SpringCM Privacy Policy

    Changes were made to this Privacy Policy, effective October 25, 2018

    TRUSTe

    Contents of Policy:

    1. Introduction
    2. Who We Are and What We Do
    3. Personal Data
    4. How SpringCM Obtains and Uses Personal Data and Other Information
    5. International Data Transfers
    6. Information Sharing
    7. Choices / Opting Out
    8. When We May Disclose Personal Data
    9. Data Retention
    10. How We Protect Your Information
    11. Changes to this Privacy Policy
    12. Linked Sites
    13. Children's Privacy
    14. California Residents' Privacy
    15. Contacting SpringCM

     

    1. Introduction.

    This Privacy Policy describes the steps SpringCM takes to protect the privacy and security of Personal Data, Customer Content, and other information we gather, receive, store and/or process, either on our own behalf or on behalf of our Customers who use our Services. It also describes your choices regarding use, access, and correction of your Personal Data. We periodically update this Privacy Policy, so we encourage you to review this Privacy Policy periodically.

    If you are an individual (a “data subject”) entitled to the protections of the EU General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield, please see the “International Data Transfers” section below, which describes additional rights you have with regard to your Personal Data.

     

    1. Who We Are and What We Do.

    SpringCM Inc. (www.springcm.com) is a cloud services provider based in the U.S. which also has operations in the UK and the EU (collectively, “SpringCM,” “us,” “we”, or “our”). We provide to our Customers a secure, cloud-based document and contract management platform consisting of various software products, services, and mobile applications (collectively, the “Services”). These Services enable our Customers to build workflows and collaborate on documents across their entire organization.

    We takes very seriously our obligation to protect the privacy of Personal Data entrusted to us. Our success is based on maintaining the trust that our customers and others place in us to securely process and store their critical information. We work hard to earn that trust.

    SpringCM uses encryption technology and other means to protect the confidentiality and security of Personal Data, as well as the data of our Customers (“Customers”) transmitted, stored, and processed when using our Services (“Customer Content”).  Customer Content may contain Personal Data if provided by our Customer. If you are a Customer, in the event of any conflict or inconsistency between your Master Subscription and Services Agreement (“MSA”) with SpringCM and this Privacy Policy regarding Customer Content or otherwise, including SpringCM’s liability to you, the MSA shall govern. For more details, see the “How We Protect Your Information” section below.

     

    1. Personal Data.

    As used in this Privacy Policy, “Personal Data”[1] is any information relating to an identified or identifiable natural person, i.e., a “data subject,”[2] which means an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural or social identity.

    When SpringCM processes or stores your Personal Data in connection with providing  Services to our Customers, we are acting as a data “processor” for our Customers, and not as a data “controller.”[3]  In that context, our Customers have the primary responsibility to you regarding your Personal Data, and our use of your Personal Data shall be limited to providing Services to those Customers.

     

    1. How SpringCM Obtains and Uses Personal Data and Other Information.

    We may collect, receive, store, use and/or process the Personal Data and other information described in this Privacy only in compliance with applicable law, our agreements with our Customers, and/or as described in this Privacy Policy under the following bulleted circumstances:

    • When You Provide It. 
    • By Completing a Form or Communicating With Us.

    If you are a visitor to our Site (“Visitor”), you may provide Personal Data (e.g., name, address, telephone number, email address and company name) directly to us by completing a form, such as the Contact SpringCM page on our Site, to learn more about our Services, use interactive features of our Site, become a Customer, subscribe to a blog, participate in surveys, contests, promotions or sweepstakes, or otherwise communicate with us.

    We may use Personal Data you provide to us and as you direct, e.g., to create an account, fulfill your request for a demo, subscribe you to our newsletters or other marketing communications, reply to your contact request, process billing if you are a Customer, or  otherwise take action related to the purpose for which you supplied it. Our marketing communications may include contacting you further by email, e.g., to further contact you regarding your interest in our Services and to send you information regarding SpringCM, our affiliates, and partners, including information about promotions or events. Should you inquire about or purchase any SpringCM Services utilizing the Site, the information you supply during this process may be used to track details about those inquiries or purchases.

    We will never use any Personal Data contained within the Customer Content we store and process on behalf of our Customers for our own marketing or other purposes.

    • By Registering for or Attending an Event.

    If you register to attend or attend a SpringCM-sponsored event or other event in which we participate, you will be required to provide certain Personal Data to us (e.g., name, address, contact info.). You will also be subject to additional terms and conditions regarding your participation in the event that reference this Privacy Policy.

    We use this information to reserve your participation in the event, verify your right to participate, and we may use it to track access to facilities and as otherwise described in the separate terms and conditions that apply to the event. We may also use this information for marketing purposes and customer follow-up activities to obtain your feedback.

    • To Submit a Testimonial, Blog or Forum Posting.

    We sometimes publish testimonials on our Site from individuals who use our Services. With their permission, we may include some of their Personal Data. Our Site also offers publicly accessible blogs or discussion forums, which may contain some Personal Data of the contributors.

    We use this Personal Data for marketing purposes and to remain in contact with the individuals who have submitted testimonials and content for publication on our Site. Please be aware that any information you provide in these areas may be read, collected, and used by others. We have no control over what third parties may do with this information. To request removal of your Personal Data or postings from our blogs or discussion forums, or to request removal of a testimonial you previously authorized, please contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section below. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.

    • When Our Customers Provide It.
    • To Establish an Account and Use Our Services.

    We may ask for and collect Personal Data about you such as your name, address, phone number, email address, company name and the like when you register for an account to use our Services, including when you are acting on behalf of a Customer, typically an organization or company. In addition, if you are an individual authorized user of our Services pursuant to a Master Subscription Agreement or similar agreement (“MSA”) between SpringCM and one of our Customers, the MSA might impose additional restrictions on SpringCM’s use or collection of Personal Data.

    We communicate with our Customers on a regular basis via email, and we may also communicate by phone to resolve Customer complaints or investigate suspicious transactions. We may use your email address to confirm your opening of an account, to send you notices regarding payments, or to send notices and other disclosures as required by law. Generally, Customers cannot opt out of informational communications relevant to their accounts.

    If you are using our mobile application, we may send you push notifications from time-to-time  to provide you the Services. If you no longer wish to receive these types of communications, you may turn them off at the device level.  

    • As Part of the Customer Content Processed When Using Our Services.

    Our Customers use our Services to store, manage and share their contracts and other important business data, documents and materials, i.e., their Customer Content. This data may include Personal Data to the extent our Customer has included it. They upload this data to our Services platform, and exclusively control and manage it. This data may include Personal Data. In this context, SpringCM acts as a data “processor” on behalf of our Customer, and the Customer is the data “controller.”[4] As the data controller, the Customer is directly responsible to the individuals to whom the Personal Data relates, including for correcting, deleting or updating Personal Data they have collected from you and are storing using our Services. SpringCM has no direct relationship with the individual data subjects whose Personal Data may be contained within the Customer Content we store and process on behalf of our Customers as they use our Services, and we are not responsible for what our Customers do with it. 

    SpringCM does not use any Personal Data within Customer Content, except to the extent it is processed by SpringCM in connection with operating and providing Services to our Customers. While we are contractually obligated to our Customers to maintain the confidentiality and privacy of Customer Content, including Personal Data, typically no person at SpringCM will have a need to access this Personal Data, except to the extent necessary to address technical issues related to our Services, as instructed by our Customer, as necessary to otherwise fulfill our contractual obligations to our Customer, or as otherwise required by law. 

    Our Customers are solely responsible for establishing their own data privacy and security policies and for their compliance with all applicable laws and regulations, agreements or other obligations relating to the Personal Data of individuals with whom they interact. Nevertheless, we acknowledge that individuals have various rights and options regarding their Personal Data, and we works with Customers to help them provide notice to their customers – including individuals – concerning the purposes for which they use our Services to process the Personal Data of their customers.

    If our Customer requests SpringCM to remove your Personal Data from their Customer Content – the data stored by our Services – we will respond to their request promptly.

    If you are an individual data subject entitled to the protections of the EU General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield, please see the section below, “International Data Transfer,” which describes additional rights you have with regard to your Personal Data, including the rights to access your Personal Data and to limit its use and disclosure, subject to certain exceptions. You may also have additional rights under applicable data protection laws and regulations.

    If you are an individual who interacts with our Customer using our Services (e.g., if you are a customer of one of our Customers) and wish to inquire or exercise your rights with regard to your Personal Data, please contact our Customer directly. If you believe SpringCM is processing your Personal Data, you may also contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section below. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request. Please identify our Customer which may be acting as a data controller with regard to your Personal Data. In that case, we will refer your inquiry to our Customer and assist them, to the extent possible, in responding to your request to exercise your rights with regard to your Personal Data. 

    • When We Collect It Automatically. Information collected automatically by SpringCM  through our Site, our Services, or our mobile applications, is not ordinarily acquired in a form or manner that reveals Personal Data. 
    • SpringCM and our partners use “cookies” (small text files placed by our Site and stored on your computer), or similar technologies to help analyze trends, administer our Site, track users’ movements around the Site, and track and customize your access to and use of the Site and the Service. Cookies store and retain information that helps us recognize your subsequent visits to the Site. Cookies may also store any login  ID and associated password you use to access the Services, which is stored in an encrypted form. Most popular Internet browsers can be configured to reject cookies and delete those cookies previously accepted.

    SpringCM affords you the right, at any time, to decide which cookies you want to allow and to change any of your previously selected preferences. You have the right to opt-out of various categories of cookies, except those that are essential to the operation of our Site and Services. Note that deleting optional cookies altogether may result in the disabling of certain functions of our Site. For information on deleting the cookies, please consult your browser’s help function.

    For more information about the choices SpringCM affords you regarding cookies and to indicate your preferences, click on the button below.

    Cookie Settings

    • Through Our Mobile Applications. We use mobile analytics software to allow us to better understand how our Customers use our mobile applications to connect to their SpringCM accounts from their mobile phones (or other mobile devices). When our Services are used through our mobile applications, we automatically collect the use of mobile analytics software on the type of device used, the operating system and version, how often our mobile applications are used, the events that occur within the applications, aggregated usage, performance data, and where the application was downloaded from. Using the upload functionality in our mobile applications requires access to the photo album of the user’s device. However, you may disable the upload functionality so that the mobile application will not access the device’s photo album. Applications developed for the Apple iOS may require location services to be enabled on the user’s device for the mobile application to access and transmit the device’s location information for security reasons. SpringCM does not collect or store your location information. If you do not wish to enable location services in our mobile applications, you may disable it and still use the mobile application. When you download the SpringCM mobile application from Apple’s App Store, Google Play, or Amazon AppStore for Android, those sites and companies will state their own privacy policies. SpringCM has no control over, and no responsibility for, the privacy policies and practices of those third parties. 

    We do not link the information that we store within the analytics software to any Personal Data you transmit using the mobile application.

    • Behavioral Advertising. We partner with third parties to either display advertising on our Site or to manage our advertising on other websites. Our third-party partners may use technologies, such as cookies tags and scripts, as described above, to gather information about your activities on our Site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not  have this information used for the purpose of serving you interest-based ads, you may opt out by clicking here (or if located in the European Union, click here). Please note that your browser must be set to accept cookies and not to delete them upon closing it for these opt out services to work. These opt-out services are not operated by SpringCM and SpringCM has and will have no control, responsibility or liability for their proper operation. Please also note that this does not opt you out of being served ads altogether. You will continue to receive generic ads.
    • Usage Data. The web servers used to operate our Site and Services collect certain data pertaining to the type of device, equipment, and communications methods used to access the Internet and our Site and Services. This data does not readily identify the individual user. It does reveal such things as the Internet protocol (“IP”) address assigned to your computer, pages accessed on the Site or accessed immediately prior to visiting the Site, and the length of time you spent at the Site. This information is collected, among other things, to facilitate Site operation and system administration, to generate aggregate statistical information, and to improve the performance of the Services made available on the Site. We may combine this automatically collected log information with other information we collect about you or that you provide to us. We do this to improve the Site and our Services, our marketing, analytics, and the functionality of our technology. SpringCM may also retain the content of and metadata regarding any correspondence you may have with SpringCM or our customer service representatives. This information helps SpringCM improve the Site and our Services, and more effectively and efficiently respond to both current and future inquiries.
    • Social Media Widgets. Our Site includes “social media features” and “widgets,” such as the “Share This” button or interactive mini-programs. These features and widgets may collect your IP address, the page or feature you are accessing, and they may place a cookie on your device to enable them to function properly. Social media features and widgets are either hosted by a third party (e.g., Facebook, LinkedIn, Twitter, Google and the like) or hosted directly by SpringCM. Your interactions with these third parties’ social media features and widgets are governed by this Privacy Policy to the extent that any Personal Data is gathered by or sent to SpringCM, and by the privacy policies and terms of use of the applicable third-party social media companies providing these features and widgets to the extent you interact with their respective websites or apps.

     

    • When We Collect Information from Third Party Sources

     

    We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data. Examples of third-party sources include marketers, partners, researchers, affiliates (like companies connected to SpringCM), and others where they are legally allowed to share your information with us. For example, if you register for our Services on another website, the website may provide your information to us.

     

    We may combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you.   

     

    1. International Data Transfers.

    SpringCM is a U.S.-based company with customers throughout the world. We primarily store and process Personal Data within the U.S., but, in some cases, will do so within the European Economic Area (the “EEA”). To facilitate our operations, we may transfer and access such Personal Data from around the world, including from other countries in which SpringCM has operations, for the purposes described in this Policy and in line with our contracts with our Customers. We may also transfer Personal Data to our third party sub-processors as described below in this section and in SpringCM’s Sub-Processor List, who may be located in a different country to you. Such countries may have laws that are different, and potentially not as protective, as the laws of your own country.

    SpringCM uses a variety of legal mechanisms in connection with sharing, transferring, processing, or otherwise acting upon Personal Data related to data subjects entitled to the protections of the GDPR, including the EU standard contractual clauses and/or Privacy Shield Framework described in this section.

    EU-U.S. and Swiss-U.S. Privacy Shield.

    SpringCM complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, the “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland, respectively, to the United States. The provisions of this section apply to EU and Swiss residents and citizens subject to the protection of the Privacy Shield and to our Customers that process their Personal Data using our Services. SpringCM is committed to and has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability For Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability (collectively, the “Privacy Shield Principles”). If there is any conflict between the terms in this Privacy Policy and SpringCM’s obligations under the Privacy Shield Principles regarding the handling of Personal Data, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield and to view SpringCM’s Privacy Shield certification, please visit https://www.privacyshield.gov/ and https://www.privacyshield.gov/list, respectively.

    Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (either or both, as applicable, the “Privacy Shield”), SpringCM is responsible for the processing of Personal Data we receive from the EU and Switzerland, respectively, and subsequently transfers to a third party acting as an agent on our behalf. SpringCM may be liable for the failure of such a third party to adhere to the Privacy Shield Principles, unless SpringCM proves that it is not responsible for the event giving rise to the damage.

    Pursuant to the Privacy Shield, SpringCM is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (https://www.ftc.gov/). In certain situations, SpringCM may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If you are an EU or Swiss resident or citizen, and SpringCM is processing or storing your Personal Data on behalf of a Customer of SpringCM, or in any other circumstance where the Privacy Shield or the GDPR applies to your Personal Data, you have the right to access your Personal Data and additional “opt out” rights with regard to your Personal Data, including the other rights described under the heading “Your Individual Rights Under the GDPR” in the subsection below, “General Data Protection Regulation (EU) (GDPR) (Effective beginning May 25, 2018.”

    If you have any privacy or data use questions or concerns, please contact us as described in the “Contacting SpringCM” section below. SpringCM will respond within 30 days. If, despite our efforts, we have not addressed your privacy or data use concern satisfactorily, you may submit it to our U.S.-based third-party dispute resolution provider at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint , you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

    SpringCM commits to cooperate with EU and Swiss data protection authorities (DPAs) and comply with the advice given by such authorities regarding human resources data transferred from the EU or Switzerland in the context of the employment relationship.

    General Data Protection Regulation (EU) (GDPR) (Effective beginning May 25, 2018).

    Your Individual Rights Under the GDPR. If you are an individual data subject entitled to the protections of the EU General Data Protection Regulation (GDPR), the following information describes additional rights you have regarding your Personal Data, subject to certain exceptions:

    • The right to be informed regarding the collection and use of your Personal Data. This Privacy Policy serves that purpose. You should also review the Privacy Policies of any data controllers – including our Customers – to which you may have provided your Personal Data.
    • The right of access. You have the right to access the Personal Data that has been collected concerning you, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing.
    • The right to rectification. You have the right to obtain from the data controller (which may be a SpringCM Customer), without undue delay, the rectification of inaccurate personal data concerning you. Considering the purposes of the processing, you have the right to have incomplete personal data completed.
    • The right to erasure (“right to be forgotten”). In certain circumstances, you may have a broader right to erasure of Personal Data that we hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions, or to comply with our legal obligations. 
    • The right to restrict processing. You may have the right to request that we restrict processing of your Personal Data in certain circumstances (for example, where you believe that the Personal Data we hold about you is inaccurate or unlawfully held).
    • The right to data portability. In certain circumstances, you may have the right to be provided with your Personal Data in a structured, machine readable and commonly used format and to request that we transfer the Personal Data to another data controller without hindrance.
    • The right to object to processing. You may have the right to request that SpringCM stop processing your Personal Data and/or to stop sending you marketing communications.
    • Rights in relation to automated decision-making and profiling.[5] You may have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concerns you or similarly significantly affects you.

    If you are an individual who interacts with our Customer using our Services (e.g., if you are a customer of one of our Customers) and wish to inquire or exercise your rights with regard to your Personal Data, please contact our Customer directly. If you believe SpringCM is processing your Personal Data, you may also contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section below. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request. Please identify our Customer which may be acting as a data controller with regard to your Personal Data. In that case, we will refer your inquiry to our Customer and assist them, to the extent possible, in responding to your request to exercise your rights with regard to your Personal Data.

    • Legal Basis for Processing. We will collect or process your Personal Data only when we have a legal basis for doing so, which depends on how you interact with SpringCM and/or our Services, or the systems or services of one of our Customers (acting as a data controller) on whose behalf we act as a data processor. This means that we will normally collect, process and/or use (depending on the context) your Personal Data only where: 
    • It is supplied to us by you, or by one of our Customers acting as a data controller, and you have consented to the processing of your Personal Data for one or more specific purposes. Note that where your Personal Data is contained within the data sent to us for processing by our Customer, you will normally already have provided your consent to that Customer.
    • It is necessary to provide and operate our Services, including providing support and personalized features, or to protect the safety and security of our Services or Customers and their data. 
    • It is necessary in the context of performing our obligations under a contract, e.g., to provide our Services to a Customer.
    • It satisfies a legitimate interest (which is not overridden by your data protection interests), such as research and development, marketing and promotion of our Services, fraud prevention, and to protect our or our Customers’ legal rights and interests. 
    • You provide us, or our Customer, with your consent to do so for a specific purpose. 
    • It is necessary for compliance with a legal obligation to which our Customer (as the data controller) is subject.

    If you have consented to our, or our Customer’s, use of your Personal Data for a specific purpose, you have the right to change your mind at any time and object to that use, but this will not affect any processing that has already taken place. This may mean, however, that you may no longer be able to use or benefit from our Services or those provided by our Customer, as applicable.

    • Who Are SpringCM’s Sub-Processors? SpringCM maintains an up-to-date list of the names and locations of all sub-processors that may process Personal Data on our behalf, which can be found on our SpringCM Sub-Processor List. The list includes the ability for our customers to sign up for notifications of changes. The list also may be obtained by contacting privacy@springcm.com.

     

    1. Information Sharing.

    • We Will Never Sell Your Personal Data for Marketing Purposes. We will never sell your Personal Data to any third party, except in the event of a sale, merger, corporate reorganization or other business consolidation or similar transaction, where user information may be among the transferred assets or disclosed information (in which case you will be notified via email or a prominent notice on our Site of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data). 
    • To Sub-Processors to Provide Aspects of Our Services. SpringCM will not share with any third party any Personal Data contained within any Customer Content except as stated in this Privacy Policy. This may occur most typically in connection with providing certain features of our Services to our Customers via Sub-Processors, as described above. If we do, these third parties will have agreed to obligations regarding the security, handling, and transfer of Personal Data consistent with those undertaken by SpringCM.
    • For Other Purposes. If we share Personal Data that is not contained within Customer Content with third parties, we will only do so in the ways that are described in this Privacy Policy or if you have provided consent after notice. We may share Personal Data with our affiliated companies (those we control, or which are under common control with us by a parent entity) to respond to your inquiries, process orders, assist us in providing Services, or to help improve our Services. We may also share Personal Data with business partners, service vendors, authorized third-party agents or contractors in order to provide the Services or a requested transaction, including processing orders, processing credit card transactions, hosting websites, hosting demos, event and seminar registration and providing customer support, or to provide you with information regarding our Services or the services or products of third parties that may be of interest to you and for other legitimate and lawful business purposes of SpringCM.
    • Minimal Disclosure. We only provide third parties with the minimum amount of Personal Data necessary for an authorized purpose and such third parties are not permitted to use your Personal Data for any other purpose not disclosed or authorized under this Privacy Policy or the privacy policy of the recipient, or for which you have not otherwise provided your consent.

     

    1. Choices / Opting Out.

    If you are an individual data subject entitled to the protections of the EU General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield, you may opt out of having any of your Personal Data disclosed to a third party or used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you, subject to certain exceptions.

    If you are an individual who interacts with our Customer using our Services (e.g., if you are a customer of one of our Customers) and wish to inquire or exercise your rights with regard to your Personal Data, please contact our Customer directly. If you believe SpringCM is processing your Personal Data, you may also contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request. Please identify our Customer which may be acting as a data controller with regard to your Personal Data. In that case, we will refer your inquiry to our Customer and assist them, to the extent possible, in responding to your request to exercise your rights with regard to your Personal Data.

    Generally, subject to the above two paragraphs, the following will apply:

    • Reviewing, Correcting, and Removing Your Personal Data. Upon request, but except to the extent contained within our Customer’s data stored using our Services, in which case we will refer you to our Customer as described above, we will advise you on whether SpringCM holds any of your Personal Data. If you provide us with your Personal Data, you have the following rights with respect to that information:
    • To review the user information that you have supplied to us.
    • To request that we correct any errors, outdated information, or omissions in user information that you have supplied to us.
    • To request that your user information not be used to contact you.
    • To request that your user information be removed from any solicitation list that we use.
    • To request that your user information be deleted from our records.
    • To opt out of being solicited by SpringCM or third parties.

    To exercise any of these rights, please contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section below.

    • Anti-Spam Policy. We will not send you unsolicited commercial email in violation of applicable laws. Every email we send for marketing purposes will include a mechanism for “opting-out” of further such communications.
    • To Unsubscribe From Our Communications.

    You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails, or by contacting us at privacy@springcm.com or as otherwise described in the section “Contacting SpringCM,” below.

    Once you opt out, we will honor your choice until you inform us otherwise. All requests made by Customers or Visitors to SpringCM to update or delete any Personal Data shall be responded to within a reasonable period, not exceeding 30 days. Please note that opting out of behavioral advertising, i.e., advertising based upon your browsing activities and interests, requires that you use the opt-out methods described in the “Behavioral Advertising” section above.

    Under any circumstances, the sender of any communications to SpringCM is responsible for the content and information contained therein, including its accuracy and truthfulness, and you agree that you will not knowingly notify SpringCM of any information which is inaccurate or which you do not have the legal right to provide. Customers cannot opt out of receiving transactional emails related to their account with us or the Service.

    • To Unsubscribe from Our Customers' Communications. Our Customers are solely responsible for their own marketing emails and other communications; we cannot unsubscribe you from their communications. You can unsubscribe from our Customers' marketing communications by clicking on the "unsubscribe" link located on the bottom of their emails, or by contacting the sender directly.

     

    1. When We May Disclose Personal Data.

    Notwithstanding anything else in this Privacy Policy, including any opt-out instructions we receive from you, we may also disclose Personal Data without notifying you in the following circumstances: (i) in response to subpoenas, court orders or other legal process, or to establish or exercise our legal rights or defend against legal claims; (ii) when we believe it to be necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our MSA or other agreement with you, and/or to protect our rights and property or those of others with which we do business; (iii) when we sell or license the Service (excluding usage license rights granted to Customers during the normal course of business) as an asset, or in the event of a sale, merger, corporate reorganization or other business consolidation or similar transaction, where user information may be among the transferred assets or disclosed information (in which case you will be notified via email or a prominent notice on our Site of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data); or (iv) when we have your prior consent to do so. If you are an individual data subject entitled to the protections of the EU General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield, we will act in accordance with your rights and as instructed by our Customer if acting as a data controller with regard to your Personal Data. Please see the “International Data Transfer” section above.

     

    1. Retention.

    Except to the extent prohibited by law, and subject to this Privacy Policy (and the MSA if you are a Customer), we will retain and use Personal Data for a period of time consistent with the original purpose for which it was provided or collected, e.g., as needed to provide you the Services, to document our business relationship with you, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, and for a reasonable period of time thereafter. The foregoing does not apply to any Personal Data included in Customer Content, e.g., contained within a stored document uploaded to our Services platform – our Customer exclusively controls the disposition of that data and we will retain data in accordance with their instructions.

    If you wish to cancel your account and status as an active Customer of SpringCM, your termination rights are specified in your MSA. If you wish to request that we no longer use Personal Data you have supplied in order to provide you the Services, please contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section. Personal Data no longer retained will be disposed of or destroyed in a reasonable manner intended to prevent loss, theft, misuse, or unauthorized access. If you are a Visitor, we will retain your Personal Data for as long as we deem necessary for legitimate business purposes. If you are an individual data subject entitled to the protections of the EU General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield, we will act in accordance with your rights and as instructed by our Customer who is acting as a data controller with regard to your Personal Data. Please see the “International Data Transfer” section above.

     

    1. How We Protect Your Information.

    SpringCM recognizes that protecting the information entrusted to us is critical to maintaining the confidence and trust upon which we’ve built our business. For this reason, we provide industry-standard security procedures and processes to protect Customer Content and Personal Data. Our physical security layer is protected by need-to-know authorization provided only to the appropriate operations individuals. Additionally, the servers we use to provide our Services are caged within a room protected by secure access procedures. Our network security layer is secured with TLS encryption technology compliant with PCI Security Standard Council standards, so all communication with our Services is encrypted. Our network is also protected by industry-standard firewall technology and administered real-time to provide timely security patching. This layer is also monitored by intrusion-detection systems designed to detect unauthorized access.

    Importantly, all data we store, including Customer Content and Personal Data, is encrypted at rest.

    These safeguards are intended to protect Customer Content and Personal Data and to ensure, to the extent possible, the proper and legal use of the Site and our Services. However, no data security system is impenetrable, and SpringCM cannot and does not guarantee that information stored or processed using our Services will be 100% secure.

    In addition, SpringCM maintains the confidentiality and security of Customer Content, including any Personal Data to the extent included therein by the Customer, pursuant to the applicable MSA between SpringCM and our Customer for the Services.

     

    1. Changes to this Privacy Policy.

    From time to time, we may change our Privacy Policy because of changes in applicable legal or regulatory requirements, the business or business practices of SpringCM, or other reasons. Such changes shall become effective upon the posting of a revised Privacy Policy on this Site. If our changes to the Privacy Policy are material as to how we handle or use Personal Data, we may post a prominent notice on our Site or notify you directly before they take effect. Your continued use of this Site, our Services, or our mobile applications following the effective date of  a revised posted Privacy Policy will mean that you accept those changes. We encourage you to periodically review this page for the latest information on our privacy practices.

     

    1. Linked Sites.

    For your convenience, some hyperlinks may be posted on the Site that link to other websites not under the control of SpringCM. We are not responsible for those other websites, and this Privacy Policy does not apply to the privacy practices of those sites. In addition, when you initiate a transaction on a website that our Site links to, even if you reached that site through our Site, the information you submit to complete that transaction becomes subject to the privacy practices of the owner of that linked site. You should read their privacy policies to understand how they use and protect Personal Data and other data that they collect. SpringCM is not responsible for the privacy, security, other information practices, or any acts or omissions of our suppliers or any third parties or their websites.

     

    1. Children's Privacy.

    Our Services are not designed for and are not marketed to people under the age of 18 (“minors”). We do not knowingly collect or ask for information from minors. We do not knowingly allow minors to use our Services. If you are a minor, please do not use our Services or send us your information. We delete information that we learn is collected from a minor without verified parental consent. Please contact us using privacy@springcm.com if you believe we might have information from or about a minor.

     

    1. California Residents' Privacy.

    If you are a California resident, you may ask for a list of third parties that have received your information for direct marketing purposes during the previous calendar year. This list also contains the types of information shared. We provide this list at no cost. We do not share your information with third parties for their own marketing purposes.

     

    1. Contacting SpringCM.

    Please direct any questions, inquiries or complaints regarding our privacy practices or this Privacy Policy to SpringCM at privacy@springcm.com or by contacting our customer service line at 877-362-7273 or 312-881-2026. Additional contact information: SpringCM Inc., Attn: Customer Support, 180 North LaSalle Street, 6th Floor, Chicago, IL 60601 USA; Telephone: (877) 362-7273 or (312) 881-2026; Facsimile: (312) 253-8215.

     

     

    Copyright © 2018 SpringCM Inc. All rights reserved.

    [1] The term “Personal Data,” as used in this Privacy Policy, has the same meaning as “personal data,” as defined in Article 4 of the EU General Data Protection Regulation effective May 25, 2018 (“GDPR”).

    [2] The term “data subject,” as used in this Privacy Policy, has the meaning give to it in Article 4 of the GDPR.

    [3] The terms “processor” and “controller,” as used in this Privacy Policy, have the meanings given to them in Article 4 of the GDPR.

    [4] The terms “processor” and “controller,” as used in this Privacy Policy, have the meanings given to them in Article 4 of the GDPR, regardless of whether the GDPR applies to you.

    [5] See Articles 12-22, GDPR.