At Rvoke, we care deeply about data protection and privacy.
It’s the reason we launched Rvoke: the internet is broken, personal data is everywhere. We want to fix this problem by helping everybody to exercise their data protection rights.
Atam ID Technologies Ltd. (“Rvoke”, “us”, “we”, or “our”) operates the https://rvoke.com website and the Rvoke mobile application (the “Service”).
This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data.
2 What Personal Data We Collect and Why
While using our Service, we ask you to provide us with certain personally identifiable information (“Personal Data”). If you choose not to provide your Personal Data, some aspects of the Service may not be available to you; for example, we may not be able to communicate effectively on your behalf with organisations in order to help you exercise your data protection rights.
2.1 Contact information
We collect your contact information (name, email address) in order to communicate with you in the context of the Service.
Keeping you informed of communications with companies made on your behalf.
Responding to emails from you.
Sending you newsletters and other information that may be of interest to you. You may opt out of receiving these communications from us by following the unsubscribe link or the instructions provided in any email we send.
If you are in the European Economic Area (EEA), our legal basis for processing your contact information is:
It is necessary to provide the services you request,
It is necessary for the purposes of our legitimate interests such as marketing.
2.2 Identification information
In order to assist you to exercise your individual rights, we collect your identification information. This allows us to verify your identity, detect and prevent fraud, and also allows companies to identify you when you ask us to contact them on your behalf. We may therefore ask for your:
So we can communicate with you, and in order for organisations to match you with their customer record
So we can verify your identity and communicate effectively with organisations on your behalf
So we can communicate with you and confirm your identity
Date of Birth, Address, National ID number, Passport number, Driver licence number:
So we can verify your identity and communicate effectively with organisations on your behalf and match their customer records (note: all data is hashed and encrypted and never transmitted insecurely)
To mitigate fraud and verify your identity, confirming that you are the person in the Photo ID (Passport, Driving Licence or National ID)
We encrypt all sensitive personal information. When we share this information with an organisation’s Data Protection Officer (DPO) we ensure that only the designated recipient of this information is able to access it.
When we communicate with organisations on your behalf, it is their responsibility to satisfy themselves that you are a customer of theirs. In order to do this, they may ask for additional information from you, such as a date or amount of a previous bill, a previous address, or a customer number. This information will be encrypted and only accessible to the organisation that has requested it, in order for them to accurately identify you.
If you are in the EEA, our legal basis for processing your identification information is:
It is necessary to provide the services you request,
It is necessary for the purposes of our legitimate interests, such as ensuring accurate identification of individuals for the purposes of making data protection requests on their behalf.
2.3 Location Data
We require you to select a Country of Residence. We use this data to determine which organisations you are likely to want to interact with. For example, if you live in the UK, you will typically want to communicate with UK companies.
If you are in the EEA, our legal basis for processing your location information is:
It is necessary for the purposes of our legitimate interests, in order for us to help you to communicate with the organisations most relevant to you (i.e. those in the same area)
2.4 Payment Information
We may provide paid products and/or services within the Service. In case you choose to buy such products and/or services, you will be required to provide your payment information such as your name and credit card details.
If you are in the EEA, our legal basis for processing your payment information is:
It is necessary to provide the services you request.
2.5 Account Activity
We use information about your account activity in order to secure your account, detect and prevent fraud, and to measure and improve the Services. This includes your:
Login, email address and password
Connection information, including browser type and version, and operating system
Interaction with the Service
If you are in the EEA, our legal basis for processing your account activity information is:
It is necessary to provide the services you request,
It is necessary for compliance with legal obligations,
It is necessary for the purposes of our legitimate interests, such as measuring and improving the Service.
3 Data Sharing
3.1 Individual Rights Requests
When you make a request to a company, exercising your data protection rights, we communicate with that company on your behalf. The Data Protection Officer (DPO) of that company needs to be satisfied that you are who you say you are. We securely share personal information with that company, in order that they can correctly find your data, and act according to your preferences.
When you give your explicit permission, we share your Personal Data in encrypted form so that only the designated recipient is able to access it.
3.2 Third Party Service Providers
We may employ third party companies and individuals to facilitate our Service, provide the Service on our behalf, perform Service-related services or assist us in analysing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
3.3 Business Transaction
3.4 Disclosure for Law Enforcement
Under certain circumstances, Rvoke may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
3.5 Legal Requirements
Rvoke may disclose your Personal Data in the good faith belief that such action is necessary:
To comply with a legal obligation
To protect and defend the rights or property of Rvoke
To prevent or investigate possible wrongdoing in connection with the Service
To protect the personal safety of users of the Service or the public
To protect against legal liability
The security of your data is extremely important to us.
All data we store is fully encrypted with multiple layers.
You can find out more in our Security Policy.
4.1 Personal Data
When you provide us with personal data in order for us to identify you, and for a receiving DPO to identify you, we encrypt this in such a way that only the recipient of that request is able to decrypt this data.
We need to be able to decrypt certain data in order to confirm its accuracy (e.g. email address, phone number). We also need to be able to send this information to companies with whom we are interacting on your behalf.
We use multiple rotating keys to encrypt your data; there is no master key.
Your private key is never transmitted to our servers.
4.2 Data retrieved from companies
When companies respond to requests for your Personal Data that we have made on your behalf, we have no way of accessing the Personal Data sent by them.
Data retrieved from these companies is encrypted using your private key, stored on your phone. The only person who can access this data is you.
5 Transfer of Data
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside the European Union and choose to provide information to us, please note that we transfer the data, including Personal Data, to the European Union and process it there.
6 Retention of Data
Should you delete your account, we will only retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), detect and prevent fraud, resolve disputes and enforce our legal agreements and policies.
Should your account remain inactive for a period of 18 months, your account will be treated as expired. If we do not hear from you after sending you a reminder, we will delete your account and aggregate or anonymise your Personal Data.
7 Your Data Protection Rights
Where the EU General Data Protection Regulation (“GDPR”) applies, you have the following data protection rights in the circumstances set out under the GDPR and other applicable law:
The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Data when it relates to direct marketing, or where it is being processed on certain legal grounds.
The right of restriction. You have the right to request that we restrict the processing of your personal information in certain circumstances.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where Rvoke relied on your consent to process your personal information.
If you wish to exercise any of the above rights, please contact us using the details listed under “Contact Us”. Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EEA.
8 Contact Us