Note :- "Applicable Data Protection Regulations" means (i) the European Regulation 2016/679 (“GDPR”), (ii) e-Privacy Directive 2002/58/EC of July 12, 2002, and any legislation replacing the GDPR and the e-Privacy Directive, (iii) any law, statute or regulation on the protection of Personal Data of a Member State of the European Economic Area ("EEA"), which may apply to one of the Parties in connection with its data processing activities or its establishment in the EEA.

1.1 For the purposes of this DPA, the terms “Personal Data”, “Data Subject”, “Personal Data Breach”, “Processing”, “Transfer”, “Supervisory Authority”, “Controller” and “Processor” shall have the definitions set forth by Article 4 of the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (“GDPR”).

2.6 Reveal will cooperate with Customer and provide Customer, at Customer’s cost, with all necessary assistance and documentation to enable it to comply with its obligations under Articles 32 to 36 of GDPR to which it is subject, including assistance in carrying out data protection impact assessments, and prior consultations with supervisory authorities.

4.1 - Reveal will keep Customer Data belonging to or transmitted by Customer strictly confidential and will not disclose such Customer Data to third parties without prior and explicit authorization of Customer. Reveal will ensure that persons authorized to process such Customer Data (its staff, directors, affiliates, suppliers and any potential Authorized Processors) have committed themselves to confidentiality or are under appropriate statutory obligation of confidentiality. 4.2 Reveal will implement and maintain appropriate technical and organizational measures to protect Customer Data against (i) unauthorized or unlawful Processing and (ii) accidental loss, damage, destruction, alteration, unauthorized disclosure of, or access that, at a minimum, meet the requirements set forth in the measures referred to in Article 32 of GDPR.

6.2 - In order to ensure that adequate safeguards are in place for Processing and Transfer of Customer Data, Reveal undertakes it complies with one of the following derogatory conditions: − legislation of the Third Country offers an adequate level of protection of Personal Data which is recognized as such by a decision of the European Commission; − Reveal or one of its representatives has entered into a Personal Data transfer agreement with the Third Country-based sub-Processor in accordance with the latest version in force of the standard contractual clauses drawn up by the European Commission; − Reveal's Third Country-based sub-Processor has subscribed to an authorized Personal Data transfer mechanism validated by the European Union's institutions; − Reveal’s Third Country-based sub-Processor has adopted "Binding Corporate Rules" validated by an authorized European Personal Data protection authority.

Here is the link to our DPA for further investigation.

Reveal is the only ecosystem platform to score 100% exception-free on the SOC 2 Type II Report. SOC 2 (Security and Organization Controls) is one of the most comprehensive security audits for cloud-based service providers on the market.