- Product
Usage: Information
about how users and their devices interact with their account, which may
include who sent messages to their users in chat, email addresses, IP
addresses, device information, and other information about who joined
meetings or calls on their account, whether their users viewed or
downloaded a recording, how long participants participated in their
meetings, the time a message was sent, information about Spring Phone
integrations, and other usage information and feedback metrics.
- Participant
List: Information
about the participants in a Spring meeting, call, or chat, which may
include name, display name, email address, phone number, and participant
or user ID.
- Registration Information: Information
provided during registration for a call, meeting, Spring Room, or
recording hosted by the account.
- Spring Team Chat Out-of-Meeting
Messages: If
enabled on their account, account owners and those they authorize can see
information about who sent and received out-of-meeting messages to users
on their account along with information about the message (for example,
date and time, and number of participants). Depending on their settings,
account owners also can see sender and receiver information, and other
messaging data, along with the content of messages sent to and from users
on their account, unless the account owner has enabled Advanced Chat
Encryption. Depending on their settings, account owners and those they
authorize may also see the content shared through collaborative features,
including whiteboards, files, and images shared in out-of-meeting chat.
- In-Meeting/Call Messages: Depending
on their settings, account owners can see sender and receiver
information, along with the content of messages sent to and from users on
their account, in the following circumstances:
- Messages
sent to Everyone in a meeting that is recorded
- Messages sent to panelists in a call
that is recorded
- Direct messages if the account owner has
enabled archiving
- If a participant in a meeting is subject
to archiving, their account owner will have access to messages sent to
Everyone in the meeting, as well as direct messages sent to that
participant.
- Recordings: Account owners
can watch the content of recordings of meetings and calls hosted on their
account. They can also view, share, and enable advanced features for
transcripts of meeting audio.
- Polling, Q&A, and Feedback: Account owners
can see information about who provided responses to their polls, Q&A,
or post meeting or call feedback requests, including name and contact information,
together with the responses or feedback, unless responses are submitted
anonymously.
- Meeting Hosts, Participants, and
Invitees: Hosts,
participants, and invitees may be able to see your email, display name,
and profile picture. Meeting hosts, participants, and invitees can also
see and (depending on the account owner’s settings) record or save meeting
content, audio transcripts, messages sent to Everyone or to them directly,
and files, whiteboards or other information shared during a meeting. Hosts
may also be able to see responses to Q&A and polls generated during
the meeting.
- Call Panelists and
Attendees: Only
panelists may be visible to attendees during a call, but attendees who
agree to unmute can be heard by other attendees. If an attendee agrees to
become a panelist during a call, they may be visible to other attendees,
depending on settings. Panelists and attendees may be able to see the name
of a participant who asks a question during a Q&A, along with their
question, unless the participant submits the question anonymously.
- Livestreams: Meeting and call
hosts can choose to livestream to a third-party site or service, which
means anyone with access to the livestream will be able to see the meeting
or call.
- Apps and
Integrations:
- Account
owners can choose to add Spring-developed apps and third-party apps to
their account and the Spring Products they use, and they can also control
whether their users can add and use specific Spring and third-party apps,
including in meetings, calls, and chats hosted on their account.
- Account owners can also choose to integrate other
content – such as email communications on their corporate account – to
apps and services that they use. Further, account owners may choose to
have Spring analyze the meeting’s audio recording to distinguish one
speaker from another in order to create an accurate transcript. The audio
analysis is not retained after the transcript is generated.
- Depending on their settings, account owners’, users’
and guests’ personal data and content may be shared with apps and
integrations approved by account owners, which may include all of the
personal data categories listed above, such as account information,
profile and contact information, registration information, participants
list, settings, content, product usage, device information, or emails
that have been shared with the app.
- Other participants in the meeting may be able to see
the app that you are using in a meeting, if the app is receiving content
(including audio and video) from the meeting.
- Third-party developers may also integrate or embed Spring
meetings into their website or app experiences or build versions of Spring
that enable access to Spring Products from a third-party app.
- Personal information shared by
account owners and users with third-party apps and integrations is
collected and processed in accordance with the app developers’ terms and
privacy policies, not Spring’s.
- Google Calendar: This privacy statement describes how we
collect and use the information you provide in your Google Calendar
account when you enable access permission to the Spring application. It
also describes the choices available to you regarding our use of your
information and how you can access and update this information.
Collection and use information:
- We collect the following
personal information from your Google Calendar:
- Event name
- Event date
- Event time
- Event description
- Event location
- We add the following
personal information from your Spring account to your Google Calendar
account:
- We use this information
to:
- Populate your Google
Calendar data in your Spring application.
- Share the following
information with other users in your team:
- If you currently have an
event scheduled
- The end time of the
current event, if applicable
- Choices available to you:
- You may unlink your
Google Calendar account from your Spring account utilizing the
Profile/You page of the Spring application and selecting ‘unlink’ or by
revoking access through your Google account.
Privacy Rights
and Choices
If you are in the
European Economic Area (EEA), Switzerland, or the UK, or a resident of
California, please refer to the respective dedicated sections below. Otherwise,
at your request, and as required by applicable law, we will:
- Inform
you of what personal data we have about you that is under our control;
- Amend or correct such personal data or any previous
privacy preferences you selected, or direct you to
applicable tools; and/or
- Delete such personal data or direct you to applicable
tools.
In order to exercise
any of your rights as to personal data controlled by Spring, please contact us.
Where legally permitted, we may decline to process requests that are
unreasonably repetitive or systematic, require disproportionate technical
effort, or jeopardize the privacy of others. As an account owner or a user
under a licensed account, you may also take steps to affect your personal data
by visiting your account and modifying your personal data directly.
Children
Spring does not allow
children under the age of 16 to sign up for a Spring account.
For
educational organizations that use Spring products and services to provide
educational services to children under 18, Spring’s Children’s Educational
Privacy Statement is available upon request.
How to
Contact Us
To
exercise your rights, please contact us. If you have any privacy-related
questions or comments related to this Privacy Statement, please send an email
to privacy@springapp.com.
You can also contact us
by writing to the following address:
Spring Technologies
Corp.
Attention: Data Privacy Officer
10170 Culver Bl.
Culver City, CA 90232
You can
contact our Data Protection Officer by sending an email to privacy@springapp.com.
Retention
We retain personal data
for as long as required to engage in the uses described in this Privacy
Statement, unless a longer retention period is required by applicable law.
The criteria used to
determine our retention periods include the following:
- The
length of time we have an ongoing relationship with you and provide Spring
products and services to you (for example, for as long as you have an
account with us or keep using our products);
- Whether account owners modify or their users delete
information through their accounts;
- Whether we have a legal obligation to keep the data
(for example, certain laws require us to keep records of your transactions
for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal
position (such as in regard to the enforcement of our agreements, the
resolution of disputes, and applicable statutes of limitations,
litigation, or regulatory investigation).
European
Data Protection Specific Information
Data Subjects Rights
If you are in the EEA,
Switzerland, or the UK, your rights in relation to your personal data processed
by us as a controller specifically include:
- Right of access and/or
portability:
You have the right to access any personal data that we hold about you and,
in some circumstances, have that data provided to you so that you can
provide or “port” that data to another provider;
- Right of erasure: In certain
circumstances, you have the right to the erasure of personal data that we
hold about you (for example, if it is no longer necessary for the purposes
for which it was originally collected);
- Right to object to processing: In certain
circumstances, you have the right to request that we stop processing your
personal data and/or stop sending you marketing communications;
- Right to rectification: You have the
right to require us to correct any inaccurate or incomplete personal data;
- Right to restrict processing: You have the
right to request that we restrict processing of your personal data in
certain circumstances (for example, where you believe that the personal
data we hold about you is not accurate or lawfully held).
To
exercise your rights, please click here. If you have any other questions about
our use of your personal data, please send a request at the contact details
specified in the How to Contact Us section of this
Privacy Statement. Please note that we may request you to provide us with
additional information in order to confirm your identity and ensure that you
are entitled to access the relevant personal data.
You also have the right
to lodge a complaint to a data protection authority. For more information,
please contact your local data protection authority.
Legal Basis for Processing Personal
Data
We only use your
information in a lawful, transparent, and fair manner. Depending on the
specific personal data concerned and the factual context, when Spring processes
personal data as a controller for individuals in regions such as the EEA,
Switzerland, and the UK, we rely on the following legal bases as applicable in
your jurisdiction:
- As necessary for our contract: When we enter into
a contract directly with you, we process your personal data on the basis
of our contract in order to prepare and enter into the contract, as well
as to perform and manage our contract (i.e., providing Spring products and
services, features and services to account owners, their users, and those
they invite to join meetings and calls hosted on their accounts, and
manage our relationship and contract, including billing, compliance with
contractual obligations, and related administration). If we do not process
your personal data for these purposes, we may not be able to provide you
with all products and services;
- Consistent with specific
revocable consents: We rely on your prior consent in order to utilize
cookies to engage advertising and analytics partners to deliver tailored
advertising and analysis of our website usage. You have the right to
withdraw your consent at any time by visiting our cookie management tool,
available Cookies Settings;
- As necessary to comply with our
legal obligations: We process your personal data to comply with the legal
obligations to which we are subject for the purposes of compliance with
EEA laws, regulations, codes of practice, guidelines, or rules applicable
to us, and for responses to requests from, and other communications with,
competent EEA public, governmental, judicial, or other regulatory
authorities. This includes detecting, investigating, preventing, and
stopping fraudulent, harmful, unauthorized, or illegal activity (“fraud
and abuse detection”) and compliance with privacy laws;
- To protect your vital interests
or those of others: We process certain personal data in order to protect
vital interests for the purpose of detecting and preventing illicit
activities that impact vital interests and public safety, including child
sexual abuse material; and
- As necessary for our (or
others’) legitimate interests, unless those interests are overridden by
your interests or fundamental rights and freedoms, which require
protection of personal data:We process your personal data based on
such legitimate interests to (i) enter and perform the contract with the
account
owner and/or reseller providing you with the products and services (which
includes billing, compliance with contractual obligations, and related
administration and support); (ii) develop, test, and improve our products
and services and troubleshoot products and services; (iii) ensure
authentication, integrity, security, and safety of accounts, activity, and
products and services, including detect and prevent malicious conduct and
violations of our terms and policies, prevent or investigate bad or unsafe
experiences, and address security threats; (iv) send marketing
communications, advertising, and promotions related to the products and
services; and (v) comply with non-EEA laws, regulations, codes of
practice, guidelines, or rules applicable to us and respond to requests
from, and other communications with, competent non-EEA public,
governmental, judicial, or other regulatory authorities, as well as meet
our corporate and social responsibility commitments, protect our rights
and property and the ones of our customers, resolve disputes, and enforce
agreements.
International Data Transfers
Spring operates
globally, which means personal data may be transferred, stored (for example, in
a data center), and processed outside of the country or region where it was
initially collected where Spring or its service providers have customers or
facilities – including in countries where meeting participants or account
owners hosting meetings or calls that you participate in or receiving messages
that you send are based.
Therefore, by using Spring
products and services or providing personal data for any of the purposes stated
above, you acknowledge that your personal data may be transferred to or stored
in the United States where we are established, as well as in other countries
outside of the EEA, Switzerland, and the UK. Such countries may have data
protection rules that are different and less protective than those of your
country.
We protect your
personal data in accordance with this Privacy Statement wherever it is
processed and take appropriate contractual or other steps to protect it under
applicable laws. Where personal data of users in the EEA, Switzerland, or the
UK is being transferred to a recipient located in a country outside the EEA,
Switzerland, or the UK which has not been recognized as having an adequate
level of data protection, we ensure that the transfer is governed by the
European Commission’s standard contractual clauses. Please contact us if you
would like further information in that respect.
California Privacy Rights
California Consumer Privacy Act
Spring may or may not
be required to conform to California Consumer Privacy Act of 2018 (CCPA). If
CCPA applies to Spring, the following information is applicable. If Spring is
not covered by CCPA, the following information does not apply, you have none of
the rights listed below or access to processes listed below.
Under the California
Consumer Privacy Act of 2018 (CCPA), California residents may have a right to:
- Access the
categories and specific pieces of personal data Spring has collected, the
categories of sources from which the personal data is collected, the
business purpose(s) for collecting the personal data, and the categories
of third parties with whom Spring has shared personal data;
- Delete personal
data under certain circumstances; and
- Opt out of the “sale” of personal
data. We do not sell your personal data in the conventional sense.
However, like many companies, we use advertising services that try to
tailor online ads to your interests based on information collected via
cookies and similar technologies about your online activity. This is
called interest-based advertising. The CCPA’s statutory definition of the
term “sale” is broad and may include interest-based advertising. You can
get more information and opt out of the use of cookies on our sites for
interest-based advertising purposes by clicking the Do Not Sell My Personal
Information/Do Not Sell My Personal Information link, also on our
homepage, and setting your preferences. You will need to set your
preferences from each device and each web browser from which you wish to
opt out. This feature uses a cookie to remember your preference, so if you
clear all cookies from your browser, you will need to reset your settings.
Spring will not
discriminate against you for exercising any of these rights, which is further
in line with your rights under the CCPA.
To
exercise your rights, please click contact us. To opt out of the use of cookies on our sites
for interest-based advertising purposes, follow the instructions above.
If required by law, we
will acknowledge receipt of your request within 10 business days, and provide a
substantive response within 45 calendar days, or inform you of the reason and
extension period (up to 90 days) in writing.
Under the CCPA, only
you or an authorized agent may make a request related to your personal data.
Note that to respond to your requests to access or delete personal data under
the CCPA, we must verify your identity. We may do so by requiring you to log
into your Spring account (if applicable), provide information relating to your
account (which will be compared to information we have, such as profile
information), give a declaration as to your identity under penalty of perjury,
and/or provide additional information. You may designate an authorized agent to
submit your verified consumer request by providing written permission and
verifying your identity, or through proof of power of attorney.
California’s Shine the Light Law
California Civil Code
Section 1798.83, also known as “Shine The Light” law, permits California
residents to annually request information regarding the disclosure of your
Personal Information (if any) to third parties for the third parties’ direct
marketing purposes in the preceding calendar year. We do not share Personal
Information with third parties for the third parties’ direct marketing
purposes.
Changes to This Privacy Statement
We may update this
Privacy Statement periodically to account for changes in our collection and/or
processing of personal data, and will post the updated Privacy Statement on our
website, with a “Effective Date” date at the top. If we make material changes to
this Privacy Statement, we will notify you and provide you an opportunity to
review before you choose to continue using our products and services.