PRIVACY POLICY

Spotzer Digital B.V.

Privacy Policy

The following information sets out our policy (“Privacy Policy”) regarding the collection, use and disclosure of personal information we receive from customers and/or users of our websites, Spotzer.com or Spotzerdigital.com (collectively, “Our Website”). Each time you access or use Our Website, you are deemed to accept these terms and conditions.

Our Commitment:

Your privacy is important to us. This policy outlines our ongoing commitment to protecting your privacy by providing details on how we manage your information and the choices available to you about the way this information is collected and used.

What Information do we collect and why?

In order to provide our services to you, we may collect the following types of information:

(a) Information you provide: if you submit a request for any of our services (for example – a website built for your business), write reviews, contact us, or use other services on the website that requires input, we will store and save the information you provide. This information may include personally identifiable information such as your name, telephone number, postal address, email address, etc. (“Personal Information”) and will be used for the purpose submitted to us, which is usually to contact you.

(b) Cookies (“Cookies”): These are text files with small amounts of data, which may include an anonymous unique identifier. They are meant to improve the site’s functionality and the user’s experiences with it.

Like many sites, we use Cookies to collect information. There are various types of Cookies, including (1) analytical cookies, (2) performance cookies, and (3) functional or necessary cookies.

• Analytical cookies are used for collecting anonymous information about the use of our website. The information is used only to improve our website’s quality and functionality.

• Performance cookies are used to determine which advertisement affects a consumer’s purchase decision.

• Functional cookies are used to make our website function properly, for example by recording the contents of a shopping cart.

When you use Our Website, one or more Cookies may be sent and stored on your computer. These Cookies are used to save certain preferences on Our Website and identify you on future visits. You can instruct your browser to limit or prohibit the storage of Cookies on your computer when accessing Our Website however doing so may affect the usability of the website services.

(c) Log information – All information sent by your web browser and computer when you visit Our Website may be stored by our servers. This information may include your IP address, browser type, URL accessed, cookie information, the date and time of your request, and other information that may uniquely identify you and may also be considered as part of your Personal Information.

In addition, we may use third party services such as Google Analytics and HotJar (discussed further below) that collect, monitor and analyse this data.

Your Information:

You are responsible for ensuring the accuracy and consent for use of any Personal Information you submit to us. Inaccurate information will affect our ability to provide you with services as well as to contact you as contemplated in this Privacy Policy.

In addition, please note that this Privacy Policy does not cover information which is not considered as Personal Information such as: (i) Information about a legal entity (e.g. corporate information, business contact details, company accounting information, etc.); or (ii) Anonymized data – that is, information which does not relate to an identified or identifiable natural person or Personal Information which has been made anonymous in a way that the data subject is not or no longer identifiable.

We do not Collect Sensitive Information

Sensitive information includes information or opinions about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

We do not in the ordinary course collect any sensitive information as this is not usually required for the provision of our services to you.

Our Use of Personal Information

We collect Personal Information mainly to provide our services to you, conduct statistical analysis, provide customer support or meet certain business requirements. We may also from time to time use it for marketing purposes to contact you with newsletters or promotional materials. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing at privacy@spotzer.com.

We may also use Personal Information to track the use of our services and/or for other internal purposes, such as evaluating and improving the services.

We will process Personal Information as mentioned above and only in accordance with the provisions of this Privacy Policy. Our personnel are obligated to maintain the security, and secrecy of any Personal Information as provided in this Privacy Policy and this obligation continues even after their engagements end. We do not provide your Personal Information to third parties except to third party service providers with your knowledge and consent or as required by law.

You may withdraw your consent at any time by contacting us using our contact details below.

Sharing/Transferring Personal Information

We do not give, sell, transfer or otherwise share any Personal Information to, or with, any third party except for the cases listed in this Privacy Policy.

Sharing of Personal Information may occur (i) if you have requested and/or agreed that the Personal Information will be provided to third parties; or (ii) if the disclosure is required by law; or (iii) if it is transferred for the performance of a contract between you and Spotzer; or (iv) the transfer is necessary in order to protect the vital interests of the data subject; or (v) the transfer is necessary or legally required on important public interest grounds, or for the establishment, exercise, or defense of legal claims; or (vi) if the transfer is for the purposes of the legitimate interests pursued by Spotzer or by the relevant third party.

In the event that Spotzer sells, assigns or transfers some or all of its business or assets to a successor or acquirer, or if Spotzer is acquired by or merges with a third party, or if Spotzer files for bankruptcy or becomes insolvent, Spotzer may disclose, sell, assign or transfer all of your Personal Information as part of the transaction.

Disclosure of Personal Information to Third Parties

Your Personal Information may be disclosed in a number of circumstances including the following:

• Third parties where you consent to the use or disclosure for fulfillment of our services to you; and

• Where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so, or where required or authorised by law.

Recipients of your data may include third-party service providers selected by you for inclusion in a product or service that you request from us or a regulator or to otherwise comply with the law. Where we do so, we will require third parties to respect the security of your data and to treat it in accordance with the law.

Where you select third party providers as part of the product or services you request from us, please note that you will be bound by their end user terms including their use of sub-processors, whether located within or outside of the EU. It is your choice whether you wish to use such third-party services and you consent to processing of your information by sub-processors located outside of the EU.

A current list of our third party sub-processors can be found below.

Third Party Sub-Processors

Our carefully selected partners and service providers may process personal information about you on our behalf. Some or all of these may apply to you, depending on whether you are a direct customer, an enterprise reseller or an agency reseller, the specific services you utilize and the jurisdiction in which you are located.

 
Sub-processorPurposeLocation of Sub-processor
Amazon Web Cloud ServicesCloud Storage
https://aws.amazon.com/privacy/
https://aws.amazon.com/service-terms/
Ireland
Duda IncWeb builder, Website Hosting
https://www.duda.co › legal › terms
https://www.duda.co › legal › privacy
USA/EU
EcwidEcommerce
https://www.ecwid.com/terms-of-service
https://www.ecwid.com/privacy-policy
USA
Google LLCEmail, Google My Business, Google Analytics
https://policies.google.com/terms?hl=en-US
https://policies.google.com/privacy?hl=en-US
USA
Google LLCEmail, Google My Business, Google Analytics
https://policies.google.com/terms?hl=en-US
https://policies.google.com/privacy?hl=en-US
USA
HelpscoutCustomer Support platform
https://www.helpscout.com/company/legal/terms-of-service/
USA
MonoWeb builder, Website Hosting
https://mono.co/legal
OpenSRS/TucowsDomains
https://opensrs.com › contract
Canada
SalesforceFrankfurt, DE & Paris, FRA
https://www.salesforce.com/company/legal/sfdc-website-terms-of-service/
https://www.salesforce.com/privacy/overview/
CRM
TwilioIreland, Japan, USA
https://www.twilio.com/legal/tos
https://www.twilio.com/legal/privacy
Cloud Communications Platform
VonageUK
https://www.vonage.com/legal/communications-apis/terms-of-use/
https://www.vonage.com/legal/privacy-policy
Telephony
WP EngineWeb builder, Website Hosting
https://wpengine.com/legal/terms-of-service/
https://wpengine.com/legal/privacy/
Belgium

Digital Marketing Service Providers

Additionally, we periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:

– Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: Z123456 their Data Protection Officer can be emailed at: dpo@sopro.io.

Data from Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case, we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party. Such Third Parties used by us include (but are not limited to):

Google Analytics:

Our Website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses Cookies which allow your use of Our Website to be analyzed. The information generated by the Cookie on your use of Our Website (including your IP address) is transmitted to, and stored by, Google. Google uses this information on our behalf to analyze your use of the website and compile reports on website activity. However, IP anonymization is activated on Our Website, which means that your IP address will be abbreviated and stored in an anonymized form by Google.

You may adjust the settings in your browser software to prevent Cookies from being saved; however, if you do so, you may not be able to benefit from the full functionality of Our Website. You can also prevent the data generated by the Cookie relating to your use of Our Website (including your IP address) from being recorded and processed by Google by downloading and installing the browser plugin that is available by following this link: https://tools.google.com/dlpage/gaoptout.

HotJar

HotJar tracks usage and behavior on a website. General information about HotJar’s use of your information is as follows:

Visitor privacy:

• Site visitors are assigned a unique user identifier, UUID, so that Hotjar can keep track of returning visitors without relying on any personal information, such as the IP address.

• IP addresses of visitors are always suppressed before being stored using Hotjar’s core feature set. HotJar sets the last octet of IPv4 addresses, all connections to Hotjar are made via IPv4, to 0 to ensure the full IP address is never written to disk. For example, if a visitor’s IP address is 1.2.3.4, it will be stored as 1.2.3.0. The first three octets of the IP address are only used to determine the geographic location of the visitor.

• When collecting data with recordings, Hotjar automatically suppresses keystroke data on all input fields. In all cases, the data is suppressed client-side, the visitor’s browser, which means it never reaches our servers.

Data collection and transmission

• Firewalls are in place exposing only the necessary ports through the internet and between different servers. Intrusion protection system (IPS) software is in place as a second layer of security, which will block access as soon as any suspicious login activity is detected.

• Hotjar transmits data from your browser to our system using HTTPS.

• Protocols and ciphers suite are used to encrypt data in transit.

Data Security

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of Personal Information, we have put in place physical, electronic, and managerial procedures to safeguard and secure the information we collect online. However, we cannot guarantee the security of your data, which may be compromised by unauthorized entry or use of the Website.

We implemented and will maintain and follow appropriate technical and organizational measures intended to protect information that we collect against accidental, unauthorized or unlawful access, disclosure, alteration, loss, or destruction.

Security Incident Notification

If we become aware of any unlawful access to any information we stored, or unauthorized access to it, resulting in loss, disclosure, or alteration of the information, we will promptly (1) notify you of this security incident; (2) investigate this security incident and provide you with detailed information about the security incident; and (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the security incident.

Notification(s) of any security incident will be delivered to you by any means we select, including via email. Our obligation to report or respond to such security incident is not an acknowledgement by us of any fault or liability with respect to a security incident.

You must notify us promptly about any possible misuse of your accounts or authentication credentials or any security incident related to the services that we provide to you.

Children’s Privacy

Protecting the privacy of the very young is especially important. For that reason, our services are not directed towards and may not be used by persons under 16, and no part of our website is structured to attract anyone under 16.

Links to other sites

Our Website may contain links to other sites. Other sites may also reference or link to Our Website. We are not responsible for the privacy practices or the content of such other online sites, and any information collected by these third party online sites is not governed by this Privacy Policy, and we assume no responsibility or liability whatsoever for the policies (including privacy policies), practices, actions or omissions of such third parties.

Retention/Deletion of Personal Information

We may retain your information for as long as needed to provide you with the services and the uses described in this Privacy Policy. This often means that we will keep information for the duration of your account. Please note, however, that where applicable legislation requires us to do so, it may be required to keep records of your Information even after such termination.

How You Can Access or Correct Your Information

In certain circumstances, you have rights in relation to the Personal Information we process about you. The table below sets out an outline of those rights and how to exercise them:

Please note that we will require you to verify your identity before responding to any requests to exercise your rights. To exercise any of your rights, please email privacy@spotzer.com. Please note that for each of the rights below, we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.

 
RightDescription
AccessYou have the right to know whether we process Personal Information about you, and if we do, to access Personal Information we hold about you and certain information about how we use it and who we share it with. You can request a copy of this Personal Information.
PortabilityYou have the right to receive a subset of the Personal Information you provide us in a structured, commonly used and machine-readable format and a right to request that we transfer such Personal Information to another party if we process it on the bases of (i) our contract with you or (ii) with your consent and when the processing is carried out by automated means.
CorrectionIf you believe that the Personal Information we hold about you is inaccurate or incomplete, you have the right to request its correction or modification.
ErasureYou may request that we erase the Personal Information we hold about you in the following circumstances: (i) where you believe it is no longer necessary for us to hold the Personal Information, (ii) we process it on the basis of your consent and you wish to withdraw your consent, (iii) we process your Personal Information on the basis of Spotzer’s legitimate interest and you object to such processing, (iv) you no longer wish us to use your Personal Information to send you marketing or (v) you believe that Spotzer is unlawfully processing your Personal Information.
Restriction of ProcessingYou have a right to require us to restrict processing of the Personal Information we hold about you in the following circumstances: (i) if you dispute the accuracy of your Personal Information, (ii) if the processing is unlawful and you object to its deletion, (iii) if you believe that we no longer need your Personal Information but that it is still necessary for you to establish, exercise or defend your legal rights or, (iv) if you have objected to our processing of Personal Information we hold about you.
ObjectionYou have the right to object to the processing of the Personal Information we hold about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such Personal Information or we need to process it in relation to legal claims.

Additional Terms re Processing

These Additional Terms apply only if you reside in the European Union (“EU”) and are in addition to all other provisions in this Privacy Policy to which Spotzer is bound.

For this section, the following are important definitions:

• “GDPR” means the European Union General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

• “Personal Information” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

For the services provided by Spotzer, Spotzer is a data processor acting on your behalf. As data processor, Spotzer will only act upon your instructions.

The duration of data processing shall be for the term designated under an agreement (which refers to this Privacy Policy) between you and Spotzer. The objective of the data processing is the performance of the services and as specified above in the “Use of Information” section above.

The scope and purpose of processing your data, including any Personal Information is described in this Privacy Policy.

This section does not limit or reduce any data protection commitments Spotzer makes to you in a services agreement between you and Spotzer and in this Privacy Policy.

Spotzer shall not engage another processor without your prior specific or general written authorization.

In the case of general written authorization, Spotzer shall inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes.

Processing by Spotzer shall be governed by the GDPR terms in the EU. The subject matter and duration of the processing, the nature and purpose of the processing, the type of Personal Information, the categories of data subjects and your rights are set forth in your agreement, including these GDPR terms. In particular, Spotzer shall:

(a) process the Personal Information only on documented instructions from you (if you are “Controller” according to the GDPR), including with regard to transfers of Personal Information to a third country or an international organization, unless required to do so by Union law to which Spotzer is subject; in such a case, Spotzer shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;

(b) ensure that persons authorized to process the Personal Information have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

(c) take all measures required pursuant to Article 32 of the GDPR;

(d) ensure compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Spotzer;

(g) at your choice, delete or return all the Personal Information to you after the end of the provision of services relating to processing, and delete existing copies unless Union law requires storage of the Personal Information;

(h) make available to you all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR.

Spotzer shall immediately inform you if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Spotzer shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

(a) the pseudonymisation and encryption of Personal Information;

(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

(c) the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and

(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information transmitted, stored or otherwise processed.

Spotzer shall take steps to ensure that any natural person acting under the authority of Spotzer who has access to Personal Information does not process them except on instructions from Spotzer, unless he or she is required to do so by Union law.

Spotzer shall notify you without undue delay after becoming aware of a Personal Information breach.

Lawful Bases for Processing

We will only collect and process Personal Information about you where we have one of the following 6 lawful bases:

(i) Consent (where you have given consent), (ii) contract (where processing is necessary for the performance of a contract with you (e.g. to deliver the services you have requested), (iii) legal obligation (to comply with a common law or statutory obligation), (iv) vital interest (to protect someone’s life), (v) public task (to perform a specific task in the public interest that is set out in law) and (vi) for legitimate interests.

Where we rely on your consent to process Personal Information, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. This consent may be withdrawn by you at any time (with effect for the future) by notifying us in writing. You do not need to provide us with a reason for your decision however you should bear in mind that this may affect our ability to provide our services to you.

If you have any questions about the lawful bases upon which we collect and use your Personal Information, please contact us (contact information provided below).

If you have any questions about the lawful bases upon which we collect and use your Personal Information, please contact us (contact information provided below).

Transfer of Personal Information to Third Countries

We may transfer your Personal Information to third parties located at destinations outside the European Economic Area. The data protection and privacy laws of the jurisdictions to which the Personal Information will be transferred may not be as comprehensive as those in the European Union (if applicable to you); in which case New Stream will take measures to ensure a similar level of protection is provided to your Personal Information according to one of the following safeguards:

(a) Personal Information is transferred to countries that the European Commission has identified as the countries ensuring an adequate level of protection of Personal Information;

(b) In the case of recipients based in the United States of America, we may transfer Personal Information if recipients participate in the Privacy Shield program, which aims at ensuring the same level of protection of Personal Information as that applicable in Europe;

(c) We apply relevant standard contractual clauses approved by the European Commission or we rely on binding corporate rules which guarantee the security of your data.

Your Acceptance of this Policy

By submitting a request for our services or by continuing to browse Our Website, you agree to this Privacy Policy, and to any changes we may make to this Privacy Policy from time to time – without the need to notify you about such changes.

Changes to This Privacy Policy

We reserve the right to alter the Privacy Policy at any time. We will post any changes to the Privacy Policy on this page. It is recommended that you revisit this Privacy Policy regularly so as to be kept apprised of the updated Privacy Policy. Your continued use of the services following changes to this Privacy Policy means you accept these changes. If you do not agree to the altered privacy policy, you may stop using the services.

How To Contact Us

Should you have other questions or concerns about these privacy policies and if you believe that we are not adhering to our privacy or security commitments, please send us an email at privacy@spotzer.com.

Last Updated: June 1, 2023