Real Capital Analytics, Inc.
Last updated: September 24, 2019
Real Capital Analytics, Inc., and its affiliates, Real Capital Analytics, B.V., Real Capital Analytics Limited and Real Capital Analytics PTE Limited (collectively “RCA”) is committed to providing our employees, clients, and consumers (referred to as "you" or "your" in this Privacy Policy) with clear and concise information regarding our privacy policies and practices, and the importance of protecting the privacy of individual-specific information ("Personal Data") collected from and about you.
This Privacy Policy applies to the www.rcanalytics.com website (“Site”) owned and operated by RCA® and its affiliates (referred to herein as "RCA", "we", "us", or "our") and applies to information, services and products and services provided by RCA (“Products”). By accessing our Site or utilizing our Products, you consent to the data collection and handling practices set forth in this Privacy Policy.
This Privacy Policy describes what Personal Data we gather, how we use it and how you can correct, change and limit our use of it. It is our intention to give you as much control over your Personal Data as possible to preserve your privacy. Any change, modification or additional terms are available for review and will be posted at https://www.rcanalytics.com/Privacy.
RCA complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland to the United States. RCA has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
RCA’s privacy practices regarding the processing of Personal Data comply, as appropriate, with the Privacy Shield Principles. For purposes of enforcing compliance with the Privacy Shield, RCA is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission. To learn more about the Privacy Shield program and to review RCA’s certification, see the U.S. Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov.
For purposes of this Policy:
“Anonymous Information” means information that is collected about you as you use our Site, but which does not identify you as an individual, or connect to your name, address, or any other Personal Data.
“Cookies” mean a small data file that a website can send to your browser to be stored automatically on your computer. Cookies are commonly used to track your visits to a site so you don’t have to log in on every page and to analyze how you use the site. This allows website operators like RCA to serve you better.
“Consumer” means any natural person who is located in the EU, but excludes any individual acting in his or her capacity as an Employee.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“Client” means any entity that subscribes, purchases or otherwise obtains products or services from RCA.
“Data Subject” means any natural person who has data stored about them.
“Employee” means any current, former or prospective employee of RCA, or any of its European affiliates, who is located in the EU.
“EEA” means the European Economic Area that consists of the 28 EU member states plus Iceland, Norway and Liechtenstein.
“EU” means the European Union that include the EU member states of Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.
“EU Data Protection Laws” means all laws and regulations of the European Union, the European Economic Area, their member states, and the United Kingdom, applicable to the processing of Personal Data under the Main Agreement, including (where applicable) the GDPR;
“GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
“EU-U.S. Privacy Shield Program” means the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union to the United States.
“Personal Data” means all data that is defined as ‘personal data’ under EU Data Protection Laws and to which EU Data Protection Laws apply and which is provided by the Client to RCA, and accessed, stored or otherwise processed by RCA as a data processor as part of its provision of Products to Clients and/or Consumers.
“Privacy Shield Principles” means the Principles and Supplemental Principles of the Privacy Shield.
“Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.
“Products” means information, services and products provided by RCA in any format.
“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
“Site” means the RCA owned and operated website: www.rcanalytics.com.
RCA works with our Clients to help them provide notice of data processing to individuals, including information concerning (1) the purposes for which Personal Data is collected and used; (2) a contact person to whom enquiries or complaints may be directed; (3) the types of third parties to whom Personal Data is disclosed; and (4) the choices and means that individuals are offered for limiting use and disclosure of Personal Data.
RCA controls and processes Personal Data by consent from employees for the purposes of maintaining employee HR benefits and programs. RCA internal HR benefits programs, including health care; dental; eye care; life insurance beneficiaries; and employee tax programs may include the capturing of certain Personal Data including data related to the children/beneficiaries of RCA employees. This Personal Data is protected under the EU-US Privacy Shield Principles.
RCA receives and processes Personal Data by contract from its Clients to contractually serve Clients and ensure proper usage of the RCA Products. We also process Personal Data as part of the Client sales and product support functions. Additionally RCA also obtains Personal Data, such as contact information of its vendors’ representatives in order to manage its relationships with its vendors.
As a general matter, RCA processes the following types of Personal Data for our Clients:
RCA by consent and/or legitimate interest, collects and processes Personal Data obtained from Consumers for the purpose of ensuring proper usage of the RCA Products, and to build and maintain the RCA Products and a prospective marketing tool made up of prospective Clients that may be interested in utilizing RCA Products as a solution in their business needs. This collection occurs, for example, when a Consumer visits RCA’s Site and provides Personal Data to RCA. In addition, RCA obtains Consumer Personal Data, such as contact information, in connection with maintaining its Client relationships and providing its products and services to Clients.
As a Processor, RCA receives Personal Data about its Clients’ Consumers located in the EU. RCA’s Clients provide the Personal Data to RCA in connection with RCA’s provision of services to its Clients. In this capacity, RCA acts pursuant to its Clients’ instructions. The types of Personal Data RCA’s Clients provide to RCA include contact information such as name, email address, company name and job title. RCA processes this Consumer Personal Data in the EU and the U.S. to provide services to its Clients such as business development and data use analytics and management.
RCA collects information from our Clients during the subscription/registration process and may also do so from Consumers and Site visitors at other times. This information may be of any type, kind, or amount, individually identifiable or not, and may range from data RCA needs to validate your subscription, such as your name, email address, location, and the type of access device being used to what pages are being viewed or information is being exported from the Site. RCA identifies Clients and tracks user activity through several mechanisms, including storing cookie files on user devices. RCA does not disclose to third parties any Personal Data that discloses your identity without first notifying you and giving you an opportunity to elect not to have such information disclosed.
Unless otherwise agreed to, RCA may send Clients e-mail notifications of new site features and site services, including, for example, topic based reports. RCA reserves the right to contact any subscriber at any time regarding subscription renewals or other subscription or site related problems, issues, and questions, including, but not limited to, changes to our Terms of Service.
RCA acknowledges that EU individuals have the right to access the Personal Data that we maintain about them. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to privacy@rcanalytics.com.
Upon request, RCA will provide to you a summary of the personally identifiable information RCA maintains about you, and, if requested by you because the information is inaccurate, out-of-date, or incomplete, RCA will modify that information. If, at any time, you do not want us to disclose prospectively your Personal Data to third parties, you may contact us using the information in the “Contact Information section of this document.
The RCA HR department may collect Personal Data from RCA employees about their dependents for purposes of administering benefits for their dependents, including dependents under the age of 13.
As a policy, we do not collect or maintain information through our Site from those we know are under 13, and we do not permit children under 13 years of age to become registered users of our site. No part of our site is structured to attract anyone under 13. By using our Site, you represent that you are not under 13 years of age. If you are a parent or guardian and you believe that your child under age 13 may have provided personally identifiable information through the Site, please contact us using the information in the "Contact Information" section.
When RCA collects Personal Data from you, RCA processes Personal Data only for purposes that are compatible with those for which it was originally collected or as lawfully directed. If and when disclosure of Personal Data to a third party is necessary, RCA works with our clients and customers to inform them about the possibility of such disclosures and provide individuals with the choice and means of opting-out. If the Personal Data in question is necessary to provide a product or service, the choice to opt-out may preclude the further use of that product or service.
You have the opportunity to opt-out of having your information disclosed to a third party, or used for a purpose other than the purpose for which it was originally collected by emailing us with your request at privacy@rcanalytics.com. If you choose to opt-out in this manner, your request will be processed immediately and take effect within 30 days.
Your provision of Personal Data through any of our registration forms through our Site constitutes your affirmative consent that we may contact you by email to provide you with information and notices relating to the information you requested. You may choose to opt out of receiving future commercial email messages from us as a result of your use of this site. Each mass commercial email sent by us contains clear opt-in/out-out rights and instructions on how to remove yourself from our email list.
RCA may make changes to this Privacy Policy from time to time and will post these changes at rcanalytics.com/Privacy. By using our Site or Services you agree that we may also choose to contact you via the email address that you have provided to us in order to notify you of changes to this Privacy Policy.
At any time and for any reason you may choose to correct or update your Personal Data by emailing us with your request at privacy@rcanalytics.com. If you choose to remove your data it will be deleted from our records within 30 days, but may remain in our archive or backup records for approximately 180 days.
RCA complies with the notice and choice principles as described for all Personal Data disclosed or transferred to a third party. RCA may provide Personal Data to third-party service providers and vendors that perform tasks on our behalf to support the products and services described in this statement.
We take reasonable and appropriate steps to: ensure that Personal Data transferred to third-party service providers and vendors process said Personal Data in accordance with our EU-U.S. Privacy Shield obligations; and to stop and remediate any unauthorized processing. Under the Privacy Shield Program RCA may under certain conditions, be liable for the onward transfer of Personal Data to third parties.
In addition, if RCA enters into any business transition, restructuring, merger, sale, or other transferring of assets, we reserve the right to transfer all product and service information, including all Personal Data, as part of or in connection with the transaction.
Finally, RCA will access, transfer, disclose, and preserve Personal Data when we have a good faith belief that doing so is necessary to:
Every precaution is taken to insure the security of your data while using the Site or a RCA Product. RCA employs industry-standard firewalls, secure web servers (https), data encryption and authentication procedures, among other techniques, to maintain the security of your data and your online session.
RCA implements and maintains appropriate physical, administrative, technical and organizational measures to protect the Personal Data we process against unauthorized or unlawful access, use or disclosure, and against accidental loss, damage, alteration or destruction. Under our security policies and practices, access to Personal Data is authorized only for those who have a business need for such access. RCA strives to protect the Personal Data that we process; however, no security program is 100% secure and we cannot guarantee that our safeguards will prevent every unauthorized attempt to access, use, or disclose Personal Data. RCA maintains security incident response policies and procedures to handle incidents involving unauthorized access to Personal Data we process.
Please be advised that the confidentiality of any communication or material transmitted to RCA via our Site or electronic mail cannot be guaranteed, including, for example, Personal Data such as your address or name. Alternatively, you may contact RCA directly via the Contact Information noted below to transmit data in a non-electronic form.
Data stored in our databases is secured by additional login authentication. All monetary transactions are conducted using secure sockets layer (SSL) security as provided by Verisign, Inc. Credit card numbers are transmitted in encrypted format and RCA does not permanently store any credit card information. Our site architecture is such that all queries and business processes are executed at the server layer.
With respect to all Personal Data, RCA shall:
(a) only process Personal Data in order to provide the Products, and shall act only in accordance with:
(b) upon becoming aware, inform the Consumer if, in RCA’s opinion, any instructions provided by the Consumer under (a) above infringe the GDPR;
(c) implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks that are presented by the processing of Personal Data, in particular protection against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data. Such measures include, without limitation, the security measures set out under the RCA Privacy Policy;
(d) take reasonable steps to ensure that only authorized personnel have access to such Personal Data and that any persons whom it authorizes to have access to the Personal Data are under obligations of confidentiality;
(e) without undue delay after becoming aware, notify the Consumer of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed by RCA, its sub-processors, or any other identified or unidentified third party (a “Security Breach”);
(f) promptly provide the Consumer with reasonable cooperation and assistance in respect of a Security Breach and all reasonable information in RCA’s possession concerning such Security Breach insofar as it affects the Consumer, including the following to the extent then known:
(g) not make any public announcement about a Security Breach (a “Breach Notice”) without the prior written consent of the Consumer, unless required by applicable law;
(h) promptly notify the Client if it receives a request from a data subject to access, rectify or erase that individual’s Personal Data, or if a data subject objects to the processing of, or makes a data portability request in respect of, such Personal Data (each a “Data Subject Request”).
(i) other than to the extent required to comply with applicable law, following termination or expiry of contract(s) for the Products, RCA will delete all Personal Data (including copies thereof) processed pursuant to this Agreement;
(j) taking into account the nature of processing and the information available to RCA, provide such assistance to the Consumer as the Consumer reasonably requests in relation to RCA’s obligations under EU Data Protection Laws with respect to:
When you visit the Site, RCA may collect information about you and your browsing habits. The information we collect depends on the pages of our Site you visit and what you do during your visit. RCA may collect information from you automatically when you visit our Site, which may include the name of the domain and host from which you access the Internet; the Internet protocol (IP) address of your computer; the type of browser and software operating system you use; web log data, including the date and time you access our website; and the Internet address of the website from which you linked to our Site.
As a non-subscriber/public user, you can browse the Site without telling us who you are or revealing any personal information (i.e., name, email address, phone number, fax number, mobile telephone number and physical contact information) about yourself. As a subscriber or Permitted User, typically granted through your employer, you must register with us, and you choose to give us your personal information and are not anonymous to us. When you request information, create a profile, purchase products, or otherwise engage with our Site, you must provide personal information. Personal information is only associated with your account/profile when you sign in as a registered user. You must also provide non-personal information such as your job title, company name or business address.
RCA employs cookie technology to enable us to recognize users and their access privileges on the Site, as well as to track site usage. A cookie is a small text file that many web sites write to your hard drive when you visit them. Cookies also enable you to automatically enter the Site as a subscriber without having to enter your logon credentials each time. If available, you may choose to set your browser to warn you before accepting cookies. RCA makes use of a mandatory session cookie. Due to a dependency on this type of cookie, our site will not function correctly if a user disallows all cookies through their browser settings.
Most browsers are set up to accept cookies. If you want to change your cookie preferences, you can do so through your browser settings or refuse the cookies when you enter the Site. Please remember that our cookies are often used to give you certain functionality and without them you may not be able to use some of our Site. You can also remove cookies that have already been set in your browser via your browser settings.
An IP address is a number that is automatically assigned to your computer whenever you are using the Internet. Web servers, the main computers that serve up web pages, automatically identify your computer by its IP address. As permitted under applicable law, RCA collects IP addresses for the purposes of system administration, gathering and analyzing aggregated information, creating a better experience for users and auditing the use of our Site. We do not normally link IP addresses to anything personally identifiable, which means that your session will be logged, but you remain anonymous to us. We will seek to link your IP address when we feel it is necessary to protect this Site and other users from harm and to prevent criminal misconduct.
Contact service@rcanalytics.com to learn more or request cookies to be disabled.
Several companies offer tools that allow people to browse the web anonymously. We cannot provide you a personalized experience if you use these tools because we cannot recognize you and your computer. However, we want to ensure you know of their existence. Because RCA does not track your online activities over time and across third-party websites in order to provide targeted advertising, RCA does not respond to Do Not Track (DNT) signals.
RCA limits the Consumer Personal Data it processes to that which is relevant for the purposes of the particular processing. RCA does not process Consumer Personal Data in ways that are incompatible with the purposes for which the information was collected or subsequently authorized by the relevant Consumer. In addition, to the extent necessary for these purposes and consistent with its role as a Controller or Processor, RCA takes reasonable steps to ensure that the Personal Data the company processes is (i) reliable for its intended use, and (ii) accurate, complete and current.
In this regard, RCA relies on its Consumers and Clients (with respect to Personal Data of Consumers with whom RCA does not have a direct relationship) to update and correct the relevant Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized. Consumers (and Clients, as appropriate) may contact RCA as indicated below to request that RCA update or correct relevant Personal Data.
Subject to applicable law, RCA retains Consumer Personal Data in a form that identifies or renders identifiable the relevant Consumer only for as long as it serves a purpose that is compatible with the purposes for which the Personal Data was collected or subsequently authorized by the Consumer or Client, as appropriate.
Consumers generally have the right to access their Personal Data and where RCA acts as a Controller, where appropriate, RCA provides Consumers with reasonable access to the Personal Data RCA maintains about them. RCA also provides a reasonable opportunity for those Consumers to correct, amend or delete the information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, as appropriate.
RCA may limit or deny access to Personal Data where the burden or expense of providing access would be disproportionate to the risks to the Consumer’s privacy in the case in question, or where the rights of persons other than the Consumer would be violated. Consumers may request access to their Personal Data by contacting RCA as indicated below.
RCA has mechanisms in place designed to help assure compliance with the Privacy Shield Principles. RCA conducts an annual self-assessment of its Personal Data practices to verify that the attestations and assertions the company makes about its Privacy Shield privacy practices are true and that the company’s privacy practices have been implemented as represented and in accordance with the Privacy Shield Principles.
Consumers may file a complaint concerning RCA’s processing of their Personal Data. RCA will take steps to remedy issues arising out of its alleged failure to comply with the Privacy Shield Principles. Consumers may contact RCA as specified below about complaints regarding the company’s Consumer Personal Data practices.
RCA has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to JAMS EU-U.S. Privacy Shield, an independent alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your Privacy Shield complaint, or if your complaint is not satisfactorily addressed, please visit www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
RCA commits to cooperate with EU data protection authorities (DPA’s) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
When RCA maintains Personal Data about Consumers with whom RCA does not have a direct relationship because RCA maintains the Consumers’ data as a Processor for its Clients, RCA’s Clients are responsible for providing Consumers with access to the Personal Data and the right to correct, amend or delete the information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, as appropriate. In such circumstances, Consumers should direct their questions to the appropriate RCA Client. When a Consumer is unable to contact the appropriate Client, or does not obtain a response from the Client, RCA will provide reasonable assistance in forwarding the Consumer’s request to the Client.
In compliance with the EU-US Privacy Shield Principles, RCA is committed to resolving complaints about our collection or use of your Personal Data. European Union individuals with inquiries or complaints regarding this privacy policy should first contact RCA:
Via email at: privacy@rcanalytics.com
Via Postal Service at:
Real Capital Analytics, Inc.