Privacy Policy

Your privacy matters. Here's a quick summary of how we handle your information.

Privacy Notice at a Glance

This summary highlights key points from our full Privacy Notice.

Who we are. REUZEit is a group of three companies — REUZEit, Inc. (US), REUZEit BV (Netherlands), and REUZEit UK and Ireland, Ltd. — with satellite offices in Boston and the San Francisco Bay Area.

Information We Collect

  • Business contact information (name, employer, email, phone)
  • Order and billing details
  • Your communications with us
  • Basic technical data when you visit our website
  • Strictly necessary cookies only — no analytics or marketing cookies
  • We don't routinely collect sensitive data and don't knowingly collect data from children

Why We Collect It

  • Deliver the services you've contracted us for
  • Communicate with you and send invoices
  • Meet our legal and tax obligations
  • Keep our systems secure
  • Run and grow our business

Who We Share With

  • Service providers (cloud hosting, payment processing, accounting, tax compliance, professional advisors)
  • Other REUZEit companies in our group
  • Authorities when required by law
  • We do not sell your personal data and do not share it for cross-context behavioral advertising.

Where Your Data Goes

  • We operate in the US, EU, and UK — data may move between these regions
  • EU/UK transfers protected by Standard Contractual Clauses
  • Kept up to 7 years for contract and financial records, up to 24 months for marketing contacts, less for website data

Your Rights

  • Get a copy of your data, correct it, or delete it
  • Restrict or object to how we use it
  • Take it with you to another provider
  • Withdraw consent at any time
  • EU/UK residents may complain to a data protection regulator; US residents have a right to appeal a denial
  • We don't make significant decisions about you using only automation
  • We will not penalize you for using your rights.
Questions? We're here to help.
Email privacy@reuzeit.com
Call 1-888-642-6431 (US toll-free)
Or use our web form

REUZEit Global Privacy Notice

Effective Date: January 1, 2026   Last Updated: April 27, 2026   Version: 2.176

1. Introduction

REUZEit, Inc., REUZEit BV, and REUZEit UK and Ireland, Ltd. (collectively, "REUZEit," "we," "us," or "our") respect your privacy and are committed to protecting your personal data. This Privacy Notice explains how we collect, use, disclose, and protect personal data, and the rights you have in relation to it.

This Notice applies to personal data we process about customers, prospective customers, website visitors, business contacts, and other individuals whose data we receive in the course of our business, regardless of where you are located.

2. Who We Are (Data Controllers)

Depending on your relationship with us, one or more of the following REUZEit entities acts as the controller of your personal data:

Entity Address Primary Jurisdiction
REUZEit, Inc. 28381 Vincent Moraga Dr., Temecula, CA 92590, USA United States
REUZEit, BV Coenecoop 630, 2741 PV Waddinxveen, Netherlands European Union
REUZEit UK and Ireland, Ltd. Ashley Farm, Bottle Lane, Bracknell RG42, United Kingdom UK & Ireland

We also operate satellite offices serving clients in the Boston, Massachusetts and San Francisco Bay Area regions. Personal data collected through those offices is controlled by REUZEit, Inc.

Where two or more REUZEit entities determine the purposes and means of processing jointly, they act as joint controllers under Article 26 GDPR. The essence of the joint controller arrangement is available on request via the contacts in Section 16.

Privacy Contacts

Region Name & Role Contact
EU / EEA Yordi van den Bulk, EMEA Operations Manager (Privacy Contact) privacy@reuzeit.com
UK Helene Haggit, UK Operations Manager privacy@reuzeit.com
US & Rest of World Casi Mayo, Chief Operating Officer privacy@reuzeit.com

Data Protection Officer

We have appointed a Data Protection Officer who can be contacted as follows:

Casi Mayo, Chief Operating Officer
REUZEit, Inc.
28381 Vincent Moraga Drive, Temecula, CA 92590, USA
Email: privacy@reuzeit.com

3. Personal Data We Collect

We collect the following categories of personal data:

  • Identification & contact data: name, job title, employer, business address, email, phone number.
  • Account & transaction data: purchase orders, service requests, contract terms, account history, communication records.
  • Billing & financial data: billing address, purchase history, payment method indicators (we do not store full payment card numbers — these are processed by our payment provider).
  • Correspondence: the content of emails, calls, support tickets, and meeting notes you send to us.
  • Website & technical data: IP address, browser type, device identifiers, pages visited, referring URLs, and similar data collected via cookies and analytics (see Section 12).
  • Marketing preferences: subscription status and consent records.
  • Sensitive personal data: we do not routinely collect sensitive personal data. If we do (e.g., if required for a specific service), we will obtain explicit consent or rely on another lawful basis as required by law.

Sources

We collect personal data:

  • Directly from you when you contact us, request a quote, place an order, sign a contract, attend an event, or interact with our website.
  • From your employer or organization when they engage us for services.
  • From third parties such as our email marketing platform (Constant Contact), publicly available sources, and credit-check providers.
  • Automatically through cookies and similar technologies on our website (see Section 12).

4. Why We Use Your Data and Our Legal Bases

Under the GDPR and UK GDPR we must have a lawful basis for each processing activity. The table below sets out our purposes and the corresponding legal basis.

Purpose Legal Basis (GDPR / UK GDPR Art. 6)
Processing orders, fulfilling service requests, and managing customer accounts Performance of a contract (Art. 6(1)(b))
Invoicing, payment processing, and tax recordkeeping Legal obligation (Art. 6(1)(c)) and legitimate interests in efficient financial administration
Responding to your enquiries and providing customer support Performance of a contract or legitimate interests in supporting our customers
Sending service-related communications (e.g., order confirmations, service notices) Performance of a contract (Art. 6(1)(b))
Sending marketing communications about our services Consent (Art. 6(1)(a)) where required, or legitimate interests (Art. 6(1)(f)) in promoting our business to existing B2B customers, with an opt-out in every message
Maintaining the security and integrity of our systems Legitimate interests (Art. 6(1)(f)) in protecting our business and yours
Complying with legal, regulatory, audit, and reporting obligations Legal obligation (Art. 6(1)(c))
Establishing, exercising, or defending legal claims Legitimate interests (Art. 6(1)(f)) in protecting our legal rights
Processing sensitive personal data (where applicable) Explicit consent (Art. 9(2)(a)) or another Art. 9 condition

Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. You may request more information about this assessment using the contacts in Section 16.

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Who We Share Your Data With

We share personal data only with the following categories of recipients, and only as necessary:

  • Other REUZEit group entities for centralized administration, customer servicing, and IT.
  • Service providers (processors) acting on our instructions, including:
    • Cloud hosting and IT infrastructure providers
    • Customer relationship management (CRM) and email platforms
    • Accounting, billing, and payment-processing providers
    • Tax-compliance software providers
    • Logistics, shipping, and fulfillment partners
    • Professional advisors (legal, audit, insurance)
    • Analytics and website-management providers
  • Government, regulatory, and law-enforcement authorities, where required by law or legal process.
  • Parties to a corporate transaction, such as in the event of a merger, acquisition, financing, or sale of assets, subject to confidentiality protections.

We do not sell your personal data, and we do not "share" personal data for cross-context behavioral advertising as those terms are defined under the California Privacy Rights Act (CPRA) or analogous U.S. state laws.

A current list of our key processors is available on request.

6. International Data Transfers

Because we operate in the United States, the European Union, and the United Kingdom, your personal data may be transferred between these jurisdictions and stored or processed in countries other than the one in which you reside.

For transfers from the EU/EEA or UK to countries that have not received an adequacy decision (including transfers to the United States), we rely on appropriate safeguards under Article 46 GDPR / UK GDPR, including:

  • The EU Standard Contractual Clauses (2021) issued by the European Commission, supplemented by the UK International Data Transfer Addendum for UK transfers; and
  • Where appropriate, supplementary technical and organizational measures informed by a Transfer Impact Assessment following the Schrems II decision.

You may request a copy of the relevant safeguards (with confidential commercial information redacted) from the contacts in Section 16.

7. Data Retention

We keep personal data only for as long as necessary for the purposes described in this Notice. Specific retention periods include:

Data Category Retention Period
Customer contract records and related correspondence Duration of the contract plus 7 years (reflecting the highest minimum retention requirement across our US, UK, and Netherlands operations for tax, accounting, and limitation-period purposes)
Invoicing, billing, and tax records 7 years
Marketing contacts (where consent is the basis) Until consent is withdrawn or after 24 months of inactivity, whichever is sooner
Website analytics and cookie data Up to 26 months from collection for general analytics data; specific retention periods per cookie are listed in our Cookie Policy
Job applicant data 12 months from the hiring decision
Records relating to legal claims Duration of the claim plus the applicable statutory limitation period

Where specific retention periods are not set above, we determine retention by reference to: (i) the duration of our relationship with you; (ii) any legal, tax, accounting, or regulatory obligation; (iii) the existence or possibility of legal claims; and (iv) any guidance issued by relevant data protection authorities.

When data is no longer needed, we securely delete or anonymize it.

8. Your Rights — Core Rights (All Users)

Subject to applicable law, you have the following rights regarding your personal data:

  • Access — obtain confirmation of whether we process your data and a copy of it.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion in defined circumstances.
  • Restriction — limit how we process your data in defined circumstances.
  • Objection — object to processing based on legitimate interests, and object to direct marketing at any time.
  • Portability — receive your data in a structured, machine-readable format and transmit it to another controller, where applicable.
  • Withdraw consent — at any time, where processing is based on consent.
  • Non-discrimination — we will not discriminate or retaliate against you for exercising your rights.

To exercise any right, see Section 16 (How to Contact Us). We will respond within the timeframe required by law (generally 30 days under GDPR/UK GDPR, with a possible 60-day extension for complex requests; 45 days under most U.S. state laws, with a possible 45-day extension).

We may need to verify your identity before fulfilling a request. For sensitive requests, we may ask for additional information to confirm you are who you say you are. Authorized agents may submit requests on your behalf with proper documentation.

9. EU / EEA & UK Specific Rights

In addition to the rights in Section 8, individuals in the EU/EEA and UK have the right to:

  • Lodge a complaint with a supervisory authority. We would appreciate the chance to address your concerns first, but you may complain directly to:
    • Netherlands (likely lead authority for EU matters): Autoriteit Persoonsgegevens — autoriteitpersoonsgegevens.nl
    • United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
    • Or the supervisory authority in your country of residence, place of work, or place of the alleged infringement.
  • Be informed about automated decision-making, where applicable (see Section 11).

10. U.S. State Privacy Rights Addendum

This Section supplements Section 8 and applies if you are a resident of a U.S. state with a comprehensive privacy law, including California, Colorado, Connecticut, Delaware, Iowa, Indiana, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia, or other states whose laws come into effect.

10.1 Categories of Personal Information Collected (CPRA disclosure)

In the prior 12 months, we have collected the following categories of personal information as defined under the California Privacy Rights Act (Cal. Civ. Code § 1798.140):

CPRA Category Collected? Source Disclosed for a Business Purpose?
Identifiers (name, email, IP, etc.) Yes You; your employer; website Yes — to service providers
Customer records (Civ. Code § 1798.80) Yes You; your employer Yes — to service providers
Commercial information (purchases, services obtained) Yes You Yes — to service providers
Internet/network activity Yes Website cookies Yes — to analytics providers
Geolocation data (general, IP-based) Yes Website Yes — to service providers
Audio/electronic information Yes — recorded Microsoft Teams and Zoom meetings only; we do not record inbound phone calls You Yes — to service providers
Professional/employment information Yes You; your employer Yes — to service providers
Inferences drawn from the above Yes Internal analysis Yes — to service providers
Sensitive personal information No (not routinely) N/A N/A

We do not sell personal information and do not share personal information for cross-context behavioral advertising. We have not done so in the prior 12 months. We do not knowingly sell or share personal information of consumers under 16.

10.2 Rights Matrix by State

Right CA (CPRA) CO, CT, VA, MT, OR, TX, DE, NH, NJ, MN, RI, MD, IN, IA, NE, TN, UT
Access / know what is collected Yes Yes
Correct inaccurate data Yes Yes (most states; UT excludes)
Delete Yes Yes
Portability Yes Yes
Opt out of sale Yes (we do not sell) Yes (we do not sell)
Opt out of "sharing" / targeted advertising Yes (we do not share) Yes (we do not engage in targeted advertising)
Opt out of profiling with legal/significant effects Yes Yes (most states)
Limit use of sensitive personal information Yes Opt-in consent required (most states)
Appeal a denial of a rights request Yes (CA via complaint to AG/CPPA) Yes (most states require an internal appeal)
Non-discrimination for exercising rights Yes Yes

10.3 Sensitive Personal Information (US)

Some U.S. state laws (e.g., Colorado, Virginia, Connecticut) require opt-in consent before processing sensitive personal information, while California provides a right to limit its use. We do not routinely process sensitive personal information. If we do, we will request your consent or honor your right to limit, as required.

10.4 How to Submit a Request (US Residents)

You may submit a privacy rights request through any of the following methods:

We will verify your identity using information already in our records. Authorized agents may submit requests with written permission from you and proof of their identity; we may still ask you to verify your identity directly.

10.5 Appeals

If we deny your privacy rights request, you may appeal by replying to our denial email or writing to the address above with the subject "Privacy Rights Appeal." We will respond within the timeframe required by your state's law (generally 45–60 days). If your appeal is denied, you may contact your state's Attorney General.

10.6 Universal Opt-Out Signals

Where required by state law (including California, Colorado, Connecticut, and Texas), we honor recognized universal opt-out signals such as the Global Privacy Control (GPC) sent through your browser.

11. Automated Decision-Making and Profiling

We do not make decisions based solely on automated processing — including profiling — that produce legal effects concerning you or similarly significantly affect you, within the meaning of Article 22 GDPR.

12. Cookies and Online Tracking

Our website uses cookies and similar technologies to operate the site, remember your preferences, and analyze usage. We do not use marketing or advertising cookies; our cookies are operational and analytics-only.

  • Strictly necessary cookies are set without consent because they are required for the site to function.
  • Analytics and functional cookies are set only with your consent (in the EU/UK) or where permitted by law, and you can change your preferences at any time via our Cookie Preferences link in the footer.

For full details — including the specific cookies, their providers, purposes, and durations — please see our Cookie Policy.

We honor browser-based opt-out signals, including the Global Privacy Control (GPC), where required by law. GPC signals are also recognized in our Cookie Preferences settings.

13. Sensitive Personal Data

We do not routinely collect special categories of personal data under Article 9 GDPR (e.g., health, biometric, racial/ethnic origin, religious beliefs, trade union membership, sexual orientation) or "sensitive personal information" under U.S. state laws. Where we do collect such data, we will rely on explicit consent or another lawful basis and will treat it with additional safeguards.

14. Children's Data

Our services are directed to businesses, not children. We do not knowingly collect personal data from children:

  • Under 16 in the EU/EEA (subject to local member-state thresholds, which range from 13 to 16);
  • Under 13 in the United Kingdom;
  • Under 13 in the United States (per the Children's Online Privacy Protection Act, "COPPA"), and we follow additional protections required for minors aged 13–16 under California and other state laws.

If you believe a child has provided us with personal data, please contact us and we will delete it.

15. Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, alteration, or disclosure. These include access controls, encryption in transit and at rest where appropriate, network security, employee training, vendor due diligence, and incident-response procedures.

No system is perfectly secure. If we become aware of a personal data breach affecting you, we will notify you and the relevant authorities as required by law.

16. How to Contact Us

To exercise your rights, ask questions, or make a complaint, contact:

  • Email: privacy@reuzeit.com
  • Web form: https://reuzeit.com/contact-us
  • Privacy policy online: https://reuzeit.com/privacy-policy
  • Toll-free (US): 1-888-642-6431
  • Postal mail:
    • EU/EEA: Yordi van den Bulk, REUZEit BV, Coenecoop 630, 2741 PV Waddinxveen, Netherlands
    • UK: Helene Haggit, UK Operations Manager, REUZEit UK and Ireland, Ltd., Ashley Farm, Bottle Lane, Bracknell RG42, United Kingdom (correspondence monitored via privacy@reuzeit.com)
    • US & Rest of World: Casi Mayo, REUZEit, Inc., 28381 Vincent Moraga Dr., Temecula, CA 92590, USA

We will acknowledge your request promptly and respond within the timeframe required by law.

17. Changes to This Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or in the law. The "Last Updated" date at the top indicates when it was last revised. Material changes will be communicated through our website and, where required, by direct notice. We encourage you to review this Notice periodically.

A history of prior versions is available on request.

This Notice is published in English. If translated versions are made available and there is a conflict between versions, the English version controls except where local law requires otherwise.