RaveOx - Software Solutions Agency

At RaveOx, we are committed to protecting the privacy and data rights of individuals in the European Union and European Economic Area. This page outlines our compliance with the General Data Protection Regulation (GDPR) and explains how we handle personal data of EU/EEA residents.

1. GDPR Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It gives individuals greater control over their personal data and establishes strict requirements for organizations that process this data.

As a data controller and data processor, RaveOx ensures that all processing of personal data from EU/EEA residents complies with GDPR requirements.

2. Key GDPR Principles We Follow

Lawfulness, Fairness & Transparency

We process personal data lawfully, fairly, and in a transparent manner.

Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes.

Data Minimization

We collect only data that is relevant and necessary for our purposes.

Accuracy

We keep personal data accurate and up to date.

Storage Limitation

Data is retained only as long as necessary.

Integrity & Confidentiality

We ensure appropriate security of personal data.

3. Legal Bases for Processing

Under GDPR, we must have a valid legal basis for processing personal data. We rely on the following bases:

3.1 Contract Performance

When processing is necessary for the performance of a contract with you (e.g., providing our services).

Example: Creating your account, processing payments, delivering software solutions.

3.2 Legal Obligation

When processing is necessary to comply with a legal obligation.

Example: Retaining transaction records for tax purposes.

3.3 Legitimate Interests

When processing is necessary for our legitimate interests, provided they do not override your rights.

Example: Improving our services, fraud prevention, network security.

3.4 Consent

When you have given explicit consent for a specific purpose.

Example: Marketing communications, cookies (where required).

4. Your Rights Under GDPR

As an individual in the EU/EEA, you have the following rights regarding your personal data:

Right to be Informed

You have the right to be informed about the collection and use of your personal data. This privacy policy provides that information.

Right of Access

You have the right to access your personal data and request a copy of the information we hold about you.

Right to Rectification

You have the right to have inaccurate personal data corrected or completed if it is incomplete.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data under certain circumstances.

Right to Restrict Processing

You have the right to request restriction of processing your personal data in certain situations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the information below:

Email: privacy@raveox.com

Subject: Please include "GDPR Request" in the subject line.

Verification: We may need to verify your identity before processing your request.

Response Time: We will respond to all legitimate requests within 30 days.

6. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our compliance with data protection laws and to serve as a point of contact for data subjects and supervisory authorities.

DPO Name: [Your DPO Name]

Email: dpo@raveox.com

Address: RaveOx, [Your Address], [City, Country]

7. International Data Transfers

When we transfer personal data from the EU/EEA to countries outside the European Economic Area, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): We use EC-approved contractual clauses for transfers to third countries.
Adequacy Decisions: Where the European Commission has determined that a country ensures an adequate level of protection.
Binding Corporate Rules (BCRs): For intra-group transfers where applicable.
Privacy Shield (legacy): For transfers to certified US organizations (though note that Privacy Shield was invalidated, we rely on SCCs instead).

Our cloud infrastructure providers (AWS, Google Cloud, Azure) maintain compliance with GDPR and provide appropriate safeguards for data transfers.

8. Data Processing Agreements

As a data processor for our clients, we offer Data Processing Agreements (DPAs) that:

Set out the subject matter and duration of processing.
Specify the nature and purpose of processing.
Define the type of personal data and categories of data subjects.
Include our obligations and rights as a processor.
Address sub-processing and international transfers.

To request a copy of our DPA, please contact us at privacy@raveox.com.

9. Data Breach Notification

In the event of a personal data breach, we have procedures in place to:

Assess the risk to individuals' rights and freedoms.
Notify the relevant supervisory authority within 72 hours (where required).
Communicate with affected individuals without undue delay (where there is high risk).
Document all breaches, including facts, effects, and remedial actions.

10. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

Data Category	Retention Period	Justification
Account Information	Duration of account + 1 year	Contract performance & legitimate interests
Transaction Records	6 years	Legal obligation (tax/accounting)
Marketing Data	Until consent withdrawn	Consent
Support Communications	3 years	Legitimate interests (service improvement)
Website Analytics	26 months	Consent/legitimate interests

11. Cookies and Tracking

For EU/EEA users, we:

Provide clear information about cookies when you first visit our site.
Obtain your consent before placing non-essential cookies.
Allow you to withdraw consent at any time.
Provide granular controls for different cookie categories.

For more information, see our Cookie Policy.

12. Children's Data

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete it.

13. Right to Lodge a Complaint

If you believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

UK Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

14. Contact Information

If you have any questions about our GDPR compliance or data protection practices, please contact us:

Data Protection Officer: dpo@raveox.com

Privacy Team: privacy@raveox.com

Address: RaveOx, [Your Address], [City, Country]

EU Representative: [Your EU Representative Name/Company], [EU Address] (if applicable)

15. Updates to This Page

We may update this GDPR Compliance page periodically to reflect changes in our practices or legal requirements. We will indicate the effective date at the top of this page. Material changes will be notified to affected individuals where required by law.

This GDPR Compliance page was last updated on March 1, 2026.