Repsly Service Privacy Policy
Effective Date: February 3, 2025
Repsly, Inc., together with its affiliates (collectively referred to as “Repsly,” “we,” or “us”), is dedicated to safeguarding the privacy of individuals who utilize its online retail execution platform (the “Service”). This Service Privacy Policy is provided to inform you of the types of information we collect and process through the Service, the purposes and methods of such processing, and the means by which you may exercise your data protection rights.
What is the purposes for collecting and processing information by the Service?
Information we collect through the Service is gathered exclusively to fulfill our contractual obligations to Customers and anyone acting on behalf of our customer (collectively referred to as the “Customer”).
In other words, we use the collected information solely to provide the Service requested by the Customer. Under the EU GDPR, Repsly acts as a Data Processor in this relationship, while the Customer serves as the Data Controller. Repsly processes users' data on behalf of the Controller when the Controller has a lawful basis for doing so under applicable law. Customers may only utilize the Service pursuant to an agreement with Repsly and in compliance with applicable law. If you are a User of the Service, please contact the Data Controller for additional detail about your privacy rights.
What information we process, and why?
Through the Service, we provide a real-time insight on retail execution and sales performance, smart merchandising, promotion, and sales execution tools to the Customer.
As an integral part of the agreed service provisioning, Users (typically customers’ employees) manually and automatically fill the information needed for the service provisioning including the following data which can be directly or indirectly connected to a physical person and is processed for the described purposes:
|
Personal data processed |
Purpose of processing |
|
|
|
|
How do we protect your information?
We take great care in implementing, enforcing and maintaining the security of our Service, our website and Users’ information. Repsly establishes and enforces security policies designed to prevent the unauthorized or accidental access, destruction, loss, modification, use or disclosure of Personal Information and continuously monitors compliance with these policies. All information is stored with logical separation from other Customers' data. However, we do not guarantee that unauthorized access will never occur.
A comprehensive framework of organizational, technical, and physical security controls helps us safeguard Personal Information against unauthorized access, use, or disclosure. More information about your data security is available at Repsly trust center. However, no security controls are 100% effective, and we cannot completely ensure or warrant the security of your Personal Information.
Unless otherwise agreed with the Customer and subject to applicable law, Repsly will act in accordance with its policies to promptly notify customers in the event of data breach.
Repsly may use gathered Personal Information with third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Service. We seek to obtain confidentiality agreements that are consistent with this Privacy Policy and limit others’ use or disclosure of your Personal Information and Personal Information.
Cross-border data transfers
Service providers are authorized to use gathered Personal Information only as necessary to provide these services to us. Such service provider may be in a country that does not have the same data protection laws as your jurisdiction. To ensure your data remains secure and is used solely for providing the agreed-upon Service, Repsly requires these Service providers to undergo an additional security and compliance review. Selected service providers must meet or exceed Repsly’s standards for privacy and data protection designed to comply with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks (DPF), and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce.
Privacy rights
If you want to access, correct, amend, or delete data stored by Repsly, you should understand Repsly is processing users’ personal data to fulfill the contractual obligation to Customers, hence Service users should directed such requests to our Customer (the Controller) who is typically user’s employer. We will work with our customers to respond to data subject requests as outlined in our DPA.
If you are seeking to exercise your data subject access rights for the data Repsly processes as a data controller, please see this Privacy Policy.
Data retention
Repsly will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal and contractual obligations, resolve disputes and enforce its agreements.
Customer data collected during your use of the Service is retained in accordance with the provisions of the applicable contract.
However, some data will not be deleted and will be kept in an anonymized manner. Some metadata and statistical information concerning the use of the Service are not subject to the deletion procedures in this policy and may be retained by Repsly. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policies.
Third-Party software and services
We may use third-party software and/or services (“Sub-processors”) in order to collect and/or process the Service’s User’s information. Such Sub-processors are bound contractually to comply with obligations at least as protective of your Personal Information as this Privacy Policy. Repsly remains liable for the compliance of its Sub-Processors with the terms of this Privacy Policy.
Sharing of information gathered through the Service with third parties
Repsly may disclose Personal Information collected through the Service to hold and/or manage your Personal Information through Repsly’s authorized affiliates and third party service providers, solely in connection with the Service and subject to confidentiality agreements not less stringent than Repsly’s obligations under this Privacy Policy, and to satisfy any applicable law, regulation, order, legal process, subpoena or governmental request;
Because we value your privacy, we have taken the necessary precautions to follow the California Online Privacy Protection Act. We therefore will never distribute your Personal Information to outside parties without your consent.
Changes to this Privacy Policy
Repsly reserves the right to change this Privacy Policy. Repsly will provide notification of the material changes to this Privacy Policy through the Service.
How to Contact Us
If you have questions or concerns about this Privacy Policy, or our collection and use of your Personal Data, you are welcome to send us an email or otherwise contact us at the following contact information:
US
Repsly Inc.
170 Milk Street, 4th Floor, Boston, MA 02109, attention Legal Department.
email: privacy@repsly.com
phone: +1-617-356-8125
EU/EEA, UK and Switzerland
Repsly representative:
HYDRA CONSULTING d.o.o., Prve Poljanice 7, 10040 Zagreb, Croatia
email: privacy@repsly.com
E.U. residents have the right to lodge a complaint with a supervisory authority (Data Protection Authority in their jurisdiction) at https://edpb.europa.eu/about-edpb/about-edpb/members_en in case of a breach of any E.U. data protection and privacy regulations. If the supervisory authority fails to deal with a complaint or inform you within the time frame set under applicable law, you have the right to an effective judicial remedy.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Repsly commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
Arbitration
For a resolution of any claimed violations of the Principles not resolved by any of the other EU-U.S. DPF mechanisms, under the conditions set by the Annex I of the TADPF, individuals may invoke a binding arbitration, in which Repsly is being subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Trans Atlantic Data Privacy Framework compliance
Repsly complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
Repsly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
Repsly has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
