Revoke’s Privacy Policy for California Residents

Revoke Limited t/a Revoke

 Scope of Application 

Revoke Limited (“Revoke”, “us”, “we”, or “our”) knows that your privacy is important to you, and we want you to know that it is important to us too. We created this privacy policy (the “Policy”) to explain the types of information we collect through our websites on which it is posted (“Sites”) and mobile applications on which it is posted (“Apps”) (collectively with the Sites and Apps, the “Services”), how we will use, disclose and protect this information once it is collected, and how you can opt-out of some of our uses and disclosures of your information. 

 Personal Information 

“Personal Information” is information that can be used to identify you as an individual or allow someone to contact you, as well as information attributed with such information. Revoke collects the following categories of Personal Information; 

 From Consumers 

• Contact Information: name, address, email address, telephone and mobile phone number 
• Other Identifying Information: passport number, image of passport, Social Security number, driver’s license or state identification card number, and date of birth 
• Biometric: photo e.g., selfie (biometric data) 

• Internet or other electronic network activity: IP address, connection information, browser type and version, operating system, device identifier 

 How we use Personal Information 

Revoke may use Personal Information it collects for the following purposes:  

 Business Purposes 

We use your contact information, other identifying information, and biometric information to: 

• Meet our obligations in providing services to you under the terms of our agreement with you 
• Communicate with you about the services we provide 
• To manage the operation of your subscription and services contract, and subscription payments 
• To act on your behalf when contacting third party organizations in the exercise of your privacy rights 
• To send you notifications to keep you updated on the responses we have received in relation to the Revoke services you have requested from us 

• To act on your behalf when you request us to process communications regarding compensation claims against organizations which have breached your data protection rights 
• We use your other identifying information and internet or other electronic network activity to analyze preferences, trends and statistics 

Marketing and Advertising Purposes 

We use your contact information, other identifying information, and internet or other electronic activity to: 

• Inform you of our new products, services and offers 

• Provide you with targeted advertising 
• Provide you with other information from and about Revoke, including personalized marketing communications  

Maintenance and Improvement of the Services 

We use your contact information and internet activity or other electronic activity to: 

• Provide you with the Services, including to send you alerts about your account 

• Handle your customer services requests 
• Help us diagnose technical and service problems and administer our stores and the Services 

Security and Fraud Prevention or to comply with law 

We use your contact information, other identifying information, financial information, biometric, internet activity or other electronic activity to: 

• Protect the Revoke app services and related systems, Revoke, and others and to prevent fraud, theft and misconduct 

• Respond to legal process, such as a court order or subpoena or in response to a government agency or investigatory body request 
• Meet legal obligations from relevant local laws in relation to sale of product and services transactions or other specific State taxes 
• Meet any legal obligations in relation to the establishment, exercise or defense of a legal claim or meet any other legal obligations from relevant local laws 

Services provided to our customers 

The main services we offer to our customers are as follows; 

1. Data Protection Requests (to exercise your rights) 

1. Dark Web Searches (to identify if your data was in a data breach) 

1. Privacy Checks (on your social media and online accounts) 

1. Mailbox Search (to identify companies for your list) 

We have designed our services to comply with the requirements of the new European data protection law in the areas of Privacy By Design and Default. 

For Data Protection Requests and Dark Web Searches, we provide these services as an integral part of our contractual services to you, which have been communicated in our app services notices and in our Terms of Business. 

For the Privacy Checks and Mailbox Search services, you are being offered these services on an “opt-in” or “opt-out” basis, i.e. you can select to use or not use or use for a selected period of time, these specific services. These services will help facilitate the cleaning up of your digital estate, and to help us avoid contacting organizations on your behalf with whom you would have had no previous relationship. 

The Revoke app’s use and transfers to any other app information received from Google API will adhere to Google API Services User Data Policy, including the Limited Use requirements. 

Revoke helps you identify companies that hold your personal data. We do this through our Dark Web Search, Privacy Checks, and Mailbox Search features. We never contact a company on your behalf without your explicit permission. 

For more details on these services, please see our Terms of Business. 

Data collection methods 

We collect Personal Information in the following ways; 

 We collect Personal Information directly from you 

• When you download the Revoke app from Apple or Google Play app stores and agree to the terms and conditions for its use 
• When you submit the Personal Information requested by our Revoke services in order to complete the user verification process, e.g., when you give us your date of birth, address, photo ID (copy of your passport, driver’s license or state identification card number) and selfie (biometric data) so we can verify your identity and communicate effectively with organizations on your behalf and match their records 
• When you complete and submit your digital consent form(s)/requests for us to act on your behalf in relation to the exercise of your data protection rights 
• When you email us using one or all of our dedicated customer support, data protection and business email addresses 

• When you contact our customer service partner or our in-house team who can support and guide you with your data protection queries, cyber security queries and queries in relation to our Revoke services; 
• When you contact us by telephone and/or leave a voicemail message or text message or use of the online chat facility or posting messages on our social media platforms 
• When you transfer your data to us from another service provider, Revoke will agree with you the terms and transfer details prior to commencing Revoke services 
• Directly from you as a member of the public, staff member, business partner, supplier or intermediary when engaging with us directly 

We collect information passively from you 

• When you visit our Revoke website (www.revoke.com) or the Revoke app which use only essential and analytical cookie features or similar tracking technology which may track your usage of our website or app and uploading of information to the website or app to help us improve our services to you 

We collect information about you from third parties 

• From third parties such as publicly available sources and documents and any other public open forums 
• The Apps may use and transfer information received from Google APIs to other apps, and in connection with such use and transfer, we will endeavor to adhere to the Google API Services User Data Policy, including the Limited USE requirements 

We share your Personal Information 

Personal information may be shared with the following third parties: 

• Our other group companies who provide essential services for our customers on behalf of Revoke 
• Our data processors who provide services in relation to the provision of app products and services, computer systems used for the maintenance of customer subscription 
• Our data processors who provide identity verification services to protect your account 
• Our data processors who provide the dark web search service to check if your email address and related Personal Information has been breached 
• Our SMS service providers to send notifications to you regarding your requests 
• Our email manager provider to manage and deliver our email communications 
• Our customer service provider who gives advice, support and insurance information when requested; they only receive a unique reference linking to an anonymized version of your dark web search results 
• If you choose to seek assistance and follow-up on the results of your dark web search, your data may be shared if you provide approval to do so (if you separately engage them to examine your results and choose to provide them with further Personal Information beyond the reference number) and other third parties, if you choose to make a claim or commence other legal proceedings as a result of the data breach 
• Our service provider who manages the generation and reporting of statistical tracking data of our services 
• Third-party organizations you have requested us to contact on your behalf for the exercise of your data protection and consumer privacy rights 
• Revoke’s business partners who may provide professional services in relation to additional expert services 
• Revoke’s data processors who provide services in relation to the secure and safe running of its business systems and processes 
• Professional agents in the provision of required services (e.g., lawyers, bankers, accountants, auditors) 
• Governmental authorities as required by the respective laws where such disclosure is necessary for compliance with a legal obligation 
• Other third parties where requested by you and when relevant consent has been obtained from you 
• Any new owner of Revoke should it be acquired or merged with another company or as part of the re-organization of the company 

Third-party service providers are bound by the requirements of the Data Processor Agreement obligations, where your Personal Information is to be processed to high standards of confidentially and with the required security standards and arrangements to be in place. 

Choices regarding sharing and marketing practices. 

You can opt-out of receiving our marketing emails. To stop receiving our promotional emails, follow the “unsubscribe” instructions in any promotional message you receive from us. Even if you opt-out of receiving these marketing messages, we will still send you transactional messages. These include responses to your questions or other necessary information about your account. 

You can opt-out of receiving push notifications from our mobile app. To do so, turn off notifications in your mobile device’s settings. 

If you are subscribed to receive text messages from Revoke regarding your account and would like to opt-out, you may do so by going to the “My Settings” section of the Revoke app where you can turn off email, SMS, and push notifications. However, if you opt-out, we may not be able to provide the services to you. 

Cookies 

We use cookies (a small text file placed on your computer to identify your computer and web browser) and may use anonymous identifiers (a random string of characters that is used for the same purposes as a cookie). We use cookies and other similar technologies to analyze use of and improve the Service. Most web browsers are initially set up to accept cookies. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent, however, certain features of the Service may not work if you delete or disable cookies. Some of our Service Providers may use their own cookies, anonymous identifiers, or other tracking technology in connection with the services they perform on our behalf. 

 Special notice regarding children 

Our Services are not directed to children under 18 years of age. No one under age 18 may provide any information to or on the Services. We do not knowingly collect Personal Information from children under 18. If you are under 18, do not use or provide any information on the Services, through any of its features, register on the Services, make any purchases through the Services, use any of the interactive or public comment features of the Services, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at dpo@revoke.com. 

Security of your Personal Information 

As part of the Revoke consumer onboarding process your personal identification data, photo identification, and any other biometric data, is encrypted once it has been expertly verified by our service provider. Revoke does not have access to your encrypted data as only you will have the required digital encryption key to access it.  

Social media platforms 

When we use social media platforms e.g. Facebook, Twitter, Instagram, we only operate it so as to promote our own business and we would not knowingly engage in activities that go beyond this scope. Consumers (and other data subjects) are advised to refer to the respective privacy notices of these social media platforms to check your data protection and privacy rights. Revoke cannot be held responsible for third party social media platforms or websites activities. 

Transfer and access to Personal Information 

Only those third parties who are properly authorized to do so, and in accordance with this Policy, will have access to your Personal Information and for the purposes as stated in this Policy. Third parties are bound by the confidentiality and security provisions of the relevant service provider contracts and Revoke’s Terms of Business when engaging with Revoke. 

Revoke may transfer data outside of the United States where it is necessary for the performance of the contract agreed by you. Wherever your Personal Information is transferred, stored or processed by us or our Service Providers, we will take reasonable steps to safeguard the privacy of your Personal Information. Such steps may include obtaining your consent, or only transferring Personal Information to Service Providers if they agree to comply with reasonable physical, electronic and procedural safeguards designed to protect Personal Information or if they put in place adequate measures themselves. 

Retention of data 

Revoke will only retain your Personal Information for as long as is necessary to fulfill the purpose for which it was collected. 

Summary of the important data retention periods are as follows; 

• If you create an Account with us, we will retain your Personal Information for as long as you have that Account 
• If your account becomes inactive for 12 months, your account will be treated as expired. If we do not hear from you after sending you a reminder, we will delete your account within 30 days 
• Should you delete or request deletion of your Account, we will only retain and use your Personal Information to the extent necessary to comply with our legal obligations (if we are required to retain your data to comply with applicable laws), detect and prevent fraud. resolve disputes and enforce our legal agreements and policies. All requests for deletion of accounts will be actioned after 48 hours of the request 

This is subject to the exception where the data cannot be deleted for legal or regulatory reasons. 

Consumer privacy rights 

Where a consumer in California wishes to exercise their privacy rights under applicable data protection and privacy laws, they should contact Revoke’s data protection manager at dpo@revoke.com or call our US toll-free number, +1 (279) 3560049. Before helping you with your inquiry, we may ask you to verify your identity or the identity of your authorized agent. 

Consumers have the following rights under CCPA; 

• Access to your Personal Information 

You have the right to request information about your Personal Information such as the categories of Personal Information collected, the categories of sources from which we collected, the purposes for collecting, the categories of third parties and the purpose for which we shared your data with them. You may also request information about the specific pieces of Personal Information we have collected about you.  

• Deletion of your Personal Information 

You have the right to request that we delete Personal Information that we have collected from you. This right is subject to certain exceptions e.g. necessary for detecting security incidents, protecting or defending against legal claims and others. 

• Opt-out (or opt-in) of sale of your Personal Information
  We do not sell your Personal Information. 
• Not to be discriminated against for exercising your rights
  We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights. 

Each consumer request to exercise the rights noted above will be reviewed against the requirements of the Californian Consumer Privacy Act (“CCPA”), and other relevant data privacy laws, and in certain circumstances these rights may not be exercisable by the company. Full explanations will be given in such cases. 

Making a complaint 

Complaints under Californian Consumer Privacy Act (“CCPA”): 

Consumers can make a complaint under CCPA to the Office of the Attorney General, California, by completing an online form when you access this link, 

https://oag.ca.gov/contact/consumer-complaint-against-business-or-company. 

Security features 

Revoke is committed to the security of your Personal Information and has implemented appropriate commercially reasonable technical, physical and organizational measures to prevent unauthorized or unlawful processing of your Personal Information or accidental loss or destruction of your Personal Information. 

Our Security Policy is available on our website at https://revoke.com/personal/security/. 

Our website is encrypted using HTTPS (Hypertext Transfer Protocol Secure). In HTTPS the communication protocol is encrypted using Transport Layer Security (TLS). This provides a secure method of communication with us and any Personal Information uploaded onto our website is securely managed by our website data processor services. 

Email communications are scanned using the latest version of anti-virus and malware software deployed by our business. Personal Information held by Revoke Limited is only available to authorized members of staff. No staff member of the Revoke group of companies is able to access decrypted Photo ID or biometric data (Selfie). 

Our computer systems have secure audit trails and we have robust backup capabilities in place to ensure that our services can continue uninterrupted for our consumers. 

Management and employees are trained in their data protection responsibilities and obligation to handle Personal Information in a confidential manner. 

Change to this Policy 

Revoke may update this Policy at any time. The updated Policy will appear on our website www.revoke.com and www.atam.id and in our Terms of Business. 

This Policy was last updated on 13 December 2022.

Contact information 

If you have any questions, concerns or complaints with respect to this Policy or the handling of your privacy or Personal Information, please contact our data protection manager at dpo@revoke.com.