
CONFIDENTIALITY & DATA SECURITY
We can provide our mutual NDA or review your company’s standard agreement before non-public data is shared.
Built around controlled data use
Used only for the agreed purpose
Access limited to authorised persons
NDA available before data sharing
Data-processing terms where required
Retention and deletion agreed in advance
Rivisum receives only the limited right to use the information for the agreed evaluation, pilot or service.
01
Agree
Before information is shared, we agree on the purpose of the analysis, the required data and the applicable confidentiality terms.
02
Transfer
Information is shared through an agreed transfer method appropriate to the sensitivity of the data.
03
Analyse
Information is used only to prepare the agreed Rivisum analysis, simulation or pilot deliverables.
04
Return or delete
Retention, return and deletion arrangements are agreed with the customer and documented where necessary.
Commercial information
Product prices · Discounts · Costs and margins · Sales volumes · Customer and product segments
Business information
Pricing strategies · Commercial plans · Forecasts · Internal reports · Management decisions
Personal data
Named customer contacts · Employee information · Individual purchasing records · Other identifiable information
Not all business information is personal data under the GDPR, but it may still be commercially confidential and protected by contract.
Purpose limitation
Information is used only for the evaluation, pilot or service agreed with the customer.
Data minimisation
We request only the information reasonably needed to perform the agreed analysis.
Restricted access
Access is limited to authorised persons who need the information to perform the work.
Confidentiality
Non-public customer information is treated as confidential regardless of whether a separate NDA is requested.
Limited retention
Information is retained only for the agreed period or as otherwise required by law.
Appropriate safeguards
Technical and organisational safeguards are selected based on the nature and sensitivity of the information being processed.
Rivisum mutual NDA
A balanced confidentiality agreement protecting information shared by both parties.
Request Rivisum NDA
Your company’s NDA
Customers may provide their own standard confidentiality agreement for review.
Send Your NDA
Additional contractual terms
Data-processing or pilot-specific terms can be agreed where the nature of the project requires them.
Discuss Requirements
Rivisum handles personal data in accordance with applicable EU data-protection laws, including the GDPR where personal data is involved.
Depending on the project and the roles of the parties, Rivisum and the customer may agree separate data-processing terms. These terms can define the processing purpose, duration, categories of data, responsibilities and what happens to the information when the engagement ends.
Where practical, customers should remove unnecessary names, contact details and other identifying information before providing datasets for analysis.
Personal-data approach
Collect only what is needed · Prefer limited or pseudonymised datasets · Define the processing purpose · Agree appropriate contractual terms · Delete or return data as agreed
Received
Analysed
Results delivered
Retained for agreed period
Deleted or returned
Is an NDA required?
No. Rivisum treats non-public customer information as confidential regardless. However, either party may request a signed NDA before sensitive information is shared.
Can we use our own NDA?
Yes. Rivisum can review your organisation’s standard confidentiality agreement.
Does Rivisum need personal data?
In many cases, pricing analysis can be performed using limited or pseudonymised information. Customers should exclude identifying information that is not necessary for the analysis.
Who owns our data?
Your organisation retains ownership of its original data. Rivisum’s right to use the data is limited to performing the agreed evaluation, pilot or service.
How long is information retained?
The appropriate retention period is agreed based on the project and documented where required.
Can we request deletion?
Yes. Deletion requests are handled in accordance with the applicable agreement and legal requirements.
No sensitive data is required for the initial discussion.