Effective date: May 2025
This policy (the “Privacy Policy”) governs your use of the websites www.rivalgroup.io, www.rivaltech.com and www.reach3insights.com, services performed by and all applications owned or controlled by the Rival Group Inc., its subsidiaries and affiliates (including, without limitation, Rival Technologies Inc., Reach3 Insights (Canada) Inc. and Reach3 Insights Inc., together “we” or “us”) (collectively, the “Services”).
We respect your privacy and are committed to protect it though our compliance with this Privacy Policy. This Privacy Policy should be read in conjunction with the Terms of Use which can be located at www.rivalgroup.io/pages/terms. This Privacy Policy describes how we collect, process, use and share information about you when you visit the Services. It also describes the choices available to you regarding our use of information and how you can access and update this information in certain
We strive to comply with the following applicable privacy laws:
Law | Acronym | Jurisdiction |
Personal Information Protection Act | PIPA | British Columbia, Canada |
Personal Information Protection & Electronic Documents Act | PIPEDA | Canada (Federal) |
Act to modernize legislative provisions as regards the protection of personal information | Law 25 | Quebec, Canada |
General Data Protection Act | GDPR | Europe / EEA |
Data Protection Act of 2018 | DPA | United Kingdom |
California Consumer Privacy Act | CCPA | California, USA |
EU Artificial Intelligence Act | EU AI Act | Europe / EEA |
“Personal Information” is personal information you provide us, or what we collect from you and your devices in connection with your access to and use of the Services. In legal terms, we collect and use this Personal Information as a data controller. There are two general ways in which we collect Personal Information when you access or use the Services.
1. Information we automatically collect from your use of the Services – When you visit the Services, your browser and computer automatically provide to us certain technical information about your computer or device. This information may be collected using “cookies”, “log files” web beacons”, “tags” and “pixels”. The following are different kinds of information we automatically collect from your use of the Services:
a. “Usage Information” – includes information about your use of our Services and how you arrived at the Services, including the URL that referred you, the pages you navigate through the Services, how long you stay on those pages, frequency, time and pattern of your Services use.
b. “Technical Information” – includes information collected when you access our Services including your internet protocol address, your access date, browser type and version, time zone setting and location, operating system, device type and other technology of the devices you are using.
2. Information you give us – When you fill out a form, send an email to our team or otherwise send us information through the Services, we collect personal information about you. The Services have webpages that allow you to submit a variety of personal information to us. The following are different kinds of information you give us from your use of the Services
a. “Identity Information” – includes your first name, middle name, last name, title, government-issued ID, and other corresponding identification information.
b. “Contact Information” – includes your personal, non-corporate email address and telephone number.
c. “Professional Information” – which includes your job title, previous positions and professional experience, email address and phone number.
d. “Enquiry Information” – includes information contained in any enquiry you submit to us regarding our Services or the services that we provide.
We may also obtain information about you from other sources and combine that with information we collect about you through your use of the Services. For example, we may obtain your contact information if you attend a conference or webinar that we sponsor, and the organizer provides us with a list of attendees. We may also obtain your contact information from third parties that market mailing lists. If we receive Personal Information from a third-party source and/or if we combine the information we receive from these third-party sources with your Personal Information, we will treat that information as Personal Information. We are not responsible for the accuracy of the information provided by third parties or how such third parties collect, use, and share such information.
In addition to the above, if we intend to collect personal information from you in a way that is not listed above, we shall provide you with a notice and / or obtain your express written consent that outlines how we intend to collect, use, disclose, and store your personal information. Any such notice shall comply with applicable privacy protection laws.
We use the Personal Information we collect to provide, maintain, protect, and provide our Services, to develop new products and services, and to protect us and our customers. For example, we may use Personal Information about you for the following purposes:
1. Facilitate and improve your online experience of the Services;
2. To enable you to access and use the Services;
3. To communicate with you, including contacting you electronically for the purposes of responding to your comments, questions, and requests, providing customer services and support, providing you with information about any of our services, if any, providing you with technical notices, updates, security alerts and administrative messages. You can opt out of receiving such information at any time.
4. To monitor and analyze trends, usage and activities on our Services;
5. To investigate and prevent authorized access to our Services and other illegal activities;
6. To protect and/or enforce our legal rights and interests, including defending any claims; and
7. For other purposes authorized by you or applicable privacy laws.
We may use Artificial Intelligence (”AI”) systems as part of our business operations to improve efficiency and provide services. These systems do not involve decision-making with legal or similarly significant effects on individuals.
Where AI systems interact with users, we ensure transparency by clearly informing individuals that they are engaging with an AI system, as required under the EU Artificial Intelligence Act.
We process personal data in accordance with applicable data protection laws, including the GDPR. Personal data used in connection with AI systems is processed lawfully, fairly, and transparently, and we implement appropriate safeguards to protect your rights.
Except as set forth herein or in any applicable Terms of Use, we may disclose your Personal Information to our agents, vendors, consultants, and other service providers to carry out work on our behalf. These entities acting on our behalf are prohibited from using your Personal Information for any purpose other than to provide this assistance.
We must disclose your Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In addition, we may share information about you as follows:
1. To the maximum extent permitted by applicable law, in response to subpoenas or other legal process or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud;
2. To enforce the Terms of Use or other policies applicable to the Services;
3. To protect the rights, property, life, health, security and safety of us or any third party;
4. To the maximum extent permitted by applicable law, we may also use IP addresses, mobile device identifiers or any other information we collect to identify users, and may do so in cooperation with copyright owners, internet service providers, wireless service providers or law enforcement agencies in our discretion. Such disclosures may be carried out without notice to you;
5. With our affiliates for internal business purposes; and
6. In connection with, or during negotiations of, any proposed or actual merger, purchase, sale (including a liquidation, realization, foreclosure or repossession), lease, or any other type of acquisition of all or any portion of our assets, financing, disposal, conveyance or transfer of all or a portion of our business to another company, in this event you will be notified via prominent notice on our Services of any change in ownership or uses of your Personal information, as well as any choices you may have regarding your personal information; and
In our sole discretion, we may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
How long do we retain Personal Information?
We endeavour to only collect Personal Information that is reasonably necessary for the purposes for which they are collected, and to retain such data for no longer than is necessary for such purposes. The length of time Personal Information is retained, and criteria for determining that time, are dependent on the nature of the Personal Information, the purpose for which it was provided and any statutory retention periods. This is subject to any valid opt-out or withdrawal of consent where processing based on consent, or other valid exercise of your data subject rights.
We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Although we use reasonable efforts to help protect your information, transmission via the internet is not completely secure and we cannot guarantee the security of your information collected through the Services.
We use third party services to host our Services, such as Amazon Web Services, Microsoft Corporation (the “Hosting Providers”) which store your Personal Information on secure and controlled environments administered by such Hosting Providers. Personal Information is encrypted when it is collected via the Services. For more information about the Hosting Providers’ privacy protection and data security practices, please visit https://aws.amazon.com/privacy/and https://privacy.microsoft.com/en-ca/privacystatement.
We currently use third party analytical providers (e.g. HubSpot) which may collect analytic data on our behalf and in accordance with our instructions, and their applicable privacy policies.
We ensure that those who have permanent or regular access to Personal Information, or that are involved in the processing of Personal Information are trained and informed of their rights and responsibilities when process Personal Information. We take security seriously and will ensure that there are adequate policies and practices in place with respect to your Personal Information.
If you have any questions about security on our Services, you can contact is at legal@rivalgroup.io.
You may be able to access other third-party websites that have links on our Services, which you can purchase products or services or register to receive information. You should ensure that you carefully read the terms of any privacy policies in relation to those third-party websites and products or services. We have no control over the third party’s use of any personal information and therefore has no responsibility or liability for the manner in which the third party may collect, use, disclose, secure, or otherwise deal with your personal information. We simply provide these links to you as a convenience to you. Once you leave our Services, you are no longer governed by this Privacy Policy.
There may be features on the Services which enable you to subscribe to newsletters and other information about us. You can opt out of receiving communications from us at any time by following the instructions provided in those communications or emailing us at legal@rivalgroup.iowith the subject of “Unsubscribe”. You may also remove yourself from our email list by clicking on the unsubscribe link presented in all communications we send to our users.
Depending on where you are located when you use or access the Services, your Personal Information may be transferred across international borders outside the country where you use or access the Services, including to countries outside the European Economic Area (“EAA”) that do not have laws providing specific protection for personal data or that have different legal rules on data protection. In such cases, we ensure that there is a legal basis for such transfer and that adequate protection for your Personal Information is provided as required by applicable law, for example, by using standard contractual clauses approved by the European Commission or other relevant authorities, by using certain service provides that are certified under the EU-US Privacy Shield, and by requiring the use of other appropriate technical and organizational information security measures. You may contact us at legal@rivalgroup.io to obtain additional information about the safeguards we take in connection with these transfers.
You have a right to know what Personal Information we hold about you, and to access it. This section describes the mechanisms for you to control certain uses and disclosures of your information.
Upon request, we will provide you with information about whether we hold any of your Personal Information. You have the right to access the Personal Information we have about you. You may correct, amend, or delete that information at any time by emailing legal@rivalgroup.io with a Personal Information Request. We will respond to your access request within a reasonable time period. We may require additional information from you to allow us to confirm your identity. There may be circumstances in which we may not be able to accommodate your request to change information if we believe that the change would violate any law or legal requirement or cause the information to be incorrect. Please note deleting the Personal Information we hold about you may result in you not being able to access or use the Services. All requests for the removal of Personal Information shall be responded to within a reasonable period of time.
In the event you have provided Personal Information to subscribe for newsletters and other information about us, you are free to opt-out of receiving such information at any time. To opt out of receiving communications from us please email us at legal@rivalgroup.io with the subject of “Unsubscribe”. You may also remove yourself from our email list by clicking on the unsubscribe link presented in all communications we send to our users.
Your browser software can be set to reject all cookies, but if you reject our cookies, certain functions and conveniences of the Services may not work properly. To learn more about cookies, please check your browser’s help or similar feature or visit www.allaboutcookies.org. Some web browsers incorporate a “do-not-track” or similar feature that signals to websites with which the browser communicates that a visitor does not want to have his or her online activity tracked. Please check your browser’s help or similar feature for more information about this process.
If you are an individual from the EEA, and access or use the Services from the EEA, we process your Personal Information both as a Processor and as Controller, as such terms are used in the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679 (“GDPR”). Our legal basis for collecting and using the personal information will depend on the Personal Information concerned and the specific context in which we collect it. We process your Personal Information as a processor and controller when your access or use the Services and submit Personal Information to us.
Our legal basis for collecting and using Personal Information as a data controller will depend on the specific circumstances in which it was collected. In general, we process your Personal Information under the following legal basis:
1. Consent – we process your Personal Information is you have consented to the processing activity. You may revoke your consent at any time, in which case we will cease further processing of your Personal Information based on your consent. This will however not impact the lawfulness of processing your Personal Information based on consent before it was withdrawn. Your access to and use of the Services might only be available based on consent.
2. Contract – we process your Personal Information to perform our obligations to you under a contract.
3. Legitimate Interest – we process your Personal Information to further our legitimate interests, such as in connection with managing, developing, testing the Services. Any such processing is conducted subject to appropriate measures to protect your fundamental rights and freedoms related to your Personal Information, and in any event will be subject to restrictions providing in this Privacy Policy. Further information or specification of our legitimate interests may be provided in relevant supplements applicable to such use.
If you are an individual from the EEA, and access or use the Services from the EEA, you have certain additional rights provided by the GDPR under Articles 12 to 22, as follows:
a. Right to be informed of how your Personal Information is used – you have a right to be informed about how we will use and share your Personal Information. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and pain language.
b. Right to access Personal Information – you have a right to obtain confirmation of whether we are processing your Personal Information, access your Personal Information and information regarding how your Personal Information is being used by us.
c. Right to have inaccurate Personal Information rectified – you have a right to have any inaccurate or incomplete Personal Information rectified. If we have disclosed the relevant Personal Information to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible.
d. Right to have the Personal Information erased in certain circumstances -you have a right to request that certain Personal Information held by us is erased. This is also known as a right to be forgotten. This is not a blanket right to require all Personal Information to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your Personal Information.
e. Right to restrict processing of Personal Information in certain circumstances – you have a right to block the processing of your Personal Information in certain circumstances. This right arises if you are disputing the accuracy of the Personal Information, if you have raised an objection to processing, if processing of the Personal Information is unlawful and you oppose erasure and request restriction instead or if the Personal Information is no longer required by us but you require the Personal Information to be retained to establish, exercise or defend a legal claim.
f. Right to data portability – in certain circumstances you can request to receive a copy of your Personal Information in a commonly used electronic format. This right only applies to Personal Information that you have provided to us (such as Identity Information, Contact Information). The right to data portability only applied if the processing is based on your consent or if the Personal Information must be processed for the performance of a contract and the processing is carried out by automated means.
g. Right not be to subject to automated decisions – you have the right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.
h. Right to object to processing of Personal Information – you have a right to object to the processing being carried out by us if we are processing Personal Information based on a legitimate interest or if we are using Person Information for direct marketing purposes or if the information is being processed for scientific or historical or other statistical purposes. You will be informed that you have the right to object at the point of data collection and the right will be brought explicitly to your attention.
You may exercise any of your rights referred to above by contacting the Data Protection Officer at legal@rivalgroup.io. We may require additional information from you to allow us to confirm your identity.
French to follow.
This notice is intended to explain your rights under Law 25, the Modernization of Personal Information Protection Legislation Act. These rights are specific to residents of Quebec and may be actioned by Rival Group upon written request. Please review your privacy rights below and how you may exercise them.
Under Law 25, you have the right to request a copy of the personal data you disclosed to Rival Group. This includes any processing of your personal data by Rival Group. If you would like a copy of the personal information collected by Rival Group, please submit a request to us in writing legal@rivalgroup.io.
Once we have received and confirmed the details of your request, we will respond to you within 30 business days. We reserve the right under Law 25 to extend the time frame to respond if your request is extensive, or if it would require additional resources to ensure that our response to your request is complete and accurate.
Please be mindful that if your access request is inaccurate or vague, that Law 25 decrees that the time to respond will not begin until we confirm the exact scope of your request. We also reserve the right to withhold any personal information pertaining to third parties, so you may receive the information you request in a redacted format.
If we provide you with any records in response to your request, we will do so in a structured, commonly used technological format so you can easily view the information. We are not responsible for or bound under Law 25 to customize the technical form of the information to your device’s specifications.
As a Quebecois resident, you have the right under s. 28.1 of Law 25 to “de-index” your personal data. This means that you can direct Rival Group to stop the processing of any or all of your personal data, within reason and as permitted by law. You may exercise your right of de-indexation by sending us a written request outlining the personal information you wish to be deleted.
Please note that we reserve the right under s. 28.1 to retain and continue to process your personal information if it required by us to continue providing you with our services. Additionally, if you exercise your right to de-index, you may not be able to fully access all the services that Rival Group provides.
Once received, we will review your request and respond to you in writing.
Rival Group will only collect and retain your personal data for as long as required by law.
Generally, we are permitted to retain your personal information for up to seven (7) years after we have last used it before deleting it entirely. The retention period is to comply with privacy legislation, which will allow you to be able to access a copy of the personal data we have collected from and processed about you.
After the retention period has lapsed, we will delete your personal data permanently.
This seven-year retention period does not apply to situations where Rival Group is required by law to keep a copy of your personal information. This may include complying with legislative requirements or retaining the data in the event of a dispute or litigation.
All personal data collected by Rival Group is hosted and stored in Canada, USA, and or EU, although we use third-party service providers outside Canada to assist us. If you have any questions about the storage and deletion of your personal data, please contact our Privacy Officer at: legal@rivalgroup.io.
Rival Group does not use personal data to create profiles or to perform any profiling in individuals.
Third Party Disclosure
See section above entitled: Sharing of Personal Information.
Cet avis vise à expliquer vos droits en vertu de la Loi 25, soit la Loi modernisant des dispositions législatives en matière de protection des renseignements personnels. Ces droits sont spécifiques aux résidents du Québec et peuvent être exercés par le Groupe Rival sur demande écrite. Veuillez prendre connaissance de vos droits en matière de protection des renseignements personnels ci-dessous et de la façon dont vous pouvez les exercer.
En vertu de la Loi 25, vous avez le droit de demander une copie des renseignements personnels que vous avez communiqués au Groupe Rival. Cela inclut tout traitement de vos renseignements personnels par le Groupe Rival. Si vous souhaitez obtenir une copie des renseignements personnels collectés par le Groupe Rival, veuillez adresser votre demande par écrit à l'adresse suivante : legal@rivalgroup.io.
Une fois que nous aurons reçu et confirmé les détails de votre demande, nous vous répondrons dans un délai de 30 jours ouvrables. Nous nous réservons le droit, en vertu de la Loi 25, de prolonger le délai de réponse si votre demande est importante ou si des ressources supplémentaires sont nécessaires pour que notre réponse à votre demande soit complète et exacte.
N'oubliez pas que si votre demande d'accès est inexacte ou vague, la Loi 25 stipule que le délai de réponse ne commencera à courir que lorsque nous aurons confirmé la portée exacte de votre demande. Nous nous réservons également le droit de ne pas divulguer les renseignements personnels concernant des tiers, de sorte que vous pouvez recevoir les informations que vous demandez sous une forme expurgée.
Si nous vous fournissons des documents en réponse à votre demande, nous le ferons dans un format électronique structuré et couramment utilisé afin que vous puissiez facilement consulter les informations. En vertu de la Loi 25, nous ne sommes ni responsables ni tenus d’adapter le format des informations aux spécifications de votre appareil.
En tant que personne résidant au Québec, vous avez le droit, en vertu de l'article 28.1 de la Loi 25, de demander la « désindexation » de vos renseignements personnels. Cela signifie que vous pouvez demander au Groupe Rival de cesser la diffusion de certains de vos renseignements personnels, notamment en les faisant retirer ou désindexer de moteurs de recherche ou d’autres environnements numériques, dans la mesure où cela est raisonnable et permis par la loi. Vous pouvez exercer votre droit de désindexation en nous envoyant une demande écrite indiquant les renseignements personnels que vous souhaitez voir supprimés.
Veuillez noter que nous nous réservons le droit, en vertu de l'article 28.1, de conserver et de continuer à traiter vos renseignements personnels si nous en avons besoin pour continuer à vous fournir nos services. En outre, si vous exercez votre droit de désindexation, il se peut que vous ne puissiez pas accéder pleinement à tous les services fournis par le Groupe Rival.
Une fois reçue, nous examinerons votre demande et vous répondrons par écrit.
Le Groupe Rival ne collectera et ne conservera vos renseignements personnels que pendant la durée requise par la loi.
En règle générale, nous sommes autorisés à conserver vos renseignements personnels pendant sept (7) ans après leur dernière utilisation avant de les supprimer complètement. La période de conservation est conforme à la législation sur la protection de la vie privée, ce qui vous permettra d'accéder à une copie des renseignements personnels que nous avons collectés et traités à votre sujet.
À l'issue de la période de conservation, nous supprimerons définitivement vos renseignements personnels.
Cette période de conservation de sept ans ne s'applique pas aux situations dans lesquelles le Groupe Rival est tenu par la loi de conserver une copie de vos renseignements personnels. Il peut s'agir de se conformer à des exigences législatives ou de conserver les données en cas de litige ou de contentieux.
Tous les renseignements personnels collectés par le Groupe Rival sont hébergés et stockés au Canada, aux États-Unis et/ou dans l'UE, bien que nous fassions appel à des prestataires de services tiers en dehors du Canada pour nous aider. Si vous avez des questions sur le stockage et la suppression de vos renseignements personnels, veuillez contacter notre responsable de la protection de la vie privée à l'adresse suivante : legal@rivalgroup.io.
Le Groupe Rival n’utilise pas les renseignements personnels à des fins de profilage ou de création de profils individuels.
Voir la section ci-dessus intitulée : Partage des renseignements personnels (Sharing of Personal Information).
This California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act of 2023 (“CPRA”) disclosure explains how we collect, use, and disclose Personal Information relating to California residents covered by the CCPA and CPRA. Under the CCPA and CPRA, the specific Personal Information that we collect, use, and disclose relating to a California resident will vary based on our relationship or interaction with that individual.
We have collected the following categories of Personal Information on consumers as defined under the CCPA and CPRA within the last twelve (12) months:
Category |
Examples |
Collected |
A. Identifiers |
A real name, IP address, email address, or other similar identifiers. |
YES |
B. Personal Information Categories listed in the California Customer Records Statute (Cal. Civ. Code §1798.80(e)) |
A name, signature, Social Security Number, address, telephone number, passport number, driver’s license number, insurance policy number, education, employment history, bank account number, credit card number, financial information, medical information, or health insurance information. |
YES |
C. Protected classification characteristics under California or Federal law. |
Age, race, ancestry, national origin, citizenship, religion, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, pregnancy, childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information. |
YES |
D. Commercial information |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
YES |
E. Biometric Information |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
NO |
F. Internet or similar network activity |
Browsing history, search history, information on interaction with a website, application, or advertisement. |
NO |
G. Geolocation Data |
Physical location or movements. |
NO |
H. Sensory Data |
Audio, electronic, visual, thermal, olfactory, or similar information. |
YES |
I. Professional or employment-related information. |
Current or past job history or performance evaluations. |
YES |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g; 34 CFR Part 99). |
Education records directly related to a student maintained by an educational intuition or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
NO |
Personal information does not include:
- Any publicly available information that is lawfully made available from government records or from similar sources, that a consumer has otherwise made available to the public.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA’s or CPRA’s scope, such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.
We obtain the categories of Personal Information listed above from the following categories of sources:
- Directly from you. For example, from information you provide on the Services, market research surveys or through a job application. We will do so only via written notice and / or through express consent from you.
- Indirectly from you. For example, from observing your actions on the Services.
- We retain your data pursuant to our records retention policy.
We may use or disclose the Personal Information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name, contact information, and resume to be considered for a job posting, we will use that Personal Information in evaluating your qualifications for that position.
- To provide you with support and respond to your inquiries, including to investigate your concerns and monitor and improve our responses.
- To respond to law enforcement requests and as required by applicable law, court order, or government regulations.
- As described to you when collecting your Personal Information or as otherwise set forth in the CCPA and CPRA.
We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We may disclose your Personal Information to a client, contractor or service provider for a business purpose. When we disclose Personal Information for a business purpose, we enter a legal agreement that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories (corresponding with the table above) of Personal Information for a business purpose: Category A, Category B, Category C, Category D and Category I.
We disclose your Personal Information with the following categories of third parties: our clients, our service providers, and third parties to whom you or your agents authorize us to disclose your Personal Information in connection with Services.
In the preceding twelve (12) months, we have not sold any Personal Information.
Your Rights and Choices
The CCPA and CPRA provide California residents with specific rights regarding their Personal Information. This section describes your CCPA and CRPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal and sensitive information unless responding to the request is impossible or involves disproportionate effort. Once we receive and confirm your verifiable request, we will disclose to you:
- The categories of Personal Information and sensitive information we collected about you.
- The categories of sources for the personal and sensitive information we collected about you.
- Our business or commercial purpose for collecting, using and/or disclosing that information.
- The categories of third parties, contractors and service providers with whom we share, sell or disclose that Personal Information.
- The specific pieces of Personal Information we collected about you (also called a data portability request).
- If we disclosed your Personal Information for a business purpose, a list of those disclosures, identifying the Personal Information categories that each category of recipient obtained.
- Whether your information is sold or shared.
- The retention period or criteria used for retention.
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Help to ensure security and integrity to the extent the use of the consumer’s Personal Information is reasonably necessary and proportionate for those purposes.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
If you are a California resident, you may submit a request by contacting our Privacy Officer at: legal@rivalgroup.io
If you are a resident of any of the above states and the processing of personal information about you is subject to your state's privacy laws, you have the following rights, subject to certain limitations:
- Right of Access: You have the right to confirm whether we process your personal information and to request access to such personal information.
- Right to Deletion: You have the right to request that we delete personal information we have collected about you.
- Right to Data Portability: You have the right to request that we provide you with your personal information in a portable format.
- Right to Correction: You have the right to correct inaccuracies in your personal information.
- Right to Opt Out: You have the right to opt out of:
-Targeted advertising
- The sale of your personal information
- Profiling in furtherance of decisions that produce legal or similarly significant effects
You may have the right to appeal a denial of any of the above-listed rights. To do so, please contact our Privacy Officer at legal@rivalgroup.io.
We do not knowingly collect personal information online from children under the age of 13 without verifiable parental consent, in accordance with the Children's Online Privacy Protection Act ("COPPA").
If we become aware that we have inadvertently collected personal information from a child under 13 without parental consent, we will delete it as soon as possible.
For any services or research activities directed toward children under 13, we will:
- Obtain verifiable parental or guardian consent before collecting, using, or disclosing any personal information;
- Provide parents with the right to review, delete, and restrict further use of their child's information;
- Maintain the confidentiality, security, and integrity of the data collected from children;
- Limit data retention to only as long as necessary to fulfill the purpose of collection.
If you are a parent or guardian and believe your child under 13 has provided us with personal information without your consent, or if you wish to review, delete, or restrict the use of your child’s data, please contact our Privacy Officer at legal@rivalgroup.io.
Consistent with the collection practices described in this Privacy Policy, we may collect certain categories and specific pieces of health-related Personal Information (“PHI”) either from your or from other third parties. We collect, use, and disclose PHI for our business and commercial purposes described in this Privacy Policy. We do not sell Personal Data. Furthermore, we receive, and may further share with our collaborators and partners, de-identified PHI from health care providers and health plans, subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The PHI received by us is deidentified based on either HIPAA’s “safe harbor” method, which means that certain direct identifiers were removed from the PHI, or HIPAA’s expert determination method, which means that a qualified statistician reviewed the health data shared with us and confirmed that there is a very small risk that an individual could be identified from the remaining PHI.
In most cases we collect personal data directly from you. However, we might also obtain personal data from third parties if the applicable national law allows us to do so. We will treat this personal data according to this Privacy Policy, plus any additional restrictions imposed by the third party that provided us with it or the applicable national laws.
It is our policy to post any changes we make to our Privacy Policy on this page. In some cases, we may provide additional notice of changes. If we make material changes to how we treat our users’ Personal Information, we will notify you by through a notice on the relevant Service’s home page.
The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring that you periodically visiting our Services and this Privacy Policy to check for any changes.
To ask questions or comment about this Privacy Policy or to enforce any of your rights as outlined in this Privacy Policy, or to quest more information about our privacy practices, please contact our privacy team and Privacy Officer at legal@rivalgroup.io.