User Privacy Policy

At Revi, we value your privacy. Through this policy, we inform you of your rights regarding the protection of personal data and explain how we collect, use, disclose, transfer, and store your information when you use our services to leave reviews about stores or products.

1. Terms Used in This Policy

For a better understanding of this policy, we explain below some key terms used throughout the document:

“Revi” or “we/us”: Refers to WEE ECOMMERCE, S.L., the company that owns the platform revi.io, with registered office at C/ Grabador Enguídanos 47-10, 46015, Valencia (Spain), and contact email hola@revi.io. Revi is the data controller in the cases described in this policy.
“User” or “you”: A person who accesses the revi.io platform with the intention of leaving a review, consulting ratings, or interacting with public content related to products and businesses.
“Personal data”: Any information that allows a natural person to be identified directly or indirectly. This may include, for example, your name, email address, IP address, published reviews, attached images, among others.
“Public personal data”: Information voluntarily published on the platform and visible to any visitor, such as the content of your reviews, your name or pseudonym, the rating given, the publication date, or any attached file. This also includes company replies to your reviews.
“Private personal data”: Data that is not publicly displayed on Revi and is used exclusively for service management or to verify the legitimacy of a review, such as your email address, order number, or technical information collected automatically.
“Platform”: Refers to the website revi.io and all associated functionalities, such as the review form, user area, moderation systems, and any other service accessible from our main domain or subdomains.
“Data processor”: A natural or legal person who processes personal data on behalf of the data controller. For example, Revi acts as a processor when it manages review invitations on behalf of a company that has contracted its services.
“Data controller”: A natural or legal person who determines the purposes and means of processing personal data. This can be Revi (for example, in the case of user accounts or voluntary reviews) or the company that invites you to review its service.
“GDPR”: General Data Protection Regulation (EU Regulation 2016/679), the European regulation governing the protection of natural persons with regard to the processing of personal data and the free movement of such data.
“Consent”: A free, specific, informed, and unambiguous indication by which the user accepts, by a clear affirmative action, the processing of their personal data by Revi for one or more specific purposes.

2. Third-Party Websites

Our platform may contain links to third-party websites. The presence of these links does not imply that we recommend them or that they are governed by this privacy policy. We encourage you to carefully read the privacy policies of such websites, as their data collection, use, and processing practices may differ from ours.

Aquí tienes la traducción al inglés completa y fiel de los puntos 3 y 4 de la Política de Privacidad para Usuarios que Dejan Opiniones de Revi:

3. Publicly Visible Reviews

Revi is a public platform designed to promote transparency between consumers and businesses. When you write a review on Revi, that review —along with the information associated with your user profile— will be visible to anyone who accesses our platform.
This includes:

The content of your review and the rating you gave.
The date of publication.
Your first name and the initial of your last name (or the pseudonym you choose). If your review is not anonymous.
The product or service reviewed and, where applicable, the name of the store.
Your language.
Any image, video, or other content you choose to attach to your review.

When another user accesses your profile, they may view all the reviews you have posted, as well as additional information related to your public interactions on Revi.

Similarly, if a business replies to your review, that response will also be publicly visible. Both your review and the company’s reply form part of the public history of interactions between consumers and businesses on Revi.

We consider all this information as public personal data, accessible on our platform and through external search engines (e.g., Google). You are not required to provide any personal data beyond what is strictly necessary to leave a verified review. You decide whether to use your real name or a pseudonym, as well as whether to attach images or additional identifying information.

4. Private Personal Data

When a store or business requests Revi to send you an invitation to review your shopping experience, they provide us with certain personal data necessary for that purpose. This usually includes your name, email address, and a reference identifier such as the order number or equivalent data that allows the transaction to be verified.

Additionally, Revi may receive information from third parties to detect possible fraud or conduct internal investigations aimed at ensuring the integrity of the review system.

We also automatically collect certain technical information from your device when you access our services. This may include your IP address, approximate location, device type, browser used, operating system, and data about your interaction with the platform (such as pages visited, clicks made, time spent) or with our emails (such as opening or interacting with review invitations).

All this information is used exclusively to provide the service securely, improve user experience, and ensure that published reviews are authentic and verifiable.

Who is the data controller?
Under the General Data Protection Regulation (EU Regulation 2016/679), the data controller is the one who determines the purposes and means of processing your personal data, while a data processor acts on their behalf.

When you receive an invitation to leave a review about a store or business using Revi’s services (whether sent directly by us on their behalf or by the company itself), that company acts as the data controller regarding the data used for the invitation (e.g., your name, email address, or order number). In this case, Revi acts as the data processor, providing the service on behalf of the business.

Therefore, if you wish to exercise your rights over the personal data used to send review invitations —such as access, rectification, or deletion— you must contact the company that invited you, as they determine how that data is used.

On the other hand, regarding other personal data linked to your use of the Revi platform —such as account creation, review publication, responses to reviews, or use of interactive features— WEE ECOMMERCE, S.L. (Revi’s owner) acts as the data controller.

Additionally, depending on the services contracted by our clients (the businesses), they may also act as data controllers for certain data visible in the reviews, such as your name, review content, or experience date, when published on their business profile.

What do we use your personal data for?
At Revi, we process your personal data for various purposes, all based on the legitimate use of the platform, your consent, or compliance with legal obligations. These are the main purposes for which we may use your information:

Providing our services: Displaying your reviews publicly on store profiles and granting you access to your user account or features available on Revi’s platform.
Improving the platform: Analyzing system usage, performing internal testing, detecting errors, and developing new features to enhance your experience.
Responding to your inquiries: Replying to messages or requests sent via contact forms, support, or email.
Sending communications: If you’ve subscribed, we may send you newsletters, updates, or other relevant communications, always with your consent.
Personalizing your experience: Adapting content, recommendations, or how reviews are displayed based on your behavior on the platform.
Internal management and analytics: Performing tasks such as statistical analysis, audits, fraud detection, quality control, content moderation, or identifying usage trends.
Training and process improvement: Using your interactions (e.g., questions or reviews) in an anonymized or pseudonymized way to train our staff and improve service quality.
Legal compliance and rights defense: Retaining or disclosing information when necessary to comply with legal obligations, court orders, or requests from competent authorities, as well as to defend Revi’s legitimate rights and interests.

In all cases, we apply technical and organizational measures to ensure that your data is processed appropriately, securely, and in accordance with current regulations.

Legal basis for processing your data
At Revi, we process your personal data based on the legal grounds established by the General Data Protection Regulation (GDPR), depending on the type of interaction you have with us. In particular, we process your data based on:

Performance of a contract: We need to process your data to provide our services, allow you to leave verified reviews, give you access to your user account, or fulfill other obligations arising from our relationship with you or the business you represent.
Compliance with legal obligations: We process personal data when necessary to comply with applicable laws, including legal, tax, data protection, or judicial requirements.
Legitimate interest: We process certain data to manage our platform, improve our services, ensure system security, prevent fraud, or perform statistical analysis. We always ensure that these processes are relevant, proportionate, and do not unfairly affect your rights and freedoms.
Task carried out in the public interest: When we contribute to the overall goal of offering a transparent and verified review environment, data processing may be considered of public interest, as it fosters digital trust in e-commerce.
Defense of legal rights: We retain or use your data when necessary to establish, exercise, or defend legal claims.
Explicit consent: In cases where we request your consent (e.g., to send newsletters or install non-essential cookies), we will process your data only if you have given us free and informed permission. You can withdraw your consent at any time from the relevant settings panel or by contacting us (see “Contact” section).

Please note that even if you withdraw your consent, Revi may still process your data if there is another legal basis to justify it.
You also have the right to object to the processing of your data or to request its restriction in certain cases.

Retention period of your personal data
At Revi, we retain your personal data only as long as necessary to fulfill the purposes for which it was collected or while a legal basis justifies its processing. The exact duration depends on the type of interaction you’ve had with us, the service provided, and our legal or contractual obligations.

This means we may retain your data while:

You have a user account on Revi.
There is an active contractual relationship between you or your represented company and Revi.
It is necessary to provide you with our services, display your reviews, or ensure the traceability of verified opinions.
A legal retention obligation exists (e.g., tax, commercial, or data protection regulations).
We have a legitimate interest that justifies retention (such as fraud prevention, platform security, or defense against potential claims).

Once these purposes are no longer fulfilled and there is no legal or legitimate basis for storage, your data will be securely deleted or anonymized so that it can no longer be associated with you as an identifiable person.
You may exercise your right to request the deletion of your personal data at any time.

At Revi, the security of your personal information is a top priority. That’s why we implement appropriate technical, organizational, and administrative measures to protect your data against unauthorized access, loss, alteration, or improper disclosure.
These measures include, for example:

Use of secure transmission protocols (HTTPS).
Restricted access controls for authorized personnel.
Intrusion detection and prevention systems.
Regular backups.
Periodic review and audit of our platforms and systems to detect vulnerabilities.

However, you should be aware that no data transmission over the Internet is completely secure. Although we constantly work to enhance the protection of our systems, we cannot guarantee 100% security of the information you send us electronically.

For this reason, we recommend not including sensitive or confidential data in emails you send us, as those messages may not be encrypted. If you need to share especially sensitive information, please contact us and we will guide you on the most secure way to do so.

5. Use of Cookies and Similar Technologies

At Revi, we use cookies and equivalent technologies such as pixels and tracking codes to improve your user experience, optimize our platform, personalize content, perform statistical analysis, and display relevant advertising.

What are cookies?
Cookies are small text files stored on your device (computer, mobile phone, tablet, etc.) when you access our website. These files allow the site to remember relevant information for future visits, such as your preferences, settings, or previous interactions.

What other technologies do we use?
In addition to cookies, we may use:

Pixels: small transparent graphic files inserted in emails or web pages. They help us understand if you've opened a message or interacted with certain content.
Tracking codes: code snippets that allow us to analyze how you browse our platform, which sections you visit, or how you interact with our services.

Purposes of use
These technologies are used to:

Identify your user session and facilitate your navigation.
Remember your preferences, such as language or regional settings.
Analyze browsing behavior on the site and improve our services.
Personalize your experience based on your interests.
Show relevant advertising based on your previous visits or submitted reviews.
Measure the effectiveness of marketing campaigns and traffic sources.

Who sets these cookies?
Cookies can be:

First-party: managed directly by Revi, for example, to keep your session active or remember your privacy settings.
Third-party: managed by external platforms such as Google, Meta (Facebook), LinkedIn, among others, which help us with tasks like analytics, advertising, or social media integration.

Do I need to give my consent?
Yes. According to current regulations, non-essential cookies (e.g., analytics or advertising) require your informed and explicit consent. When you first access our website, we will show you a settings panel where you can accept or reject each cookie category.

You can change your choice at any time through the Cookie Management Panel, accessible from the footer.

What happens if I reject them?
You can use Revi without accepting non-essential cookies. However, if you choose to reject them, some website features may not be available or may not function properly (for example, remembering your language or displaying relevant recommendations).

Where can I get more information?
You can find full details about the types of cookies we use, their purposes, duration, and third parties involved in our general Cookie Policy, or write to us at hola@revi.io if you have additional questions or wish to exercise your rights.

6. Your Rights Regarding Data Protection

As a user of Revi, you have a series of rights recognized by the General Data Protection Regulation (GDPR) concerning your personal data. You may exercise them at any time, free of charge and without justification, by writing to us at hola@revi.io, indicating your identity and the specific request you wish to make.

Right of access
You have the right to obtain confirmation of whether Revi is processing personal data concerning you, and if so, to access such data, as well as additional information about the processing we perform (purposes, categories of data, recipients, retention period, etc.).

Right to rectification
You can request the correction or updating of your personal data if it is inaccurate, incomplete, or outdated. This includes, for example, modifying your username, country, or correcting errors in your reviews.

Right to erasure (“right to be forgotten”)
You can ask us to delete your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw your consent, or when it is processed unlawfully. This right applies provided there is no legal obligation or legitimate interest that requires us to retain it (e.g., for fraud prevention or to exercise legal rights).

Right to restriction of processing
You may request that we limit the processing of your data when you contest its accuracy, the processing is unlawful and you oppose its erasure, we need to retain it for legal claims, or you have objected to the processing and we are evaluating the overriding of our legitimate interests.

Right to object
You have the right to object to the processing of your personal data when it is based on our legitimate interest, especially if it is used for direct marketing purposes or profiling. In such cases, we will stop processing your data unless there are compelling legitimate grounds.

Right to data portability
If your data is processed based on your consent or a contract, and by automated means, you may request to receive your data in a structured, commonly used, and machine-readable format, or ask us to transfer it directly to another controller, whenever technically feasible.

Right to withdraw consent
When we have requested your consent to process your data (e.g., to send marketing communications or use non-essential cookies), you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Limitations of these rights
Please note that some rights may be subject to certain limitations. For example, we cannot delete data we are legally required to keep or if its deletion would affect third-party rights. We will evaluate each case transparently and keep you properly informed.

7. Information About Minors

The Revi platform is not intended for individuals under the age of 18, and we do not knowingly collect personal data from minors of that age.

If you are a parent or legal guardian and believe that a minor in your care has provided us with personal data without your consent, please notify us as soon as possible by writing to hola@revi.io. We will review the situation and, if appropriate, securely delete such information in accordance with applicable regulations.

8. Changes to This Policy

At Revi, we may update this Privacy Policy at any time to reflect legal, technical, or business changes that affect the processing of users' personal data.

We will publish the modifications on this same page, indicating the date of the last update at the end of the document. We recommend that you periodically review this policy to stay informed about how we protect your information.

If the changes substantially affect your privacy rights, we will notify you clearly and prominently, either through our platform, by email (if you are registered), or through other appropriate means.

Continued use of our services after the publication or communication of such changes will imply acceptance of the changes introduced.

cookies.cookie	Description	Domain	Expiration
cor_session	Website-owned cookie. Essential for its functioning	revi	at the end of session
revi_cookie	Website-owned cookie. Essential for its functioning	revi	10 year

cookies.cookie	Description	Domain	Expiration
1P_JAR	Third party Google Cookie that collects statistical data about anonymous browsing.	google.com	1 month
_gid	Corbeto's Boots and Google Analytics affiliate Cookie that distinguishes users.	google.com	24 hours
__Secure-3PSIDCC	Advertising. These cookies are used to deliver ads that are relevant to you and your interests.	google.com	1 year
__Secure-1PSID	Cookie required to use website options and services.	google.com	2 years
SID Terceros	User preferences storage in Google.	google.com	2 years
__Secure-1PAPISID	Cookie required to use website options and services.	google.com	2 years
HSID	User preferences storage in Google.	google.com	2 years
__Secure-3PSID	Advertising. These cookies are used to deliver ads that are relevant to you and your interests.	google.com	2 years
SSID	Stores information, identifiers and preferences on Google.	google.com	2 years
SIDCC	Used by Google to provide services and extract anonymous information about browsing.	google.com	1 year
__Secure-1PSIDCC	Cookie necessary for the use of website options and services in one year.	google.com	1 year
__Secure-3PAPISID	These cookies are used to deliver ads that are relevant to you and your interests.	google.com	2 years
SAPISID	User preferences storage in Google.	google.com	2 years
APISID	User preferences storage in Google.	google.com	2 years
1P_JAR	Google Cookie. Used to collect website statistics and track conversion rates.	google.com	30 cookies.cookie_time_days
DV	Preference cookie placed by google.com stores Google-related information, identifiers, and preferences.	google.com	variable
OGPC	Cookie required to use website options and services in one month.	google.com	variable
CONSENT	Cookie acceptance function on websites.	gstatic.com	permanent
SEARCH_SAMESITE	The goal is to mitigate the risk of cross-site information leakage. It also provides some protection against cross-site request forgery attacks.	google.com	5 months
NID	These cookies are used by Google to store user preferences.	gstatic.com	6 months
OTZ	Purpose: advertising. They allow optimizing and customizing ads displayed while browsing. It is related to Google Adwords personalized advertising system.	google.com	1 month