Contents of Policy:
SpringCM Inc. (www.springcm.com) is a cloud services provider based in the U.S. which also has operations in the UK and the EU (collectively, “SpringCM,” “us,” “we”, or “our”). We provide to our Customers a secure, cloud-based document and contract management platform consisting of various software products and services (collectively, the “Services”). These Services enable our Customers to build workflows and collaborate on documents across their entire organization.
We take very seriously our obligation to protect the privacy of personal information entrusted to us. Our success is based on maintaining the trust that our customers and others place in us to securely process and store their personal information. We work hard to earn that trust.
When SpringCM processes or stores your personal information in connection with providing Services to our Customers, we are acting as a data “processor” for our Customers, and not as a data “controller." In that context, our Customers have the primary responsibility to you regarding your personal information, and our use of your personal information shall be limited to providing Services to those Customers.
If you are a visitor to our Site (“Visitor”), you may provide personal information (e.g., name, address, telephone number, email address and company name) directly to us by completing a form, such as the Contact SpringCM page on our Site, to learn more about our Services, use interactive features of our Site, become a Customer, subscribe to a blog, participate in surveys, contests, promotions or sweepstakes, or otherwise communicate with us.
We may use personal information you provide to us and as you direct, e.g., to create an account, fulfill your request for a demo, subscribe you to our newsletters or other marketing communications, reply to your contact request, process billing if you are a Customer, or otherwise take action related to the purpose for which you supplied it. Our marketing communications may include contacting you further by email, e.g., to further contact you regarding your interest in our Services and to send you information regarding SpringCM, our affiliates, and partners, including information about promotions or events. Should you inquire about or purchase any SpringCM Services utilizing the Site, the information you supply during this process may be used to track details about those inquiries or purchases. We may share personal information with service providers and affiliates to support our services and marketing partners.
We will never use any personal information contained within the Customer Content we store and process on behalf of our Customers for our own marketing or other purposes.
We use personal information to reserve your participation in the event, verify your right to participate, and we may use it to track access to facilities and as otherwise described in the separate terms and conditions that apply to the event. We may also use personal information for marketing purposes and customer follow-up activities to obtain your feedback. We may share personal information with service providers and affiliates to support our services and marketing partners.
We sometimes publish testimonials on our Site from individuals who use our Services. With their permission, we may include some of their personal information. Our Site also offers publicly accessible blogs or discussion forums, which may contain some personal information of the contributors.
We use this personal information for marketing purposes and to remain in contact with the individuals who have submitted testimonials and content for publication on our Site. Please be aware that any information you provide in these areas may be read, collected, and used by others. We have no control over what third parties may do with this information. To request removal of your personal information or postings from our blogs or discussion forums, or to request removal of a testimonial you previously authorized, please contact us at firstname.lastname@example.org or as otherwise described in the “Contacting SpringCM” section below. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. We may share personal information with service providers and affiliates to support our services and marketing partners.
We may ask for and collect personal information about you such as your name, address, phone number, email address, company name and the like when you register for an account to use our Services, including when you are acting on behalf of a Customer, typically an organization or company. In addition, if you are an individual authorized user of our Services pursuant to a Master Subscription Agreement or similar agreement (“MSA”) between SpringCM and one of our Customers, the MSA might impose additional restrictions on SpringCM’s use or collection of personal information.
We communicate with our Customers on a regular basis via email, and we may also communicate by phone to resolve Customer complaints or investigate suspicious transactions. We may use your email address to confirm your opening of an account, to send you notices regarding payments, or to send notices and other disclosures as required by law. Generally, Customers cannot opt out of informational communications relevant to their accounts. We may share personal information with service providers and affiliates to support our services and marketing partners.
Our Customers use our Services to store, manage and share their contracts and other important business data, documents and materials. This data may include personal information to the extent our Customer has included it. They upload this data to our Services platform, and exclusively control and manage it. In this context, SpringCM acts as a data “processor” on behalf of our Customer, and the Customer is the data “controller.” As the data controller, the Customer is directly responsible to the individuals to whom the personal information relates, including for correcting, deleting or updating personal information they have collected from you and are storing using our Services. SpringCM has no direct relationship with the individuals whose personal information may be contained within the Customer Content we store and process on behalf of our Customers as they use our Services, and we are not responsible for what our Customers do with it.
Our Customers are solely responsible for establishing their own data privacy and security policies and for their compliance with all applicable laws and regulations, agreements or other obligations relating to the personal information of individuals with whom they interact. Nevertheless, we acknowledge that individuals have various rights and options regarding their personal information, and we work with Customers to help them provide notice to their customers – including individuals – concerning the purposes for which they use our Services to process the personal information of their customers.
If our Customer requests SpringCM to remove your personal information from our Services, we will respond to their request promptly.
We may share personal information with service providers and affiliates to support our services and marketing partners.
SpringCM affords you the right, at any time, to decide which cookies you want to allow and to change any of your previously selected preferences. You have the right to opt-out of various categories of cookies, except those that are essential to the operation of our Site and Services. Note that deleting optional cookies altogether may result in the disabling of certain functions of our Site. For information on deleting the cookies, please consult your browser’s help function.
For more information about the choices SpringCM affords you regarding cookies and to indicate your preferences, click on the button below.
We may receive personal information about you from other sources, including publicly available databases or third parties from whom we have purchased data. Examples of third-party sources include marketers, partners, researchers, affiliates (like companies connected to SpringCM), and others where they are legally allowed to share your personal information with us. For example, if you register for our Services on another website, the website may provide your personal information to us.
We may combine personal information from third party sources with personal information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. We may share personal information with service providers and affiliates to support our services and marketing partners.
SpringCM is a U.S.-based company with customers throughout the world. We primarily store and process personal information within the U.S., but, in some cases, will do so within the European Economic Area (the “EEA”). To facilitate our operations, we may transfer and access such personal information from around the world, including from other countries in which SpringCM has operations, for the purposes described in this Policy and in line with our contracts with our Customers. We may also transfer personal information to our third party sub-processors as described below in this section and in SpringCM’s Sub-Processor List, who may be located in a different country to you. Such countries may have laws that are different, and potentially not as protective, as the laws of your own country.
SpringCM uses a variety of legal mechanisms in connection with sharing, transferring, processing, or otherwise acting upon personal information related to individuals entitled to the protections of the GDPR, including the EU standard contractual clauses and/or Privacy Shield Framework described in this section.
EU-U.S. and Swiss-U.S. Privacy Shield.
Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (either or both, as applicable, the “Privacy Shield”), SpringCM is responsible for the processing of personal information we receive from the EU and Switzerland, respectively, and subsequently transfers to a third party acting as an agent on our behalf. SpringCM may be liable for the failure of such a third party to adhere to the Privacy Shield Principles, unless SpringCM proves that it is not responsible for the event giving rise to the damage.
Pursuant to the Privacy Shield, SpringCM is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (https://www.ftc.gov/). In certain situations, SpringCM may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If you are an EU or Swiss resident or citizen, and SpringCM is processing or storing your personal information on behalf of a Customer of SpringCM, or in any other circumstance where the Privacy Shield or the GDPR applies to your personal information, you have the right to access your personal information and additional “opt out” rights with regard to your personal information, including the other rights described under the heading “Your Individual Rights Under the GDPR” in the subsection below, “General Data Protection Regulation (GDPR).”
If you have any privacy or data use questions or concerns, please contact us as described in the “Contacting SpringCM” section below. SpringCM will respond within 30 days. If, despite our efforts, we have not addressed your privacy or data use concern satisfactorily, you may submit it to our U.S.-based third-party dispute resolution provider at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint , you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
SpringCM commits to cooperate with EU and Swiss data protection authorities (DPAs) and comply with the advice given by such authorities regarding human resources data transferred from the EU or Switzerland in the context of the employment relationship.
General Data Protection Regulation (EU) (GDPR) (Effective beginning May 25, 2018).
Your Individual Rights Under the GDPR. If you are an individual data subject entitled to the protections of the EU General Data Protection Regulation (GDPR), the following information describes additional rights you have regarding your personal information, subject to certain exceptions:
If you have consented to our, or our Customer’s, use of your personal information for a specific purpose, you have the right to change your mind at any time and object to that use, but this will not affect any processing that has already taken place. This may mean, however, that you may no longer be able to use or benefit from our Services.
If you are an individual or consumer entitled to the protections of the EU General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield, you may opt out of having any of your personal information disclosed to a third party or used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you, subject to certain exceptions.
Generally, subject to the above two paragraphs, the following will apply:
You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails, or by contacting us at email@example.com or as otherwise described in the section “Contacting SpringCM,” below.
Once you opt out, we will honor your choice until you inform us otherwise. All requests made by Customers or Visitors to SpringCM to update or delete any personal information shall be responded to within a reasonable period, not exceeding 30 days. Please note that opting out of behavioral advertising, i.e., advertising based upon your browsing activities and interests, requires that you use the opt-out methods described in the “Behavioral Advertising” section above.
We will take reasonable steps to verify your identity. If you have an account with us, we may verify you through your login of your account. If you do not have an account with us, we may seek a confirmation by email or seek other personal information, including government-issued identification, to verify your identity.
You may authorize an agent to make a request to us on your behalf and we will verify the identity of your agent or authorized legal representative by either seeking confirmation from you or documents that establish the agent’s authorization to act on your behalf.
Under any circumstances, the sender of any communications to SpringCM is responsible for the personal information contained therein, including its accuracy and truthfulness, and you agree that you will not knowingly notify SpringCM of any information which is inaccurate or which you do not have the legal right to provide. Customers cannot opt out of receiving transactional emails related to their account with us or the Service.
California. California residents may ask for a list of third parties that have received your information for direct marketing purposes during the previous calendar year. This list also contains the types of information shared. We provide this list at no cost. If you are a California resident and would like to request this information, please contact us at firstname.lastname@example.org).
If you wish to cancel your account and status as an active Customer of SpringCM, your termination rights are specified in your MSA. If you wish to request that we no longer use personal information you have supplied in order to provide you the Services, please contact us at email@example.com or as otherwise described in the “Contacting SpringCM” section. Personal information no longer retained will be disposed of or destroyed in a reasonable manner intended to prevent loss, theft, misuse, or unauthorized access. If you are a Visitor, we will retain your personal information for as long as we deem necessary for legitimate business purposes.
SpringCM recognizes that protecting the personal information entrusted to us is critical to maintaining the confidence and trust upon which we’ve built our business. For this reason, we provide industry-standard security procedures and processes to protect personal information. Our physical security layer is protected by need-to-know authorization provided only to the appropriate operations individuals. Additionally, the servers we use to provide our Services are caged within a room protected by secure access procedures. Our network security layer is secured with TLS encryption technology compliant with PCI Security Standard Council standards, so all communication with our Services is encrypted. Our network is also protected by industry-standard firewall technology and administered real-time to provide timely security patching. This layer is also monitored by intrusion-detection systems designed to detect unauthorized access.
Importantly, all personal information is encrypted at rest.
These safeguards are intended to protect personal information and to ensure, to the extent possible, the proper and legal use of the Site and our Services. SpringCM protects personal information through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access, and unauthorized disclosure and alteration.
In addition, SpringCM maintains the confidentiality and security of Customer Content, including any personal information to the extent included therein by the Customer, pursuant to the applicable MSA between SpringCM and our Customer for the Services.
Our Services are not designed for and are not marketed to people under the age of 18 (“minors”). We do not knowingly collect or ask for personal information from minors. We do not knowingly allow minors to use our Services. If you are a minor, please do not use our Services or send us your personal information. We delete personal information that we learn is collected from a minor without verified parental consent. Please contact us using firstname.lastname@example.org if you believe we might have personal information from or about a minor.
Copyright © 2019 SpringCM Inc. All rights reserved.