Privacy and Policy
Something we haven’t covered? Email us and we’ll get back to you!
1. Who are we and what do we do?
We are Ravelin Technology Limited of 5th floor, 174-180 Old Street, London EC1V 9BP (“Ravelin”, “we” or “us”). We help businesses (our Retailers) detect and address online fraud and other malicious behaviour (the “Fraud Prevention Service”). In doing so, we collect information about how Internet users (Users) interact with our Clients’ websites and mobile applications which offer goods and services for sale (their Webshops).
Ravelin is committed to ensuring that your privacy is protected. We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our Data Protection Officer by email at firstname.lastname@example.org.
2. How do you use my data?
Data collected via the Service
Most of our Retailers share information with us via an Application Programming Interface. While our Retailers control the information they provide to us, and each Retailer shares different pieces of information with us, the types of information they share generally includes information collected from the computers and similar devices operated by the Users visiting their Webshops. For example, Retailers may provide us with:
- Personal data such as email addresses, postal addresses, user login names or other unique User identifiers and telephone numbers.
- Site usage information such as the IP addresses of the devices accessing by our Retailer’s Webshops, the pages viewed by their Users, the items viewed, items bid on, items placed in a shopping cart, and items purchased by those Users.
- Site transaction information such as the price paid, billing method, the credit card BIN number, the last four digits of a credit card number, and whether a chargeback was issued or an order was cancelled.
- Webshop communication information such as certain User feedback and comments, including the contents of private messages and information pertaining to the recipient of those messages.
Our Fraud Prevention Service collects and stores the data described above, including any other relevant metadata which may contribute to our machine learning algorithms as part of the Fraud Prevention Service. We use machine learning to provide a fraud risk score to a particular Retailer based on the patterns identified in the data by our machine learning platform. Our Retailers can then use that score to determine whether a particular transaction will be accepted, challenged or rejected.
When you have expressed an interest in our products or services
This section applies if you have opted in to receive marketing communications from us, or have previously expressed an interest in our goods and services and not opted out.
We will handle your personal information (such as your name, email address, postal address, telephone number and sector preferences) to provide you with marketing communications in line with any preferences you have told us about.
When we send you marketing emails because you have opted-in to receive them, we rely on your consent to contact you for marketing purposes.
Every email we send to you for marketing purposes will also contain instructions on how to unsubscribe from receiving them. You are not under any obligation to provide us with your personal data for marketing purposes.
You can tell us that you do not want your personal information to be processed in this way at any time by following the unsubscribe link shown in every marketing communication you receive from us.
When you phone us or email us:
When you phone us or contact us by email with general queries, we may also handle your personal information (your name, contact details and the other details you provide to us) in order to provide the customer services you have asked us to. This could be when you ask us to provide more information about the fraud score or explain how our Fraud Prevention Service works.
We rely on our legitimate interests to market, promote and explain our business when handling your personal information in this way.
If our business is sold:
We will transfer your personal information to a third party:
if we sell or buy any business or assets, we will provide your personal information to or buyer (but only to the extent we need to, and always in accordance with data protection legislation); or
if Ravelin or the majority of its assets are acquired by somebody else, in which case the personal information held by us will be transferred to the buyer.
We process your personal information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer.
In some circumstances we may also need to share your personal information if we are under a duty to disclose or share it to comply with a legal obligation.
3. Analytics, technical data and tracking
We will also use your personal information for the purposes of making our site more secure, and to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
We process your data for these reasons because we have a legitimate interest to provide you with the best experience we can, and to ensure that our site is kept secure.
You can prevent us from using your personal information in this way by using the 'do not track' functionality in your internet browser. If you enable do not track functionality, our site may be less tailored to your needs and preferences.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. We only use (and store) non-essential cookies on your computer's browser or hard drive if you provide your consent. The table below is a non-exclusive list of the cookies stored on your computer
|CraftSessionId||Session maintenance||Framework (Craft)|
5. How long do we retain your data for?
If you tell us that you no longer wish to receive marketing communications from us, we promise to stop sending them to you.
6. Your rights
You have various other rights under applicable data protection laws, including the right to:
- access your personal data (also known as a “subject access request”);
- correct incomplete or inaccurate data we hold about you;
- ask us to erase the personal data we hold about you;
- ask us to restrict its handling of your personal information;
- ask us to transfer your personal information to a third party;
- object to how we are using your personal information; and
- withdraw your consent to us handling your personal data.
Privacy law is often complicated, and whether these rights are available to you sometimes depends on the types of data we are handling about you. If you would like to exercise any of these rights, please contact us at email@example.com
You always have the right to lodge a complaint with us or the Information Commissioner's Office, the supervisory authority for data protection issues in England and Wales.
7. Policies of our Clients
Our Retailers are responsible for ensuring and maintaining their compliance with their privacy policies and other applicable terms or policies, third party contracts, rights of privacy, and any other applicable laws or regulations in connection with their use of the Fraud Prevention Service. We encourage our Retailers to describe their use of the Fraud Prevention Service and other technologies that collect user information in their respective privacy policies. Ravelin is not responsible for the privacy practices of our Retailers or any site we do not own or control.
8. Where we store your personal data
Many of our external third parties are based outside the European Economic Area (EEA) so our processing of your personal information will involve a transfer of data outside of the EEA. Whenever we transfer your personal information outside of the EEA, we ensure it is protected by making sure at least one of the following safeguards are in place:
by transferring your personal information to a country that has been deemed to provide an adequate level of protection by the European Commission;
by using specific contracts approved by the European Commission which give your personal information the same protection it has
where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
You can contact us at firstname.lastname@example.org for the details as to how we protect specific transfer of your data.
All information you provide to us is stored on our secure servers or those of our third party data storage providers.
10. How do I contact you with feedback?