SPOTZER DIGITAL B.V.
Your privacy is important to us. This policy outlines our ongoing commitment to protecting your privacy by providing details on how we manage your information and the choices available to you about the way this information is collected and used.
What Information do we collect and why?
In order to provide our services to you, we may collect the following types of information:
- Information you provide: if you submit a request for any of our services (for example – a website built for your business), write reviews, contact us, or use other services on the website that requires input, we will store and save the information you provide. This information may include personally identifiable information such as your name, telephone number, postal address, email address, etc. (“Personal Information”) and will be used for the purpose submitted to us, which is usually to contact you.
- Cookies (“Cookies”): These are text files with small amounts of data, which may include an anonymous unique identifier. They are meant to improve the site’s functionality and the user’s experiences with it.
- Analytical cookies are used for collecting anonymous information about the use of our website. The information is used only to improve our website’s quality and functionality.
- Performance cookies are used to determine which advertisement affects a consumer’s purchase decision.
- Functional cookies are used to make our website function properly, for example by recording the contents of a shopping cart.
When you use Our Website, one or more Cookies may be sent and stored on your computer. These Cookies are used to save certain preferences on Our Website and identify you on future visits. You can instruct your browser to limit or prohibit the storage of Cookies on your computer when accessing Our Website however doing so may affect the usability of the website services.
- Log information – All information sent by your web browser and computer when you visit Our Website may be stored by our servers. This information may include your IP address, browser type, URL accessed, cookie information, the date and time of your request, and other information that may uniquely identify you and may also be considered as part of your Personal Information.
In addition, we may use third party services such as Google Analytics and HotJar (discussed further below) that collect, monitor and analyse this data.
We do not Collect Sensitive Information
Sensitive information includes information or opinions about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
We do not in the ordinary course collect any sensitive information as this is not usually required for the provision of our services to you.
Our Use of Personal Information
We collect Personal Information mainly to provide our services to you, conduct statistical analysis, provide customer support or meet certain business requirements. We may also from time to time use it for marketing purposes to contact you with newsletters or promotional materials. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing at firstname.lastname@example.org.
We may also use Personal Information to track the use of our services and/or for other internal purposes, such as evaluating and improving the services.
We do not provide your Personal Information to third parties except to third party service providers with your knowledge and consent or as required by law.
You may withdraw your consent at any time by contacting us using our contact details below.
Sharing/Transferring Personal Information
Sharing of Personal Information may occur (i) if you have requested and/or agreed that the Personal Information will be provided to third parties; or (ii) if the disclosure is required by law; or (iii) if it is transferred for the performance of a contract between you and Spotzer; or (iv) the transfer is necessary in order to protect the vital interests of the data subject; or (v) the transfer is necessary or legally required on important public interest grounds, or for the establishment, exercise, or defense of legal claims; or (vi) if the transfer is for the purposes of the legitimate interests pursued by Spotzer or by the relevant third party.
In the event that Spotzer sells, assigns or transfers some or all of its business or assets to a successor or acquirer, or if Spotzer is acquired by or merges with a third party, or if Spotzer files for bankruptcy or becomes insolvent, Spotzer may disclose, sell, assign or transfer all of your Personal Information as part of the transaction.
Disclosure of Personal Information to Third Parties
Your Personal Information may be disclosed in a number of circumstances including the following:
- Third parties where you consent to the use or disclosure for fulfillment of our services to you; and
- where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so, or where required or authorised by law.
Recipients of your data may include third-party service providers selected by you for inclusion in a product or service that you request from us or a regulator or to otherwise comply with the law. Where we do so, we will require third parties to respect the security of your data and to treat it in accordance with the law.
Where you select third party providers as part of the product or services you request from us, please note that you will be bound by their end user terms including their use of sub-processors, whether located within or outside of the EU. It is your choice whether you wish to use such third-party services and you consent to processing of your information by sub-processors located outside of the EU.
Data from Third Parties
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case, we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party. Such Third Parties used by us include (but are not limited to):
You may adjust the settings in your browser software to prevent Cookies from being saved; however, if you do so, you may not be able to benefit from the full functionality of Our Website. You can also prevent the data generated by the Cookie relating to your use of Our Website (including your IP address) from being recorded and processed by Google by downloading and installing the browser plugin that is available by following this link: https://tools.google.com/dlpage/gaoptout.
HotJar tracks usage and behavior on a website. General information about HotJar’s use of your information is as follows:
- Site visitors are assigned a unique user identifier, UUID, so that Hotjar can keep track of returning visitors without relying on any personal information, such as the IP address.
- IP addresses of visitors are always suppressed before being stored using Hotjar’s core feature set. HotJar sets the last octet of IPv4 addresses, all connections to Hotjar are made via IPv4, to 0 to ensure the full IP address is never written to disk. For example, if a visitor’s IP address is 22.214.171.124, it will be stored as 126.96.36.199. The first three octets of the IP address are only used to determine the geographic location of the visitor.
- When collecting data with recordings, Hotjar automatically suppresses keystroke data on all input fields. In all cases, the data is suppressed client-side, the visitor’s browser, which means it never reaches our servers.
Data collection and transmission
- Firewalls are in place exposing only the necessary ports through the internet and between different servers. Intrusion protection system (IPS) software is in place as a second layer of security, which will block access as soon as any suspicious login activity is detected.
- Hotjar transmits data from your browser to our system using HTTPS.
- Protocols and ciphers suite are used to encrypt data in transit.
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of Personal Information, we have put in place physical, electronic, and managerial procedures to safeguard and secure the information we collect online. However, we cannot guarantee the security of your data, which may be compromised by unauthorized entry or use of the Website.
We implemented and will maintain and follow appropriate technical and organizational measures intended to protect information that we collect against accidental, unauthorized or unlawful access, disclosure, alteration, loss, or destruction.
Security Incident Notification
If we become aware of any unlawful access to any information we stored, or unauthorized access to it, resulting in loss, disclosure, or alteration of the information, we will promptly (1) notify you of this security incident; (2) investigate this security incident and provide you with detailed information about the security incident; and (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the security incident.
Notification(s) of any security incident will be delivered to you by any means we select, including via email. Our obligation to report or respond to such security incident is not an acknowledgement by us of any fault or liability with respect to a security incident.
You must notify us promptly about any possible misuse of your accounts or authentication credentials or any security incident related to the services that we provide to you.
Protecting the privacy of the very young is especially important. For that reason, our services are not directed towards and may not be used by persons under 16, and no part of our website is structured to attract anyone under 16.
Links to other sites
Retention/Deletion of Personal Information
How You Can Access or Correct Your Information
In certain circumstances, you have rights in relation to the Personal Information we process about you. The table below sets out an outline of those rights and how to exercise them:
Please note that we will require you to verify your identity before responding to any requests to exercise your rights. To exercise any of your rights, please email email@example.com. Please note that for each of the rights below, we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.
You have the right to know whether we process Personal Information about you, and if we do, to access Personal Information we hold about you and certain information about how we use it and who we share it with. You can request a copy of this Personal Information.
You have the right to receive a subset of the Personal Information you provide us in a structured, commonly used and machine-readable format and a right to request that we transfer such Personal Information to another party if we process it on the bases of (i) our contract with you or (ii) with your consent and when the processing is carried out by automated means.
If you believe that the Personal Information we hold about you is inaccurate or incomplete, you have the right to request its correction or modification.
You may request that we erase the Personal Information we hold about you in the following circumstances: (i) where you believe it is no longer necessary for us to hold the Personal Information, (ii) we process it on the basis of your consent and you wish to withdraw your consent, (iii) we process your Personal Information on the basis of Spotzer’s legitimate interest and you object to such processing, (iv) you no longer wish us to use your Personal Information to send you marketing or (v) you believe that Spotzer is unlawfully processing your Personal Information.
|Restriction of Processing|
You have a right to require us to restrict processing of the Personal Information we hold about you in the following circumstances: (i) if you dispute the accuracy of your Personal Information, (ii) if the processing is unlawful and you object to its deletion, (iii) if you believe that we no longer need your Personal Information but that it is still necessary for you to establish, exercise or defend your legal rights or, (iv) if you have objected to our processing of Personal Information we hold about you.
You have the right to object to the processing of the Personal Information we hold about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such Personal Information or we need to process it in relation to legal claims.
Additional Terms re Processing
For this section, the following are important definitions:
- “GDPR” means the European Union General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
- “Personal Information” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
For the services provided by Spotzer, Spotzer is a data processor acting on your behalf. As data processor, Spotzer will only act upon your instructions.
Spotzer shall not engage another processor without your prior specific or general written authorization. In the case of general written authorization, Spotzer shall inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes.
Processing by Spotzer shall be governed by the GDPR terms in the EU. The subject matter and duration of the processing, the nature and purpose of the processing, the type of Personal Information, the categories of data subjects and your rights are set forth in your agreement, including these GDPR terms. In particular, Spotzer shall:
(a) process the Personal Information only on documented instructions from you (if you are “Controller” according to the GDPR), including with regard to transfers of Personal Information to a third country or an international organization, unless required to do so by Union law to which Spotzer is subject; in such a case, Spotzer shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
(b) ensure that persons authorized to process the Personal Information have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
(c) take all measures required pursuant to Article 32 of the GDPR;
(d) ensure compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Spotzer;
(g) at your choice, delete or return all the Personal Information to you after the end of the provision of services relating to processing, and delete existing copies unless Union law requires storage of the Personal Information;
(h) make available to you all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR.
Spotzer shall immediately inform you if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Spotzer shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(a) the pseudonymisation and encryption of Personal Information;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information transmitted, stored or otherwise processed.
Spotzer shall take steps to ensure that any natural person acting under the authority of Spotzer who has access to Personal Information does not process them except on instructions from Spotzer, unless he or she is required to do so by Union law.
Spotzer shall notify you without undue delay after becoming aware of a Personal Information breach.
Lawful Bases for Processing
We will only collect and process Personal Information about you where we have one of the following 6 lawful bases:
(i) Consent (where you have given consent), (ii) contract (where processing is necessary for the performance of a contract with you (e.g. to deliver the services you have requested), (iii) legal obligation (to comply with a common law or statutory obligation), (iv) vital interest (to protect someone’s life), (v) public task (to perform a specific task in the public interest that is set out in law) and (vi) for legitimate interests.
Where we rely on your consent to process Personal Information, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. This consent may be withdrawn by you at any time (with effect for the future) by notifying us in writing. You do not need to provide us with a reason for your decision however you should bear in mind that this may affect our ability to provide our services to you.
If you have any questions about the lawful bases upon which we collect and use your Personal Information, please contact us (contact information provided below).
Transfer of Personal Information to Third Countries
We may transfer your Personal Information to third parties located at destinations outside the European Economic Area. The data protection and privacy laws of the jurisdictions to which the Personal Information will be transferred may not be as comprehensive as those in the European Union (if applicable to you); in which case New Stream will take measures to ensure a similar level of protection is provided to your Personal Information according to one of the following safeguards:
(a) Personal Information is transferred to countries that the European Commission has identified as the countries ensuring an adequate level of protection of Personal Information;
(b) In the case of recipients based in the United States of America, we may transfer Personal Information if recipients participate in the Privacy Shield program, which aims at ensuring the same level of protection of Personal Information as that applicable in Europe;
(c) We apply relevant standard contractual clauses approved by the European Commission or we rely on binding corporate rules which guarantee the security of your data.
Your Acceptance of this Policy
How To Contact Us
Should you have other questions or concerns about these privacy policies and if you believe that we are not adhering to our privacy or security commitments, please send us an email at firstname.lastname@example.org.
Last Updated: January 30, 2020.