Personal Information is any information relating to an identified or identifiable natural person, which may include IP addresses, information contained in cookies, and navigational data. We collect Personal Information to gather data to provide and improve our Services. Personal Information also includes sixteen supplemental principles: (1) sensitive data, (2) journalistic exceptions, (3) secondary liability, (4) performing due diligence and conducting audits, (5) the role of the data protection authorities, (6) self-certification, (7) verification, (8) access, (9) human resources data, (10) obligatory contracts for onward transfers, (11) dispute resolution and enforcement, (12) choice – timing of opt-out, (13) travel information, (14) pharmaceutical and medical products, (15) public record and publicly available information, and (16) access requests by public authorities.
The types of Personal Information we collect and our privacy practices depend on the nature of the relationship you have with RevGeek and the requirements of applicable law. RevGeek collects Personal Information regarding its current, prospective and former customers, its customer’s clients (“Customer Data”), and visitors (collectively “Individuals”). RevGeek also collects Personal Information regarding current, temporary, permanent, prospective and former employees, directors, contractors, workers or retirees of RevGeek and its subsidiaries worldwide (“Employees”).
We collect, process, and store the following types of Personal Information: (1) information you explicitly provide to us by completing a form on our website; (2) information we automatically collect when you visit our website; (3) information our customers provide about themselves to obtain Services; (4) information Employees provide to us for employment purposes; and (5) information that our customers provide about other individuals that is processed by the Service.
We use this information for our own internal purposes, which are more fully explained below. We may share your information with contractually-assigned RevGeek partners and any other parties required of RevGeek to comply with state and federal laws. We endeavor to collect or store information only relevant for the purposes of processing. Below are the legal bases and some of the ways we collect information and how we use it.
2.1. Information We Collect, Process, and StoreThe data we collect from Individuals includes information that may be deemed Personal Information, such as contact information, user name, Internet Protocol address, government identification, photo or image, and credit card and other financial information related to payments for services, collected directly from you or from an RevGeek customer. We may also collect other information that is not Personal Information, such as comments you provide through https://apttus.wpengine.com and our related sites (“the Websites”), demographic information you choose to provide (e.g., your business or company information), and answers to a security question and password.
2.2. How We Collect Personal InformationOur corporate values, ethical standards, policies and practices are committed to the protection of customer information. In general, our business practices limit employee access to confidential information and limit the use and disclosure of such information to authorized persons and processes.
Here are some of the ways that we may collect former, prospective, and current customers’ Personal Information:
2.3. Information from Other SourcesWe may collect information about you from third-party sources to supplement information provided by you. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you information about our business, products and Services.
How RevGeek Uses your Personal Information
Depending on how you interact with us, we and our Third-Party Service Providers may also use Personal Information in a variety of ways, including:
If you are a prospective, former, or current customer:
If you are our customer’s client:
If you are an Employee:
3.1. Cookies“Cookies” are a feature of web browser software that allows web servers to recognize the computer used to access a website. They are small pieces of data that are stored by a user’s web browser on the user’s hard drive. Information gathered through cookies and web server logs may include information such as the date and time of visits, the pages viewed, time spent at the website, and the websites visited just before and just after our website. Cookies can remember what information a user accesses on one web page to simplify subsequent interactions with that website by the same user or to use the information to streamline the user’s transactions on related web pages.
You can delete cookie files from your own hard drive at any time by clicking on the Privacy or History tab typically found on the Settings or Options menu in your internet browser. Please note that deleting cookies may limit access to much of the content and many of the features available on RevGeek Websites.
3.2. Pixel Tags/Web Beacons RevGeek may use “pixel tags” (or web beacons”), which are small graphic files that allow us to monitor the use of our Websites. A pixel tag can collect information such as the Internet Protocol (“IP”) address of the computer that downloaded the page on which the tag appears; the URL of the page on which the pixel tag appears; the time the page containing the pixel tag was viewed; the browser type and language; the device type; geographic location; and the identification number of any cookie on the computer previously placed by that server. When corresponding with you via HTML capable email, we or our Third-Party Service Providers may use “format sensing” technology, which allows pixel tags to let us know whether you received and opened our email.
3.3. Analytics Information RevGeek may use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some of our Websites, and to develop website content. This analytics data is not tied to any Personal Information. For more information about Google Analytics, please visit https://www.google.com/policies/privacy/partners/.
You can opt out of Google’s collection and processing of data generated by your use of the Services by going to https://tools.google.com/dlpage/gaoptout.
3.4. Interest-Based AdvertisingThrough our Websites, RevGeek may allow third-party advertising partners to set tracking tools (e.g., cookies) to collect anonymous, non-Personal Information regarding your activities (e.g., your IP address, page(s) visited, time of day). We may also share such de-identified information we have collected with third-party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit non-RevGeek related websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising.”
3.5. Mobile DevicesOur mobile applications (“Apps”) may require you to log in to Third-Party Platforms, such as Salesforce or Azure. In addition, RevGeek may provide websites and online resources that are specifically designed to be compatible and used on mobile devices. RevGeek will collect certain information that your mobile device sends when you use such websites or online resources, like a device identifier, user settings and the operating system of your device.
3.6. Anonymous and Aggregated Information RevGeek may use your Personal Information and other information about you to create anonymized and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access the RevGeek Website or other online services, or other analyses we create. Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Websites. Anonymized or aggregated information is not Personal Information, and RevGeek may use such information in a number of ways, including research, internal analysis, analytics and any other legally permissible purposes. We may share this information within RevGeek and with third parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
Please note that if you are a client of one of our customers and would no longer like to be contacted by an RevGeek customer that uses our Service, please contact the customer that you interact with directly. Please also note that while you have the right to access personal data that we store, RevGeek has no direct relationship with the individuals whose Personal Information it processes on behalf of our customers. An individual who seeks to access, correct, amend, or delete data should direct their request to the RevGeek customer.
4.1. GeneralWhere you have consented to RevGeek’ processing of your Personal Information, you may withdraw that consent at any time and opt out by following the instructions in this Section. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will provide information regarding the new purpose and give you the opportunity to opt out.
Before disclosing sensitive data to a third party or processing sensitive data for a purpose other than its original purpose or the purpose authorized by you, RevGeek will endeavor to obtain your explicit consent (opt-in). If your consent is otherwise required by law or contract for us to process your Personal Information, RevGeek will comply with the law or contract.
4.2. Website CommunicationsYou have the opportunity to opt out of receiving further communications from us at the time you complete the registration form on our website. Alternatively, if you initially decide to receive information from us but at a later date wish to remove your information from our database, you can do so by visiting the unsubscribe page:
We maintain telephone “do not call” lists and “do not mail” lists as mandated by law. We process requests to be placed on do not mail, do not phone and do not contact lists within 60 days after receipt, or such shorter time as may be required by law.
4.4. Human Resources Data<With regard to Personal Information that RevGeek receives in connection with the employment relationship, RevGeek will use such Personal Information only for employment-related purposes as more fully described above. If RevGeek intends to use this Personal Information for any other purpose, we will provide you with an opportunity to opt-out of such uses.
4.5. “Do Not Track ”Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. RevGeek does not recognize or respond to browser-initiated DNT signals.
You can opt out of the collection and use of your information for interest-based advertising by going to limit collection through the Websites or by configuring the settings on your mobile device to limit ad tracking through the mobile applications.
Even if you opt out, we may still collect and use non-Personal Information regarding your activities on our Websites and/or information from the advertisements on Third-Party websites for non-interest-based advertising purposes, such as to determine the effectiveness of the advertisements.
5.2. Service Providers RevGeek may share Personal Information with our service providers that we have retained to perform services on our behalf including (i) provision of IT and related services; (ii) provision of information and services you have requested; (iii) payment processing; and (iv) customer service activities. Payment information will be used and shared only to effectuate your order and may be stored by a service provider for purposes of future orders.
RevGeek has executed appropriate contracts with the service providers that prohibit them from using or sharing your personal information except as necessary to perform the contracted services on our behalf or to comply with applicable legal requirements.
5.3. Business Partners RevGeek may share Personal Information with our business partners, and affiliates for our and our affiliates’ internal business purposes or to provide you with a product or service that you have requested. RevGeek may also provide Personal Information to business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. In such cases, our business partner’s name will appear, along with RevGeek’. RevGeek requires our affiliates and business partners to agree in writing to maintain the confidentiality and security of Personal Information they maintain on our behalf and not to use it for any purpose other than the purpose for which it was provided.
5.4. Information Disclosed for Our Protection and the Protection of OthersWe may disclose information about you: (i) if we are required to do so by law, court order or legal process; (ii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (iii) under the discovery process in litigation; (iv) to enforce RevGeek policies or contracts; (v) to collect amounts owed to RevGeek; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
Sometimes, we may review server logs for security purposes– e.g., to detect unauthorized activity on the Websites. In such cases, server log data containing IP addresses and other information may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.
5.6 Liability for Onward TransfersAs further described in Section 6.2 below, we comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework. As a Privacy Shield organization, we have primary responsibility for the processing of Personal Information received under the Privacy Shield and subsequently transferred to a third party acting as an agent on its behalf. We shall remain liable under the Privacy Shield Principles if our agent processes such Personal Information in a manner inconsistent with such principles, unless we prove that we are not responsible for the event giving rise to the damage(s).
6.1 GeneralAll Personal Information sent or collected via or by RevGeek may be stored anywhere in the world, including but not limited to, in the United States, in the cloud, our servers, the servers of our affiliates or the servers of our service providers. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request. By providing information to RevGeek, you consent to the storage of your Personal Information in these locations.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at: firstname.lastname@example.org
We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.
If neither Apttus nor our dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel.
In addition, we commit to cooperate with EU data protection authorities and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship. As a Privacy Shield organization, we are also subject to the investigatory and enforcement powers of the Federal Trade Commission.
Although Apttus makes good faith efforts to provide Individuals with access to their Personal Information, there may be circumstances in which Apttus is unable to do so, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question or where it is commercially proprietary. If Apttus determines that access should be restricted in any particular instance, we will explain why and provide a contact point for any further inquiries. To protect your privacy, Apttus will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Information.
The security of all Personal Information provided to RevGeek is important to us, and RevGeek takes reasonable steps designed to protect your Personal Information. Unfortunately, no data transmission over the Internet or storage of information can be guaranteed to be 100% secure. Thus, while RevGeek strives to protect your Personal Information, we cannot ensure or warrant the security of any information you transmit to RevGeek, and you do so at your own risk. You are responsible for maintaining the secrecy of your own passwords. If you have reason to believe that your passwords or Personal Information is no longer secure, please promptly notify us at email@example.com
You have the ability to correct or change any information which you have previously provided by contacting us. You may change this information at any time and as often as necessary.
11.1. GDPR (General Data Protection Regulation) RevGeek and the Services endeavor to be compliant with all applicable GDPR regulations and if you are a Customer, and upon request, RevGeek will agree to execute a Data Processing Addendum describing the processing of Personal Information.
11.2. Information Regarding Children Due to the nature of RevGeek’ business, services and benefits are not marketed to minors. RevGeek does not knowingly solicit or collect Personal Information from children under the age of 13 (and in certain jurisdictions under the age of 16). RevGeek may, however, collect Personal Information about children who are beneficiaries of Employees in the context of Human Resources Data. If we learn that we have collected Personal Information from a child under the age of 13 (and in certain jurisdictions under the age of 16) outside of the Human Resources Data context, we will promptly delete that information.
Access to Specific Information and Data Portability Rights. You have the right to request that RevGeek disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable request, we will disclose to you: (i) the categories of personal information we collected about you; (ii) the categories of sources for the personal information we collected about you; (iii) our business or commercial purpose for collecting or selling that personal information; (iv) the categories of third parties with whom we share that personal information, if any; (v) the specific pieces of personal information we collected about you (also called a data portability request); (vi) if we sold or disclosed your personal information for a business purpose, two separate lists disclosing: (a) sales, identifying the personal information categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights. You have the right to request that RevGeek delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to: (i) complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you; (ii) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (iii) debug products to identify and repair errors that impair existing intended functionality; (iv) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (v) comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.); (vi) engage in public or peer-reviewed research in accordance with Section 1798.11.35 (d)(6) of the CCPA; (vii) enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (viii) comply with a legal obligation; or (ix) make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights. To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request please email firstname.lastname@example.org.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not: (i) deny you goods or services; (ii) Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (iii) provide you a different level or quality of goods or services; (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Contact Information: If you have any questions or comments about this notice, the ways in which RevGeek collects and uses your information described in this section 11.3, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
If you have any questions regarding this privacy statement, the practices of our website, or your dealings with us, please contact the RevGeek at email@example.com.