Effective date: May 23, 2018
Revieve (“the Company”) acts as the data processor for brand and retail partners (“Retail Partners or Customers”) operating Revieve products & services (“the Solutions”) and in relation to data subjects subject to GDPR,CCPA, BIPA, NY Shield Act, Person Information Protection Law of the People’s Republic of China (PIPL) or other Consumer privacy and data processing legislation.
Revieve handles and stores personal data in accordance with the practices, regulations and processes currently in effect and described in this page and specific to each of the Company’s Solutions as required or requested to do by the brand or Retail Partner.
Information Collection And Use
Revieve collects several different types of information for various purposes to provide and improve our Service to you.
1) Solution 1: Revieve Digital Skincare / Makeup / Haircare Advisor
The Revieve Digital Skincare / Makeup / Haircare Advisor does not form a record of the Customers’ e-commerce site visitors’ personal information, including, but not limited to, emails, names, gender, IP address, payment information, photos, phone numbers and the like as a result of use of the Service.
The Revieve Digital Skincare / Makeup / Haircare Advisor does not receive access to nor is provided access to by the Customer, any personally identifiable information about the Customer’s end users (“Consumers”).
The Revieve Digital Skincare / Makeup / Haircare Advisor does not process or receive access either through an integration or directly, to any information regarding the Consumers or their personally identifiable information. The information exchanged between Customer and the Revieve is limited to information about the relevant skincare and beauty-products sold by Customer to its Consumers.
Revieve supports our Customers with GDPR-compliance by agreeing to provide the Customer with the information collected about the Customers e-commerce site visitors upon request. This request can be fulfilled on an individual Consumer basis only in the event the Customer is storing the Revieve –generated Revieve User ID and is able to connect this ID to any PII the Customer stores and collects about its Consumers.
Information Collection Policy
A) Information collected by the Revieve Digital Skincare / Makeup / Haircare Advisor resulting from the use of the Service for the purposes of providing the Service but not stored:
● Customers' e-commerce site visitors IP-address (six digits only enabling the detection of the city of the site visitors ISP or Internet Service Provider)
● Selfie of e-commerce site visitor. Selfies are analyzed, transformed into data points and deleted permanently after the user session (unless requested not to do so by the Customer)
B) Information collected and stored by the Revieve Digital Skincare / Makeup / Haircare Advisor resulting from the use of the Service
● An identification number created for the e-commerce site visitor who uses the Digital Skincare / Makeup / Haircare Advisor
● E-commerce site visitors’ approximate location on a city-level as collected by GeoIP
● Product recommendations provided to e-commerce site visitor as identified by the Customers product identification numbers
● Purchase events including: Customer-provided purchase ID or order number, Customer-provided internal product ID, Customer-provided Product Price corresponding to product recommendations given to e-commerce site visitors
● Information provided through the Service consisting of e-commerce site visitors personal skin care preferences and selections available in the Service
● Environmental information collected based on the e-commerce site visitors’ location information, consisting of current weather information and weather forecast information.
● Information collected through the e-commerce site visitors’ selfie as transformed into scores and numerical information.
2) Solution 2: Revieve Skin Coach
The Revieve Skin Coach is an optional opt-in solution provided to the Consumers of the brand or retail partner operating Revieve’s Digital Skincare / Makeup Advisor -solution.
The solution is provided fully on an opt-in basis requiring explicit Consumer actions and permissions and specific, purposeful Consumer action.
In addition to the information collected and processed by the Revieve Digital Skincare / Makeup Advisor (as stated in point 1A and 1B above), the Revieve Skin Coach collects and stores the following information:
● Consumer email and hashes of password generated for the Skin Coach
● Selfies of the Consumer connected to their username whilst logged into the Skin Coach
● Numerical results of Consumer skincare findings connected with an individual username
Tracking Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to the Customers' e-commerce site visitors' browser from a website and stored on their device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze its Service.
The site visitors can instruct their browser to refuse all cookies or to indicate when a cookie is being sent. However, if they do not accept cookies, they may not be able to use some portions of the Service.
Examples of Cookies Revieve uses:
- Session Cookies. Revieve uses Session Cookies to operate its service
- Preference Cookies. Revieve uses Preference Cookies to operate its Service
- Security Cookies. Revieve uses Security Cookies for security purposes
Purpose of Information Collection
The Company’s Solutions collects information about the users for the purpose of providing end-Consumers with a personalized brand-experience specific to their requirements including personalized product recommendations and advice.
Data Access and Storage Policy
All data collected from end-Consumers using the Company’s offerings is stored on a dedicated cloud-based service under password and encryption within the geographical zone relevant to the end user. Data about EU data subjects is stored within the EU. Data about US data subjects is stored within the US. The data is stored behind a custom-firewall and two-factor authentication for access requests.
Access to the data collected from end-Consumers is limited by Revieve by personal access credentials in the possession of two named individuals within the Company. The controlled access to the data collected by the Company’s offerings is timestamped and monitored to provide an audit-trail of access to the end-Consumer data.
The access to the data collected from end-Consumers is limited to access directly from Revieve-owned backend servers. No direct access to third parties or outside individuals is provided.
Data Deletion Request / Right to be Forgotten
In the event Revieve collects data about a data subject enabling the identification of the data subject, Revieve will, upon request of the data subject display, demonstrate or dispose of any such data in accordance with the requirements of the legislation specific to the geography governing the data subject, for example GDPR, BIPA, CCPA or PIPL.
Retention of Data
Revieve will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or Revieve is legally obligated to retain this data for longer time periods.
Transfer Of Data
The Consumer's information, including Personal Data, may be transferred to — and maintained on — computers located outside of the Consumer's state, province, country or other governmental jurisdiction where the data protection laws may differ than those from the Consumer's jurisdiction.
If site visitors are located outside Finland and choose to provide information to Revieve, please note that Revieve transfers the data, including Personal Data, to Finland and process it there.
Disclosure Of Data
Disclosure for Law Enforcement
Under certain circumstances, Revieve may be required to disclose the Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Revieve may disclose the Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of Revieve
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
Security Of Data
The security of the data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While Revieve strives to use commercially acceptable means to protect the Personal Data, Revieve cannot guarantee its absolute security.
"Do Not Track" Signals
Revieve does not support Do Not Track ("DNT"). Do Not Track is a preference the site visitors can set in their web browser to inform websites that they do not want to be tracked.
Site visitors can enable or disable Do Not Track by visiting the Preferences or Settings page of their web browser.
Revieve may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on its behalf, to perform Service-related services or to assist Revieve in analyzing how its Service is used.
These third parties have access to site visitors' Personal Data only to perform these tasks on Revieve's behalf and are obligated not to disclose or use it for any other purpose.
Revieve may use third-party Service Providers to monitor and analyze the use of its Service.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/
Links To Other Sites
Revieve's Service may contain links to other sites that are not operated by Revieve. If site visitors click on a third party link, they will be directed to that third party's site.
Revieve has no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Revieve's Service does not address anyone under the age of 18 ("Children").
Revieve does not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and are aware that your Children has provided Revieve with Personal Data, please contact us. If Revieve becomes aware that we have collected Personal Data from children without verification of parental consent, Revieve will take steps to remove that information from our servers.
Data Protection Officer (DPO)
Revieve has appointed a Data Protection Officer (DPO). The Revieve Data Protection Officer is responsible for overseeing the Revieve Data Protection Strategy as well as ensuring Revieve’s Data Protection Practices remain GDPR-compliant. To contact the Revieve Data Protection Officer, please contact firstname.lastname@example.org with the email heading “Data Protection Officer."
By e-mail: email@example.com
Köydenpunojankatu 2 a D,
00180 Helsinki, Finland