Privacy Documents
Here you’ll find all the information regarding Revinate’s privacy practices, including our handling of any personal data. Revinate is committed to transparency and the safeguarding of your information, and we therefore want to make it easy for you to understand our privacy practices. Below, you can access the following: (i) Revinate’s Solutions Privacy Policy for details regarding the privacy measures implemented within our solution offerings, (ii) our Website Privacy Policy which explains how we collect, use, and protect your personal information when you use our website, (iii) Revinate’s DPA which outlines our contractual obligations as a data Processor under applicable laws and regulations, and (iv) Revinate’s Sub-processor list as referenced in our DPA.
Revinate® Solutions Privacy Policy
This Policy outlines how Revinate processes the data provided by our customers. Importantly, it also clarifies that our customers are independently responsible for establishing their own privacy policies and fulfilling their legal obligations to their guests regarding the collection, use, and protection of guest data.
Last updated June 2025
The Revinate Solutions are utilized by our third-party hospitality industry customers (“Revinate Customers”) including, in certain instances, as embedded on Revinate Customer websites and mobile applications (collectively, the “Customer Venues”), as well as on other web venues/applications hosted by Revinate. The Revinate Solutions may enable the current and prospective guests of our Revinate Customers (collectively, “Guests”) to interact with Revinate Customers, including via Guest- satisfaction surveys, Guest feedback forms, Guest outreach and marketing efforts, and virtual concierge services via the Ivy interactive text messaging platform (collectively, “Guest-Customer Interactions”). In connection with the Guest-Customer Interactions, Revinate Customers may submit or allow Revinate to process Guests’ personally identifiable information, such as their names, telephone numbers, email addresses and mailing addresses and other information related to their hospitality preferences, stays and events (collectively, “Submitted Data”). The Submitted Data that is accessed by Revinate (“Revinate Collected Data”): (a) may contain personally identifiable information; or (b) may, in certain circumstances, be maintained in a deidentified format. Certain data related to Guest-Customer Interactions that occur by and through the Revinate Solutions (such as testimonials and feedback) may be linked by Revinate Customers to personally identifiable information contained in the Submitted Data.
If you are a resident of the State of California and would like to learn how your personal information is shared with third parties, what categories of personal information that we have shared with third parties in the preceding year, as well as the names and addresses of those third parties, please call us at: (415) 671-4703; email us as at: support+privacy@revinate.com; or send us U.S. Mail to: Revinate, LLC, 2345 Yale St., First Floor, Palo Alto, CA 94306.
The collection, storage, use, sharing or other data processing of any Submitted Data by Revinate that is provided in connection with a Guest-Customer Interaction shall remain, at all times, subject to the respective privacy policy of the respective Revinate Customer as posted on the subject Customer Venue. Revinate has no ability to control or impact the privacy practices of its Revinate Customers or the content of their respective Customer Venues. We encourage you to review the privacy policies and settings of the Customer Venues with which you interact to help you understand those Revinate Customers’ respective privacy practices. If you have questions about the security and privacy practices of any Customer Venue that you use, please refer to the respective Customer Venue‘s privacy notices.
In addition to the foregoing, Revinate may transfer, share and/or sell anonymous, aggregate or group data that is compiled from Guests’ data, including Revinate Collected Data, for its legitimate business purposes. We use Submitted Data, Revinate Collected Data and Profile Data to personalize your experience with the Revinate Solutions and to facilitate the provision of the applicable Revinate Solutions to you, including in connection with customer service and to otherwise respond to your inquiries. We may also employ other companies and individuals to perform certain functions on our behalf. The agents performing these limited functions on our behalf may have access to such data only as needed to perform these functions for us, and we do not permit them to use Revinate Collected Data for other purposes.
We may also use Revinate Collected Data for internal business purposes, such as product development, product improvement, analysis and of our service offerings including, without limitation, the Revinate Solutions.
By submitting your personal information by and through the Revinate Solutions, you agree that such act constitutes an inquiry and/or application for purposes of the Amended Telemarketing Sales Rule (16 CFR §310 et seq.), as amended from time to time (the “Rule”) and applicable state do-not-call regulations. As such, notwithstanding that your telephone number may be listed on the Federal Trade Commission’s Do-Not-Call List, and/or on applicable state do-not-call lists, we retain the right to contact you via telemarketing in accordance with the Rule and applicable state do-not-call regulations.
Where you provide “prior express consent” within the meaning of the Telephone Consumer Protection Act (47 USC § 227), and its implementing regulations adopted by the Federal Communications Commission (47 CFR § 64.1200), as amended from time-to-time (“TCPA”), you consent to receive telephone calls from Revinate, including artificial voice calls, pre-recorded messages and/or calls (including SMS text messages) delivered via automated technology, to the telephone number(s) that you provided. Please note that you are not required to provide consent under the TCPA in order to obtain access to the Revinate Solutions, and your consent simply allows Revinate to contact you via these means. Please be advised that by agreeing to this Privacy Policy, you are obligated to immediately inform us if and when the telephone number that you have previously provided to us changes. Without limiting the foregoing, if you: (i) have your telephone number reassigned to another person or entity; (ii) give up your telephone number so that it is no longer used by you; (iii) port your telephone number to a landline or vice versa; or (iv) otherwise stop using that telephone number for any reason (collectively “Phone Number Change”), you agree that you shall promptly notify Revinate of the Phone Number Change via e-mail at: support+privacy@revinate.com, or by using one of the methods set forth in the “Contact Us” section below.
Revinate may release current or past Revinate Collected Data: (a) if we reasonably determine that such information is required to be released by subpoena or court order; (b) if we are sold, merge with a third-party or are acquired by a third-party (collectively, “M&A Transactions”) (including where we share such information in connection with the due diligence process associated with a potential M&A Transaction); (c) if we are the subject of bankruptcy proceedings; (d) as otherwise required or permitted by law; or (e) when we deem it necessary or appropriate. For circumstances involving Revinate in a bankruptcy proceeding, merger, acquisition or sale of all or a portion of its assets, you will be notified via e-mail and/or a prominent notice on the Site of any change in ownership or uses of your personal information, as well as any choices that you may have regarding your personal information.
You hereby consent to the disclosure of any record or communication to any third-party when we, in our sole discretion, determine the disclosure to be required by applicable law, including sharing your e-mail address with third-parties for suppression purposes in compliance with the CAN-SPAM Act of 2003, as amended from time to time, and other e-mail marketing laws. Users should also be aware that courts of equity, such as U.S. Bankruptcy Courts, might have the authority under certain circumstances to permit personal information to be shared or transferred to third-parties without permission.
We may collect certain non-personally identifiable information about you and your desktop computer and/or mobile device when you access a Revinate Solution. For example, this information includes, without limitation, the type of browser that you use (e.g., Safari, Chrome, Internet Explorer), the type of operating system that you use (e.g., Windows or iOS) and the domain name of your Internet service provider (e.g., Verizon, AT&T). We use the non-personally identifiable information that we collect to improve the design and content of the Revinate Solutions and to enable us to improve your Internet experience. We also may use this information in the aggregate to analyze usage and functionality of the Revinate Solutions.
Cookies/IP Addresses/Browser Type
When a Guest accesses a Revinate Solution, we may process IP addresses, user agent strings, cookies and other website tracking technologies to identify users and improve Revinate Solutions. We may send one (1) or more cookies and/or gif files (collectively, “Cookies”) to assign a unique identifier to the applicable Guest’s computer which we retain and use to store Guest preferences, identify usage trends, help improve Revinate Solutions and otherwise enhance your experience with the Revinate Solutions. To find out more about Cookies, please visit www.cookiecentral.com.
Most Internet browsers are initially set up to accept Cookies, but you can reset your browser to refuse all Cookies or to indicate when a Cookie is being sent. To disable and reject certain Cookies, follow the instructions associated with your Internet browser. Even in the case where a Guest rejects a Cookie, she or he may still use the Revinate Solutions; provided, however, that certain Revinate Solutions-related functions may be impaired or rendered inoperable if the use of Cookies is disabled. In general, Guests may also be able to disable some, or all, Internet tracking activity by utilizing the “Do Not Track” setting or similar options within most major Internet browsers.
Behavioral Tracking
The Revinate Solutions do not track Guest activity on, or after Guests leave, the subject Customer Venues.
Cross Device Tracking
The Revinate Solutions do not track Guests across various devices, including personal computers and mobile devices.
Aggregate Data
Revinate may process and transfer and/or sell data that is not personally identifiable information, such as de-identified, aggregate or group data about Guests, including Revinate Collected Data for lawful purposes, such as business needs or product development. Aggregate or group data is data that describes the demographics, usage and other characteristics of Guests as a group, without disclosing personally identifiable information.
You can cancel your use of the Ivy Platform at any time by texting “STOP” to the number that contacted you. For assistance, you may send the reply text “HELP” to the number that contacted you.
We are able to deliver messages to customers of the following mobile phone carriers: AT&T, Verizon Wireless, Sprint, T-Mobile, MetroPCS and U.S. Cellular.
Message and Data Rates May Apply for messages sent and/or received by and through the Ivy Platform. If you have any questions about your text or data plan, please contact your wireless provider. For questions about the Ivy Platform, please feel free to email us at: support+privacy@revinate.com.
Systems access is strictly limited, and we take commercially reasonable measures to prevent unauthorized access to Guest data. Only personnel who have a specific job function that requires it, shall have access to Guest data. Our employees are dedicated to maintaining the security and privacy of such data, and employees not adhering to our firm policies are subject to disciplinary action.
While we take these and many other precautions to protect Guest data, no technology, software or security protocol can be guaranteed to be 100% secure. For these reasons, we cannot warrant that any personal information will be absolutely secure.
Revinate complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Revinate has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF. Revinate has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Revinate is responsible for the processing of personal data it receives, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf. Revinate complies with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction over Revinate’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Revinate may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Revinate commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
To submit a request to exercise your privacy rights, please send your request to the Revinate Customer with whom you have a relationship. If you are a resident of the European Union, United Kingdom or Switzerland and would like to contact the Revinate Data Protection Officer (DPO) please direct your message to dpo@revinate.com.
Revinate® Website Privacy Policy
This Policy outlines how Revinate collects, uses, and protects the personal information of its website visitors.
Last updated June 2024
This Privacy Policy applies solely to the information we collect and use on our corporate Site. This Privacy Policy does not apply to information about guests (“Guests”) of our third-party hospitality industry customers (“Revinate Customers”) that is processed, tracked and/or collected by us in connection with our various proprietary product and services offerings, including Revinate Marketing, Reservation Sales, Revinate Ivy, Guest Feedback, and RezForce (collectively, the “Revinate Solutions”). Please see our Revinate Solutions Privacy Policy for information on our privacy practices and Guest choices as they relate to the Revinate Solutions.
In connection with the Revinate Solutions, Guests may submit personal information, answers to survey questions, reviews, testimonials and other materials. Any information submitted by Guests in connection with the Revinate Solutions shall be subject to the separate privacy policies of our various Revinate Customers. Our Revinate Customers have separate privacy and data collection practices and Revinate has no responsibility or liability relating to them. Please review the privacy policies of the applicable Revinate Customer prior to submitting any information in connection with your engagement with any of the Revinate Solutions.
IF YOU DO NOT AGREE TO TERMS OF THIS PRIVACY POLICY, IN THEIR ENTIRETY, YOU MAY NOT ACCESS OR OTHERWISE USE THE REVINATE OFFERINGS.
If you are a resident of the State of California and would like to learn how your personal information is shared with third parties, what categories of personal information that we have shared with third parties in the preceding year, as well as the names and addresses of those third parties, please call us at: (415) 671-4703; email us as at: support+privacy@revinate.com; or send us U.S. Mail to: Revinate, LLC, 2345 Yale St., First Floor, Palo Alto, CA 94306.
For purposes of this Privacy Policy, items (g) through (j) in the preceding paragraph shall be referred to as “Sensitive Information.”
Where you submit personal information, we use the personal information that you make available to personalize your experience with the Site and to facilitate the provision of the applicable Revinate Offerings to you, including in connection with customer service and to otherwise respond to any inquiries made by you. By submitting information in connection with the Career Opportunities, you agree that we may contact you regarding the employment opportunities for which you applied. You also agree that we may contact you at any time with updates and/or any other information that we may deem appropriate for you to receive in connection with your continued use of the Revinate Offerings.
We may also employ other companies and individuals to perform certain functions on our behalf. Examples include sending direct and electronic mail, removing duplicate information from User lists, analyzing data and providing marketing analysis. The agents performing these limited functions on our behalf shall have access to our Users’ personal information as needed to perform these functions for us, but we do not permit them to use User personal information for other purposes.
We may also use your personal information for internal business purposes, such as analyzing and managing our service offerings including, without limitation, the Revinate Offerings. We may also combine the information we have gathered about you with information from other sources.
By submitting your personal information by and through the Revinate Offerings, you agree that such act constitutes an inquiry and/or application for purposes of the Amended Telemarketing Sales Rule (16 CFR §310 et seq.), as amended from time to time (the “Rule”) and applicable state do-not-call regulations. As such, notwithstanding that your telephone number may be listed on the Federal Trade Commission’s Do- Not-Call List, and/or on applicable state do-not-call lists, we retain the right to contact you via telemarketing in accordance with the Rule and applicable state do-not-call regulations.
Where you provide “prior express consent” within the meaning of the Telephone Consumer Protection Act (47 USC § 227), and its implementing regulations adopted by the Federal Communications Commission (47 CFR § 64.1200), as amended from time-to-time (“TCPA”), you consent to receive telephone calls from Revinate, including artificial voice calls, pre-recorded messages and/or calls (including SMS text messages) delivered via automated technology, to the telephone number(s) that you provided. Please note that you are not required to provide consent under the TCPA in order to obtain access to the Revinate Offerings, and your consent simply allows Revinate to contact you via these means. Please be advised that by agreeing to this Privacy Policy, you are obligated to immediately inform us if and when the telephone number that you have previously provided to us changes. Without limiting the foregoing, if you: (i) have your telephone number reassigned to another person or entity; (ii) give up your telephone number so that it is no longer used by you; (iii) port your telephone number to a landline or vice versa; or (iv) otherwise stop using that telephone number for any reason (collectively “Phone Number Change”), you agree that you shall promptly notify Revinate of the Phone Number Change via e-mail at: support+privacy@revinate.com, or by using one of the methods set forth in the “Contact Us” section below.
We reserve the right to release current or past personal information (including Sensitive Information): (A) in the event that we believe that the Revinate Offerings are being or have been used in violation of any Site-related agreement or to commit unlawful acts; (B) if the information is subpoenaed; provided, however, that, where permitted by applicable law, we shall provide you with e-mail notice, and opportunity to challenge the subpoena, prior to disclosure of any personal information pursuant to a subpoena; (C) if we are sold, merge with a third-party or are acquired by a third-party (collectively, “M&A Transactions”) (including where we share your personal information in connection with the due diligence process associated with a potential M&A Transaction); or (D) if we are the subject of bankruptcy proceedings; provided, however, that if Revinate is involved in a bankruptcy proceeding, merger, acquisition or sale of all or a portion of its assets, you will be notified via e-mail and/or a prominent notice on the Site of any change in ownership or uses of your personal information, as well as any choices that you may have regarding your personal information.
You hereby consent to the disclosure of any record or communication to any third-party when we, in our sole discretion, determine the disclosure to be required by applicable law, including sharing your e-mail address with third-parties for suppression purposes in compliance with the CAN-SPAM Act of 2003, as amended from time to time, and other e-mail marketing laws. Users should also be aware that courts of equity, such as U.S. Bankruptcy Courts, might have the authority under certain circumstances to permit personal information to be shared or transferred to third-parties without permission.
We may collect certain non-personally identifiable information about you and your desktop computer and/or mobile device when you visit many of the pages of the Site. This non-personally identifiable information includes, without limitation, the type of browser that you use (e.g., Safari, Chrome, Internet Explorer), your IP address, the type of operating system that you use (e.g., Windows or iOS) and the domain name of your Internet service provider (e.g., Verizon, AT&T). We use the non-personally identifiable information that we collect to improve the design and content of the Revinate Offerings and to enable us to personalize your Internet experience. We also may use this information in the aggregate to analyze usage of the Revinate Offerings.
Cookies
When a User visits the Site, we send one (1) or more cookies and/or gif files (collectively, “Cookies”) to assign an anonymous, unique identifier to the applicable User’s computer. A Cookie is a piece of data stored on your hard drive containing non-personally identifiable information about you. Cookies have many benefits to enhance your experience at the Site. To find out more about Cookies, please visit www.cookiecentral.com. We use Cookies to improve the quality of the Revinate Offerings, including for storing User preferences and tracking Site-User trends (including pages opened and length of stay at the Site).
Most Internet browsers are initially set up to accept Cookies, but you can reset your browser to refuse all Cookies or to indicate when a Cookie is being sent. To disable and reject certain Cookies, follow the instructions associated with your Internet browser. Even in the case where a User rejects a Cookie, she or he may still use the Revinate Offerings; provided, however, that certain Revinate Offerings-related functions may be impaired or rendered inoperable if the use of Cookies is disabled. We reserve the right to retain Cookie data as long as they are beneficial for business needs.
Behavioral Tracking and Data Collection
We place cookies on your device in order to identify you in our system, and we may use this information to help us send targeted marketing communications to our Users. From time to time we may also display advertising on our Site, and in that capacity use cookies to provide display advertising targeted to your interests. You may opt out of our display advertising partner(s)and their partners’ targeted advertising using the following links: http://www.aboutads.info/choices/, http://www.networkadvertising.org/choices/, and http://www.youronlinechoices.eu/, if located in the European Union.
Revinate also uses web analytics services provider Google® Analytics. Google® Analytics is a web analytics service provided by Google Inc. (“Google®“). Google® Analytics uses cookies and similar technologies to analyze how Users use the Site. The information generated about Site usage (including your shortened IP address) is transmitted to Google® in the U.S. This information is used to evaluate visitors’ use of the Site, compile statistical reports on Site activity, and provide other services related to the Site Offerings. Google® may also collect information about Site visitors’ use of other websites. For more information about Google® Analytics, or to opt out of Google® Analytics, please go to: https://tools.google.com/dlpage/gaoptout/.
In addition, Revinate uses the following third party services in order to better understand Site-User needs and to optimize the Revinate Offerings:
(a) Revinate uses Chili Piper® to help collect, manage and filter some of the personal information collected on the Site. For further details, including opt-out methods, please see Chili Piper’s® privacy policy by clicking here.
(b) Revinate uses Gravity Forms® to help create and maintain certain of the registration forms used to collect personal information on the Site. For further details, including opt-out methods, please see Gravity Forms® privacy policy by clicking here.
(c) Revinate uses Google® Fonts to optimize the Site-User’s experience with the Revinate Offerings. Google® Fonts may track Site-User IP addresses. Revinate will obtain Site-User consent prior to making Google® Fonts available to the subject Site-User(s).
We also use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the Site, the events that occur within the Site, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application. Users may also be able to disable some, or all, Internet tracking activity by utilizing the “Do Not Track” setting or similar options within most major Internet browsers.
Cross Device Tracking
Revinate may track Users’ use of the Revinate Offerings across multiple devices, including personal computers and mobile devices.
Aggregate Data
Revinate reserves the right to transfer and/or sell aggregate or group data about Users of the Revinate Offerings for lawful purposes. Aggregate or group data is data that describes the demographics, usage and other characteristics of Revinate Offerings Users as a group, without disclosing personally identifiable information.
Access to your personal information is strictly limited, and we take reasonable measures to ensure that your personal information is not accessible to the public. All of our Users’ personal information is restricted in our offices, as well as the offices of our third-party service providers. Only employees or third-party agents who need User personal information to perform a specific job are granted access to User personal information. Our employees are dedicated to ensuring the security and privacy of all User personal information. Employees not adhering to our firm policies are subject to disciplinary action. The servers that we store User personal information on are kept in a secure physical environment. We also have security measures in place to protect the loss, misuse and alteration of personal information under our control.
Please be advised, however, that while we take every reasonable precaution available to protect your data, no storage facility, technology, software, security protocols or data transmission over the Internet or via wireless networks can be guaranteed to be 100% secure. Computer hackers that circumvent our security measures may gain access to certain portions of your personal information, and technological bugs, errors and glitches may cause inadvertent disclosures of your personal information; provided, however, that any attempt to breach the security of the network, our servers, databases or other hardware or software may constitute a crime punishable by law. For the reasons mentioned above, we cannot warrant that your personal information will be absolutely secure. Any transmission of data at or through the Site, other Revinate Offerings or otherwise via the Internet or wireless networks, is done at your own risk.
In compliance with applicable federal and state laws, we shall notify you and any applicable regulatory agencies in the event that we learn of an information security breach with respect to your personal information. You will be notified via e-mail in the event of such a breach. Please be advised that notice may be delayed in order to address the needs of law enforcement, determine the scope of network damage, and to engage in remedial measures.
Notwithstanding the foregoing, we may continue to contact you for the purpose of communicating information relating to your request for Revinate Offerings, as well as to respond to any inquiry or request made by you. To opt-out of receiving Revinate Offerings-related and/or inquiry response-related messages from Revinate, you must cease requesting and/or utilizing the Revinate Offerings and/or cease submitting inquiries to Revinate, as applicable.
Please be advised that deleting your personal information may terminate your access to certain of the Revinate Offerings. If you wish to continue using the full complement of Revinate Offerings, you may not be able to delete all of the personal information that we have on file for you. Please be further advised that, after you delete your personal information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems.
Revinate complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Revinate has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF. Revinate has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Revinate is responsible for the processing of personal data it receives, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf. Revinate complies with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction over Revinate’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Revinate may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Revinate commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
Revinate Data Processing Addendum
This Addendum outlines Revinate’s responsibilities as a data processor when handling personal data pursuant to instructions from its customers, the data controllers, in compliance with applicable data protection laws. It ensures that personal data is processed securely and lawfully, and protects the rights of individual data subjects.
Last updated December 2023
1.1 “Affiliate(s)” has the same meaning ascribed to it in the Agreement and, if not defined in the Agreement, the term means any legal entity directly or indirectly controlling, controlled by or under common control with a party, where control means the ownership of a majority share of the stock, equity or voting interests of such entity.
1.2 “Agreement” means Revinate’s Master Services Agreement, or other written or electronic agreement, which governs the provision of the Services to Customer, as such terms or agreement may be updated from time to time.
1.3 “Controller,” “Processor”, “Data Subject,” “Personal Data,” “Processing” and “Process” (whether or not capitalized) have the meanings given to them under applicable Data Protection Laws or if not defined thereunder, the GDPR, and “Process”, “Processes” and “Processed”, with respect to any Customer Data shall be interpreted accordingly.
1.4 “Customer” means the non-Revinate party to both the Agreement and this DPA that has access to the Services.
1.5 “Customer Data” means any Personal Data that Revinate processes on behalf of Customer via the Services, as more particularly described in this DPA.
1.6 “Data Protection Laws” means all data protection laws and regulations applicable to a party’s processing of Customer Data under the Agreement, including, where applicable, European Data Protection Laws and Non-European Data Protection Laws.
1.7 “Europe” means, for the purposes of this DPA, the European Economic Area and its member states (“EEA”), Switzerland and the United Kingdom (“UK”).
1.8 “European Data Protection Laws” means all data protection laws and regulations applicable to Europe, including (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) applicable national implementations of (i) and (ii); (iv) the GDPR as it forms part of UK law by virtue of section 3 of the UK European Union (Withdrawal) Act 2018 and the UK Data Protection Act 2018 (together, “UK Data Protection Laws”); and (v) the Swiss Federal Data Protection Act of 19 June 1992 and its Ordinance, and the new Federal Act on Data Protection effective as of September 1, 2023 (“Swiss DPA”).
1.9 “Non-European Data Protection Laws” means US Data Protection Law and the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”).
1.10 “Revinate” means the Revinate entity that is a party to both the Agreement and this DPA, which may be Revinate, LLC, a Delaware limited liability corporation, or a Revinate Affiliate as applicable.
1.11 “SCCs” or “Standard Contractual Clauses” means (i) the Standard Contractual Clauses between Controllers and Processors adopted by the European Commission in its Implementing Decision (EU) 2021/91 of 4 June 2021 (the “2021 Controller-to-Processor Clauses”); or (ii) the Standard Contractual Clauses between Processors adopted by the European Commission in its Implementing Decision (EU) 2021/91 of 4 June 2021 (the “2021 Processor-to-Processor Clauses”), set out at https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en (or such other URL as the European Commission may designate); as applicable in accordance with Section 6.
1.12 “Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, or alteration of, or unauthorized disclosure of or access to, Customer Data on systems managed or otherwise controlled by Revinate.
1.13 “Sensitive Data” means (a) social security number, tax file number, passport number, driver’s license number, or similar identifier; (b) credit or debit card number (other than the truncated (last four digits) of a credit or debit card); (c) employment, financial, credit, genetic, biometric or health information; (d) racial, ethnic, political or religious affiliation, trade union membership, information about sexual life or sexual orientation, or criminal record; (e) account passwords; or (f) other information that falls within the definition of “special categories of data” under applicable Data Protection Laws.
1.14 “Sub-processor” means any Processor engaged by Revinate or its Affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Agreement or this DPA. Sub-processors may include third parties or Affiliates of Revinate, but shall exclude Revinate’s employees, contractors, or consultants.
1.15 “UK Addendum” means the International Data Transfer Addendum (version B1.0) issued by the Information Commissioner’s Office under S.119(A) of the UK Data Protection Act 2018, as updated or amended from time to time.
1.16 “US Data Protection Law” means the California Privacy Rights Act (“CPRA”); Colorado Privacy Act; Connecticut Personal Data Privacy and Online Monitoring Act; Indiana Consumer Data Protection Act (effective 1 Jan. 2026); Iowa Consumer Data Protection Act (effective 1 Jan. 2025; Montana Consumer Data Privacy Act (effective 1 Jan. 2024); Oregon Consumer Privacy Act; Tennessee Information Protection Act (effective 1 July 2025); Texas Data Privacy and Security Act (effective 1 July 2024); Utah Consumer Privacy Act; Virginia Consumer Data Protection Act; and all applicable comprehensive state data protection laws and regulations that are or are not yet in effect as of the date of this DPA; in each case as may be amended or superseded from time to time.
2.2 Purpose limitation. Revinate shall Process Customer Data, as further described in Annex A (Details of Data Processing) of this DPA, only in accordance with Customer’s documented lawful instructions as set forth in this DPA, as necessary to comply with applicable law, or as otherwise agreed in writing (“Permitted Purposes”). The parties agree that the Agreement, including this DPA, along with the Customer’s configuration of or use of any settings, features, or options in the Services (as the Customer may be able to modify from time to time) constitute the Customer’s complete and final instructions to Revinate in relation to the Processing of Customer Data (including for the purposes of the SCCs), and Processing outside the scope of these instructions (if any) shall require prior written agreement between the parties.
2.3 Prohibited Data. Customer will not provide (or cause to be provided) any Prohibited Data to Revinate for Processing under the Agreement, and Revinate will have no liability whatsoever for Prohibited Data, whether in connection with a Security Incident or otherwise. For the avoidance of doubt, this DPA will not apply to Prohibited Data.
2.4 Customer compliance. Customer represents and warrants that (i) it has complied, and will continue to comply, with all applicable laws, including Data Protection Laws, in respect of its Processing of Customer Data and any Processing instructions it issues to Revinate and (ii) it has provided, and will continue to provide, all notice and has obtained, and will continue to obtain, all consents and rights necessary under Data Protection Laws for Revinate to Process Customer Data for the purposes described in the Agreement. Customer shall have sole responsibility for the accuracy, quality, and legality of Customer Data and the means by which Customer acquired Customer Data. Without prejudice to the generality of the foregoing, Customer agrees that it shall be responsible for complying with all laws (including Data Protection Laws) applicable to any campaigns or other content created, sent, or managed through the Services, including those relating to obtaining consents (where required) to send messages, the content of the messages and its message deployment practices.
2.5 Lawfulness of Customer’s instructions. Customer will ensure that Revinate’s Processing of the Customer Data in accordance with Customer’s instructions will not cause Revinate to violate any applicable law, regulation, or rule, including, without limitation, Data Protection Laws. Revinate shall promptly notify Customer in writing, unless prohibited from doing so under European Data Protection Laws, if it becomes aware or believes that any data Processing instruction from Customer violates European Data Protection Laws. Where Customer acts as a Processor on behalf of a third-party Controller (or other intermediary to the ultimate Controller), Customer warrants that its Processing instructions as set out in the Agreement and this DPA, including its authorizations to Revinate for the appointment of Sub-processors in accordance with this DPA, have been authorized by the relevant Controller. Customer shall serve as the sole point of contact for Revinate and Revinate need not interact directly with (including to provide notifications to or seek authorization from) any third-party Controller other than through regular provision of the Services to the extent required under the Agreement. Customer shall be responsible for forwarding any notifications received under this DPA to the relevant Controller, where appropriate.
3.2 Sub-processor obligations. Revinate shall: (i) enter into a written agreement with each Subprocessor containing data protection obligations that provide at least the same level of protection for Customer Data as those in this DPA, to the extent applicable to the nature of the services provided by such Sub-processor; and (ii) remain responsible for such Sub-processor’s compliance with the obligations of this DPA and for any acts or omissions of such Sub-processor that cause Revinate to breach any of its obligations under this DPA. Customer acknowledges and agrees that, where applicable, Revinate fulfills its obligations under Clause 9 of the 2021 Controller-to-Processor Clauses and 2021 Processor-to Processor Clauses (as applicable) by complying with this Section 3, and that Revinate may be prevented from disclosing Sub-processor agreements to Customer due to confidentiality restrictions but Revinate shall, upon request, provide information reasonably requested by Customer regarding Sub-processor agreements, or if necessary provide copies of Sub-processor agreements and any subsequent amendments, redacted to protect business secrets or other confidential information, including personal data.
4.2 Confidentiality of processing. Revinate shall ensure that any person who is authorized by Revinate to process Customer Data (including its staff, agents, and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).
4.3 Updates to Security Measures. Customer is responsible for reviewing the information made available by Revinate relating to data security and making an independent determination as to whether the Services meet Customer’s requirements and legal obligations under Data Protection Laws. Customer acknowledges that the Security Measures are subject to technical progress and development and that Revinate may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Services provided to Customer.
4.4 Security Incident response. Upon becoming aware of a Security Incident, Revinate shall: (i) notify Customer without undue delay, and where feasible, within 48 hours of awareness; (ii) provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer; and (iii) promptly take reasonable steps to contain and investigate any Security Incident.
Revinate’s notification of or response to a Security Incident under this Section 4.4 shall not be construed as an acknowledgment by Revinate of any fault or liability with respect to the Security Incident.
4.5 Customer responsibilities. Notwithstanding the above, Customer agrees that except as provided by this DPA, Customer is responsible for its secure use of the Services, including securing its account authentication credentials, protecting the security of Customer Data when in transit to and from the Service, and taking any appropriate steps to securely encrypt or backup any Customer Data uploaded to the Services.
5.2 Security due diligence. Revinate shall respond to all reasonable requests for information made by Customer to confirm Revinate’s compliance with this DPA, including responses to information security, due diligence, and audit questionnaires, by making additional information available regarding its information security program upon Customer’s written request to support+privacy@revinate.com, provided that Customer shall not exercise this right more than once per calendar year.
6.2 EEA Data Transfers. To the extent that Revinate is a recipient of Customer Data protected by GDPR in a country outside of EEA that is not recognized as providing an adequate level of protection for personal data (as described in applicable European Data Protection Laws), the parties agree to abide by and process such Customer Data in compliance with the SCCs, which shall be incorporated into and form an integral part of this DPA.
6.3 Standard Contractual Clause Optional Provisions. Where the SCCs identify optional provisions (or provisions with multiple options) the following shall apply:
(a) Clause 7 (Docking Clause) is omitted;
(b) In Clause 9(a) (Use of sub-processors) – Option 2 shall apply and the parties shall follow the process and timings agreed in Section 3 above to appoint sub-processors;
(c) In Clause 11(a) (Redress) – the Optional provision shall NOT apply;
(d) In Clause 16(b) (Suspension of transfers) if Revinate is the data exporter it will suspend transfers of personal data only as required by law and will notify Customer as promptly as possible (before suspension if possible) so that Customer may remedy the condition requiring suspension;
(e) In Clause 13 (Supervisory Authority) – the competent supervisory authority will be the supervisory authority with responsibility for ensuring compliance by Customer with GDPR as regards the data transfer;
(f) In Clause 17 (Governing Law) – the laws of the Netherlands shall govern; and
(g) In Clause 18 (Choice of forum and jurisdiction) – the courts of the Netherlands shall have jurisdiction.
6.4 UK Data Transfers. With respect to transfers to which the UK Data Protection Laws apply, the SCCs shall apply and shall be deemed amended as specified by the UK Addendum. The UK Addendum shall be deemed executed by the parties and incorporated into and form an integral part of this DPA. In addition: Tables 1 to 3 in Part 1 of the UK Addendum shall be deemed completed with the information set out in Annexes I and II of the relevant SCCs; and Table 4 in Part 1 of the UK Addendum shall be deemed completed by selecting “neither party”.
6.5 Swiss Data Transfers. With respect to transfers to which the Swiss DPA apply, the SCCs shall apply in accordance with Section 6.2 with the following modifications: (i) references to “Regulation (EU) 2016/679” shall be interpreted as references to the Swiss DPA; (ii) references to specific Articles of “Regulation (EU) 2016/679” shall be replaced with the equivalent article or section of the Swiss DPA; (iii) references to “EU”, “Union” and “Member State law” shall be replaced with “Switzerland”; (iv) Clause 13(a) and Part C of Annex Il shall be deleted; (v) references to the “competent supervisory authority” and “competent courts” shall be replaced with “the Swiss Federal Data Protection and Information Commissioner” and “relevant courts in Switzerland”; (vi) Clause 17 shall be replaced to state “The Clauses are governed by the laws of Switzerland”; and (vii) Clause 18 shall be replaced to state “Any dispute arising from these Clauses shall be resolved by the applicable courts of Switzerland. The parties agree to submit themselves to the jurisdiction of such courts”.
6.6 Compliance with the SCCs. The parties agree that if Revinate cannot ensure compliance with the SCCs, it shall promptly inform Customer of its inability to comply. If Customer intends to suspend the transfer of European Data and/or terminate the affected parts of the Services, it shall first provide notice to Revinate and provide Revinate with a reasonable period of time to cure such non-compliance, during which time Revinate and Customer shall reasonably cooperate to agree what additional safeguards or measures, if any, may be reasonably required. Customer shall only be entitled to suspend the transfer of data and/or terminate the affected parts of the Services for non-compliance with the SCCs if Revinate has not or cannot cure the non-compliance within a reasonable period.
6.7 Alternative transfer mechanism. To the extent Revinate adopts an alternative lawful data transfer mechanism for the transfer of European Data not described in this DPA (“Alternative Transfer Mechanism”), the Alternative Transfer Mechanism shall apply instead of the transfer mechanisms described in this DPA (but only to the extent such Alternative Transfer Mechanism complies with applicable European Data Protection Laws and extends to the countries to which European Data is transferred). In addition, if and to the extent that a court of competent jurisdiction or supervisory authority orders (for whatever reason) that the measures described in this DPA cannot be relied on to lawfully transfer European Data (within the meaning of applicable European Data Protection Laws), Revinate may implement any additional measures or safeguards that may be reasonably required to enable the lawful transfer of European Data.
Upon termination or expiration of the Agreement, Revinate shall (at Customer’s election) delete or return to Customer all Customer Data (including copies) in its possession or control, except that this requirement shall not apply to the extent Revinate is required by applicable law to retain some or all of the Customer Data, or to Customer Data it has archived on back-up systems, which Customer Data Revinate shall securely isolate, protect from any further processing and eventually delete in accordance with Revinate’s deletion policies, except to the extent required by applicable law. The parties agree that the certification of deletion of Customer Data described in Clause 8.5 and 16(d) of the 2021 Controller-to-Processor Clauses and 2021 Processor-to-Processor Clauses (as applicable) shall be provided by Revinate to Customer only upon Customer’s written request.
8.2 Data protection impact assessment. To the extent required under applicable Data Protection Laws, Revinate shall (considering the nature of the processing and the information available to Revinate) provide all reasonably requested information regarding the Services to enable Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by Data Protection Laws. Revinate shall comply with the foregoing by: (i) complying with Section 5 (Security Reports and Audits); (ii) providing the information contained in the Agreement, including this DPA; and (iii) if the foregoing sub-sections (i) and (ii) are insufficient for Customer to comply with such obligations, upon request, providing additional reasonable assistance (at Customer’s expense).
10.2 Any claims made against Revinate or its Affiliates under or in connection with this DPA (including, where applicable, the SCCs) shall be brought solely by the Customer entity that is a party to the Agreement.
10.3 In no event shall any party limit its liability with respect to any individual’s data protection rights under this DPA or otherwise.
11.2 The parties agree that this DPA shall replace any existing data processing agreement or similar document that the parties may have previously entered into in connection with the Services.
11.3 In the event of any conflict or inconsistency between this DPA and Revinate’s General Terms and Conditions, the provisions of the following documents (in order of precedence) shall prevail: (i) SCCs; then (ii) this DPA; and then (iii) the General Terms and Conditions.
11.4 Except for any changes made by this DPA, the Agreement remains unchanged and in full force and effect.
11.5 No one other than a party to this DPA, its successors and permitted assignees shall have any right to enforce any of its terms.
11.6 This DPA shall be governed by and construed in accordance with the governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws.
The categories of data subjects whose Personal Data is Processed include (i) individual end users who work for Customer and set up user accounts on Revinate’s Services, and (ii) guests who stay at or otherwise visit Customer’s property(ies).
(b) Categories of Personal Data:
Revinate will Process (i) the names and email addresses of Customer personnel who log in to the Revinate Services, and (ii) data related to a guest’s stay at or visit to Customer’s property(ies), including:
● Name
● Email address
● Physical address
● IP-address and other online identifiers
● Date of birth
● Telephone/mobile number
● Location Data
● Information related to a guest’s booking for accommodations or ancillary services (e.g., spa, golf, dining, etc.) at the Customer’s hotel property
In addition, Revinate will Process the categories of Personal Data provided by Customer. If Customer’s property management system captures special categories of data, including, without limitation, factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity, and Customer chooses to make those categories available to Revinate, Revinate may Process them.
(c) Sensitive data processed (if applicable): Revinate does not want to, nor does it intentionally, collect or Process any Sensitive Data in connection with the provision of the Services.
(d) Duration of Processing: Revinate will process Customer Data as outlined in Section 7 (Return or Deletion of Data) of this DPA.
(e) Nature and Purpose of Processing: Revinate processes Personal Data in order to provide its Services to hospitality customers as described at www.revinate.com. Revinate shall only Process Customer Data for the Permitted Purposes, which shall include: (i) processing as necessary to provide the Services in accordance with the Agreement; (ii) Processing initiated by Customer in its use of the Services; and (iii) Processing to comply with any other reasonable instructions provided by Customer (e.g., via email or support tickets) that are consistent with the terms of the Agreement.
1. System Access Controls: Revinate shall take reasonable measures to prevent Personal Data from being used without authorization. These controls shall vary based on the nature of the Processing undertaken and may include, among other controls, authentication via passwords and/or two-factor authentication, documented authorization processes, documented change management processes and/or, logging of access on several levels.
2. Data Access Controls: Revinate shall take reasonable measures to (i) provide that Personal Data is accessible and manageable only by properly authorized staff, (ii) direct database query access is restricted and application access rights are established and enforced to ensure that persons entitled to use a data processing system only have access to the Personal Data to which they have privilege of access, and (iii) that Personal Data cannot be read, copied, modified or removed without authorization in the course of Processing.
3. Auditing. Revinate will cooperate with any audit(s) requested by Customer pursuant to Section 5.2 of the DPA.
1. Objection to Sub-processors. Customer may object in writing to Revinate’s appointment of a new Sub-processor within five (5) calendar days of receiving notice in accordance with Section 3.1 of the DPA, provided that such objection is based on reasonable grounds relating to data protection. In such event, the parties shall discuss such concerns in good faith with a view to achieving a commercially reasonable resolution. If no such resolution can be reached, Revinate will, at its sole discretion, either not appoint such Sub-processor, or permit Customer to suspend or terminate the affected Services in accordance with the termination provisions in the Agreement without liability to either party (but without prejudice to any fees incurred by Customer prior to suspension or termination).
2. Government data access requests. As a matter of general practice, Revinate does not voluntarily provide government agencies or authorities (including law enforcement) with access to or information about Revinate’s accounts (including Customer Data). If Revinate receives a compulsory request (whether through a subpoena, court order, search warrant, or other valid legal process) from any government agency or authority (including law enforcement) for access to or information about a Revinate account (including Customer Data) belonging to a Customer whose primary contact information indicates the Customer is located in Europe, Revinate shall: (i) review the legality of the request; (ii) inform the government agency that Revinate is a Processor of the data; (iii) attempt to redirect the agency to request the data directly from Customer; (iv) notify Customer via email sent to Customer’s primary contact email address of the request to allow Customer to seek a protective order or other appropriate remedy; and (v) provide the minimum amount of information permissible when responding to the agency or authority based on a reasonable interpretation of the request. As part of this effort, Revinate may provide Customer’s primary and billing contact information to the agency. Revinate shall not be required to comply with this paragraph 2 if it is legally prohibited from doing so, or it has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual, public safety, or Revinate’s property, the Revinate Site, or Services, but where Revinate is legally prohibited from notifying Customer of requests it shall use its best efforts to obtain a waiver of the prohibition.
3. EU Representative. Revinate’s representative in the European Union is Revinate, B.V., Kerkstraat 342H, 1017JA, Amsterdam; support+privacy@revinate.com.
United States:
1. Except as described otherwise, the terms Controller, Processor, Personal Data and data subject shall mean “Business”, “Service Provider” “Personal Information”, and “Consumer” under CPRA, and shall include equivalent terms under other US Data Protection Laws.
2. For this “section of Annex C only, “Permitted Purposes” shall include Processing Customer Data only for the purposes described in this DPA and in accordance with Customer’s documented lawful instructions as set forth in this DPA, as necessary to comply with applicable law, as otherwise agreed in writing, including, without limitation, in the Agreement, or as otherwise may be permitted for “Service Providers” under US Data Protection Law.
3. Revinate’s obligations regarding data subject requests, as described in Section 8 (Data Subject Rights and Cooperation) of this DPA, extend to rights requests under US Data Protection Law.
4. Notwithstanding any use restriction contained elsewhere in this DPA, Revinate shall Process Customer Data to perform the Services, for the Permitted Purposes and/or in accordance with Customer’s documented lawful instructions, or as otherwise permitted or required by applicable law.
5. Notwithstanding any use restriction contained elsewhere in this Annex C, Revinate may deidentify or aggregate Customer Data as part of performing the Services specified in this DPA and the Agreement.
6. Where Sub-processors Process the Personal Information of Customer contacts, Revinate takes steps to ensure that such Sub-processors are Service Providers under US Data Protection Law with whom Revinate has entered into a written contract that includes terms substantially similar to this Section of Annex C or are otherwise exempt from the CCPA’s definition of “sale”. Revinate conducts appropriate due diligence on its Sub-processors.
7. Revinate shall not Sell or Share (as defined in US Data Protection Laws), disclose, release, transfer, make available or otherwise communicate any Customer Data to another business or third party without Customer’s prior written consent unless and to the extent that such disclosure is made to a Sub-processor for a business purpose. Notwithstanding the foregoing, nothing in this DPA shall restrict Revinate’s ability to disclose Customer Data to comply with applicable laws; provided that if such disclosure is required, Revinate will promptly notify Customer of the request for disclosure unless such notification is prohibited by applicable law or a legally binding order.
Canada:
1. Revinate takes steps to ensure that Revinate’s Sub-processors, as described in Section 3 (Subprocessing) of the DPA, are third parties under PIPEDA, with whom Revinate has entered into a written contract that includes terms substantially similar to this DPA. Revinate conducts appropriate due diligence on its Sub-processors.
2. Revinate will implement technical and organizational measures as set forth in Section 4 (Security) of the DPA.
Sub-processor
This document lists the third-party entities (other companies or organizations) that Revinate engages to help us process personal data on behalf of our customers, the data controllers.
Last Updated: July 1, 2023
Entity name | Description of processing | Entity country | Related Revinate services |
---|---|---|---|
Advanced Tech Placement | Used to provide supplemental engineering resources | United States | All |
Clifton Myers Ent Inc. | Used to provide supplemental engineering resources | United States, Lebanon | All |
Amazon Web Services, Inc. | Cloud service provider | United States | All |
Google Inc. | Cloud service provider and platform that measures customer usage of our services | United States | All |
Salesforce | Customer relationship management | United States | All |
Marketo | Marketing automation for customers and prospects | United States | All |
Intercom | Lifecycle communications to customers and prospects | United States | All |
Twilio Inc | Cloud-based customer communication platforms, including Twilio and SendGrid | United States | All |
Pendo | Product experience platform that measures customer usage of our services | United States | All |
TaskUs | Back office support and administration | Philippines | All |
Zuora | Financial tool to manage customer subscriptions and invoicing | United States | All |
GoCardLess | Users that pay via direct debit will authorize processing through GoCardLess | United States | All |
Stripe | Users that pay via credit card will authorize electronic processing through Stripe | United States | All |
Log(n) | Used to provide supplemental engineering resources | Costa Rica | All |
Mismo | Used to provide supplemental engineering resources | United States, Uruguay, Mexico | All |
Globant S.A. | Used to provide supplemental engineering resources | United States, Colombia | All |
Svitla | Used to provide supplemental engineering resources | United States, Ukraine | All |
LogRocket | Customer experience platform that measures customers’ usage of our services | United States | All |
DBT | Used for operational workflows around customer analytics | United States | All |
GoLiveSMS | Used to power communications | United States | Ivy |
Bandwidth | Used to power communications | United States | Ivy |
NICE | Used to power communications | United States | Reservation Sales |
SendWithUs | Cloud-based customer communication platform | United States | Feedback |
Tripadvisor | Guests that submit Revinate Surveys may authorize to share their name and review to Tripadvisor | United States | Feedback |
Mailgun | Cloud-based email router | United States | All |
Zerobounce | Email verification service to identify false email addresses | United States | Marketing |
Kong Inc | API management for outbound integrations | United States | API Out |
JCC dba Call Center Solutions | Used for additional human call center support | United States | RezForce |
RAC Human Capital (Pty) Ltd | Used for additional human call center support | South Africa | RezForce |
Depending on the geographic location of a customer or their authorized users, and the nature of the Revinate services provided, Revinate may also engage one or more of the following affiliates as processors when accessing customer data to deliver support and similar services to a customer:
Revinate B.V. | Netherlands |
Revinate Singapore PTE Ltd. | Singapore |
Buehner-Fry, Inc., a Nevada corporation, dba NAVIS | United States |
Go Moment, Inc. | United States |