Reversec Privacy Policy

 

Please note that this privacy policy will regularly be updated to reflect any changes in the way we handle your personal data or any changes in applicable laws.

1. In brief

  • Our core interest is keeping our customers safe. To do that, we need to process data on you and on your devices.
  • We have a culture of respecting your privacy. The personal data, as described in this policy, is primarily collected because Reversec is in, or is seeking to enter into, a commercial relationship with the entities you are employed by.
  • The collected information and its use vary based on whether we have a preexisting, commercial relationship between Reversec and your employer (see relevant sections for customers and partners) or we have no prior engagement with your employer (see relevant sections about our marketing activities).
  • Our guiding privacy principles are found on our website.

2. Structure

  • This privacy policy is given by Reversec Consulting AB, a Swedish corporation with Business ID 559515-3247 (“Reversec”, “we”, “our”, “us”). All our subsidiaries also apply this policy.
  • The data controller for this policy is Reversec, or its subsidiary, as applicable. Our contact information can be found at the end of this policy
  • Our data collection can be grouped as follows:
    (a) Marketing data; the data that we need to collect for marketing purposes.
    (b) Client relationship data; the data that we need to manage our relationship with our clients and to market and sell our services to you or to the legal entity that you represent.
    (c) Security data; the data that we need to collect to keep you secure.
  • This privacy policy describes Reversec’s common practices for processing all of our customers’ personal data.
  • Where we process your personal data as a data processor, such processing is not covered by this privacy policy. In such cases we have a contractual arrangement with your employer that governs the processing of your personal data and if you have any questions or concerns, or you wish to exercise your data subject rights, please contact your employer.

3. Definitions

  • This is what we mean when we make certain references within this policy.
    (a) “Client”, “you”, refers to any data subjects to us. This information may have been submitted through websites, telephone, email, registration forms, or other similar channels.
    (b) “Personal data” refers to any information on private individuals that is identifiable to them. This information may include names, email and mailing addresses, telephone numbers, billing and account information, and other, more technical information that can be linked to you, your device, or the behaviour of either, that we process while providing our services.
    (c) “Services” refer to any services provided by Reversec, including consulting and related support services.
    (d) “Website” refers to the Reversec website or any other website that Reversec hosts or controls.

4. Marketing: What kind of data we collect on you

  • From persons visiting our website, we acquire data on the device used, your IP address, the route by which you arrived at our website, and your activities therein, as well as any information you have submitted to us through forms. For more detailed information, see our website privacy policy.
  • If you provide us your data via forms – online or offline – we may ask you the following information: names of the person and company, email address, country, industry, size of company, telephone number, and area or service of interest.
  • We may also collect your information via our discussion boards or other social media hosted by Reversec, competitions, promotion, surveys, webinars, and other such events or points of interaction.
  • In addition, we may collect your data from other marketing events where we either sponsor or co-host such event with our partners.
  • If you have been identified as a decision maker or influencer by a third party, or listed as such in public sources, we typically obtain the following information on you and the organization that you represent: company name, title, name, function, language, email, zip code, city and state, country, phone number, industry, turnover, and size of company.
  • We may aggregate such data with general data on your organization.

5. Customers: What kind of data we collect on you

  • Regarding individuals, with whose employers we are in a commercial relationship, we process the following personal data on you: your name, your position / role / title, your email address and phone number, which legal entity that has purchased the service, such entity’s street / mailing address, country, your language and messaging preferences and available LinkedIn information.
  • Reversec collects this data:
    (a) Via marketing activities (more information under Marketing),
    (b) Via our website, our discussion boards or other social media hosted by Reversec,
    (c) Via competitions, promotion, surveys, webinars, and other such events or points of interaction,
    (d) Through sales, support, and account management activities.

Marketing data: for what purposes do we use it

  • We collect and process the data so that we can, based on your position in your organization, send you information to conduct customer surveys, arrange competitions, advertise and market our services (both personalized and in aggregate), and share information and know-how about cybersecurity and on our services. We also make use of the collected data in market research, website development, and business offering development.
  • Should you or the organization that you represent become our customer, we combine data collected at this pre-sales phase for you when your organization becomes our customer. In such cases, we use it in accordance with the same practices that we employ with the representatives of our corporate customers and partners.

Customers: For what purposes we use your data

  • We collect and process the data so that we can:
    (a) manage our customer relationships,
    (b) provide you with information and services that you request from us,
    (c) run joint planning sessions,
    (d) perform personalized marketing activities,
    (e) communicate in relation to both the initial sales of our services,
    (f) our other offerings and other relevant information, and
    (g) collect your feedback.
  • As you may approach us or submit information to us via multiple channels – such as our events, or website – we combine such information to make our communications relevant to your needs.
  • In addition to the abovementioned purposes, the following general purposes of personal data use apply across all of our services:
    (a) Communicate. To send you information relating to the services, conduct customer surveys, and market our services to you. The actual communication may be handled either by Reversec or by our partners.
    (b) Regulatory. To prevent fraudulent, illegal, or infringing activities and to comply with legal or regulatory requirements.

6. Legal grounds

  • This section gives you a more comprehensive explanation of the legal grounds based on which we process personal data.

Marketing

  • We collect data on individuals in influential, decision-making positions in companies that would benefit from our services. We consider such activity to be in the legitimate interests of both Reversec as a vendor and your employer as a buyer.
  • Where legitimate interest is not suitable or applicable to a type of data processing, we will seek your consent. For example, consent is the legal grounds for data that we collect on your browsing of our websites. Where we base our processing on consent, you may withdraw your consent at any time.

Web analytics data

  • To keep our interaction focused on the services that you are primarily interested in, some of the data that we collect may be based on your activity on our corporate web pages. This occurs in the event that you have consented to having such traffic linked to you, for example by filling in any of our web forms. We do not record your web traffic outside Reversec website. The more activity and interest you show in our websites, the more likely it is that we will approach you. This is elaborated in our cookie banners and in our website privacy policy.
  • If you do not wish us to have your email address for this purpose, you may freely request that we remove it from our records. The impact on you is that the messaging that you may receive from us may be less relevant for you and your employer.

Customers

  • Reversec has a legitimate interest to process personal data of the employees of its customers to its consulting services to its corporate customers, including undertaking relevant sales and marketing activities as enabled by applicable laws on different forms of marketing-related communications.
  • Where processing is required for an activity, it is necessary that we are able to process the required data. This is the case e.g. when we need to effectively communicate with the representatives of our customers, deliver and invoice the agreed services, and respond to an enquiry.
  • Where legitimate interest is not suitable or applicable to a type of data processing, we will seek your consent. For example, consent is the legal grounds for data that we collect on your browsing of our websites. Where we base our processing on consent, you may withdraw your consent at any time.

Client relationship data

  • To interact with you and to provide our services to our clients, we must process some data on you. Such processing typically occurs when you communicate with us relating to our consulting services, fill out a form or survey, submit information through our web solutions, enter a contest or sweepstakes, register your email address with us, or send us email.
  • Since we need the data to pursue the above legitimate activities, we have a right to process relevant personal data. This right typically takes place in the form of “contract performance”, “legitimate interest”, or “consent”.

Secondary uses

  • In addition to the above primary legal grounds for data collection, we may also need to use and/or continue to store data i) to meet a “legal obligation” to process data for specified purposes, or ii) under the grounds of “legitimate interest”. For an example list of situations where we may resort to such justifications, see the “Other disclosures” section.

7. Transfers and disclosures

  • We do much ourselves but also have partners to help us provide our services. This also means that we need to exchange data with our partners. When doing so, we take great care in sharing only the necessary personal data.

Marketing

  • Personal data is primarily processed by Reversec globally. Advertisers and advertising networks that require the data to select and serve relevant advertisements to you and others are listed on.

Subcontracting

  • We may transfer or disclose some of your personal data to Reversec group companies and our subcontractors who help us create the services.
  • Where our clients’ personal data needs to be transferred or disclosed to our subcontractors, we require, in our contracts with them, that they use such information solely for providing their agreed services. We require our subcontractors to process data pertaining to you in a manner that is consistent with our statements herein.

Third parties

  • Our websites may embed or interoperate with third-party services.
  • We also work closely with third parties (including, for example advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. These vendors have collected this information from private or public sources or directly from you.

International transfers

  • Reversec operates globally. Consequently, some of our affiliates, subcontractors, and partners are located in multiple countries, including outside the European Economic Area (EEA) to ensure the global reach and availability of our services. Depending on the scope of your interactions with Reversec, your personal information may be stored in or accessed from multiple countries. The locations of Reversec affiliates can be viewed from Reversec’s web pages here.
  • Personal data may also be processed in other jurisdictions, including outside the EEA, by our staff who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order and the processing of your payment details.
  • When we transfer personal data to other jurisdictions, including outside the European Economic Area, we secure such transfers of personal data according to the requirements of the law. We do this by imposing appropriate technical and contractual safeguards on relevant subcontractors and Reversec group companies, for example by using data transfer clauses that are approved by the European Union — the fixed content of such clauses is available here.
  • We only do global or cross-border data transfers for a good reason and after assessing the resulting privacy risk.
  • We store more sensitive customer data within Finland or the European Economic Area and keep it under our own control.

Other uses and disclosures

  • Information on secondary purposes for which personal data may occasionally be processed.
  • There are circumstances not covered by this privacy policy where the use or disclosure of personal data may be justified or permitted, or where we may be obligated by applicable laws to disclose information without acquiring your consent or independent of service provisioning.
  • One example includes complying with a court order or a warrant issued by the authorities in the relevant jurisdiction to compel the production of information.
  • Similarly, there may be other circumstances where there is a justifiable legitimate interest to disclose limited sets of information to a third party. Examples of such disclosures include cases where we need to protect ourselves against liability or to prevent fraudulent activity, where it is necessary to solve or contain an ongoing problem, or where we need to meet the legitimate information requirements of our insurers or governmental regulatory agencies. In any such action, we will act according to the applicable laws.
  • We may also need to transfer your personal data as part of a corporate transaction, such as a sale, merger, spin-off, or other corporate reorganization of Reversec, where the information is provided to the new controlling entity in the regular course of business. Reversec group discloses and transfers data internally as required by our then current operational model. We do, however, limit the disclosures internally to only those group companies, units, teams, and individuals who have a need to know such information for the intended purposes of processing it.
  • We weigh each disclosure requirement carefully and take the possibility of such disclosure requests into account when deciding where and how we store your personal data.

8. Sources

  • While we collect the majority of the above-mentioned data directly from you or your device, we also receive data from our affiliates. Such other sources may further include subcontractors or advertising partners who have assisted us in conducting our marketing activities.
  • We do this to create a seamless customer experience and to have the necessary information for solving support cases.
  • Typical examples of third-party sources are:
    (a) we acquire your contact data from corporate decision-maker registries for marketing purposes, and
    (b) when you use your social media account to register to our services, we collect the email address from your account to enable us to authenticate your registration and to contact you.

9. Retention Marketing

  • On a monthly basis, we purge our direct marketing records from all contacts who have not reacted to our messaging or visited our web pages during the last 24 months and who are not affiliated with any of our customers or partners.
  • If you become our customer, the data is retained for the duration of your organization’s business relation with us. User data in our corporate customer registry is stored for the duration of the engagement and up to five years after the last engagement with the customer has expired.

Solution, security and statistical data

  • Anonymized security data and statistical data are stored without a set end date as long as the data is useful for the purpose it was collected for. The other data types described above are stored for the duration given in their respective privacy policies, after which they are deleted or anonymized.

More information, exceptions, and additions

  • This text complements the abovementioned retention times. The default rule under the law is that personal data should be deleted or anonymized once it is no longer needed for its purpose.
  • However, some personal data needs to be nonetheless stored for longer periods of varying lengths due to varying reasons.
  • Typical reasons why we deviate from the primary retention times include the following examples:
    (a) grace periods and backups (e.g. keeping your personal data stored for a designated time after the end of service provisioning, so that we can safeguard the data against erroneous deletion);
    (b) applicable laws require us to store the data (e.g. to keep track of the purchase and payment of our services);
    (c) to pursue available remedies or to limit any damages that we may sustain (e.g. due to an ongoing dispute or investigation);
    (d) to solve or contain a recurring problem or to have enough information to respond to future issues (e.g. your support ticket related to a problem that was not permanently corrected during your customership);
    (e) to prevent fraudulent activity (e.g. to enforce our rights); your personal data is incorporated to other data for a secondary purpose (e.g. retaining logs);
    (f) other similar circumstances, where there continues to be a legitimate need for the ongoing storage of personal data.
  • If we have received your information when providing you with technical support, the information is stored as long as the respective support case remains unsolved. Once solved, the information is gradually deleted or anonymized within two years from closing the case.
  • Analytics data collected with the user’s consent is retained for statistical purposes and is not deleted on removal of personal data and the user account. After termination of the account, analytics data cannot be linked to any personally identifiable user
  • Data that does not contain personal data (e.g. aggregate analytical data) is retained as long as such data continues to be useful for the purpose it was collected.

10. Security

  • We apply strict security measures to protect the confidentiality, integrity, and availability of your personal data when transferring, storing, or processing it. We use physical, administrative, and technical security measures to reduce the risk of loss, misuse, or unauthorized access, disclosure, or modification of your personal data.
  • All personal data is stored on secure servers operated by Reversec or our partners with access limited to authorized personnel only.

11. Your rights

  • You have the right to the data that we have on you.
  • In particular, you have the following rights to the personal data that we hold on you:
    (a) Access and rectification. You have the right to ask us what personal data we have on you and to get a copy of the data that we can identify pertaining to you in this context. Should you find any errors (e.g. obsolete information) in such data, we urge you to contact our customer care to resolve the issue.
    (b) Objection. You are entitled to object to certain processing of personal data, including for example the processing of your personal data for marketing purposes or when we otherwise base our processing of your data on a legitimate interest. In the latter case, you need to establish a legally valid rationale for your objection.
    (c) Right to be forgotten. You also have the right to request us to cease storing your personal data and erase it. In this case you need to establish a legally valid rationale for your request.
    (d) Portability. You also have the right to ask for personal data that you yourself have provided — pursuant to a contract or your consent. You may request the data in a structured, commonly used, and machine-readable format and further that the data is transmitted to another controller, where technically feasible.
    (e) Withdrawing consent. In cases where the processing is based on your consent, you have the right to withdraw your consent at any time via relevant settings. You also have the right to opt out from our marketing communications via the preference center accessible through the link.
    (f) Restriction. If you establish that the data we have on you is incorrect or we have no legal right to use it, you may request that we cease any further processing of your personal data, and merely keep it in store until the issue is resolved.
  • You can exercise your rights via our customer care function. The links to contact us are in the “Contact information” section.
  • Note that there may be situations where our confidentiality obligations, our right of professional secrecy, and/or our obligations to provide our services (e.g. to your employer) may prohibit us from disclosing or deleting your personal data or otherwise prevent you from exercising your rights. Your above rights are also dependent on the legal grounds based on which we process your personal data.

If you have any complaints about how we process your personal data, or would like further information, please contact us at any time. If you feel that we are not enabling your statutory rights, you have the right to lodge a complaint with a local supervisory authority.

12. Analytics

  • This section outlines our general practices for the collection and processing of data for analytics purposes.
  • When speaking about Reversec data analytics, it comprises both reused service data, reused security data, and the data that is collected for analytics purposes to begin with.
  • What we collect. The data that we process for the purposes of data analytics include things like device identifier and relations between devices / users / user groups, operation environment, partial IP address.
  • Opting out. We really appreciate your help in improving our website. However, if you want to minimize all data traffic towards Reversec, we respect that. You can opt out at any time from the subsequent collection of analytical data that is non-essential to our website provisioning.
  • If you have opted out from all analytics data collection, our messaging directed to you will be based only on the service data collection (the data that we collect in any case to provide you with the services) and some of our messaging is likely to be less relevant.
  • If you oppose all collection of data from your online life (including our websites), the more wholesale method for preventing online advertisers from profiling your mobile device usage is to reset the advertising identifier from time to time and to turn on the do-not-track setting in your device settings, or to use our privacy product.
  • Data exchange. Because of the technical environment (the internet and social media), we are not able to do all of the collection and activities related to data analytics ourselves. We have to exchange some data with our online analytics and marketing partners to enable our digital analytics and marketing activities. The vast majority of the data that we have on you is not shared with others.
  • Some of our subcontractors who provide us with analytical capabilities for our products may also create and publish aggregate reports on the data that they have collected. In such cases, the statistics and aggregate reports do not contain any data that could be linked to any individual person.
  • We do not sacrifice your privacy. Where we differ from most companies doing this is in that we understand how the ecosystem works and go through great pains to select our few partners with care, removing all data that is not absolutely necessary for the above purpose. You can naturally opt out from the collection of analytics data at any time.
  • When we process the data for analytical or statistical purposes, we pseudonymize the data. In other words, our data analysts do not know the individual to which a specific data set refers to. The pseudonymization is only reversed in specified use cases. For example, when we communicate with you, we connect the results — not the full data — of our data analytics to your email address. Another example is that we may use the data to resolve issues you may have with our product, when providing you with technical support services.

13. Changes

  • This version of the policy clarifies, updates, and replaces the previous version. To continue keeping this document up to date, we will make changes and additions to this from time to time also in the future.
  • We will publish the changed policy document on our website or at another interaction point where it has previously been made available. If the changes are significant, we may also notify you by other means. Any changes will apply starting from the date that we publish the revised policy document.

14. Contact information

  • If you have any questions or concerns about the matters discussed in our privacy policies, please contact us at Reversec Consulting AB, Gårdsvägen 18, Floor 6, S-16970 Solna, Sweden or at legal@reversec.com.
  • In privacy matters you can contact Reversec’s Privacy Officer by sending a message to privacy@reversec.com.