevant Controller, where appropriate.

3. Sub-processing

3.1 Authorized Sub-processors. Customer generally authorizes Revinate to engage Sub-processors to process Customer Data on Customer’s behalf. The Sub-processors currently engaged by Revinate and authorized by Customer are listed at Revinate’s Sub-processor web page: https://www.revinate.com/subprocessors. Revinate shall notify Customer if it adds or removes Subprocessors at least 10 days prior to any such changes if Customer opts in to receive such notifications from Revinate.

3.2 Sub-processor obligations. Revinate shall: (i) enter into a written agreement with each Subprocessor containing data protection obligations that provide at least the same level of protection for Customer Data as those in this DPA, to the extent applicable to the nature of the services provided by such Sub-processor; and (ii) remain responsible for such Sub-processor’s compliance with the obligations of this DPA and for any acts or omissions of such Sub-processor that cause Revinate to breach any of its obligations under this DPA. Customer acknowledges and agrees that, where applicable, Revinate fulfills its obligations under Clause 9 of the 2021 Controller-to-Processor Clauses and 2021 Processor-to Processor Clauses (as applicable) by complying with this Section 3, and that Revinate may be prevented from disclosing Sub-processor agreements to Customer due to confidentiality restrictions but Revinate shall, upon request, provide information reasonably requested by Customer regarding Sub-processor agreements, or if necessary provide copies of Sub-processor agreements and any subsequent amendments, redacted to protect business secrets or other confidential information, including personal data.

4. Security

4.1 Security Measures. Revinate shall implement and maintain appropriate technical and organizational security measures that are designed to protect Customer Data from Security Incidents and designed to preserve the security and confidentiality of Customer Data in accordance with Revinate’s security standards described in Annex B (“Security Measures”) of this DPA.

4.2 Confidentiality of processing. Revinate shall ensure that any person who is authorized by Revinate to process Customer Data (including its staff, agents, and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).

4.3 Updates to Security Measures. Customer is responsible for reviewing the information made available by Revinate relating to data security and making an independent determination as to whether the Services meet Customer’s requirements and legal obligations under Data Protection Laws. Customer acknowledges that the Security Measures are subject to technical progress and development and that Revinate may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Services provided to Customer.

4.4 Security Incident response. Upon becoming aware of a Security Incident, Revinate shall: (i) notify Customer without undue delay, and where feasible, within 48 hours of awareness; (ii) provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer; and (iii) promptly take reasonable steps to contain and investigate any Security Incident.
Revinate’s notification of or response to a Security Incident under this Section 4.4 shall not be construed as an acknowledgment by Revinate of any fault or liability with respect to the Security Incident.

4.5 Customer responsibilities. Notwithstanding the above, Customer agrees that except as provided by this DPA, Customer is responsible for its secure use of the Services, including securing its account authentication credentials, protecting the security of Customer Data when in transit to and from the Service, and taking any appropriate steps to securely encrypt or backup any Customer Data uploaded to the Services.

5. Security Reports and Audits

5.1 Audit rights. Revinate shall make available to Customer all information reasonably necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections by Customer in order to assess compliance with this DPA. Customer acknowledges and agrees that it shall exercise its audit rights under this DPA (including this Section 5.1 and where applicable, the SCCs) and any audit rights granted by Data Protection Laws, by instructing Revinate to comply with the audit measures described in Section 5.2 below.

5.2 Security due diligence. Revinate shall respond to all reasonable requests for information made by Customer to confirm Revinate’s compliance with this DPA, including responses to information security, due diligence, and audit questionnaires, by making additional information available regarding its information security program upon Customer’s written request to support+privacy@revinate.com, provided that Customer shall not exercise this right more than once per calendar year.

6. International Transfers

6.1 Data center locations. Subject to Section 6.2, Customer acknowledges that Revinate may transfer and process Customer Data to and in the United States and anywhere else in the world where Revinate, its Affiliates or its Sub-processors maintain data processing operations. Revinate shall at all times ensure that such transfers are made in compliance with the requirements of Data Protection Laws and this DPA.

6.2 EEA Data Transfers. To the extent that Revinate is a recipient of Customer Data protected by GDPR in a country outside of EEA that is not recognized as providing an adequate level of protection for personal data (as described in applicable European Data Protection Laws), the parties agree to abide by and process such Customer Data in compliance with the SCCs, which shall be incorporated into and form an integral part of this DPA.

6.3 Standard Contractual Clause Optional Provisions. Where the SCCs identify optional provisions (or provisions with multiple options) the following shall apply:

(a) Clause 7 (Docking Clause) is omitted;

(b) In Clause 9(a) (Use of sub-processors) – Option 2 shall apply and the parties shall follow the process and timings agreed in Section 3 above to appoint sub-processors;

(d) In Clause 16(b) (Suspension of transfers) if Revinate is the data exporter it will suspend transfers of personal data only as required by law and will notify Customer as promptly as possible (before suspension if possible) so that Customer may remedy the condition requiring suspension;

(e) In Clause 13 (Supervisory Authority) – the competent supervisory authority will be the supervisory authority with responsibility for ensuring compliance by Customer with GDPR as regards the data transfer;

(f) In Clause 17 (Governing Law) – the laws of the Netherlands shall govern; and

(g) In Clause 18 (Choice of forum and jurisdiction) – the courts of the Netherlands shall have jurisdiction.

6.4 UK Data Transfers. With respect to transfers to which the UK Data Protection Laws apply, the SCCs shall apply and shall be deemed amended as specified by the UK Addendum. The UK Addendum shall be deemed executed by the parties and incorporated into and form an integral part of this DPA. In addition: Tables 1 to 3 in Part 1 of the UK Addendum shall be deemed completed with the information set out in Annexes I and II of the relevant SCCs; and Table 4 in Part 1 of the UK Addendum shall be deemed completed by selecting “neither party”.

6.5 Swiss Data Transfers. With respect to transfers to which the Swiss DPA apply, the SCCs shall apply in accordance with Section 6.2 with the following modifications: (i) references to “Regulation (EU) 2016/679” shall be interpreted as references to the Swiss DPA; (ii) references to specific Articles of “Regulation (EU) 2016/679” shall be replaced with the equivalent article or section of the Swiss DPA; (iii) references to “EU”, “Union” and “Member State law” shall be replaced with “Switzerland”; (iv) Clause 13(a) and Part C of Annex Il shall be deleted; (v) references to the “competent supervisory authority” and “competent courts” shall be replaced with “the Swiss Federal Data Protection and Information Commissioner” and “relevant courts in Switzerland”; (vi) Clause 17 shall be replaced to state “The Clauses are governed by the laws of Switzerland”; and (vii) Clause 18 shall be replaced to state “Any dispute arising from these Clauses shall be resolved by the applicable courts of Switzerland. The parties agree to submit themselves to the jurisdiction of such courts”.

6.6 Compliance with the SCCs. The parties agree that if Revinate cannot ensure compliance with the SCCs, it shall promptly inform Customer of its inability to comply. If Customer intends to suspend the transfer of European Data and/or terminate the affected parts of the Services, it shall first provide notice to Revinate and provide Revinate with a reasonable period of time to cure such non-compliance, during which time Revinate and Customer shall reasonably cooperate to agree what additional safeguards or measures, if any, may be reasonably required. Customer shall only be entitled to suspend the transfer of data and/or terminate the affected parts of the Services for non-compliance with the SCCs if Revinate has not or cannot cure the non-compliance within a reasonable period.

6.7 Alternative transfer mechanism. To the extent Revinate adopts an alternative lawful data transfer mechanism for the transfer of European Data not described in this DPA (“Alternative Transfer Mechanism”), the Alternative Transfer Mechanism shall apply instead of the transfer mechanisms described in this DPA (but only to the extent such Alternative Transfer Mechanism complies with applicable European Data Protection Laws and extends to the countries to which European Data is transferred). In addition, if and to the extent that a court of competent jurisdiction or supervisory authority orders (for whatever reason) that the measures described in this DPA cannot be relied on to lawfully transfer European Data (within the meaning of applicable European Data Protection Laws), Revinate may implement any additional measures or safeguards that may be reasonably required to enable the lawful transfer of European Data.

7. Return or Deletion of Data

Upon termination or expiration of the Agreement, Revinate shall (at Customer’s election) delete or return to Customer all Customer Data (including copies) in its possession or control, except that this requirement shall not apply to the extent Revinate is required by applicable law to retain some or all of the Customer Data, or to Customer Data it has archived on back-up systems, which Customer Data Revinate shall securely isolate, protect from any further processing and eventually delete in accordance with Revinate’s deletion policies, except to the extent required by applicable law. The parties agree that the certification of deletion of Customer Data described in Clause 8.5 and 16(d) of the 2021 Controller-to-Processor Clauses and 2021 Processor-to-Processor Clauses (as applicable) shall be provided by Revinate to Customer only upon Customer’s written request.

8. Data Subject Rights and Cooperation

8.1 Data subject requests. As part of the Services, Revinate provides Customer with a number of selfservice features, that Customer may use to retrieve, correct, delete, or restrict the use of Customer Data, which Customer may use to assist it in connection with its (or its third-party controller’s) obligations under the Data Protection Laws with respect to responding to requests from data subjects via Customer’s account at no additional cost. In addition, Revinate shall, considering the nature of the processing, provide reasonable additional assistance to Customer to the extent possible to enable Customer (or its third-party controller) to comply with its data protection obligations with respect to data subject rights under Data Protection Laws. In the event that any such request is made to Revinate directly, Revinate shall not respond to such communication directly except as appropriate (for example, to direct the data subject to contact Customer) or legally required, without Customer’s prior authorization. If Revinate is required to respond to such a request, Revinate shall, where the Customer is identified or identifiable from the request, promptly notify Customer and provide Customer with a copy of the request unless Revinate is legally prohibited from doing so. For the avoidance of doubt, nothing in the Agreement (including this DPA) shall restrict or prevent Revinate from responding to any data subject or data protection authority requests in relation to personal data for which Revinate is a controller.

8.2 Data protection impact assessment. To the extent required under applicable Data Protection Laws, Revinate shall (considering the nature of the processing and the information available to Revinate) provide all reasonably requested information regarding the Services to enable Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by Data Protection Laws. Revinate shall comply with the foregoing by: (i) complying with Section 5 (Security Reports and Audits); (ii) providing the information contained in the Agreement, including this DPA; and (iii) if the foregoing sub-sections (i) and (ii) are insufficient for Customer to comply with such obligations, upon request, providing additional reasonable assistance (at Customer’s expense).

9. Jurisdiction-Specific Terms

To the extent Revinate processes Customer Data originating from and protected by Data Protection Laws in one of the jurisdictions listed in Annex C, then the terms specified in Annex C with respect to the applicable jurisdiction(s) (“Jurisdiction-Specific Terms”) apply in addition to the terms of this DPA. In the event of any conflict or ambiguity between the Jurisdiction-Specific Terms and any other terms of this DPA, the applicable Jurisdiction-Specific Terms will take precedence, but only to the extent of the Jurisdiction-Specific Terms’ applicability to Revinate.

10. Limitation of Liability

10.1 Each party’s and all of its Affiliates’ liability taken together in the aggregate arising out of or related to this DPA (including the SCCs) shall be subject to the exclusions and limitations of liability set forth in the Agreement.

10.2 Any claims made against Revinate or its Affiliates under or in connection with this DPA (including, where applicable, the SCCs) shall be brought solely by the Customer entity that is a party to the Agreement.

10.3 In no event shall any party limit its liability with respect to any individual’s data protection rights under this DPA or otherwise.

11. Relationship with the Agreement

11.1 This DPA shall remain in effect for as long as Revinate carries out Customer Data processing operations on behalf of Customer or until termination of the Agreement (and all Customer Data has been returned or deleted in accordance with Section 7 above).

11.2 The parties agree that this DPA shall replace any existing data processing agreement or similar document that the parties may have previously entered into in connection with the Services.

11.3 In the event of any conflict or inconsistency between this DPA and Revinate’s General Terms and Conditions, the provisions of the following documents (in order of precedence) shall prevail: (i) SCCs; then (ii) this DPA; and then (iii) the General Terms and Conditions.

11.4 Except for any changes made by this DPA, the Agreement remains unchanged and in full force and effect.

11.5 No one other than a party to this DPA, its successors and permitted assignees shall have any right to enforce any of its terms.

11.6 This DPA shall be governed by and construed in accordance with the governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws.

Annex A – Details of Data Processing

(a) Categories of data subjects:

The categories of data subjects whose Personal Data is Processed include (i) individual end users who work for Customer and set up user accounts on Revinate’s Services, and (ii) guests who stay at or otherwise visit Customer’s property(ies).

(b) Categories of Personal Data:
Revinate will Process (i) the names and email addresses of Customer personnel who log in to the Revinate Services, and (ii) data related to a guest’s stay at or visit to Customer’s property(ies), including:
● Name
● Email address
● Physical address
● IP-address and other online identifiers
● Date of birth
● Telephone/mobile number
● Location Data
● Information related to a guest’s booking for accommodations or ancillary services (e.g., spa, golf, dining, etc.) at the Customer’s hotel property

In addition, Revinate will Process the categories of Personal Data provided by Customer. If Customer’s property management system captures special categories of data, including, without limitation, factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity, and Customer chooses to make those categories available to Revinate, Revinate may Process them.

(c) Sensitive data processed (if applicable): Revinate does not want to, nor does it intentionally, collect or Process any Sensitive Data in connection with the provision of the Services.

(d) Duration of Processing: Revinate will process Customer Data as outlined in Section 7 (Return or Deletion of Data) of this DPA.

(e) Nature and Purpose of Processing: Revinate processes Personal Data in order to provide its Services to hospitality customers as described at www.revinate.com. Revinate shall only Process Customer Data for the Permitted Purposes, which shall include: (i) processing as necessary to provide the Services in accordance with the Agreement; (ii) Processing initiated by Customer in its use of the Services; and (iii) Processing to comply with any other reasonable instructions provided by Customer (e.g., via email or support tickets) that are consistent with the terms of the Agreement.

Annex B – Security Measures

The following describes Revinate’s Technical and Organizational Security Measures.

1. System Access Controls: Revinate shall take reasonable measures to prevent Personal Data from being used without authorization. These controls shall vary based on the nature of the Processing undertaken and may include, among other controls, authentication via passwords and/or two-factor authentication, documented authorization processes, documented change management processes and/or, logging of access on several levels.

2. Data Access Controls: Revinate shall take reasonable measures to (i) provide that Personal Data is accessible and manageable only by properly authorized staff, (ii) direct database query access is restricted and application access rights are established and enforced to ensure that persons entitled to use a data processing system only have access to the Personal Data to which they have privilege of access, and (iii) that Personal Data cannot be read, copied, modified or removed without authorization in the course of Processing.

3. Auditing. Revinate will cooperate with any audit(s) requested by Customer pursuant to Section 5.2 of the DPA.

Annex C - Jurisdiction-Specific Terms

Europe:

1. Objection to Sub-processors. Customer may object in writing to Revinate’s appointment of a new Sub-processor within five (5) calendar days of receiving notice in accordance with Section 3.1 of the DPA, provided that such objection is based on reasonable grounds relating to data protection. In such event, the parties shall discuss such concerns in good faith with a view to achieving a commercially reasonable resolution. If no such resolution can be reached, Revinate will, at its sole discretion, either not appoint such Sub-processor, or permit Customer to suspend or terminate the affected Services in accordance with the termination provisions in the Agreement without liability to either party (but without prejudice to any fees incurred by Customer prior to suspension or termination).

2. Government data access requests. As a matter of general practice, Revinate does not voluntarily provide government agencies or authorities (including law enforcement) with access to or information about Revinate’s accounts (including Customer Data). If Revinate receives a compulsory request (whether through a subpoena, court order, search warrant, or other valid legal process) from any government agency or authority (including law enforcement) for access to or information about a Revinate account (including Customer Data) belonging to a Customer whose primary contact information indicates the Customer is located in Europe, Revinate shall: (i) review the legality of the request; (ii) inform the government agency that Revinate is a Processor of the data; (iii) attempt to redirect the agency to request the data directly from Customer; (iv) notify Customer via email sent to Customer’s primary contact email address of the request to allow Customer to seek a protective order or other appropriate remedy; and (v) provide the minimum amount of information permissible when responding to the agency or authority based on a reasonable interpretation of the request. As part of this effort, Revinate may provide Customer’s primary and billing contact information to the agency. Revinate shall not be required to comply with this paragraph 2 if it is legally prohibited from doing so, or it has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual, public safety, or Revinate’s property, the Revinate Site, or Services, but where Revinate is legally prohibited from notifying Customer of requests it shall use its best efforts to obtain a waiver of the prohibition.

3. EU Representative. Revinate’s representative in the European Union is Revinate, B.V., Kerkstraat 342H, 1017JA, Amsterdam; support+privacy@revinate.com.

United States:

1. Except as described otherwise, the terms Controller, Processor, Personal Data and data subject shall mean “Business”, “Service Provider” “Personal Information”, and “Consumer” under CPRA, and shall include equivalent terms under other US Data Protection Laws.

2. For this “section of Annex C only, “Permitted Purposes” shall include Processing Customer Data only for the purposes described in this DPA and in accordance with Customer’s documented lawful instructions as set forth in this DPA, as necessary to comply with applicable law, as otherwise agreed in writing, including, without limitation, in the Agreement, or as otherwise may be permitted for “Service Providers” under US Data Protection Law.

3. Revinate’s obligations regarding data subject requests, as described in Section 8 (Data Subject Rights and Cooperation) of this DPA, extend to rights requests under US Data Protection Law.

4. Notwithstanding any use restriction contained elsewhere in this DPA, Revinate shall Process Customer Data to perform the Services, for the Permitted Purposes and/or in accordance with Customer’s documented lawful instructions, or as otherwise permitted or required by applicable law.

5. Notwithstanding any use restriction contained elsewhere in this Annex C, Revinate may deidentify or aggregate Customer Data as part of performing the Services specified in this DPA and the Agreement.

6. Where Sub-processors Process the Personal Information of Customer contacts, Revinate takes steps to ensure that such Sub-processors are Service Providers under US Data Protection Law with whom Revinate has entered into a written contract that includes terms substantially similar to this Section of Annex C or are otherwise exempt from the CCPA’s definition of “sale”. Revinate conducts appropriate due diligence on its Sub-processors.

7. Revinate shall not Sell or Share (as defined in US Data Protection Laws), disclose, release, transfer, make available or otherwise communicate any Customer Data to another business or third party without Customer’s prior written consent unless and to the extent that such disclosure is made to a Sub-processor for a business purpose. Notwithstanding the foregoing, nothing in this DPA shall restrict Revinate’s ability to disclose Customer Data to comply with applicable laws; provided that if such disclosure is required, Revinate will promptly notify Customer of the request for disclosure unless such notification is prohibited by applicable law or a legally binding order.

Canada:

1. Revinate takes steps to ensure that Revinate’s Sub-processors, as described in Section 3 (Subprocessing) of the DPA, are third parties under PIPEDA, with whom Revinate has entered into a written contract that includes terms substantially similar to this DPA. Revinate conducts appropriate due diligence on its Sub-processors.

2. Revinate will implement technical and organizational measures as set forth in Section 4 (Security) of the DPA.

Sub-processor

What you’ll find

This document lists the third-party entities (other companies or organizations) that Revinate engages to help us process personal data on behalf of our customers, the data controllers.

Last Updated: July 1, 2023

Top sections

Introduction

Welcome to Revinate’s sub-processor repository page, where we maintain a current list of sub-processors authorized to process personal data for Revinate’s services. Revinate uses a commercially reasonable selection process by which it evaluates the security, privacy, and confidentiality practices of proposed sub-processors that will or may in the future have access to or process personal data.

1. Entities

Entity name	Description of processing	Entity country	Related Revinate services
Advanced Tech Placement	Used to provide supplemental engineering resources	United States	All
Clifton Myers Ent Inc.	Used to provide supplemental engineering resources	United States, Lebanon	All
Amazon Web Services, Inc.	Cloud service provider	United States	All
Google Inc.	Cloud service provider and platform that measures customer usage of our services	United States	All
Salesforce	Customer relationship management	United States	All
Marketo	Marketing automation for customers and prospects	United States	All
Intercom	Lifecycle communications to customers and prospects	United States	All
Twilio Inc	Cloud-based customer communication platforms, including Twilio and SendGrid	United States	All
Pendo	Product experience platform that measures customer usage of our services	United States	All
TaskUs	Back office support and administration	Philippines	All
Zuora	Financial tool to manage customer subscriptions and invoicing	United States	All
GoCardLess	Users that pay via direct debit will authorize processing through GoCardLess	United States	All
Stripe	Users that pay via credit card will authorize electronic processing through Stripe	United States	All
Log(n)	Used to provide supplemental engineering resources	Costa Rica	All
Mismo	Used to provide supplemental engineering resources	United States, Uruguay, Mexico	All
Globant S.A.	Used to provide supplemental engineering resources	United States, Colombia	All
Svitla	Used to provide supplemental engineering resources	United States, Ukraine	All
LogRocket	Customer experience platform that measures customers’ usage of our services	United States	All
DBT	Used for operational workflows around customer analytics	United States	All
GoLiveSMS	Used to power communications	United States	Ivy
Bandwidth	Used to power communications	United States	Ivy
NICE	Used to power communications	United States	Reservation Sales
SendWithUs	Cloud-based customer communication platform	United States	Feedback
Tripadvisor	Guests that submit Revinate Surveys may authorize to share their name and review to Tripadvisor	United States	Feedback
Mailgun	Cloud-based email router	United States	All
Zerobounce	Email verification service to identify false email addresses	United States	Marketing
Kong Inc	API management for outbound integrations	United States	API Out
JCC dba Call Center Solutions	Used for additional human call center support	United States	RezForce
RAC Human Capital (Pty) Ltd	Used for additional human call center support	South Africa	RezForce

2. Affiliates

Depending on the geographic location of a customer or their authorized users, and the nature of the Revinate services provided, Revinate may also engage one or more of the following affiliates as processors when accessing customer data to deliver support and similar services to a customer:

Revinate B.V.	Netherlands
Revinate Singapore PTE Ltd.	Singapore
Buehner-Fry, Inc., a Nevada corporation, dba NAVIS	United States
Go Moment, Inc.	United States

3. Requesting more information about a sub-processor

Please email privacy@revinate.com to receive more information on a sub-processor related to its role for Revinate and its security controls.

4. Objecting to a sub-processor

After reviewing information related to a particular sub-processor that we can provide upon request, you can make an objection to a sub-processor by emailing privacy@revinate.com with subject line “Sub-processor Objection.” The email must contain the your name, your company name, the sub-processor you object to, and your grounds for the objection. When making a submission, you must confirm in writing that you are a Revinate customer and an authorized representative of your company.