1. INTRODUCTION

Reviewsy is committed to protecting the privacy of its users and ensuring the security of their personal data. This policy outlines how we collect, use, store, and protect personal information in compliance with the UK General Data Protection Regulation (UK GDPR) and New Zealand's Privacy Act 2020.

2. WHAT IS REVIEWSY AND HOW IT WORKS

Reviewsy provides a software platform accessible through our website, enabling businesses (our Business Users) to:

- Manage and display customer reviews

- Request reviews from their end customers

- Monitor review trends and ratings

Our Business Model and Data Processing:

Reviewsy primarily acts as a Data Processor on behalf of our Business Users (e.g., restaurants). This means that when our Business Users utilize our platform to request reviews from their customers, we process the personal data of those customers (the "End Customer Data") according to the instructions and under the authority of our Business Users. Our platform automates the process of sending review requests via email to the End Customers of our Business Users.

Reviewsy also acts as a Data Controller for:

- Business User Data:

The personal data of individuals who register and use our platform as representatives of businesses (e.g., name, email, business details, payment information).

- Site Visitors:

Limited technical data from visitors to our website (e.g., IP addresses, device/browser details, and cookies).

White Label Service:

We offer a white-label service that may allow our Business Users' customers to communicate with their own contacts through our platform. In such cases, Reviewsy acts as a Data Processor, processing personal data as instructed by the Business User.

Our Data Protection Officer is Arthur, who can be contacted at [email protected] for any privacy-related inquiries or to exercise your rights.

3. DATA COLLECTION AND CATEGORIES

We collect and process the following types of data:

- Business User Data: Name, email, business details, and payment information

- End Customer Data: Reviews, ratings, and communications from businesses (processed as a Data Processor on behalf of our Business Users).

- Technical Data: IP addresses, device/browser details, and cookies

4. LEGAL BASIS FOR PROCESSING

We process personal data based on:

- Contractual necessity (e.g., user registration, payments)

- Legitimate interest (e.g., improving services, fraud prevention)

- Consent (e.g., marketing emails, storing payment details)

- Legal obligations (e.g., compliance with UK or NZ law)

For End Customer Data, our legal basis for processing is typically the legitimate interest of our Business User in gathering feedback and improving their services, or consent where explicitly obtained by the Business User. It is the responsibility of our Business Users to ensure they have a lawful basis, including obtaining genuine consent where required, to provide us with their customers' data for processing.

5. DATA STORAGE & INTERNATIONAL TRANSFERS

We store data securely on servers located in the United Kingdom, European Union, and Microsoft Azure data centres (which may be located in various regions). When transferring data outside of these jurisdictions, we ensure adequate safeguards, including Standard Contractual Clauses (SCCs) for UK/EU transfers and compliance with NZ's privacy laws regarding offshore data storage.

6. DATA RETENTION POLICY

We retain personal data for as long as necessary:

- Business account data: Retained for the duration of the account + 6 years (for compliance)

- End-customer review data: Retained until requested for deletion by the Business User.

- Technical data (logs, cookies): Retained for up to 24 months

7. USER RIGHTS (Users in the UK and NZ have rights to:)

- Access, correct, or delete their data

- Object to data processing

- Request data portability

- Withdraw consent for marketing communications

To exercise these rights, contact [email protected]

Please review the updated Section 5. You might want to be more specific about the Azure regions if you know them and if that level of detail is appropriate for your policy. If the Azure data centres you use are within the UK or EU, you could specify that for clarity regarding international transfers.

add [email protected] as an email

Okay, I will add [email protected] as the contact email address in Section 7 ("USER RIGHTS") of your Privacy Policy.

Here is the updated Section 7:

7. USER RIGHTS (Users in the UK and NZ have rights to:)

- Access, correct, or delete their data

- Object to data processing

- Request data portability

- Withdraw consent for marketing communications

To exercise these rights, contact [email protected].

And here is the complete revised Privacy Policy with the updated contact email:

1. INTRODUCTION

2. WHAT IS REVIEWSY AND HOW IT WORKS

Reviewsy provides a software platform accessible through our website, enabling businesses (our Business Users) to:

- Manage and display customer reviews

- Request reviews from their end customers

- Monitor review trends and ratings

Our Business Model and Data Processing: Reviewsy primarily acts as a Data Processor on behalf of our Business Users (e.g., restaurants). This means that when our Business Users utilize our platform to request reviews from their customers, we process the personal data of those customers (the "End Customer Data") according to the instructions and under the authority of our Business Users. Our platform automates the process of sending review requests via email to the End Customers of our Business Users.

Reviewsy also acts as a Data Controller for:

- Business User Data: The personal data of individuals who register and use our platform as representatives of businesses (e.g., name, email, business details, payment information).

- Site Visitors: Limited technical data from visitors to our website (e.g., IP addresses, device/browser details, and cookies).

White Label Service: We offer a white-label service that may allow our Business Users' customers to communicate with their own contacts through our platform. In such cases, Reviewsy acts as a Data Processor, processing personal data as instructed by the Business User.

Our Data Protection Officer is Arthur, who can be contacted at [email protected] for any privacy-related inquiries or to exercise your rights.

3. DATA COLLECTION AND CATEGORIES We collect and process the following types of data:

- Business User Data: Name, email, business details, and payment information

- End Customer Data: Reviews, ratings, and communications from businesses (processed as a Data Processor on behalf of our Business Users).

- Technical Data: IP addresses, device/browser details, and cookies

4. LEGAL BASIS FOR PROCESSING We process personal data based on:

- Contractual necessity (e.g., user registration, payments)

- Legitimate interest (e.g., improving services, fraud prevention)

- Consent (e.g., marketing emails, storing payment details)

- Legal obligations (e.g., compliance with UK or NZ law)

5. DATA STORAGE & INTERNATIONAL TRANSFERS We store data securely on servers located in the United Kingdom, European Union, and Microsoft Azure data centres (which may be located in various regions). When transferring data outside of these jurisdictions, we ensure adequate safeguards, including Standard Contractual Clauses (SCCs) for UK/EU transfers and compliance with NZ's privacy laws regarding offshore data storage.

6. DATA RETENTION POLICY We retain personal data for as long as necessary:

- Business account data: Retained for the duration of the account + 6 years (for compliance)

- End-customer review data: Retained until requested for deletion by the Business User.

- Technical data (logs, cookies): Retained for up to 24 months

7. USER RIGHTS (Users in the UK and NZ have rights to:)

- Access, correct, or delete their data

- Object to data processing

- Request data portability

- Withdraw consent for marketing communications

To exercise these rights, contact [email protected]

You'll hear from us soon.