GDPR Readiness

Overview

Privacy is very important to us, and we are committed to safeguarding it. This Privacy Policy explains what we will do with your personal information. This privacy policy applies to all personal information gathered by Spatial Networks, Inc., a Delaware corporation, (“we,” “us,” “our,” etc.) from its users (“you,” “your,” etc.) through its websites, applications, services and/or software (collectively, the “Service”).

Purpose and effect

Your use of the Service is voluntary. We must obtain personal information about you in order to provide you with certain features of the Service. By using the Service or requesting that we provide the Service to you, you are agreeing to disclose certain of your personal information to us and you are authorizing us to use and disclose your personal information pursuant to the provisions of this Privacy Policy.

Your personal information

Prior to your use of the Service, we may request certain personal information about yourself, including, but not limited to, your: (i) first name and last name; (ii) email address; (iii) mailing address; (iv) telephone number(s); (v) organization information; and (vi) credit card information. Such personal information is considered “Personal Data,” which means information that can directly or indirectly identify you as a natural person. There are two types of Personal Data we may collect, including “regular data” and “special categories of personal data.” Regular data may include your name, address, email address, photo, IP address, geographical location data, online behavior (cookies), profiling and analytics data. Special categories of personal data would include race, religion, political opinions, trade union membership, sexual orientation, health information, biometric data, and genetic data. Not all such personal data is collected by us.

Additional information, which may not identify you (as described below) and other Personal Data may include: browser type and version, operating system, information about your visits to and use of the Service including the referral source, length of visit, page views, and website navigation paths; email address, profile information that you voluntarily provide to us, including, e.g. profile pictures, gender, birthday, relationship status, interests and hobbies, educational details, employment details, and credit card information. Information may also include your click history, the times and dates at which you access the Service, the particular portions of the Service you use, and the details of transactions you conduct using the Service.

Personal Data may be collected and/or used by us as a “Controller” as such term is defined in the European Union General Data Protection Regulation (“GDPR”), or our “Processor” designee, which is also defined within the GDPR. A “Controller” is a person or entity that determines the purposes and means of the processing of personal data. As such, we will endeavor to implement appropriate technical and organizational measures to ensure that such processing activities, if any, protect your privacy. A “Processor” stores or maintains data on behalf of a Controller, but does not decide which items of personal data are going to be stored, or how that data is used.

Whether as a Controller or Processor, we will adhere to the following data protection (privacy) principles. Personal Data will be processed lawfully, fairly and transparently. Upon request, we will be clear and transparent about how your personal data is going to be processed, by whom and why. Personal Data will be collected only for specific legitimate purposes, and it will be relevant and limited to that which is necessary. Provided that you communicate to us updated information, we will keep your Personal Data accurate and up to date. We will only store it for so long as is necessary, and we will ensure appropriate security, integrity and confidentiality against unauthorized processing and against accidental loss, destruction or damage.

In the event of any data breach, you will be notified without undue delay and, in no event, later than 72 hours of our discovery of any such breach, including whether we believe there is any risk to your rights and freedoms (e.g., identity theft and personal safety). There is an exception where the data breach is unlikely to result in any harm to you. In the event of a breach, you will be notified of: (1) a description of the data breach, including the number of data subjects affected and the categories of data affected; (2) the name and contact details of our privacy personnel; (3) the likely consequences of the data breach; and (4) any measures taken to remedy or mitigate the breach. We may be exempt if the risk of harm is remote because the affected data are protected (e.g., through strong encryption), we have taken measures to protect against the harm (e.g., suspending affected accounts), or the notification requires disproportionate effort (in which case a public notice of the breach is required). We will keep records of all data breaches, including the facts and effect of the breach and remedial action taken. Credit card information is used solely for billing purposes, and is encrypted and transmitted securely via HTTPS to Stripe (our payment processing provider) for processing. More information on Stripe security is available here. Your credit card information is never stored on the Service’s systems anywhere.

We may also record information about your use of the Service, such as your local internet address.

Your personal information remains your property at all times, subject to the permissive uses granted hereunder.

How we use your personal information

Personal information, i.e. Personal Data, submitted to us through our app or website will be used for the purposes specified in this policy. We may use your personal information for the following:
administering our website, application and business;
personalizing our website tools and/or databases for you;
enabling your use of the Service;
sending you software or software tools purchased through our app or website;
supplying the Service to you;
sending statements, invoices, and payment reminders to you, and collecting payments from you;
sending you non-marketing communications;
sending you email notifications that you have specifically requested;
providing third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information);
providing information to our Processor;
dealing with inquiries and complaints made by or about you relating to the Service;
keeping our app and website secure and to prevent fraud;
verifying compliance with the terms and conditions governing the use of the Service; and
other uses, which may be added hereto.

If you submit Personal Data for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.

We will not, without your express consent, supply your Personal Data to any third party (other than our Processor) for their or any other third party’s direct marketing.

Consent

By indicating your acceptance of this Privacy Policy, you hereby accept the terms contained herein. Your acceptance indicates that you acknowledge that your consent to use your Personal Data for the purposes identified herein is freely given (“Consent”). Should you feel that this consent is in any way unclear or ambiguous, please contact our privacy personnel at the following address with any questions prior to your accepting the privacy policy: [email protected]. You further understand that use of the Service is expressly conditioned on your consent to the processing activities described herein.

IN ACCORDANCE WITH THE ABOVE STATEMENT, YOU HEREBY ACKNOWLEDGE, UNDERSTAND AND AGREE THAT, BY REGISTERING AN ACCOUNT WITH THE SERVICE, YOU EXPRESSLY CONSENT TO THE USE OF YOUR PERSONAL DATA FOR THE PURPOSES DESCRIBED ABOVE.

Consent may be refused by declining to affirmatively acknowledge this Privacy Policy or foregoing use of the Service.

Consent Withdrawal

Consent to this Privacy Policy may be withdrawn at any time by providing written notice to our privacy personnel at [email protected].

Storage, Objection, Correction, Erasure, Information

Personal Data will be stored in the cloud by our Processor. Personal Data will be stored in a manner that ensures appropriate security, integrity and confidentiality and secured against unauthorized processing, accidental loss, destruction or damage. We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your Personal Data. We will store the Personal Data you provide on our secure (password and firewall-protected) servers. All electronic financial transactions entered into through our app or website will be protected by encryption technology. You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping the password you use for accessing our app or website confidential; we will not ask you for your password (except when you log in to our website).

Personal Data will be stored in a format that allows for easy portability. Portability means the Personal Data will be stored in a manner that allows you to obtain and reuse your Personal Data for your own purpose by transferring it to a different environment. Upon your written request, you will be provided with the ability to access your Personal Data to verify its accuracy, download it in an easily-portable format or request a copy of your Personal Data being processed.

Personal Data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

You further have the right to object in writing to the processing of your Personal Data. In such case, the Personal Data will not be processed, unless we demonstrate compelling and legitimate grounds for the processing that override your interests, rights and freedoms, or we require the data to establish, exercise or defend legal rights. You further have the right to object to the processing of your Personal Data for the purpose of direct marketing, including profiling. Where Personal Data are processed for scientific and historical research purposes or statistical purposes, you have the right to object, unless the processing is necessary for the performance of a task carried out for reasons of public interest. If you object to the processing of your Personal Data, you agree to the termination of your access to the Service in the event that we determine, in our sole discretion, that we are unable to provide the Service due to your objection to the processing of your Personal Data. This objection right is given free of charge, although we may charge a reasonable fee for repetitive requests, manifestly unfounded or excessive requests for additional copies of information you request.

Upon termination of the Service for any reason, and upon your written request, your Personal Data may be erased. Additionally, you have the right at any time to demand that inaccurate or incomplete Personal Data are erased or rectified. You have the right of erasure if:
data are no longer needed for the original purpose and no new purpose exists;
the lawful basis for the processing is your consent, you withdraw that consent, and no other lawful ground exists;
you exercise your right to object and we have no overriding grounds for continuing the processing;
the data have been processed unlawfully; or
erasure is necessary for compliance with EU law or the law of a country bound by the terms of the GDPR.
You have the right to obtain the following information:
confirmation of whether, and where, we are processing your Personal Data;
information about the purposes of the processing;
information about the categories of data being processed;
information about the categories of recipients with whom the data may be shared;
information about the period for which the data will be stored (or the criteria used to determine that period);
where the data were not collected from you, information as to the source of the data; and
information about the existence of, and an explanation of the logic involved in, any automated processing that has a significant effect on you.
Upon your request for any of the above-referenced information, we will, within one month of receiving your written request, provide such requested information. In the event we fail to meet this deadline, you may complain to the governing Data Protection Authority and may seek a judicial remedy. In the event we receive a large number of requests, or complex requests, the time limit may be extended by a maximum of two additional months. You also have the right to bring a claim directly against the Processor, although the Processor is liable for the damage caused by its processing activities only where it has: (1) not complied with obligations under the GDPR that are specifically directed to processors; or (2) acted outside or contrary to lawful instructions of the Controller.

We will not refuse to give effect to your rights unless we cannot identify you through the use of reasonable efforts to verify your identity. Where we have reasonable doubts as to your identity, we may request the provision of additional information to confirm your identity.

You may restrict processing of your Personal Data, meaning the Data may only be held by us, and may only be used for limited purposes, if the accuracy of data is contested (and only for as long as it takes to verify accuracy), the processing is unlawful and you request restriction (as opposed to exercising the right to erasure), we no longer need the Data for their original purpose but the Data are still required by us to establish, exercise or defend legal rights; or verification of overriding grounds is pending in the context of an erasure request.

Disclosing your Personal Data

We may disclose your Personal Data to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors, subsidiaries or parent companies as reasonably necessary for the purposes set out in this Policy. We may disclose your personal information:
to the extent that we are required to do so by law;
in connection with any ongoing or prospective legal proceedings;
to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that Personal Data where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Except as provided in this Policy, we will not provide your Personal Data to third parties.

International data transfers

Information that we collect may be stored, processed in, and transferred between any of the Information that we collect may be stored, processed in, and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy. Information that we collect may be transferred to the following countries, which do not have data protection laws equivalent to those in force in the European Economic Area: the United States of America. Personal information that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.

You expressly agree to the transfers of personal information described in this Section.

How we use information that is not personally identifiable

We analyze traffic to our sites in various ways, including using Google Analytics. By visiting the Site or using the Service, you are agreeing to the terms of the Google Privacy Policy that apply to Google Analytics. We are not responsible for any changes made to the Google Privacy Policy or of advising you of such changes. We use this information to generate statistics and to measure activity to improve the Service. We reserve the right to change analytical service providers at any time without notice.

We do collect IP addresses of devices accessing the Service in our server logs, as well as information like internet domains, the date and time of a visit, and the pages accessed on the Service. This information is used solely for diagnostic and analytical purposes in order to improve the Service.

As you browse fulcrumapp.com, cookies can be placed on your computer so that we can understand what you are interested in. Our display advertising partners, AdRoll and Google, then enable us to present you with retargeting advertising on other sites based on your previous interaction. The techniques our partners employ do not collect personal information such as your name, email address, postal address, or telephone number. You can visit this page to opt out of AdRoll’s and their partners’ targeted advertising.

Cookies Policy

Spatial Networks, Inc. (“us”, “we”, or “our”) uses cookies on the https://www.fulcrumapp.com/ website and the Fulcrum mobile application (the “Service”). By using the Service, you consent to the use of cookies.

Our Cookies Policy explains what cookies are, how we use cookies, how third-parties we may partner with may use cookies on the Service, your choices regarding cookies and further information about cookies.

What are cookies?

Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognize you and make your next visit easier and the Service more useful to you.

Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

How we use cookies

When you use and access the Service, we may place a number of cookies files in your web browser. By continuing to visit or use the service, you are agreeing to the use of cookies and similar technologies for the purposes described in this policy.

We use cookies for the following purposes:
To enable certain functions of the Service
To conduct analytics on how you use the service
To store your preferences
We use both session and persistent cookies on the Service and we use different types of cookies to run the Service:
Essential cookies. We may use cookies to remember information that changes the way the Service behaves or looks, such as a user’s language preference on the Service.

Accounts-related cookies. We may use accounts-related cookies to authenticate users and prevent fraudulent use of user accounts. We may use these cookies to remember information that changes the way the Service behaves or looks, such as the “remember me” functionality.
Analytics cookies. We may use analytics cookies to track information on how the Service is used so that we can make improvements. We may also use analytics cookies to test new advertisements, pages, features or new functionality of the Service to see how our users react to them.

Third party cookies

In addition to our own cookies, we may also use various third-parties cookies to report usage statistics of the Service, deliver advertisements on and through the Service, and so on. Third party cookies may include but are not limited to Google Ads, Facebook, LinkedIn, and Twitter.

What are your choices regarding cookies?

If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.

Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
For the Chrome web browser, please visit this page from Google: https://support.google.com/accounts/answer/32050
For the Internet Explorer web browser, please visit this page from Microsoft: http://support.microsoft.com/kb/278835
For the Firefox web browser, please visit this page from Mozilla: https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
For the Safari web browser, please visit this page from Apple: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
For any other web browser, please visit your web browser’s official web pages.

Opt-out procedure

To opt-out of all further contact initiated by us, and to forestall our further use or disclosure of your personal information, email us any time. Opting out of all communication in this manner means that you must discontinue all use of the Service.

Privacy Shield

Spatial Networks, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, Spatial Networks, Inc. commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Spatial Networks, Inc. at: [email protected].

Spatial Networks, Inc. has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in San Francisco, California, United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/about/submit-a-case for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Spatial Networks, Inc. commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.

As part of operating its services, Spatial Networks, Inc. discloses personal information to the following agents:Spatial Networks Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.

Amazon Web Services for the purposes of storage and backup.
Salesforce.com, Inc. for the purposes of account and customer

relationship management.
Individuals have the right to access their personal data, which may be stored on Spatial Networks, Inc. systems.

Except for the agents listed above, Spatial Networks, Inc. does not disclose any personal data provided by our users to any other users or entities. Some personal data is required to operate a Fulcrum account. Users may cancel their account to remove this data. Any personal data collected by users will be removed by Spatial Networks, Inc. upon written request of the user or the data subject.

Spatial Networks, Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Under certain conditions, a user or data subject may invoke binding arbitration regarding personal data stored by Spatial Networks, Inc

Spatial Networks, Inc is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Spatial Networks, Inc. remains liable under the Privacy Shield Principles if an agent processes Personal Data covered by this Policy in a manner inconsistent with the Principles, except where Spatial Networks is not responsible for the event giving rise to the damage.