Privacy Policy

Welcome to Revuto's Privacy Policy!

Please note that this Privacy Policy applies to personal data collected and processed by Revuto OÜ, a company registered in Estonia, Harju maakond, Tallinn, Kristiine linnaosa, Kotkapoja tn 2a-10, 10615, TIN: 16108647 VAT number: EE102322835, and TOCA Express d.o.o, a company registered in Croatia, Farkaševec Samoborski 11/A, 10430 Farkaševec Samoborski, CIN 05922887 (collectively "REVUTO, "we" or "us").

REVUTO companies, as joint data controllers, collect and process personal data relating to interactions on the Website and Revuto App (as defined in the Definitions section of the Terms of Use). This Privacy Policy describes how REVUTO uses and protects any information you give us.

In some cases, other controllers may process your data. For example, if you decide to open an electronic money account and obtain a virtual debit card to manage your subscriptions via Revuto App, Paynovate (as defined in Terms of Use) or Paynovate (as defined in Terms of Use) will act as joint controllers with Revuto. To obtain more information on the processing of personal data by these controllers (as listed below in the table), please see their applicable privacy policies. This Policy applies to the data processing that takes place through or in connection with the following: (a) your use of the Website (as defined in Definition Section of our Terms of Use), (b) your use of the Software (as defined in Definition Section of our Terms of Use) (c) your use of the Revuto App (as defined in Definition Section of our Terms of Use).

We believe in full transparency, which is why we keep our Privacy Policy simple and easy to understand.

We strongly urge you to read this Privacy Policy and make sure that you fully understand and agree with it. If you do not agree to this Privacy Policy, please do not access or otherwise use the Website and Revuto App.

Any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in the Definitions section of the Terms of Use.

1. DEFINITIONS

2. DATA CONTROLLER

3. WHAT DATA DO WE COLLECT ABOUT YOU AND WHEN?

4. PERSONAL DATA WE PROCESS

5. WHAT WE DO NOT DO?

6. PERSONAL DATA SECURITY

7. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

8. INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA

9. HOW LONG DO WE KEEP YOUR DATA?

10. YOUR RIGHTS

11. CALIFORNIA RESIDENTS PRIVACY NOTICE

12. CHANGES TO PRIVACY POLICY

1. DEFINITIONS

When we say "consent" we mean your explicit consent on the processing of personal data. Persons who are 18 years of age or older may give free consent to the processing of their personal data.

When we say "cookies" we mean small pieces of data stored on your device (computer or mobile device). This information is used to track your use of the Website and to compile statistical reports on website activity. For further information about the use of cookies and how you can manage them, please read our Cookie Policy.

When we say "Data controller“ we mean the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

When we say "Data Processors" or "processor" we mean any natural or legal person who processes the data on behalf of the Data Controller. In addition, we may use the services of various service providers to process your data more effectively. In such cases, they are either our processors or sub-processors.

When we say "Data Subject", bsp;"you" or "your" or we mean any natural person that shares personal data with us via Revuto.

When we say “GDPR” we mean the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

When we say "processing" we mean any operation or set of operations which is performed on personal data or sets of personal data. This includes activities such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

When we say "personal data" or "data" we mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, either directly or indirectly. Therefore, data about a company or any legal entity is not considered to be personal data but registering on behalf of a legal entity may include sharing personal data. For example, the information in relation to one-person companies may constitute personal data where it allows the identification of a natural person. The rules also apply to all personal data relating to natural persons in the course of professional activity, such as the employees of a company or organization, business e-mail addresses like "[email protected]". This Privacy Policy does not apply to information from which no individual can reasonably be identified (anonymized information).

When we say „Special categories of personal data“ we mean personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, and biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

2. DATA CONTROLLER

Revuto OÜ is a company registered under the laws of Estonia, which, as a Data controller, jointly with Revuto savjetovanje d.o.o, a company registered under the laws of Croatia, determines the purposes and means of the processing of personal data. Joint controllers are responsible for your personal data. The purpose of data processing is the reason why we process your personal data. The table in Section 4 of the Privacy Policy presents the purposes and legal basis for data processing. In such cases, REVUTO is responsible for your personal data.

If we obtain your consent to process your personal data for one purpose (for example, to obtain a Revuto Debit Card) and we need to use them for a different purpose (in accordance with Section 4), we will require your prior consent to use your data for a different purpose.

3. WHAT DATA DO WE COLLECT ABOUT YOU AND WHEN?

We may collect and receive information about you in various ways:

(i) Information you provide through the use of the Revuto Services, Revuto Website, and Revuto App (for example, by creating the account on the Website).
(ii) Information you decide to provide through getting in touch with us via our Contact page.
(iii) Information we collect through the use of cookies in accordance with our Cookie Policy (for example, your time zone).

4. PERSONAL DATA WE PROCESS

DATA WE COLLECT	PURPOSE	LEGAL BASIS	RETENTION
Email address, First Name, Last Name, date of birth, mobile phone number, country, passcode, face ID authentication	Signing up to Revuto App, creating and maintaining a User Account on the Revuto App, and authenticating your access to Revuto App according to the Terms of Use.	Processing is necessary for the performance of the Agreement (as defined in the Terms of Use). Without providing your first and last name, email address, mobile phone number, country, passcode the User may not create the User Account, enable your participation in Revuto Referral Program, use the Service or undertake KYC (as described below). You are not obliged to use face ID authentication. Therefore, we will collect this data only if you give us your consent. If you do not want to use face ID authentication, please click on the ’Don’t Allow’ button (account settings), and Revuto App will use passcode authentication instead.	Until the account is deleted in accordance with the Terms of Use. If the processing is based on your consent, we keep the information until you withdraw your consent.
Revuto Virtual Debit Card Information such as Debit Cardholder’s name, address, bank account, subscription type, subscription price, due date, billing cycle, source of payment, 19 digits custom phrase for Revuto Debit Card Pro.	To be able to use Revuto App and Services a User must obtain a Revuto Debit Card. This information is being collected by Revuto OÜ and third party as joint controllers, as explained under Section 7.	Processing is necessary for the performance of the Agreement (as defined in the Terms of Use) and providing the Services. Without a Revuto Debit Card the User may not be able to use Revuto App.	Until the account is deleted in accordance with the Terms of Use unless the applicable law requires from us to keep the data for a period of time after termination of the agreement with User
Financial Data such as name, address, bank account and payment card details.	When subscribing to any of the paid Subscription Plans in accordance with the Terms of Use, this information is being collected by a third party processor.	Processing is necessary for the performance of the Agreement which includes providing additional features based on the selected paid Subscription Plan.	We keep only the last four digits of the credit card number under subscription billing info until such Agreement is terminated and for the period necessary to comply with the applicable financial and tax accounting and other statutory obligations in accordance with the applicable law.
Visa or Master credit or debit card Information such as cardholder name, card number, expiry date, CVV code.	In order to manage and pay your services/subscriptions, we need your Visa or Master credit or debit card information. Based on this information, we will issue a Revuto Debit Card. This information is being collected and processed by Revuto OÜ and third party as joint controllers, as explained under Section 7.	Processing is necessary for the performance of the Agreement (as defined in the Terms of Use) and providing the Services. Without this information we will not be able to issue a Revuto Debit Card and the User may not be able to use Revuto App and Services.	Until the account is deleted in accordance with the Terms of Use and for the period necessary to comply with the applicable financial and tax accounting and other statutory obligations in accordance with the applicable law.
Revu token Information such as token ID, wallet address, Revutoken balance.	With Rev Utokens, Users may easily transfer and/or sell digital assets to others, and pay less for online goods and services.	Processing is necessary for the performance of the Agreement (as defined in the Terms of Use) and providing the Services.	Until the account is deleted in accordance with the Terms of Use.
Revuto crypto wallet Information such as total rewards, name, phone number and country of residence designated upon registration	To provide a simple and secure cryptocurrency wallet supporting all Cardano-based tokens, while by default including REVU and the EURR stablecoin, and providing specific functionalities allowing for automatic pull payments.	Processing is necessary for the performance of the Agreement (as defined in Terms of Use) and providing the Services.	Until the account is deleted in accordance with Terms of Use.
Revuto and Revulution Referral Program Information such as your email address, Revuto crypto wallet information (public address from the blockchain), unique referral link, personal information related to KYC /AML checks (as explained below).	To unlock other benefits and earn more Revu Tokens, you may participate in the Revuto referral program. Once you sign up, you will receive a unique Referral Link that you can share with others. Using your unique referral link, you will be able to unlock benefits and earn Revu tokens. You will be able to claim and unlock Revu tokens provided that you verify your account through the KYC check (as explained below).	Processing is necessary for the performance of the Agreement (as defined in the Terms of Use) and providing the Services.	Until the account is deleted in accordance with the Terms of Use.
Revuto Staking Information such as your email address, Revuto crypto wallet Information (as defined above) including your choice to stake your assets, personal information related to KYC /AML checks (as explained below).	To enable Users who use Revuto Wallet and own Revu Tokens to use staking services. Based on the User’s request we will transfer its Revu Tokens (all or partially) to the cold wallet.	Processing is necessary for the performance of the Agreement (as defined in the Terms of Use). The processing is necessary to comply with legal and regulatory obligations.	Until the account is deleted in accordance with the Terms of Use and for the period necessary to comply with the applicable anti-money laundering and countering the financing of terrorism and other statutory obligations in accordance with the applicable law.
Purchase of Revulution NFTs via Website Name, email address, referral code, friend’s email address (if sending as a gift), type of subscription – Netflix or Spotify, unique code to redeem NFT, citizenship, personal information related to KYC /AML checks (as explained below).	To enable Users to buy Netflix or Spotify as an NFT and enjoy it for free for as long as they hold the NFT in the Revuto app.	Processing is necessary for the performance of the Agreement (as defined in the Terms of Use) and providing the Services. The processing is necessary to comply with legal and regulatory obligations.	Until the account is deleted in accordance with the Terms of Use and for the period necessary to comply with the applicable anti-money laundering and countering the financing of terrorism and other statutory obligations in accordance with the applicable law.
Information on activation of Revulution NFTs Information regarding monthly subscription to Netflix or Spotify, information on Revuto Virtual Debit Card, issued for subscription to Netflix or Spotify services, Revuto Crypto Wallet Information (as defined above)	To enable Users to to get covered standard digital subscription expenses for Netflix or Spotify services	Processing is necessary for the performance of the Agreement (as defined in the Terms of Use) and providing the Services.	Until the account is deleted in accordance with the Terms of Use or until you transfer or dispose of Revulution NFTs.
Purchase of Revulution Card NFTs via Website Name, email address, referral code, friend’s email address (if sending as a gift), card type, address of the card holder , citizenship, personal information related to KYC /AML checks (as explained below).	Purchasing and issuing a Revulution Card NFTs for the early access to Revuto Physical Debit Card to pay with Crypto.	Processing is necessary for the performance of the Agreement (as defined in the Terms of Use) and providing the Services. The processing is necessary to comply with legal and regulatory obligations.	Until the account is deleted in accordance with the Terms of Use and for the period necessary to comply with the applicable financial and tax accounting and other statutory obligations in accordance with the applicable law.
Location information	We collect your precise location information since some of the Revuto App services are only available to the residents of the EEA and the United Kingdom.	Processing is necessary for the performance of the Agreement (as defined in the Terms of Use).	Until the account is deleted in accordance with the Terms of Use.
User’s subscriptions information such as information about your finances and expenses related to your subscriptions to other services, analytics data on your savings and expenses.	We collect this information in order to Approve, Block, or Snooze your payment for any service/subscription.	Processing is necessary for the performance of the Agreement (as defined in the Terms of Use).	Until the account is deleted in accordance with the Terms of Use.
Additional Data i.e., data you decide to share with us.	If you send us an inquiry via our Contact page or otherwise request support, we will collect data you decide to share with us.	Processing of personal data is either necessary to provide a Service or part thereof, or the processing is based on your consent.	If the processing is based on your consent, we keep the information until you withdraw your consent or for one year, whichever date comes first.
Device information	We may collect information about your device such as Internet Protocol (“IP”) addresses, log information, error messages, device type, and unique device identifiers. For example, we may collect IP addresses from you as part of our sign in and security features.	Processing of personal data is either necessary to provide a Service or part thereof, or the processing is based on your consent.	If the processing is based on your consent, we keep the information until you withdraw your consent or for one year, whichever date comes first.
Email address If you decide to sign up for our newsletter, we use your email address.	This newsletter allows us to inform you of the new features of the Platform, updates, as well as other news relevant to the company. Also, via our newsletter you may get invitations for our live events where Revuto Services will be promoted and where you have a chance to get Revuto Redeem codes.	Processing is based on your consent. You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent prior to such withdrawal. You may unsubscribe from receiving a newsletter from us. If you wish to do so, simply follow the instructions found at the end of each email.	We may use your email for this purpose until you unsubscribe or until you delete your User Account.
Email address used for signing up to Revuto	In order to fulfill its contractual obligations to notify the Users of the amendments and changes of the Agreement (as defined in Terms of Use), Revuto will send notifications to your email address.	Processing is necessary for the performance of the Agreement (as defined in Terms of Use).	Until the account is deleted in accordance with Terms of Use.
Mobile phone number	In order not to miss any important news you can join our Telegram groups and channel for announcements, general questions, and the latest updates.	Processing is based on your consent. You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent prior to such withdrawal. You may unsubscribe from receiving Revuto updates from Telegram groups and channels. If you wish to do so, simply leave Telegram groups and channels.	We may use your mobile phone number for this purpose until you leave Telegram groups and/or channels.
Information necessary for identification	To allow Data Subjects from EEA to exercise their rights in accordance with this Privacy Policy, as defined in Section 10.	Processing is necessary for compliance with a legal obligation which the Controller is subject to.	We keep this information for a period of one year.
Personal information related to KYC /AML checks such as name and surname, passport or any identity card data, proof of registered address, banking details, facial image via camera. We may process Special categories of personal data that you give us directly or that we receive from third parties and/or publicly available sources: - data which might be revealed by KYC or other background checks (for example, because it has been reported in the press or is available in public registers); - data that is incidentally revealed by photographic ID (biometric data).	For the prevention and detection of fraud, money laundering, counter terrorism, sanction screening, fraud or other crimes or to respond to a binding request from a public authority or court. Additionally, the purpose of data processing is to uniquely identify a natural person and provide the Service that is conditioned upon successful KYC. Services that are condition upon successful KYC are the following: Participation in Revuto Referral Program, The use of Revuto Crypto Wallet and Additional Services, Opening Electronic Money Bank Account and issuing Virtual Cards, Revulution NFTs, Revulution Card NFTs. This information is being collected and processed by Revuto OÜ and third party as joint controllers, as explained under Section 7 depending on the purpose.	The processing is necessary to comply with legal and regulatory obligations of Revuto OÜ and/or one of the joint controllers (section 7). We may also process such data in connection with these purposes if it is necessary for the performance of the Agreement. Namely, full access to Revuto Services (e.g. claiming Revu Tokens, Revuto crypto wallet functionalities, etc) is conditioned upon successful KYC. Basically, without a successful KYC, a User cannot use any of the essential services on the Revuto Platform. For Special categories of personal data, it is necessary for reasons of substantial public interest under EU Anti-Money Laundering Directives and the relevant EU Member States’ laws implementing them, as well as under the anti-money laundering legislation of the UK (information from your ID documents including a photographic picture of you and a visual image of your face (the so called “liveness check”)). Where we need to collect personal data by law, or under the terms of the Agreement, and you refuse to provide that data when requested, we may not be able to perform the Agreement we have or are trying to enter into with you – for example, to provide you Services.	In accordance with the applicable statutory deadlines.

5. WHAT WE DO NOT DO?

REVUTO will never:

Sell any kind of personal information or data
Disclose this information to marketers or third parties not specified in Section 7
Process your data in any way other than stated in this Privacy Policy.

6. PERSONAL DATA SECURITY

REVUTO takes the privacy and security of its members' personal information seriously. We maintain administrative, technical and physical safeguards designed to protect your information’s security, confidentiality and integrity.

Upon assessing whether a measure is adequate and which level of security is appropriate, we consider the nature of the personal data we are processing and the nature of the processing operations we perform, the risks to which you are exposed by our processing activities, the costs of the implementation of security measures and other relevant matters in the particular circumstances.

Some of the measures we apply include access authorization control, information classification (and handling thereof), protection of integrity and confidentiality, data backup, firewalls, data encryption and other appropriate measures. We equip our staff with the appropriate knowledge and understanding of the importance and confidentiality of your personal data security.

We protect personal information you provide online in connection with registering yourself as a user of our Website or Revuto App. Access to your own personal information is available through a password selected by you. This password is encrypted while transmitted from your browser to our servers and while stored on our systems. To protect the security of your personal information, never share your password to anyone. Please notify us immediately if you believe your password has been compromised.

Whenever we save your personal information, it’s stored on servers and in facilities that only selected REVUTO personnel and our contractors have access to. We encrypt all data that you submit through the Website during transmission using Transport Layer Security (TLS) in order to prevent unauthorized parties from viewing such information. Remember – all information you submit to us by email is not secure, so please do not send sensitive information in any email to REVUTO. We never request that you submit sensitive or personal information over email, so please report any such requests to us by sending an email to [email protected].

Steps you can take to help us keep your information safe

There are many steps you can take to help us keep your information safe. First and foremost, choose complex, independent passwords for each website and service you maintain an account with. This helps keep any breach of any of your accounts isolated to one service. Also, don’t use anything related to your birthday, address, phone number, PIN number or any other easily guessable information in your password.

REVUTO urges your caution when using public computers or networks, like at a coffee shop or library. To best protect your personal information and login information, don’t use such computers to access your sensitive accounts, and if you must, ensure that you logout of your account entirely.

When either you or we update information in your account, such as the status of your account or Revu Token (REVU) balance, we typically send you notice of these changes via email or text message. In recent years, individuals, businesses and even governments have seen a rise in “phishing” attacks. Phishing occurs when someone attempts to obtain your password or other sensitive information. Scammers often do this by impersonating a trusted user, or by offering a compelling reason to open a malicious email attachment, click on a link or give over information. We never ask for your sensitive personal information, such as password, over email or other unsecure methods or through any site not under the revuto.com domain. Please notify us at [email protected] if you ever receive suspicious correspondence from us.

7. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

REVUTO utilizes external processors for certain processing activities. We use information audits to identify, categorize and record all personal data that is processed outside the company, so that the information, processing activity, processor and legal basis are all recorded, reviewed and easily accessible.

We have strict due diligence procedures and measures in place and review, assess and background check all processors prior to forming a business relationship. We obtain company documents, certifications, references and ensure that the processor is adequate, appropriate and effective for the task we are employing them for.

We audit their processes and activities prior to contract and during the contract period to ensure compliance with the data protection regulations and review any codes of conduct that oblige them to confirm compliance.

This is the list of processors with whom we share your personal data:

PROCESSOR	ROLE	SEAT
Google, Inc.	Email services based on Cloud	USA
Google, Inc.	Analytics	USA
You Tube, Inc.	Statistics on embedded videos	USA
Hotjar, Ltd.	User experience analytics	Malta
DigitalOcean, Inc.	Cloud Infrastructure (IaaS)	USA
Beyondi d.o.o.	Technical services	Croatia
Sum And Substance Ltd	KYC check	UK

REVUTO OÜ’S JOINT CONTROLLERS	ROLE	SEAT
Paynovate	Opening of Electronic Money Accounts and Issuing Virtual Cards	France
Linkcy	Opening of Electronic Money Accounts and Issuing Virtual Cards	France
TOCA Express d.o.o	Providing Revuto Crypto Wallet and Additional Services	Croatia
MoneySwap OÜ	Virtual currency exchange and payment gateway services	Estonia
MONEYMAPLE TECH LTD.	Virtual currency exchange and payment gateway services	Canada
GLOBAL INTERNET VENTURES PTY LTD	Opening of Electronic Money Accounts and Issuing Virtual Cards	Australia

We may also share your personal data with our outside accountants, legal counsels and auditors.

if we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
to prevent and detect fraud or crime;
in response to a subpoena, warrant, court order, or as otherwise required by law.

Finally, personal information may be disclosed or transferred as part of, or during negotiations of, a merger, consolidation, sale of our assets, as well as equity financing, acquisition, strategic alliance or in any other situation where personal information may be transferred as one of the business assets of Revuto.

We do not have a list of all third parties we share your data with, as this would be dependent on your specific use of our Services. However, if you would like further information about who we have shared your data with, or to be provided with a list specific to you, you can request this by writing to [email protected].

8. INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA

We may transfer your personal data to countries other than the one you reside in. In these cases, we will transfer your personal data only:

To the countries within the EEA;
To the countries which do not form the EEA but are considered to ensure an adequate level of protection;
To the countries which do not belong to those specified under item 1. and 2, but only by applying the appropriate safeguard measure in accordance with the GDPR.

9. HOW LONG DO WE KEEP YOUR DATA?

The period for which we store your personal data depends on a particular purpose for the processing of personal data, as explained in detail in Section 4 of this Privacy Policy. We retain personal data for as long as we reasonably require it for legal or business purposes. In determining data retention periods, we take into consideration the applicable law (see Section 21 of the Terms of Use), contractual obligations, and the expectations and requirements of our Users. When we no longer need personal information, or when you request us to delete your information, where this is legal, we will securely delete or destroy it.

Personal data we collected for your early access to Revuto will be deleted by the end of February 2022, provided you have not continued using our Services.

However, as an exception to the retention periods in Section 4 of this Privacy Policy the data may be processed to determine, pursue or defend claims and counterclaims.

10. YOUR RIGHTS

As a Data Subject in the EEA, whose personal information we hold, you have certain rights under the GDPR. This part of the Privacy Policy aims to give you a general understanding of these rights. In relation to each of the rights noted below, we provided a reference to the specific provision of the GDPR from which that right arises.

Right of Access (Article 15 GDPR)

You can send us a request for a copy of the personal data we hold about you.

We have ensured that appropriate measures have been taken to provide such in a concise, transparent, intelligible and easily accessible form, using clear and plain language. Such information is provided in writing free of charge. It may be provided by other means when authorized by the Data Subject and with prior verification as to the subject’s identity.

Information is provided to the Data Subject at the earliest convenience, but at a maximum of 30 days from the date the request was received. Where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months where necessary.

Right to Correction of Your Personal Data(Article 16 GDPR)
If the personal data we have about you is incorrect, you have the right to request that we correct that data. When notified of inaccurate data by the Data Subject, we will rectify the error within 30 days and inform any third party of the rectification if we have disclosed the personal data in question to them.
Right to Be Forgotten or Right to Erasure (Article 17 GDPR)

You have the right to request from us that your personal data is deleted in certain circumstances including:

The personal data are no longer needed for the purpose for which they were collected;
You withdraw your consent (where the processing was based on consent);
You object to the processing and no overriding legitimate grounds are justifying us processing the personal data;
The personal data have been unlawfully processed; or
To comply with a legal obligation.

However, this right does not apply where, for example, the processing is necessary:

To comply with a legal obligation; or
For the establishment, exercise or defense of legal claims.

Right to Restriction of Processing (Article 18 GDPR)

If the accuracy of the personal data is contested, you consider the processing is unlawful but you do not want it erased, we no longer need the personal data but you require it for the establishment, exercise or defense of legal claims or you have objected to the processing and verification, you can exercise your right to the restriction of processing.

Right to Withdraw the Consent (Article 13(2)c) GDPR)

If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.

Right to Lodge a Complaint

If you have any concerns or requests in relation to your personal data, please contact us at [email protected] and we will respond as soon as possible but not later than within 30 days.

If you are unsatisfied with how we process your data, you may contact the competent supervisory authority.

In case you believe that we are processing your personal data in violation of the GDPR, you have the right to lodge a complaint with the supervisory authority located in the EEA where you reside or work or where the alleged infringement took place.

11. CALIFORNIA RESIDENTS PRIVACY NOTICE („Notice“)

This Section supplements the information contained in the REVUTO's Privacy Policy and applies solely to visitors, users, and others who reside in the State of California and fall under the scope of the California Consumer Privacy Act (“consumers” or “you”) when they visit the Website or use the Services. Under this Notice REVUTO complies with the California Consumer Privacy Act of 2018 (“CCPA”).

Any capitalized but undefined term in this Notice shall have the meaning given to it in the CCPA, Definitions section of the Terms of Use, Privacy Policy and Cookie Policy.

This Notice makes an integral part of our Privacy Policy and Terms of Use.

Information we collect

For more details about the personal information REVUTO has collected over the last 12 months please see Section 4 of the Privacy Policy - Personal Data We Process .

The categories of personal information that are listed in Section 4 are obtained by REVUTO in accordance with Section 3 of the Privacy Policy - What Data Do We Collect About You And When?

Use of Personal Information

REVUTO collects personal information for the purposes described in Section 4 of the Privacy Policy - Personal Data We Process .

Sharing Personal Information

REVUTO shares personal information with the categories of third parties described in Section 7 of the Privacy Policy - With whom do we share your personal data?

Please note that REVUTO uses third-party cookies for advertising purposes as further described in our Cookie Policy .

REVUTO does not sell your personal information

REVUTO does not sell personal information, including personal information of anyone under 18 years of age.

Under the CCPA, a business that sells consumers personal information to others must: 1) give notice to consumers before selling their personal information to others; and 2) provide to consumers the right to opt-out of the sale of their personal information.

Therefore, the notification and opt-out requirements do not apply to REVUTO.

Your Rights and Choices

This section describes your rights under the CCPA and explains how to exercise those rights. These rights may be exercised by consumers when REVUTO operates as a Data Controller.

Right to know Personal Information and Data Portability Rights

You have the right to request that we disclose certain information to you about REVUTO's collection and use of your personal information over the past 12 months, i.e.:

Our business or commercial purpose for collecting your personal information.

The categories of personal information we collected about you.

The categories of third parties with whom we share your personal information.
The specific pieces of personal information we collected about you („data portability request “).

We will disclose this information to you once we receive and confirm your verifiable consumer request.

Right to Deletion

You have the right to deletion your personal information REVUTO collected. REVUTO will delete your personal information from the records once we receive and confirm your verifiable consumer request unless a CCPA exception applies.

Namely, we may deny your deletion request subject to the exceptions in CCPA §1798.105, i.e. if retaining the information is necessary for REVUTO or our service providers to:

Complete the transaction for which REVUTO collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of REVUTO's ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code §1546 seq. ).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

If your request is justified, REVUTO will also direct their service providers to delete your personal information as well.

Right to Non-Discrimination

REVUTO will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, REVUTO will not:

Deny you use of our Services.
Provide you a different level or quality of Services.
Charge you different prices or rates for Services, including through the use of discounts or other benefits or by imposing penalties.
Suggest that the person exercising their rights will receive a different price or rate for Services or a different level or quality of Services.

Right to say no to the sale of your personal information (Right to opt-out)

As explained above, the CCPA requires businesses that sell personal information to allow consumers the ability to opt-out of the selling of their personal information.

Again, REVUTO does not sell personal information.

Exercising your rights

To exercise the rights to access, data portability, and deletion, please submit a verifiable consumer request at [email protected] or contact us via Revuto Live Support on www.revuto.com.

Consumers are entitled to make a request for access or data portability twice within a 12-month period.

To exercise your rights, you may send a request by yourself or use an authorized agent.

If REVUTO cannot verify your identity or authority to make the request and confirm the personal information related to you, REVUTO cannot respond to your request or provide you with personal information.

We try to respond to consumers' requests within 45 days of their receipt. Sometimes, REVUTO may need more time to respond to the request (up to 90 days total from the moment we receive the request) when REVUTO will inform the consumer of the reason and extension period in writing.

You are not obliged to create an account with us in order to make a verifiable consumer request. We will deliver our written response to the registered email associated with the account if you have an account with us. Please note that any information we provide will only cover the 12-month period preceding the consumers' request receipt. If we cannot comply with your request, we will provide an explanation.

If a consumer files a data portability request, REVUTO will select a format that is readily useable and should allow the transmission of the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to verifiable consumer requests unless it is excessive, repetitive, or manifestly unfounded. If REVUTO determines that the request warrants a fee, REVUTO will:

inform you why the decision was made and
provide the consumer with a cost estimate before completing the request.

12. CHANGES TO PRIVACY POLICY

We reserve the right to change Privacy Policy from time to time at our sole discretion. If we make any changes, we will publish the new rules on this web page and, if we have your email, we will notify you directly.

Where you have previously consented to our Privacy Policy, your continued use of the Revuto after we make changes is deemed to be acceptance of the updated rules.

Annex, October 2024.

Revuto’s PRIVACY POLICY

1. Data Controller Information: Who is responsible for processing your data?

We recognize the importance of protecting the privacy of our customers' and users' personal information. This policy details how we collect, use, disclose, and protect the personal information provided by users of our services. It aims to regulate and provide information on the processing of personal data of current clients, potential clients, former clients, and third parties whose data we may process as a result of the relationships we establish with our clients.

The company is legally authorized to process the information provided by users of our website.The controller of personal data collected through our website is :

● Controller's Name: Revuto OU

● Contact Email: [email protected]

For any inquiries, questions, or to exercise rights related to the processing of personal data on our website, you can contact the responsible party through the provided contact methods.

2. Purpose of Processing: What is the purpose of processing your data?

The collected information is used to provide financial services, process transactions, prevent fraud, customize our clients' experience, and comply with legal obligations.

Personal data will be obtained through information request forms or through the contracting of our products or services. We may use the information to improve our services and send marketing communications with prior consent from clients.

Personal data collected through our website will be used for the following purposes:

● Provision of Financial Services: Data is collected to provide financial services, such as account opening, transaction management, requests for banking products, among others.

● Compliance with Legal Obligations: Data collection and processing are carried out to comply with applicable legal obligations and financial regulations.

● Client Management: Data will be used to maintain relationships with clients, including account management, communications related to financial services, and customer service.

● Fraud Prevention and Security: Data collection and processing are performed to prevent and detect potential frauds, ensuring the security of financial transactions.

The legal basis for processing personal data is based on the user's explicit consent. The relevant forms will include a checkbox for accepting the privacy policy as a requirement for registration or use of the services.

Personal data is obtained in accordance with legal regulations and with the explicit consent of the users. This information is provided to ensure transparency about the use and processing of personal data collected on our website.

3. Third-Party Recipients of Personal Data: Who do we share your personal data with?

We may share personal data with third-party recipients to provide and improve our services. These third parties may act as data processors. Situations in which data might be shared include, but are not limited to:

● Associated Financial Entities: We may share data with financial institutions to facilitate transactions, verify identities, or provide specific financial services.

● Public Authorities, Official Bodies or Bank Supervision and Control Entities and Competent Tax Authorities: We may disclose personal data as required by banking and financial sector regulation, anti-money laundering and terrorism financing regulation, as well as consumer protection laws in force.

● Notaries: In the case of mortgage contracting, we will communicate your data to Notaries as their intervention is necessary for formalization.

● Public Registries: Data will be sent to Public Registries (such as the Property Registry) when it is necessary to register the corresponding guarantees (mortgages).

● Service Providers: In certain circumstances, we contract external service providers, such as payment platforms, web analytics service providers, or fraud prevention services, who could access personal data in the course of their activities.

● Third-Party Cookies: Our website may use third-party cookies, which collect data to improve the user experience. These cookies are used by external providers and could record personal information, provided the user gives their consent.

Users have the option to manage cookie preferences through their browser settings, allowing or rejecting the use of third-party cookies on our website.

It is important to highlight that access to personal data by third-party recipients is subject to the explicit approval and consent of the user. This information is provided to ensure transparency in the handling of personal data on our website.

4. International Transfers

We commit to informing you transparently about any international data transfers that may occur. In some cases, personal data may be transferred outside of the countries that are part of the European Union.

These international transfers will occur in compliance with applicable data protection regulations. In particular, explicit and detailed notification will be provided about such transfers, ensuring compliance with applicable data protection laws.

It is important to note that these transfers could involve sending data to companies with servers located outside the European Union, such as those in the United States or other countries.

Our commitment is to ensure that, regardless of international transfers, your personal data's protection and privacy are maintained in accordance with corresponding data protection standards and regulations.

5. Data Retention Period: How long do we keep your data?

We commit to keeping the personal data provided by users only for the time necessary to fulfill the purposes for which they were collected, unless a legal or regulatory obligation requires a longer retention period.

The retention period for personal data may vary depending on the purpose of the processing and applicable legal obligations. Generally:

● Current Clients' Data: Data from current clients will be retained for the duration of the contractual relationship and, once concluded, will be blocked for 10 years as mandated by anti-money laundering regulations.

● Potential Clients and Former Clients' Data: Data from potential clients, as well as from former clients, will be retained for a reasonable period to maintain records and manage inquiries or complaints.

● Legal Compliance and Regulatory Obligations: In certain cases, information may be kept for an additional period to comply with legal obligations, respond to legal and regulatory requirements, resolve disputes, prevent fraud, or enforce agreements. Eventually, we will abide by the legal prescription periods depending on the specific contracts you sign with us, for example, 21 years according to mortgage regulations.

After the corresponding periods have passed or when the data are no longer necessary for the established purposes, data will be securely deleted in accordance with internal policies and current data protection regulations.

6. Rights of Access, Rectification, Opposition, and Cancellation

Our users have the right to exercise access, rectification, deletion, limitation, portability, and opposition rights regarding their personal data:

● Access and Rectification: You can access your personal data and, if necessary, rectify them if they are inaccurate or incomplete.

● Deletion: Under certain circumstances, you can request the deletion of your personal data.

● Processing Limitation: You have the right to request the limitation of the processing of your data in certain situations.

● Portability: You can request the transfer of your data to another data controller in a structured and readable format.

● Opposition: You can oppose the processing of your data, including processing for direct marketing purposes.

To exercise any of these rights, or if you wish to obtain more information about the processing of your personal data, you can contact us through the provided contact methods. We are committed to addressing your requests and inquiries related to your data protection rights to ensure respect and protection for your personal data.

LinkCy’s Privacy Policy

Introduction

LinkCy SAS regards as of paramount importance the protection and security of Personal Data.

LinkCy collects and processes your personal data in the context of its partnership with the following Partner:

Partner’s Name : Revuto OU

Partner’s Email Address : [email protected]

The Privacy Policy for Personal Data collected via LinkCy SAS within the framework of the activities for which it acts as an Agent of a Payment Service Provider (Paynovate SA) is detailed below, which sets out:

● How LinkCy SAS collects and processes your Personal Data;

● The security measures that LinkCy SAS implements to guarantee the confidentiality and integrity of your Personal Data;

● The rights you have to control them throughout your use of the Services.

This policy is effective as of 24/04/2021.

This Privacy Policy may be modified or supplemented at any time by LinkCy SAS, in particular with a view to complying with any legislative, regulatory, jurisprudential or technological developments. To check for updates to this Policy, you should regularly consult this page.

If the changes affect the processing activities carried out on the basis of the User's consent, LinkCy SAS must obtain your consent again.

We encourage you to read this policy carefully. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy, please do not use the Application and Services or do not provide your Personal Data for the use of Services.

Who is the Data controller?

We – LinkCy, a SAS registered with the Paris Trade and Companies Register under number 852295732, with a capital of 13 089 € whose registered office is located 42 Rue Boursault, 75017 Paris, France – are the controller of your Personal Data collected throughout the Site, as provided by the Applicable Laws (as defined below).

In accordance with Article 37 of the GDPR, the institution has appointed a Data Protection Officer (hereinafter DPO), whose contact details are as follows: Nicolas Dupouy ([email protected])

What are the Applicable Laws?

The processing of your Personal Data is carried out in accordance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016), as well as in compliance with French legislation governing the protection of personal data and privacy in electronic communications, notably the French Data Protection Act (amended on 20 June 2018 to enhance personal data protection). This legislation also includes European directives and national laws relating to privacy protection in electronic communications, notably the "ePrivacy" Directive 2002/58/EC (collectively referred to as the "Applicable Laws").

The competent authorities for data protection in France are the National Commission on Informatics and Liberty (CNIL) for national compliance oversight, and the European Court of Justice (ECJ) for matters involving European Union law.

What personal data is collected? How are they collected?

Personal Data means any information relating to an identified or identifiable natural person.

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

As part of the provision of the Services, as defined in the General Terms and Conditions of Use, we may collect the following Personal Data directly through the Application, as defined in the General Terms and Conditions of Use:

● Identity: surname, first name, maiden name, marital date and place of birth, proof of identity;

● Personal life: personal email address, personal telephone number, personal postal address and proof of address;

● Professional life: employer, professional email address, professional telephone number, professional postal address, position, employment contract and pay slip;

● Economic data: Bank details, IBAN, Card details, account statement, LinkCy account balance, transaction(s), tax notice and proof of income;

● Connection data: identification and authentication data linked to the use of Services (username, password, other registration information), details of device used for connection.

Personal data is collected either directly from the data subjects or indirectly from third parties or from public available sources.

The processing operations concern the personal data of Users, Customers or Prospects.

Why is personal data collected?

The main purpose of collecting Personal data through the Application is to allow us to:

● Carry out all the Services offered by our company, as defined in the General Terms and Conditions of Use;

● Conclude or execute any contract with you and to respond to any request for services; ● Answer and satisfy your requests and eventual queries;

● Manage of customer account;

● Carry out customer loyalty operations;

● Carry out commercial prospecting operations;

● Development of statistics;

● Build up a file of registered members, users, customers and prospects; ● Verify the use and functionality of our Services;

● Develop our services (launch new products or services, improve the application, etc.);

● Protect our operations or those of others third parties and our rights and security or those of third parties;

● Ensure compliance with legal and regulatory obligation (fight against fraud, money laundering and terrorist financing), the General Terms and Conditions of Use and this Data Protection Policy;

● Resolve any disputes that we may have withs its Users and enforce contracts with third parties.

Furthermore, we may collect Personal Data for other purposes, taking care to comply with the legislation on the protection of Personal Data.

What legal ground(s) do we rely on?

Personal Data processing is necessary for:

● the execution of a contract for the provision of services to which the User is a party or the execution of pre-contractual measures taken at the User's request in accordance with Article 6(1)(b) of the GDPR

● compliance with legal and regulatory obligations in accordance with Article 6(1)(c) of the GDPR, such as the fight against money laundering and terrorist financing, the fight against tax fraud, the legislation on internal sanctions and embargoes, the banking and financial regulations;

● the purposes of the legitimate interests pursued by the data controller in accordance with Article 6(1)(f) of the GDPR, such as risk management, carrying out prospecting operations, improving our Services, etc.

Data processing may also be based on the prior consent of the data subjects in accordance with Article 6(1)(a) of the GDPR, in particular during prospecting operations.

How long do we keep your information?

We will keep your personal data in a secure environment for a maximum period of eight (8) years from the termination of the business relationship (closing of the payment account).

However, we may be required to retain certain Personal Data for a longer period of time, taking into account factors such as:

● legal obligation(s) under applicable law to retain the personal data for a certain period of time (for example, for compliance with tax and accounting requirements);

● the establishment, exercise or defense of legal proceedings (for example, for the purposes of potential litigation).

While we continue to process your Personal Data, we will ensure that it is treated in accordance with this Privacy Policy. If not, we will securely delete or anonymize your Personal Data as soon as it is no longer required.

If you wish to know how long we keep your Personal Data for a particular purpose, you can contact us by writing to us at [email protected]

Who may we share your information with?

As your Personal Data is confidential, only persons duly authorized by us due to their functions can access your Personal Data, without prejudice to their possible transmission to the extent required by the applicable regulations. All persons for which we are responsible for access to your Personal Data are bound by a confidentiality agreement.

We can also share your Personal Data with our subcontractors, within the framework of the contracts governing the business relationship with us, and in particular:

● Our subsidiary company

● Our Payments Services Provider

● Our others Services Providers

● Our Partners, as defined in the General Terms and Conditions of Use

These subcontractors only have access to the data that is strictly necessary for the execution of the contracts established with LinkCy SAS.

We guarantee that the different subcontractors implement the necessary and adequate security measures to ensure the security, confidentiality and integrity of personal data processed on behalf of LinkCy SAS.

In certain circumstances and only where required by Applicable Laws, we may disclose some of your Personal Data to competent administrative or judicial authorities or any other authorized third party.

Is my Personal Data transferred outside the European Union?

The processing and hosting of the Personal Data are established on the territory of the European Union.

Nevertheless, if we transfer Personal Data outside the territory of the European Union, we guarantee that these transfers are executed to States, which are subject to an adequacy decision by the European Commission, justifying an adequate level of protection, within the meaning of Article 45 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data.

In the absence of an adequacy decision, we may transfer Personal Data outside the European Union to Subcontractors, under the conditions provided for in Article 46 of the European General Regulation 2016/679 of 27 April 2016 on the protection of personal data, in particular through the development of standard subcontracting clauses approved by the Commission).

How do we secure personal data?

We implement the appropriate measures in order to guarantee the protection and confidentiality of your Personal Data, and specifically, to prevent its destruction, loss, alteration, unauthorized disclosure of data, or unauthorized access of this data.

These measures include:

● Training to relevant staff to ensure they are aware of our privacy obligations when handling personal information;

● Careful selection of subcontractors;

● administrative and technical controls to restrict access to Personal Data on a “need to know” basis;

● technological security measures, including firewalls, encryption and anti-virus software, authentication devices;

Although we use appropriate security measures once we have received your Personal Data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect Personal Data, but we cannot guarantee the security of data transmitted to us or by us. We will inform you promptly in the event of a violation of your Personal Data which could expose you to a serious risk.

What are your rights regarding your personal data?

You have rights to the Personal Data that concerns you and that is processed by LinkCy SAS:

● The right to be informed: you have the right to receive clear, transparent and easily understandable information about how we use your Personal Data. That is why we provide you with the information contained in this Privacy Policy.

● The right of access: you have the right to obtain confirmation from us as to whether or not your Personal Data is processed by us, as well as certain other information about how it is used. You also have the right to access your Personal Data by requesting a copy

of your Personal Data. We may refuse to provide information where this would reveal Personal Data about another person or adversely affect the rights of another person.

● The right of rectification: you may ask us to take action to correct your Personal Data if it is inaccurate or incomplete (for example, if we have the wrong name or address).

● The right to forget: this right allows you, in simple terms, to request the deletion or removal of your Personal Data where, for example, there is no compelling reason for us to continue to use them or their use is illegal. However, this is not a general right to deletion and there are some exceptions, for example when we need to use the information to defend a legal claim or to be able to comply with a legal obligation.

● The right to limit processing: you have the right to "block" or prevent further use of your Personal Data when we assess a request for rectification or as an alternative to deletion. Where processing is limited, we may still retain your Personal Data, but we may not use it further.

● The right to data portability: you have the right to obtain and re-use certain Personal Data for your own purposes in different companies (which are separate data controllers). This only applies to Personal Data that you have provided to us, which we process with your consent. In this case, we will provide you with a copy of your data in a structured, commonly used, machine-readable format or (where technically possible) we can transmit your data directly to another Data controller.

● The right to object: you have the right to object to certain types of processing, for reasons relating to your particular circumstances, at any time. We will be allowed to continue processing Personal Data if we can demonstrate that the processing is justified by compelling and legitimate reasons overriding your interests, rights and freedoms or if we need it for the establishment, exercise or defense of legal claims.

● The right to withdraw your consent: where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time. However, such withdrawal does not affect the lawfulness of the processing that took place prior to such withdrawal.

● The right to provide us with instructions on the use of your Personal Data after your death - you have the right to provide us with instructions on the management (e.g., retention, deletion and disclosure) of your data after your death. You may change or revoke your instructions at any time.

How to contact us?

If you wish to access, correct, modify or delete the Personal Data we have about you, object to their processing, exercise your right to portability, file a complaint, exercise any of the above-mentioned rights or simply obtain more information about the use of your Personal Data, please contact [email protected]

We will endeavor to find a satisfactory solution to ensure compliance with the Applicable Laws.

In the absence of a response from us or if you are not satisfied by our response or proposal or at any moment, you have the ability to lodge a complaint before the CNIL (the French data protection authority) or with the supervisory authority of the Member State of the European Union of your country of residence.