Introduction

Effective Date: 10/12/2021

Riversand Technologies Inc., including its subsidiaries and affiliates controlled directly or indirectly by it (collectively referred to as “Riversand Technologies”, “our”, “us”, “we”), is strongly committed to respect your privacy. This Privacy Notice (“Notice”) describes our privacy practices regarding personal data, how we protect it and your privacy rights under the European Union General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act of 2014 (“CCPA”), and the Personal Information Protection and Electronic Documents Act (“PIPEDA”).

What Is Covered by this Privacy Notice?

This Notice is designed to assist you in understanding how we process your personal data collected through our website, as well as in the course of providing you customer support services. In addition, it applies when you place an order with us, respond to a survey or fill out any forms from us, or when we process your personal data to sell or market our products and services. Within the scope of this Notice, Riversand is the business that makes the decisions about the processing of your personal data (also known as the “data controller”), unless expressly specified otherwise.

What Is Not Covered by this Privacy Notice?

This Notice does not cover any other data collection or processing, including the data related to our customers’ clients which we host for our customers (and for which we act as a “data processor” or “service provider”) when providing our Master Data Management (MDM)/Product Information Management (PIM), Digital Asset Management, Riversand Print, Riversand Customer MDM, Riversand Vendor Portal and Retail Connectors (the “Services”). The personal data submitted to us as a data processor or service provider within the Services is governed by the Riversand Platform Privacy Notice and applicable law.

What Can You Find in this Notice?

This Notice will tell you, among other things:

Lawful Bases of Processing and Purposes of Processing

The GDPR and other applicable data protection laws require that we have a valid reason to use your personal data. This is called the "lawful basis for processing.” When operating as a data controller, we may process your personal data:

  • Because you gave your consent.
  • Because we need to perform a contract with you.
  • Because we have a legitimate interest in processing your personal data and it is not overridden by your rights. Some of those interests include:
    • Identifying and preventing fraud; and
    • Enhancing the security of our network and information systems.
  • Because we need to comply with the law.
  • On another ground, as required or permitted by law.

When we rely on legitimate interests as a lawful basis of processing, you have the right to ask us more about how we decided to choose this legal basis. To do so, please use the contact details provided below.

Where we process your personal data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect the validity of our processing of personal data performed on other lawful grounds.

Where we receive your personal data as part of providing our Services to you based on a contract, we require such personal data to be able to carry out the contract. Without that necessary personal data, we will not be able to provide the Services to you.

You also have the option to subscribe/opt-in to receive newsletters, new alerts and marketing content. You can always opt-out of such options using our blog or click the “unsubscribe/opt-out” link at the bottom of an email newsletter. Riversand shall adhere to your preferences.

What Personal Data Do We Process? How Do We Obtain It?

Personal Data Collected Automatically

Our website collects certain information automatically and stores it as logs. The information collected by us is as follows:

  • Riversand’s website uses cookies and web beacons. Riversand has enabled personalized advertisements based on your interests, using information made available when you interact with our website. Personalized or targeted ads are displayed based on your activities on Riversand and third-party websites which includes but is not limited to visiting the website and interacting with content provided on the website. Cookies are used to enable us to learn what actions you perform on the website. These ads are displayed on external websites unaffiliated to Riversand. To know more about our use of cookies, please see our Cookie Policy.
  • Internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, device type used to access the website, browser type, operating system and other information about the usage of Riversand's website, including a history of the pages you view. This is typically done to recognize your device, the pages of our website that you visit, the time and date of your visit, the time spent on those pages and other statistics to enable us in providing better user experience to you in your future visits to this website.

Personal Data Collected From You

We directly collect personal data from you in the following ways:

  • When you contact us by using one of the contact forms on our website, we collect your name, email address, country of residence, phone number, job title, company you represent and details of the inquiry to enable us to respond to a general/business inquiry made by you on behalf of your company.
  • When you apply for employment on our Careers web page, we collect your name, email address, address details and phone number enable us to contact or respond you for the employment purposes.
  • When you ask to receive communications from us by registering for one of our newsletters. In order to send you our newsletters, other news alerts that you may have subscribed to, and invite you to webinars, we ask for your name, phone number, designation, email address and the company or organization you represent. Please note that we may also be collecting any information that you may have mentioned in any communication/email that you send to us after registering with us.
  • When you provide us with your email address by writing us to privacy@riversand.com to subscribe or unsubscribe to our newsletter. The preference center keeps track of your communication preferences (over email) and areas of interest (such as receiving newsletters and/or webinar notifications) that you may have either opted into or opted out of.

For What Purposes Do We Use Your Personal Data?

We may process your personal data for the purposes of:

  • establishing communication with prospective clients (whom you represent)
  • responding to your requests or questions
  • enhance user experience
  • administering contests, promotions, or surveys
  • processing your transactions
  • developing and tracking sales leads
  • sending periodic emails regarding your orders or other products and services
  • facilitating and optimizing our sales operations.

To achieve the above purposes we need to perform different types of processing activities on your personal data, such as storage, access, transmission, consultation, manipulation and combination.

Security

We are strongly committed to keeping your personal data safe. We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect your personal data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction.

Whenever personal data is collected and processed, there is always a slight risk that the personal data may be breached, misused, or otherwise result in a harm to you. However, we take several measures to ensure that this risk is mitigated as much as possible. These measures include limiting the personal data about you that we collect and process to solely what is necessary, not collecting sensitive personal data about you, and implementing appropriate security measures, as described in this Notice.

Sharing Personal Data with Third Parties

We are part of an international group of companies and, as such, we transfer personal data among our subsidiaries and affiliated entities and delivery centers for the purposes explained above.

We also share your personal data with certain third parties who assist us in operating our website, conducting our business, or servicing you. However, these third parties are required to keep your personal data confidential, only use it for the services they provide to Riversand, and treat your personal data with the same level of protection that we do. The categories of third parties to which we may disclose your personal data include:

  • hosting services;
  • CRM software services;
  • project management services;
  • email software services;
  • cloud storage services;
  • communication and collaboration services;
  • customer support services;
  • consultation services;
  • IT services;
  • web analytics services.

Note if you are located in the EU: Some of these third parties may be located outside of the European Union or the European Economic Area. In some cases, the European Commission may have determined that in some countries, their data protection laws provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission has recognized as providing an adequate level of protection to personal data. We will only transfer your personal data to third parties in countries not recognized as providing an adequate level of protection to personal data when there are appropriate safeguards in place. These may include the European-Commission-approved standard contractual data protection clauses under Article 46.2 of the GDPR, or BCRs for processors under Article 47 of the GDPR.

Sales of Your Personal Data

Riversand generally does not directly sell your personal data in the conventional sense (for money). Like many companies, however, we use services that help deliver interest-based ads to you or analyze our website traffic and may transfer personal data to business partners for their use. Making personal data (such as online identifiers or browsing activity) available to these companies may be considered a “sale” under the CCPA.

If you would like to opt out of the sales of your personal data that take place via cookies, please disable cookies.

Other Disclosures of Your Personal Data

We may disclose your personal data to the extent required by law or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). If we have to disclose your personal data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your personal data.

We may also disclose your personal data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your personal data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in the section above.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal purpose. Such data does not include any personal data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

Personal Data Retention

Riversand will:

  • Keep all personal data for as long as is reasonably necessary taking into consideration Riversand’s need to answer queries or resolve problems, or any other purpose outlined above or to comply with legal requirements under applicable law(s). This means that Riversand may retain your personal data for a reasonable period after, for example, the end of the contract with the client you represent, or after your query has been addressed. After this period, your personal data will be deleted from all Riversand systems.
  • Honor your request to have your personal data deleted at any time. You may always choose to opt-out by writing to us at privacy@riversand.com.

Automated Decision-Making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making. There will always be human intervention into decisions based on automated processing, including automated analytics, testing, and profiling. If this position changes, or there is a need and lawful basis to do so, we will inform you.

What Privacy Rights Do You Have?

You have specific rights regarding your personal data collected and processed by us. In this section, we first describe those rights and then we explain how you can exercise those rights.

Right to Know What Happens to Your Personal Data

This is called the right to be informed. It means that you have the right to obtain from us all information regarding our data processing activities that concern you, such as how we collect and use your personal data, how long we will keep it, and who it will be shared with, among other things.

We are informing you of how we process your personal data with this Notice.

Right to Know What Personal Data We Have About You

This is called the right of access. This right allows you to ask for full details of the personal data we hold about you.

You have the right to obtain from us confirmation as to whether or not we process personal data concerning you, and, where that is the case, a copy or access to the personal data and certain related information. Once we receive and confirm that the request comes from you or your authorized agent, we will disclose to you:

  • The categories of personal data we collected about you;
  • The categories of sources for the personal data we collected about you;
  • Our purposes for processing that personal data;
  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • The categories of third parties with whom we share that personal data;
  • The specific pieces of personal data we collected about you;
  • If we sold or disclosed your personal data for a business purpose, two separate lists laying out the:
    • categories of personal data sold, and the categories of recipients who purchased the personal data; and
    • categories of personal data disclosed for a business purpose, identifying the categories of recipients who obtained the personal data;
  • If we rely on legitimate interests as a lawful basis to process your personal data, the legitimate interests pursued by us or by a third party; and
  • The appropriate safeguards for transferring data from the EU to a third country, if applicable.

Please take into account that the GDPR allows us not to satisfy your access request when:

  • you already have the information;
  • providing such information proves impossible or would involve a disproportionate effort, or in so far providing such information is likely to render impossible or seriously impair the achievement of the objectives of that processing; and
  • that personal data must remain confidential subject to an obligation of professional secrecy regulated by Union or Member State law, including a statutory obligation of secrecy.

The CCPA does not allow us to disclose account passwords or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific items to you for security and legal reasons.

Right to Correct Your Personal Data

This is called the right to rectification. It gives you the right to ask us to correct anything that you think is wrong with the personal data we have on file about you and to complete any incomplete personal data.

Right to Delete Your Personal Data

You may be able to remove information from your account after logging in or even to entirely delete your account on our Services. If there is any other personal data you would like deleted, you can ask us to do so using the contact information listed in this Notice.

Sometimes we can delete your information, but other times it may not be possible, such as when the law tells us we cannot do so. If that is the case, we will consider if we can limit how we use it. There may also be circumstances where we deny your request to delete your information under applicable law, such as if we or our service providers need to retain the personal data to:

  • Complete the transaction for which we collected the personal data;
  • Provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • Debug products to identify and repair errors that impair existing intended functionality;
  • Enable solely internal uses reasonably aligned with your expectations based on your relationship with us;
  • Comply with a legal obligation, including (but not limited to) obligations from the California Electronic Communications Privacy Act; or
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Ask us to Change How We Process Your Personal Data

This is called the right to restrict processing. It is the right to ask us to only use or store your personal data for certain purposes
You have this right in certain occasions, such as where you believe the data is inaccurate or the processing activity is unlawful. This right enables you to ask us to suspend the usage of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

Right to Ask Us to Stop Using Your Personal Data

This is called the right to object. This is your right to tell us to stop using your personal data. You have this right where we rely on a legitimate interest of ours (or of a third party). Also, you have the right to object at any time to the processing of your personal data for direct marketing purposes.

We will stop processing the relevant personal data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your personal data to establish, exercise, or defend a legal claim.

Right to Port or Move Your Personal Data

This is called the right to data portability. It is the right to ask for and download personal data about you that you have given us or that you have generated by virtue of the use of our services, so that you can:

  • move it;
  • copy it;
  • keep it for yourself; or
  • transfer it to another organization.

We will provide your personal data in a structured, commonly used, and machine-readable format. When you make a data portability request electronically, we will provide you a copy in electronic format.

Right to Lodge a Complaint with a Supervisory Authority

If the GDPR applies to the processing of your personal data with us, the GDPR grants you the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your personal data.
In particular, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or of the alleged violation of the GDPR.

If the LGPD applies to the processing of your personal data with us, the LGPD grants you the right to lodge a complaint with the ANPD if you are not satisfied with how we process your personal data.

Withdraw any consent you may have provided to us at any time by contacting us.

If you withdraw your consent, our use of your personal data before you withdraw is still lawful. If you have given consent for your details to be shared with a third party, and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.

Right to Opt Out of the Sale of Your Personal Data

You have the “right to opt out”, which means you have the right to ask us to not sell your personal data at any time.

Note: Riversand does not sell the personal data of client, employees, contractors or any other personal data in any circumstances).

As our use of some of the cookies that we use for statistical purposes and marketing purposes is the only sale of your personal data that Riversand may be engaging in, the only way to opt out of sales of personal data is to reject cookies through our cookie consent management tool.

Right Not to be Discriminated Against for Exercising your Privacy Rights

We will not discriminate against you for exercising any of your privacy rights, meaning we will not:

  • deny you goods or services; nor
  • charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; or provide you a different level or quality of goods or services.

How Can You Exercise Your Privacy Rights?

To exercise the rights outlined above in respect of your personal data you may contact us at privacy@riversand.com indicating [DATA PROTECTION REQUEST] in the subject line.

Verification of Your Identity

Bear in mind that to evaluate your privacy rights requests, we need to be sure it was you who made the request. Consequently, we may need some information to confirm that you are who you say you are.

For requests submitted via password-protected accounts, your identity is already verified.

For requests sent by other means, you will need to provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected personal data. Generally, we will request only information that we may have about you to confirm your identity, but under some circumstances we may require additional information or documentation to complete your request. We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request. Making a request does not require you to create an account with us.

We will only use the personal data you provide us in a request to verify your identity or authority to make the request.

Please note that you may only make a consumer request to know or data portability twice within a 12-month period under the CCPA.

Verification of Authority

If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual. When contacting us, please provide us with proof that the individual gave you signed permission to submit this request, a valid power of attorney on behalf of the individual.

Alternatively, you may ask the individual to directly contact us by using the contact details above to verify their identity with us and confirm with us that they gave you permission to submit this request.

We will only use the personal data you provide us in a request to verify your authority.

Response Timing and Format of Our Responses

We will confirm the receipt of your request within ten (10) days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.

Please allow us up to thirty (30) days to reply to you from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why, and the extension period, in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will send our written response by mail or electronically, at your option.

If we cannot satisfy a request from you, we will also explain why in our response.

We will not charge a fee for processing or responding to your requests unless we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

Information About Children

Our websites deliver business-related content and are specifically aimed at and designed for use by adults. We do not knowingly solicit or collect information from or about individuals under the age of 18 years.

External Website Links

This website contains links that may lead you to other sites. Be careful when accessing these links, as Riversand is not responsible for the privacy practices or the content of such other websites.

Changes to Our Notice

If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Last updated” date. By continuing to use our Services after we post any of these changes, you accept the modified Notice.

Our Contact Details

If you have any questions about this Notice or our processing of your personal data, or want to submit a verifiable consumer request, please write to the Riversand privacy team by email at privacy@riversand.com or call at 1-877-847-5467 or by postal mail at:

Riversand
Attn: Debra Osborn, Senior Counsel
141 W. Jackson Blvd., Ste 1220
Chicago, IL 60604
United States

Please allow up to four weeks for us to reply.

European Union Representative

We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of personal data. To contact VeraSafe, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
VeraSafe Czech Republic s.r.o.
Klimentská 46,
Prague 1,
11002,
Czech Republic

United Kingdom Representative

We have appointed VeraSafe as our representative in the UK for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of personal data. To contact VeraSafe, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at +44 (20) 4532 2003.

Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom

Data Protection Officer

We have appointed VeraSafe as our Data Protection Officer (“DPO”). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of personal data. VeraSafe’s contact details are:

VeraSafe, LLC
100 M Street S.E., Suite 600
Washington, D.C. 20003
USA

Email: experts@verasafe.com

Riversand Platform Privacy Policy

Effective Date: 09/20/2021

Introduction and Scope

Riversand Technologies Inc., including its subsidiaries and affiliates (“Riversand,” “we,” “us,” “our”) takes the protection of personally identifiable information (“Personal Data”) very seriously.

We process Personal Data when providing our Master Data Management (MDM)/Product Information Management (PIM), Digital Asset Management, Riversand Print, Riversand Customer MDM, Riversand Vendor Portal and Retail Connectors (the “Services”). This Privacy Notice (the “Notice”) addresses data subjects whose Personal Data we may process to provide the Services.

In connection with the Services, we act only as a storage and service provider, and in general shall only access Personal Data at our customers’ request in connection with customer support or account administration matters, as is reasonably necessary in order to provide the Services that our customers have directed us to provide, or as may be required by law.

Please read this Notice to learn more about the ways in which we collect, use, and otherwise process your Personal Data to provide the Services to you. This Notice also explains your rights under the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”), and other applicable privacy laws (“Applicable Laws”).

This Notice does not apply to Personal Data we collect by other means, such as Personal Data that we receive directly through Riversand’s own publicly accessible website (www.riversand.com) or as part of our sales and marketing efforts, or the Personal Data of our employees.

Controllership

In the context of this Notice, Riversand acts as a “data processor” or “service provider” for the Personal Data we process to provide the Services for our customers. This means that our customers determine the type of Personal Data they provide to Riversand to process on their behalf and what Riversand must do with it. We typically have no direct relationship with the individuals whose Personal Data we receive from our customers.

Basis of Processing

Within the scope of this Notice, we process Personal Data based on the documented instructions of our customers. To learn about our customers’ lawful bases for processing your Personal Data, please read their privacy notices.

How We Receive Personal Data

We may receive your Personal Data when:

  • you provide it directly to us as part of using our Services;
  • our customers (including their employees, contractors, and other representatives of the company) provide it to us;
  • our customers’ clients provide it to us; or
  • we receive it from other companies within our corporate group.

Categories of Personal Data

We may process the following types of Personal Data:

  • identifiers, such as the username to access the Services;
  • biographical information, such as first and last name;
  • professional information, such as job title and company name;
  • contact information, such as email address.

Purposes of Processing

We may process your Personal Data for the purposes of:

  • enabling the use of the Services;
  • improving the Services; and
  • responding to your requests or questions.

Data Retention

We retain Personal Data for as long as instructed by the respective customer (who typically acts as a data controller). In the absence of any instruction by the customer, Personal Data used for a project shall be disposed once the project is complete, or as defined by Riversand’s data retention and disposal policy. As a general rule, we will delete all Personal Data associated with the employees of our customers within thirty days from the day the account with our customer was cancelled.

Sharing Personal Data with Third Parties

We may share Personal Data with our subsidiaries and affiliates, as well as with our service providers, who process Personal Data on our behalf and who agree to use the Personal Data only to assist us in providing our Services or as required by law. Our service providers may provide:

  • application hosting services;
  • email software;
  • cloud storage services;
  • IT services;
  • customer support services;
  • analytics services;
  • CRM software; and
  • product content distribution platforms and solutions;
  • cloud e-commerce software;
  • product content integration, optimization and distribution in commerce software;
  • software implementation services;
  • low-code integration SaaS;
  • data and security programming solutions;
  • in-app guidance and performance support;
  • response management software;
  • testing platforms; and
  • project management software;

Some of these third parties may be located outside of the United States of America. However, before transferring your Personal Data to these third parties, we will either ask for your explicit consent or require the third party to maintain at least the same level of privacy and security for your Personal Data that we do. We remain liable for the protection of your Personal Data that we transfer to third parties, except to the extent that we are not responsible for the event that leads to any unauthorized or improper processing.

In addition, some of these third parties may be located outside your jurisdiction (for example, outside of Canada, the European Economic Area, Switzerland or the United Kingdom). For example, some of these third parties are located in the United States of America and India. In some cases, the authorities of your jurisdiction  may have determined that the countries’ data protection laws provide a level of protection equivalent to the laws of your jurisdiction. You can see here the list of countries that the European Commission has recognized as providing an adequate level of protection to Personal Data. We will only transfer your Personal Data to third parties in these countries when there are appropriate safeguards in place. These safeguards may include the Standard Contractual Clauses as approved by the European Commission under Article 46.2 of the GDPR.

We do not sell your Personal Data.

Other Disclosures of Your Personal Data

We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates for business purposes, if necessary and as described in the section above.

We reserve the right to use aggregated, anonymous data about individuals whose Personal Data we process for any legal business purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

If we must disclose your Personal Data in order to comply with official investigation or legal processing initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy and security of your Personal Data.

Cookies

Riversand does not use cookies to provide the Services. To learn about the use of cookies in relation to our website www.riversand.com, please review our Cookie Policy.

Data Integrity & Security

Riversand has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction.

Risk of Harm

Whenever Personal Data is collected and processed, there is always a slight risk that the Personal Data may be breached, misused, or otherwise result in a harm to you. However, we take several measures to ensure that this risk is mitigated as much as possible. These measures include limiting the Personal Data about you that we collect and process to solely what is necessary, not collecting sensitive Personal Data about you, and implementing appropriate security measures, as described in this Notice.

Your Privacy Rights

If we process your Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data. You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability.

Please note that requests should generally be sent directly to the Riversand customer who provided your Personal Data to us. Riversand has limited rights to access Personal Data our customers submit to us. If sending the request directly to the Riversand customer is not possible for any reason and you decide to contact us with such a request, please provide the name of the Riversand customer who submitted your Personal Data to us. We will forward your request to that customer and provide any needed assistance as they respond to your request.

Privacy of Children

We do not knowingly collect Personal Data from anyone under the age of 13. In the event that we learn that we process Personal Data from a child under the age of 13, we will delete the Personal Data we have stored as quickly as possible. If you believe that we might have any Personal Data from or about a child under the age of 13, please contact us or the customer that has provided the child’s information to us.

Changes to this Notice

If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date. By continuing to use the Services after we post any of these changes, you accept the modified Notice.

Contact Us

If you have any questions about this Notice or our processing of your Personal Data, please contact us by email at privacy@riversand.com or by postal mail at:

Riversand Technologies Inc.
Attn: Debra Osborn, Senior Counsel
141 W. Jackson Blvd., Ste 1220
Chicago, IL 60604
United States
Please allow up to four weeks for us to reply.

European Union Representative

We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd

Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

VeraSafe Netherlands BV
Keizersgracht 391 A
1016 EJ Amsterdam
The Netherlands

VeraSafe Czech Republic s.r.o.

Klimentská 46,
Prague 1,
11002,
Czech Republic

United Kingdom Representative

We have appointed VeraSafe as our representative in the United Kingdom for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.

Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom

Data Protection Officer

We have appointed VeraSafe as our Data Protection Officer (“DPO”). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:

VeraSafe, LLC
100 M Street S.E., Suite 600
Washington, D.C. 20003 USA
Email: experts@verasafe.com
Web: https://www.verasafe.com/about-verasafe/contact-us/