Privacy Policy

RevoGain does not store your trading data!

About RevoGain

RevoGain is a web application that runs on AWS Elastic Beanstalk.

This page describes our policy for the collection, use, and disclosure of any personal information arising from the use of RevoGain.

This Privacy Policy has been compiled to better serve those who are concerned with how their Personally identifiable information (PII) is being used online. PII, as used in the U.S. privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our Privacy Policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

Personal Data Controller

A. The personal data controller in relation to your personal data, if the data is collected through https://revogain.com/, by providing the specific services in relation to the concluded agreement or by using our products is Hypersistence SRL, with headquarter in Cluj-Napoca, Jupiter 9, Ap 27, Cluj, Romania.

B. The personal data controller in relation to your personal data, if the data is collected through https://hypersistence.onfastspring.com/ is FastSpring with headquarter in 801 Garden St., Santa Barbara, CA 93101.

Applicability

This Privacy Policy applies to anyone who registers through our online platform, to visitors or users of our platform, to our members, to our directors, to our employees, to our customers and our suppliers, regardless of your citizenship or location and for whom Hypersistence SRL is the data controller.

This Privacy Policy is made in accordance with the EU GDPR 679/2016, and it is applicable to all the situations in which Hypersistence SRL is the data controller of your personal data.

Definitions

A. 'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

B. 'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

C. 'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

D. 'processor' means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;

E. 'visitor' means any person accessing or using our site or creating an account within the site;

F. 'consent' of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

G. 'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;

Categories of data we process

A. As a visitor to our site

To the extent that you fill out the registration form on our website, you create an account, or by sending us an email requesting/submitting us information, we may receive from you the following data: email address, name, surname, online identifiers, IP, cookies, as well as any other information provided when completing the message form or communicated via email.

B. Data needed to conduct contractual relations

If we enter into a contract with you (e.g., purchasing credits), we will receive a series of personal data such as name, surname, address, email.

All of these data will be collected and processed as a result of their communication directly by you at the time of placing an online order on https://hypersistence.onfastspring.com/ or as a result of sending them via email.

The basis of the processing is found in art. **art. 6 par. 1 lit. b of the GDPR** respectively, the data are processed as a result of the conclusion of a contract and have the purpose of executing the contract.

C. Indirect Data that might be collected

We can collect your personal data indirectly when you are sending this information to the platforms of other collaborators of our company, such as Google Analytics, Google Search Console, Facebook.

How do we store your personal data

A. Personal data resulting from contractual relationships are stored in digital form only. The data is stored electronically on AWS storage, where access is limited.

B. Only the administrative department may have access to personal data and only for the performance of the contractual relationships we have with you.

The purpose of data processing

We use the information we collect from you for the following purposes:

1. For the performance of the contractual relationships we have with you (e.g., service contract, sale, etc.)

2. To communicate with you and to solve any problems or concerns about the services we are offering

To whom do we disclose your information

As a rule, the information you provide us as a visitor to our site cannot be disclosed. However, there may be situations where we are obliged to do so, such as:

1. In the case of our contractual partners, these data may be transferred to our service providers, including, but not limited to the following categories: accounting services, insurance companies, lawyers, etc.

2. In the case of users of our website, the personal data you communicate to us in principle will not be transferred to third parties, except for the data required to be used to meet legal obligations such as, for example, accounting obligations.

3. Authorities, institutions, and public bodies, if required, in accordance with the tax, labor, social security, or other applicable regulations.

At the same time, the company has the right to disclose in good faith personal data or other information when we consider it necessary to take precautionary measures against our liability, protect us or others from fraudulent, abusive or illegal uses, investigate and defend against any claims or claims of third parties, protect the security or integrity of our services and any facilities or equipment used to make the services available; to protect our property rights or other rights, as well as the safety of others, or to execute contracts.

As regards the transfer of personal data to third countries. The following data is transferred outside the EU or EEA:

- The data collected by Google Analytics. Note that Google complies with the EU-US and Swiss-US Privacy Shield Frameworks. You can find more information about how Google Analytics processes your personal data here.

- The data collected by FastSpring. Note that FastSpring is a U.S. company, and the data that is collected by it is processed in the United States or any other country in which FastSpring or its subsidiaries, affiliates or service providers maintain facilities. You can find more information about how FastSpring processes your personal data here.

The period for which your personal data will be stored

The processing of personal data will cease based on the type of data we process as follows:

1. The data provided by you as a result of the conclusion of the contractual reports or the data provided under these reports will be retained until the date of termination of the contract execution, ie until the expiration of the 10-year term stipulated in art. 25 of the Romanian Accounting Law.

2. The data collected at the time of registering a user account within the Teachable platform will be stored until the time of exercising the right of deletion.

We will destroy personal data when it no longer corresponds to the purpose of the processing, providing security for this process.

Your personal data that you provide via the contact form or an email will be stored until your information/communication process is completed.

At the same time, our company will destroy personal data when it no longer corresponds to the purpose of processing, providing sufficient safeguards for the security of this process.

Your rights in relation to the processing of personal data

In accordance with the provisions of the General Data Protection Regulation no. 679/2016, you have the following rights:

The right to information – the right to be informed about the identity of the controller – Hypersistence SRL, the purpose of data processing, recipients or categories of data recipients, the existence of the rights provided by the GDPR, and the conditions under which rights may be exercised.

The right of access – the right to obtain from us, on request and free of charge, the confirmation that the data concerning you are processed or not and the right of access to these data, unless these requests are repetitive or made with obvious bad faith.

The right to rectification – You may request the rectification of inaccurate personal data.

The right to delete data ("the right to be forgotten") – deletion of data may take place when processing was not legal or in other cases provided for by law (for example, when data are no longer required in relation to the purpose for which have been processed). However, deletion of data cannot take place when processing takes place under the law.

The right to Restrict Processing – You may be required to restrict the processing if you dispute the accuracy of the data, as well as in other cases prescribed by law.

The right of opposition – the right to oppose at any time, for good and legitimate reasons, that your data is processed, except where there are contrary legal provisions or where the processing is based on our legitimate interest.

Data portability – You may receive the personal data you have provided us in a format that can be read automatically, or you may request that the data be transmitted to another controller.

The right to lodge a complaint – you can complain about how you process your personal data with the National Supervisory Authority for Personal Data Processing or you can address the courts.

Right of Withdrawal of Consent – If the basis for data processing is consent, we inform you that this consent can be withdrawn at any time. Withdrawal of consent will only be effective for the future, with processing prior to withdrawal being valid. However, if the processing is mandatory for the provision of services and this may be done under other legal provisions, Hypersistence SRL will process such processing and notify the data subjects.

The right not to be subject to automatic automated decisions or profiling decisions related to automatic decisions - the right to request and obtain the withdrawal, cancellation, or re-evaluation of any decision having legal effect, adopted solely on the basis of the processing of personal data, automatic means designed to evaluate some aspects of personality, such as professional competence, credibility, behavior or other such issues, where appropriate.

If you wish to exercise the above-mentioned rights, please contact us, by written request, dated and signed, to the headquarters located in Cluj-Napoca, Jupiter, nr. 9, Ap. 27, Cluj, Romania. You can also contact us by email at support@revogain.com if the email contains a certified electronic signature.

Insofar as you exercise your rights, we may ask you to prove your identity by communicating us an identity document or any other information necessary to conduct a prior procedure for verifying the applicant in accordance with the legal obligations of security and confidentiality of our data.

Hypersistence SRL undertakes to consider any request or complaint received and to respond within a reasonable time in order to comply with the legal provisions in the matter.

Hypersistence SRL undertakes to consider any request or complaint received and to respond within a reasonable time in order to comply with the legal provisions in the matter.

At the same time, we provide you with the deadlines for responding to requests for these rights:

The right to be informed

1. At the time the data is collected

2. No later than within one month – if personal data is not
provided by the data subject

The right of access

One month

The right to rectification

One month

The right of deletion

No unjustified delays

The right to restrict processing

No unjustified delays

The right to portability

One month

The right of objection

At the time of the objection

The right not to be subject to automatic automated or
profiling decisions related to automated decisions

Unspecified – does not have the ability to be limited in
relation to the specificity of the activity

Security of personal data

We follow the highest standards to protect processed data, both during transmission to us and afterward. In order to ensure security, we mention, as a general rule, the ways of securing:

1. Access to personal data is limited and authorized only to persons legally entitled to use them, and it is their duty to ensure the confidentiality of data.

2. Access to the electronic servers used by our company is done through a password and other access and authentication controls.

3. No employee or person who comes into contact with personal data or documents containing such data shall have the possibility to disclose such data to third parties.

4. Data held for a client will be kept separate from the data of another customer.

5. This site is hosted on AWS, and security is guaranteed by the hosting platform.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.

In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology. Being hosted on AWS, periodical database backups are taken by Amazon.

Minimum security measures to be applied by Hypersistence SRL

A. Using a password with a high level of protection (consisting of figures, letters, and symbols).

B. Any computer, laptop, or device left unattended should be disconnected from the network, locked, or closed.

C. Access to areas where personal data is stored is only allowed to authorized persons.

D. Verification of physical data securing by locking, padlock application, checking the security of electronically stored data by not leaving the computer unattended, using a password in accordance with this Privacy Policy.

E. Change all passwords when necessary.

F. Databases are in secure locations guaranteed by our hosting providers, to which only the people in the department have access.

However, no electronic or physical transmission or storage method is 100% safe. If you believe that your personal data has been compromised, please contact us in writing at our headquarters located in Cluj-Napoca, Jupiter 9, Ap. 27, Cluj, Romania.

You can also contact us by email at support@revogain.com if the email includes a certified electronic signature.

If we find out about a security breach, we will notify both you and the authorities about the occurrence of the violation in accordance with applicable law, within 72 hours at most, the term in which we communicate the relevant information about security incidents.

Security breaches

Since our company's policy is to be fair and to respect the principle of proportionality when considering the actions that we must take to inform those affected by the security incident that is likely to result in a risk to the rights and the freedoms of individuals, in the event of a breach, we will notify both the Supervisory Authority and the person or persons concerned of the breach.

Our Privacy Policy applies to all services provided by our company. Our Privacy Policy may change from time to time, but we do not force you to reduce your rights under these changes without your explicit consent.

We will post any changes to the Privacy Policy in visible places to make it easy to identify updates and to get acquainted with its contents. We will also keep previous versions of this Privacy Policy in the electronic archive so that it can be reviewed at any time by a simple request.

Applicable provisions in the situation where FastSpring or another partner is the data controller Information

If you are not a citizen of the European Union or the European Economic Area, and Hypersistence SRL is not a data controller, the following provisions or any other legal acts apply:

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a Privacy Policy. The law's reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous Privacy Policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. See more at California Consumer Privacy Act

According to CalOPPA, we agree to the following:

Users can visit our site anonymously. Once this Privacy Policy is created, we will add a link to it on our home page, or as a minimum, on the first significant page after entering our website. Our Privacy Policy link includes the word 'Privacy' and can be easily be found on the page specified above.

COPPA (Children Online Privacy Protection Act)a

When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online. We do not specifically market to children under 13.

Personal Trading Information

The trading statements you upload, as well as the reports generated by RevoGain, are stored in a temporary folder until you log out. During log out, that temporary folder is removed.

If the statement parsing fails due to an unexpected error, you are asked whether you want to send us an anonymous text fragment containing the error cause so we can analyze it and provide you with a fix.

You can explicitly opt-in for sending the error report, or you could clear it right away. During log out, the unsubmitted error reports are deleted anyway.

The parsing error fragments you can send to us don't store any user identification info.

Other than the optional anonymous error report, no other trading information is ever stored in the RevoGain database.

Payment Processing

Payments are processed by a third-party service called FastSpring. Check out their Privacy Policy if you want to know how your order and payment data is stored by FastSpring.

Cookie Policy

We use the term "cookie" to refer to cookies or similar technologies through which information can be collected automatically.

An "Internet cookie", also known as "cookie browser" or "HTTP cookie" or "cookie", is a small file of letters and numbers that will be stored on your computer, mobile device, or other equipment of the user through whom, the Internet is accessed.

The cookie stores important information that enhances Internet browsing (language settings to access a site, online banking security, etc.). The cookies themselves do not require personal information to be used. However, the webserver that sent the cookie can access it again when a user returns to the website associated with that webserver.

RevoGain does not use these "cookies" explicitly.

Payments are processed by a third-party service called FastSpring. Check out their Privacy Policy if you want to know their Cookie Policy.

Policy changes

RevoGain has the discretion to update this Privacy Policy at any time. We encourage users to frequently check this page for any changes.

You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications.

Your continued use of RevoGain following the posting of changes to this Privacy Policy will be deemed your acceptance of those changes.

Last updated: 2021-10-27