• Personal
  • Business
Rvoke Privacy Policy

V0.3 Last updated 21st January 2019

1 Privacy By Design

At Rvoke, we care deeply about data protection and privacy.

It’s the reason we launched Rvoke: the internet is broken, personal data is everywhere. We want to fix this problem by helping everybody to exercise their data protection rights.

Atam ID Technologies Ltd. (“Rvoke”, “us”, “we”, or “our”) operates the https://rvoke.com website and the Rvoke mobile application (the “Service”).

This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data.

We keep this Privacy Policy up to date and you can always access the latest version on the Rvoke website or mobile application. When material changes are made, we will make reasonable efforts to inform you by email or notification via the Service. Your continued use of the Service constitutes your acceptance of the amended Privacy Policy.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. Unless otherwise defined, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

2 What Personal Data We Collect and Why

While using our Service, we ask you to provide us with certain personally identifiable information (“Personal Data”). If you choose not to provide your Personal Data, some aspects of the Service may not be available to you; for example, we may not be able to communicate effectively on your behalf with organisations in order to help you exercise your data protection rights.

2.1 Contact information

We collect your contact information (name, email address) in order to communicate with you in the context of the Service.

This includes:

  • Keeping you informed of communications with companies made on your behalf.
  • Responding to emails from you.
  • Sending you newsletters and other information that may be of interest to you. You may opt out of receiving these communications from us by following the unsubscribe link or the instructions provided in any email we send.

If you are in the European Economic Area (EEA), our legal basis for processing your contact information is:

  • It is necessary to provide the services you request,
  • Your consent,
  • It is necessary for the purposes of our legitimate interests such as marketing.

2.2 Identification information

In order to assist you to exercise your individual rights, we collect your identification information. This allows us to verify your identity, detect and prevent fraud, and also allows companies to identify you when you ask us to contact them on your behalf. We may therefore ask for your:

  • Email address
  • So we can communicate with you, and in order for organisations to match you with their customer record
  • Full name
  • So we can verify your identity and communicate effectively with organisations on your behalf
  • Phone number
  • So we can communicate with you and confirm your identity
  • Date of Birth, Address, National ID number, Passport number, Driver licence number:
  • So we can verify your identity and communicate effectively with organisations on your behalf and match their customer records (note: all data is hashed and encrypted and never transmitted insecurely)
  • Photograph (selfie)
  • To mitigate fraud and verify your identity, confirming that you are the person in the Photo ID (Passport, Driving Licence or National ID)

 

We encrypt all sensitive personal information. When we share this information with an organisation’s Data Protection Officer (DPO) we ensure that only the designated recipient of this information is able to access it.

When we communicate with organisations on your behalf, it is their responsibility to satisfy themselves that you are a customer of theirs. In order to do this, they may ask for additional information from you, such as a date or amount of a previous bill, a previous address, or a customer number. This information will be encrypted and only accessible to the organisation that has requested it, in order for them to accurately identify you.

If you are in the EEA, our legal basis for processing your identification information is:

  • It is necessary to provide the services you request,
  • Your consent,
  • It is necessary for the purposes of our legitimate interests, such as ensuring accurate identification of individuals for the purposes of making data protection requests on their behalf.

2.3 Location Data

We require you to select a Country of Residence. We use this data to determine which organisations you are likely to want to interact with. For example, if you live in the UK, you will typically want to communicate with UK companies.

If you are in the EEA, our legal basis for processing your location information is:

  • Your consent,
  • It is necessary for the purposes of our legitimate interests, in order for us to help you to communicate with the organisations most relevant to you (i.e. those in the same area)

2.4 Payment Information

We may provide paid products and/or services within the Service. In case you choose to buy such products and/or services, you will be required to provide your payment information such as your name and credit card details.

All payments in the Service are carried out by third-party payment processors in accordance with their privacy policy. We will not access or store your payment card details. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover to help ensure the secure handling of payment information.

The payment processors we work with are:

Apple Store In-App Payments

Their Privacy Policy can be viewed at https://www.apple.com/legal/privacy/en-ww/

Google Play In-App Payments

Their Privacy Policy can be viewed at https://www.google.com/policies/privacy/

If you are in the EEA, our legal basis for processing your payment information is:

  • It is necessary to provide the services you request.

2.5 Account Activity

We use information about your account activity in order to secure your account, detect and prevent fraud, and to measure and improve the Services. This includes your:

  • IP address
  • Login, email address and password
  • Connection information, including browser type and version, and operating system
  • Device identifier
  • Cookies
  • Interaction with the Service
  • In-Service purchases

If you are in the EEA, our legal basis for processing your account activity information is:

  • It is necessary to provide the services you request,
  • It is necessary for compliance with legal obligations,
  • It is necessary for the purposes of our legitimate interests, such as measuring and improving the Service.

3 Data Sharing

3.1 Individual Rights Requests

When you make a request to a company, exercising your data protection rights, we communicate with that company on your behalf. The Data Protection Officer (DPO) of that company needs to be satisfied that you are who you say you are. We securely share personal information with that company, in order that they can correctly find your data, and act according to your preferences.

When you give your explicit permission, we share your Personal Data in encrypted form so that only the designated recipient is able to access it.

3.2 Third Party Service Providers

We may employ third party companies and individuals to facilitate our Service, provide the Service on our behalf, perform Service-related services or assist us in analysing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

3.3 Business Transaction

If Rvoke is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will make reasonable efforts to provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

3.4 Disclosure for Law Enforcement

Under certain circumstances, Rvoke may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

3.5 Legal Requirements

Rvoke may disclose your Personal Data in the good faith belief that such action is necessary:

  • To comply with a legal obligation
  • To protect and defend the rights or property of Rvoke
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability

4 Security

The security of your data is extremely important to us.

All data we store is fully encrypted with multiple layers.

You can find out more in our Security Policy.

4.1 Personal Data

When you provide us with personal data in order for us to identify you, and for a receiving DPO to identify you, we encrypt this in such a way that only the recipient of that request is able to decrypt this data.

We need to be able to decrypt certain data in order to confirm its accuracy (e.g. email address, phone number). We also need to be able to send this information to companies with whom we are interacting on your behalf.

We use multiple rotating keys to encrypt your data; there is no master key.

Your private key is never transmitted to our servers.

4.2 Data retrieved from companies

When companies respond to requests for your Personal Data that we have made on your behalf, we have no way of accessing the Personal Data sent by them.

Data retrieved from these companies is encrypted using your private key, stored on your phone. The only person who can access this data is you.

5 Transfer of Data

Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside the European Union and choose to provide information to us, please note that we transfer the data, including Personal Data, to the European Union and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Rvoke will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.

6 Retention of Data

Rvoke will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.

Should you delete your account, we will only retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), detect and prevent fraud, resolve disputes and enforce our legal agreements and policies.

Should your account remain inactive for a period of 18 months, your account will be treated as expired. If we do not hear from you after sending you a reminder, we will delete your account and aggregate or anonymise your Personal Data.

7 Your Data Protection Rights

Where the EU General Data Protection Regulation (“GDPR”) applies, you have the following data protection rights in the circumstances set out under the GDPR and other applicable law:

The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.

The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.

The right to object. You have the right to object to our processing of your Personal Data when it relates to direct marketing, or where it is being processed on certain legal grounds.

The right of restriction. You have the right to request that we restrict the processing of your personal information in certain circumstances.

The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.

The right to withdraw consent. You also have the right to withdraw your consent at any time where Rvoke relied on your consent to process your personal information.

If you wish to exercise any of the above rights, please contact us using the details listed under “Contact Us”. Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EEA.

8 Contact Us

If you have any questions, comments or complaints about this Privacy Policy, or would like to exercise your individual rights, please get in touch with us via the following contact details:

Atam ID Technologies
[email protected]

Rvoke app icon - download from the App Store and Google Play

Download Rvoke Today

Start protecting yourself with Rvoke, and take back control of your personal data.

Download on the App Store - icon Get it on Google Play - icon