Last updated October 21, 2016
Spredfast, Inc. and its wholly owned subsidiaries, Shoutlet, Inc. and Spredfast Limited (collectively, “Spredfast” or “we” or “us”) provide an open social marketing platform and related services, including software as a service (“SaaS”) applications, tools and platform, which help connect our Customers to the people they care about the most (collectively, “Spredfast Services”).
Overview & Purposes for Data Collection
Spredfast is committed to protecting the privacy of Visitors and Customers. We collect information from Visitors and Customers for legitimate business purposes, primarily to operate our Websites and to provide, and improve, Spredfast Services.
We also process content on behalf of our Customers as their data processor. This content consists of content published or generated through the Spredfast Services, such as content Customers collect from Facebook, Twitter or other social media networks. It is our Customers, and not Spredfast, who control how such information and content is collected and used. Spredfast processes (rather than controls) such content in accordance with instructions from Customers.
1. Information We Collect
The specific types of information we receive from those who provide content through one of our Spredfast Services include the following:
Information Provided to Us by Individuals
Personally Identifiable Information. When Visitors sign up on our website to receive information or to otherwise engage with us or when Customers use Spredfast Services, it is their choice to do so and if they so choose, such Visitors or Customers may be required to provide his or her name, address, telephone number, email address, or other types of personally identifiable information (collectively, “Personally Identifiable Information”).
Information We Collect from Computers or Internet Devices
Access device and browser information. When a Visitor uses one of our websites or when a Customer uses a Spredfast Service, we may collect information from that device, such as the browser type, location of the device, operating system, and IP address, as well as which website or Spredfast Service was used.
Google Analytics. Spredfast uses a specific cookie in order to facilitate the use of Google Analytics with respect to our Customers using Spredfast Services. We may use Customers' Spredfast log in information together with Google Analytics to track and analyze the web pages Customers visit so that we can better understand and improve Spredfast Services. With respect to Visitors of our websites, we also use Google Analytics features such as Google Analytics Demographics and Interest Reporting. For more information about Google Analytics, please visit: www.google.com/policies/privacy/partners/.
Information We Receive from Customers and Third Parties
Customer Data. Customers provide us with data to enable them to log on and use the Spredfast Services, which consists of personally identifiable information of their authorized users, company information and configuration, content, internal communications and notes. This information is what we refer to as “Customer Data” in most agreements with our Customers.
Customer websites and social media websites. We do not own or operate our Customers’ websites or the social media or other websites used in connection with the Spredfast Services. When a Customer provides or accesses information through one of our Spredfast Services, we may receive information from the Customer input, in response to, or by way of interaction with, content generated by Customers using Spredfast Services as well as from the Customer’s website or the relevant social media site, including information about actions that the third party takes and may include additional information about the third party that was published on or provided to the Customer website or social media site.
Information from other websites. We may obtain information from partners and other websites concerning Visitors. For example, we may ask or engage third parties to tell us additional information about Visitors, such as how they responded to our communications or promotions.
2. Quality, Use, Disclosure, Retention, and Disposal: How We Can Use and Share Information
We consider information such as answers to surveys, comments, ideas, and suggestions (in each case, which do not contain Personally Identifiable Information) to be non-personal and do not classify such as Personally Identifiable Information. Except as otherwise provided by applicable contracts with our Customers or a third party, we are free to disclose and use such data or information without any obligation.
Information from Spredfast Services Used by Customers
Customers may initiate a transfer of information collected from their use of Spredfast Services or their Customers or other third party’s interaction with, or response to, content generated by a Customer’s use of Spredfast Services. The Customer may transfer such information from our systems to their systems. The information may also be consolidated with other information collected through a Spredfast Service. We do not control how Customers use the information collected by way of their use of a Spredfast Service, but Customers must comply with all applicable laws and any applicable terms and conditions, such as terms and conditions of social media networks, when collecting and using such information.
Aggregate and Statistical Data
We use Aggregate and Statistical Data to enable Spredfast and our Customers to better understand our tools and Spredfast Services-related activity. The Aggregate and Statistical Data also allows us to (a) effectively troubleshoot and resolve issues, (b) provide technical support assistance, (c) improve our offerings by enabling us to better understand which Spredfast Services Customers prefer and (d) provide relevant information to Customers relating to their usage of the Spredfast Services.
When we use Aggregate and Statistical Data, we do not link it to Personally Identifiable Information. We use the Aggregate and Statistical Data we collect and share it with selected affiliates and Customers in analyzing trends, the demographics of social media users, and usage of our Spredfast Services. We may use Aggregate and Statistical Data to improve our marketing and promotional efforts, to statistically analyze site and Spredfast Services usage, and to improve our content service offerings.
Point of Collection Purposes
Sometimes, our Customers have specific purposes for which they plan to use an individual user’s information, and our Customers describe those purposes at the point of collection. For example, a Customer may solicit a user’s feedback in order to improve services and products, respond to a user’s questions or comments, register in connection with a contest, giveaway, or drawing, respond to a request for a brochure, or to otherwise send information to the user. We may be asked to fulfill or assist with the fulfillment of the requirements associated with the point of collection purposes.
Vendor Services to Spredfast
We may share Personally Identifiable Information and other information with our vendors, contractors, and partners in connection with services that these individuals or entities perform for or with us and our Customers. The services they provide may include such activities as tools that work with Spredfast Services, fulfillment services, and promotional email or direct mail campaigns for the benefit of our Customers or prospective customers. These vendors, contractors, and partners are restricted from using this data in any way other than to provide services for us. They may not share or resell any information, including Personally Identifiable Information.
Acquiror of Spredfast
We may disclose Personally Identifiable Information and other information about Visitors in connection with an anticipated change of control of Spredfast pursuant to a merger, acquisition, or sale of all or substantially all of our assets. Such disclosure will be governed by appropriate non-disclosure contractual provisions.
Disclosure and Use for Legal Reasons
Respond to Requests Initiated by Visitors
We may disclose and use Personally Identifiable Information and other information about an individual Visitor in order to respond to an inquiry, request, or complaint that the Visitor has made or to provide the Visitor with additional requested information, alerts, and updates regarding relevant services and products.
Deletion of All Personally Identifiable Information
At the request of a Visitor, we will delete from our active databases all Personally Identifiable Information the Visitor provided to us. In addition, at the request of a Customer, we will delete from our active databases all Personally Identifiable Information collected through Spredfast Services collected by such Customer. However, we may not be able to delete information accessed or provided through Spredfast Services if we do not control such information, such as information that originated through a social media network and is consequently controlled by such social media network. In addition, we may retain such information to the extent required by law or if copies are kept in archival backups, but in no event will we use or disclose such information except as required by law. To request the removal of Personally Identifiable Information, please send us an email to email@example.com. See “Access to and Correction of Personally Identifiable Information” below for additional information as to correction and deletion of Personally Identifiable Information of individual Visitors.
3. Access, Security, and Other Important Matters Related to Privacy
Access to and Correction of Personally Identifiable Information
Protection of Children’s Personally Identifiable Information
We do not intend to collect Personally Identifiable Information from anyone under age 13 and will not knowingly collect, maintain, or disclose such information. As a condition to using the Spredfast Services, Customers should not knowingly collect information from anyone under age 13. If a Customer or a parent or guardian has discovered that a child under age 13 has submitted his or her Personally Identifiable Information, upon notification of us, we will make reasonable efforts to remove the information from our database. To request the removal of a child’s information, please send us an email to firstname.lastname@example.org.
We have developed and implemented a security policy and program that includes administrative, technical, and physical safeguards to protect Personally Identifiable Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. In addition, we have restricted logical access to Personally Identifiable Information, and we have restricted physical access to the environment where we store that information. When transmitting Personally Identifiable Information from our database through a Spredfast application programming interface to a Customer, we use an encryption protocol to help ensure the information is kept secure. In other circumstances, we strongly urge our Customers who collect Personally Identifiable Information while using a Spredfast Service to retrieve the collected information from our database using an encryption protocol or other adequate measures to maintain the security of the information retrieved.
5. EU Privacy Shield and Swiss Safe Harbor
Additionally, we adhere to the Swiss Safe Harbor Program (http://export.gov/safeharbor/) (the “Safe Harbor”) and its principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement with respect to personal information (as defined below). We will respond to requests to access or delete personal information within 30 days. We will adhere to the requirements of the Safe Harbor with respect to sensitive information (as defined below). As a condition to using the Spredfast Services, Customers are required to obtain all necessary individual consents in order to collect and use sensitive information.
For purposes of this Safe Harbor disclosure, “personal information” means data that is (a) transferred from the European Union or Switzerland, as the case may be, to the United States; (b) recorded in any form; and (c) about, or pertains to, a specific individual who is identified in, or is identifiable from, the data. “Sensitive information” means personal information specifying medical or health conditions, personal sexuality, racial or ethnic origin, political opinions, religious, ideological, philosophical, or trade union-related beliefs, views or activities, trade union membership, information specifying the sex life of the individual, information on social security measures, or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings. Sensitive information also includes personal information received from a third party where the third party treats and identifies it as sensitive.
Monitoring and Enforcement
Spredfast is subject to the investigatory and enforcement powers of the US Federal Trade Commission (the “FTC”). In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Spredfast is potentially liable.
Spredfast has further committed to refer unresolved privacy complaints under both the EU-US Privacy Shield Principles and Safe Harbor, to the International Centre for Dispute Resolution (the “ICDR”), an international dispute resolution provider. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.icdr.org for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.