PRIVACY POLICY

TABLE OF CONTENTS

Privacy Statement

Effective Date: 28 April 2025

1. Introduction

Veriva Systems Sdn Bhd (“Veriva,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data.
This Privacy Statement explains how we collect, use, share, and protect your personal information when you interact with our websites, services, software platforms, and solutions.

This Statement applies to all websites owned and operated by Veriva and its subsidiaries, including SaaS platforms under the Veriva and Rivastor brands.

2. Sites Covered by This Privacy Statement

This Privacy Statement covers Veriva-owned websites and domains, including our wholly owned subsidiaries (“Veriva Websites”).
It does not apply to third-party websites that may be linked from our sites.

We encourage you to review the privacy policies of any third-party sites before providing your personal data.

3. Information We Collect

a. Personal Information

Personal information refers to data associated with your identity, such as:

  • Name, address, phone number, and email address
  • User IDs and passwords
  • Employment information (job title, company)
  • Billing and subscription information
  • Content you upload to our services (e.g., meeting recordings, transcripts, video files)

You may provide this information when:

  • Requesting information
  • Registering for a service
  • Subscribing to newsletters
  • Attending events or webinars
  • Using our software or platforms

b. Non-Personal Information

We collect non-personal data automatically, including:

  • Device and browser information
  • IP address
  • Cookies and usage patterns
  • Aggregated statistical information about site usage

4. How We Use Your Information

We use the collected information to:

  • Deliver, operate, and maintain our SaaS solutions and services
  • Authenticate users and secure access to our platforms
  • Provide customer support and respond to inquiries
  • Improve and enhance our products and user experiences
  • Conduct market research and analysis
  • Send communications about service updates, news, promotions, and events (where permitted)
  • Comply with legal obligations

We do not sell your personal data.

5. Customer Data Ownership and Use

When you use our SaaS services:

  • You retain ownership of all Customer Data you upload or submit.
  • We process Customer Data solely to deliver, maintain, and support the services.
  • We do not access, use, or disclose Customer Data except as required to provide services, comply with law, or with your express consent.

Use of Customer Data is governed by the applicable subscription agreements and our internal data security policies.

6. Data Sharing and Disclosure

We may share information with:

  • Authorized service providers and sub-processors (e.g., Microsoft Azure, payment processors) who are contractually bound to protect data.
  • Resellers or partners where necessary for service delivery and support.
  • Regulatory or law enforcement authorities if legally compelled.

A list of sub-processors is available to customers upon request.

We require all third parties to implement appropriate data protection measures and only process data according to our instructions.

7. Data Residency and Hosting

For Veriva-hosted services:

  • Your data may be stored and processed at Microsoft Azure Data Centers located in Singapore and the United States.

Alternatively, customers may deploy and host the software within their own private infrastructure (Customer-Hosted Model).
Customers may request geographic hosting restrictions at onboarding, subject to applicable terms.

8. International Data Transfers

Where data is transferred outside of Malaysia or your local jurisdiction, we ensure compliance by using recognized mechanisms such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable

9. Data Security

We take data security seriously and implement appropriate measures, including:

  • Encryption of data at rest and in transit
  • Role-based access control
  • Regular security audits and penetration testing
  • 24/7 security monitoring
  • Business Continuity and Disaster Recovery (BC/DR) planning

In case of a security breach affecting your personal data, Veriva will notify you within 72 hours where required by law.

10. Retention of Information

We retain personal data:

  • For the duration necessary to fulfill the purposes outlined in this Privacy Statement
  • As required by applicable law or contractual obligations
  • Customer Data is retained or deleted according to your subscription agreement or instructions upon termination

11. Your Privacy Rights

Depending on your jurisdiction (e.g., GDPR, PDPA), you may have rights to:

  • Access and correct your personal data
  • Request data deletion
  • Object to or restrict certain processing
  • Request data portability
  • Withdraw consent at any time (where consent is the basis for processing)

To exercise your rights, please contact us at privacy@verivasystems.com.

12. Children’s Privacy

Our services are intended for use by adults.
We do not knowingly collect personal data from children under 18 years of age.

13. Changes to This Privacy Statement

We may update this Privacy Statement from time to time.
Material changes will be notified through our website or by direct communication.
Please review this Statement periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Statement, please contact:

Data Protection Officer (DPO)
Veriva Systems Sdn Bhd
Email: privacy@verivasystems.com
Website: https://verivasystems.com