Privacy Policy

RIVEL - PRIVACY NOTICE

1. INTRODUCTION

1.1 This privacy notice ( Privacy Notice ) sets out the ways in which we, Rivel, Inc. ( Rivel, we, us, our ), collect and use your personal data (your personal information) in connection with our business. It also explains what rights you have to access or change your personal data. California residents, please also refer to the Additional Privacy Notice for California Residents in section 14.

2. ABOUT US

2.1 We are a company with our headquarters in the United States of America (USA) at the address set out below.

2.2 You can contact us directly as follows:

FAO : Theresa Patti, Chief Productivity Officer
Address : Rivel, Inc.
57 Greens Farms Road, 2nd Floor
Westport, CT 06880 USA
Email : privacy@rivel.com
Phone : +1 (203) 226-0800

Or our United Kingdom (UK) Representative at:

FAO : Roel Jacobs, Consultant
Address : Rivel, Inc.
4 - 12 Regent Street
London SW1Y 4PE UK
Email : rjacobs@rivel.com
Phone : +44 (0) 20 3744 2376

Or, if you are from a European Union (EU) member state, you may also contact our European Representative, DataRep (Ireland), by clicking here for instructions.

Manage Your Communications Preferences Online :

Residents of the EU/Switzerland/UK/California click here

Residents of other locations click here

3. INFORMATION WE MAY COLLECT ABOUT YOU

3.1 Information that you provide to us.

3.1.1 We will collect any information that you provide to us when you:

(a) respond to our surveys (online or on the phone), fill in a form, or use any features of our website;

(b) make an inquiry, provide feedback or make a complaint over the phone, by email or on our website;

(c) submit correspondence to us by post, email or via our website;

(d) create an account to use the members-only portion of our website (the Gateway) when you or your company become a member of one of our Councils;

(e) update your profile and other account details on our website;

(f) submit comments via our website;

(g) register for and/or attend our events;

(h) submit a CV, submit an application to a job vacancy, attend an interview or assessment, become an employee or independent contractor; and

(i) and ‘follow’, ‘like’, post to or interact with our social media accounts, including LinkedIn, Twitter and YouTube.

3.1.2 The information you provide to us will include (depending on the circumstances):

(a) Identity and contact data : title, names, addresses, email addresses and phone numbers, job function, areas of expertise;

(b) Survey data : Rivel’s primary line of business is to conduct business-to-business ( B2B ) consulting and survey research among the global investment community and corporate executives. We also conduct employee survey research for our clients. If you are willing to participate in our surveys, we will also collect any information that you provide as part of that survey;

(c) Account profile data : if you’re registering for an account on our Gateway as a client, you may also provide a username, password, job title/position, years of experience, phone number, website, location of your office and an optional profile photo; and/or

(d) Employment and background data : If you are submitting a job application or becoming an employee or contractor, you may also provide additional information about your academic and work history, qualifications, skills, projects and research that you are involved in, references, proof of your entitlement to work in the US or UK, your national security number, your passport or other identity document details, your current level of remuneration (including benefits), sensitive data (such as gender, ethnicity, vaccination status and protected class status), and any other such similar information that you may provide to us;

3.2 Information we collect about you:

(a) Information contained in correspondence : We will collect any information contained in any correspondence between us. For example, if you contact us using a contact form on our website or by email or telephone, we may keep a record of that correspondence;

(b) Information transmitted on the website : We will collect information that you upload or post to our website;

(c) Website usage data : We will collect information about your interactions with the website, including information such as login data, IP address, page views, searches, requests, and other actions on the website; and

(d) Technical data : We will also collect certain information about how you use our website, software platforms and cloud services, as well as the device that you use to access these platforms, even where you have not created an account or logged in. This might include your geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), the data transmitted by your browser (such as your IP address, date and type of the request, content of the request regarding the specific site, time zone settings, access status/HTTP status code, volume of data transmitted, browser type and version, language settings, time zone settings referral source, length of visit to the website, date and time of the request, operating system and interface) number of page views, the search queries you make on the website, files and data accessed/created/deleted, usage information of our communications systems, and similar information. This information may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies please read the COOKIES section below.

3.3 We do not collect “ Special categories ” of particularly sensitive personal information, except in the case of job applicants and employees, as noted in 3.1.2.d. above. When we collect special categories of data, we implement additional security measures to limit access to the data and ensure its integrity. This processing is necessary for the purpose of carrying out the obligations and exercising specific rights of Rivel in the field of employment and social protection law.

3.4 Information we receive from third parties

3.4.1 In certain circumstances, we will receive information about you from third parties. For example:

(a) Information provided by our clients : Our client companies ask us to conduct survey research among investment professionals, corporate executives and/or their employees. Our clients often provide us with business contact information, including names, titles, companies, locations, email addresses, phone numbers, job functions and stock ownership/analyst coverage information that we use to conduct survey research.

(b) Employers, recruitment agencies and referrers : if you are a job applicant, employee or independent contractor, we may contact your recruiter, current and former employers and/or references, who may be based inside or outside the EU, to provide information about you and your application. We may also conduct background checks on you;

(c) Service providers : we may collect personal information from our Executive Interviewers, website developers and IT support providers (who may be based inside or outside the EU);

(d) Website security : we will collect information from our website security service partners (who are based outside the EU) about any misuse to the website – for instance, the introduction of viruses, Trojans, worms, logic bombs, website attacks or any other material or action that is malicious or harmful;

(e) Social media plugins : we currently use social media plugins from the following service providers who are based both inside and outside the EU: Twitter, LinkedIn and YouTube. By providing your social media account details, you are authorizing that third-party provider to share with us certain information about you;

(f) Publicly available sources : we currently use publicly available sources such as LinkedIn, Morningstar, Yahoo! Finance, Google Finance and government agencies’ securities registrations databases (e.g., SEC’s EDGAR) to gather, verify and update information we may have about you (these sources are based inside and outside the EU);

(g) Private databases : we currently subscribe to data aggregators such as S&P Global Market Intelligence, Hunter.io and Bloomberg to gather, verify and update data we may have about you (based inside and outside the EU); and

(h) Referrals : we might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us, and also via referrals from colleagues or others in your industry who believe you may be interested in participating in our survey research or in learning about our B2B products/services.

4. HOW WE USE INFORMATION ABOUT YOU, AND RECIPIENTS OF YOUR INFORMATION

4.1 We will use your information for the purposes listed below either on the basis of:

4.1.1 performance of your contract with us and the provision of our services to you;

4.1.2 performance of a contract with a third party;

4.1.3 your consent (where we request it);

4.1.4 where we need to comply with a legal or regulatory obligation; or

4.1.5 our legitimate interests or those of a third party (see paragraph 4.3 below).

4.2 We use your information for the following purposes:

4.2.1 Surveys : to enable you (an investment professional or corporate executive) to take part in marketing research studies on investment matters or to enable you to participate in surveys on behalf of your employer (on the basis of our and our clients’ legitimate interests in conducting research);

4.2.2 Relationship management : to manage our relationship with you, which will include notifying you about changes to our privacy notice (on the basis of performing our contract with our clients, to comply with our legal obligations and on the basis of our legitimate interests to keep our records updated);

4.2.3 Marketing : to keep in contact with you about our news, events, new website features, products or services that we believe may interest you (on the basis of our legitimate interests to provide you with B2B marketing communications where we may lawfully do so);

4.2.4 To provide access to our website : to provide you with access to our website in a manner convenient and optimal and with personalized content relevant to you, including sharing your information with our website hosts and developers (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner, and on the basis of performing our contract with you regarding your GuideLign membership, if applicable);

4.2.5 To register your account : when you sign up to use the Gateway portion of our website as a GuideLign member, we will use the details provided on your account registration form (on the basis of performing our contract with you);

4.2.6 User and customer support : to provide customer service and support (on the basis of our contract with you or on the basis of our legitimate interests to provide you with customer service), deal with inquiries or complaints about the website and our business practices, and to share your information with our website developer and IT support provider as necessary to provide customer support (on the basis of our legitimate interest in providing the correct products and services to our website users and to comply with our legal obligations);

4.2.7 Recruitment and employment : to process any job applications you submit to us, whether directly or via an agent or recruiter, and to process your payroll and benefits as well as to enable you to work on the necessary systems (on the basis of our legitimate interest to recruit new employees or contractors and employ them on an ongoing basis);

4.2.8 To enable you to share your contact information with other website users : the members-only Gateway enables you to share your contact details with other members of the GuideLign. We will use the information you have provided (such as your name and contact details) to enable you to directly contact each other (on the basis of our contract with you);

4.2.9 Social media interactions : to interact with users on social media platforms including YouTube, LinkedIn, and Twitter, for example, responding to comments and messages, posting, ‘retweeting’ and ‘liking’ posts (on the basis of our legitimate interest in promoting our brand and communicating with interested individuals);

4.2.10 Analytics : to use data analytics to improve our website, products/services, marketing, customer relationships and experiences (on the basis of our legitimate interests in defining types of customers for our website and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy);

4.2.11 Customer engagement research : to carry out aggregated and anonymized research about general engagement with our website and company (on the basis of our legitimate interest in providing the right kinds of products and services to our website users); and

4.2.12 Compliance with policies, procedures and laws : to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).

4.3 As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:

4.3.1 conducting survey research on our behalf and on behalf of our third-party clients and the investment community at large (most of the findings are for clients only, but some are shared with survey respondents and some are made public), or for conducting employee survey research on behalf of our clients;

4.3.2 marketing B2B products and services that may be of interest to you in your line of work;

4.3.3 personalizing, enhancing, modifying or otherwise improving the services and/or communications that we provide to you;

4.3.4 ensuring our website is presented in an effective and optimal manner;

4.3.5 providing the correct products and services to our website users;

4.3.6 promoting our brand and communicating with interested individuals via social media;

4.3.7 defining types of customers for our website and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy;

4.3.8 keeping our records updated;

4.3.9 operating a a safe and lawful business;

4.3.10 detecting and preventing fraud and operating a safe and lawful business; and

4.3.11 and improving security and optimization of our network, sites and services.

Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights” in paragraph 10 below.

5. WHO WE MIGHT SHARE YOUR INFORMATION WITH

5.1 In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we will share your personal information when relevant with third parties such as:

5.1.1 Our service providers : we work with various service providers to conduct our business, who are acting as processors and provide us with:

(a) hosting services on Amazon Web Services, Inc. (AWS), in USA;

(b) survey research software using Alchemer and Qualtrics, SaaS platforms hosted on AWS, hosted in USA;

(c) marketing and sales engagement services via Salesforce, DocuSign and Outreach Corporation, all hosted in USA;

(d) cloud-based network hosting and software provider Microsoft, specifically MS SharePoint/OneDrive/Office365, hosted in USA;

(e) video hosting service Wistia, Inc. (for the Rivel website and client Gateways), hosted in USA;

(f) online telecommunications provider Zoom Video Communications, Inc., hosted in USA;

(g) Wrike, a project management website, hosted in USA;

(h) Google Analytics and Microsoft Clarity, website analytics providers, both hosted in USA;

(i) social media plugin services including Facebook, Twitter and LinkedIn -- all hosted in USA;

(j) Hunter Web Services, Inc., an email verification service, hosted in USA;

(k) Adobe, Inc. (Creative Cloud and Document Cloud), for design and document editing, hosted in USA;

(l) Electric AI, LLC, an IT managed services provider, based in USA;

(m) Hireku, Inc. (d/b/a JazzHR), a job applicant tracking system, based in USA;

(n) website development and IT security services via DOMIZ Design and Fog City Codeworks, Inc. Both are based in USA, and exclusively use the platforms specified in 5.1.1.a-f. to conduct business for us. They are also subject to GDPR-compliant Independent Contractor Agreements;

(o) independent contractor Executive Interviewers, Transcribers, content creators and designers, based in USA and UK. They exclusively use the platforms specified in 5.1.1.a-f. to conduct business for us and are subject to GDPR-compliant Independent Contractor Agreements;

(p) banking, financial, insurance, job application, HR and payroll services (based in USA and UK);

(q) accountancy (Quickbooks, based in USA, and Whittlesey, based in USA and operating under a GDPR-compliant Independent Contractor Agreement);

(r) legal (for US employee issues only, Robinson & Cole, based in USA, and Mills & Reeve, based in the UK); and

(s) other professional advisers who may be appointed from time to time, when necessary subject to GDPR-compliant Independent Contractor Agreements.

5.1.2 Our clients : we occasionally provide clients with your personal information for use in their survey research project jointly conducted with us;

5.1.3 Regulators and governmental bodies : (i) regulators, governmental bodies and other authorities acting as processors or joint controllers based in the US, UK, EEA, Switzerland and elsewhere who require reporting of processing activities in certain circumstances and (ii) in response to lawful requests by any public authorities, including to meet national security or law enforcement requirements;

5.1.4 Prospective sellers and buyers of our business : any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets; and

5.1.5 Other third parties (including professional advisers) : any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) based in the UK and USA where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.

5.2 We require third parties to maintain appropriate security to protect your information from unauthorized access or processing. We maintain written contracts with these third parties and require that these third parties provide at least the same level of privacy protection and security as required by the EU/UK/Swiss-US Data Protection Framework (“DPF”) Principles (see section 9 below) and any other applicable laws or regulations. To the extent provided by the DPF Principles, Rivel remains responsible and liable if a third party that it engages to process personal information on its behalf does so in a manner inconsistent with the DPF Principles, unless Rivel proves that it is not responsible for the matter giving rise to the damage.

5.3 We do not and will not sell your Personal Data to third parties for monetary or other consideration.

6. COOKIES

Our website may contain content and links to other sites that are operated by third parties that may also operate cookies. We don’t control these third-party sites or cookies and this Privacy Notice does not apply to them. Please consult the terms and conditions and Privacy Notice of the relevant third-party site to find out how that site collects and uses your information and to establish whether and for what purpose they use cookies.

7. HOW WE LOOK AFTER YOUR INFORMATION AND HOW LONG WE KEEP IT FOR

7.1 We operate a policy of “privacy by design” by looking for opportunities to minimize the amount of personal information we hold about you. We use appropriate technological and operational security measures to protect your information against any unauthorized access or unlawful use, such as:

7.1.1 ensuring the physical security of our offices;

7.1.2 ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption in transit, as well as encryption at rest and two-factor authentication whenever feasible and necessary;

7.1.3 anonymizing or pseudonymizing data whenever feasible and necessary;

7.1.4 maintaining a data protection policy for, and delivering data protection training to, our employees and staff; and

7.1.5 limiting access to your personal information to those in our company who need to use it in the course of their work.

7.2 Rivel is a specialized survey research and consulting firm working primarily in the investment community and among corporate executives. Because we work in small subsets of the survey research universe, conduct longitudinal research, and tend to contact people multiple times throughout their professional career, we prefer to retain your information until it needs to be updated or deleted. That enables us to tailor our outreach to the types of studies or marketing communications you prefer, provide you with the services that you have requested, to not overburden you with survey invitations, and to respect your “Do Not Contact/Unsubscribe” requests. We also may need to keep your information to exercise our legal rights. Oftentimes, our clients will provide us with samples to use for survey research that include people we already know or are currently interviewing, or whom we have previously marked as “Do Not Contact.” When possible, we attempt to honor Do Not Contact requests even when a person changes their firm (although a change of firm/email can make tracking these preferences difficult).

However, we do manage a data retention policy and seek to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For example:

7.2.1 we remove data from certain systems after study completion to minimize the possibility of data breaches;

7.2.2 we fully anonymize data when requested by our clients following a study;

7.2.3 we fully anonymize data when requested by an EU, Swiss, UK or California data subject upon request (i.e., an exercise of their ‘Right to be Forgotten’ or ‘Right of Erasure.’)

7.2.4 we delete former employee data within seven years following their final date of employment with us, and job applicant data within seven years of our last contact with them.

8. HELP KEEP YOUR INFORMATION SAFE

8.1 You can also play a part in keeping your information safe by:

8.1.1 choosing a strong account password and changing it regularly;

8.1.2 using different passwords for different online accounts;

8.1.3 keeping your login and password confidential and avoiding sharing these details with others;

8.1.4 making sure you log out of the website each time you have finished using it. This is particularly important when using a shared computer;

8.1.5 letting us know if you know or suspect that your account has been compromised, or if someone has accessed your account without your permission;

8.1.6 keeping your devices protected by using the latest version of your operating system and maintaining any necessary anti-virus software; and

8.1.7 being vigilant to any fraudulent emails that may appear to be from us. Any emails that we send will come from an email address ending in ‘@rivel.com’ or ‘@rivel-email.com’.

9. INTERNATIONAL TRANSFERS OF YOUR INFORMATION

9.1 We share your personal data within Rivel, Inc. This may involve a transfer of data outside the European Economic Area (EEA), the UK and/or Switzerland. Rivel, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Rivel has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Rivel has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the DPF Principles, Rivel commits to resolve complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our DPF policy should first contact us directly at privacy@rivel.com (full contact details are provided in section 2.2 above). Rivel has a policy of responding to individuals within forty-five (45) days of an inquiry or complaint.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Rivel commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. If you do not receive timely acknowledgment of your complaint from Rivel, or if we have not addressed your complaint to your satisfaction, please visit your local EU data protection authority, the UK ICO or the Swiss FDPIC for more information or to file a complaint. The services of the EU, UK and Swiss DPAs are provided at no cost to you. You may have the option to select binding arbitration under the DPF Panel for the resolution of your complaint under certain circumstances. If an individual has an unresolved complaint or concern that is not addressed satisfactorily, as a last resort and under limited circumstances, EU, UK, EEA and Swiss individuals may invoke a binding arbitration option before the DPF Panel. As a member of DPF, Rivel is subject to the to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).



When necessary, Rivel will also execute the standard contractual clauses or other documents necessary to facilitate legal cross-border data transfers into the United States and/or United Kingdom.

9.2 Some of our external third parties are also based outside the EEA/UK/Switzerland so their processing of your personal data will involve a transfer of data outside those areas.

9.3 Whenever we transfer your personal data out of the EEA/UK/Switzerland, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions are implemented:

(a) We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, UK ICO and/or Swiss Federal Data Protection and Information Commissioner (FDPIC). For further details, see European Commission: International dimension of data protection; Swiss FDPIC: Transborder data flows and the UK ICO's data protection guidance;

(b) Where we use certain service providers, we may use specific contracts approved by the European Commission, UK ICO and/or Swiss FDPIC which give personal data the same protection it has in Europe. For further details, see (for both EU and Switzerland) European Commission: Standard Contractual Clauses and, in the UK, the International Data Transfer Agreement; and

(c) Where we use providers based in the US, we may transfer data to them using the standard contractual clauses or the DPF whenever necessary.

9.4 Please contact us using the contact details at the top of this Privacy Notice if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA, UK or Switzerland.

10. YOUR RIGHTS TO THE INFORMATION WE HOLD ABOUT YOU

10.1 You have certain rights in respect of the information that we hold about you, including (to the extent each of these rights are provided to you by applicable law):

10.1.1 the right to be informed of the ways in which we use your information, as we seek to do in this Privacy Notice;

10.1.2 the right to ask us not to process your personal data for marketing purposes;

10.1.3 the right to request access to the information that we hold about you;

10.1.4 the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;

10.1.5 in certain circumstances, the right to ask us to stop processing information about you; and

10.1.6 the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) or, if you are from the EU, to the Ireland Data Protection Commission (https://www.dataprotection.ie).

10.1.7 in addition to your right to lodge a complaint about us to the UK ICO (https://ico.org.uk/) or, if you are from the EU, to the Ireland Data Protection Commission (https://www.dataprotection.ie), you will also be able to lodge a complaint with the relevant authority in your country of work or residence;

10.1.8 the right to withdraw your consent for our use of your information in reliance of your consent (refer to paragraph 4 to see when we are relying on your consent), which you can do by contacting us using any of the details at the top of this Privacy Notice;

10.1.9 the right to object to our using your information on the basis of our legitimate interests (refer to paragraph 4 above to see when we are relying on our legitimate interests or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;

10.1.10 the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine-readable format, in certain circumstances; and

10.1.11 the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances.

10.2 How to exercise your rights

10.2.1 You may exercise your rights above by contacting us using the details in paragraph 2 of this Privacy Notice or, in the case of preventing processing for marketing or survey research activities, by checking certain boxes on forms that we use to collect your data to tell us that you don’t want to be involved in those activities. EU, UK, Swiss and California residents can update their preferences here; others can update their preferences here.

10.2.2 Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you service-related communications relating to your website user account even when you have requested not to receive marketing or survey research communications.

10.3 What we need from you to process your requests

10.3.1 We may need to request specific information from you to help us confirm your identity and to enable you to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

10.3.2 You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

11. SHARING DATA DIRECTLY WITH THIRD PARTIES

11.1 You might end up providing personal information directly to third parties upon joining GuideLign and using the Gateway portion of our website and other services offered by us. For example, your name and other personal information will be shared with other website users via the Membership List section of the Gateway, or you may attend an event hosted by us where you communicate personal information directly with other attendees. We are not responsible for how such third parties use personal data provided by you.

11.2 Please be responsible with personal information of others when using our website and the services available on it. We are not responsible for your misuse of personal information, or for the direct relationship between you and others when it takes place outside of the website or our services.

12. THIRD-PARTY LINKS

12.1 The website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

13. CHANGES TO THIS PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

13.1 We may make changes to this Privacy Notice from time to time. We will post any changes to our site, or notify you of any material changes by e-mail.

13.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by updating your profile account information (for clients using our Gateway), reaching out to your regular contact at Rivel, or by contacting us via the details at the top of this Privacy Notice.

14. ADDITIONAL PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

14.1 This Additional Privacy Notice for California Residents supplements the information contained elsewhere in Rivel’s Privacy Policy and applies solely to visitors, users, and others who reside in the State of California. We adopt this notice to comply with the California Privacy Rights Act of 2020, the California Consumer Privacy Act of 2018 and other California privacy laws (jointly, the “CA Laws”). Any terms defined in the CA Laws have the same meaning when used in this notice.

14.2. Information We Collect and Share. We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). The table below indicates which categories of personal information we have collected from consumers within the last twelve (12) months and from which sources, the categories of information that have been transferred to third parties, and data retention periods for each category. Please refer to the indicated sections of this Privacy Policy for information on each topic.

   
Category/Description   
   
Collected in last 12   months/Source   
   
Transferred to third   parties in last 12 months?   
   
Purpose
   
Retention Period
   
Identifiers such as a real name, alias,   postal address, unique personal identifier, online identifier, IP address,   email address, account name, social security number, driver’s license number,   passport number, or other similar identifiers   
   
Yes (Sections 3.1-3.4)
   
Yes (Sections 5.1.2 - 5.1.5)
   
Sections 4.2.1-4.2.12
   
Sections 7.2.1 - 7.2.4
   
Customer records such as name, signature,   social security number, physical characteristics or description, address,   telephone number, passport number, driver’s license or state identification   card number, insurance policy number, education, employment, employment   history, bank account number, credit card number, debit card number, or any   other financial information, medical information, or health insurance   information   
   
Yes (Sections 3.1-3.4)
   
Yes (Sections 5.1.2 - 5.1.5)
   
Sections 4.2.1-4.2.12
   
Sections 7.2.1 - 7.2.4
   
Characteristics of protected classifications   under California or federal law such as race, ancestry, national origin,   religion, age, mental and physical disability, sex, sexual orientation,   gender identity, medical condition, genetic information, marital status, or   military status   
   
Yes (Sections 3.1-3.4)
   
Yes (Sections 5.1.2 - 5.1.5)
   
Sections 4.2.7 and 4.2.12
   
Section 7.2.4
   
Commercial information such as records of   personal property, products or services purchased, or purchasing or consuming   histories   
   
Yes (Sections 3.1-3.4)
   
Yes (Sections 5.1.2 - 5.1.5)
   
Sections 4.2.1-4.2.12
   
Sections 7.2.1 - 7.2.4
   
Biometric information (hair color, eye   color, fingerprints, height, retina scans, facial recognition, voice, and   other biometric data)   
   
No   
   
No   
   
N/A   
   
N/A   
   
Internet or other electronic network   activity information such as browsing history, search history, or information   regarding a consumer’s interaction with a website, application, or   advertisement   
   
Yes (Sections 3.1-3.4)
   
Yes (Sections 5.1.2 - 5.1.5)
   
Sections 4.2.1-4.2.12
   
Sections 7.2.1 - 7.2.4
   
Geolocation data (location data that   directly identifies the precise physical location of the identified individual   at a particular time)   
   
Yes (Sections 3.1-3.4)
   
Yes (Sections 5.1.2 - 5.1.5)
   
Sections 4.2.1-4.2.12
   
Sections 7.2.1 - 7.2.4
   
Audio, electronic, visual, thermal,   olfactory, or similar information (including photographs and audio recordings   of surveys)   
   
Yes (Sections 3.1-3.4)
   
Yes (Sections 5.1.2 - 5.1.5)
   
Sections 4.2.1-4.2.12
   
Sections 7.2.1 - 7.2.4
   
Professional or employment-related   information   
   
Yes (Sections 3.1-3.4)
   
Yes (Sections 5.1.2 - 5.1.5)
   
Sections 4.2.1-4.2.12
   
Sections 7.2.1 - 7.2.4
   
Education information not considered   publicly available personally identifiable information as defined in the   Family Educational Rights and Privacy Act (excludes "directory"   information such as a student's name, address, telephone number, date and   place of birth, honors and awards, and dates of attendance)   
   
No   
   
No   
   
N/A   
   
N/A   
   
Inferences that can create a profile about a   consumer reflecting the consumer’s preferences, characteristics,   psychological trends, preferences, predispositions, behavior, attitudes, intelligence,   abilities, or aptitudes   
   
No   
   
No   
   
N/A   
   
N/A   
   
Sensitive Personal Information (Social Security Number; Driver’s license; State identification card; Passport Number; Financial account information and log-in credentials; Debit Card or Credit Card number along with access codes; Precise geolocation data; Religious or philosophical beliefs; Ethnic origin; Contents of communication; Genetic data; Biometric information for the purposes of identification; Health information; Information about sex or sexual orientation)
   
Yes (Sections 3.1-3.4)
   
Yes (Sections 5.1.2 - 5.1.5)
   
Sections 4.2.1 and 4.2.12
   
Section 7.2.4

This information is used for the purposes outlined in section 4 of this Privacy Policy. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

14.3 Do Not Sell My Personal Information. In the preceding twelve (12) months, we have not sold any personal information, and do not intend to sell any personal information going forward.

14.4 Sensitive Personal Information and Limitation of Usage. Rivel only collects Sensitive Personal Information with regard to employee and job applicant data, and uses it only for the purpose of evaluating and/or maintaining employment or fulfilling related legal obligations. This data is maintained for a maximum of seven years following termination of employment or last contact with a job applicant. If you would like to exercise your right to limit our usage of your Sensitive Personal Information, please complete this online form.

14.5 Children and Minors. Rivel does not collect any personal information regarding children and minors.

14.6 Automated Decision Making. In the preceding twelve (12) months, Rivel has not conducted any automated decision making, and does not intend to do so going forward.

14.7 Your Rights and Choices. The CA Laws provide California residents with specific rights regarding their personal information. This section describes your rights and explains how to exercise those rights.

14.7.1 Access to Specific Information and Data Portability Rights. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.

• The categories of sources for the personal information we collected about you.

• Our business or commercial purpose for collecting that personal information.

• The categories of third parties with whom we share that personal information and the personal information categories that each category of recipient obtained.

• The specific pieces of personal information we collected about you (also called a data portability request).

• We will cooperate to the extent commercially reasonable with requests to transmit your personal information to another entity.


14.7.2 Deletion Request Rights. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We will also ensure that our subprocessors delete your personal information. We may deny your deletion request if retaining the information is necessary for us or our service providers to:

• Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

• Debug products to identify and repair errors that impair existing intended functionality.

• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).

• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.

• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

• Comply with a legal obligation.

• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.


14.8 Exercising Your rights. To exercise the access, data portability, limitation of use and deletion rights described above, please submit a verifiable consumer request to us by either:

• Calling us at 1 (203) 226-0800

• Emailing us at privacy@rivel.com

Completing this online form


Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

• We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.


14.9 Response Timing and Format. We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

14.10 Non-discrimination. We will not discriminate against you for exercising any of your rights. Unless permitted by the CA Laws, we will not: deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of goods or services; suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

14.11 Contact Information. If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us by:

• Calling us at 1 (203) 226-0800

• Emailing us at privacy@rivel.com

Completing this online form

This Privacy Notice was last updated as of September 1, 2023.

Trusted by over half of the S&P 500
See what our clients say
What can we help you align?
Start with Rivel