Last updated: April 23, 2019
This Privacy Statement applies to our service platform owned and operated by Spanning Cloud Apps, LLC (“Spanning”, “We”, “Our”, “Us”).. Spanning has created this privacy statement in order to demonstrate our commitment to customer privacy. Spanning, while primarily a data processor, is also considered a data controller in limited situations. We are a business-to-business service provider and our primary role is a data processor for our corporate customers. From time-to-time, we also receive personal information from individual corporate employees inquiring about our services on behalf of their employer. In this last instance, we are the data controller for that limited group. If you have questions or complaints regarding our privacy statement or practices, please contact us at firstname.lastname@example.org.
We are responsible for the processing of personal data received directly from individuals and indirectly through our corporate customers under the Privacy Shield Frameworks.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Spanning is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Spanning has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
Under certain conditions, more fully described on the Privacy Shield website, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration before a Privacy Shield Panel when other dispute resolution procedures have been exhausted.
RELATED TO OUR SERVICE:
In order to utilize our service, our corporate clients provide us information on their customers which includes their Google, Salesforce, or Office 365 account name, name, and email. Individuals contacting us on behalf of their employers provide contact information including name, company affiliation, and email address. Data subjects whose information is provided to us by our corporate customers may also provide credit card data as well as name, physical and email address. This information will not be distributed or shared with non-agents. We may use this information to contact individuals via email regarding new products, features, and offers. If we contact you by email with a promotional communication you will be able to Opt-Out by clicking the link in the email. However, you cannot Opt-Out of transactional emails.
Individuals use the Service to access data and information (“Data”) stored in Google, Salesforce and/or Office 365 applications. Spanning will not review, share, distribute, print, or reference any such Data except as may be required by law. Individual records may at times be viewed or accessed only for the purpose of resolving a problem or support issue, or as may be required by law.
Spanning may also collect our corporate customers and their data subjects, Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data that we store in log files. This information is logged to help diagnose technical problems and to administer our Service in order to constantly improve the quality of the Service. We do not link this automatically-collected data to other information we collect from our corporate clients.
The Spanning Backup for G Suite service requires multiple G Suite scopes to allow admins of Corporate Clients to manage Spanning licenses at the user or OU level as well as the backup and restoration of Gmail, Drive, Team Drives, Calendars, Contacts and Sites owned by individuals within their domain.
The Spanning Backup for Office 365 service requires multiple Microsoft scopes to allow admins of Corporate Clients to manage Spanning licenses as well as backup and restoration of mail, calendars, OneDrive and Sharepoint data owned by individuals within their tenant.
Our Service has security measures in place to help protect against the loss, misuse, and alteration of the Data under our control. Our Service uses OpenID, OAuth, and Secure Socket Layer (SSL) data encryption to help ensure that Data is safe, secure, and available only to either our corporate clients acting as a data controllers or individuals who have placed their data with us directly. Spanning hosts the Service in a secure server environment that uses firewalls and other technology to prevent interference or access from outside intruders. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of Data.
RELATED TO OUR WEBSITE:
Personal Information Collected
As stated earlier, in limited situations, Spanning is a data-controller when our website collects singular data subject personal information such as name, cookies, tags, scripts, your email, and comments if you post to our blog. This information is submitted, voluntarily, by individuals representing data-controlling clients or inquiring visitors to our website evaluating our products.
We will share limited personal data subject information with third parties only in the ways that are described in this privacy statement.
Technologies such as cookies, beacons, tags, and scripts are used by Spanning and our analytics or service providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
We use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your web browsing activity use LSOs such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs.
We may receive information about individual data subjects, that have entered limited personal information into our website, from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about inquiring data subjects. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to potential new and current clients. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
Links to Other Sites
Our website contains links to other sites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other sites.
We encourage you to be aware when you leave our site and to read the privacy statements of each and every website that collects personal information.
This privacy statement applies only to personal information collected by this website or provided to Spanning by our clients.
We display personal, individual testimonials of satisfied representative corporate client-customers on our site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at email@example.com.
In the limited data controller role, our website offers publicly accessible blogs or community forums. Visitors should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. Our role as a data processor is a separate function of the Spanning Backup product.
Social Media Widgets
Our website includes social media features, such as the Facebook Like button and widgets, such as the ShareThis button or interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy statement of the company providing it.
The security of your personal information is important to us. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using reasonable security.
We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. If you have any questions about security on our website, you can contact email@example.com.
RELATED TO DATA COLLECTED THROUGH OUR WEBSITE AND SERVICE:
Information Related to Data Collected for our Corporate Clients:
As a data processor, and within the operation of the Spanning Backup product, we collect information under the direction of our clients, who remain the data controllers. We have no direct relationship with the individuals whose personal data we process in this capacity. If you are a customer of one of our clients (a data subject) and would no longer like to be contacted by one of the clients that use our service, please contact that client directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our clients.
Access and Retention of Personal Data:
Spanning acknowledges an individual’s right to access their personal data.
When acting as a data processor, we have no direct relationship with the data subjects whose personal data we process and no authority to grant direct access to that data. In cases where Spanning handles your personal information on behalf of our client and you seek access to correct, amend, or delete inaccurate data, you should direct your query to Spanning’s corporate client, who is the data controller. If Spanning is requested to remove data, by the data controller, we will respond within a reasonable timeframe.
Individuals who have provided data to Spanning directly, via our website and who wish to access, correct, amend, or delete inaccurate data, may request access by contacting us via email at firstname.lastname@example.org.
Spanning will retain personal data we process on behalf of our clients for as long as needed to provide our services to those clients. Spanning will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
As per our Master Subscription Agreements, if a corporate client deletes Spanning Backup from their G Suite, Salesforce, or Office 365 domain, their backups (including individual data subject data that is part of a backup) will be queued for deletion. In the formal language of the agreements:
Upon the effective date of termination, We shall have no obligation to maintain or provide any of Your Data and shall thereafter, unless legally prohibited, delete all of Your Data in Our systems or otherwise in Our possession or under Our control.
Spanning is compliant with the Regulation (EU) 2016/679 (General Data Protection Regulation).
For more information about our compliance, please see our GDPR page. Also, customers can download our pre-signed Data Protection Addendum + Model Contract Clauses. Once countersigned, return a copy to email@example.com.
Data Protection Officer (DPO) – Article 37
Spanning, being a subsidiary of Kaseya, works with BSI Group, in the European Union, to provide DPO services. For inquiries, contact firstname.lastname@example.org.
Data Subject Access Requests
For GDPR Data Subject Access Requests, please click here.
Spanning uses other third parties, such as a credit card processing company, to bill Clients for goods and services, an email service provider to send out emails on our behalf, a third party help service provider, and a hosting service provider. Spanning remains liable for the onward transfer of personal data to third parties.
Spanning reserves the right to disclose personal information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our website.
If Spanning Cloud Apps, LLC is involved in a merger, acquisition, or sale of all or a portion of its assets, corporate clients and individual data subjects will be notified via email and/or a prominent notice on our website of any change in ownership or uses of personal information, as well as any choices they may have available regarding their backed up information.
Changes in this Privacy Statement
Spanning may update this privacy statement to reflect changes to our information practices. If we make any material changes we will notify our Clients by email (sent to the e-mail address specified in their account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
If you have any questions about this policy, please contact us at email@example.com.