1. INFORMATION WE COLLECT
When you contact us or interact with our Service we collect information that alone or in combination with other information could be used to identify you ("Personal Data") as follows:-
Personal Data You Provide:
We may collect your name, email address, phone number, and payment information when you register for our Service, sign up for our mailing list, or otherwise communicate with us. We may also collect any communications between you and Spotlight and any other information you provide to Spotlight.
We also have pages on social media sites like Facebook and Twitter ("Social Media Pages"). When you interact with our Social Media Pages, we may collect Personal Data that you elect to provide to us through your settings on the Social Media Site, such as your contact details.In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
Personal Data Collected Automatically:
Spotlight Content. We collect information from Spotlight product features, including the content of drafts or snippets you create in the Service and read receipts.
Authentication Tokens. When you sign in to the Service, we collect and store encrypted Gmail authentication tokens.
Use of the Site and App: When you visit, use and interact with the Site or App, we may receive certain information about your visit, use or interactions. For example, we may monitor the number of people that visit our Site or App, peak hours of visits, which page(s) are visited on our Site,the domains our visitors come from (e.g., google.com, yahoo.com, etc.), and which browsers people use to access and visit our Site (e.g., Firefox,Microsoft Internet Explorer, etc.), broad geographical information, and Site-navigation pattern. In particular, the following information is created and automatically logged in our systems:
· Log data: Information that your browser automatically sends whenever you visit the Site ("log data"). Log data includes your Internet Protocol ("IP") address (so we understand which country you are connecting from when you visit the Site), browser type and settings, the date and time of your request, and how you interacted with the Site.
· Device information: Includes the operating system and browser you are using. Information collected may depend on the type of device you use and its settings.
· Usage Information: We collect information about how you use our Site and App, such as the types of content that you view or engage with, the features you use, the actions you take, and the time,frequency and duration of your activities.
· Anonymous Email Information. We collect and store anonymous information about emails you send and receive through the Service. This includes numeric identifiers and timestamps, but does not include Email Content Data (as defined below) or other information that could identify the sender, the recipient or the subject of the email.
Personal Data We Receive From Third Parties: From time to time we may receive information about you from third parties and other users, including your job title, employer, and location. We may also collect information about you that is publicly available. This may include your publicly available social media information, or your contacts' publicly available social media information. The data we receive is dependent upon your and your contacts' privacy settings with the relevant social network.
Personal Data We Process on Your Behalf: we process the contents of emails you send and receive through the Service, as well as the email addresses of the people you communicate with through the Service(collectively "Email Content Data"), on your behalf and subject to your instructions.
Personal Data We Process on Behalf of Business Customers:If one of our business customers (such as your employer) provides you with access to the Service, we process your information pursuant to our Terms of Service and other agreements with the applicable business customer. If you are such an individual and would no longer like your data to be used by one of our business customers that use our Services or you would like to access, corrector request deletion of your data, please contact the business customer that you interact with directly.
2. HOW WE USE PERSONAL DATA
We use Personal Data to provide the Service and improve your email experience. This processing is necessary to perform our contract with you.
We also use Personal Data as necessary for the following legitimate business interests:
· To update and synchronize Service features across multiple devices (i.e., so a draft email you begin on one device will be available on your other device(s));
· To display information in the Service (such as emails and insights (such as job titles and profile photos) about other individuals with whom you communicate through the Service);
· To respond to your inquiries, comments, feedback or questions and provide on boarding support;
· To solicit referrals for new users from current users and to contact such referrals and other potential users;
· To manage our relationship with you, which includes sending administrative information to you relating to our Service and changes to our terms, conditions, and policies and sending account verification or technical/security notices;
· To analyze how you interact with our Service and provide, maintain and improve the content and functionality of the Service and our customer relationships and experiences, develop our business and inform our marketing strategy;
· To administer and protect our business and the Site, prevent fraud, criminal activity, or misuses of our Site, and to ensure the security of our IT systems, architecture and networks (including troubleshooting, testing, system maintenance, support and hosting of data); and
· To comply with legal obligations and legal process and to protect our rights, privacy, safety or property, and/or that of our affiliates, you or other third parties, and recover debts due to us.
For information about what we mean by legitimate interests and the rights of individuals in the European Union ("EU"), please see the "EU Users" section below.
Marketing. We may contact you to provide information we believe will be of interest to you. For instance, if you elect to provide your email address, we may use that information to send you promotional information about our products and services. If we do, where required by law, for example if you are in the EU, we will only send you such emails if you consent to us doing so at the time you provide us with your Personal Data. You may opt out of receiving emails by following the instructions contained in each promotional email we send you or by contacting us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding our Site and Services and to respond to your requests.
3. HOW WE SHARE AND DISCLOSE PERSONAL DATA
In certain circumstances we may share your Personal Data with third parties without further notice to you, unless required by the law,as set forth below:
· Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share Personal Data with service providers, including web hosting, debugging services, email and productivity services, survey providers,data base and sales/customer relationship management services, customer service providers, payment processors; web and app analytics services, and data brokers. Notwithstanding the foregoing, we only share Email Content Data with our hosting provider (Google, Inc.). Pursuant to our instructions, these parties will access, process or store Personal Data in the course of performing their duties to us.
· Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy,receivership, sale of all or a portion of our assets, or transition of service to another provider, your Personal Data and other information may be shared in the diligence process with counter parties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction along with other assets.
· Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with legal or regulatory obligations, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Site, or the public, or (v) protect against legal liability.
4. DATA RETENTION
If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications and in accordance with our policies.
To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
5. UPDATE YOUR INFORMATION
If you need to change or correct your Personal Data, or wish to have it deleted from our systems, you may contact us. We will address your request as required by applicable law.
6. CALIFORNIA PRIVACY RIGHTS DISCLOSURES
Our Service is not directed to children who are under the age of 13. Spotlight does not knowingly collect Personal Data from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Data to Spotlight through the Service please contact us and we will endeavour to delete that information from our databases.
8. EU USERS
Scope. This section applies to individuals in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway, the United Kingdom, and,to the extent applicable, Switzerland).
Data Controller. Data protection laws in the EU differentiate between the "data controller" and "data processor" of Personal Data. If you signed up for the Service on your own,Spotlight is the data controller for the processing of your Personal Data. You can find our contact information, and the contact information of our EU-based representative, in the "Contact Us" section below.
Data Processor. If one of Spotlight's business customers has granted you access to the Service, Spotlight is the data processor for the processing of your Personal Data. To exercise the rights described below in relation to such processing of Personal Data, please contact the applicable business customer. Spotlight is also the data processor for the processing of Email Content Data on your behalf.
Your Rights. Pursuant to the European Union General Data Protection Regulation (or GDPR), you have the following rights in relation to your Personal Data, under certain circumstances:
· Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
· Right to rectification: If your Personal Data is in accurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
· Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
· Right to restrict processing: You may ask us to restrict or 'block' the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object).We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
· Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
· Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
- If we are relying on a legitimate interest to process your Personal Data -- unless we demonstrate compelling legitimate grounds for the processing or we need to process your data in order to establish, exercise, or defend legal claims;
- If we are processing your Personal Data for direct marketing. We may keep minimum information about you in a suppression list in order to ensure your choices are respected in the future and to comply with data protection laws (such processing is necessary for our and your legitimate interest in pursuing the purposes described above);
· Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
· Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns (in the UK, the Information Commissioner's Office (ICO), who can be contacted at https://ico.org.uk/concerns, and in other EU countries the data protection authority of the country in which you are located).
Please see the "Contact Us" section below for information on how to exercise your rights.
Data Transfers. We rely on our EU-U.S. and Swiss-U.S.Privacy Shield certification to transfer Personal Data that we receive from the EU and Switzerland to Spotlight in the U.S. (for more information, please read the "Privacy Shield" section below).
9. PRIVACY SHIELD
General. We rely on our Privacy Shield certification to transfer Personal Data that we receive from the EU and Switzerland to Spotlight in the U.S. and we process such Personal Data in accordance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability ("Privacy Shield Principles"), as described below.
Accountability for Onward Transfers. We may be accountable for the Personal Data we receive under the Privacy Shield that we may transfer to third-party service providers (described in the section"How We Share and Disclose Personal Data" above). If such service providers process Personal Data in a manner inconsistent with the Privacy Shield Principles, we are responsible for the harm caused.
Access. EU users have certain rights to access,correct, amend, or delete Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. Please see the"Your Rights" section above for more information on the rights of users in the EU (and, to the extent applicable, users in Switzerland).
Recourse, Enforcement, Liability. In compliance with the Privacy Shield Principles, Spotlight commits to resolve complaints about our processing of your Personal Data. EU and Swiss users with inquiries or complaints regarding this Private Shield Policy should first contact Spotlight at: firstname.lastname@example.org.
We have further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider JAMS (free of charge) at https://www.jamsadr.com/eu-us-privacy shield.
If your complaint is not resolved through these channels,under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit :https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Frameworks.
10. LINKS TO OTHER WEBSITES
Cookies can be stored on your computer for different periods of time. Some cookies expire after a certain amount of time, or upon logging out (session cookies), others survive after your browser is closed until a defined expiration date set in the cookie (as determined by the third party placing it) and help recognize your computer when you open your browser and browse the Internet again (persistent cookies).