Last Updated: June 9, 2023
3. Information Spekit Processes
A. Data Provided to Spekit
We receive information when you submit it to our Business:
- Contact Information, including your first name, last name, email address, phone number, employer, job title and address.
- Communications, including when contacting sales or support, asking a question, providing product feedback or corresponding with our business teams.
- Content, including any documentation, files or information you provide, as further described below.
- Authorized User Data, including your Contact Information, login credentials, and other information used by your Company to invite and manage business customers and their employees and other authorized users (“Authorized Users”).
- Third-Party Information, including information you provide about any co-workers, contractors, vendors or potential referrals, such as their Contact Information.
- Connected system instance and user information: In order to use the Services you may be required to connect to a Customer Relationship Management (CRM) system (e.g. Salesforce), in which event Spekit is given permission to access the CRM system in order to provide the Services.
B. Data Generated and Collected by Spekit
We generate, collect and derive information when you use or interact with our Services, Website and other products and services provided or used by our Business:
- Usage Data, including information and metadata about the pages or content you visit, the features you interact with, the workflows you construct, how much time you spend on a particular Website or using the Services, login and crash data, your preferences or selections, the time of day you browse, and your referring and exiting pages.
- Device Data, including information about the type of device or browser you use, your device’s operating software and settings, your internet service provider, and device identifiers, such as IP address and advertising identifier.
- Location Data, including an approximate geolocation derived from your IP address or business information.
- Log Files, which are files that record events that occur in connection with your use of technology services, including the Services and Website.
You may be able to limit our collection of certain information by changing your device and software settings. However, doing so may affect or limit the features available to you. For further information on how we use tracking technologies for analytics and advertising, and your rights and choices regarding them, see the “Analytics and Advertising” and “Your Rights and Choices” sections below.
C. Data Collected by Spekit from Other Sources
In order to enhance our ability to provide relevant marketing, offers, and Services to you, and update our records, we may obtain information about you from other sources. We may combine such information with other information we have collected about you. This helps us to update, expand and analyze our records, identify new customers, and create more tailored advertising to provide offers and services that may be of interest to you. These sources may include public databases, joint marketing partners, social media platforms, as well as other third-party sources. As an example, if you participate in a Spekit Referral program, we may collect information related to you and/or your referral.
Additionally, Spekit may receive information about you from other third parties whom you have authorized to share your information or who collect information in connection with co-branded offerings. We treat the information obtained from other sources in accordance with any laws or contractual obligations applicable to us.
4. How Spekit Uses Information
- Providing, maintaining and improving the Services, Website and Business
- Providing and delivering the Services you request, processing transactions and sending you related information, including confirmations and invoices
- Sending you technical notices, updates, security alerts and support and administrative messages
- Responding to your comments, questions and requests and providing customer service and support
- Generating aggregate or de-identified information by removing or masking information that could be used to identify you and by aggregating or combining information with other information
- Identifying customer opportunities to the extent that it is in our legitimate interest to ensure we are meeting our customer’s demands and user experiences
- Communicating with you about products, services, offers, promotions, rewards, and events offered by Spekit and others, to the extent necessary for our legitimate business interest to market our Services
- Monitoring and analyzing trends, usage and activities in connection with the Services
- Personalizing and improving the Services and providing advertisements, content or features that match user profiles or interests
- Processing and delivering contest entries and rewards
- Linking or combining with information we receive from others to help understand your needs and provide you with better service
- Complying with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or if necessary for our legitimate interest in protecting against misuse or abuse of our Services, pursuing remedies available to us, and complying with judicial proceedings or responding to lawful requests
- As necessary for general business administration, such as but not limited to, accounting, recordkeeping, and legal functions to meet our business obligations
- Carrying out any other purpose for which the information was collected, and which is necessarily contemplated by the collection of such information or is otherwise explicitly mentioned in the process of collection
Notwithstanding the above, we may use information that does not identify you for any purpose permitted by law or contractual obligation applicable to us. For information on your rights and choices regarding how we use your Personal Data, please see the “Your Rights and Choices” section below.
5. How Spekit Shares Information
The following entities may receive the information that we collect:
- Our subsidiaries
- Our sub-processors
- Our trading partners
We use sub-processors to assist in providing the Services. By using the Services or Website, you consent to Spekit engaging its current sub-processors.
- With affiliates, vendors, consultants, and other service providers who need access to that information to carry out work on our behalf
- With vendors, platforms, analytics providers and other parties for marketing and advertising related purposes. For more information on our online advertising practices, see the “Analytics and Advertising” section below.
- In connection with a joint marketing campaign, seminar, Spekit product offering or other product or service offered by Spekit in conjunction with a third party, we may share your information with any third parties participating in such offering and such parties may use this information for their direct marketing purposes
- In response to a request for information if we are required by, or believe disclosure is required by, any applicable law, regulation or legal process, including in connection with lawful requests by law enforcement, national security, or other public authorities
- In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business to another company
- With your consent or at your direction, including if we notify you through the Services that the information you provide will be shared in a particular manner and you provide such information
Notwithstanding the above, we may disclose information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by law or contractual obligation applicable to us. For information on your rights and choices regarding how we share information about you, please see the “Your Rights and Choices” section below.
6. Analytics and Advertising
Where permitted under laws applicable to our Business, we use analytics services, such as Google Analytics, to help us understand how users access and use the Website and other aspects of our Business. In addition, we work with agencies, advertisers, ad networks, and other technology services to place advertisements on our behalf on other websites and services. For example, we may place ads through Google, LinkedIn and social media platforms that you may view on their platforms as well as on other websites and services.
As part of this process, we may use tracking technologies (including incorporating them into our Website and emails), as well as incorporating into our ads displayed on other websites and services. Some of these tracking technologies may track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you (“Interest-based Advertising”).
For further information on the types of tracking technologies we use and your rights and choices regarding analytics and Interest-based Advertising, please see the “Your Rights and Choices” section below. You will continue to see advertising, including potentially from us, even if you opt out of personalized advertising.
7. Data Transfer
Our Business is operated from the United States. Any of your Personal Data we collect may be transferred to, processed, used, handled, and stored in the United States and other jurisdictions. Data protection laws in the United States and other jurisdictions may differ from those of your country of residence.
For personal data transferred from the European Economic Area, Switzerland or the United Kingdom, we will provide appropriate safeguards, such as through the use of the relevant standard contractual clauses. For further information on these transfers and the relevant appropriate safeguards, please see the “Additional Disclosures for Data Subjects in the European Economic Area, Switzerland and the United Kingdom” section below.
8. Additional Information
Security. We are committed to taking appropriate measures designed to keep your Personal Data secure. Our technical, administrative and physical procedures are designed to protect Personal Data from loss, theft, misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction. We follow generally accepted industry standards to protect the data submitted to us, both during transmission and once it is received. If you have any questions about the security of your data, you can contact us at email@example.com.
Use by Minors. We do not direct any of our Services or other aspects of our Business to children. We do not knowingly collect personal data (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children under 13. We also do not knowingly “share” or “sell,” as those terms are defined under the California Privacy Rights Act, the personal data of minors under 16 who are California residents. If you are a parent or guardian and believe we have violated this provision, contact us at firstname.lastname@example.org.
9. Your Rights and Choices
Spekit Account. Spekit Services are intended for use by business customers, and you may only use a Spekit Account if you are an employee or other Authorized User of a Company that has opened a Spekit Account. The information in a Company’s Spekit Account is governed by our Agreement with the business customer. You should direct questions about Personal Data we are processing on behalf of a Company to that Company’s administrators. If you are an Authorized User, you may also be able to access, update, or delete certain information within your Company’s Spekit Account through the Services, provided that the Company and its administrators are responsible for determining how that data is processed.
Tracking Technology Choices.
- Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals. For more information on “Do Not Track,” visit http://www.allaboutdnt.com. Note that if you are a California resident, you may exercise your right to opt-out of sales or sharing through preference signals. Please visit the “Additional Disclosures for California Residents” section below for details.
Please be aware that if you disable or remove tracking technologies some parts of our Services, Website and Business may not function correctly.
Analytics and Advertising. Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout and by Google Analytics for Display Advertising or the Google Display Network at https://www.google.com/settings/ads/onweb.
The companies we work with to provide you with targeted ads in connection with our Business are required to give you the choice to opt out of receiving targeted ads. Most of these companies are participants of the Digital Advertising Alliance (“DAA”) and/or the Network Advertising Initiative (“NAI”). To learn more about the targeted ads provided by these companies, and how to opt out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from DAA participants, https://www.aboutads.info/choices; and (ii) for targeted ads from NAI participants, https://www.networkadvertising.org/choices. Opting out only means that the selected participants should no longer deliver certain targeted ads to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., in connection with the participants’ other customers or from other technology services). Any such targeted advertising will only be carried out to the extent that it is permitted by applicable law.
Please note that if you opt out using any of these methods, the opt out will only apply to the specific browser or device from which you opt out. Except as required by applicable law, we are not responsible for the effectiveness of, or compliance with, any opt-out options or programs, or the accuracy of any other entities’ statements regarding their opt-out options or programs.
You can opt out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link. Please note that you cannot opt-out of non-promotional emails, such as those about your Company’s Spekit Account, transactions, servicing, or our ongoing business relations.
10. Contact Us
3301 Lawrence Street Suite #1
Denver, CO. 80205
11. Additional Disclosures for Nevada Residents
Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal data that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal data for monetary consideration by the business to a third party for the third party to license or sell the personal data to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please refer to the “Contact Us” section above.
12. Additional Disclosures for California Residents
These additional disclosures apply only to California residents and only to the extent applicable.
Notice of Collection.
The California Consumer Privacy Act as amended by the California Privacy Rights Act (“CPRA“) provides additional rights and requires businesses collecting or disclosing personal data to provide notices and means to exercise rights. In the past 12 months, we have collected the following categories of personal data enumerated in the CPRA:
- Identifiers, including name, postal address, email address, and online identifiers (such as IP address).
- Customer records, including phone number, billing address, bank account information.
- Internet activity, including browsing history, search history, and interactions with a website, email, application, or advertisement.
- Non-Precise Geolocation data.
For further details on personal data we collect, including the sources from which we receive information, review the “Information that Spekit Collects” section above. We collect and use these categories of personal data for the business purposes described in the “How We Use Information” section above. We disclose the personal data to the categories of persons set out in the “Disclosure of Information” section above. Please visit those sections for further details.
Right to Know, Correct and Delete.
You have the right to know certain details about our data practices. In particular, you may request the following from us:
- The categories of personal data we have collected about you;
- The categories of sources from which the personal data was collected;
- The categories of personal data about you we disclosed for a business purpose or sold or shared;
- The categories of persons to whom the personal data was disclosed for a business purpose or sold or shared;
- The business or commercial purpose for collecting or selling or sharing the personal data; and
- The specific pieces of personal data we have collected about you.
In addition, subject to exceptions, you have the right to correct or delete the personal data we have collected from you.
To exercise any of your rights, please submit a request to email@example.com. We will confirm receipt of your request and respond to your request within the time limits prescribed by law. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests.
If personal data about you has been processed by us as a service provider on behalf of a business customer, please inquire with the business customer directly to exercise your rights. If you wish to make your request directly to us, please provide the name of our business customer on whose behalf we processed your personal data. We will refer your request to that business customer, and will support them to the extent required by applicable law in responding to your request.
Additional Notice and Opt-Out.
Our business model is providing software services to business customers, not selling personal data. However, under the CPRA, some marketing practices, like the disclosure of Website visitor data to obtain targeted ads and analytics to advertise our products on third party sites, may be considered a “share” or “sale” even if no money is exchanged. A “share” is broadly defined under the CPRA to include a disclosure for cross-context behavioral advertising, and a “sale” is broadly defined under the CPRA to include a disclosure for something of value. Under these definitions, we may collect, share, or sell the following categories of personal data for commercial purposes: identifiers, commercial or transaction information, internet activity, non-precise geolocation data. The categories of third parties to whom we “share” or “sell” personal data include, where applicable, vendors and other parties involved in cross-context targeted advertising. To the extent our marketing practices constitute a “share” or “sale” of your personal data, you have the right to opt out. You can exercise this right by modifying your cookie preferences for our Website or enabling Global Privacy Control on your browser or extension. These settings enable you to communicate an opt out that is specific to your browser or device, as applicable, so you will need to instruct each separately.
We retain each category of personal data for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
You can designate an authorized agent to submit requests on your behalf. However, we may require signed proof of the agent’s permission to do so and verify your identity directly. Requests must be submitted through the designated methods listed above.
Right to Non-Discrimination.
You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.
13. Additional Disclosures for Virginia Residents
Virginia provides additional rights to Virginia residents through the Virginia Consumer Data Protection Act (“VCDPA”). This section addresses those rights and applies only to Virginia residents acting in an individual or household context.
You have the following rights under the VCDPA:
- To confirm whether or not we are processing your personal data
- To access your personal data
- To correct inaccuracies in your personal data
- To delete your personal data
- To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format
- To opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you
To exercise any of these rights, please send an email to firstname.lastname@example.org. We will respond to your request within the time limits prescribed by law. We may require specific information from you to help us confirm your identity and process your request. If personal data about you has been processed by us as a processor on behalf of a business customer and you wish to exercise any rights you have with such personal data, please inquire with the business customer directly.If you wish to make your request directly to us, please provide the name of the business customer on whose behalf we processed your personal data. We will refer your request to that business customer, and will support them to the extent required by applicable law in responding to your request.
14. Additional Disclosures for Data Subjects in the European Economic Area, Switzerland and the United Kingdom
Lawful Basis for Processing.
Data protection laws in Europe require a “lawful basis” for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers, partners, or business customers; (b) processing is necessary for the performance of a contract; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.
We may transfer your personal data to our operations in the United States or to our service providers or other third parties in the United States or in other countries – this may involve the transfer of your personal data to countries which have different data protection standards to those which apply in the European Economic Area, Switzerland or the United Kingdom.
Some of these countries are subject to a European Commission and/or UK government adequacy decision. For other countries, Spekit has put in place the relevant European Commission or UK government-approved standard contractual clauses with the relevant third parties to ensure that your personal data is protected with appropriate safeguards. We may also rely on other permitted data transfer mechanisms.
Your Data Subject Rights.
You may have certain statutory rights relating to your personal data. Subject to applicable law, you may have the right to access and rectify your personal data, to require us to erase your personal data or to transfer it to other organizations, and to object to the processing of your personal data. Where we process your personal data because we have a legitimate interest in doing so (as explained above), you may have a right to object to this. You may also have the right to restrict processing of your personal data in certain circumstances. These rights may be limited in some situations, for example, where we can demonstrate that we have legitimate grounds to process your personal data. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different from those for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any processing of your personal data which we do based on consent you have provided to us.
To exercise any of these rights, please send an email to email@example.com. We will respond to your request within the time limits prescribed by law. We may require specific information from you to help us confirm your identity and process your request. If your personal data has been processed by us as a processor on behalf of a business customer and you wish to exercise any rights you have with such personal data, please inquire with our business customer directly. If you wish to make your request directly to us, please provide the name of our business customer on whose behalf we processed your personal data. We will refer your request to that business customer, and will support them to the extent required by applicable law in responding to your request.
Retention of your Personal Data.
Please note that we retain personal data for as long as necessary to fulfill the purposes for which it was collected from you and/or our business customers, and may continue to retain and use your personal data for purposes of our legitimate interests and/or as necessary to comply (or demonstrate compliance with) with our legal/regulatory obligations, resolve disputes, prevent fraud, and enforce our rights.
We hope that we can satisfy any queries that you may have about the way we process your personal data. However, if you have any issues with our compliance, you may contact us at firstname.lastname@example.org. You also have the right to lodge a complaint with the data protection regulator in your jurisdiction if you have any unresolved concerns. You can lodge the complaint in the country where you reside, where you work or where any alleged infringement of data protection law occurred.