Skip to content

GDPR Compliance

Introduction & Scope

RevenuePost is committed to protecting the privacy and data rights of our users in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This GDPR Compliance page outlines how RevenuePost, as a SaaS platform for revenue management and analytics, handles personal data collected from users within the European Economic Area (EEA), United Kingdom, and Switzerland.

Our commitment includes transparent data processing practices, robust security measures, and respect for data subject rights. This policy applies to all personal data processed by RevenuePost, whether collected directly from users or through integrations with third-party services.

Data Protection Principles

RevenuePost adheres to the core data protection principles established by GDPR:

  • Lawfulness, Fairness, and Transparency: We process personal data only for legitimate purposes and provide clear information about our practices.
  • Purpose Limitation: Data is collected for specific, explicit, and lawful purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimization: We collect only the personal data necessary for the purposes of providing our SaaS services.
  • Accuracy: We ensure personal data is accurate and kept up-to-date.
  • Storage Limitation: Personal data is retained only as long as necessary for the purposes outlined in our privacy policy.
  • Integrity and Confidentiality: We implement appropriate technical and organizational measures to ensure data security.
  • Accountability: We are responsible for compliance and can demonstrate adherence to these principles.

Rights of Data Subjects

As a data subject, you have the following rights under GDPR regarding your personal data processed by RevenuePost:

  • Right to Access: You can request information about whether we process your personal data, and if so, obtain a copy of that data.
  • Right to Rectification: You have the right to have inaccurate personal data rectified or incomplete data completed.
  • Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when consent is withdrawn.
  • Right to Restriction of Processing: You can request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You can receive your personal data in a structured, commonly used, and machine-readable format, and have it transmitted to another controller.
  • Right to Object: You can object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Rights Related to Automated Decision-Making: If automated decision-making affects you, you have the right to human intervention and to express your point of view.

To exercise these rights, please contact our Data Protection Officer (DPO) using the details provided below. We will respond to your request within one month, or two months in complex cases.

Data Processing Agreements (DPA)

RevenuePost enters into Data Processing Agreements with customers who are data controllers to ensure compliance with GDPR requirements. Our DPA outlines:

  • The categories of personal data processed
  • The purposes and duration of processing
  • Security measures implemented
  • Sub-processor obligations
  • Data subject rights assistance
  • Breach notification procedures

Our standard DPA incorporates the EU Standard Contractual Clauses (SCCs) where applicable. Customers can request a copy of our DPA or initiate a custom agreement by contacting our legal team.

Data Transfers

RevenuePost may transfer personal data outside the EEA, UK, or Switzerland when necessary for providing our services. We ensure such transfers comply with GDPR through:

  • Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
  • Standard Contractual Clauses (SCCs): We use the EU Commission’s standard contractual clauses for transfers to non-adequate countries
  • Binding Corporate Rules (BCRs): Where applicable for intra-group transfers
  • Other Safeguards: Including certification schemes or contractual provisions approved by supervisory authorities

All transfers are documented, and we conduct transfer impact assessments as required. Our sub-processors are carefully selected and contractually obligated to maintain adequate data protection levels.

Security Measures

RevenuePost implements comprehensive technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Data in transit and at rest is encrypted using industry-standard protocols
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA) for all systems
  • Regular Security Assessments: Penetration testing, vulnerability scans, and security audits conducted regularly
  • Incident Response: Established procedures for detecting, reporting, and responding to data breaches within 72 hours
  • Employee Training: Ongoing training on data protection and security best practices
  • Physical Security: Secure data centers with controlled access and environmental controls
  • Data Minimization and Retention: Policies ensuring only necessary data is retained for the minimum required period

We regularly review and update our security measures to address emerging threats and maintain compliance with GDPR’s security requirements.

Contact Information for DPO

For any questions, requests, or concerns related to GDPR compliance or your personal data, please contact our Data Protection Officer:

Data Protection Officer
RevenuePost Inc.
Email: privacy@revenuepost.net

Privacy Preference Center

Manage your cookie preferences below. Essential cookies are always active.

Essential

Keep core features working, like security and page load.

Always Active

Analytics

Measure how pages are used so we can improve performance.

Marketing

Tailor marketing messages and measure campaign effectiveness.