SpringCM Privacy Policy

    Changes were made to this Privacy Policy, effective 05/24/18.

    TRUSTe

    Contents of Policy:

    1. Introduction and Consent
    2. Who We Are and What We Do
    3. Personal Data
    4. How SpringCM Obtains and Uses Personal Data and Other Information
    5. International Data Transfers
    6. Information Sharing
    7. Choices / Opting Out
    8. When We May Disclose Personal Data
    9. Data Retention
    10. How We Protect Your Information
    11. Changes to this Privacy Policy
    12. Linked Sites
    13. Contacting SpringCM
    14. Suggestions
    15. Disclaimers

     

    1. Introduction and Consent.

    This Privacy Policy describes the steps SpringCM takes to protect the privacy and security of Personal Data, Customer Content and other information we gather, receive, store and/or process, either on our own behalf or on behalf of our Customers who use our Services. It also describes your choices regarding use, access and correction of your Personal Data. We periodically update this Privacy Policy, so we encourage you to review this Privacy Policy periodically.

    By using or accessing this SpringCM website or any other website made available by SpringCM which links to this Privacy Policy (each, a “Site”), or providing Personal Data to SpringCM, or using or accessing our Services, or attending any of our events such as SpringForward, you consent and agree to the privacy practices of SpringCM and the provisions of this Privacy Policy, including the warranty and liability provisions set forth below.

    If you are an individual (a “data subject”) entitled to the protections of the EU General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield, please see the “International Data Transfers” section below, which describes additional rights you have with regard to your Personal Data.

     

    2. Who We Are and What We Do.

    SpringCM Inc. (www.springcm.com) is a cloud services provider based in the U.S. which also has operations in the UK and the EU (collectively, “SpringCM,” “us” or “we”, or “our”). We provide to our Customers a secure, cloud-based document and contract management platform consisting of various software products, services and mobile applications (collectively, the “Services”). These enable our Customers to build workflows and collaborate on documents across their entire organization.

     

    SpringCM takes very seriously its obligation to protect the privacy of Personal Data entrusted to us. Our success is based on maintaining the trust our customers and others place in us to securely process and store their critical information. We work hard to earn that trust.

    SpringCM uses encryption technology and other means to protect the confidentiality and security of Personal Data, as well as the data of our Customers (“Customers”) transmitted, stored and processed using our Services (“Customer Content”).  Customer Content may contain Personal Data if included by our Customer. If you are a Customer, in the event of any conflict or inconsistency between your Master Subscription and Services Agreement (“MSA”) with SpringCM and this Privacy Policy regarding Customer Content or otherwise, including SpringCM’s liability to you, the MSA shall govern. For more details, see the “How We Protect Your Information” section below.

     

    3. Personal Data.

    As used in this Privacy Policy, “Personal Data”[1] is any information relating to an identified or identifiable natural person, i.e., a “data subject,”[2] which means an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural or social identity.

    When SpringCM processes or stores your Personal Data in connection with providing its Services to our Customers, we are acting as a data “processor” for our Customers, and not as a data “controller.”[3]  In that context, our Customers have primary responsibility to you regarding your Personal Data.

    4. How SpringCM Obtains and Uses Personal Data and Other Information.

    We may collect, receive, store, use and/or process the Personal Data and other information described in this Privacy only in compliance with applicable law, our agreements with our Customers and as described in this Privacy Policy.

    • When You Provide It. 
    • By Completing a Form or Communicating With Us.

    If you are a visitor to our Site (“Visitor”), you may provide Personal Data (e.g., name, address, telephone number, email address and company name) directly to us by completing a form such as the Contact SpringCM page on our Site to learn more about our Services, use interactive features of our Site, become a Customer, subscribe to a blog, participate in surveys or contests, promotions or sweepstakes, or otherwise communicating with us.

    We may use Personal Data you provide to us and as you direct, e.g., to create an account, fulfill your request for a demo, subscribe you to our newsletters or other marketing communications, reply to your contact request, to process billing if you are a Customer or to otherwise take action related to the purpose for which you supplied it. Our marketing communications may include contacting you further by email, e.g., to further contact you regarding your interest in our Services and to send you information regarding SpringCM, its affiliates, and partners, including information about promotions or events. Should you inquire about or purchase any SpringCM Services utilizing the Site, the information you supplied during this process may be used to track details about those purchases.

    We will never use for our own marketing or other purposes any Personal Data contained within the Customer Content we store and process on behalf of our Customers as they use our Services.

    • By Registering for or Attending an Event.

    If you register to attend or attend a SpringCM sponsored event or other event in which we participate, you will be required to provide certain Personal Data to us (e.g., name, address, contact info.). You will also be subject to additional terms and conditions regarding your participation in the event which reference this Privacy Policy.

    We use this information to reserve your participation in the event, verify your right to participate, and may use it to track access to facilities and as otherwise described in the separate terms and conditions that apply to the event. We may also use this information for marketing purposes and customer follow-up activities to obtain your feedback.

    • To Submit a Testimonial or a Blog or Forum Posting.

    We sometimes publish testimonials on our Site from individuals who use our Services. With their permission, we may include some of their Personal Data. Our Site also offers publicly accessible blogs or discussion forums, which contain some Personal Data of the contributors.

    We use this Personal Data for marketing purposes and to remain in contact with the individuals who have submitted testimonials and content for publication on our Site. Please be aware that any information you provide in these areas may be read, collected, and used by others. We have no control over what third parties may do with this information. To request removal of your Personal Data or postings from our blogs or discussion forums, or to request removal of a testimonial you previously authorized, please contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section below. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.

    • When Our Customers Provide It.
    • To Establish an Account and Use Our Services.

    We may ask for and collect Personal Data about you such as your name, address, phone number, email address, company name and the like when you register for an account to use our Services, including when you are acting on behalf of a Customer, typical an organization or company. In addition, if you are an individual authorized user of our Services pursuant to a Master Subscription Agreement or similar agreement (“MSA”) between SpringCM and one of our Customers, the MSA might impose additional restrictions on SpringCM’s use or collection of Personal Data.

    We communicate with our Customers on a regular basis via email, and we may also communicate by phone to resolve Customer complaints or investigate suspicious transactions. We may use your email address to confirm your opening of an account, to send you notices regarding payments, or to send notices and other disclosures as required by law. Generally, Customers cannot opt out of informational communications relevant to their accounts.

    • As Part of the Customer Content Processed Using Our Services.

    Our Customers use our Services to store, manage and share their contracts and other important business data, documents and materials, i.e., their Customer Content. This data may include Personal Data to the extent our Customer has included it. They upload this data to our Services platform, and exclusively control and manage it. This data may include Personal Data. In this context, SpringCM acts as a data “processor” on behalf of its Customer, and its Customer is the data “controller.”[4] As the data controller, the Customer is directly responsible to the individuals to whom the Personal Data relates, including for correcting, deleting or updating Personal Data they have collected from you and are storing using our Services. SpringCM has no direct relationship with the individual data subjects whose Personal Data may be contained within the Customer Content we store and process on behalf of our Customers as they use our Services, and is not responsible for what our Customers do with it. 

    SpringCM does not use any Personal Data within Customer Content except to the extent it is processed by SpringCM in connection with operating and providing its Services to our Customers. While we are contractually obligated to our Customers to maintain the confidentiality and privacy of Customer Content, including Personal Data, typically no person at SpringCM will have a need to access this Personal Data, except to the extent necessary to address technical issues related to our Services, as instructed by our Customer, as necessary to otherwise fulfill our contractual obligations to our Customer, or as otherwise required by law. 

    Our Customers are solely responsible for establishing their own data privacy and security policies and for their compliance with all applicable laws and regulations, agreements or other obligations relating to the Personal Data of individuals with whom they interact. Nevertheless, we acknowledge that individuals have various rights and options with regard to their Personal Data, and SpringCM works with its Customers to help them provide notice to their customers – including individuals – concerning the purposes for which they use our Services to process the Personal Data of their customers.

    If our Customer requests SpringCM to remove your Personal Data from their Customer Content – the data stored our Services – we will respond to their request promptly.

    If you are an individual data subject entitled to the protections of the EU General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield, please see the section below, “International Data Transfer,” which describes additional rights you have with regard to your Personal Data, including the rights to access your Personal Data and to limit its use and disclosure, subject to certain exceptions. You may also have additional rights under applicable data protection laws and regulations.

    If you are an individual who interacts with our Customer using our Services (e.g., if you are a customer of one of our Customers) and wish to inquire or exercise your rights with regard to your Personal Data, please contact our Customer directly. If you believe SpringCM is processing your Personal Data, you may also contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section below. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request. Please identify our Customer which may be acting as a data controller with regard to your Personal Data. In that case, we will refer your inquiry to our Customer and assist them, to the extent possible, in responding to your request to exercise your rights with regard to your Personal Data. 

    • When We Collect It Automatically. Information collected by SpringCM automatically through our Site, our Services or our mobile applications, is not ordinarily acquired in a form or manner that reveals Personal Data. 
    • SpringCM and its partners use “cookies” (small text files placed by our Site and stored on your computer), or similar technologies to help analyze trends, administer our Site, track users’ movements around the Site, and track and customize your access to and use of the Site and the Service. Cookies store and retain information that helps us recognize you on subsequent visits to the Site. Cookies may also store any login or ID and the associated password you use to access the Services, which information is stored in encrypted form. Most popular Internet browsers can be configured to reject cookies and delete those previously accepted.

    SpringCM affords you the right to decide which cookies you want to allow and to change any your previously selected preferences at any time. You have right to opt-out of various categories of cookies, except those that are essential to the operation of our Site and Services. Note that deleting optional cookies altogether may result in the disabling of certain functions of our Site. For information on deleting the cookies, please consult your browser’s help function.

    For more information about the choices SpringCM affords you regarding cookies and to indicate your preferences, click on the button below.

    Cookie Settings
    • Through Our Mobile Applications. We use mobile analytics software to allow us to better understand how our Customers use our mobile applications to connect to their SpringCM accounts from their mobile phones (or other mobile devices). When our Services are used through our mobile applications, we automatically collect the use of mobile analytics software information on the type of device used, and operating system and version, how often our mobile applications are used, the events that occur within the applications, aggregated usage, performance data, and where the application was downloaded from. Use of the upload functionality in our mobile applications requires access to the photo album of the user’s dev However, you may disable the upload functionality so that the mobile application will not access the device’s photo album. Applications developed for the Apple iOS may require location services to be enabled on the user’s device in order for the mobile application to access and transmit the device’s location information for security reasons. SpringCM does not collect or store your location information. If you do not wish to enable location services in our mobile applications, you may disable it and still use the mobile application. When you download the SpringCM mobile application from Apple’s App Store, Google Play or Amazon AppStore for Android, those sites and companies will state their own privacy policies. SpringCM has no control over and no responsibility for the privacy policies and practices of those third parties. 

    We do not link the information we store within the analytics software to any Personal Data you transmit using the mobile application.

    • Behavioral Advertising. We partner with third parties to either display advertising on our Site or to manage our advertising on other websites. Our third party partners may use technologies such as cookies tags and scripts, as described above, to gather information about your activities on our Site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish not to have this information used for the purpose of serving you interest-based ads, you may opt out by clicking here (or if located in the European Union click here). Please note that your browser must be set to accept cookies and not delete them upon closing it in order for these opt out services to work. These opt out services are not operated by SpringCM and SpringCM has and will have no control, responsibility or liability for their proper operation. Please also note that this does not opt you out of being served ads altogether. You will continue to receive generic ads.
    • Usage Data. The web servers used to operate our Site and Services collect certain data pertaining to the type of device and equipment and communications methods used to access the Internet and our Site and Services. This data does not readily identify the individual user. It does reveal such things as the Internet protocol (IP) address assigned to your computer, pages accessed on the Site or immediately prior to visiting the Site, and the length of time you spent at the Site. This information is collected, among other things, to facilitate Site operation and system administration, to generate aggregate statistical information, and to improve the performance of the Services made available on the Site. We may combine this automatically collected log information with other information we collect about you or which you provide to us. We do this to improve the Site and our Services and to improve our marketing, analytics, and the functionality of our technology. SpringCM may also retain the content of and metadata regarding any correspondence you may have with SpringCM or its customer service representatives. This information helps SpringCM improve the Site and our Services, and more effectively and efficiently respond to both current and future inquiries.
    • Social Media Widgets. Our Site includes “social media features” and “widgets” such as the “Share This” button or interactive mini-programs. These features and widgets may collect your IP address, which page or feature you are accessing, and may place a cookie on your device to enable them to function properly. Social media features and widgets are either hosted by a third party (e.g., Facebook, LinkedIn, Twitter, Google and the like) or hosted directly by SpringCM. Your interactions with these third parties’ social media features and widgets are governed by this Privacy Policy to the extent any Personal Data is gathered by or sent to SpringCM, and by the privacy policies and terms of use of the applicable third party social media companies providing these features and widgets to the extent you interact with their respective websites or apps.

     

    5. International Data Transfers.

    SpringCM is a U.S.-based company with customers across the world. We primarily store and process Personal Data within the U.S., but in some cases will do so within the European Economic Area (the “EEA”). To facilitate our operations, we may transfer and access such Personal Data from around the world, including from other countries in which SpringCM has operations, for the purposes described in this Policy. We may also transfer Personal Data to our third party sub-processors as described below in this section and at SpringCM Sub-processor List, which may be located in a different country to you. Such countries may have laws which are different, and potentially not as protective, as the laws of your own country.

    SpringCM uses a variety of legal mechanisms in connection with sharing, transferring, processing or otherwise acting upon Personal Data related to data subjects entitled to the protections of the GDPR, including the EU standard contractual clauses and/or Privacy Shield Framework described in this section.

    EU-U.S. and Swiss-U.S. Privacy Shield.

    SpringCM complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, the “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland, respectively, to the United States. The provisions of this section apply to EU and Swiss residents and citizens subject to the protection of the Privacy Shield and to our Customers which process their Personal Data using our Services. SpringCM is committed to and has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability For Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability (collectively, the “Privacy Shield Principles”). If there is any conflict between the terms in this Privacy Policy and SpringCM’s obligations under the Privacy Shield Principles regarding the handling of Personal Data, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield and to view SpringCM’s Privacy Shield certification, please visit https://www.privacyshield.gov/ and https://www.privacyshield.gov/list, respectively.

    Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (either or both, as applicable, the “Privacy Shield”), SpringCM is responsible for the processing of Personal Data it receives from the EU and Switzerland, respectively, and subsequently transfers to a third party acting as an agent on its behalf. SpringCM may be liable for the failure of such a third party to adhere to the Privacy Shield Principles, unless SpringCM proves that it is not responsible for the event giving rise to the damage.

    Pursuant to the Privacy Shield, SpringCM is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (https://www.ftc.gov/). In certain situations, SpringCM may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If you are an EU or Swiss resident or citizen, and SpringCM is processing or storing your Personal Data on behalf of a Customer of SpringCM, or in any other circumstance where the Privacy Shield or the GDPR applies to your Personal Data, you have the right to access your Personal Data and additional “opt out” rights with regard to your Personal Data, including the other rights described under the heading “Your Individual Rights Under the GDPR” in the subsection below, “General Data Protection Regulation (EU) (GDPR) (Effective beginning May 25, 2018.”

    If you have any privacy or data use questions or concerns, please contact us as described in the “Contacting SpringCM” section below. SpringCM will respond within 30 days. If, despite our efforts, we have not addressed your privacy or data use concern satisfactorily, you may submit it to our U.S.-based third party dispute resolution provider, TRUSTe (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

    SpringCM commits to cooperate with EU and Swiss data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU or Switzerland in the context of the employment relationship.

    General Data Protection Regulation (EU) (GDPR) (Effective beginning May 25, 2018).

    Your Individual Rights Under the GDPR. If you are an individual data subject entitled to the protections of the EU General Data Protection Regulation (GDPR), the following information describes additional rights you have with regard to your Personal Data, subject to certain exceptions:

    • The right to be informed regarding the collection and use of your Personal Data. This Privacy Policy serves that purpose. You should also review the Privacy Policies of any data controllers – including our Customers – to which you may have provided your Personal Data.
    • The right of access. You have the right to access the Personal Data which has been collected concerning you, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing.
    • The right to rectification. You have the right to obtain from the data controller (which may be Customer of SpringCM) and without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.
    • The right to erasure (“right to be forgotten”). In certain circumstances, you may have a broader right to erasure of Personal Data that we hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations. 
    • The right to restrict processing. You may have the right to request that we restrict processing of your Personal Data in certain circumstances (for example, where you believe that the Personal Data we hold about you is inaccurate or unlawfully held).
    • The right to data portability. In certain circumstances, you may have the right to be provided with your Personal Data in a structured, machine readable and commonly used format and to request that we transfer the Personal Data to another data controller without hindrance.
    • The right to object to processing. You may have the right to request that SpringCM stop processing your Personal Data and/or to stop sending you marketing communications.
    • Rights in relation to automated decision-making and profiling.[5] You may have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects you.

    If you are an individual who interacts with our Customer using our Services (e.g., if you are a customer of one of our Customers) and wish to inquire or exercise your rights with regard to your Personal Data, please contact our Customer directly. If you believe SpringCM is processing your Personal Data, you may also contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section below. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request. Please identify our Customer which may be acting as a data controller with regard to your Personal Data. In that case, we will refer your inquiry to our Customer and assist them, to the extent possible, in responding to your request to exercise your rights with regard to your Personal Data.

    • Legal Bases for Processing. We will collect or process your Personal Data only where we have a legal basis for doing so, which depends on how you interact with SpringCM and/or our Services, or the systems or services of one of our Customers (acting as a data controller) on whose behalf we act as a data processor. This means that we will normally collect, process and/or use (depending on the context) your Personal Data only where: 
    • It is supplied to us by you, or by one of our Customers acting as a data controller, and you have consented to the processing of your Personal Data for one or more specific purposes. Note that where your Personal Data is contained within the data sent to us for processing by our Customer, you will normally already have provided your consent to that Customer.
    • It is necessary in order to provide and operate our Services, including providing support and personalized features, or to protect the safety and security of our Services or Customers and their data. 
    • It is necessary in the context of performing our obligations under a contract, e.g., to provide our Services to a Customer.
    • It satisfies a legitimate interest (which is not overridden by your data protection interests), such as research and development, marketing and promotion of our Services, fraud prevention and to protect our or our Customers’ legal rights and interests. 
    • You provide us or our Customer with your consent to do so for a specific purpose. 
    • It is necessary for compliance with a legal obligation to which our Customer (as the data controller) is subject.

    If you have consented to our, or our Customer’s, use of your Personal Data for a specific purpose, you have the right to change your mind at any time and object to that use, but this will not affect any processing that has already taken place. This may mean, however, that you may no longer be able to use or benefit from our Services or those provided by our Customer, as applicable.

    • Who Are SpringCM’s Sub-Processors? SpringCM maintains an up-to-date list of the names and locations of all sub-processors which may process Personal Data on our behalf, which can be found on our SpringCM Sub-processor List. The list includes the ability for our customers to sign up for notifications of changes. The list also may be obtained by contacting privacy@springcm.com.

     

    6. Information Sharing.

    • We Will Never Sell Your Personal Data for Marketing Purposes. We will never sell your Personal Data to any third party, except in the event of a sale, merger, corporate reorganization or other business consolidation or similar transaction, where user information may be among the transferred assets or disclosed information (in which case you will be notified via email or a prominent notice on our Site of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data). 
    • To Sub-Processors to Provide Aspects of Our Services. SpringCM will not share with any third party any Personal Data contained within any Customer Content except as stated in this Privacy Policy. This may occur most typically in connection with providing certain features of our Services to our Customers through the use of Sub-Processors, as described above. If we do, these third parties will have agreed to obligations with regard to the security, handling and transfer of Personal Data consistent with those undertaken by SpringCM.
    • For Other Purposes. If we share Personal Data that is not contained within Customer Content with third parties, we will only do so in the ways that are described in this Privacy Policy or if you have provided your consent after notice. We may share Personal Data with our affiliated companies (those we control or which are under common control with us by a parent entity) to respond to your inquiries, process orders, assist us in providing Services or to help improve our Services. We may also share Personal Data with business partners, service vendors, authorized third party agents or contractors in order to provide the Services or a requested transaction, including processing orders, processing credit card transactions, hosting websites, hosting demos, event and seminar registration and providing customer support, or to provide you with information regarding our Services or the services or products of third parties that may be of interest to you and for other legitimate and lawful business purposes of SpringCM.
    • Minimal Disclosure. We only provide third parties with the minimum amount of Personal Data necessary for an authorized purpose and such third parties are not permitted to use your Personal Data for any purpose not disclosed or authorized under this Privacy Policy or the privacy policy of the recipient, or for which you have not otherwise provided your consent.

     

    7. Choices / Opting Out.

    If you are an individual data subject entitled to the protections of the EU General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield, you may opt out of having any of your Personal Data disclosed to a third party or used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you, subject to certain exceptions.

    If you are an individual who interacts with our Customer using our Services (e.g., if you are a customer of one of our Customers) and wish to inquire or exercise your rights with regard to your Personal Data, please contact our Customer directly. If you believe SpringCM is processing your Personal Data, you may also contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request. Please identify our Customer which may be acting as a data controller with regard to your Personal Data. In that case, we will refer your inquiry to our Customer and assist them, to the extent possible, in responding to your request to exercise your rights with regard to your Personal Data.

    Generally, subject to the above two paragraphs, the following will apply:

    • Reviewing, Correcting and Removing Your Personal Data. Upon request, but except to the extent contained within our Customer’s data stored using our Services, in which case we will refer you to our Customer as described above, we will advise you regarding whether SpringCM holds any of your Personal Data. If you provide us with your Personal Data, you have the following rights with respect to that information:
    • To review the user information that you have supplied to us.
    • To request that we correct any errors, outdated information, or omissions in user information that you have supplied to us.
    • To request that your user information not be used to contact you.
    • To request that your user information be removed from any solicitation list that we use.
    • To request that your user information be deleted from our records.
    • To opt out of being solicited by SpringCM or third parties.

    To exercise any of these rights, please contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section below.

    • Anti-Spam Policy. We will not send you unsolicited commercial email in violation of applicable laws. Every email we send for marketing purposes will include a mechanism for “opting-out” of further such communications.
    • To Unsubscribe From Our Communications.

    You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails, or by contacting us at privacy@springcm.com or as otherwise described in the section “Contacting SpringCM,” below.

    Once you opt out, we will honor your choice until you inform us otherwise. All requests made by Customers or Visitors to SpringCM to update or delete any Personal Data shall be responded to within a reasonable period not to exceed 30 days. Please note that opting out of behavioral advertising, i.e., advertising based upon your browsing activities and interests, requires that you use the opt out methods described in the “Behavioral Advertising” section above.

    Under any circumstances, the sender of any communications to SpringCM is responsible for the content and information contained therein, including its accuracy and truthfulness, and you agree that you will not knowingly provide to SpringCM any information which is inaccurate or which you do not have the legal right to provide. Customers cannot opt out of receiving transactional emails related to their account with us or the Service.

    • To Unsubscribe from Our Customers' Communications. Our Customers are solely responsible for their own marketing emails and other communications; we cannot unsubscribe you from their communications. You can unsubscribe from our Customers' marketing communications by clicking on the "unsubscribe" link located on the bottom of their emails, or by contacting the sender directly.

    8. When We May Disclose Personal Data.

    Notwithstanding anything else in this Privacy Policy, including any opt out instructions we receive from you, we may also disclose Personal Data without notifying you in the following circumstances: (i) in response to subpoenas, court orders or other legal process, or to establish or exercise our legal rights or defend against legal claims; (ii) when we believe it to be necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our MSA or other agreement with you, and/or to protect our rights and property or those of others with which we do business; (iii) when we sell or license the Service (excluding usage license rights granted to Customers during the normal course of business) as an asset, or in the event of a sale, merger, corporate reorganization or other business consolidation or similar transaction, where user information may be among the transferred assets or disclosed information (in which case you will be notified via email or a prominent notice on our Site of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data); or (iv) when we have your prior consent to do so. If you are an individual data subject entitled to the protections of the EU General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield, we will act in accordance with your rights and as instructed by our Customer if acting as a data controller with regard to your Personal Data. Please see the “International Data Transfer” section above.

    9. Retention.

    Except to the extent prohibited by law, and subject to this Privacy Policy (and the MSA if you are a Customer), we will retain and use Personal Data for a period of time consistent with the original purpose for which it was provided or collected, e.g., as needed to provide you the Services, to document our business relationship with you, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, and for a reasonable period of time thereafter. The foregoing does not apply to any Personal Data included in Customer Content, e.g., contained within a stored document uploaded to our Services platform – our Customer exclusively controls the disposition of that data.

    If you wish to cancel your account and status as an active Customer of SpringCM, your termination rights are specified in your MSA. If you wish to request that we no longer use Personal Data you have supplied in order to provide you the Services, please contact us at  privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section. Personal Data no longer retained will be disposed of or destroyed in a reasonable manner intended to prevent loss, theft, misuse, or unauthorized access. If you are a Visitor, we will retain your Personal Data for as long as we deem necessary for legitimate business purposes. If you are an individual data subject entitled to the protections of the EU General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield, we will act in accordance with your rights and as instructed by our Customer if acting as a data controller with regard to your Personal Data. Please see the “International Data Transfer” section above.

    10. How We Protect Your Information.

    SpringCM recognizes that protecting the information entrusted to us is critical to maintaining the confidence and trust upon which we’ve built our business. For this reason, we provide industry-standard security procedures and processes to protect Customer Content and Personal Data. Our physical security layer is protected by need-to-know authorization provided only to the appropriate operations individuals. Additionally, the servers we use to provide our Services are caged within a room protected by secure access procedures. Our network security layer is secured with TLS encryption technology compliant with PCI Security Standard Council standards, so all communication with our Services is encrypted. Our network is also protected by industry-standard firewall technology and administered real-time to provide timely security patching. This layer is also monitored by intrusion-detection systems designed to detect unauthorized access.

    Importantly, all data we store, including Customer Content and Personal Data, is encrypted at rest.

    These safeguards are intended to protect Customer Content and Personal Data and to ensure, to the extent possible, the proper and legal use of the Site and our Services. However, no data security system is impenetrable and SpringCM cannot and does not guarantee that information stored or processed using our Services will be 100% secure.

    In addition, SpringCM maintains the confidentiality and security of Customer Content, including any Personal Data to the extent included therein by the Customer, pursuant to the applicable MSA between SpringCM and our Customer for the Services.

    11.Changes to this Privacy Policy.

    From time to time, SpringCM may change its Privacy Policy because of changes in applicable legal or regulatory requirements, the business or business practices of SpringCM or other reasons. Such changes shall become effective upon posting of a revised Privacy Policy on this Site. If our changes to the Privacy Policy are material as to how we handle or use Personal Data, we may post a prominent notice on our Site or notify you directly before they take effect. Your continued use of this Site, our Services or our mobile applications following the effective date of we post a revised Privacy Policy will mean that you accept those changes. We encourage you to periodically review this page for the latest information on our privacy practices.

    12. Linked Sites.

    For your convenience, some hyperlinks may be posted on the Site that link to other websites not under the control of SpringCM. We are not responsible for these other websites and this Privacy Policy does not apply to the privacy practices of those sites. In addition, when you initiate a transaction on a website that our Site links to, even if you reached that site through our Site, the information you submit to complete that transaction becomes subject to the privacy practices of the owner of that linked site. You should read their privacy policies to understand how they use and protect Personal Data and other data that they collect. SpringCM is not responsible for the privacy, security or other information practices or any acts or omissions of its suppliers or any third parties or their websites.

    13. Contacting SpringCM.

    Please direct any questions, inquiries or complaints regarding our privacy practices or this Privacy Policy to SpringCM at privacy@springcm.com or by contacting our customer service line at 877-362-7273 or 312-881-2026. Additional contact information: SpringCM Inc., Attn: Customer Support, 180 North LaSalle Street, 6th Floor, Chicago, IL 60601 USA; Telephone: (877) 362-7273 or (312) 881-2026; Facsimile: (312) 253-8215.

     

    14. Suggestions.

    In the event you provide SpringCM with any suggestions, enhancement requests, recommendations, product or services ideas for improvements, features or any other feedback (collectively, “Feedback”), SpringCM shall have a royalty-free, worldwide, irrevocable, perpetual, non-exclusive, transferable license to use, copy, modify, distribute and incorporate any and all of the foregoing Feedback into the SpringCM Services and/or any other products and services, and to re-sell, re-license and otherwise freely commercialize the Feedback and exercise any and all rights it deems useful or necessary with regard thereto, without limitation and without remuneration, attribution or liability to you.

    15. Disclaimers.

    If you are a SpringCM Customer, your existing MSA with SpringCM governs your use of the SpringCM Services. With respect to all other users of this Site, the following shall apply, and your use of SpringCM’s Site constitutes your agreement to the following:

    SPRINGCM DOES NOT WARRANT THAT THIS SITE WILL MEET ANY USER’S REQUIREMENTS OR THAT ITS USE OR AVAILABILITY WILL BE UNINTERRUPTED OR ERROR FREE. THIS SITE AND THE INFORMATION AVAILABLE ON OR THROUGH IT IS PROVIDED “AS IS,” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR OTHERWISE. SOME STATES OR OTHER JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM STATE TO STATE AND FROM JURISDICTION TO JURISDICTION.

    IN NO EVENT SHALL SPRINGCM, ITS LICENSORS, EMPLOYEES, DIRECTORS, AGENTS, DISTRIBUTORS, MARKETING PARTNERS, RESELLERS, PARENT, AFFILIATES OR SUBSIDIARIES BE LIABLE FOR ANY DAMAGES WHATSOEVER ON ACCOUNT OF YOUR USE, MISUSE, OR RELIANCE ON ANY ASPECT OF OR INFORMATION CONTAINED ON THIS SITE, WHETHER CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE OR ANY OTHER DAMAGES, INCLUDING DAMAGES CONSISTING OF OR RESULTING FROM LOST PROFITS, COSTS OF DELAY, FAILURE OF DELIVERY, BUSINESS INTERRUPTION, LOSS, DAMAGE, DELETION, ALTERATION, DISCLOSURE, UNAUTHORIZED ACCESS TO OR FAILURE TO STORE DATA OR CUSTOMER CONTENT, NOR LIABILITIES TO THIRD PARTIES ARISING FROM ANY SOURCE, IN EACH CASE REGARDLESS OF THE NATURE OF THE CLAIM OR THEORY OF LIABILITY, WHETHER IN CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, EVEN IF SPRINGCM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

    End.

    Copyright © 2018 SpringCM Inc. All rights reserved.


    [1] The term “Personal Data,” as used in this Privacy Policy, has the same meaning as “personal data,” as defined in Article 4 of the EU General Data Protection Regulation effective May 25, 2018 (“GDPR”).

    [2] The term “data subject,” as used in this Privacy Policy, has the meaning give to it in Article 4 of the GDPR.

    [3] The terms “processor” and “controller,” as used in this Privacy Policy, have the meanings given to them in Article 4 of the GDPR.

    [4] The terms “processor” and “controller,” as used in this Privacy Policy, have the meanings given to them in Article 4 of the GDPR, regardless of whether the GDPR applies to you.

    [5] See Articles 12-22, GDPR.