Effective April 19, 2018
This Policy does not apply to websites, applications or other services that do not display or link to this statement or that display or link to different privacy statements.
Notice to European Union (“EU”) Residents
This Policy is intended to provide adequate and consistent safeguards for the handling of Personal Information (as defined herein) in accordance with Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the “Directive”) and all the relevant transposing legislation of the Directive in the EU/European Economic Area (“EEA”), the Swiss Federal Data Protection Act, as such laws may from time to time be amended and valid during the application of this Policy, the Privacy Shield, and any other privacy laws, regulations and principles concerning the collection, storage, use, transfer and other processing of personal data transferred from the EEA or Switzerland to the United States including but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “General Data Protection Regulation”) as of its entry into force on 25 May 2018.
Principles for Processing Personal Information
We respect your privacy and are committed to protecting your Personal Information in compliance with the applicable legislation. This compliance is consistent with our desire to keep you informed and to recognize and respect your privacy rights. We agree to observe the following principles when processing Personal Information:
- Data will be processed fairly and in accordance with applicable law.
- Data will be collected for specified, legitimate purposes and not processed further in ways incompatible with those purposes.
- Data will be relevant to and not excessive for the purposes for which they are collected and used. For example, data may be rendered anonymous if deemed reasonable, feasible and appropriate, depending on the nature of the data and the risks associated with the intended uses.
- Data subjects in the EU will be asked to provide their clear and unequivocal consent for the collection, processing and transfer of their personal data.
- Data will be accurate and, where necessary kept up up-to-date. Reasonable steps will be taken to rectify or delete Personal Information that is inaccurate or incomplete.
- Data will be kept only as it is necessary for the purposes for which it was collected and processed. Those purposes shall be described in this Policy.
- Data will be deleted or amended following a relevant request by the concerned data subject, should such notice comply with the applicable legislation each time.
- Data will be processed in accordance with the individual’s legal rights (as described in this Policy or as provided by law).
- Appropriate technical, physical and organizational measures will be taken to prevent unauthorized access, unlawful processing and unauthorized or accidental loss, destruction or damage to data. In case of any such violation with respect to personal data, we will take appropriate steps to end the violation and determine liabilities in accordance with applicable law and will cooperate with the competent authorities.
Collection of Information
We collect certain personally identifiable information from you in various ways when you use our Services (“Personal Information”), including:
Information you provide to Us. We may collect your name, email address, phone number and other information when you use the Services. In addition, when your principal, employer or GSC (“Principal”) registers you to be able to use the Services to access Mission Information (see below), we will receive additional information including the email address associated with your GSC email. We may also obtain information that you upload to the App as part of any campaign, campaign objectives or mission (“Mission Information”). When you upload information, we may also collect associated location information and time stamped information, which we may combine with other information that we have collected under this Policy.
Mailing list Information. You can be added to the GSC mailing list upon request; subscriptions to the mailing list can be cancelled at any time.
Support information. You can engage in communications with a GSC software support representative during which you may provide certain information as required to assist you with your questions. Additionally, when you submit a request, review or comment to our software support department or participate in any interactive services GSC offers (today or in the future), we may ask you for your e-mail address or other contact information so we can follow up with you and we may obtain other Personal Information about you.
Information from Social Networking Sites. Our Services include interfaces that allow you to connect with social networking sites (each an “SNS”). If you connect to a SNS through our Services, you authorize us to access, use and store the information that you agreed the SNS could provide to us based on your settings on that SNS. We will access, use and store that information in accordance with this Policy. You can revoke our access to the information you provide in this way at any time by amending the appropriate settings from within your account settings on the applicable SNS.
Information We Get from Others. We may also get information about you from other sources, for example, from your Principal.
Information Automatically Collected. When you visit or enter our Services, some information is automatically collected. For example, when you visit our Website your computer’s operating system, Internet Protocol (IP) address, access times, browser type and language, and the website you visited before our site are logged automatically (“Usage Information”). We also collect information about your usage and activity on our Services.
Cookies and Other Tracking Technologies
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when it revisits our Services; and (2) third party cookies, which are served by service providers on our Services, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.
We may collect information using Web beacons. Web beacons are electronic images that may be used on our Website or in our emails. We use Web beacons to deliver cookies, count visits, understand usage and to tell if an email has been opened and acted upon.
Local Shared Objects
We may use local shared objects, also known as Flash cookies, to store your preferences such as volume control or to display content based upon what you view on our sites to personalize your visit. Third party partners provide certain features on our sites and display advertising based upon your Web browsing activity using Flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount of, type of, and way in which data is stored. Cookie management tools provided by your browser usually will not remove Flash cookies. Learn how to manage privacy and storage settings for certain Flash cookies.
Disabling Cookies and Other Information
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org and www.youronlinechoices.com.uk if you are in the UK or EU.
We may also share aggregated anonymous or de-identified information. When we use the term “Anonymous Data”, we are referring to data and information that does not permit you to be identified or identifiable, either alone or when combined with any other information available to a third party.
We may create Anonymous Data from the personal data we receive about you and other individuals whose personal data we collect. Anonymous Data might include analytics information and information collected by us using cookies. We make personal data into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We use this Anonymous Data to analyse usage patterns in order to make improvements to our Services.
Use of Information
We use personal data and Mission Information collected through our Services for purposes described in this Policy. For example, we may use your information to:
- operate and improve our Services and products;
- understand you and your preferences to enhance your experience and enjoyment using our Services and products;
- track, collate, and analyze your use of the Services, and your progress in completing any campaigns, campaign objectives or missions set by your Principal (“Missions”);
- process and deliver contest entries and rewards;
- respond to your comments and questions and provide customer service;
- provide and deliver products and services you request;
- to send you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
- communicate with you about new contests, promotions, rewards, upcoming events, and other news about products and services offered by the GSC and our selected partners; and
- link or combine it with other personal data we get from third parties, to help understand your needs and provide you with better service.
Sharing of Information
We do not share your personal data with third parties other than as follows.
- Third Parties Designated by You. With your consent, we may share your information with third parties for their own marketing purposes subject to their separate privacy policies. We may also share your information with with your Principal in order to provide feedback about the Principal’s business and a particular Mission.
- Our Third-Party Service Providers. We may share your information with third-party vendors, consultants and other service providers who work for us and need access to your information to do that work, such as hosting providers.
- Corporate Restructuring. We may share our information in connection with or during negotiation of any merger, financing, acquisition, or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company.
Where We Store Your Information
We store your Personal Information in the United States. If you live in another country outside of the United States, you understand and agree that your Personal Information may be transferred to and processed in the United States, and that we may be required to use or disclose your information to a third party, including a government authority, in connection with a legal action or other proceeding, including without limitation, in response to a court order or a subpoena.
You may opt out of receiving promotional emails from us by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations. You may also send requests about your contact preferences and changes to your information including requests to opt-out of sharing your personal data with third parties by emailing email@example.com.
If you have provided your phone number and consented to receive text messages, you may revoke your consent at any time by texting “STOP” to the applicable short code.
Third Party Sites and Links
Our Services may contain links to third party websites and features. This Policy does not cover the privacy practices of such third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, features or policies. Please read their privacy policies before you submit any data to them.
The Services are not directed to children under the age of 13 and GSC does not intentionally collect any information from or about children under the age of 13. If you believe a child has provided us with information, contact us at firstname.lastname@example.org.
We utilize reasonable physical, technical and administrative safeguards to help protect personal data against loss, misuse, unauthorized access or disclosure.
You have the right to be provided with information as to the nature of the Personal Information stored or processed about you by GSC and may request deletion or amendments.
You may email email@example.com to review, update, and revise your Personal Information.
If access is denied, you have the right to be informed about the reasons for denial. You may resort to the dispute resolution described in this policy as well as in any competent regulatory body or authority. GSC shall handle in a transparent and timely manner any type of internal dispute resolution procedure about Personal Information is conducted.
If any information is inaccurate or incomplete, you may request that the data be amended. It is your responsibility to provide use with accurate Personal Information about yourself and to inform us of any changes. (e.g. new home address or change of name).
If you demonstrate that the purpose for which the data is being processed in no longer legal or appropriate, the data will be deleted, unless the applicable law requires otherwise. You also have the right to request the deletion of your personal data for any reason by emailing firstname.lastname@example.org.
Additional Enforcement Rights and Mechanisms
If at any time, you believe that your Personal Information has been processed in violation of this Policy, you may report the concern to the competent GSC official. In particular, if you have any inquires or complaints about the use or limitation of use of your Personal Information, you may contact our corporate headquarters:
GoSpotCheck, Inc, Attn: General Counsel, 1500 Market St., Denver, CO 80202, or email us at email@example.com.
Your California Privacy Rights
If you are a California resident, you have the right to request information from us regarding the manner in which GSC shares certain categories of Personal Information with third parties for their direct marketing purposes, in addition to the rights set forth above. Under California law, you have the right to send us a request at the designated address listed below to receive the following information:
- The categories of information we disclosed to third parties for their direct marketing purposes during the preceding calendar year;
- The names and addresses of the third parties that received the information; and
- If the nature of the third party’s business cannot be determined from their name, examples of the products or services marketed.
This information may be provided in a standardized format that is not specific to you. The designated email address for these requests is firstname.lastname@example.org.
Also, please note that we have not yet developed a response to browser “Do Not Track” signals, and do not change any of our data collection practices when we receive such signals. We will continue to evaluate potential responses to “Do Not Track” signals in light of industry developments or legal changes.
EU-U.S. Privacy Shield
GSC complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the EU to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit www.privacyshield.gov.
Our participation in the Privacy Shield applies to all Personal Information that is received from the EU and EEA.
We remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process Personal Information on our behalf do so in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event giving rise to the damage.
You may request access to any Personal Information maintained on you by GSC at any time by emailing email@example.com.
If you believe that we have not adhered to this Policy, please contact us by e-mail at firstname.lastname@example.org. We will do our best to address your concerns. If you feel that your complaint has been addressed incompletely, we invite you to let us know for further investigation. For any complaints that cannot be resolved with GSC directly, we have chosen to settle the dispute exclusively by the International Centre for Dispute Resolution (“ICDR”) in accordance with its International Arbitration Rules. To file a complaint via ICDR, please visit http://go.adr.org/privacyshield.html.
For complaints left unresolved by all other available mechanisms, you may invoke binding arbitration with the Privacy Shield Panel, which consists of a pool of 20 arbitrators designated by the Department of Commerce and the European Commission, from which the parties will be able to select either one or three arbitrators.
GSC is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Obligations to Data Protection Authorities
We will respond diligently and appropriately to requests from DPAs about this Policy or compliance with applicable data protection privacy laws and regulations. We will, upon request, provide DPAs with names and contact details of the individuals designated to handle this process. With regard to transfers of Personal Information, we will (1) cooperate with inquiries from the DPA responsible for the entity exporting the data and (2) respect its decisions, consistent with applicable law and due process rights. With regard to transfers of data to third parties, we will comply with DPAs’ decisions relating to it and cooperate with all DPAs in accordance with applicable legislation.
Your Consent and Updates to this Policy
If you have any questions about your privacy or security on the Services, please email us at email@example.com and include your name and address in the message or write to us at: GoSpotCheck, Inc., Attn: General Counsel, 1500 Market St., Denver, CO 80202.
Effective date: April 19, 2018.