Loading...
Loading page...
Loading page...
Last Updated: October 2025
Riva Growth Solution ("we," "us," "our," or "the Company") is committed to protecting the privacy and security of personal information we collect, use, and process in connection with our management consulting services. This Privacy Policy describes how we handle personal information in compliance with applicable data protection laws worldwide, including the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Brazil's Lei Geral de Proteção de Dados (LGPD), and other applicable state and international privacy laws.
This Privacy Policy applies to all individuals whose personal information we process, including website visitors, prospective clients, current and former clients, business contacts, and other individuals with whom we interact in the course of our business operations.
Company Name: Riva Growth Solution
Address: Sharif Technology Services Complex, Sharif University of Technology, Azadi Street, Tehran, Iran
Email: info@riva-corporation.com
For privacy-related inquiries, complaints, or to exercise your data subject rights, please contact us using the information above.
We collect and process the following categories of personal information:
Name, job title, company name, work email address, business telephone number, business address, professional credentials, and department information.
Records of meetings, correspondence, communication preferences, interaction history, engagement records, and feedback provided to us.
Industry sector, areas of expertise, professional background, business affiliations, and information relevant to our consulting services.
IP address, browser type and version, device identifiers, operating system, referring URLs, pages viewed, time and date of visits, and other analytics data collected through cookies and similar technologies.
Payment information, billing addresses, purchase history, and records of services provided (when applicable).
We do not intentionally collect sensitive personal information such as Social Security numbers, precise geolocation data, racial or ethnic origin, religious beliefs, genetic data, biometric identifiers, health information, or sexual orientation unless specifically required for service delivery and with explicit consent.
We collect personal information from the following sources:
We process personal information based on the following legal grounds:
Where you have provided explicit, informed, and freely given consent for specific processing activities.
Processing necessary to perform our consulting services under a contract with you or your organization, or to take pre-contractual steps at your request.
Processing necessary for our legitimate business interests, including business development, client relationship management, service improvement, fraud prevention, and network security, provided these interests are not overridden by your privacy rights.
Processing required to comply with applicable laws, regulations, legal processes, or governmental requests.
We use personal information for the following purposes:
Our website uses cookies and similar tracking technologies to enhance user experience, analyze website usage, and support marketing activities.
Strictly Necessary Cookies: Essential for website functionality and cannot be disabled.
Functional Cookies: Enhance website features and remember your preferences.
Performance/Analytics Cookies: Help us understand how visitors interact with our website through aggregated statistics.
Advertising/Targeting Cookies: Used to deliver relevant advertisements and track campaign effectiveness.
We obtain prior consent before placing non-essential cookies on your device, in compliance with GDPR and ePrivacy Directive requirements. You can manage your cookie preferences through our cookie consent banner or browser settings. For California residents, we honor Global Privacy Control (GPC) signals as valid opt-out requests.
We may share personal information with the following categories of recipients:
Third-party vendors who perform services on our behalf, including IT service providers, cloud hosting providers, payment processors, marketing platforms, and analytics providers, under contractual obligations to protect your information.
Lawyers, accountants, auditors, and other professional advisors when necessary for business operations.
Trusted partners who assist in delivering our services or with whom we collaborate on specific projects, with appropriate safeguards.
Government bodies, law enforcement agencies, courts, and regulators when required by law or to protect our legal rights.
In connection with a merger, acquisition, corporate restructuring, or sale of assets, subject to confidentiality obligations.
We do not sell personal information to third parties for monetary consideration. However, certain data sharing activities may constitute "selling" or "sharing" under CCPA definitions, and California residents have the right to opt out of such activities.
As a global management consulting firm, we may transfer personal information across international borders to countries where our service providers, partners, or we maintain operations.
When transferring personal information from the EEA to countries without an adequacy decision from the European Commission, we implement appropriate safeguards, including:
We comply with applicable cross-border data transfer requirements under LGPD, PIPEDA, and other relevant laws.
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements.
Retention periods are determined based on:
Client engagement records: Duration of engagement plus 7 years (or as required by law)
Financial and tax records: 7 years from transaction date
Communication records: 3-5 years, unless longer retention is justified
Marketing data: Until consent is withdrawn or legitimate interest ceases
Once personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention and deletion policies.
We implement appropriate technical, organizational, and physical security measures to protect personal information against unauthorized access, alteration, disclosure, destruction, loss, or misuse.
Despite our security measures, no system is completely secure. We cannot guarantee absolute security of personal information transmitted to or stored by us.
Depending on your jurisdiction, you may have the following rights regarding your personal information:
Right of Access: Request copies of your personal information in a machine-readable format.
Right to Rectification: Request correction of inaccurate or incomplete personal information.
Right to Erasure (Right to be Forgotten): Request deletion of your personal information when it is no longer necessary or consent is withdrawn.
Right to Restriction of Processing: Request limitation of processing under certain circumstances.
Right to Data Portability: Receive your personal information in a structured format and transmit it to another controller.
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making: Right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
Right to Lodge a Complaint: File a complaint with your local data protection authority.
Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and categories of third parties with whom information is shared.
Right to Delete: Request deletion of personal information, subject to certain exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: Opt out of the sale or sharing of personal information.
Right to Limit Use of Sensitive Personal Information: Limit the use and disclosure of sensitive personal information.
Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment.
California residents can submit requests through our "Do Not Sell or Share My Personal Information" link or by contacting us directly.
Right to Access: Access your personal information held by us.
Right to Challenge Accuracy: Request correction of inaccurate or incomplete information.
Right to Withdraw Consent: Withdraw consent for processing, subject to legal or contractual restrictions.
Right to File a Complaint: Lodge complaints with the Office of the Privacy Commissioner of Canada.
Confirmation and Access: Confirm whether we process your data and access such data.
Correction: Correct incomplete, inaccurate, or outdated data.
Anonymization, Blocking, or Deletion: Request anonymization, blocking, or deletion of unnecessary or excessive data.
Portability: Request portability of data to another service provider.
Information about Sharing: Obtain information about public and private entities with which we share data.
Revocation of Consent: Revoke consent when applicable.
To exercise any of these rights, please contact us using the contact information provided above. We will respond to verified requests within the timeframes required by applicable law (typically 30 days for GDPR requests, 45 days for CCPA requests, with possible extensions). We may request additional information to verify your identity before fulfilling requests.
Our services are directed to businesses and professionals. We do not knowingly collect personal information from children under the age of 16 (or under 13 in the United States, as required by the Children's Online Privacy Protection Act) without parental consent.
If we become aware that we have inadvertently collected personal information from a child without appropriate consent, we will take steps to delete such information promptly.
We may send marketing communications about our services, events, and industry insights to business contacts who have provided consent or where we have a legitimate interest.
You can opt out of marketing communications at any time by:
Please note that even if you opt out of marketing communications, we may still send you non-promotional communications related to our business relationship, services, or legal obligations.
Our website may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties.
We encourage you to review the privacy policies of any third-party services you access.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities as required by applicable law. Under GDPR, notifications will be made within 72 hours of becoming aware of the breach.
We maintain incident response procedures to detect, investigate, and respond to security incidents promptly.
We may update this Privacy Policy periodically to reflect changes in our practices, services, legal requirements, or for other operational, legal, or regulatory reasons. We will post the updated Privacy Policy on our website with a revised "Last Updated" date.
Material changes will be communicated through prominent notice on our website or direct communication to affected individuals as required by law. Your continued use of our services after changes become effective constitutes acceptance of the revised Privacy Policy.
If you believe we have not handled your personal information in accordance with applicable law, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction:
We encourage you to contact us first so we can address your concerns directly.
We maintain accountability for personal information processing through:
In addition to California residents' rights under CCPA/CPRA, residents of the following U.S. states have specific privacy rights under their respective state laws: Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy legislation. These rights generally include access, deletion, correction, and opt-out rights similar to those described above.
Please contact us to exercise rights under your state's privacy law.
By using our services or providing personal information to us, you acknowledge that you have read and understood this Privacy Policy.