Effective date: June 20, 2022
This policy (the “Privacy Policy”) governs your use of the websites www.rivalgroup.io, www.rivaltech.com and www.reach3insights.com, services performed by and all applications owned or controlled by the Rival Group Inc., its subsidiaries and affiliates (including, without limitation, Rival Technologies Inc. and Reach3 Insights Inc., together “we” or “us”) (collectively, the “Services”).
We respect your privacy and are committed to protect it though our compliance with this Privacy Policy. This Privacy Policy should be read in conjunction with the Terms of Use which can be located at www.rivalgroup.io/pages/terms. This Privacy Policy describes how we collect, process, use and share information about you when you visit the Services. It also describes the choices available to you regarding our use of information and how you can access and update this information in certain circumstances.
What information do we collect?
Personal Information (“Personal Information”) is personal information you provide us, or what we collect from you and your devices in connection with your access to and use of the Services. In legal terms, we collect and use this Personal Information as a data controller. There are two general ways in which we collect Personal Information when you access or use the Services.
Information we collect from our partners and other sources
We may also obtain information about you from other sources and combine that with information we collect about you through your use of the Services. For example, we may obtain your contact information if you attend a conference or webinar that we sponsor and the organizer provides us with a list of attendees. We may also obtain your contact information from third parties that market mailing lists. If we receive Personal Information from a third-party source and/or if we combine the information we receive from these third-party sources with your Personal Information, we will treat that information as Personal Information. We are not responsible for the accuracy of the information provided by third parties or how such third parties collect, use and share such information.
Use of Personal Information
We use the Personal Information we collect to provide, maintain, protect and provide our Services, to develop new products and services, and to protect us and our customers. For example, we may use Personal Information about you for the following purposes:
Legal Basis for Use
Our legal basis for collecting and using Personal Information as a data controller will depend on the specific circumstances in which it was collected. In general, we process your Personal Information under the following legal basis:
Sensitive Information
Given the nature of our Services, we do not ask for “sensitive” or “special categories of personal data”, such as information about your political opinions, racial origins or sexual preferences and we would ask you not to send any to us. However, if at any time you choose to transmit sensitive personal data over our Services for any reason, you must have full authority to do so and you agree that it will be dealt with in accordance to this Privacy Policy, including possible transfer to third parties, inside or outside the EEA.
Sharing of Personal Information
Except as set forth herein or in any applicable Terms of Use, we may disclose your Personal Information to our agents, vendors, consultants and other service providers to carry out work on our behalf. These entities acting on our behalf are prohibited from using your Personal Information for any purpose other than to provide this assistance.
We must disclose your Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In addition, we may share information about you as follows:
In our sole discretion, we may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
HOW LONG do we retain Personal Information?
We endeavour to only collect Personal Information that is reasonably necessary for the purposes for which they are collected, and to retain such data for no longer than is necessary for such purposes. The length of time Personal Information is retained, and criteria for determining that time, are dependent on the nature of the Personal Information, the purpose for which it was provided and any statutory retention periods. This is subject to any valid opt-out or withdrawal of consent where processing based on consent, or other valid exercise of your data subject rights.
Data Security
We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Although we use reasonable efforts to help protect your information, transmission via the internet is not completely secure and we cannot guarantee the security of your information collected through the Services.
We use third party services to host our Services, such as Amazon Web Services, Microsoft Corporation (the “Hosting Providers”) which store your Personal Information on secure and controlled environments administered by such Hosting Providers. Personal Information is encrypted when it is collected via the Services. For more information about the Hosting Providers’ privacy protection and data security practices, please visit https://aws.amazon.com/privacy/ and https://privacy.microsoft.com/en-ca/privacystatement.
We currently use third party analytical providers (e.g. HubSpot) which may collect analytic data on our behalf and in accordance with our instructions, and their applicable privacy policies.
We ensure that those who have permanent or regular access to Personal Information, or that are involved in the processing of Personal Information are trained and informed of their rights and responsibilities when process Personal Information. We take security seriously and will ensure that there are adequate policies and practices in place with respect to your Personal Information.
If you have any questions about security on our Services, you can contact is at legal@rivalgroup.io.
Links to third party sites
You may be able to access other third party websites that have links on our Services, which you can purchase products or services or register to receive information. You should ensure that you carefully read the terms of any privacy policies in relation to those third party websites and products or services. We have no control over the third party’s use of any personal information and therefore has no responsibility or liability for the manner in which the third party may collect, use, disclose, secure, or otherwise deal with your personal information. We simply provides these links to you as a convenience to you. Once you leave our Services, you are no longer governed by this Privacy Policy.
Promotional Communication
There may be features on the Services which enable you to subscribe to newsletters and other information about us. You can opt out of receiving communications from us at any time by following the instructions provided in those communications or emailing us at legal@rivalgroup.io with the subject of “Unsubscribe”. You may also remove yourself from our email list by clicking on the unsubscribe link presented in all communications we send to our users.
International transfers
Depending on where you are located when you use or access the Services, your Personal Information may be transferred across international borders outside the country where you use or access the Services, including to countries outside the European Economic Area (“EAA”) that do not have laws providing specific protection for personal data or that have different legal rules on data protection. In such cases, we ensure that there is a legal basis for such transfer and that adequate protection for your Personal Information is provided as required by applicable law, for example, by using standard contractual clauses approved by the European Commission or other relevant authorities, by using certain service provides that are certified under the EU-US Privacy Shield, and by requiring the use of other appropriate technical and organizational information security measures. You may contact us at legal@rivalgroup.io to obtain additional information about the safeguards we take in connection with these transfers.
Your Rights
You have a right to know what Personal Information we hold about you, and to access it. This section describes the mechanisms for you to control certain uses and disclosures of your information.
Upon request, we will provide you with information about whether we hold any of your Personal Information. You have the right to access the Personal Information we have about you. You may correct, amend, or delete that information at any time by emailing legal@rivalgroup.iowith a Personal Information Request. We will respond to your access request within a reasonable time period. We may require additional information from you to allow us to confirm your identity. There may be circumstances in which we may not be able to accommodate your request to change information if we believe that the change would violate any law or legal requirement or cause the information to be incorrect. Please note deleting the Personal Information we hold about you may result in you not being able to access or use the Services. All requests for the removal of Personal Information shall be responded to within a reasonable period of time.
In the event you have provided Personal Information to subscribe for newsletters and other information about us, you are free to opt-out of receiving such information at any time. To opt out of receiving communications from us please email us at legal@rivalgroup.io with the subject of “Unsubscribe”. You may also remove yourself from our email list by clicking on the unsubscribe link presented in all communications we send to our users.
Your browser software can be set to reject all cookies, but if you reject our cookies, certain functions and conveniences of the Services may not work properly. To learn more about cookies, please check your browser’s help or similar feature or visit www.allaboutcookies.org. Some web browsers incorporate a “do-not-track” or similar feature that signals to websites with which the browser communicates that a visitor does not want to have his or her online activity tracked. Please check your browser’s help or similar feature for more information about this process.
EEA Residents
If you are an individual from the EEA, and access or use the Services from the EEA, we process your Personal Information both as a Processor and as Controller, as such terms are used in the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679 (“GDPR”). Our legal basis for collecting and using the Personal information will depend on the Personal Information concerned and the specific context in which we collect it. We process your Personal Information as a processor and controller when your access or use the Services and submit Personal Information to us. Our legal basis for acting as a controller and processor is further described above under the “Legal Basis for Use” section.
If you are an individual from the EEA, and access or use the Services from the EEA, you have certain additional rights provided by the GDPR as follows:
You may exercise any of your rights referred to above by contacting the Data Protection Officer at legal@rivalgroup.io. We may require additional information from you to allow us to confirm your identity.
CALIFORNIA RESIDENTS
This California Consumer Privacy Act (“CCPA”) disclosure explains how we collect, use, and disclose personal information relating to California residents covered by the CCPA. Under the CCPA, the specific Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual.
Collection and Disclosure of CCPA Personal Information
In the past 12 months, we may have collected, and disclosed to third parties for our business purposes, the following categories of Personal Information relating to California residents covered by this disclosure:
The categories of sources from whom we collected CCPA Personal Information are:
The categories of third parties to whom we disclosed CCPA Personal Information for our business purposes described in this privacy disclosure are:
Use of CCPA Personal Information
In the past 12 months, we have used Personal Information relating to California residents to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including the following:
Sale of CCPA Personal Information
In the past 12 months, we have not “sold” Personal Information subject to the CCPA, including Personal Information of minors under the age of 16. For purposes of this Disclosure, “sold” means the disclosure of Personal Information to a third-party for monetary or other valuable consideration.
Rights under the CCPA
If you are a California resident, you have the right to:
We will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. Requests for specific pieces of Personal Information will require additional information to verify your identity.
If you submit a request on behalf of another person, we may require proof of authorization and verification of identity directly from the person for whom you are submitting a request.
In some instances, we may not be able to honor your request. For example, we will not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we will not honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer or where the Personal Information that we maintain about you is not subject to the CCPA’s access or deletion rights.
We will advise you in our response if we are not able to honor your request. We will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
We will work to process all verified requests within 45 days pursuant to the CCPA. If we need an extension for up to an additional 45 days in order to process your request, we will provide you with an explanation for the delay.
How to Exercise Your CCPA Rights
If you are a California resident, you may submit a request by contacting our Privacy Officer at: legal@rivalgroup.io
CHILDREN UNDER 13
The Child Online Privacy and Protection Act (“COPPA”) regulates online collection of information from persons under the age of 13 (each, a “covered person”). We maintain procedures to assure that information about children or other categories of sensitive information is only collected with explicit consent and is protected against improper use, consistent with applicable laws.
Prior to conducting a research project, whether through the Services or otherwise, with children or young people, we will identify and comply with any applicable laws including COPPA, which requires verifiable parental or legal guardian’s consent for interviewing children below the age of 13 years. If you are a parent of a covered person, you may revoke your consent, review your covered person’s personal information, ask to have it deleted, and/or refuse to allow any further collection or use of your child’s information at any time by contacting our Privacy Officer at legal@rivalgroup.io.
HIPAA
Consistent with the collection practices described in this Privacy Policy, we may collect certain categories and specific pieces of health-related Personal Information (“PHI”) either from your or from other third parties. We collect, use, and disclose PHI for our business and commercial purposes described in this Privacy Policy. We do not sell Personal Data. Furthermore, we receive, and may further share with our collaborators and partners, de-identified PHI from health care providers and health plans, subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The PHI received by us is deidentified based on either HIPAA’s “safe harbor” method, which means that certain direct identifiers were removed from the PHI, or HIPAA’s expert determination method, which means that a qualified statistician reviewed the health data shared with us and confirmed that there is a very small risk that an individual could be identified from the remaining PHI.
THIRD PARTY DATA COLLECTION; NATIONAL LAWS
In most cases we collect personal data directly from you. However, we might also obtain personal data from third parties if the applicable national law allows us to do so. We will treat this personal data according to this Privacy Policy, plus any additional restrictions imposed by the third party that provided us with it or the applicable national law.
Changes to Our Privacy Policy
It is our policy to post any changes we make to our Privacy Policy on this page. In some cases, we may provide additional notice of changes. If we make material changes to how we treat our users’ Personal Information, we will notify you by through a notice on the relevant Service’s home page.
The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring that you periodically visiting our Services and this Privacy Policy to check for any changes.
Contact Information
To ask questions or comment about this Privacy Policy or to enforce any of your rights as outlined in this Privacy Policy, or to quest more information about our privacy practices, please contact our privacy team and Data Protection Officer at legal@rivalgroup.io.