- When you use our SaaS (the “Spotinst Platform”) for cloud infrastructure management and optimization (“Services“);
- When you use and access our website, available at: https://spot.io (the “Site“);
- When you make use of, or interact with, our Site, including:
- When you create an account, purchase a product and/or Services;
- When you request a free trial;
- When you subscribe to the email list or newsletters;
- When we process your job application; and
- When you contact us (e.g. customer support, help, submit a request).
- When we receive your Personal Data from third-party sources;
- When you attend a marketing event and provide Personal Data;
- When we use the Personal Data of our service providers and suppliers; and
- When we use the Personal Data of our customers.
A User may be either: (i) an entity which executed an agreement with Spotinst or with Spotinst resellers or distributors, who provide our Services (“Customer”), or (ii) our Customer’s users of the Services or visitors of the Site (“End User(s)”, and collectively with Customers, “User(s)” or “you“).
We greatly respect the privacy of our Users and are committed to protect the Personal Data our Users share with us. We believe that you have a right to know our practices regarding the Personal Data and other information we collect and use, when you use our Site and our Services. “Personal Data” means any information that can be used, alone or together with other data, to uniquely identify any living human being.
Table of contents:
- What Personal Data We Collect and Why We Collect It
- How We Share Your Personal Data
- How Do We Protect Your Information
- Data Retention
- Additional Information Regarding Transfers Of Personal Data
- Job Applications
- General And Individual End User’s Rights
- California Privacy Rights
- Analytics Tools
- Questions, Contact Information And Complaints
- WHAT INFORMATION WE COLLECT AND WHY WE COLLECT IT
|Data we collect||Why is the data collected and for what purposes?||Legal basis (GDPR only)||Third parties with whom we share your Personal Data||Consequences of not providing the Personal Data|
|When you browse or visit our Site|
|Analytical and Marketing Cookies – see link in Section 4 below.||This allows us to recognize and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our website works||Consent||Google Analytics
|We will not be able to improve the way our Site works.|
|Functional cookies and Essential cookies and log data see – Section link in Section 4 below.||
||Our legitimate interests||Zendesk
|Cannot collect and store your information
Cannot use or access some parts of the Site
|When you create an account (or use it thereafter), or request a free trial|
||It is either: (i) necessary to provide our Services to you, or (ii) following a User’s request, prior to entering into an agreement with us.||Salesforce
|Cannot create an account
Cannot perform and/or execute the Services
Cannot provide a free trial
|When you sign up for contact purposes|
||Our legitimate interests||Salesforce
|Cannot provide you
||Consent (where applicable)|
|When you contact us (e.g. customer support, help, or submit a public post on our Site)|
|First and last name
Any other Personal Data you choose to provide us in connection with your enquiry.
||It is necessary to provide our Services to you.||Zendesk
|Cannot assist you and respond to your query|
|When we receive your Personal Data from third-party sources (such as our business partners)|
||Our legitimate interests||Salesforce
|Cannot engage you for business development reasons or send you marketing communications.|
|When you attend a marketing event and provide Personal Data (for example by exchanging business cards with us)|
|Cannot participate in events and we cannot send you marketing communications.|
|When we use the Personal Data of our service providers and suppliers|
||our legitimate interests||Netsuite||We won’t be able to communicate with our services providers.|
|When we use the Personal Data of our customers|
|Account information, including User’s full name and Email.
Billing and account information for credit cards, payment cards or other payment systems.
|Cannot provide the Services and/or our Platform
Cannot communicate with you
- HOW WE SHARE YOUR PERSONAL DATA
- If Spotinst or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its Customers will be one of the transferred assets (subject to applicable law).
- If we are under a duty to disclose or share your Personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of supply terms and other agreements with you; or to protect the rights, property, or safety of Spotinst, our Customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
- to protect the rights, property, or personal safety of Spotinst, its Users, or the general public if Spotinst has a good faith belief that the law requires us to do so, with or without notice.
- HOW DO WE PROTECT YOUR INFORMATION?
We take a great care in implementing, enforcing and maintaining the security of the Service, Site and our Users’ Personal Data. Spotinst is Soc 2 type II certified. All Personal Data is stored with logical separation from information of other customers. Spotinst implements, enforces and maintains security policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of personal data and monitor compliance of such policies on an ongoing basis. However, we do not guarantee that unauthorized access will never occur.
Spotinst maintains documentation regarding compliance with the requirements of the law, including without limitation documentation of any known breaches and holds reasonable insurance policies in connection with data security. For more information see our Security Policy, available at: https://spot.io/security-policy (the “Security Policy”).
- DATA RETENTION
In some circumstances we may store your Personal Data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. However, Spotinst does not store or retain credit card or payment card numbers after they have been forwarded to its billing and payment processor(s), unless it is necessary for providing the Spotinst Platform.
Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. Spotinst shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of Spotinst trade secrets. Customer’s personnel shall be required to execute some non-disclosure agreements. Unless agreed otherwise with the Customer, this policy shall govern the retention operation of Spotinst. Spotinst will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements.
- ADDITIONAL INFORMATION REGARDING TRANSFERS OF PERSONAL DATA
- Data Hosting
- For Users of the Site: The Data we collect from you is hosted on servers located in the US and EU and Israel. Data we collect from you may be transferred to, and stored at, a destination outside of your jurisdiction that may not be subject to equivalent Data protection laws.
- For Users of the Services: The information we collect about you is hosted on servers located in the US and EU and Israel.
- Intra-Group Transfers
- The main offices of Spotinst have their headquarters in Israel. Please be aware that information you provide to us or we obtain as a result of your use of the Site or the Spotinst Platform, may be processed and transferred to other countries and be subject to applicable law.
- This information may also be processed by staff working for us or for one of our suppliers. The privacy and data protection laws in Israel may not be equivalent to such laws in your country of residence. By using our Site or the Spotinst Platform, or by providing us with your information, you consent to this collection, transfer, storage, and processing of information to and in Israel.
- We do however ensure transfers within the Spotinst group will be covered by an agreement entered into by members of the Spotinst group (an intra-group agreement) which contractually obliges each member to ensure that Personal Data receives an adequate and consistent level of protection wherever it is transferred to.
- Outbound Transfers
- Where we transfer your Personal Data outside of Spotinst, for example to third parties who help provide our products and services, we will obtain contractual commitments from them to protect your Personal Data. Some of these assurances are well recognized certification schemes like the EU – US Privacy Shield for the protection of Personal Data transferred from within the EU to the United States.
- Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any Personal Data is disclosed.
- JOB APPLICATIONS
We may collect information (including Personal Data) provided to us by job candidates (“Applicants”), when they apply to a position in our super great company. Spotinst welcomes all qualified Applicants to apply to any of the open positions by sending us their contact details and CV (“Applicants Information”). Applicants Information will be maintained, processed and stored in Israel, US and in the applied position’s location(s), and as necessary, in secured cloud storage provided by our third party service providers (as described in Section 1 above).
We are committed to keep Applicants Information private and use it solely for our internal recruitment purposes (including for identifying Applicants, evaluating their applications, making hiring and employment decisions, background checks on Applicants (where permitted under applicable law) and contacting Applicants by phone or in writing).
Please note that Spotinst may retain Applicants Information submitted to it even after the applied position has been filled or closed for no more than 12 months thereafter so we can re-consider Applicants for other positions and opportunities and in case the Applicant is hired, for additional employment and business purposes related to his/her work.
If you previously submitted your Applicants Information to Spotinst, and now wish to have it deleted, amended or in your possession, please contact us via the company website. We will be happy to assist in any manner.
- GENERAL AND INDIVIDUAL END USER’S RIGHTS
The following rights (which may be subject to certain exemptions or derogations), shall apply to Users who are protected by the GDPR. Please note that some of these rights may also apply under other jurisdictions as well:
- You have a right to access information held about you. Your right of access can normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
- You have the right to request that we amend any Personal Data we hold that it is inaccurate or misleading.
- You have the right to request the erasure of the Personal Data that relates to you, If you submit a valid deletion request, as soon as reasonably practicable, and within a maximum of 60 days. Please note that there may be circumstances in which we are required to retain your data, for example for the establishment, exercise or defense of legal claims;
- The right to object to or to request restriction of the processing. However, there may be circumstances in which we are legally entitled to refuse your request;
- The right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
- You have the right to object to profiling;
- You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority.
- The right to withdraw your consent. Please note that there may be circumstances in which we are entitled to continue processing your Personal Data, in particular if the processing is required to meet our legal and regulatory obligations.
- You also have a right to request details of the basis on which your Personal Data is transferred outside the European Economic Area, but you acknowledge that data transfer agreements may need to be partially redacted for reasons of commercial confidentiality.
You can exercise your rights by contacting us at email@example.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfil your request. When processing your request, we may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
Please note that Spotinst may also process Personal Data of an End User on behalf of its Customers (who would be considered the Data Controller, as applicable), when the Customer is under the requirement to obtain consent from an End User, or when there is another basis for doing so under applicable law. Customers who cause Spotinst to process Personal Data of an End User are obligated to hold all appropriate consents (if applicable) and may only utilize the Services pursuant to applicable law. Spotinst supports End Users’ rights to retrieve any information retained on its servers which relates to such End User.
- CALIFORNIA PRIVACY RIGHTS
- California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org. Please note that we are only required to respond to one request per customer each year.
- California Do Not Track Notice. We do not track consumers over time and across third party websites and therefore do not respond to Do Not Track signals. We do not allow third parties to collect Personal Data about an individual consumer’s online activities over time and across different web sites when a consumer uses the Services.
- ANALYTIC TOOLS
We utilize certain analytics tools, such as:
- QUESTIONS, CONTACT INFORMATION AND COMPLAINTS
E.U. citizens have the right to lodge a complaint with a supervisory authority (Data Protection Authority in your jurisdiction) in case of a breach of any E.U. data protection and privacy regulations. If the supervisory authority fails to deal with a complaint or inform you within the time frame set under applicable law, you have the right to an effective judicial remedy.
Please do not hesitate to contact us via the “contact us” section in the Site.
Last updated: July 2019