PERSONAL DATA PROTECTION POLICY

Review-Collect.com
Last updated: July 17, 2025

‍Review-Collect is committed to protecting your personal data in accordance with the RGPD and French regulations. This policy informs you transparently about our data protection practices.
‍
1. DATA CONTROLLER
REVCOL TECHNOLOGY LLC (dba Review Collect)
Head Office: 1309 Coffeen Ave Ste 1200, Sheridan, WY 82801, United States
EIN: 352846891
Contact: karim@review-collect.com
Telephone: +33 7 56 90 25 83

‍Data Protection Officer (DPO):
📧 dpo@review-collect.com

2. DATA COLLECTED AND PURPOSES

2.1 Business customer data
Data collected:
‍Name, first name, professional email
Company name and function
Business phone
Billing data

‍Purposes:
‍Provision of Review-Collect services
Invoicing and commercial follow-up
Technical support

‍Legal basis: Execution of the contract

‍2.2 End consumer data
‍⚠️ Legal status: Review-Collect acts like subcontractor for its customers
‍
‍Data processed on behalf of our customers:
‍Name, first name, consumer email
Reviews and comments
Order references
Phone number (if SMS/Whatsapp)

‍Purpose: Customer feedback collection only
‍Responsibility: Our customers are responsible for processing and must obtain the appropriate legal bases

3. DATA SECURITY

3.1 Technical measures
Secure hosting : AWS Paris region (France)
‍Encryption : AES-256 for all sensitive data
‍Authentication : Multi-factor mandatory
‍Backups : Daily and numerical

‍3.2 Organizational measures
‍Access limited to authorized persons only
RGPD team training
Documented security procedures
Access monitoring

‍3.3 Certificates
ISO 27001 : Information Security
‍SOC 2 Type II : Security checks
Regular security audits
‍
4. DATA RETENTION
‍
Data type
Duration
‍Business customer data
Contract duration + 5 years
End consumer data: 6 months maximum
Anonymized reviews up to 24 months
12-month security logs

‍Automatic removal according to the durations defined above.
‍
5. YOUR RGPD RIGHTS

‍You have the following rights:
‍
‍5.1 Rights available
Access : Know your processed data
‍Rectification : Correct your data
‍Erasure : Delete your data
‍Portability : Recover your data
‍Opposition : Oppose the treatment

‍5.2 Exercising your rights
E-Mail: dpo@review-collect.com
Response time: 30 days maximum
‍
6. DATA SHARING
‍
6.1 Subcontractors
AWS : Accommodation (France)
‍Stripe : Secure payments
Brevo: Sending transactional emails and SMS (France)
Meta : Sending what's app transactional messages (Ireland)
All with RGPD subcontracting agreements
‍
‍6.2 No sale
‍We never sell your personal data.
‍
7. INTERNATIONAL TRANSFERS
‍
Principle: All data is hosted in France (EU)
‍Guarantees: In the event of an exceptional transfer, European Commission standard contractual clauses

8. COOKIES

8.1 Cookies used
essentials : Operation of the site
‍Analytics : Usage statistics (Google Analytics)
‍Preferences : User settings

‍8.2 Management
‍Configuration possible in your browser or via our consent banner.

9. DATA BREACHES

9.1 Procedure
‍In the event of a security incident:
Detection and qualification within 4 hours
CNIL notification within 72 hours if applicable
Information for those concerned if there is a high risk
‍
‍9.2 Remedial actions
‍Immediate correction of faults
Reinforcement of security measures
Detailed report to affected customers
‍
10. CONTACT

10.1 GDPR questions
‍📧 DPO: dpo@review-collect.com
📧 Bracket: support@review-collect.com
📞 Phone: +33 7 56 90 25 83

‍10.2 Complaints
Mediation: Contact our DPO first
Supervisory authority: CNIL - www.cnil.fr

11. EVOLUTION OF THIS POLICY
Changes: Email notification 30 days before major change
‍Versions: History available on request
This policy is in accordance with the RGPD (EU 2016/679) and the French law “Informatique et Libertés”.

‍Version 2.0 - July 2025‍‍