SpringCM Privacy Policy

    Changes were made to this Privacy Policy, effective January 1, 2020


    Contents of Policy:

    1. Introduction
    2. Who We Are and What We Do
    3. Personal Information
    4. How SpringCM Obtains and Uses Personal Information
    5. International Data Transfers
    6. Personal Information Sharing
    7. Your Privacy Rights / Choices / Opting Out
    8. When We May Disclose Personal Information
    9. Data Retention
    10. How We Protect Your Information
    11. Changes to this Privacy Policy
    12. Linked Sites
    13. Children's Privacy
    14. Contacting SpringCM


    1. Introduction.

    This Privacy Policy describes the steps SpringCM takes to protect the privacy and security of personal information we gather, receive, store and/or process, either on our own behalf or on behalf of our customers who use our Services ("Customers"). It also describes your choices regarding use, access, and correction of your personal information. We periodically update this Privacy Policy, so we encourage you to review this Privacy Policy periodically.


    1. Who We Are and What We Do.

    SpringCM Inc. (www.springcm.com) is a cloud services provider based in the U.S. which also has operations in the UK and the EU (collectively, “SpringCM,” “us,” “we”, or “our”). We provide to our Customers a secure, cloud-based document and contract management platform consisting of various software products and services (collectively, the “Services”). These Services enable our Customers to build workflows and collaborate on documents across their entire organization.

    We take very seriously our obligation to protect the privacy of personal information entrusted to us. Our success is based on maintaining the trust that our customers and others place in us to securely process and store their personal information. We work hard to earn that trust.

    Customers may provide personal information when using our Services. If you are a Customer, in the event of any conflict or inconsistency between your Master Subscription and Services Agreement (“MSA”) with SpringCM and this Privacy Policy regarding personal information, including SpringCM’s liability to you, the MSA shall govern. For more details, see the “How We Protect Your Information” section below.


    1. Personal Information.

    As used in this Privacy Policy, "personal information" is any information relating to an identified or identifiable natural person, who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural or social identity.

    When SpringCM processes or stores your personal information in connection with providing  Services to our Customers, we are acting as a data “processor” for our Customers, and not as a data “controller." In that context, our Customers have the primary responsibility to you regarding your personal information, and our use of your personal information shall be limited to providing Services to those Customers.


    1. How SpringCM Obtains and Uses Personal Information.

    We may collect, receive, store, use and/or process the personal information described in this Privacy only in compliance with applicable law, our agreements with our Customers, and/or as described in this Privacy Policy under the following bulleted circumstances:

    • When You Provide It. 
    • By Completing a Form or Communicating With Us.

    If you are a visitor to our Site (“Visitor”), you may provide personal information (e.g., name, address, telephone number, email address and company name) directly to us by completing a form, such as the Contact SpringCM page on our Site, to learn more about our Services, use interactive features of our Site, become a Customer, subscribe to a blog, participate in surveys, contests, promotions or sweepstakes, or otherwise communicate with us.

    We may use personal information you provide to us and as you direct, e.g., to create an account, fulfill your request for a demo, subscribe you to our newsletters or other marketing communications, reply to your contact request, process billing if you are a Customer, or  otherwise take action related to the purpose for which you supplied it. Our marketing communications may include contacting you further by email, e.g., to further contact you regarding your interest in our Services and to send you information regarding SpringCM, our affiliates, and partners, including information about promotions or events. Should you inquire about or purchase any SpringCM Services utilizing the Site, the information you supply during this process may be used to track details about those inquiries or purchases. We may share personal information with service providers and affiliates to support our services and marketing partners.

    We will never use any personal information contained within the Customer Content we store and process on behalf of our Customers for our own marketing or other purposes.

    • By Registering for or Attending an Event.

    If you register to attend or attend a SpringCM-sponsored event or other event in which we participate, you will be required to provide certain personal information to us (e.g., name, address, contact info.). You will also be subject to additional terms and conditions regarding your participation in the event that reference this Privacy Policy.

    We use personal information to reserve your participation in the event, verify your right to participate, and we may use it to track access to facilities and as otherwise described in the separate terms and conditions that apply to the event. We may also use personal information for marketing purposes and customer follow-up activities to obtain your feedback. We may share personal information with service providers and affiliates to support our services and marketing partners.

    • To Submit a Testimonial, Blog or Forum Posting.

    We sometimes publish testimonials on our Site from individuals who use our Services. With their permission, we may include some of their personal information. Our Site also offers publicly accessible blogs or discussion forums, which may contain some personal information of the contributors.

    We use this personal information for marketing purposes and to remain in contact with the individuals who have submitted testimonials and content for publication on our Site. Please be aware that any information you provide in these areas may be read, collected, and used by others. We have no control over what third parties may do with this information. To request removal of your personal information or postings from our blogs or discussion forums, or to request removal of a testimonial you previously authorized, please contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section below. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. We may share personal information with service providers and affiliates to support our services and marketing partners.

    • When Our Customers Provide It.
    • To Establish an Account and Use Our Services.

    We may ask for and collect personal information about you such as your name, address, phone number, email address, company name and the like when you register for an account to use our Services, including when you are acting on behalf of a Customer, typically an organization or company. In addition, if you are an individual authorized user of our Services pursuant to a Master Subscription Agreement or similar agreement (“MSA”) between SpringCM and one of our Customers, the MSA might impose additional restrictions on SpringCM’s use or collection of personal information.

    We communicate with our Customers on a regular basis via email, and we may also communicate by phone to resolve Customer complaints or investigate suspicious transactions. We may use your email address to confirm your opening of an account, to send you notices regarding payments, or to send notices and other disclosures as required by law. Generally, Customers cannot opt out of informational communications relevant to their accounts. We may share personal information with service providers and affiliates to support our services and marketing partners.

    • As a Service Provider.

    Our Customers use our Services to store, manage and share their contracts and other important business data, documents and materials. This data may include personal information to the extent our Customer has included it. They upload this data to our Services platform, and exclusively control and manage it. In this context, SpringCM acts as a data “processor” on behalf of our Customer, and the Customer is the data “controller.” As the data controller, the Customer is directly responsible to the individuals to whom the personal information relates, including for correcting, deleting or updating personal information they have collected from you and are storing using our Services. SpringCM has no direct relationship with the individuals whose personal information may be contained within the Customer Content we store and process on behalf of our Customers as they use our Services, and we are not responsible for what our Customers do with it. 

    Our Customers are solely responsible for establishing their own data privacy and security policies and for their compliance with all applicable laws and regulations, agreements or other obligations relating to the personal information of individuals with whom they interact. Nevertheless, we acknowledge that individuals have various rights and options regarding their personal information, and we work with Customers to help them provide notice to their customers – including individuals – concerning the purposes for which they use our Services to process the personal information of their customers.

    If our Customer requests SpringCM to remove your personal information from our Services, we will respond to their request promptly.

    • When We Collect It Automatically. Information collected automatically by SpringCM through our Site or our Services is not ordinarily acquired in a form or manner that reveals personal information. 
    • SpringCM and our partners use “cookies” (small text files placed by our Site and stored on your computer), or similar technologies to help analyze trends, administer our Site, track users’ movements around the Site, and track and customize your access to and use of the Site and the Service. Cookies store and retain information that helps us recognize your subsequent visits to the Site. Cookies may also store any login  ID and associated password you use to access the Services, which is stored in an encrypted form. Most popular Internet browsers can be configured to reject cookies and delete those cookies previously accepted.

    We may share personal information with service providers and affiliates to support our services and marketing partners.

    SpringCM affords you the right, at any time, to decide which cookies you want to allow and to change any of your previously selected preferences. You have the right to opt-out of various categories of cookies, except those that are essential to the operation of our Site and Services. Note that deleting optional cookies altogether may result in the disabling of certain functions of our Site. For information on deleting the cookies, please consult your browser’s help function.

    For more information about the choices SpringCM affords you regarding cookies and to indicate your preferences, click on the button below.

    Cookie Settings

    • Behavioral Advertising. We partner with third parties to either display advertising on our Site or to manage our advertising on other websites. Our third-party partners may use technologies, such as cookies tags and scripts, as described above, to gather information about your activities on our Site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not  have your personal information used for the purpose of serving you interest-based ads, you may opt out by clicking here (or if located in the European Union, click here). Please note that your browser must be set to accept cookies and not to delete them upon closing it for these opt out services to work. These opt-out services are not operated by SpringCM and SpringCM has and will have no control, responsibility or liability for their proper operation. Please also note that this does not opt you out of being served ads altogether. You will continue to receive generic ads.
    • Usage Data. The web servers used to operate our Site and Services collect certain data pertaining to the type of device, equipment, and communications methods used to access the Internet and our Site and Services. This data does not readily identify the individual user. It does reveal such things as the Internet protocol (“IP”) address assigned to your computer, pages accessed on the Site or accessed immediately prior to visiting the Site, and the length of time you spent at the Site. This personal information is collected, among other things, to facilitate Site operation and system administration, to generate aggregate statistical information, and to improve the performance of the Services made available on the Site. We may combine this automatically collected log information with other information we collect about you or that you provide to us. We do this to improve the Site and our Services, our marketing, analytics, and the functionality of our technology. SpringCM may also retain the content of and metadata regarding any correspondence you may have with SpringCM or our customer service representatives. This personal information helps SpringCM improve the Site and our Services, and more effectively and efficiently respond to both current and future inquiries.
    • Social Media Widgets. Our Site includes “social media features” and “widgets,” such as the “Share This” button or interactive mini-programs. These features and widgets may collect your IP address, the page or feature you are accessing, and they may place a cookie on your device to enable them to function properly. Social media features and widgets are either hosted by a third party (e.g., Facebook, LinkedIn, Twitter, Google and the like) or hosted directly by SpringCM. Your interactions with these third parties’ social media features and widgets are governed by this Privacy Policy to the extent that any personal information is gathered by or sent to SpringCM, and by the privacy policies and terms of use of the applicable third-party social media companies providing these features and widgets to the extent you interact with their respective websites or apps.
    • When We Collect Personal Information from Third Party Sources

    We may receive personal information about you from other sources, including publicly available databases or third parties from whom we have purchased data. Examples of third-party sources include marketers, partners, researchers, affiliates (like companies connected to SpringCM), and others where they are legally allowed to share your personal information with us. For example, if you register for our Services on another website, the website may provide your personal information to us.

    We may combine personal information from third party sources with personal information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. We may share personal information with service providers and affiliates to support our services and marketing partners.


    1. International Data Transfers.

    SpringCM is a U.S.-based company with customers throughout the world. We primarily store and process personal information within the U.S., but, in some cases, will do so within the European Economic Area (the “EEA”). To facilitate our operations, we may transfer and access such personal information from around the world, including from other countries in which SpringCM has operations, for the purposes described in this Policy and in line with our contracts with our Customers. We may also transfer personal information to our third party sub-processors as described below in this section and in SpringCM’s Sub-Processor List, who may be located in a different country to you. Such countries may have laws that are different, and potentially not as protective, as the laws of your own country.

    SpringCM uses a variety of legal mechanisms in connection with sharing, transferring, processing, or otherwise acting upon personal information related to individuals entitled to the protections of the GDPR, including the EU standard contractual clauses and/or Privacy Shield Framework described in this section.

    EU-U.S. and Swiss-U.S. Privacy Shield. 

    SpringCM complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, the “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland, respectively, to the United States. The provisions of this section apply to EU and Swiss residents and citizens subject to the protection of the Privacy Shield and to our Customers that process their personal information using our Services. SpringCM is committed to and has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles of NoticeChoiceAccountability For Onward TransferSecurityData Integrity and Purpose LimitationAccess, and Recourse, Enforcement, and Liability (collectively, the “Privacy Shield Principles”). If there is any conflict between the terms in this Privacy Policy and SpringCM’s obligations under the Privacy Shield Principles regarding the handling of personal information, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield and to view SpringCM’s Privacy Shield certification, please visit https://www.privacyshield.gov/ and https://www.privacyshield.gov/list, respectively.

    Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (either or both, as applicable, the “Privacy Shield”), SpringCM is responsible for the processing of personal information we receive from the EU and Switzerland, respectively, and subsequently transfers to a third party acting as an agent on our behalf. SpringCM may be liable for the failure of such a third party to adhere to the Privacy Shield Principles, unless SpringCM proves that it is not responsible for the event giving rise to the damage.

    Pursuant to the Privacy Shield, SpringCM is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (https://www.ftc.gov/). In certain situations, SpringCM may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If you are an EU or Swiss resident or citizen, and SpringCM is processing or storing your personal information on behalf of a Customer of SpringCM, or in any other circumstance where the Privacy Shield or the GDPR applies to your personal information, you have the right to access your personal information and additional “opt out” rights with regard to your personal information, including the other rights described under the heading “Your Individual Rights Under the GDPR” in the subsection below, “General Data Protection Regulation (GDPR).”

    If you have any privacy or data use questions or concerns, please contact us as described in the “Contacting SpringCM” section below. SpringCM will respond within 30 days. If, despite our efforts, we have not addressed your privacy or data use concern satisfactorily, you may submit it to our U.S.-based third-party dispute resolution provider at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint , you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

    SpringCM commits to cooperate with EU and Swiss data protection authorities (DPAs) and comply with the advice given by such authorities regarding human resources data transferred from the EU or Switzerland in the context of the employment relationship.

    General Data Protection Regulation (EU) (GDPR) (Effective beginning May 25, 2018).

    Your Individual Rights Under the GDPR. If you are an individual data subject entitled to the protections of the EU General Data Protection Regulation (GDPR), the following information describes additional rights you have regarding your personal information, subject to certain exceptions:

    • The right to be informed regarding the collection and use of your personal information. This Privacy Policy serves that purpose. You should also review the Privacy Policies of any data controllers – including our Customers – to which you may have provided your personal information.
    • The right of access. You have the right to access the personal information that has been collected concerning you, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing.
    • The right to rectification. You have the right to obtain from the data controller (which may be a SpringCM Customer), without undue delay, the rectification of inaccurate personal information concerning you. Considering the purposes of the processing, you have the right to have incomplete personal information completed.
    • The right to erasure (“right to be forgotten”). In certain circumstances, you may have a broader right to erasure of personal information that we hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions, or to comply with our legal obligations. 
    • The right to restrict processing. You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is inaccurate or unlawfully held).
    • The right to data portability. In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information to another data controller without hindrance.
    • The right to object to processing. You may have the right to request that SpringCM stop processing your personal information and/or to stop sending you marketing communications.
    • Rights in relation to automated decision-making and profiling. You may have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concerns you or similarly significantly affects you.
    • Legal Basis for Processing. We will collect or process your personal information only when we have a legal basis for doing so, which depends on how you interact with SpringCM and/or our Services, or the systems or services of one of our Customers (acting as a data controller) on whose behalf we act as a data processor. This means that we will normally collect, process and/or use (depending on the context) your personal informationonly where: 
    • It is supplied to us by you, or by one of our Customers acting as a data controller, and you have consented to the processing of your personal information for one or more specific purposes. Note that where your personal information is contained within the data sent to us for processing by our Customer, you will normally already have provided your consent to that Customer.
    • It is necessary to provide and operate our Services, including providing support and personalized features, or to protect the safety and security of our Services or Customers. 
    • It is necessary in the context of performing our obligations under a contract, e.g., to provide our Services to a Customer.
    • It satisfies a legitimate interest (which is not overridden by your data protection interests), such as research and development, marketing and promotion of our Services, fraud prevention, and to protect our or our Customers’ legal rights and interests. 
    • You provide us, or our Customer, with your consent to do so for a specific purpose. 
    • It is necessary for compliance with a legal obligation to which our Customer (as the data controller) is subject.

    If you have consented to our, or our Customer’s, use of your personal information for a specific purpose, you have the right to change your mind at any time and object to that use, but this will not affect any processing that has already taken place. This may mean, however, that you may no longer be able to use or benefit from our Services.

    • Who Are SpringCM’s Sub-Processors? SpringCM maintains an up-to-date list of the names and locations of all sub-processors that may process personal information on our behalf, which can be found on our SpringCM Sub-Processor List. The list includes the ability for our customers to sign up for notifications of changes. The list also may be obtained by contacting privacy@springcm.com.


    1. Personal Information Sharing.

    • We Do Not Sell Your Personal Information. We will never sell your personal information to any third party, except in the event of a sale, merger, corporate reorganization or other business consolidation or similar transaction, where user personal information may be among the transferred assets or disclosed information (in which case you will be notified via email or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information). 
    • To Sub-Processors to Provide Aspects of Our Services. SpringCM will not share with any third party any personal information in connection with our Services except as stated in this Privacy Policy. This may occur most typically in connection with providing certain features of our Services to our Customers via sub-processors, as described above. If we do, these third parties will have agreed to obligations regarding the security, handling, and transfer of personal information consistent with those undertaken by SpringCM.
    • For Other Purposes. If we share personal information that is not contained within Customer Content with third parties, we will only do so in the ways that are described in this Privacy Policy or if you have provided consent after notice. We may share personal information with our affiliated companies (those we control, or which are under common control with us by a parent entity) to respond to your inquiries, process orders, assist us in providing Services, or to help improve our Services. We may also share personal information with business partners, service vendors, authorized third-party agents or contractors in order to provide the Services or a requested transaction, including processing orders, processing credit card transactions, hosting websites, hosting demos, event and seminar registration and providing customer support, or to provide you with information regarding our Services or the services or products of third parties that may be of interest to you and for other legitimate and lawful business purposes of SpringCM.
    • Minimal Disclosure. We only provide third parties with the minimum amount of personal information necessary for an authorized purpose and such third parties are not permitted to use your personal information for any other purpose not disclosed or authorized under this Privacy Policy .


    1. Your Privacy Rights / Choices / Opting Out.

    If you are an individual or consumer entitled to the protections of the EU General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield, you may opt out of having any of your personal information disclosed to a third party or used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you, subject to certain exceptions.

    Generally, subject to the above two paragraphs, the following will apply:

    • Reviewing, Correcting, and Removing Your Personal Information. Upon request, but except to the extent contained within our Customer’s data stored using our Services, in which case we will refer you to our Customer as described above, we will advise you on whether SpringCM holds any of your personal information. If you provide us with your personal information, you have the following rights with respect to that personal information:
    • To review the personal information that you have supplied to us.
    • To request that we correct any errors, outdated personal information, or omissions in user information that you have supplied to us.
    • To request that your personal information not be used to contact you.
    • To request that your personal information be removed from any solicitation list that we use.
    • To request that your personal information be deleted from our records.
    • To opt out of being solicited by SpringCM or third parties.
    • To request information associated with your privacy information, such as the categories of personal information involved, the categories of recipients of your personal information; how we received your personal information and its source; our business purpose for using your personal information; and how long we use or store your personal information or the manner in which we determine relevant retention periods

    To exercise any of these rights, please contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section below.

    • Anti-Spam Policy. We will not send you unsolicited commercial email in violation of applicable laws. Every email we send for marketing purposes will include a mechanism for “opting-out” of further such communications.
    • To Unsubscribe From Our Communications.

    You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails, or by contacting us at privacy@springcm.com or as otherwise described in the section “Contacting SpringCM,” below.

    Once you opt out, we will honor your choice until you inform us otherwise. All requests made by Customers or Visitors to SpringCM to update or delete any personal information shall be responded to within a reasonable period, not exceeding 30 days. Please note that opting out of behavioral advertising, i.e., advertising based upon your browsing activities and interests, requires that you use the opt-out methods described in the “Behavioral Advertising” section above.

    We will take reasonable steps to verify your identity. If you have an account with us, we may verify you through your login of your account. If you do not have an account with us, we may seek a confirmation by email or seek other personal information, including government-issued identification, to verify your identity.
    You may authorize an agent to make a request to us on your behalf and we will verify the identity of your agent or authorized legal representative by either seeking confirmation from you or documents that establish the agent’s authorization to act on your behalf.

    Under any circumstances, the sender of any communications to SpringCM is responsible for the personal information contained therein, including its accuracy and truthfulness, and you agree that you will not knowingly notify SpringCM of any information which is inaccurate or which you do not have the legal right to provide. Customers cannot opt out of receiving transactional emails related to their account with us or the Service.

    • To Unsubscribe from Our Customers' Communications. Our Customers are solely responsible for their own marketing emails and other communications; we cannot unsubscribe you from their communications. You can unsubscribe from our Customers' marketing communications by clicking on the "unsubscribe" link located on the bottom of their emails, or by contacting the sender directly.

    California. California residents may ask for a list of third parties that have received your information for direct marketing purposes during the previous calendar year. This list also contains the types of information shared. We provide this list at no cost. If you are a California resident and would like to request this information, please contact us at privacy@springcm.com).

    1. When We May Disclose Personal Information.

    Notwithstanding anything else in this Privacy Policy, including any opt-out instructions we receive from you, we may also disclose personal information without notifying you in the following circumstances: (i) in response to subpoenas, court orders or other legal process, or to establish or exercise our legal rights or defend against legal claims; (ii) when we believe it to be necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our MSA or other agreement with you, and/or to protect our rights and property or those of others with which we do business; (iii) when we sell or license the Service (excluding usage license rights granted to Customers during the normal course of business) as an asset, or in the event of a sale, merger, corporate reorganization or other business consolidation or similar transaction, where personal information may be among the transferred assets or disclosed information (in which case you will be notified via email or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information); or (iv) when we have your prior consent to do so. If you are an individual data subject entitled to the protections of the EU General Data Protection Regulation (GDPR), the EU-U.S. Privacy Shield and/or the Swiss-U.S. Privacy Shield, we will act in accordance with your rights and as instructed by our Customer if acting as a data controller with regard to your personal information. Please see the “International Data Transfer” section above.


    1. Retention.

    Except to the extent prohibited by law, and subject to this Privacy Policy (and the MSA if you are a Customer), we will retain and use personal information for a period of time consistent with the original purpose for which it was provided or collected, e.g., as needed to provide you the Services, to document our business relationship with you, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, and for a reasonable period of time thereafter. The foregoing does not apply to any personal information included in Customer Content, e.g., contained within a stored document uploaded to our Services platform – our Customer exclusively controls the disposition of that personal information and we will retain personal information in accordance with their instructions.

    If you wish to cancel your account and status as an active Customer of SpringCM, your termination rights are specified in your MSA. If you wish to request that we no longer use personal information you have supplied in order to provide you the Services, please contact us at privacy@springcm.com or as otherwise described in the “Contacting SpringCM” section. Personal information no longer retained will be disposed of or destroyed in a reasonable manner intended to prevent loss, theft, misuse, or unauthorized access. If you are a Visitor, we will retain your personal information for as long as we deem necessary for legitimate business purposes. 


    1. How We Protect Your Personal Information.

    SpringCM recognizes that protecting the personal information entrusted to us is critical to maintaining the confidence and trust upon which we’ve built our business. For this reason, we provide industry-standard security procedures and processes to protect personal information. Our physical security layer is protected by need-to-know authorization provided only to the appropriate operations individuals. Additionally, the servers we use to provide our Services are caged within a room protected by secure access procedures. Our network security layer is secured with TLS encryption technology compliant with PCI Security Standard Council standards, so all communication with our Services is encrypted. Our network is also protected by industry-standard firewall technology and administered real-time to provide timely security patching. This layer is also monitored by intrusion-detection systems designed to detect unauthorized access.

    Importantly, all personal information is encrypted at rest.

    These safeguards are intended to protect personal information and to ensure, to the extent possible, the proper and legal use of the Site and our Services. SpringCM protects personal information through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access, and unauthorized disclosure and alteration.

    In addition, SpringCM maintains the confidentiality and security of Customer Content, including any personal information to the extent included therein by the Customer, pursuant to the applicable MSA between SpringCM and our Customer for the Services.


    1. Changes to this Privacy Policy.

    From time to time, we may change our Privacy Policy because of changes in applicable legal or regulatory requirements, the business or business practices of SpringCM, or other reasons. Such changes shall become effective upon the posting of a revised Privacy Policy on this Site. If our changes to the Privacy Policy are material as to how we handle or use personal information, we may post a prominent notice on our Site or notify you directly before they take effect. Your continued use of this Site or our Services following the effective date of a revised posted Privacy Policy will mean that you accept those changes. We encourage you to periodically review this page for the latest information on our privacy practices.


    1. Linked Sites.

    For your convenience, some hyperlinks may be posted on the Site that link to other websites not under the control of SpringCM. We are not responsible for those other websites, and this Privacy Policy does not apply to the privacy practices of those sites. In addition, when you initiate a transaction on a website that our Site links to, even if you reached that site through our Site, the personal informationyou submit to complete that transaction becomes subject to the privacy practices of the owner of that linked site. You should read their privacy policies to understand how they use and protect personal information and other data that they collect. SpringCM is not responsible for the privacy, security, other information practices, or any acts or omissions of our suppliers or any third parties or their websites.


    1. Children's Privacy.

    Our Services are not designed for and are not marketed to people under the age of 18 (“minors”). We do not knowingly collect or ask for personal information from minors. We do not knowingly allow minors to use our Services. If you are a minor, please do not use our Services or send us your personal information. We delete personal information that we learn is collected from a minor without verified parental consent. Please contact us using privacy@springcm.com if you believe we might have personal information from or about a minor.



    1. Contacting SpringCM.

    Please direct any questions, inquiries or complaints regarding our privacy practices or this Privacy Policy to SpringCM at privacy@springcm.com or by contacting our customer service line at 877-362-7273 or 312-881-2026. Additional contact information: SpringCM Inc., Attn: Customer Support, 180 North LaSalle Street, 6th Floor, Chicago, IL 60601 USA; Telephone: (877) 362-7273 or (312) 881-2026; Facsimile: (312) 253-8215.


    Copyright © 2019 SpringCM Inc. All rights reserved.