Revial Logo
Back

Privacy Policy

Statement regarding personal data processing

Last updated: February 1, 2026

Last Updated: January 1, 2025 Data Protection Officer/Contact: Jone Korpi

Overview

Revial Oy commits to protecting customer and user privacy, handling personal data per GDPR, applicable legislation, and data protection best practices. This document outlines what information is collected, its purposes, processing basis, and individual rights.

1. Data Subject Categories

The organization processes information from:

  • Representatives of customer and prospective companies (sales, marketing, management)
  • Business partners
  • Service users (SaaS tool users)
  • Website visitors
  • Event, training, and webinar participants

2. Data Categories Collected

Basic Information

  • Names, contact details (email, phone, address)
  • Employer information (company name, registration number, industry)
  • Job titles and positions

Service Usage and Customer Data

  • User credentials and passwords
  • Login and usage history
  • Customer relationships: subscriptions, licenses, billing, payment information
  • Support contacts and requests
  • Marketing and communication preferences

Website and Service Usage Data

  • Technical information via cookies: IP address, browser type, operating system, device identifiers
  • Behavioral data: page views, clicks, form interactions
  • Approximate location data (city/IP-based)

Voluntary Information

  • Event registration details
  • Feedback and survey responses
  • Specially provided data categories (handled only with consent)

3. Data Sources

  • Direct provision (registration, forms, inquiries)
  • Employer or organization (service implementation)
  • Automatic collection during service use (cookies and logs)
  • Public sources and business registries

4. Processing Purposes

Service Delivery

  • Tool and feature provision
  • User account and access management
  • Support and customer service

Customer Relationship Management

  • Billing and payment processing
  • Relationship-related communications
  • Contract administration

Service Improvement and Analytics

  • Usage monitoring and analysis for enhancement
  • Interface and content personalization

Marketing and Communications

  • Electronic direct marketing (consent-based or legally permitted)
  • Customer communication and newsletters
  • Event and training promotion

Security and Fraud Prevention

  • Usage log monitoring for abuse detection
  • Access control and technical protection

5. Legal Basis for Processing

  • Contract: Service delivery and agreement fulfillment
  • Legitimate Interest: Customer relationship management, service development, existing customer marketing
  • Consent: Electronic direct marketing to new contacts, certain cookies
  • Legal Obligation: Accounting, regulatory requests

6. Cookies and Tracking Technologies

Used for:

  • Essential: Core service functionality
  • Analytics: Usage analysis and improvement
  • Marketing: Content and advertising targeting (consent-required)

Users can manage cookies through browser settings or service preferences.

7. Data Sharing and Transfers

  • Subcontractors and service providers (cloud services, payment processors)
  • Business partners when necessary for service delivery
  • Authorities when legally required
  • Non-EU/ETA transfers only with GDPR safeguards (standard clauses)
  • Personal data is not sold

8. Retention Periods

  • Customer data: during relationship + max 48 months after termination
  • Marketing lists: while consent active or until withdrawal
  • Cookies: typically 24 months
  • Legal requirements may mandate longer retention (accounting: 6-10 years)

9. Individual Rights

The right to:

  • Access personal information
  • Correction or deletion
  • Processing objection (certain circumstances)
  • Processing restriction
  • Consent withdrawal
  • Data portability (specific cases)
  • File complaints with supervisory authority

10. Data Security

Protection includes:

  • Firewalls, encryption, access controls
  • Role-based access (need-to-know principle)
  • Security policies and staff training

11. Joint Data Controller Arrangements

In certain cases (joint events, marketing campaigns), joint controller status exists. Separate notices provided when applicable.

12. Policy Updates

Updates occur due to service development, legislative changes, or regulatory guidance. Update dates appear at document top.

13. Contact Information

Data protection inquiries: Jone Korpi, jone@revial.ai, Revial Oy