Privacy Policy

PRIVACY POLICY

‍

Revised: 11/18/2024

This Privacy Policy applies to Rivo Commerce, Inc. (“Rivo”, “we”, “us” or “our”) online services, including but not limited to the Rivo customer retention platform for Shopify Plus® (“Platform”) and Rivo’s website available at rivo.io, including subdomains (“Website”), and software licensed to you including but not limited to the Rivo developer toolkit (collectively, “Service”), and details how we access, collect, use, and disclose data, including personal data, about you (together, “you” or “your”).

‍

BY CLICKING “I AGREE” OR SIMILAR CONFIRMATION OR BY USING THE SERVICE OR BY AGREEING TO OUR TERMS OF SERVICE, YOU ARE AGREEING TO BE BOUND BY THIS PRIVACY POLICY. 

‍

IF YOU ARE AGREEING TO THIS PRIVACY POLICY ON BEHALF OF AN ORGANIZATION, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND THE ORGANIZATION TO THIS PRIVACY POLICY AND ARE AGREEING TO THIS PRIVACY POLICY FOR THAT ORGANIZATION. WHERE YOU ARE AGREEING TO THE SERVICE ON BEHALF OF AN ORGANIZATION, “YOU” AND “YOUR” REFERS TO THE ORGANIZATION.

‍

1. DESCRIPTION OF THE SERVICE

‍

In order to provide the Service to our customer’s Shopify® stores (each, a “Store”) and to their customers (“End Users”) and for other purposes, Rivo may collect, use and disclose certain personal information data. This Privacy Policy describes how we access, collect and use personal data regarding our users, including you. 

‍

2. HOW WE OBTAIN PERSONAL DATA

‍

The Service involves accessing, collecting and processing personal data (personal information), which is information about you or that can be used to identify you. We obtain personal data that we collect either directly from you when you choose to provide it to us or when you use the Service. Your provision of personal data to Rivo is governed by this Privacy Policy, our Cookie Policy and our Terms of Service (“Terms”), which you must agree to in order to use the Service.

‍

If you have any questions or concerns about the disclosure of your personal data, please contact Rivo at your convenience using the contact information found below. Subject to legal, contractual and technical requirements, you may choose not to provide Rivo with certain data or request the deletion of certain data, which may impact Service features available to you or operation of the Service.

‍

3. PERSONAL DATA WE COLLECT 

‍

We collect certain personal data when you begin using the Service. The following is a description of the personal data that we may access, collect, use and process in connection with the Service:

• your full name, usernames, mailing address, email addresses, telephone number, contact preferences and contact or authentication data (“Contact Information”);
• Store information, including account information, usage patterns, customer support records and/or engagement with the Services (“Store Data”);
• End User information, including Platform activity, engagement with the Services, Store account information, and/or other interactions with the Service (“End User Data”);
• your payment data, if you make purchases, including your payment instrument number and the security code associated with your payment instrument. All payment data is stored by Shopify Billing. You can find their privacy policy here: https://www.shopify.com/legal/privacy (“Payment Data”); 
• your Shopify store and Shopify Multipass data, if you authorize Rivo to access your Shopify account. Shopify provides store related data such as product data, customer data, and order data. The full list of Shopify store data can be found here: https://shopify.dev/api/usage/access-scopes (“Shopify Store Data”);
• cookies and similar tracking technologies to track activities on the Service (“Tracking and Cookies Data”); and
• basic geolocation data, information about your computer, phone, mobile device, web-connected devices or other devices used to connect to the Service including but not limited to, operating system information, your computer's Internet Protocol address (i.e. IP address), browser type, browser version, operations performed on the device, time and date of Service use, time spent on Service, other diagnostic date and/or unique tokens and identifiers that may identify you over time and across different websites including unique device identifiers (collectively, “Usage Data”). 

4. COOKIES AND DIGITAL TRACKING TECHNOLOGIES 

‍

The Service uses tracking technologies, such as cookies, web beacons and pixels, to collect personal data, such as IP addresses and device information. Based on this data, third parties may be able to resolve your identity across multiple devices. This data is collected, used and disclosed in accordance with the terms of this Privacy Policy, Rivo’s Cookie Policy and the applicable third-party privacy policies. We may send communications and marketing information to email addresses associated with the information collected by our cookies and other tracking technologies. You may opt out of receiving this advertising by visiting https://app.retention.com/optout. Note that certain essential Service features may rely on tracking technologies and by declining to accept cookies or by changing certain settings on your device, you may not have access to these features.

‍

5. PROCESSING OF PERSONAL DATA

‍

We process personal data primarily for our legitimate business purposes, such as providing the Service to you, to understand your needs and to improve the quality of the Service and analyze the information and data Rivo collects. These uses include, but are not limited to:

• facilitating account creation, authentication and management of your user accounts;
• providing the Service to you, including tailoring the Service to your needs based on the data that you provide; 
• understanding your needs to improve the quality and reliability of the Service, including providing customer support and feedback, providing additional support, analyzing functionality and technical issues, tracking use of the Service and generating internal reports and data models that we use to improve the Service; 
• contacting you for various reasons, including when providing customer support for the Service and sending administrative information to you;
• requesting feedback when necessary and contacting you about your use of the Services;
• sending promotional and marketing communications to you, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time;
• delivering targeted information and personalized advertising content tailored to your interests, location and more;
• identifying how you use our Services and understanding how the Services are being used so we can improve them;
• determining the effectiveness of our marketing and promotional campaigns;
• saving or protecting an individual’s vital interest, such as to prevent harm;
• investigating improper or suspicious activity in or on the Service; and
• posting testimonials to our Website. Prior to posting testimonials, we will notify you of the content of the testimonial. If you wish to update or delete your testimonial, please contact privacy@rivo.io and include your name, testimonial location and contact information.

We may disclose personal data to our parent companies, affiliates, subsidiaries, business partners, advisors, employees and contractors for the same purposes described above. 

‍

6. LEGAL BASIS FOR PROCESSING PERSONAL DATA UNDER GENERAL DATA PROTECTION REGULATION

‍

If you are from the European Economic Area (“EEA”), or other jurisdictions in which substantially similar laws apply, such as the UK, Rivo’s legal basis for collecting and using the personal data as described in this Privacy Policy depends on the type of personal data Rivo collects and the context in which it collects it.

‍

The categories of personal data Rivo collects and the legal basis for its processing are set out below:

‍

‍

Contact Information such as emails and other forms of digital communication may also be processed to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. Pursuant to GDPR Article 6(1)(a), Rivo will acquire your consent prior to processing Contact Information. 

‍

We may also process your personal data for additional reasons as they become apparent to comply with the law, or if it is in Rivo’s legitimate interests so long as that interest is not overridden by your rights. This can include but is not limited to protecting the Services and you against illegal activity, inappropriate behavior and actions that violate Rivo’s Terms.

‍

7. EUROPEAN USERS AND RESIDENTS OF THE EUROPEAN ECONOMIC AREA

‍

If you are a resident of the EEA, you have certain rights regarding your personal data. These rights include:

• A Right of Access. You have the right to access personal data that we hold about you free of charge in most circumstances;
• ‍A Right to Rectification. If your personal data is inaccurate or incomplete, you can change the information you provided by changing the personal data yourself on the Service, through third-party services or by contacting Rivo using the e-mail contact listed herein;
• ‍A Right to Erasure. You have the right to obtain deletion of personal data under most circumstances. In most cases, you may simply request the deletion by using the contact information found below. Please be careful as deletion of data in this manner is permanent and the data cannot be recovered;
• ‍A Right to Object. If the processing of personal data is based on legitimate interests according to Article 6(1)(f) of the GDPR or by consent according to Article 6(1)(a) of the GDPR, you have the right to object to this processing. If you object, we will no longer process your personal data unless there are compelling and prevailing legitimate grounds for the processing as described in Article 21 of the GDPR; in particular, if the personal data is necessary for the establishment, exercise or defense of legal claims or if personal data is required for the provision of the Service and you still wish to use the Service;
• ‍A Right to file a Complaint. You have the right to file a complaint with the appropriate supervisory authority in your jurisdiction;
• ‍A Right to Restriction of Processing of your Personal Data. You have the right to obtain restrictions on the processing of your personal data as described in Article 18 of the GDPR;
• ‍A Right to Personal Data Portability. You have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller under the conditions described in Article 20 of the GDPR;
• ‍A Right to Post-Mortem Control of Your Personal Data. Certain jurisdictions grant post-mortem controls of your personal data and if such rights are applicable in your jurisdiction, you may have the right to establish guidelines for the preservation, the deletion and the transmission of your personal data after your death through a will or through your estate; and
• ‍A Right to Opt-out of Marketing Communications. You have the right to opt-out of marketing communications we send you at any time. If you receive any marketing e-mails from us, you can exercise your right to stop such communications by clicking on the “unsubscribe” or “opt-out” link on any marketing e-mails Rivo sends you. To opt-out of other forms of marketing, please contact us using the contact details provided below;

Note also that other people, including UK residents, have similar rights as EEA residents and the rights described in this section also apply to UK residents, and many other people located in other jurisdictions around the world, pursuant to substantially similar laws. 

‍

8. THIRD-PARTY SERVICES

‍

This Privacy Policy only applies to personal data that Rivo collects, processes and discloses and does not apply to the access, collection, processing and disclosure of personal data by third parties through third-party services, including the third parties listed in Schedule A to this Privacy Policy, which may be broader than set forth in this Privacy Policy, and that may be embedded and/or integrated into the Service. In many cases, third parties may collect personal data about online activities over time and across different websites and services. Rivo strongly recommends that you carefully read and consent to each third-party privacy policy before using the Service. Rivo may provide personal data to certain categories of third parties to perform work that is necessary for Rivo to provide the Services, including:

• ad networks;
• cloud computing services;
• communication and collaboration tools;
• data analytics services;
• data storage service providers;
• product engineering and design tools;
• artificial intelligence tools;
• payment processing services;
• retargeting platforms;
• sales and marketing tools;
• testing tools;
• affiliate marketing programs; and 
• support tools.

Please contact us directly using the information found below if you would like to learn more about third-party data practices.

‍

9. OBTAINING, RECTIFYING AND CONTROLLING PERSONAL DATA

‍

You may contact Rivo to obtain a copy of any personal data we collect, the production of which may be subject to a fee as permitted by applicable law. In addition, you may contact Rivo to correct inaccurate personal data or to complete incomplete personal data. 

‍

You may be able to opt-out of some or all of the ways in which personal data is processed, or request the deletion of certain personal data, except where the personal data is necessary or vital for:

‍

• the performance of contractual obligations, such as our Terms or certain other legal obligations;
• protecting your interests or those of another person; and
• our legitimate interests or the legitimate interests of a third-party.

‍

To request to review, update or delete personal data, please fill and submit a data subject access request or contact us using the contact information found below. 

‍

10. DATA STORAGE AND RETENTION

‍

While Rivo is a United States based company, the data provided through the Service may be stored and processed by third parties in countries around the world. You authorize Rivo and third parties acting on our behalf to process your data in any country of their choosing, which may cause your data, including personal data, to be subject to privacy protections and legal rights that may not be equivalent to those in your country. 

‍

We have implemented measures to protect your personal data, including by using the European Commission’s Standard Contractual Clauses for transfers of personal data between our group companies and between us and our third-party providers and partners. These clauses require all recipients to protect all personal data that they process originating from the EEA, UK or Switzerland in accordance with European data protection laws and regulations. Our Standard Contractual Clauses and further details can be provided upon request. 

‍

Rivo will only keep your personal data and/or business information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law. 

‍

You may change the information in your account or terminate your account with Rivo at any time by logging into your account settings and updating your account. Upon your request to terminate your account, we will deactivate or delete your account and information from our databases. However, we may retain some information to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements. 

‍

When we have no ongoing legitimate business need to process your personal data and/or your relationship with Rivo comes to an end, we will promptly return, delete or anonymize any other personal data and confidential information Rivo has on file, in line with our legal obligations. Where returning, deleting or anonymizing your personal data is not possible, Rivo will securely store your personal data and isolate it from any further processing until deletion is possible. Any personal data that has been requested to be returned, deleted or anonymized and is stored on a data backup will be held only temporarily and automatically purged after set expiration periods. Please email privacy@rivo.io to request deletion of any personal data of yours that Rivo holds.

‍

11. DO NOT TRACK DISCLOSURE

‍

Do Not Track (“DNT”) is a web or device setting that allows you to request that receivers of personal data stop their tracking activities. When you choose to turn on the DNT setting in your browser or device or use alternative consumer choice mechanisms, your browser or device sends a special signal to websites, analytics companies, advertising networks, plug-in providers and other web services you encounter to stop tracking your activity. Currently, there are no DNT technology standards, and it is possible that there may never be any DNT technology standards. As a result, Rivo does not respond to DNT requests. 

‍

12. CHILDREN

‍

Rivo complies with the U.S. Children’s Online Privacy Protection Act and all other applicable laws and regulations concerning children and the Internet. The Service is not directed to children under the age of 18 and Rivo does not knowingly solicit data from or market to children under the age of 18. If we learn that we inadvertently collected personal data from a child under the age of 18, we will deactivate the account and take reasonable measures to promptly delete the data from our records. If you are a parent or guardian of a child who you believe provided Rivo with personal data without your consent, please contact us at privacy@rivo.io.

‍

If you are a resident of the EEA below the age of consent in your country, Rivo shall comply with applicable consent gathering standards required by law in your jurisdiction.

‍

13. CALIFORNIA “SHINE THE LIGHT” RIGHT

‍

If you are a California resident, California Civil Code 1798.83 grants you the right to request disclosure of the categories of personal data we control and have provided to third parties, and the names and addresses of these third parties, for direct marketing purposes during the preceding calendar year. If you are a California resident and would like to make this request, please contact us using the contact information set forth below.

‍

Please note that you may only make this request once per year.

‍

14. YOUR CALIFORNIA PRIVACY RIGHTS

‍

If you are a California resident, California Civil Code Section 1798.120 permits you to opt-out of the sale and sharing of your personal data to third parties. Currently, Rivo does not sell your personal data to third parties except as directly requested with your consent and as such no opt-out of the sale of such personal data is necessary. Although Rivo does not sell your personal data to third parties without consent, Rivo does provide a right to opt out of third-party sharing to all our users. Note that certain essential Service features may rely on third-party sharing and by exercising your right to opt-out you may not have access to these features. If you have any other questions about our privacy practices, please email us at privacy@rivo.io.

‍

15. CHANGE OF OWNERSHIP OR BUSINESS TRANSITION 

‍

In the event of, or in preparation for, a change of ownership or control of Rivo or a business transition such as the sale of some or all Rivo’s assets, we may disclose and/or transfer your personal data to third parties who will have the right to continue to collect and use such data in the manner set forth in this Privacy Policy.

‍

16. SECURITY

‍

We are committed to ensuring that your data is secure. To prevent unauthorized access, disclosure, or breach, we have put in place suitable physical, electronic, and administrative procedures to safeguard and secure the data we collect and process. Despite our safeguards and security, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal or modify your information. Transmission of personal data to and from our Services is at your own risk. You should only access the Services within a secure environment.

‍

17. CONTACT PREFERENCES

‍

Rivo communicates with you through the Service itself but may also communicate with you through your email address or other digital methods to conduct the Service and to respond to support requests or comments. If you have provided us with your email address and would like to change the email preferences we associate with you (for example, unsubscribing from receiving certain types of email) you may do so by clicking a link within certain types of emails that we send to you or, if no link is available, by replying with “unsubscribe” in the email title or body. On rare occasions, some types of email are necessary for the Service and cannot be unsubscribed from if you continue to use the Service.

‍

18. UPDATES

‍

Rivo reserves the right, in its sole discretion, to modify this Privacy Policy at any time (each an “Update”) and shall make each Update available on our Website, indicated by an updated “Revised” date. You are deemed to accept an Update by continuing to use the Service. Unless Rivo states otherwise, an Update is automatically effective 30 days after posting on the Website, except in such case where an Update is immaterial to any of your legal rights or legal obligations of Rivo and such Update is made only to correct a typographical, formatting or grammar inaccuracy, and in such case, an Update is effective immediately after posting on the Website.

‍

19. CONTACT US

‍

If you have any requests, questions or comments about the Privacy Policy or our data collection in general, please contact our Data Privacy Officer or our Privacy Team at privacy@rivo.io or by post at:

‍

Rivo Commerce, Inc.

5490 S Rainbow Blvd., Ste 400, PMB 78730

Las Vegas, NV 89118-2507

United States

‍

SCHEDULE A

‍

THIRD PARTY PRIVACY POLICIES

‍

‍