SPOTZER MEDIA GROUP B.V.
Your privacy is important to us. This policy outlines our ongoing commitment to protecting your privacy by providing details on how we manage your information and the choices available to you about the way this information is collected and used.
What Information do we collect and why?
In order to provide our services to you, we may collect the following types of information:
When you use Our Website, one or more Cookies may be sent and stored on your computer. These Cookies are used to save certain preferences on Our Website and identify you on future visits. You can instruct your browser to limit or prohibit the storage of Cookies on your computer when accessing Our Website however doing so may affect the usability of the website services.
In addition, we may use third party services such as Google Analytics and HotJar (discussed further below) that collect, monitor and analyse this data.
We do not Collect Sensitive Information
Sensitive information includes information or opinions about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
We do not in the ordinary course collect any sensitive information as this is not usually required for the provision of our services to you.
Our Use of Personal Information
We collect Personal Information mainly to provide our services to you, conduct statistical analysis, provide customer support or meet certain business requirements. We may also from time to time use it for marketing purposes to contact you with newsletters or promotional materials. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing at firstname.lastname@example.org.
We may also use Personal Information to track the use of our services and/or for other internal purposes, such as evaluating and improving the services.
We do not provide your Personal Information to third parties except to third party service providers with your knowledge and consent or as required by law.
You may withdraw your consent at any time by contacting us using our contact details below.
Sharing/Transferring Personal Information
Sharing of Personal Information may occur (i) if you have requested and/or agreed that the Personal Information will be provided to third parties; or (ii) if the disclosure is required by law; or (iii) if it is transferred for the performance of a contract between you and Spotzer; or (iv) the transfer is necessary in order to protect the vital interests of the data subject; or (v) the transfer is necessary or legally required on important public interest grounds, or for the establishment, exercise, or defense of legal claims; or (vi) if the transfer is for the purposes of the legitimate interests pursued by Spotzer or by the relevant third party.
In the event that Spotzer sells, assigns or transfers some or all of its business or assets to a successor or acquirer, or if Spotzer is acquired by or merges with a third party, or if Spotzer files for bankruptcy or becomes insolvent, Spotzer may disclose, sell, assign or transfer all of your Personal Information as part of the transaction.
Disclosure of Personal Information to Third Parties
Your Personal Information may be disclosed in a number of circumstances including the following:
Recipients of your data may include third-party service providers selected by you for inclusion in a product or service that you request from us or a regulator or to otherwise comply with the law. Where we do so, we will require third parties to respect the security of your data and to treat it in accordance with the law.
Where you select third party providers as part of the product or services you request from us, please note that you will be bound by their end user terms including their use of sub-processors, whether located within or outside of the EU. It is your choice whether you wish to use such third-party services and you consent to processing of your information by sub-processors located outside of the EU.
Data from Third Parties
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case, we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party. Such Third Parties used by us include (but are not limited to):
You may adjust the settings in your browser software to prevent Cookies from being saved; however, if you do so, you may not be able to benefit from the full functionality of Our Website. You can also prevent the data generated by the Cookie relating to your use of Our Website (including your IP address) from being recorded and processed by Google by downloading and installing the browser plugin that is available by following this link: https://tools.google.com/dlpage/gaoptout.
HotJar tracks usage and behavior on a website. General information about HotJar’s use of your information is as follows:
Data collection and transmission
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of Personal Information, we have put in place physical, electronic, and managerial procedures to safeguard and secure the information we collect online. However, we cannot guarantee the security of your data, which may be compromised by unauthorized entry or use of the Website.
We implemented and will maintain and follow appropriate technical and organizational measures intended to protect information that we collect against accidental, unauthorized or unlawful access, disclosure, alteration, loss, or destruction.
Security Incident Notification
If we become aware of any unlawful access to any information we stored, or unauthorized access to it, resulting in loss, disclosure, or alteration of the information, we will promptly (1) notify you of this security incident; (2) investigate this security incident and provide you with detailed information about the security incident; and (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the security incident.
Notification(s) of any security incident will be delivered to you by any means we select, including via email. Our obligation to report or respond to such security incident is not an acknowledgement by us of any fault or liability with respect to a security incident.
You must notify us promptly about any possible misuse of your accounts or authentication credentials or any security incident related to the services that we provide to you.
Protecting the privacy of the very young is especially important. For that reason, our services are not directed towards and may not be used by persons under 16, and no part of our website is structured to attract anyone under 16.
Links to other sites
Retention/Deletion of Personal Information
How You Can Access or Correct Your Information
In certain circumstances, you have rights in relation to the Personal Information we process about you. The table below sets out an outline of those rights and how to exercise them:
Please note that we will require you to verify your identity before responding to any requests to exercise your rights. To exercise any of your rights, please email email@example.com. Please note that for each of the rights below, we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.
Additional Terms re Processing
For this section, the following are important definitions:
For the services provided by Spotzer, Spotzer is a data processor acting on your behalf. As data processor, Spotzer will only act upon your instructions.
Spotzer shall not engage another processor without your prior specific or general written authorization. In the case of general written authorization, Spotzer shall inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes.
Processing by Spotzer shall be governed by the GDPR terms in the EU. The subject matter and duration of the processing, the nature and purpose of the processing, the type of Personal Information, the categories of data subjects and your rights are set forth in your agreement, including these GDPR terms. In particular, Spotzer shall:
(a) process the Personal Information only on documented instructions from you (if you are “Controller” according to the GDPR), including with regard to transfers of Personal Information to a third country or an international organization, unless required to do so by Union law to which Spotzer is subject; in such a case, Spotzer shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
(b) ensure that persons authorized to process the Personal Information have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
(c) take all measures required pursuant to Article 32 of the GDPR;
(d) ensure compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Spotzer;
(g) at your choice, delete or return all the Personal Information to you after the end of the provision of services relating to processing, and delete existing copies unless Union law requires storage of the Personal Information;
(h) make available to you all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR.
Spotzer shall immediately inform you if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Spotzer shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(a) the pseudonymisation and encryption of Personal Information;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information transmitted, stored or otherwise processed.
Spotzer shall take steps to ensure that any natural person acting under the authority of Spotzer who has access to Personal Information does not process them except on instructions from Spotzer, unless he or she is required to do so by Union law.
Spotzer shall notify you without undue delay after becoming aware of a Personal Information breach.
Lawful Bases for Processing
We will only collect and process Personal Information about you where we have one of the following 6 lawful bases:
(i) Consent (where you have given consent), (ii) contract (where processing is necessary for the performance of a contract with you (e.g. to deliver the services you have requested), (iii) legal obligation (to comply with a common law or statutory obligation), (iv) vital interest (to protect someone’s life), (v) public task (to perform a specific task in the public interest that is set out in law) and (vi) for legitimate interests.
Where we rely on your consent to process Personal Information, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. This consent may be withdrawn by you at any time (with effect for the future) by notifying us in writing. You do not need to provide us with a reason for your decision however you should bear in mind that this may affect our ability to provide our services to you.
If you have any questions about the lawful bases upon which we collect and use your Personal Information, please contact us (contact information provided below).
Transfer of Personal Information to Third Countries
We may transfer your Personal Information to third parties located at destinations outside the European Economic Area. The data protection and privacy laws of the jurisdictions to which the Personal Information will be transferred may not be as comprehensive as those in the European Union (if applicable to you); in which case New Stream will take measures to ensure a similar level of protection is provided to your Personal Information according to one of the following safeguards:
(a) Personal Information is transferred to countries that the European Commission has identified as the countries ensuring an adequate level of protection of Personal Information;
(b) In the case of recipients based in the United States of America, we may transfer Personal Information if recipients participate in the Privacy Shield program, which aims at ensuring the same level of protection of Personal Information as that applicable in Europe;
(c) We apply relevant standard contractual clauses approved by the European Commission or we rely on binding corporate rules which guarantee the security of your data.
Your Acceptance of this Policy
How To Contact Us
Should you have other questions or concerns about these privacy policies and if you believe that we are not adhering to our privacy or security commitments, please send us an email at firstname.lastname@example.org.
Last Updated: January 30, 2020.