Effective Date: October 1, 2024
This Data Privacy Framework Policy (“DPF Policy”) supplements Revalize’s Global Privacy Policy. This DPF Policy applies to the transfers of personal data from the European Economic Area (EEA), the United Kingdom (UK) and Gibraltar, and Switzerland to the United States.
Personal data may be processed on servers located outside of the country where you reside. Our Privacy Policy describes the way we protect your personal data. In addition to those protections, we provide the following protections in respect of data transfers from the EEA, UK (and Gibraltar) and Switzerland.
Where the European Commission has made an “adequacy decision” in respect of a country outside the European Economic Area (EEA) (i.e. determined that the country provides adequate data protection), personal data can be transferred from the EEA to that country without further safeguards being necessary. The UK and Switzerland have adopted similar adequacy mechanisms to allow personal data to be sent to countries that they consider provide adequate data protection. Revalize, Inc. and its Affiliates (“Revalize” or “we”) rely on the European Commission’s adequacy decisions, as well as the UK adequacy regulations and Swiss adequacy decisions.
In compliance with EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Revalize commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
Data subjects may contact the relevant independent recourse providers listed below:
Revalize will cooperate with the applicable data protection authority in the investigation and resolution of complaints brought under the DPF. Revalize will comply with any advice given by the EU DPAs, the FDPIC, or the ICO with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. The alternative dispute resolution services of the data protection authorities are provided at no cost to you.
If a dispute or complaint cannot be resolved by Revalize or by the EU DPAs, the Swiss FDPIC, or the UK ICO, you have the right to require that Revalize enter into binding arbitration pursuant to the DPF’s Recourse, Enforcement and Liability Principle and Annex I of the DPF.
Revalize is subject to the investigatory and enforcement powers of the US Federal Trade Commission.
We remain responsible for any of your personal information that is shared by us with third parties for external processing on our behalf.
We currently do not rely on the Swiss-U.S. DPF and the UK Extension to the EU-U.S. DPF to transfer personal information to the U.S.
