Ravelin is committed to ensuring that your privacy is protected. If you provide us with personal data, then you can be assured that it will only be used in accordance with this privacy statement.
For the purposes of the Data Protection Act 1998, the data controller is Ravelin Technology Limited of 2nd Floor, 33 Bowling Green Lane, London EC1R 0BJ.
Data collected via the Service
The information we collect via the Service includes:
1. Client-Provided Information: Most of our Clients share information with us via an Application Programming Interface (“API”). While our Clients control the information they provide to our Service, and each Client shares different pieces of information with us, the types of information they share generally includes information collected from the computers and similar devices operated by their Users visiting their Sites. For example, Clients may provide us with:
- - Personal data such as email addresses, postal addresses, user login names or other unique customer identifiers and telephone numbers.
- - Site usage information such as the IP addresses of the device utilized by our Clients’ Users to visit their Sites, the pages viewed by their Users, the items viewed, items bid on, items placed in a shopping cart, and items purchased by those Users as well as other Site-specific metadata.
- - Site transaction information such as the price paid, billing method, the credit card BIN number, the last four digits of a credit card number, and whether a chargeback was issued or an order was cancelled.
- - Site communication information such as certain User feedback provided on Sites, including comments their Users submit through such Sites (including the contents of private messages and information pertaining to the recipient of such messages).
We generally don’t place limits on the types of information that our Clients may provide to us, but do ask our Clients to refrain from providing us with sensitive information such as information they knowingly collect from persons under 13, complete credit and debit card numbers, social security numbers and other government identifiers.
Use of Data Collected by the Service
Our Service collects and stores the raw data pertaining to Users as described above, including any individual identifiers and personally identifiable information (the “Raw Data”). We will initially train our machine learning model, using our proprietary analytics algorithms to analyse and process the Raw Data. Based on this analysis, we expect eventually to be able to provide our Clients with an assessment of the relative risk that a particular User transaction or other User activity may be unauthorized or fraudulent ("Risk Assessment") in the form of a fraud score and dashboard. Pursuant to providing the Service, we will combine and analyse data related to a User from multiple sources, including the data obtained across all or most of our Clients in order to compute a more comprehensive Risk Assessment. We may compile into a database the Raw Data and the data related to a User from multiple sources, which will be accessible by our Clients in a secure and anonymous way. Our Clients will only be permitted to use such Raw Data to evaluate whether or not to allow a User to use its services and/or complete an applicable transaction or other User request to the Site. We will use the anonymised Raw Data stored within the database to make decisions by automated means. We may allow our agents and contractors to assist us in storing, analysing or processing information and ensure that their privacy and security practices are at least as stringent as ours.
We use Raw Data for our internal business purposes in operating, developing, enhancing, maintaining, supporting, and providing the Service and our other products and services, including to other Clients. All analytical results and Risk Assessments that we generate through or in connection with the Service using Raw Data, whether alone or in combination with data from other sources, are and will remain our property and may be used and disclosed by us in our discretion.
Disclosure and Onward Transfer of Data
Except as otherwise described in these terms, we do not sell, distribute, or otherwise disclose any Raw Data to any third party except to our agents and contractors that provide services to help us manage and provide the Service or claim ownership of the Raw Data.
Ravelin may disclose any information in our systems if we believe that doing so is legally required or is in our interest to protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights or property of others, or otherwise to help protect the safety or security of other persons, entities, facilities, equipment or the Service. Ravelin may transfer information to a successor entity in connection with a corporate merger, consolidation, sale of assets, bankruptcy, or other corporate change.
Security, Data Integrity
We are committed to ensuring that your information is secure. Ravelin has implemented reasonable physical, technical, and managerial safeguards in an effort to protect information from unauthorized access, disclosure, alteration, and destruction. These include firewalls and encryption, internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems. We will take reasonable steps to ensure a level of security appropriate to the harm that might result from unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected. We restrict access to information to employees, contractors and agents who need to know that information in order to operate, develop or improve our Service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations. Despite our efforts, however, we cannot and do not guarantee the security of the information we collect from either our Clients or Users; nor can we guarantee that such information will not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
We process information in a way that is compatible with and relevant for the purpose for which it was collected. To the extent necessary for those purposes, we take reasonable steps to ensure that any information in our care is accurate, complete, current and reliable for its intended use.
Subject access requests and contact information
You may request details of personal information that we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to Ravelin Technology, 33 Bowling Green Lane, London EC1R0BJ.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
Policies of our Clients
Where we store your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). All information you provide to us is stored on our secure servers. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.