This Privacy Notice sets out SPHIRA’s practices regarding the personal data collected or used through SPHIRA’s websites, products and services. Specifically, this Notice describes
SPHIRA, together with its affiliated companies (“SPHIRA“, “we“, “our” or “us“), collects and uses certain Personal Data. We are committed to only use and share this Data in compliance with applicable data protection and privacy laws, and in accordance with this Privacy Notice.
This Privacy Notice applies to “Personal Data“, which means any data or information relating to a living individual who can be identified through this data or through any other data in SPHIRA’s actual or expected possession. This Notice concerns Personal Data collected, received or used via SPHIRA’s websites, products and services (collectively, “Services“), and other data sources as described below.
You are not legally required to provide us with any Personal Data, but without it we will not be able to provide you with the full range or with the best experience of using our Services.
Types of Personal Data
SPHIRA collects the following types of data regarding our customers, website visitors and users of SPHIRA’s Services, as well as SPHIRA’s potential customers (to extent that you are any of such individuals, “you“):
Data received from you: this includes any data or information you may provide that identifies you (either in itself, or due to the manner in which it was provided, or the Data with which it was provided or generated), such as your name, company and position, contact details (such as business e-mails, phones and addresses), as well as any free-form text you may choose to provide us. We may also receive additional information concerning your company or employer from you in communications, such as their billing details, their business needs and preferences. Please note that to the extent that such information concerns a non-human entity, we do not regard it as “Personal Data” and this Privacy Notice shall not apply to it.
Data collected or generated about you: this includes data and information concerning your usage of SPHIRA’s Services. Such data could include IP addresses, device, system and software details, cookies and similar tracking data, click-stream and usage logs, and comparable data and information concerning log-in attempts, usage and use preferences regarding SPHIRA’s Services.
Data provided by third parties: this may include your name, company, position, contact details and professional experience, preferences and interests, as may be made available to us by our business partners, customers or service providers, such as the organizers of events that both you and SPHIRA participated in, your employers or colleagues, LinkedIn and similar services and sources.
Non-personal (anonymous) Data: Non-personal data does not and may not relate or refer to a specific individual. Therefore, we do not regard it as “Personal Data” and this Privacy Notice shall not apply to it.
You are not legally required to provide us with such Personal Data, or to have such Personal Data collected about yourself, but in some cases the lack of certain Personal Data may prevent us from providing certain features or access to certain parts of our Services.
Uses of Personal Data
We collect and use the abovementioned Personal Data as necessary for the performance of our Services; for complying with applicable law; and based on our legitimate interests in maintaining and improving our Services and offerings, understanding how our Services are used, optimizing our marketing, customer service and support operations, and protecting and securing our users, ourselves and our Services.
Specifically, we collect and use Personal Data for the following purposes:
To facilitate, operate, and provide our Services;
To verify the identity and access privileges of our customers and users;
To continuously develop, customize and improve our Services;
To provide our customers and users with technical assistance and customer support, and to diagnose or fix technical issues reported by our users or engineers;
To monitor and improve the effectiveness of our Services, and of our marketing efforts;
To contact you with general and personalized service-related notices, surveys, informational materials and certain promotional messages;
To monitor aggregate metrics and create aggregated statistical data and other aggregated and/or inferred Non-personal Data, including anonymized and/or pseudonymized Personal Data, which we, our customers, users or business partners may then use and disclose at our discretion;
To manage and assess risks, enhance our data security and to help protect against error, fraud or any illegal or prohibited activity;
To act as permitted by, and to comply with, any legal or regulatory requirements; and
To conduct any additional activities that may require the use of your Personal Data, for which we will request your specific approval in advance.
With whom we share Personal Data
Personal Data collected in accordance with this Privacy Notice may be maintained, processed and stored by SPHIRA and our authorized service providers in the European Union (e.g., in Germany) and might be accessed from other jurisdictions as necessary for the proper delivery or performance of our Services or as may be required by law.
SPHIRA is based in Germany, with headquarters in Frankfurt.
While the data protection laws in the above jurisdiction may be different than the laws of your residence or location, please know that SPHIRA, its affiliates and service providers that store or process your Personal Data on SPHIRA’s behalf are each committed to keeping this Data protected and secured, in accordance with this Privacy Notice and industry standards.
With whom we share Personal Data
SPHIRA may share your Personal Data with third parties (or otherwise allow them access to it) solely in the following manners and instances:
Third Party Services: SPHIRA has partnered with a number of selected service providers, whose services and Services complement, facilitate and enhance our own. These include hosting services, data analytics services (e.g., Google Analytics), e-mail distribution and monitoring services, CRM, task and project management services, and our business, legal and financial advisors (collectively, “Third Party Services“). Depending on their particular roles and purposes in facilitating and enhancing our Services, these Third Party Services may receive or otherwise have access to your Personal Data, but may only use it for such purposes.
Governmental/Law Enforcement Agencies and Legal Requests or Duties: If we believe in good faith that we are legally compelled to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing, we may disclose or allow government and law enforcement officials access to Personal Data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations.
Protecting Rights and Safety: We may share your Personal Data with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of SPHIRA, any of our customers or users, or any members of the general public.
SPHIRA Subsidiaries and Affiliated Companies: We may share Personal Data internally within our family of companies, for the purposes described in this Privacy Notice. In addition, should SPHIRA or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your Personal Data may be shared with the parties involved in such an event. If we believe that such change in control might materially affect your Personal Data stored with us at that time, we will notify you of this event and the choices you have via e-mail and/or prominent notice on our website or Services.
SPHIRA may share your Personal Data in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal and anonymous. Additionally, we may transfer, share or otherwise use Non-personal Data in our sole discretion and without the need for further approval.
SPHIRA and some of its Third Party Services providers utilize “cookies”, anonymous identifiers and other tracking technologies, which help us improve our Services, in order to provide a better experience to our customers and users. For example, these technologies enable us to keep track of our customers’ and users’ preferences and authenticated sessions, to better secure our Services, to detect abnormal behaviors and technical issues, and to monitor and improve the overall performance of our products.
In order for some of these technologies to work properly, a small data file (“cookie”) must be downloaded and stored on your device. Some cookies and other technologies serve to recall Personal Data, such as an IP address, and are used for purposes of session and user authentication, security, keeping the user’s preferences, connection stability, monitoring performance and generally providing and improving our Services.
While we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser, most browsers allow you to control cookies, including whether or not to accept them and to remove them. You may set most browsers to notify you if you receive a cookie, or to block cookies with your browser. Please refer to the “Help” section of your internet browser for this option.
Communications from SPHIRA
Service Communications: SPHIRA may contact you with important information regarding our Services. For example, we may notify you (through any of the means available to us) of changes or updates to our Services, payment issues, service maintenance, etc.
Promotional Communications: We may also notify you about new services, events, and special opportunities or other information we think you will find relevant. We will provide such notices through any of the contacts means available to us (e.g. phone, mobile or e-mail), through the Services, or through our marketing campaigns on any other sites or platforms.
If you do not wish to receive such promotional communications, you may notify SPHIRA at any time by e-mailing us at email@example.com, or by following the “unsubscribe”, “change preferences” or “stop” instructions contained in the promotional communications you receive.
How SPHIRA safeguards Personal Data
In order to protect your Personal Data held with us, we are using industry-standard physical, procedural and electronic security measures, including encryption where deemed appropriate. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any Personal Data stored with us or with any third parties.
The rights and choices available to you regarding your Personal Data
If you wish to exercise your right to access your Personal Data and/or request us to make corrections to your Personal Data that you have stored with us, or to delete it, please send us an e-mail to firstname.lastname@example.org, and we will respond within a reasonable timeframe and in accordance with applicable laws.
Please note that once you contact us by e-mail, we may require additional information and documents, including certain Personal Data, in order to authenticate and validate your identity and to process your request. Such additional data will be then retained by us for legal purposes (e.g. so we have proof of the identity of the person submitting the request), in accordance with our data retention policy.
How long SPHIRA may keep Personal Data
We may retain your Personal Data for as long as your organization’s account with us is active or as reasonably necessary for us to provide or offer our Services to you and your organization, or as we reasonably need it in order to maintain and further expand our relationship. We may retain such Personal Data even after the organization or a particular user deactivates their account or ceases to use our Services, as may be requested by their organization or as we otherwise deem necessary for the purposes described in this Notice. We may retain your Data longer, as reasonably necessary to comply with our legal and contractual obligations, or to protect ourselves from any potential disputes (i.e., as required by laws applicable to records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), in accordance with our data retention policy. If you have any questions about our data retention policy, please contact us at email@example.com.
We may amend this Privacy Notice at any time by posting a revised version on our website and/or Services, as applicable. The revised version will be effective as of the published effective date. We will provide you with prior notice via any of the communication means described in Section 7 above or by posting on the Services, if the revised version includes a substantial change. After this notice period, all amendments to this Privacy Notice shall be deemed accepted and effective on both you and us. Except if and as stated otherwise, our most current Privacy Notice shall apply to all Personal Data described in that Notice.
While our website may contain links to other websites or services, we are not responsible for such websites’ or services’ privacy practices, and encourage you to be aware when you leave SPHIRA’s website and read the privacy statements of each and every website and service you visit. This Privacy Notice does not apply to such linked third-party websites and services.
Our Services are not intended for use by children under the age of 18. We do not knowingly collect Personal Data from minors under the age of 18 and do not wish to do so. In the event that it comes to our knowledge that a minor is using the Services, we will prohibit and block such user from accessing the Services and will make all efforts to promptly delete any Personal Data stored with us with regard to such user.
This Privacy Notice was written in English, and may be translated by SPHIRA into other languages such as German for your convenience. If a translated (non-English) version of this Privacy Notice conflicts in any way with its English version, the provisions of the English version shall prevail.
If you have any questions about this Privacy Notice or SPHIRA’s privacy practices, please contact us at firstname.lastname@example.org.
If you are not satisfied with the response you receive from our Privacy team, you may lodge your complaint with the applicable Data Protection Authority in your jurisdiction.
Effective Date: March 20, 2019