Privacy (original) (raw)

Your Rights and Choices

Communication Preferences and Opt-outs

If you have subscribed to one or more of our email newsletters or are receiving marketing emails from us and you don’t want them anymore, you can unsubscribe. Follow the instructions contained in the email message to opt-out of receiving future messages of that type. However, you cannot unsubscribe from some service related messages ("operational emails") so long as you maintain an account with Springshare Services.

Access, Correction, and Erasure, Right to limit use, and to limit disclosure

You may request to review, correct or delete the personal information that you have previously provided to us through the Springshare Services. For requests to access, correct or delete your personal information, please send your request along with any details you may have regarding the method by which the information was submitted to privacy@springshare.com. Requests to access, change, or delete your information will be addressed within a reasonable timeframe.

To help protect your privacy and security, we will take reasonable steps to verify your identity, such as requiring a username or userID, or password, or other types of verification before granting access to or removing your information. In cases where we are acting as a processor of personal data for our Customer, we may first refer your request to the Customer that submitted your personal data. We will assist our Customer as needed in responding to your request, as further described below under Springshare Services-Customer Data.

In accordance with the Data Privacy Framework, EEA, UK and Swiss residents whose personal information is collected may have a right to access personal information regarding them, and to limit use and disclosure of their personal information or to object to their personal data being used for any purpose materially different from the purposes disclosed to them or stated within this Privacy Policy. Springshare will provide the said data to EEA, UK and Swiss residents upon request and will comply with any requests to limit use of their personal information.

Please contact privacy@springshare.com for more information about exercising these rights.

Data Retention and Deletion

If you request to delete your personal information, we will endeavor to fulfill your request but some personal information may persist in backup copies for a certain period of time and may be retained as necessary for legitimate business purposes or to comply with our legal obligations. Springshare's policy is to keep backups of Springshare Services data for 35 days, after which the original customer data older than 35 days is permanently deleted from Springshare servers. Springshare may retain your information for a period of time consistent with the original purpose of collection, and for a reasonable time thereafter in accordance with applicable law. We also may retain your information during the period of time needed for Springshare to conduct audits, comply with our legal obligations, resolve disputes and enforce our agreements.

Cross-border transfers of personal information

Springshare Services are hosted in data centers located in several regions around the world. Every region operates independently of one another, and we use all reasonable efforts to host the Springshare Services and Customer Data in their respective home regions. Springshare Services are currently hosted in four (4) regions - United States, Canada, Australia, and European Union. If, during the course of conducting normal business of providing Springshare Services, we transfer your information to a recipient in a country outside your respective home region, we will ensure that at least one of the following applies: (i) the transfer will be to countries deemed to provide an adequate level of protection for personal data by your respective governing body (such as European Commission); (ii) we have used specific model contracts (for example, those approved by the European Commission) intended to give personal data the same protection it has in its home region; (iii) where we use providers based in the US, we may transfer information to them if they are part of the Data Privacy Framework which requires them to provide similar protection to personal data shared between the Europe and the US; or (iv) any alternative transfer mechanism that lawfully supports the transfer under the GDPR or similar law in your home region.