GDPR Privacy Notice

Effective date: 10/5/21

This GDPR Privacy Notice provided by the Revelio Labs Inc. (“we,” “us,” or “our”) pursuant to the GDPR (as defined below), supplements our Privacy Policy and applies to the “personal data,” as defined in the GDPR, of natural persons located in the European Economic Area, the United Kingdom and Switzerland (collectively, “European Individuals,” and individually, “you,” or “your”). Any capitalized terms or other terms not defined herein shall have the meaning ascribed to them elsewhere in the Privacy Policy or, if not defined herein or elsewhere in the Privacy Policy, the GDPR. If you are not a European Individual, this GDPR Notice does not apply to you.

The term “European Economic Area” (or “EEA”) shall mean the then-current member states and member countries of the European Union and European Economic Area.

The term “GDPR” shall mean the General Data Protection Regulation 2016/679, the Privacy and Electronic Communications Directive 2002/58/EC, the UK Data Protection Act 2018, the UK General Data Protection Regulation as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, and the Privacy and Electronic Communications Regulations 2003, and any relevant law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding instrument which implements any of the above or which otherwise relates to data protection, privacy or the use of personal data, in each case as applicable and in force from time to time, and as amended, consolidated, re-enacted or replaced from time to time.

With respect to any combination of conflict between the provisions of this GDPR Privacy Notice and any other provision of the Privacy Policy, the GDPR Privacy Notice shall control only with respect to the personal data of European Individuals.

Controller Disclosure & Details

We are a data controller of personal data regarding the following categories of European Individuals: Prospective/current customers and clients (collectively, “Customers”), business contacts at Customers, vendors, suppliers, or other third parties (“Business Contacts”), guests and visitors to our Sites (“Site Visitors”) and job applicants (“Job Applicants”) for the purposes and under the legal bases described in the table below. Please note that, in some cases, the categories of data subjects above may overlap (e.g., Customers, Business Contacts and Job Applicants using the Sites are also Site Visitors).

Data Subject CategoryPurpose & Legal Basis of Processing
Site VisitorsInformation Security: We process contact information, server log information and information collected through cookies (such as your IP address, browser information, geolocation data, operating system, request date/time, user agent string, referral and exiting URL) in order to maintain an audit log of activities performed. We use this information pursuant to our legitimate interests in tracking Site usage, combating DDOS or other attacks, and removing or defending against malicious individuals or programs on the Sites. We may also process your contact information to comply with a legal obligation relating to how we manage our organization or our relationship with your organization.

Website Operation and Improvement: We process server log information and information collected through cookies pursuant to our legitimate interest in operating and improving our Sites.

Audience Measurement and Retargeting: Pursuant to a Site Visitor’s consent, we may use an assortment of marketing and analytics cookies, and collect identifiers through such cookies (such as your IP address, browser information, geolocation data, operating system, request date/time, user agent string, referral and exiting URL), for purposes of audience measurement, retargeting, and creating relevant Site Visitor experiences (such as based on their interaction with our Sites).
CustomersGeneral Business Development and Management: We will process personal data pursuant to our legitimate interest in creating and managing our business relationships with European Individuals, including without limitation:
  • To respond to inquiries from European Individuals;
  • To provide European Individuals with information about our products and services; and
  • To provide European Individuals with research materials.
Direct Marketing: We may send email marketing to European Individuals pursuant to their consent. In cases where a Customer buys, or enters into negotiation for the sale of, a product or service, email marketing may be sent to such Customer pursuant to our legitimate interest in sending marketing communications to such Customers in the context of such engagement.

Transaction Processing: We will process personal data as necessary to provide our Services (including the execution of Transactions for our Customers through our Services) in accordance with the performance of our contracts with our Customers, in order to take steps at a Customer’s and its representatives’ request prior to entering into such contracts, pursuant to our legitimate interest in authenticating Customers’ and their representatives’ identifies and fraud prevention, and to comply with our legal obligations in providing our Services.
Business ContactsVendor Business Development: When entering into vendor relationships with European Individuals, we will receive the personal information of contacts employed or otherwise associated with such vendors. We process such information in our legitimate interest in establishing and developing our vendor relationships and obtaining information about their products and services.
Job ApplicantsRecruiting: We process persona data in furtherance of our legitimate interest in recruiting and considering European individuals for open employment opportunities with us, including to contact them about such opportunities.

EU and UK Representative

ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21
20354 Hamburg [ ]


Revelio Labs personnel shall receive and process your personal data for the purposes described herein. Such personal data may also be disclosed to the following categories of recipients to effectuate the purposes described herein: lawyers, auditors, and other professional advisors, and third party providers of business-related services such as cloud storage, marketing, customer relationship management systems, travel and expense management, and analytics databases.

We may also disclose personal data to respond to claims of violation of third party rights or to enforce and protect our rights.


Except as set forth below, Revelio Labs shall retain your personal data for a period no longer than seven (7) years from the date of collection, unless retention of your personal data for a longer period remains necessary to fulfill the purposes for the processing of such personal data as set forth in this GDPR Privacy Notice and/or to the extent you have (or demonstrate interest in) a continuing relationship with Revelio Labs. In some cases, we may have to retain data for a longer period to comply with our legal obligations (e.g., accounting, finance, tax). Notwithstanding the foregoing, Revelio Labs shall not retain personal data from unsuccessful Job Applicants for a period longer than three (3) years from the date of collection of such personal data. Additionally, Revelio Labs shall not retain personal data we collect automatically from your browsers or device through server logs or cookies for a period longer than two (2) years from date of collection.

Your GDPR Rights

As a natural person, you have a right to: (i) request access to, correction, and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability, and (v) withdraw your consent where consent is used as the legal basis for processing your personal data. You may exercise these rights and submit a GDPR complaint by contacting: with the subject line “GDPR Privacy Notice.”

You also have the right to lodge a complaint about the processing of your personal data with a supervisory authority of the European state where you work or live or where any alleged infringement of data protection laws occurred. A list of most of the supervisory authorities can be found here:

Objecting to Legitimate Interest/Direct Marketing

You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email or by submitting your request to with the subject line “GDPR Privacy Notice” (the latter for instances where, for example, you would not like to receive follow-ups from our sales team). In such case, your personal data will no longer be used for that purpose.

Transfer of Personal Data outside the EEA

Revelio Labs Inc. is located in New York, New York, USA, and our Site is hosted in the United States. If you provide your personal data to us by using the Site in circumstances where our processing of it is subject to the GDPR, please note that you are doing so on the basis that you explicitly consent to the transfer of your personal data outside of the EEA. The potential consequence of you explicitly consenting to this is that there is a risk that your personal data will not be protected in a manner that complies with the GDPR. You can withdraw your consent at any time by e-mailing us at Withdrawing your consent will not affect our use of the personal data prior to you withdrawing that consent but it will mean that we will not be able to contact you about the services that we may be able to offer you in the future. Where we receive personal data in the EEA and then pass your personal data to parties located outside of the EEA that do not offer adequate protection, we will not make such a transfer unless: (i) we have signed EU Commission Standard Contractual Clauses with the recipient, or (ii)where a derogation under GDPR Article 49 applies.

Disclosure to Public Authorities

Revelio Labs may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

Corporate Restructuring

In the event of a merger, reorganization, dissolution, or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this GDPR Notice.

Updates to this GDPR Notice

If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this GDPR Notice, and the “Effective Date” at the top of this page will be updated accordingly.

How to Contact Us

Please reach out to for any questions, complaints, or requests regarding this GDPR Notice; please include the subject line “GDPR Notice.”