Privacy Policy — Ravenite
← Back to Ravenite Ravenite
LEGAL // PRIVACY POLICY

Privacy Policy

Effective date: July 6, 2026 · Last updated: July 6, 2026

This policy explains how Sell Me This Pen Inc., doing business as Ravenite ("Ravenite", "we", "us"), handles personal information. As a Québec business, we apply Québec's Law 25 (the Act respecting the protection of personal information in the private sector) and Canada's PIPEDA, and we also address the GDPR (EU/UK) and the CCPA/CPRA (California), since the people we process information about may be anywhere.

CONTENTS
1 · Who we are 2 · Scope: users and candidates 3 · Data we process 4 · Sources of candidate data 5 · Purposes & legal bases 6 · No sale of personal data 7 · Disclosure 8 · International transfers 9 · Retention 10 · Your rights 11 · Candidate removal & opt-out 12 · Controller / processor roles 13 · Security, cookies, children & changes

1 · Who we are

The entity responsible for personal information under this policy is Sell Me This Pen Inc., doing business as Ravenite, 1010 Sainte-Catherine St. West, Montreal, QC H3B 5L1. Our person in charge of the protection of personal information (Privacy Officer, as required by Québec Law 25) is Victor Vatus, reachable at Info@ravenite.com. That address is our single contact for all privacy and legal inquiries. We do not currently have an EU representative or DPO.

2 · Scope: users and candidates

Ravenite processes personal information about two distinct groups of people, and this distinction matters throughout this policy:

  • Users — staff at customer search firms who create accounts and run searches on the platform.
  • Candidates (data subjects) — professionals whose publicly available or licensed professional information is processed to support a customer's search. Candidates do not have accounts and typically have no direct relationship with Ravenite.

3 · Data we process

Users: account data (name, business email, firm) and usage data (log and device information, activity on the platform).

Candidates: business-context professional information — name, professional title, current and past employers, work history, and professional or business contact details. We do not intentionally process special-category or sensitive data about anyone, and we instruct users not to submit it.

4 · Sources of candidate data

We obtain candidate data from the customer's brief and inputs, from publicly available professional sources, and from licensed third-party data providers — not from the candidate directly. Because of this, candidates may not know Ravenite has processed information about them, which is why we provide the access and removal mechanism in section 11.

5 · Purposes & legal bases

We process personal information to provide our research and sourcing service: mapping a market against a customer's brief, organizing candidate profiles for human review, and operating and securing the platform. Where the GDPR applies, we rely on legitimate interests (Art. 6(1)(f)) for professional, business-to-business sourcing of publicly available professional information. We have conducted a balancing assessment of that interest against data-subject rights and freedoms, and candidates can object at any time (sections 10 and 11). We do not intentionally process special-category data and instruct users not to submit it.

6 · No sale of personal data

Ravenite does not sell personal data, as "sell" is defined by the CCPA/CPRA, and does not "share" personal data for cross-context behavioral advertising. Providing search results to the customer that requested them is a disclosure to perform our service, not a sale.

7 · Disclosure

We disclose personal information only: (a) to the requesting customer (the search firm running the mandate); (b) to vetted subprocessors and service providers under contract — currently in the categories of cloud hosting and infrastructure, licensed professional-data providers, and analytics/support tooling for the platform; and (c) where required by law or to protect rights and safety.

8 · International transfers

Where personal information is transferred across borders — including outside Québec, Canada, the EU, or the UK — we use appropriate safeguards such as Standard Contractual Clauses and, for transfers outside Québec, assess that the information will receive adequate protection as Law 25 requires.

9 · Retention

We keep personal information only as long as needed to provide the service or to meet legal obligations. When information is no longer needed, we delete or de-identify it. Candidate data associated with a completed search is deleted or de-identified in accordance with our retention schedule and the customer's instructions.

10 · Your rights

Depending on where you live, you have some or all of the following rights. To exercise any of them, contact Info@ravenite.com.

  • Québec (Law 25): access, rectification, withdrawal of consent, portability, and the right to de-indexing / cessation of dissemination of your personal information. You may direct complaints to the Commission d'accès à l'information du Québec. We report confidentiality incidents presenting a risk of serious injury to the Commission and to affected individuals, and keep an incident register.
  • Canada (PIPEDA): access and correction, withdrawal of consent, and complaint to the Office of the Privacy Commissioner of Canada.
  • EU / UK (GDPR): access, rectification, erasure, restriction, portability, and objection — including the right to object to processing based on legitimate interests, which we honor for candidate data.
  • California (CCPA/CPRA): know, delete, correct, opt out of sale/sharing (we do neither), and freedom from discrimination for exercising your rights.

11 · Candidate removal & opt-out

If you are a candidate and want to know what information we hold about you, correct it, or have it removed from our systems, email Info@ravenite.com with the subject line "Candidate data request." We will verify your identity, respond within the timelines required by applicable law, and honor removal requests going forward so your information is not resurfaced in future searches.

12 · Controller / processor roles

For candidate data processed on a customer's behalf to deliver a search, the allocation of controller and processor roles between Ravenite and the customer is addressed in the customer agreement and the Data Processing Addendum.

13 · Security, cookies, children & changes

Security. We use technical and organizational measures appropriate to the sensitivity of the information, including encryption in transit and at rest, access controls, and logging. Cookies & analytics. Our marketing site uses only the cookies and analytics necessary to operate and understand use of the site; we do not use them for cross-site advertising. Children. The service is for business use and is not directed to anyone under 18; we do not knowingly process children's data. Changes. We may update this policy; material changes will be reflected in the "Last updated" date above. Contact. Info@ravenite.com.

Ravenite
Home Team Integrations Terms Privacy DPA
© 2026 Ravenite