CONFIDENTIALITY & DATA SECURITY

Your commercial data stays confidential.

Your commercial data stays confidential.

Your commercial data stays confidential.

Your commercial data stays confidential.

Rivisum analyses sensitive sales, pricing and margin information. We limit how information is used, who can access it and how long it is retained.

Rivisum analyses sensitive sales, pricing and margin information. We limit how information is used, who can access it and how long it is retained.

Rivisum analyses sensitive sales, pricing and margin information. We limit how information is used, who can access it and how long it is retained.

We can provide our mutual NDA or review your company’s standard agreement before non-public data is shared.

Built around controlled data use

Used only for the agreed purpose

Access limited to authorised persons

NDA available before data sharing

Data-processing terms where required

Retention and deletion agreed in advance

Your company retains ownership of its data.

Your company retains ownership of its data.

Your company retains ownership of its data.

Rivisum receives only the limited right to use the information for the agreed evaluation, pilot or service.

How your data is handled

How your data is handled

A clear process is agreed before sensitive business information is shared.

A clear process is agreed before sensitive business information is shared.

01

Agree

Before information is shared, we agree on the purpose of the analysis, the required data and the applicable confidentiality terms.

02

Transfer

Information is shared through an agreed transfer method appropriate to the sensitivity of the data.

03

Analyse

Information is used only to prepare the agreed Rivisum analysis, simulation or pilot deliverables.

04

Return or delete

Retention, return and deletion arrangements are agreed with the customer and documented where necessary.

What we protect

What we protect

Commercial information

Product prices · Discounts · Costs and margins · Sales volumes · Customer and product segments

Business information

Pricing strategies · Commercial plans · Forecasts · Internal reports · Management decisions

Personal data

Named customer contacts · Employee information · Individual purchasing records · Other identifiable information

Not all business information is personal data under the GDPR, but it may still be commercially confidential and protected by contract.

Our data-handling principles

Our data-handling principles

Confidentiality applies whether or not a separate NDA is requested.

Confidentiality applies whether or not a separate NDA is requested.

Purpose limitation

Information is used only for the evaluation, pilot or service agreed with the customer.

Data minimisation

We request only the information reasonably needed to perform the agreed analysis.

Restricted access

Access is limited to authorised persons who need the information to perform the work.

Confidentiality

Non-public customer information is treated as confidential regardless of whether a separate NDA is requested.

Limited retention

Information is retained only for the agreed period or as otherwise required by law.

Appropriate safeguards

Technical and organisational safeguards are selected based on the nature and sensitivity of the information being processed.

An NDA is available before data sharing.

An NDA is available before data sharing.

Rivisum can provide a standard mutual non-disclosure agreement before receiving sensitive or non-public business information. We can also review and sign a customer’s existing NDA, subject to agreement on its terms.

Rivisum can provide a standard mutual non-disclosure agreement before receiving sensitive or non-public business information. We can also review and sign a customer’s existing NDA, subject to agreement on its terms.

Rivisum mutual NDA

A balanced confidentiality agreement protecting information shared by both parties.

Request Rivisum NDA

Your company’s NDA

Customers may provide their own standard confidentiality agreement for review.

Send Your NDA

Additional contractual terms

Data-processing or pilot-specific terms can be agreed where the nature of the project requires them.

Discuss Requirements

When personal data is involved

When personal data is involved

Rivisum handles personal data in accordance with applicable EU data-protection laws, including the GDPR where personal data is involved.

Depending on the project and the roles of the parties, Rivisum and the customer may agree separate data-processing terms. These terms can define the processing purpose, duration, categories of data, responsibilities and what happens to the information when the engagement ends.

Where practical, customers should remove unnecessary names, contact details and other identifying information before providing datasets for analysis.

Personal-data approach

Collect only what is needed · Prefer limited or pseudonymised datasets · Define the processing purpose · Agree appropriate contractual terms · Delete or return data as agreed

Retention and deletion

Retention and deletion

Retention arrangements are agreed based on the nature of the project. At the end of an engagement, customer data is deleted or returned in accordance with the applicable agreement, subject to legal obligations and limited technical backups where relevant.

Retention arrangements are agreed based on the nature of the project. At the end of an engagement, customer data is deleted or returned in accordance with the applicable agreement, subject to legal obligations and limited technical backups where relevant.

Received

Analysed

Results delivered

Retained for agreed period

Deleted or returned

Frequently asked questions

Frequently asked questions

Is an NDA required?

No. Rivisum treats non-public customer information as confidential regardless. However, either party may request a signed NDA before sensitive information is shared.

Can we use our own NDA?

Yes. Rivisum can review your organisation’s standard confidentiality agreement.

Does Rivisum need personal data?

In many cases, pricing analysis can be performed using limited or pseudonymised information. Customers should exclude identifying information that is not necessary for the analysis.

Who owns our data?

Your organisation retains ownership of its original data. Rivisum’s right to use the data is limited to performing the agreed evaluation, pilot or service.

How long is information retained?

The appropriate retention period is agreed based on the project and documented where required.

Can we request deletion?

Yes. Deletion requests are handled in accordance with the applicable agreement and legal requirements.

Have questions before sharing data?

Have questions before sharing data?

We can explain the intended data flow, provide our mutual NDA or review your organisation’s confidentiality and data-processing requirements.

We can explain the intended data flow, provide our mutual NDA or review your organisation’s confidentiality and data-processing requirements.

No sensitive data is required for the initial discussion.