Rheaply Privacy Statement

Last updated: November 28, 2022.

Introduction and overview

This Privacy Statement explains how we collect, use, and share information when you interact with us and our offerings, services and experiences. This Privacy Statement is global in nature, meaning that it is applicable to all websites and offerings by Rheaply, and it describes our privacy practices when we process: (a) personal information for the purposes of providing the benefits of the Rheaply platform, which is collectively, all of Rheaply’s services, sites, experiences and software by Rheaply, Inc. and its affiliates and subsidiaries (the “Rheaply Platform”); and/or (b) personal information as necessary to manage, run and improve our business.

Rheaply Inc. determines the purposes and means of the processing of personal information (“Information Controller”). Rheaply Inc. may share your personal data with other Rheaply group companies to process as joint controllers for the purposes set out in this Privacy Statement. If you have any questions about the processing of your personal data, please contact us in the section “How to Contact Us” below.

This Privacy Statement does not apply where Rheaply processes personal information as a service provider on behalf of a customer or entity who acts as the Information Controller. When we act as a service provider, the privacy statement of the relevant Information Controller and our agreements with such business or entity will govern our processing of personal information. In certain circumstances, there may be more than one Information Controller processing your information. For example, your employer may also act as an Information Controller. In these situations, we act as an independent Information Controller over our processing activities – meaning that we make determinations over how your personal information will be processed independently from the other Information Controller. The other Information Controller may have their own obligations under applicable information privacy law, and you may need to speak with the other Information Controller directly for questions on how they process your personal information.

Rheaply is headquartered in Chicago, in the United States. Rheaply has appointed an internal data protection officer for you to contact if you have any questions or concerns about Rheaply’s personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to Rheaply’s data protection officer. Rheaply’s data protection officer’s name and contact information are as follows:

Peter Tucker
ciso@rheaply.com

Organizational Account Information

Some experiences and services within the Rheaply Platform allow you to interact with an organization (such as your employer). If you are granted access to an organizational account, the owner of the organization or a designated administrator may control and administer details of your account, for example, by deciding your access rights; making decisions about your personal information; or requiring you to take certain actions. Your use of the Rheaply Platform as part of an organization’s account may be subject to the organization’s policies, which may be different from this Statement. We are not responsible for the privacy or security practices of other organizations.

Information we collect

Information we receive from you

The personal information that we receive about you depends on the context of your interactions with Rheaply, how you configure your account and the choices that you make, including your privacy settings. Personal information that you provide may also depend upon what services or experiences you use, your location and applicable law. Continue reading to learn more about the personal information we collect, how we use it, and your rights.

  • Creating an account. We collect information when you create an account, interact with the Rheaply Platform or activate a subscription. Personal information may include your contact information (such as your name, address, phone number and email), profile photo, billing information (your payment information), usernames and credentials.
  • Customer support, product research, training and feedback. We may collect personal information when you reach out to us for support, give us feedback, participate in optional surveys, product research or training and you choose to share.
  • Social and community content. We receive content you post on our social media pages and our community pages.
  • Device information. We may collect information about your device such as Internet Protocol (“IP”) addresses, log information, error messages, device type, and unique device identifiers. For example, we may collect IP addresses from you as part of our sign in and security features.
  • Content. We may receive information about your business, your inventory, details of your financial transactions, and/or details about your customers or vendors or employees.
  • Usage information. We may collect usage information such as the pages you viewed, the features you use, your browser type and details about any links with which you interact.
  • Location information. Certain features in the Rheaply Platform may collect your precise location information if you grant permission to do so in your device settings.
  • Camera and contacts. Certain features may have access to your camera and contacts if you grant permission in your device settings.
  • Information from cookies and other technologies. Rheaply and our service providers may use commonly used tools such as cookies, web beacons, pixels, local shared objects and similar technologies (collectively “cookies”) to collect information about you (“Cookie Information”) so we can provide the experiences you request, recognize your visit, track your interactions, and improve your and other customers’ experience. You have control over some of the information we collect from Cookies and how we use it. For full details on how we use cookies and similar technologies please see our Rheaply Cookies Policy.

Other information sources

We may also get information about you from others where permitted by applicable law. We protect and process information obtained from those parties as described in this Privacy Statement, consistent with any additional restrictions imposed by the source of the information. Our sources may vary over time and depend upon how you use the Rheaply Platform. For example, we receive information from:

  • Your service providers. If you choose to sync a non-Rheaply account/service with your account, we will receive information from that account/service according to your settings with that account/service.
  • Supplemental information and identity verification providers. Service providers who help us verify your identity, the specifics of your business and/or supplement the information you have provided and ensure the accuracy of your information. For example, we use third-party service providers to validate your mailing address, phone number or provide additional details about your business.
  • Customer Support providers. Service providers who provide us with information about you or your interaction with the Rheaply Platform for troubleshooting purposes. For example, we may obtain support information or technical issues you have raised with these third parties.
  • Risk management, cybersecurity & anti-fraud providers. We may receive information from service providers who help us assess risks associated with our offerings, including to help combat fraud, illegal activity and to help protect your personal information.
  • Communication providers & social networks. If you give us permission, we may collect information from email providers, communication providers and social networks.
  • Joint offering partners. We may offer co-branded services or experiences or engage in joint-marketing activities with others, including through our conferences or live events.
  • Required information. Some services and experiences in the Rheaply Platform require you to provide information for it to function. If you do not wish to provide the required information, you may not be able to use certain features.

How we use personal information

We collect and process personal information from you only where:

  • We have your consent to do so;
  • We need the personal information to perform a contract with you or provide a service to you;
  • Necessary to provide you with the benefits of the Rheaply Platform and operate our business;
  • The processing is in our legitimate business interests in those jurisdictions where legitimate business interest is a legitimate basis for processing; or
  • We need to comply with legal requirements, including applicable laws and regulations.

Personal information is used to operate our business for the following purposes that are required to originate and maintain our relationship with you, including but not limited to:

  • Provide you with the Rheaply Platform and create your account
  • Improve our products and services, and run and manage our business
  • Personalize your experience and tailor recommendations and offers presented to you, including through the development of insights about you and your needs
  • Provide you with support and resolve disputes
  • Conduct research, including by partnering with academic institutions
  • Comply with our legal and regulatory requirements
  • Protect the rights, property, safety or security of the Rheaply Platform, our customers, employees or others and prevent fraudulent or illegal activity
  • To exercise our rights in the course of judicial, administrative or arbitration proceedings
  • To enforce, remedy or apply our Terms of Service or other agreements and/or
  • For other purposes that are compatible with the disclosed purposes if and where this is permitted by applicable law.

How we share your information

We may share your information in the following circumstances:

  • With your consent. Except for as outlined below, we only share your information with third parties when you have directed us to do so.
  • When you connect with a Rheaply Platform User. You may be provided with offers, products, and services from third-party companies who integrate with our Rheaply Platform (“Platform User”). If you choose to interact with a Platform User, apply for their services or offerings or otherwise link or sync your account to a Platform User’s product or service, you consent and direct Rheaply to share your information, including personal information, to the Platform User providing the service or offering. In some cases, if you click through to go to a Platform User’s site, you will automatically be sending your personal information to that Platform User. When this happens, you will still have to submit your application on the Platform User’s site. Remember that any information you provide to a Platform User, whether through us or on your own, will be subject to their privacy practices and terms and conditions.
  • For research. With appropriate controls, we may share information with third-parties, such as academic institutions, government and non-profit organizations, for research purposes or to publish academic or policy-related materials. We only share information in a way that would not allow any individual to be identified.
  • With service providers or agents. We share personal information with our service providers or agents who provide services on our behalf for the purposes described in this Privacy Statement. Service providers or agents are required to implement reasonable privacy and information protection controls to maintain the privacy and security of information provided to them consistent with the privacy practices outlined in this Statement. Service providers or agents may include companies that assist us with our advertising, marketing and sales efforts, help us with our technology offerings (such as a hosting, security or anti-fraud providers) and help us run our business.
  • For mergers and acquisitions. If we are involved with a merger, asset sale, financing, liquidation, bankruptcy, or the acquisition of all or part of our business to another company, we may share your information with that company and its advisors before and after the transaction date.
  • No sale of personal information to third parties. We do not and will not sell personal information to third parties. We do share personal information with third parties for the business purposes described in this Statement.
  • Cookies and other tracking technologies. You can find information on changing your browser settings to opt-out of cookies in your browser settings. In certain countries, you may also be able to make changes to your cookies settings by using our cookie preferences tool. If you disable some or all of the cookies, the service, or parts of the service, may not work.
  • No sale of personal information to third parties. We do not and will not sell personal information to third parties. We do share personal information with third parties for the business purposes described in this Statement.
  • Transferring personal data to the U.S. Rheaply has its headquarters in the United States. Information we collect about you will be processed in the United States. By using Rheaply’s services, you acknowledge that your personal information will be processed in the United States. Pursuant to Article 46 of the GDPR, Rheaply is providing for appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA and the UK. These clauses have been enhanced based on the guidance of the European Data Protection Board and will be updated when the new draft model clauses are approved. Depending on the circumstance, Rheaply may also collect and transfer personal data to the U.S. either with consent, to perform a contract with you, or to fulfill a compelling legitimate interest of Rheaply in a manner that does not outweigh your rights and freedoms. Rheaply endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Rheaply and the practices described in this Privacy Statement. Rheaply also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate. Since it was founded, Rheaply has received zero government requests for information.
  • For legal reasons. We may share your information with third-parties for legal reasons without your consent, and as permitted by law, including:
    • When we reasonably believe disclosure is required in order to comply with a subpoena, court order, or other applicable law, regulation or legal process
    • To protect the rights, property, or safety of Rheaply, the Rheaply Platform, our customers or others
    • To protect or defend against attacks
    • To enforce, remedy, or apply our Terms of Service or other agreements
    • To prevent fraud, cybersecurity attacks or illegal activity
    • With regulatory agencies, as necessary to help comply with applicable laws and to detect and combat fraud and/or protect our customers, users and/or the Rheaply Platform.

Data storage and retention

Your personal data is stored by Rheaply on its servers, and on the servers of the cloud-based database management services Rheaply engages, located in the United States. Rheaply retains service data for the duration of the customer’s business relationship with Rheaply and for a period of time thereafter, to analyze the data for Rheaply’s own operations, and for historical and archiving purposes associated with Rheaply’s services. Rheaply retains prospect data until such time as it no longer has business value and is purged from Rheaply systems. All personal data that Rheaply controls may be deleted upon verified request from Data Subjects or their authorized agents. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at: ciso@rheaply.com

Your information rights and choices

Depending on where you live, you may have certain state- or nation-specific rights with respect to your personal information that we collect and process.
Compliance with the California Consumer Privacy Act (“CCPA”). Rheaply complies with the California Consumer Privacy Act or “CCPA.” Subject to certain limitations, this provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information). California consumers or clientele may make a request to access, import, export, or delete their customer data, pursuant to their rights under the CCPA, by contacting us at ciso@rheaply.com.

Compliance with the General Data Protection Regulation (“GDPR”). Rheaply is compliant with the General Data Protection Regulation (“GDPR”) and is committed to helping our customers comply with GDPR. Data subject rights include the right to be informed, right of access, right to rectification, right to erasure, right to restrict processing, right of data portability, right to object, and rights related to automated decision making including profiling. Subjects may submit a Subject Access Request (“SAR”) by contacting us at ciso@rheaply.com.

How You Can Contact Us About Privacy Questions

If you have questions or concerns regarding this policy, you should contact us by writing to us at: info@rheaply.com.