How we handle private information
RavenPack International | April 15, 2019
- The types of personal information we collect
- How we use personal information
- When we share personal information
- Where we store and process personal information
- How we secure personal information
- How long we keep personal information
- Your right to access and correct your personal information
- Other tracking technologies
- Connecting via social networks
- Links and connections to third-party services
- Children’s privacy
- How to contact us
Your privacy and trust are important to us and this Privacy Statement (“Statement”) provides important information about how RavenPack International S.L. and its affiliated companies and subsidiaries (together "RavenPack,” “we,” or “us”) handle personal information. This Statement applies to any RavenPack website, application, product, software, or service of our that hyperlinks to this Statement (collectively, our “Services”).
It does not generally apply to individuals whose personal information forms part of the content included within our products, although you can find further information on that topic here.
Please read this Statement carefully and contact our Data Protection Officer if you have any questions about our privacy practices or your personal information choices. It is important that you check back often for updates to this Statement. If we make changes we consider to be important, we will let you know by placing a notice on the relevant Services and/or contact you using other methods such as email.
This Statement was last updated on March 21, 2018
RavenPack is committed to the responsible handling and protection of personal information.
Personal information means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
We collect, use, disclose, transfer, and store personal information when needed to provide our Services and for our operational and business purposes as described in this Statement. We want to be clear about our privacy practices so that you can make informed choices about the use of your information, and we encourage you to contact us at any time with questions or concerns.
The types of personal information we collect
We collect personal information from you, for example, if you register for an event, request information, purchase or use our Services, or request customer support. We may ask you to provide information such as your name, address, phone number, email address, username and password, and information about your device. Not all of the personal information RavenPack holds about you will always come directly from you. It may, for example, come from your employer (e.g. RavenPack Enterprise), other organizations to which you belong (e.g. RavenPack Enterprise), or a professional service provider such as your tax or accounting professional or attorney, if they use our Services. We also collect personal information from third parties such as our partners, service providers, and publicly available websites, to offer Services we think may be of interest and to help us maintain data accuracy and provide and enhance the Services.
In addition, our servers, logs, and other technologies automatically collect certain information to help us administer, protect, and improve our Services; analyze usage; and improve users’ experience. We share personal information with others only as described in this Statement, or when we believe that the law permits or requires it.
Occasionally we collect and process what may be considered sensitive personal information.
Sensitive personal information is a subset of personal information and is generally defined as any information related to racial/ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, other medical information including biometric and genetic data, or sexual life or preferences. In some instances, sensitive personal information may also include criminal allegations or convictions, precise geolocation information, financial and bank account numbers, or unique identifiers such as government-issued social security numbers, driver’s license, and passport numbers.
For example, if you purchase something from us or subscribe to our Services, we will collect payment information, such as financial or bank card information, and other information necessary for us to process the transaction. If you or your service professional uses our Tax & Accounting Services, we will collect and process financial and tax information. Some of our Services will ask you to share your precise geolocation so we can customize your experience and increase the accuracy of the Service. We may also collect information such as a government-issued identification number if you use our eRecruitment Services to apply for employment. Information that is considered sensitive under applicable law will be handled in accordance with such laws.
How we use personal information
We process personal information for these service-and business-related purposes
- Account setup and administration: We use personal information such as your name, email address, phone number, and information about your device to set up and administer your account, provide technical and customer support and training, verify your identity, and send important account, subscription, and Service information.
- Personalization: We use personal information to deliver and suggest tailored content such as news, research, reports, and business information and to personalize your experience with our Services. Some of our Services will ask you to share your precise geolocation so we can customize your experience and increase the accuracy of the Service. If you agree to share your precise geolocation with us, you will be able to turn it off at any time by going to the privacy settings on your mobile device or online.
Marketing and events: We use personal information to deliver marketing and event communications to you across various platforms, such as email, telephone, text messaging, direct mail, and online. If we send you a marketing email, it will include instructions on how to opt out of receiving these emails in the future. We also maintain email preference centers for you to manage your information and marketing preferences. Please remember that even if you opt out of receiving marketing emails, we may still send you important Service information related to your accounts and subscriptions.
Contact Forms: The User can contact RavenPack, through the forms established for this purpose on the Website. To this end, the User must provide RavenPack information about the type of query, their name and surname, country from which the query originates, their e-mail, telephone number as well as the purpose for the inquiry they wish to perform. RavenPack will use this data to process the query and contact the User.
The legal basis for the processing of such data is based on the User’s consent.
- Request a trial: The User can request a trial of RavenPack services online. To do so, the User must provide their personal data, such as name, surname and e-mail. RavenPack will use this data to process the query and contact the User to supply its services. The legal basis for the processing of such data is based on the User’s consent. The retention period of this data will be adequate to comply with the contractual obligations and, in any case, up to five more years for tax procedures and to cover possible liabilities, unless other terms are applicable.
- Register to Events: The User authorises RavenPack to use the data to carry out and manage their participation in the events organized by RavenPack. The legal basis for the processing of such data is based on the User’s consent.
Request material presented at events: The User can request marketing material from events organized by RavenPack. For this purpose, the User must provide their name and surname, telephone number and e-mail. RavenPack will use this data to provide the material requested.
The legal basis for the processing of such data is based on the User’s consent.
- Request White Paper: The User can request research papers written by RavenPack’s Data Science team and third parties. To do so, the User must fill in the form with their personal data such as name, surname, telephone number and e-mail. The legal basis for the processing of such data is based on the User’s consent.
- Contact Forms: The User can contact RavenPack, through the forms established for this purpose on the Website. To this end, the User must provide RavenPack information about the type of query, their name and surname, country from which the query originates, their e-mail, telephone number as well as the purpose for the inquiry they wish to perform. RavenPack will use this data to process the query and contact the User.
Advertising purposes and special treatments:
- Advertising: If the User expressly authorizes it, RavenPack may send advertising of its services, such as news of its products. The User may revoke this consent at any time by sending an email to email@example.com or in writing to the physical address indicated in our “How to contact us” section. The legal basis for the processing of such data is based on the User’s consent. Moreover, if the User subscribes to request a trial of the services provided by RavenPack, requests white papers related to research carried out by RavenPack or third parties, registers to attend events organized by the firm or requests marketing material from these events, we may send you commercial communications by email about RavenPack products, to the extent that they are similar to product or service contracted by the User, and unless the User tells us otherwise through the procedure established for that purpose. The user may revoke this consent at any time. The legal basis for the processing of such data is based on the consent of the User. The term of conservation of the data will be of the time that remains registered in our system for the sending of publicity.
- Surveys and polls: If you choose to participate in a survey or poll, any personal information you provide may be used for marketing or market research purposes.
- Research and development: We use personal information for internal research and development purposes and to improve and test the features and functions of our Services.
- Hosted services: Some of our Services provide data and document storage as an integral part of the product or solution offering. Documents and data stored by our customers may contain personal information in business and personal tax forms, payroll and financial data, and legal and litigation-related documents, for example. Any information stored by or on behalf of our customers is controlled and managed by and only made accessible to those customers or others our customers may authorize from time to time. Our access to this information is limited to RavenPack's personnel with a critical business reason, such as technical support.
- Legal obligations: We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law, which may include laws outside your country of residence; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (c) to enforce our terms and conditions; and (d) to protect our rights, privacy, safety, or property, or those of other persons.
When we share personal information
RavenPack shares or discloses personal information when necessary to provide Services or conduct our business operations as described below. When we share personal information, we do so in accordance with data privacy and security requirements. We may occasionally share non-personal, anonymized, and statistical data with third parties. Below are the parties with whom we may share personal information and why.
- Within RavenPack: Our businesses around the world are supported by a variety of RavenPack teams and functions, and personal information will be made available to them if necessary for the provision of Services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All of our employees and contractors are required to follow our data privacy and security policies when handling personal information.
- Our business partners: We occasionally partner with other organizations to deliver co-branded Services, provide content, or to host events, conferences, and seminars. As part of these arrangements, you may be a customer of both RavenPack and our partners, and we and our partners may collect and share information about you. RavenPack will handle personal information in accordance with this Statement, and we encourage you to review the privacy statements of our partners to learn more about how they collect, use, and share personal information.
- Our third-party service providers: We partner with and are supported by service providers around the world. Personal information will be made available to these parties only when necessary to fulfill the services they provide to us, such as software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; and order fulfillment and delivery. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us.
Third parties for legal reasons: We will share personal information when we believe it is required, such as:
- To comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities, which may include such authorities outside your country of residence.
- In the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings)
- To protect our rights, users, systems, and Services.
- E-recruitment partners: If you register as a user of our e-recruitment Services in order to apply for employment, your personal information, including any sensitive personal information you provide, will be made available to the organization to which you have applied. In order to consider an application fully, your personal information may be forwarded to an organization’s global offices.
Where we store and process personal information
RavenPack is a global organization, and your personal information may be stored and processed outside of your home country. We take steps to ensure that the information we collect is processed according to this Privacy Statement and the requirements of applicable law wherever the data is located.
RavenPack has networks, databases, servers, systems, support, and help desks located throughout our offices around the world. We collaborate with third parties such as cloud hosting services, suppliers, and technology support located around the world to serve the needs of our business, workforce, and customers. We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within RavenPack or to third parties in areas outside of your home country.
When we transfer personal information from the European Economic Area to other countries in which applicable laws do not offer the same level of data privacy protection as in your home country, we take measures to provide an appropriate level of data privacy protection. In other words, your rights and protections remain with your data. For example, we use approved contractual clauses, multiparty data transfer agreements, intragroup agreements, and other measures designed to ensure that the recipients of your personal information protect it. If you would like to know more about our data transfer practices, please contact our Data Protection Officer.
How we secure personal information
RavenPack takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
Policies and procedures
- We have measures in place to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data
- We have a Business Continuity and Disaster Recovery strategy that is designed to safeguard the continuity of our service to our clients and to protect our people and assets
- We place appropriate restrictions on access to personal information
- We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely
- We conduct Privacy Impact Assessments in accordance with legal requirements and our business policies
Training for employees and contractors
- We require privacy, information security, and other applicable training on a regular basis for our employees and contractors who have access to personal information and other sensitive data
- We take steps to ensure that our employees and contractors operate in accordance with our information security policies and procedures and any applicable contractual conditions
Vendor risk management
- We require, through the use of contracts and security reviews, our third-party vendors and providers to protect any personal information with which they are entrusted in accordance with our security policies and procedures
How long we keep personal information
RavenPack has a Records Management team that works in conjunction with the Privacy Office to implement policies and rules relating to the retention of personal information. We have an Enterprise Records Retention Schedule that is based upon a classification scheme consisting of Business Functions, Record Classes, and Record Types. We retain personal information for as long as we reasonably require it for legal or business purposes. In determining data retention periods, RavenPack International takes into consideration local laws, contractual obligations, and the expectations and requirements of our customers. When we no longer need personal information, we securely delete or destroy it.
Your right to access and correct your personal information
We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.
- Access to personal information: If you request access to your personal information, we will gladly comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data.
- Correction and deletion: You have the right to correct or amend your personal information if it is inaccurate or requires updating. You may also have the right to request deletion of your personal information via email to firstname.lastname@example.org.
- Marketing preferences: To opt out of email marketing, you can use the unsubscribe link found in the email communication you receive from us. For other marketing preferences, you can use the “Contact Us” option within the relevant Service. Information related to controlling cookies can be found here.
Please contact our Data Protection Officer with any requests related to your personal information.
At any time, the User may lodge a complaint with the control authority.
The legitimation base for the treatment of such data is based on the consent of the User.
Other tracking technologies
Web server & application logs: Our servers automatically collect certain information to help us administer and protect the Services, analyze usage, and improve users’ experience. The information collected includes:
- IP address and browser type
- Device information including Unique Device Identifier (UDID), MAC address, Identifier For Advertisers (IFA), and similar identifiers we or others may assign
- Device operating system and other technical facts
- The city, state, and country from which you access our website
- Pages visited and content viewed, stored, and purchased
- Information or text entered
- Links and buttons clicked
- URLs visited before and after you use our Services
Connecting via social networks
Some of our Services may include social networking features, such as the Facebook® “Like” button and widgets, “Share” buttons, and interactive mini-programs. Additionally, you may choose to use your own social networking logins from, for example, Facebook or LinkedIn®, to log into some of our Services. If you choose to connect using a social networking or similar service, we may receive and store authentication information from that service to enable you to log in and other information that you may choose to share when you connect with these services. These services may collect information such as the web pages you visited and IP addresses, and may set cookies to enable features to function properly. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to the third-party services you connect to, use, or access. If you do not want your personal information shared with your social media account provider or other users of the social media service, please do not connect your social media account with your account for the Services and do not participate in social sharing on the Services.
Links and connections to third-party services
Our Services may contain links to and may be used by you in conjunction with third-party apps, services, tools, and websites that are not affiliated with, controlled, or managed by us. Examples include Facebook, LinkedIn, Twitter® and, third-party apps like voice software and readers. The privacy practices of these third parties will be governed by the parties’ own Privacy Statements. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to these third-party services.
RavenPack provides information solutions for professionals, and our Services are generally not aimed at children. If, however, we collect and use information about children, such as to develop an educational resource, we will comply with industry guidelines and applicable laws.
How to contact us
We understand that you may have questions or concerns about this Statement or our privacy practices or may wish to file a complaint. Please feel free to contact us in one of the following ways:
To the attention of the Data Protection Officer
RavenPack International SL
Centro de Negocios Oasis, Of 4
Ctra. de Cádiz Km 176
29602 Marbella, Málaga, Spain