Privacy Policy

Effective date: May 23, 2018

Revieve (“the Company”) acts as the data processor for brand and retail partners (“Retail Partners or Customers”) operating Revieve products & services (“the Solutions”) and in relation to data subjects subject to GDPR,CCPA, BIPA,  NY Shield Act, Person Information Protection Law of the People’s Republic of China (PIPL) or other Consumer privacy and data processing legislation.

Revieve handles and stores personal data in accordance with the practices, regulations and processes currently in effect and described in this page and specific to each of the Company’s Solutions as required or requested to do by the brand or Retail Partner.

Revieve uses your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from https://www.revieve.com

Information Collection And Use

Revieve collects several different types of information for various purposes to provide and improve our Service to you.

1)    Solution 1: Revieve Digital Skincare / Makeup / Haircare Advisor

The Revieve Digital Skincare / Makeup / Haircare Advisor does not form a record of the Customers’ e-commerce site visitors’ personal information, including, but not limited to, emails, names, gender, IP address, payment information, photos, phone numbers and the like as a result of use of the Service.

The Revieve Digital Skincare / Makeup / Haircare Advisor does not receive access to nor is provided access to by the Customer, any personally identifiable information about the Customer’s end users (“Consumers”).

The Revieve Digital Skincare / Makeup / Haircare Advisor does not process or receive access either through an integration or directly, to any information regarding the Consumers or their personally identifiable information. The information exchanged between Customer and the Revieve is limited to information about the relevant skincare and beauty-products sold by Customer to its Consumers.

Revieve supports our Customers with GDPR-compliance by agreeing to provide the Customer with the information collected about the Customers e-commerce site visitors upon request. This request can be fulfilled on an individual Consumer basis only in the event the Customer is storing the Revieve –generated Revieve User ID and is able to connect this ID to any PII the Customer stores and collects about its Consumers.

Information Collection Policy

A)    Information collected by the Revieve Digital Skincare / Makeup / Haircare Advisor resulting from the use of the Service for the purposes of providing the Service but not stored:

● Customers' e-commerce site visitors IP-address (three first octets only enabling the detection of the city of the site visitors ISP or Internet Service Provider)

● Selfie of e-commerce site visitor. Selfies are analyzed, transformed into data points and deleted permanently after the user session (unless requested not to do so by the Customer)

B)    Information collected and stored by the Revieve Digital Skincare / Makeup / Haircare Advisor resulting from the use of the Service

● An identification number created for the e-commerce site visitor who uses the Digital Skincare / Makeup / Haircare Advisor

● E-commerce site visitors’ approximate location on a city-level as collected by GeoIP

● Product recommendations provided to e-commerce site visitor as identified by the Customers product identification numbers

● Purchase events including: Customer-provided purchase ID or order number, Customer-provided internal product ID, Customer-provided Product Price corresponding to product recommendations given to e-commerce site visitors

● Information provided through the Service consisting of e-commerce site visitors personal skin care preferences and selections available in the Service

● Environmental information collected based on the e-commerce site visitors’ location information, consisting of current weather information and weather forecast information.

● Information collected through the e-commerce site visitors’ selfie as transformed into scores and numerical information.

2)    Solution 2: Revieve Skin Coach

The Revieve Skin Coach is an optional opt-in solution provided to the Consumers of the brand or retail partner operating Revieve’s Digital Skincare / Makeup Advisor -solution.

The solution is provided fully on an opt-in basis requiring explicit Consumer actions and permissions and specific, purposeful Consumer action.

In addition to the information collected and processed by the Revieve Digital Skincare / Makeup Advisor (as stated in point 1A and 1B above), the Revieve Skin Coach collects and stores the following information:

● Consumer email and hashes of password generated for the Skin Coach

● Selfies of the Consumer connected to their username whilst logged into the Skin Coach

● Numerical results of Consumer skincare findings connected with an individual username

Tracking Cookies Data

Revieve uses cookies and similar tracking technologies to track the activity on the Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to the Customers' e-commerce site visitors' browser from a website and stored on their device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze its Service.

The site visitors can instruct their browser to refuse all cookies or to indicate when a cookie is being sent. However, if they do not accept cookies, they may not be able to use some portions of the Service.

Examples of Cookies Revieve uses:

  • Session Cookies. Revieve uses Session Cookies to operate its service
  • Preference Cookies. Revieve uses Preference Cookies to operate its Service
  • Security Cookies. Revieve uses Security Cookies for security purposes

Purpose of Information Collection

The Company’s Solutions collects information about the users for the purpose of providing end-Consumers with a personalized brand-experience specific to their requirements including personalized product recommendations and advice.

Data Access and Storage Policy

All data collected from end-Consumers using the Company’s offerings is stored on a dedicated cloud-based service under password and encryption within the geographical zone relevant to the end user. Data about EU data subjects is stored within the EU. Data about US data subjects is stored within the US. The data is stored behind a custom-firewall and two-factor authentication for access requests.

Access to the data collected from end-Consumers is limited by Revieve by personal access credentials in the possession of two named individuals within the Company. The controlled access to the data collected by the Company’s offerings is timestamped and monitored to provide an audit-trail of access to the end-Consumer data.

The access to the data collected from end-Consumers is limited to access directly from Revieve-owned backend servers. No direct access to third parties or outside individuals is provided.

Data Deletion Request / Right to be Forgotten

In the event Revieve collects data about a data subject enabling the identification of the data subject, Revieve will, upon request of the data subject display, demonstrate or dispose of any such data in accordance with the requirements of the legislation specific to the geography governing the data subject, for example GDPR, BIPA, CCPA or PIPL.

Retention of Data

Revieve will retain the Consumer's Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. Revieve will retain and use the Consumer's Personal Data to the extent necessary to comply with its legal obligations (for example, if Revieve is required to retain the Consumer's data to comply with applicable laws), resolve disputes, and enforce its legal agreements and policies.

Revieve will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or Revieve is legally obligated to retain this data for longer time periods.

Transfer Of Data

The Consumer's information, including Personal Data, may be transferred to — and maintained on — computers located outside of the Consumer's state, province, country or other governmental jurisdiction where the data protection laws may differ than those from the Consumer's jurisdiction.

If site visitors are located outside Finland and choose to provide information to Revieve, please note that Revieve transfers the data, including Personal Data, to Finland and process it there.

Site visitors' consent to this Privacy Policy followed by their submission of such information represents their agreement to that transfer.

Revieve will take all steps reasonably necessary to ensure that the data is treated securely and in accordance with this Privacy Policy and no transfer of the Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of the data and other personal information.

Disclosure Of Data

Business Transaction

If Revieve is involved in a merger, acquisition or asset sale, the Personal Data may be transferred. We will provide notice before the Personal Data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement

Under certain circumstances, Revieve may be required to disclose the Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

Revieve may disclose the Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of Revieve
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability

Security Of Data

The security of the data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While Revieve strives to use commercially acceptable means to protect the Personal Data, Revieve cannot guarantee its absolute security.

"Do Not Track" Signals

Revieve does not support Do Not Track ("DNT"). Do Not Track is a preference the site visitors can set in their web browser to inform websites that they do not want to be tracked.

Site visitors can enable or disable Do Not Track by visiting the Preferences or Settings page of their web browser.

Service Providers

Revieve may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on its behalf, to perform Service-related services or to assist Revieve in analyzing how its Service is used.

These third parties have access to site visitors' Personal Data only to perform these tasks on Revieve's behalf and are obligated not to disclose or use it for any other purpose.

Analytics

Revieve may use third-party Service Providers to monitor and analyze the use of its Service.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

Site visitors can opt-out of having made their activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/

Links To Other Sites

Revieve's Service may contain links to other sites that are not operated by Revieve. If site visitors click on a third party link, they will be directed to that third party's site.

Revieve has no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children's Privacy

Revieve's Service does not address anyone under the age of 18 ("Children").

Revieve does not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and are aware that your Children has provided Revieve with Personal Data, please contact us. If Revieve becomes aware that we have collected Personal Data from children without verification of parental consent, Revieve will take steps to remove that information from our servers.

Changes To This Privacy Policy

Revieve may update Privacy Policy from time to time. Revieve will notify of any changes by posting the new Privacy Policy on this page.

Revieve will let related parties know via email and/or a prominent notice on the Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

All parties are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Data Protection Officer (DPO)

Revieve has appointed a Data Protection Officer (DPO). The Revieve Data Protection Officer is responsible for overseeing the Revieve Data Protection Strategy as well as ensuring Revieve’s Data Protection Practices remain GDPR-compliant. To contact the Revieve Data Protection Officer, please contact support@revieve.com with the email heading “Data Protection Officer."

Contact Us

If you have any questions about this Privacy Policy, please contact us:
By e-mail: support@revieve.com
By mail:
Privacy Department
Revieve Oy
Köydenpunojankatu 2 a D,
00180 Helsinki, Finland