RISR, INC. PRIVACY POLICY

Introduction​

RISR, Inc. (“Company” “we” or “us”) respects your privacy and is committed to protecting it through our compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide when you use our website at risr.com along with any related websites, software or Company servers (collectively, the “Website”) and outlines our practices for collecting, using, maintaining, protecting, and disclosing that information. We want to be transparent about the information we collect, how we use it, whom we share it with, and the controls we give you to access, update, and delete your information. After reading this privacy policy, if you still have questions, please contact us at hello@risr.com.

This policy applies to information we collect:

• Within the Website.
• Within the Company’s non-public sandbox evaluation, testing and/or turning environments, to the extent Company provides you with access to the environment.
• In email, text, and other electronic messages between you and Company.
• When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.
• When you provide us information in person at conferences and other events. 

It does not apply to information collected by: (i) us offline or through any other means, including on any other website operated by Company or any third party (including our affiliates and subsidiaries) or information we collect when acting as a service provider for our Customers (as defined below) with which you may interact; or (ii) any third party, including our affiliates, subsidiaries and Customers, including through any application or content (including advertising) that may link to or be accessible from or on the Website.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use the Website. By accessing or using the Website, you agree to this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.​

Information We Collect on Behalf of Our Customers Which Is Not Governed by This Policy

​We provide business valuation services to third party businesses and other entities including business advisors (our “Customers”). If you have a relationship with one of our Customers you may provide them with information that gets processed by us as part of the services we perform for those Customers. 

We use that data and information in accordance with our contractual obligations to Customers, which include (1) providing services to Customers; and (2) generating anonymized, de-identified or otherwise aggregated data that does not identify individuals (collectively, “RISR-Generated Data”). We may use such RISR-Generated data for our business purposes, which may include research and analytics, benchmarking, and enhancing the quality of our products and services.  

Children Under the Age of 13

The Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of the Website or provide any information about yourself to us, including your name, email address, telephone number, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at hello@risr.com.​

Information We Collect About You and How We Collect It

We collect several types of information from and about users of the Website, including personal data and personal information. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).  We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data includes name, title, date of birth and gender. 
• Contact Data includes mailing/billing address, email address and telephone numbers.
• Financial Data includes bank account and payment card details.
• Transaction Data includes details about payments to and from you and other details of products and services you have used or purchased from us.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website. We also maintain audit logs, error logs and system reports that may contain your personal data. 
• Profile Data includes your username and password, purchases or orders made by you (or by your employer on your behalf), your interests, preferences, feedback and survey responses.
• Usage Data includes information about how you use our Website.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data which is anonymized, de-identified or otherwise aggregated, such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

How We Collect This Information

We use different methods to collect data from and about you including: (i) directly from you when you provide it to us; (ii) automatically as you navigate through the site; and (iii) from third parties, for example our business partners; each as described in greater detail below. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.

Information You Provide to Us  

The information we collect on or through the Website may include:

• Information that you provide by filling in forms on the Website. This includes information provided at the time of registering to use the Website, subscribing to our service, posting material, or requesting further services. We may also ask you for information when you report a problem with the Website.
• Records and copies of your correspondence (including email addresses), if you contact us.
• Your responses to surveys that we might ask you to complete for research purposes.
• Details of transactions you carry out through the Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through the Website.
• Your search queries on the Website.
• Types of content you view within the Website.

Information We Collect Through Automatic Data Collection Technologies  

As you navigate through and interact with the Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including: (i) details of your visits to the Website, including traffic data, logs, and other communication data and the resources that you access and use on the Website; and (ii) information about your computer and internet connection, including your IP address, operating system, and browser type.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).

The information we collect automatically is statistical data and does not include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve the Website and to deliver a better and more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize the Website according to your individual interests.
• Speed up your searches.
• Recognize you when you return to the Website.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to the Website. For further information, visit allaboutcookies.org.
• Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. 
• Web Beacons. Pages or other portions of the Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related Website statistics (for example, recording the popularity of certain Website content and verifying system and server integrity). 

Information About You We May Receive from Third Parties

We may receive personal data about you from various third parties and public sources including: 

• Analytics providers such as Google;
• Advertising networks such as Google, Bing, Facebook and Instagram.
• Contact, financial and transaction data from providers of technical, payment and delivery services such as Stripe.
• Identity and contact data from publicly available sources.
• Conference hosts and organizers to the extent you attend or register for conferences or other events at which Company is a participator.

Third-Party Use of Cookies (and Other Tracking Technologies)

Some content or applications, including advertisements, in the Website are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use the Website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. 

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.

Cookie Policy

RISR uses cookies in a range of ways to improve your experience on our website, including:

• Keeping you signed in
• Understanding how you use our website

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

How We Use Your Information

We, and our authorized third party service providers, may use information that we collect about you or that you provide to us, including any personal information:

• To present the Website and its contents to you.
• To provide you with information, products, or services that you request from us.
• To notify you about changes to the Website or any products or services we offer or provide through it or other products or services which may be of interest to you.
• To analyze trends and conduct research about improving the Website.
• To correlate information with other commercially available information to identify demographics and preferences to assist us in marketing efforts.
• To contact users for research, informational or marketing purposes.
• To learn about our users’ needs.
• To track traffic patterns and usage of the Website, including customizing our recommendations and promotions to you based on your information.
• To address information security and/or privacy practices control, network functioning, engineering, and troubleshooting issues. `
• To investigate claims and/or legal actions, violations of law or agreements, and compliance with relevant applicable laws and legal process. 
• To comply with law, or based on our good-faith belief that it is necessary to conform or comply with the law, or otherwise to disclose information to prevent fraud and reduce credit risks, to cooperate with police and other governmental authorities, or to protect the rights, property or safety of visitors to the Website or the public. 
• To process or engage in a sale of all or part of our business, or if we go through a reorganization or merger. 
• To fulfill any other purpose for which you provide it.
• To provide you with notices about your account/subscription, including expiration and renewal notices.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for processing credit cards, billing and collection.
• To allow you to participate in interactive features on the Website.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.

We may also use your information to contact you about our own and third-parties’ goods and services that may be of interest to you and to display advertisements to our advertisers’ target audiences. For more information about steps you can take to control how your information is used, see Choices About How We Use and Disclose Your Information.

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.

Disclosure of Your Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. 

We may disclose personal information that we collect or you provide as described in this privacy policy:

• To our subsidiaries and affiliates.
• To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Company about the Website users is among the assets transferred.
• To third parties to market their products or services to you. We contractually require these third parties to keep personal information confidential and use it only for the purposes for which we disclose it to them. 
• To fulfill the purpose for which you provide it. (e.g. sharing payment information with our third party payment processors)
• For any other purpose disclosed by us when you provide the information.
• With your consent.

We may also disclose your personal information:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information: 

• Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of the Website may then be inaccessible or not function properly.
• Disclosure of Your Information for Third-Party Advertising. We do not share your personal information with unaffiliated or non-agent third parties for promotional purposes. 
• Promotional Offers from the Company. If you do not wish to have your email address used by the Company to promote our own or third parties’ products or services, you can opt-out by sending us an email stating your request to hello@risr.com If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided to the Company as a result of a product purchase, warranty registration, product service experience or other transactions.

Opting Out

You can ask us to stop sending you marketing messages at any time by (i) by following the opt-out links on any marketing message sent to you; or (ii) by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service experience or other transactions.

Accessing and Correcting Your Information

You may send us an email at hello@risr.com to request access to, correct or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

Your California and Other State Privacy Rights

The California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), provides California residents with specific rights regarding their personal information. If you are a California resident, your rights are described below. If you have any questions about whether any of the following applies to you, please email us at hello@risr.com.

You have the right to request certain information about our collection and use of your personal information over the past 12 months, including the following:

• The categories of personal information that we have collected about you, as those categories are defined under the CCPA and CPRA.
• The categories of sources from which that personal information was collected.
• The business or commercial purpose for collecting or selling your personal information.
• The categories of third parties with whom we have shared your personal information.
• The specific pieces of personal information that we have collected about you.
• If we have disclosed your personal information for a business purpose over the past 12 months, we will identify the categories of personal information shared with each category of third-party recipient.

In addition to the rights described above, California law requires disclosure of the categories of personal information collected and shared with our affiliates and Customers over the past 12 months. Those categories, as described by the CCPA and CPRA, consist of the following:

• Identifiers, including name, email address, IP address, and an ID or number assigned to your data.
• Demographics, such as your age or gender. This category includes data that may qualify as protected classifications under other California or federal laws.
• Commercial information, including purchases and engagement with Company.
• Internet activity, including your interactions with our services and what led you to our Website.
• Inferences, including information about your interests, preferences and favorites.

As stated in the section above titled, “Information We Collect on Behalf of Our Customers Which Is Not Governed by This Policy”, the collection of your information, and your authorization to provide it, is governed by your relationship and contractual agreement with the Customer that is using our software and services.  We do not ever sell or disclose your Personal Information. 

If we have sold your personal information over the past 12 months, we will identify the categories of personal information purchased by each category of third-party recipient. AT THIS TIME COMPANY DOES NOT SELL ANY PERSONAL INFORMATION AND HAS NOT SOLD ANY SUCH INFORMATION IN THE LAST TWELVE (12) MONTHS. 

If you are a California resident you have the right to request correction or deletion of the personal information that we have collected from you, as well as ceasing the sharing of any personal information  we have collected from you subject to limited exceptions: for example, we may retain personal information to complete a transaction with you, or we may retain information that would affect the privacy of others or interfere with legal requirements. If your deletion request is subject to an exception under the CCPA or CPRA we may deny your deletion request.

To exercise the rights described above, you should send us written request via email to hello@risr.com or via the Company address listed below.  Please ensure that your request  (1) provides sufficient information to allow us to verify that you are the person about whom we have collected personal information; and (2) provides sufficient detail to allow us to understand, evaluate, and respond to your request. We may not be obligated or able to respond to requests that do not meet these criteria. 

For your security we may require you to verify your identity before we can act on your request. There may be information we will not return in response to your access request, such as information that would affect the privacy of others or interfere with legal requirements. Similarly, there may be reasons why we cannot comply with your deletion request, such as the need to keep your personal information to fulfill a legal obligation.

Company will use commercially reasonable efforts to respond to any complete and valid request within 30 days of receipt. There is no cost to submit a valid request although Company may require a fee if your request(s) are excessive, repetitive, or unreasonable. You will not be charged a fee, and your fee-bearing request will not be processed, without Company providing you with prior written notice. 

Should you choose to exercise any of your rights under the CCPA or CPRA, Company will not deny you any services, charge you different rates, or provide lesser quality services. However, in the future Company may elect to offer different tiers of services as allowed by applicable laws which may contain differing prices, rates, or levels of quality, which may be related to the value of personal information that we receive from you.​

California Civil Code Section § 1798.83 permits users of the Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to hello@risr.com or write us at RISR Inc., 7 Grey Court, Berwyn PA 19312.

If you are a resident of Colorado, Connecticut, Utah or Virginia you may have similar rights to know the categories of data we collect, use and disclose, as well as potential rights to request corrections or deletions of your data. To submit a request to know, correct or delete, please send an email to hello@risr.com. We may be required to take certain steps to verify your identity before processing your request.  

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, which may include rights to the following:

• Request access to your personal data.
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Request restriction of processing your personal data.
• Request transfer of your personal data.
• Withdraw consent.

If you wish to exercise any of the rights set out above, please contact us at hello@risr.com.  

​You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

​We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. 

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website. The information you share in public areas may be viewed by any user.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we can neither guarantee the security of your personal information transmitted to the Website nor can we guarantee that such information will not become publicly available. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website. You can reduce these risks by using common-sense security practices such as choosing a strong password, using different passwords for different services, and using up-to-date antivirus software on your electronic devices.

Users Outside of the United States

If you are visiting the Website from a location outside of the United States, your connection will be through and to servers located in the United States. All information you receive from the Website may be created on servers located in the United States, and all information you provide may be maintained on web servers and systems located within the United States. The data protection laws in the United States and other countries might not be the same as those in your country. By using the Website or submitting information to us, you specifically consent to the transfer of your information to the United States and to the facilities and servers we use, and to those with whom we may share your information.

Users in the European Union

If you are a resident of the European Union you may have specific rights with respect to your personal data which are set forth below.  Please note that RISR is a data processor that does not collect data directly from individuals in the EU however your data may be collected by a Customer as a controller of your data and then sent to us to process in our role as a data processor.

EU Data Subject Rights

The right to access - You have the right to request RISR for copies of your personal data. We may charge you a small fee for this service.

The right to rectification - You have the right to request that RISR correct any information you believe is inaccurate. You also have the right to request RISR to complete information you believe is incomplete.

The right to erasure - You have the right to request that RISR erase your personal data, under certain conditions.

The right to restrict processing - You have the right to request that RISR restrict the processing of your personal data, under certain conditions.

The right to lodge a complaint with a supervisory authority - You have the right to report any complaints you may have of RISR activities to a supervisory authority.

The right to object to processing - You have the right to object to RISR' processing of your personal data, under certain conditions.

The right to withdraw consent at any time – You have the right to withdraw consent to RISR' processing of your personal data, under certain conditions.

The right to data portability - You have the right to request that RISR transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact as set forth below. 

Lawful Basis of Processing

We collect and process your personal information under the following lawful bases: 

1. With your consent as provided hereunder;
2. Performance of a contract with you or in our role as a processor of data for our Customers;
3. For the prevention of fraud
4. As necessary to comply with a legal obligation; and
5. To fulfill our legitimate interest in conducting our business, where your interests and fundamental rights do not override those interests including, but not limited to:
• providing the services for which you have enrolled and Goods you have purchased;
• to keep our records updated;
• to study how customers use our products/services, to develop them and grow our business and inform our marketing strategy;
• for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercises;
• contacting you about our products, or responding to your requests.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Subprocessors

Amazon Web Services will be our subprocessor and is located at 410 Terry Avenue North, Seattle, WA.

Retention of Data

RISR stores your data in our repositories for as long as the individual agreement with the data controller specifies. Once this period has expired, we will delete your data automatically through technological measures in a secure manner

Transfers of EU Data

We do not transfer your data to anyone except you upon request so there will not be a transfer of your data by RISR to any 3rd country or across international borders. To the extent you have a business relationship with our Customer they may transfer your data to RISR and such transfers are subject to your separate agreements with that Customer.  RISR will maintain an audit trail of all data transfers by RISR.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the Website. If we make material changes to how we treat our users’ personal information, we will notify you by email to the email address you provided to us and through a notice on the Website home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting the Website and this privacy policy to check for any changes. your continued use of the Sites after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at: hello@risr.com or write us at RISR Inc., 7 Grey Court, Berwyn PA 19312.

Depending on where you reside you may have the right to make a complaint to your local supervisory authority for data protection issues.  We would, however, appreciate the chance to deal with your concerns first so please contact us.