Privacy Policy

Effective Date: October 13th, 2025

RevEng Consulting ("we," "our," or "us"), located at 175 North Green Street, 4th Floor, Chicago, IL 60607, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with applicable data protection laws, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other privacy laws.

1. Information We Collect

We collect personal information directly from you when you interact with our services. The personal information we collect includes:

• Full Name

• Email Address

• Job Title

• Company Name

• Contact Information (such as phone number, mailing address)

• Event registration information (when you register for webinars, workshops, or events)

• Course enrollment information (when you enroll in our educational content)

• 
  

We do not collect sensitive personal information such as financial data, social security numbers, or health information.

We may also automatically collect non-personal information, such as:

• Website usage data

• IP addresses

• Browser type and version

• Pages visited and time spent on pages

• Referring website addresses

  
  

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for marketing communications (e.g., by checking a box during event registration or course enrollment)

• Legitimate Interests: For business operations, improving our services, and communicating about our services when we have a legitimate interest that does not override your privacy rights

• Contract Performance: When processing is necessary to provide services you've requested

• Legal Obligation: When we must process data to comply with legal requirements

You have the right to withdraw consent at any time where we rely on consent as the legal basis.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and deliver services you've requested (such as event access or course materials)

• To communicate with you regarding updates, offers, and events related to our services

• To send marketing materials and other relevant communications that we believe may be of interest to you (only with your consent where required by law)

• To respond to your inquiries or requests

• To improve our website, services, and user experience

• To comply with legal obligations

We do not process personal data for automated decision-making or profiling.

Marketing Communications and Consent

How We Obtain Consent:

• When you register for our events through platforms like Goldcast, you may opt-in to receive marketing communications by checking the appropriate consent box

• When you enroll in courses through platforms like Thinkific, you may opt-in to receive marketing communications during the registration process

• We use single opt-in for marketing communications (you will not receive a confirmation email to verify your subscription)

  
  

Your Right to Opt-Out:

• Every marketing email includes an unsubscribe link

• You can opt-out at any time by clicking "unsubscribe" or contacting us directly

• Opting out of marketing emails will not affect transactional emails (e.g., event confirmations, course access information)

4. Data Processing and Retention

RevEng Consulting acts as a data controller for the personal information we collect.

Retention Periods:

• Marketing email lists: We retain your information for as long as you remain subscribed, plus 2 years after your last interaction with us

• Event registration data: We retain this information for 3 years after the event date for business records

• Course enrollment data: We retain this information for 5 years to maintain educational records

• General inquiries: We retain correspondence for 2 years after the last communication

• Legal compliance: Where required by law, we may retain data longer to meet regulatory obligations

After these periods, we will either delete, anonymize, or retain it in a form that no longer identifies you.

5. Sharing of Information

We do not sell or trade your personal information. However, we may share your information in the following circumstances:

Service Providers (Data Processors): We may share your information with third-party service providers who perform services on our behalf, including:

• Email Marketing Platforms: For sending newsletters and marketing communications

• Event Management Platforms: Such as Goldcast, for hosting webinars and virtual events

• Learning Management Systems: Such as Thinkific, for hosting and delivering educational content

• CRM Systems: For managing customer relationships and communications

• IT Support and Hosting Providers: For maintaining our technology infrastructure

• Analytics Providers: For website and service usage analysis

  
  

These third-party service providers are contractually obligated to:

• Use your information only for the purposes we specify

• Implement adequate safeguards to protect it

• Process data in accordance with applicable data protection laws

  
  

Legal Compliance: We may disclose your personal information if required to do so by law, in response to legal processes such as subpoenas, court orders, or government requests. We may also disclose your information to protect our rights, property, or safety, or that of others.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity.

6. Your Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to Know: You have the right to request information about the personal data we have collected about you in the preceding 12 months, including the categories of data, the sources from which it was collected, the purposes for which it was used, and any third parties with whom it was shared.

• Right to Delete: You have the right to request the deletion of your personal data, subject to certain exceptions (e.g., if the data is necessary for us to comply with legal obligations or perform a contract).

• Right to Opt-Out of Sale: We do not sell your personal information. In the event we do so in the future, you have the right to opt-out.

• Right to Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA rights, including requesting deletion or opting out of sales.

To exercise any of these rights, please contact us at the contact information provided below. We will respond to your request within the timeframes required by law, typically within 45 days.

7. Your Rights Under GDPR (For EEA, UK, and Swiss Residents)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the GDPR:

• Right to Access: You have the right to request a copy of the personal data we hold about you.

• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.

• Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data in certain circumstances.

• Right to Restrict Processing: You have the right to request that we limit how we use your personal data in certain situations.

• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

• Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.

• Right to Withdraw Consent: Where we process your data based on consent, you have the right to withdraw that consent at any time.

• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority (e.g., the Information Commissioner's Office in the UK, or your national data protection authority in the EEA).

  
  

How to Exercise Your Rights: To exercise any of these rights, please contact us using the information in Section 13 below. We will respond to your request within one month, though this may be extended by two additional months for complex requests.

No Fee Required: You will not have to pay a fee to exercise your rights unless your request is clearly unfounded, repetitive, or excessive.

8. International Data Transfers

If you are located outside of the United States, please be aware that your personal information may be transferred to and stored in the United States, where our servers and service providers are located.

For GDPR Compliance: When we transfer personal data from the EEA, UK, or Switzerland to the United States or other countries that do not provide an adequate level of data protection, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): Approved by the European Commission

• Data Processing Agreements: With our service providers that include appropriate data protection terms

• Additional Security Measures: As required by applicable law

  
  

You have the right to request information about the safeguards we use for international transfers and to obtain a copy of these safeguards by contacting us.

The data protection laws in the U.S. may differ from those in your country, but we are committed to protecting your personal information in accordance with applicable legal requirements.

9. Data Security

We implement reasonable and appropriate administrative, technical, and physical safeguards to protect your personal information from unauthorized access, use, or disclosure, including:

• Encryption of data in transit and at rest

• Access controls and authentication procedures

• Regular security assessments and updates

• Employee training on data protection

• Contractual obligations with service providers

  
  

However, no security system is completely foolproof, and we cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

Data Breach Notification: In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities without undue delay and, where required by law, within 72 hours of becoming aware of the breach.

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and analyze website usage.

Types of Cookies We Use:

1. Essential Cookies: Required for website functionality (e.g., session management, security)

2. Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics)

3. Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness

4. Preference Cookies: Remember your settings and preferences

   
   

Cookie Duration:

• Session cookies: Deleted when you close your browser

• Persistent cookies: Remain on your device for a set period (ranging from 30 days to 2 years)

  
  

Managing Cookies: You can control and/or delete cookies through your browser settings. Please note that disabling certain cookies may impact website functionality. You can learn more about managing cookies at www.allaboutcookies.org.

11. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect or solicit personal information from children under 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child under 16, please contact us immediately.

12. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or for other operational reasons. Any material changes will be posted on this page with an updated effective date.

For significant changes, we will provide more prominent notice (such as email notification or a notice on our homepage) as required by applicable law.

We encourage you to periodically review this policy to stay informed about how we are protecting your information.

Previous versions of this policy are available upon request.

13. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or wish to exercise your rights under applicable privacy laws, please contact us at:

RevEng Consulting
175 North Green Street, 4th Floor
Chicago, IL 60607
Email: infosec@revengconsulting.com
Phone: 312-450-5901

For GDPR-related inquiries:
If you are located in the EEA, UK, or Switzerland and have concerns about how we process your personal data, you may also contact your local data protection supervisory authority.

Response Time:
We aim to respond to all privacy-related inquiries within 30 days (or as otherwise required by applicable law).

14. Additional Information for Specific Jurisdictions

California Residents:
In addition to the rights outlined in Section 6, California residents may designate an authorized agent to make requests on their behalf. To verify requests made through an authorized agent, we may require proof of authorization.

Nevada Residents:
Nevada residents have the right to opt-out of the sale of personal information. We do not currently sell personal information as defined under Nevada law, but if you wish to submit a verified opt-out request, please contact us.

EEA/UK/Swiss Residents:
For questions specific to GDPR compliance or to exercise your rights, please contact us at infosec@revengconsulting.com with "GDPR Request" in the subject line.

Last Updated: October 13th, 2025

© 2025 All Rights Reserved RevEng Consulting