Spreedly is a service that offers a single API and secure credit card tokenization that allows you to integrate to over 120 gateways around the world. We value and respect your privacy and will take all reasonable steps to protect your and your customers’ personal information. This Privacy Policy will help you understand what personal data Spreedly collects and how we collect, hold, use and disclose that information as well as the purposes of such collection and disclosure.
This Privacy Policy applies to www.spreedly.com, all subpages, our blog (together, the “Website”) and all software and services that we offer through our Website. This Privacy Policy does not apply to any website, service or product of any third-party even if such third party links to or is linked from our Website. We do not control or operate those websites, services or products and assume no responsibility for them. You should carefully review the privacy policies of such third party websites, services or products before deciding whether to provide any personal information.
We collect information in several ways: (i) when you send us an e-mail or communicate via any other electronic means we will store the address and the conversation history; (ii) when you register via our Website we will collect and store certain personal data that may include your address, phone numbers, credit card numbers, IP address, location, information about your computer or device and other standard web log information; (iii) when a customer uses a checkout process on a merchant’s website that is integrated to Spreedly, we will gather and may store payment card data, billing details and other personal data required to process the transaction.
We refer to the information we collect generally as “personal information”, which includes any information that can be used to identify and individual, or any anonymous information that is linked to a specific individual. Any information that is aggregated or becomes anonymous such that it cannot be reasonably associated with an individual shall not be considered personal information.
The types of personal information we collect and our use of that personal information will depend on whether you are a website user, merchant or end customer.
When you browse our Website, you will not be required to provide any personal information. We may, however, gather non-personally-identifiable information solely for the purposes of monitoring our Website and the services that we offer through it.
When you visit our Website we offer you the opportunity to sign-up for a free test account that gives you the ability to integrate to our API and run test transactions in our sandbox environment before you commit to purchasing a paid subscription plan. As part of this process, we may collect your IP address, information about your computer, and other standard web log information. We will also collect your email address and other personal information that we may use to update you about your account with Spreedly and our service generally.
When you sign-up for a paid production account, in addition to the information above, we require you to provide a valid credit card and contact email. We will only use this information to ensure that your Spreedly account remains in good standing until you elect to terminate your subscription.
Once you begin using the Spreedly service for production transactions, we will keep records of your transactions and collect information of your other activities related to our service.
When a merchant using Spreedly’s service collects payment information from you, they will collect personal information from you and pass it to us. This personal information includes your payment card or bank account information, and may include your email address, phone number, and billing and shipping address. When you use a merchant’s website to store your payment card details for future use, we will use the personal information you provide to the merchant to store those card details.
We may collect information about your computer (including your IP address), operating system and browser type, for system administration purposes.
We may also obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website, deliver a better and more personalized service, look for possible fraudulent activity, and to be better understand the sources of traffic to our Website.
You may elect to refuse to disable cookies by activating the appropriate setting on your browser. Unless you have adjusted your browser setting so that it will refuse cookies, our system will automatically issue cookies when you log on to our Website.
Special information for California residents and cookies from one of our processors can be found here.
Our Website and the services we offer are directed to the general public, but are not directed at persons under the age of 13. We do not knowingly collect information from children under 13 years of age nor do we have any reasonable grounds for believing that children under the age of 13 are accessing our Website or using our services. If we do learn that we have inadvertently collected personal information from a child under the age of 13, we will promptly delete that information. If you believe that we may have collected any information from a child under 13 years of age, please contact us.
Spreedly uses the information we collect for the following general purposes including products and services provisioning, billing, identification and authentication, service improvement, contact, and research.
We may occasionally email you with information about new service. You may opt out of these emails by clicking on the unsubscribe link contained in such communications or by replying with unsubscribe in the subject line. Please note that you will continue to receive communications about your Spreedly account including billing invoices and usage notifications.
We are not allowed to disclose personal information without your written permission and will never sell or rent your personal information to marketers.
Certain information collected about you and your customers may be shared with third parties within the context of providing Spreedly services. These third parties may include our agents, related body corporates, contractors, financial institutions, payment processors, fraud services, and any third parties that you have directly authorized to receive your personal information. We may store personal information with third parties in locations outside our direct control, for example on offsite servers or databases. Some of the third parties to whom we disclose your personal information may be located outside your country of residence. By visiting our Website or using our service, you acknowledge that we may share payment transaction data and related information with third parties to the extent necessary to process transactions via the Spreedly service. The use of personal information by such third party will be subject to their applicable privacy policy, which we recommend you carefully review.
In certain circumstances we may be required to disclose personal information to government officials, law enforcement or other third parties: (i) in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Spreedly's terms of use, or as otherwise required by law; (ii) if we are compelled to do so by subpoena, court order or other legal process; or (iii) if we are required to do so to comply with any law, statute, or set of rules or regulations.
We will only disclose personal information in response to a request if we believe in good faith that it is necessary to comply with any applicable law or legal requirement. We will use reasonable efforts to provide you prompt notice prior to such disclosure so that you can contest the requirement if you choose unless we determine in good faith that: (i) we are not permitted to provide you such notice under any applicable law; or (ii) giving such notice would result in an imminent risk of death, serious injury or significant property loss or damage to Spreedly or a third party.
In the event Spreedly is acquired by or merged with another company or enters into a reorganization, bankruptcy or any other similar event then we may also transfer any personal information to our success or assign. In this event, we will notify you by email or by putting a prominent notice on the Website before any personal information is transferred and becomes subject to a different privacy policy.
Personal information we collect and use for any purpose or purposes shall not be retained for longer than is necessary for that purpose or those purposes.
Spreedly owns the data storage, databases and all rights to the Spreedly application, but we make no claim to the rights of your data. You retain all rights to your data and we will never contact your clients directly, or use your data for our own business advantage or to compete with you or market to your clients.
To offer our service we are required to retain certain data you provide us to ensure transactions are processed correctly, to identify fraudulent activity, and to comply with applicable laws and regulations. Accordingly, even if you close your Spreedly account and we export your data to a third party, we will retain certain information as necessary to meet these obligations.
Spreedly sits in a unique position, seeing credit card transactional data from a wide range of global credit cards running across a diverse set of financial payment providers. In an attempt to help improve the performance of payment networks, Spreedly may aggregate credit card transactional information and may sell that aggregated data to interested third parties.
"Interested third parties" are customers of our data as a service (DaaS) offering. They are typically focused on comparing their experience of credit card transaction service (specifically, success and decline rates and gateway latency) to the industry overall, with an eye to reducing decline rates and thus improving the payment experience for all involved. By "aggregated data" we mean data collected at the gateway level across all merchants transacting through that gateway.
We DO NOT collect or share any personal identifying information of any individual (such as name, address, credit card or social security number, or other identifiers), any data concerning any Spreedly merchant customer, or any type of Stock Keeping Unit identification code or other information that indicates what product or service was purchased.
The security of your personal information is important to us. We take all reasonable steps and follow generally accepted industry standards to ensure that the personal information we hold is protected from misuse, interference, loss, unauthorized access, modification or disclosure by the use of various methods including access limitation, and industry-standard Transport Layer Security (TLS) encryption technology.
We take all reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete, up-to-date, relevant and stored securely. Security safeguards include data encryption, firewalls, and physical access controls to building and files. Spreedly’s systems are certified as Level 1 PCI compliant and all data retention and credit card information is maintained in accordance with the PCI standards as determined by the PCI Security Standards Council.
You are responsible for the use and safeguarding of any login ID that we issue to you regarding the use of the Website or our service and any associated passwords. It is important for you to protect against unauthorized access to your login ID and password, to other sensitive data regarding your account with us, and to your computer and systems.
Spreedly provides some or all of its service from systems located outside of Europe. Accordingly, any European merchants and/or merchants collecting information from European persons by using Spreedly’s service must disclose to their customers that personally identifiable information may be transferred, processed and stored outside of Europe.
Spreedly maintains strict administrative technical, and physical procedures to protect information stored in our servers, which are located in the United States, and access to personal information is limited to only those employees who require it to perform their job functions.
No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
If you have any questions about security on our Website, you can send email us at support@spreedly.com.
Spreedly, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce (“Data Privacy Framework”). Spreedly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Spreedly has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. Learn more about the Data Privacy Framework (DPF) program, and view our certification here.
Inquiries & Complaints
In compliance with the Data Privacy Framework, Spreedly Inc., commits to resolve complaints about your privacy and our collection or use of your personal information. European Union, UK or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Spreedly at support@spreedly.com.We will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of personal information. If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using JAMS as a third party resolution provider.
For more information on filing a complaint with JAMS, please visit: https://www.jamsadr.com/dpf-dispute-resolution.
We reserve the right to modify this privacy statement at any time, so please review it occasionally to ensure you're still in agreement with its provisions. If we make material changes to this policy, we will notify you here or by means of a notice on our Website so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. You agree that electronic disclosures and notices have the same meaning and effect as if we had provided you with a paper copy.
If you have any questions about this Privacy Policy or would like to access or seek correction of your personal information, or if you have any complaints regarding our privacy practices, please contact us at support@spreedly.com.
Merchants can correct their personal information by logging into their Spreedly account and updating their account information. For all other corrections please contact us at support@spreedly.com.
Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
- The right to request confirmation of whether Spreedly processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
- The right to request that Spreedly rectifies or updates your Personal Data that is inaccurate, incomplete or outdated;
- The right to request that Spreedly erase your Personal Data in certain circumstances provided by law;
- The right to request that Spreedly restrict the use of your Personal Data in certain circumstances, such as while Spreedly considers another request that you have submitted (including a request that Spreedly make an update to your Personal Data); and
- The right to request that we export to another company, where technically feasible, your Personal Data that we hold in order to provide Services to you.
- Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.
In order to exercise your data protection rights, you may contact Spreedly support. We take each request seriously. We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.
If you are a Customer of a Spreedly Customer please direct your requests directly to them. For example, if you are making, or have made, a purchase from a merchant using Spreedly, and you have a request that is related to the payment information that you provided as part of the purchase transaction, then you should address your request directly to the merchant.
This Privacy Policy was last updated on January 10, 2024. As our service continues to evolve, we may update this policy so please check back frequently.
Contact Us and we'll get your questions answered.
Last modified: May 1, 2024
Introduction
We at Spreedly, Inc. and our affiliates (collectively “we” “us” or “our”) respect your privacy and are committed to protecting it through our compliance with this Policy.
This Policy describes the types of information we may collect from you or that you may provide when you visit our websites at spreedly.com (collectively our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information.
When This Policy Applies
This Policy applies to information we collect:
- On this Website.
- In email, text, and other electronic messages between you and this Website.
- When you contact us by calling the general office or toll-free telephone numbers listed on our Website or by emailing us at the general company email addresses listed on our Website (such as support@spreedly.com).
- When you interact with marketing email messages you receive from us.
- When you interact with our advertising and applications on third-party websites and services.
When This Policy Doesn't Apply
If you or your organization has registered to use one of our online, web-based payment services, this Policy does not apply to any information collected or processed by us in connection with your or your company’s use of such services; you will need to refer to our contract with your organization for information about our policies and practices for collecting and processing information in connection with your organization’s use of such services.
This Policy does not apply to information collected by:
Any third party (other than our own service providers acting on our behalf), including through any application or content (including advertising) offered by such third parties that may link to or be accessible from or on our Website.
Important Information – Please Review Carefully
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, you can choose not to access or use our Website. By accessing or using this Website, you agree to this Policy. This policy may change from time to time. When we make changes to this Policy, we will post the updated Policy on our Website and update the Policy’s “last modified” date. Your continued use of our Website after we make changes is deemed to be acceptance of those changes.
Please note that if you are usually resident in the European Economic Area or the United Kingdom, this Policy is supplemented with the section below titled “European Users” which does not apply if you are usually resident elsewhere. In the event of any conflict between the terms of this Policy and the section “European Users”, the latter shall prevail with respect to our processing of Personal Information of European Users.
Information We Collect About You and How We Collect It
Personal Information We Collect - Generally
We may collect several types of information from and about users of our Website and certain other individuals we interact with in the course of our business (as described in the section above titled “When This Policy Applies”). This information may include information by which individuals may be personally identified or other information about an individual to the extent maintained in personally identifiable form (collectively “Personal Information”). Specifically, we (or our third-party service providers acting on our behalf) may collect the following from you:
- Personal identifiers and contact information, such as your name, postal or billing address, email address, telephone number (including mobile telephone number), and the IP Address or Mobile Device ID of the computer or device used to access and use our Website (“Identifiers”).
- The name and contact information of your company or organization.
- The Technical Information described in the section below titled “Traffic, Usage, and Computer/Device Information.”
- Information related to Internet or other similar network activity, including browsing history, search history, information on your interaction with our Website or on your interaction with advertisements on our Website or other websites (“Internet Activity”).
- Inferences drawn from the information described above that we use to create a profile about you reflecting your preferences, patterns, and behavior (“Inference Data”).
- Any other information (including Personal Information) you choose to provide in any forms or messages submitted by you to us or to others through our Website or using the contact information provided on our Website.
Personal Information We Collect – Submitting Job Applications Through our Website
If you submit a job application through our Website (“Job Applicant”), we may also collect the following:
- Your employment and education background, history, and experience, including a copy of your resume and any cover letter that you may choose to submit to and through our Website.
- Your general location (city, state, and country).
- Links to your personal social media URLs and any other website URL you choose to provide.
- Your work authorization information.
- Information about your interest in and how you learned about the job for which you are applying.
- On an entirely voluntary, optional basis should you choose to provide it (as described in detail in the job application submission form), demographic survey information such as your age range and your identified ethnicity and gender.
- Any other information you choose to submit with your job application through our Website.
Sensitive Personal Information
Except as expressly described above in the section titled “Personal Information We Collect – Submitting Job Applications Through our Website” (regarding collection of ethnicity information submitted by Job Applicants to us on a voluntary, optional basis), we do not knowingly collect sensitive Personal Information about you, such as government-issued identifying numbers; financial account details; precise geolocation information; information about your racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of your mail, email, or text messages unless we are the intended recipient of the communication; genetic data; biometric information for the purpose of uniquely identifying you; information concerning your health; or information concerning your sex life or sexual orientation (collectively, “Sensitive Personal Information”). In the event that we do at any time collect any such Sensitive Personal Information, we will use such information on a limited basis only (i) as necessary to perform those services that would be reasonably expected in response to your outreach or request of us; (ii) for purposes of helping to ensure security and integrity to the extent the use of such Sensitive Personal Information is reasonably necessary and proportionate for these purposes; (iii) for short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with us, provided that the Sensitive Personal Information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside your current interaction with us; (iv) as a service provider to another business performing services on behalf of that business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business; (v) for purposes of undertaking activities to verify or maintain the quality or safety or a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us; or (vi) as otherwise permitted by applicable law and regulations.
How We Collect Information
With the exception of your Technical Information and Internet Activity (which we or our third party service providers collect automatically as you navigate through or interact with our Website, as described below in the section titled “Traffic, Usage and Computer/Device Information”), or your Inference Data (which is derived from the other information collected about you, as described above), generally we collect Personal Information directly from you when you provide it or submit it to us directly such as in connection with registering to obtain additional information from us (such as signing up to receive our e-newsletter or other marketing and promotional information about us or our products and services), related to our products and services, responding to a voluntary survey you have agreed to complete, contacting us for service inquiries or reporting a problem with our Website, submitting a job application through our Website, otherwise submitting an inquiry to us using the contact methods provided on our Website, or otherwise contacting us about our Website or our business.
Traffic, Usage and Computer/Device Information
Additionally, as you navigate through and interact with our Website or interact with the emails, texts and other electronic messages we send to you, we or our third party service providers may automatically collect certain traffic data, usage information, and information about your computer equipment or mobile device, such as your browser and operating system, your wireless carrier, configuration data, clickstream analytics and your actions and patterns when you use our Website (“Technical Information”). The technologies we use for this automatic data collection may include cookies that are stored on the browser of your computer or mobile device, small embedded electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) and other types of embedded code. We collect this information to manage our content and improve users’ use of our Website; count and review the number of users of our Website and their usage patterns; to track key performance indicators such as pages accessed, frequency of access, conversions (the number of users who click on our advertisements and then go on to make a product purchase) and other statistical information related to our Website (for example, recording the popularity of certain content and verifying system and server integrity); to identify the portion of users who access our Website via different web browsers; to recognize if a user is a return user of our Website; to store information about a user’s visits; to remember a user’s preferences; and for similar purposes in connection with monitoring, operating, maintaining and improving our Website. European Users should note that we will always seek your prior consent where legally required before collecting your Traffic, Usage and Computer/Device Information (see Section - European Users and Cookies below).
Third parties may also collect Technical Information and other information on our behalf as further described in the sections below titled “Use of Google Analytics,” and “Tracking and ‘DO NOT TRACK’.”
Cookie Policy
For more information about our placement and use of cookies and to adjust your cookie settings and preferences please also refer to our Cookie Policy at here.
How We Use Your Information
Generally
We may use the information we collect about you or that you provide to us, including Personal Information, to:
- Provide our Website to you.
- Provide you with the information you request from us.
- Authenticate or otherwise verify your identity in connection with your requests and inquiries via our Website or otherwise.
- Provide you with support and respond to your inquiries and support requests relating to our Website, including to investigate and address your concerns and to monitor and improve our responses.
- If you are a Job Applicant, collect and process your application for a position with us and contact you in connection with such application.
- Update and maintain email or mailing lists (such as our email lists to receive newsletters or alerts by email).
- Carry out the advertising, promotional and marketing purposes as described in the section below titled “Use of Personal Information for Marketing Purposes.”
- Help maintain the safety, security, and integrity of our Website, databases and other technology assets and our business.
- Create a profile about you reflecting your personal preferences, patterns, and behavior.
- Notify you about changes to our Website, products, and services.
- With respect to pseudonymized, aggregated and de-identified information, fulfill the purposes described in the section below titled “Use and Disclosure of Pseudonymized, Aggregated and De-Identified Data.”
- With respect to Technical Information, fulfill the purposes described in the section above titled “Traffic, Usage and Computer/Device Information.”
- Respond to lawful requests for information through court orders, subpoenas, warrants and other legal processes or obligations.
- Enforce any contracts between you and us, including for billing and collection, or for the establishment, exercise, or defense of legal claims.
- Evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which information (including Personal Information) held by us is among the assets transferred.
- Fulfill any other purpose for which you provide the information.
- Serve any other purpose that we describe when you provide the information and for any other purpose with your consent.
Use of Personal Information for Marketing Purposes
We may use your information (including Personal Information) for advertising, promotional and other marketing purposes in various ways. This includes using your information (including Personal Information) in the following ways:
- Providing you with informational and promotional content and materials regarding our Website and our own products and services, such as advertising and promotional information about our products and services.
- Personalizing your Website experience and delivering content and promotional information related to your interests, including by delivering personalized email content to you or by displaying targeted offers and ads to you on our Website and third-party sites that you visit and on which we place (or our third-party service providers place on our behalf) such ads.
If you do not want us to use your information in this manner, see the section below titled “Your Rights and Choices” for more information about how to opt out of such uses. European Users are directed to the Marketing section of the European Users section below for rules which are specifically applicable to them.
Use and Disclosure of Aggregated or De-Identified Data
We may convert or combine some Personal Information of users into de-identified or aggregated data that does not disclose any of the Personal Information of any individual user. As an example, we may de-identify or aggregate information provided by or collected about you and other visitors to our Website to generate aggregate trends or insights about the behavior of visitors to our Website generally that may be shared (including for commercial purposes) with third parties. You understand and agree that we may use and disclose to third parties any such de-identified or aggregated data for any lawful purpose.
Tracking and “DO NOT TRACK”
Tracking involves the use of cookies, web beacons, or other embedded code or tracking technologies to collect, analyze and store information on a user’s behavior over time on multiple sites, including information on the sites visited, products viewed, products purchased and other online interactions. Tracking information can be used to enable companies to make interest-based (behavioral) advertising available to users on multiple sites that they visit.
We may (or our third-party service providers may on our behalf) collect Personal Information about your online activities over time and across third-party sites for tracking purposes when you use our Website. However, we do not currently allow third parties to collect Personal Information through or using our Website that could be used by them to analyze and store information about your online activities over time and across third-party sites for their own tracking purposes (separate and apart from any services they provide to us in support of our permitted uses of your Personal Information as described in this Policy).
Our Website does not respond to any “do not track” signals sent by your computer, browser, or mobile device, and if your computer, browser, or mobile device sends a “do not track” signal to our Website, our Website will not treat you differently from users who do not send such signals. For more information on how to disable certain tracking technologies, please refer to the documentation for your particular web browser.
European Users should note that we will always seek your prior consent where legally required before tracking is conducted (see Section - European Users and Cookies below).
Use of Microsoft Advertising
We use certain Microsoft Advertising services in connection with our Website, including the Universal Event Tracking (UET) features offered to leverage remarketing capabilities in paid search advertisements. In connection with such services, Microsoft may collect or receive your Personal Information in connection with your access to and use of our Website, and Microsoft may on our behalf engage in individual end user tracking for the types of advertising and marketing purposes described in this Policy. More information about Microsoft’s policies and practices for handling Personal Information is available via Microsoft’s Privacy Statement, available online here: privacy.microsoft.com/en-us/privacystatement.
Use of Google Analytics
We use Google Analytics to track and analyze certain traffic and usage statistics regarding the use of our Website, such as the number of visitors to our Website, how visitors are navigating to our Website, visitors’ general geographic region information, how long individuals are visiting our Website, and information about the equipment individuals are using to access our Website (e.g., browser version and operating system). Google Analytics may use a Google Analytics cookie as part of this service, and we may share certain Personal Information with Google Analytics as part of this service. We use this traffic and usage information to gauge, internally, the effectiveness of our advertising efforts and to make improvements to our Website and our marketing and promotional efforts.
In addition, we may use the following Google Analytics Advertising Features:
- Remarketing
- Google Display Network Impression Reporting
- Google Analytics Demographics and Interest Reporting
- Google Ads (as an integrated service with Google Analytics)
By enabling these features, we and certain third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together for various purposes. The information collected includes demographic information about our Website visitors and general information about our visitors’ interests. We use the information collected through our use of the Google Analytics Advertising Features to track our Website visitors’ patterns and behavior, segment our audience and to better target our advertising and marketing efforts (for our own and others’ products and services) and allow third-party vendors to do the same, for example to (1) display targeted advertisements to individuals who viewed a website but did not complete a contact form, (2) target visitors from a certain geographic region with certain ads in Google search results that have previously shown a high degree of success for consumers in that region, (3) advertise our products and services across other websites that you may visit, or (4) allow Google or other third-party vendors to show you ads on websites that you visit after using our Website or clicking on an offer or ad in one of our emails or in our Website.
For more information, please review the following:
- Information about Google’s use of cookies: policies.google.com/technologies/cookies?hl=en-US
- Information about Google’s use of information from sites or apps that use Google’s services: www.policies.google.com/technologies/partner-sites
You can opt out of our use of certain Google Analytics features by updating the “Ads Settings” in your browser or mobile device (support.google.com/My-Ad-Center-Help/answer/12155656), by enabling the Google Analytics Opt-out Browser Add-on in your browser (tools.google.com/dlpage/gaoptout). Because those opt-out and preference control pages are specific to the individual browser used to visit it, and because those pages are not operated by us, we are unable to perform the opt-outs on your behalf.
European Users are directed to the Sections - European Users.
Disclosure of Your Information
Generally
We may share your Personal Information with third parties in the following circumstances:
- We may disclose Personal Information to our affiliates or to any contractors and other service providers who need to know such information (or such contractors, service providers or other third parties may collect Personal Information directly from you on our behalf while you use our Website) to provide services to us that support our hosting, maintenance, operation and promotion of our Website and our permitted uses of Personal Information under this Policy. For example, we may use a third party cloud-hosting infrastructure service provider (e.g., Amazon Web Services, Google Cloud or Microsoft Azure) to store certain of your Personal Information securely, we may use a provider of customer relationship management and/or an email marketing software solution offered by a third party service provider to organize and track our communications with you, we may use a third party service provider to collect job applications through our Website (e.g. Lever), we may use certain third-party advertising service providers (such as LinkedIn, Google Ads and Microsoft Advertising), and we may use Google Analytics in connection with our Website as described above in the section titled “Use of Google Analytics.”
- We currently use Lever, a talent management software platform, to collect job applications through our Website. If you would like more information about Lever’s privacy practices, you can learn about them here: www.employinc.com/privacy/.
- We may disclose Personal Information to (or permit Personal Information to be collected on our Website by) certain third parties as described in the section above “Tracking and Do Not Track.”
- We may disclose Personal Information to a buyer or other successor to our business in the event of a sale of equity or assets, reorganization, merger, or a similar corporate transaction, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, and in connection with any due diligence review with respect to any such proposed transaction.
- We may disclose Personal Information to comply with any court order, law, or legal process, including to meet national security and law enforcement requirements and to respond to any government or regulatory request or audit.
- We may disclose Personal Information to enforce or apply any legal agreements between us and you, or if we believe disclosure is necessary or appropriate to protect the rights, property or safety of our customers or others.
- We may also disclose your Personal Information for any purpose disclosed when the information is provided, and for any other purpose with your consent.
We may disclose Technical Information and all forms of Personal Information for each of the purposes described above, including but not limited to your Identifiers, Internet Activity, and Inference Data.
Our accountability for European Personal Information (as defined below) that we receive in the United States under the Data Privacy Frameworks (as defined below) and subsequently transfer to a third party is described in the DPF Principles (as defined below). In particular, we will remain responsible and liable under the DPF Principles if third parties we engage to process European Personal Information on our behalf do so in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage. For more information about the Data Privacy Frameworks, please see the section below titled “Users Outside of the United States.”
No Sales of Personal Information
We do not sell, and in the past 12 months we have not sold any Personal Information to third parties.
Retention of Your Information
We will retain your Personal Information for no longer than is reasonably necessary to achieve the legitimate business purposes or uses stated in this Policy unless a longer retention period is required or allowed by the applicable privacy law or to otherwise fulfill a legal requirement. We use the following criteria to determine the applicable period to retain your Personal Information:
- the original purpose for our collection and processing of your Personal Information.
- the nature of your Personal Information.
- our legal and/or contractual obligations to keep or delete your Personal Information.
Your Rights and Choices
You have certain choices regarding the Personal Information you provide to us. You can set your browser to refuse all or some browser cookies. If you choose not to accept cookies, you may be unable to access certain parts or pages of our Website, or certain parts or features of our Website may not function properly.
If you do not wish to have your Personal Information used by us to contact you for marketing purposes, you can opt out (1) by sending us an email with your request to support@spreedly.com, and (2) with respect to marketing communications by email, by clicking on the “Unsubscribe” or similar link in the most recent email you received from us and by following the prompts that appear. This opt-out does not apply to information provided as a result of a product purchase, customer service or support service inquiry or other informational or transactional communications (e.g., an order confirmation or response to a specific inquiry or request you have made to us).
Please also refer to the sections above titled “Use of Google Analytics” for more information regarding opting out of certain Google Analytics features used on and in connection with our Website.
Accessing, Correcting and Deleting Your Information: Generally
The laws of various US states (including, but not limited to, the California Consumer Privacy Act of 2018 (as amended to date, the “CCPA”)) and the laws of certain countries outside of the US give individuals rights to review, correct, or request the deletion of certain portions of such individuals’ Personal Information. Except with respect to Personal Information of European Users, as specifically described below in the section titled “European Users: Your European Privacy Rights,” the following additional information applies with respect to such requests:
- You may request that we disclose to you certain information about (and, if requested, to receive a portable copy of) the Personal Information about you that we have collected and used in the past 12 months (a “Request to Know”). You may also request that we correct, update, or modify the Personal Information about you that we have collected or that we maintain (a “Request to Correct”). You may also request that we delete the Personal Information about you that we have collected or that we maintain (a “Request to Delete”). You may submit a Request to Know, Request to Correct, or a Request to Delete by sending us an email stating your request to support@spreedly.com or by calling us toll-free at 1-888-727-7750. Regardless of the method you use to contact us, please indicate in your communication that you are making a Request to Know, Request to Correct, or a Request to Delete.
- Upon receipt of your Request to Know, Request to Correct, or Request to Delete, as part of our security measures and as required by law, we will take steps to verify your identity in order to confirm that the person making the request is actually the person about whom we have collected Personal Information (i.e., that the “you” making the request is actually you). We will verify your identity and confirm your request by asking you to confirm and verify certain Personal Information we already have on file for you.
- We will use reasonable endeavors to accommodate verifiable Requests to Know, Requests to Correct, and Requests to Delete submitted in the manner described above within a reasonable timeframe after receiving such requests. In any event, we will comply with your Request to Know, Request to Correct, and Request to Delete to the extent and in the manner required by applicable law, but we may deny a request, in whole or in part, to the extent an exception applies under (or as otherwise permitted by) applicable law, including (where applicable) the CCPA. For example, we cannot and will not comply with a Request to Know, Request to Correct, or a Request to Delete if we cannot reasonably verify your identity in connection with your request.
- You may also designate an authorized agent to make a Request to Know, Request to Correct, or Request to Delete on your behalf. To designate an authorized agent to act on your behalf, you or your authorized agent must submit proof that either (1) such agent has actually been authorized in writing to act on your behalf, or (2) you have provided the authorized agent with power of attorney under the applicable laws in your jurisdiction. You may submit such proof by emailing us at support@spreedly.com. If a duly-designated authorized agent makes a Request to Know, Request to Correct, or Request to Delete on your behalf, we will still require you to verify your own identity using the process described above, unless an exception applies under applicable law in your jurisdiction (for example, you have submitted verifiable proof to us that you have provided the authorized agent with power of attorney).
No Differential Treatment
If you choose to exercise any of the rights described in the section titled “Accessing, Correcting and Deleting Your Information: Generally,” you will not receive differential treatment by us as a result (e.g., different prices or quality of services), except to the extent permitted by applicable law (including if those differences are reasonably related to the value of your Personal Information).
Opt-Out of Data Sharing / Targeted Advertising
In certain cases, our disclosure of your Personal Information to third parties may constitute “sharing” as such term is defined under the CCPA, or our uses of Personal Information may include uses for the purpose of serving targeted advertisements to you as defined under the laws of other states. Specifically, we may share your Technical Information and/or Internet Activity with certain third-party advertising services providers (or such third-party advertising service providers may collect your Technical Information and/or Internet Activity directly on our behalf), including for the purposes of issuing personalized and/or behavioral advertisements to users across distinctly branded websites, applications, or services other than our Website. Please note that our Personal Information sharing practices do not involve either (1) the sharing of any Sensitive Personal Information or (2) the sharing of information about individuals we know are under the age of 16.
The CCPA permits California residents to “opt-out” of the “sharing” (as such term is defined under the CCPA) of their Personal Information. If you are a California resident and would like to exercise such “opt-out” right, please send an email to support@spreedly.com or otherwise contact us using the information set forth below. Please mention that you are making a “CCPA Sharing Opt-Out” request.
Additionally, the laws of certain other states permit residents of such states to “opt-out” of the use of Personal Information for targeted advertising purposes. If you are a resident of such a state and would like to exercise such “opt-out” right, please send an email to support@spreedly.com or otherwise contact us using the information set forth below. Please mention that you are making a “Targeted Advertising Opt-Out” request.
California “Shine The Light” Disclosure
The California Civil Code permits California residents with whom we have an established business relationship to request that we provide a list of certain categories of Personal Information that we have disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make such a request, please send an email to support@spreedly.com or otherwise contact us using the information set forth below. Please mention that you are making a “California Shine the Light” inquiry. Please note, however, that we do not currently disclose any Personal Information to third parties for their direct marketing purposes.
Nevada Residents: Sale Opt-Out Rights
Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to this designated address: support@spreedly.com. Please mention that you are making a “Nevada Sale Opt-Out Right” request. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
Users Outside of the United States
Generally
Our Website is hosted in the United States and is provided from the United States. It is possible that certain information will be stored on servers in multiple other countries on the “cloud” or other similar distributed hosting platforms. If you are accessing our Website from Canada, the European Economic Area and the United Kingdom, Asia or any other jurisdiction with laws governing personal data collection, use, and disclosure that differ from United States laws, please note that by using our Website and providing your Personal Information to us through our Website you are expressly and knowingly consenting to the transfer of your Personal Information from your home country to the United States (where laws may differ from the laws of your jurisdiction) and you acknowledge our use of such Personal Information in accordance with this Policy.
European Users
If you are a user accessing and using our Website from one of the European Economic Area countries, Switzerland, or the United Kingdom (collectively, the “European Countries” and such users the “European Users”), please read this section carefully for more information about our collection, processing and transfer of your Personal Information and your rights related to such activities. For the purposes of applicable data protection laws in the European Countries, we act as controller for the Personal Information we process about you as further described in this Policy.
A. Legal Basis for Processing
If you are a European User, we have the legal right to collect, process, use, and retain your Personal Information (“European Personal Information”) in the ways described in this Policy, based on your consent, the need to use your European Personal Information to provide you with goods or services that you have requested and/or our legitimate interests in furthering our existing relationship with you or preventing fraud. Accordingly, generally you have a contractual rather than a statutory obligation to provide such information. If you do not provide such information, you may be unable to use our Website and we may be unable to provide any products or services that you request.
B. Data Privacy Frameworks Certification
If you are a European User, please note that governing bodies in your respective jurisdictions have determined that the laws of the United States do not provide adequate protection for your Personal Information. Accordingly, we are transferring your Personal Information from such jurisdictions to the United States under the terms of our certification with the U.S. Department of Commerce under the EU-US Data Privacy Framework (the “EU-US DPF”), the UK Extension to the EU-US DPF (the “UK Extension”), and the Swiss-US Data Privacy Framework (the “Swiss-US DPF” and, together with the EU-US DPF and the UK Extension, collectively, the “Data Privacy Frameworks”).
We comply with the Data Privacy Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of European Personal Information from the European Countries to the United States, and we follow internal procedures for verifying that our commitments under this Policy have been implemented. We have certified to the US Department of Commerce that we adhere to the EU-US Data Privacy Framework Principles (the “EU-US DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension. Likewise, we have certified to the U.S. Department of Commerce that we adhere to the Swiss-US Data Privacy Framework Principles (the “Swiss-US DPF Principles” and together with the EU-US DPF Principles, collectively, the “DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this Policy and data subject rights under the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Frameworks, and to view our certification page, please visit www.dataprivacyframework.gov/. Our compliance with the DPF Principles can be investigated and enforced by the United States Federal Trade Commission.
Pursuant to the Data Privacy Frameworks, European Users have the right to obtain our confirmation of whether we maintain their European Personal Information in the United States. Upon our receipt of your request by email at support@spreedly.com and our verification of your identity, we will advise you whether we process European Personal Information concerning you and, if so, will provide you with access to the European Personal Information that we hold about you. You may also correct, amend, or delete any such European Personal Information that is inaccurate or incomplete or where it has been processed in violation of the DPF Principles. We will respond to all such requests within a reasonable timeframe.
Subject to certain exceptions under applicable law, you may choose to “opt out” of our disclosure of your European Personal Information to third parties or our use of your European Personal Information for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by you; provided, however, that such right will not apply to our disclosures to third parties acting as an agent to perform tasks on our behalf and under our instruction. You may exercise such right by submitting a written request to support@spreedly.com. We will not disclose your European Sensitive Information (as defined below) to third parties or use your European Sensitive Information for a purpose different from the purpose for which it was originally collected or subsequently authorized by you without your express affirmative consent (i.e., “opt in”). However, please note that we do not currently collect, store or process any European Sensitive Information in connection with your use of our Website or our other activities covered by this Policy, excepting only our processing of ethnicity information submitted on a voluntary, optional basis by Job Applicants, as described above in the sections titled “Personal Information We Collect – Submitting Job Applications Through our Website” and “Sensitive Personal Information.”
C. Complaints
In compliance with the Data Privacy Frameworks and DPF Principles, we commit to resolve complaints about your privacy and our collection or use of your European Personal Information transferred to the United States pursuant to the Data Privacy Frameworks. European Users with inquiries or complaints regarding our Data Privacy Frameworks policy should first contact us directly at privacy_inquiries@jdxpert.com.
We have further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, JAMS, an alternative dispute resolution provider based in the United States. For more information on Filing a complaint with JAMS, please visit: https://jamsadr.com/dpf-dispute-resolution.
If your Data Privacy Framework complaint cannot be resolved through the above channels, under certain conditions you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See www.dataprivacyframework.gov/ for more information about binding arbitration or other enforcement rights that may be available to you.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority in your country of residence. If you are usually resident in the European Countries, you also have the right to lodge a complaint with:
- the Information Commissioner in the UK - The UK’s Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: (+44)(0)303 123 1113.
- a relevant data protection supervisory authority in the European Economic Area state of your habitual residence, place of work or of an alleged infringement of data protection laws in the European Economic Area. For a list of EEA data protection supervisory authorities and their contact details see here - edpb.europa.eu/about-edpb/about-edpb/members_en.
D. Storage of Your European Personal Information
We securely store your European Personal Information in distributed locations in the United States using our own servers or the servers of reputable, third-party service providers such as our cloud-hosted infrastructure service provider and other cloud-based software service providers. We will keep such information for no longer than necessary for the purpose for which it is used. The length of time we retain your European Personal Information will depend on any legal obligations we have, the nature of any contracts we have in place with you, the existence of your consent or our legitimate interests as a business. Following the end of the relevant retention period, we will delete or anonymize your European Personal Information.
E. Your European Privacy Rights
If you are a European User, you will have the following additional rights with respect to your European Personal Information (your “European Privacy Rights”):
- The right to withdraw consent: If we are processing your European Personal Information based on your consent, you may withdraw that consent at any time. Your withdrawal will not affect the lawfulness of our processing based on your consent before your withdrawal. If you withdraw your consent, we may not be able to provide our Website or our other products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- The right to restrict processing: You may restrict our use and processing of your European Personal Information in certain circumstances, e.g. if you contest the accuracy of the data.
- The right to access: You have the right to be provided with a copy of your European Personal Information.
- The right to Rectification: You have the right to require us to correct any mistakes in your European Personal Information. You are responsible for letting us know if your European Personal Information changes or is no longer correct.
- The right to erasure (also known as the right to be forgotten): You have the right to require us to delete your European Personal Information in certain situations.
- The right to data portability: You have the right to receive your European Personal Information you provided to us, in a structured, commonly used, and machine-readable format and/or transmit that data to a third party in certain situations.
- The right to object: You have the right to object at any time to your European Personal Information being processed for direct marketing (including profiling); and in certain other situations to our continued processing of your European Personal Information, e.g. processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defense of legal claims.
If you would like to exercise any of these rights, please:
- email us at support@spreedly.com;
- provide enough information to identify yourself and any additional identity information we may reasonably request from you;
- let us know what right you want to exercise and the information to which your request relates.
Upon our receipt of your request and our verification of your identity, we will advise you whether we are processing European Personal Information concerning you and, if so, will provide you with a copy of your European Personal Information being processed and certain information about the nature and purposes of the processing. You may correct, amend, or delete any such European Personal Information that is inaccurate or incomplete.
You will not usually have to pay a fee to exercise any of your European Privacy Rights. We may, however, charge a reasonable fee if a request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in those circumstances. We may need to request specific information from you to help us confirm your identity and to ensure your right to exercise your European Privacy Rights. This is a security measure to ensure that your European Personal Information is not disclosed to a person who does not have a right to receive it.
We will respond to all valid requests within 30 days of receipt of a valid request. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
F. European Sensitive Information
We do not as a matter of course collect, store, or process sensitive information related to your racial or ethnic identity, political opinions, religious or philosophical beliefs, trade union membership, health (including genetic and biometric data), sex life or sexual orientation (“European Sensitive Information”). Unless you expressly and voluntarily provide this to us (for example, Excepted as specifically described above with respect to racial or ethnic identity information collected from Job Applicants). If we do process European Sensitive Information, we will always ensure we are permitted to do so under data protection laws, such as on the basis of your explicit consent, the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent or the processing is necessary to establish, exercise or defend legal claims.
G. Profiling
Subject to our compliance with the section ‘Cookies’ below, we may create a profile to analyze or predict your personal preferences or interests solely related to your use of our Website and for the purposes described in this Policy. We do not otherwise create profiles to analyze or predict your performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. We do not make any decision about you that would have legal consequences or similarly significant effects on you based solely on automated decision-making, including the use of profiles.
H. Disclosure to Third Parties
If we intend to disclose your European Personal Information to any third party that will have the right to process your European Personal Information, we only allow those organizations to handle your European Personal Information if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.
In certain situations, we may be required to disclose your European Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
I. Marketing
We will use your European Personal Information to send you updates (by email, text message, telephone, or mail) about our Website, including new services.
We have a legitimate interest in using your European Personal Information for marketing purposes where you have an existing relationship with us or contacted us about our Website and did not opt-out of such marketing when you provided your European Personal Information to us. In all other cases, we will seek your prior consent to marketing.
You have the right to opt out of receiving marketing communications at any time by:
- contacting us at support@spreedly.com; or
- using the ‘Unsubscribe’ link in emails.
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
Children’s Privacy
We do not knowingly collect, maintain, or use personal information from children under 16 years of age, and no parts of our services are directed to children. If you learn that a child has provided us with personal information in violation of this Policy, please contact us at support@spreedly.com.
Data Security
We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure.
The safety and security of your information also depends on you. When we have given you (or when you have chosen) a password for access to certain parts of our Website, you are responsible for keeping that password confidential. We ask you not to share your password with anyone. Unfortunately, the transmission of information over the Internet is not completely secure. Although we have implemented security measures that we think are adequate, we cannot guarantee the security of your Personal Information transmitted to or using our Website. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on our Website.
Contact Information
We are Spreedly, Inc., a Delaware corporation with headquarters in Durham, North Carolina. To ask questions or comment about this privacy policy and our privacy practices:
- 300 Morris St., Ste 400
- Durham, NC 27701
- (888) 727-7750
- support@spreedly.com
Individuals in the European Economic Area may also contact our EU data protection representative, Orsa Saiwai EDS Limited to be our EU data protection representative:
- Orsa Saiwai EDS
- 50 Upper Mount Street
- Dublin 2, D02 DP03
- Ireland
- +447818063090