Last updated October 21, 2016

Spredfast, Inc. and its wholly owned subsidiaries, Shoutlet, Inc. and Spredfast Limited (collectively, “Spredfast” or “we” or “us”) provide an open social marketing platform and related services, including software as a service (“SaaS”) applications, tools and platform, which help connect our Customers to the people they care about the most (collectively, “Spredfast Services”). 

This Privacy Policy (“Privacy Policy”) governs our privacy practices for our websites and mobile apps as well as the privacy practices applicable to our Customers in their use of Spredfast Services.  As used in this Privacy Policy, the term “Customers” refers to our Customers who have purchased or are otherwise authorized to use Spredfast Services (including all of their authorized users), the term “Visitors” shall refer to both the users of our websites and our Customers and the term “Website” shall include www.spredfast.com, any website operated by Spredfast on which this Privacy Policy is posted, as well as mobile and other applications.   Use or access of any of our Websites or use or deployment of a Spredfast Service constitutes acceptance of this Privacy Policy on behalf of the Customer or Visitor.

Overview & Purposes for Data Collection

Spredfast is committed to protecting the privacy of Visitors and Customers.  We collect information from Visitors and Customers for legitimate business purposes, primarily to operate our Websites and to provide, and improve, Spredfast Services. 

We also process content on behalf of our Customers as their data processor.  This content consists of content published or generated through the Spredfast Services, such as content Customers collect from Facebook, Twitter or other social media networks.  It is our Customers, and not Spredfast, who control how such information and content is collected and used.  Spredfast processes (rather than controls) such content in accordance with instructions from Customers. 

The Spredfast Services enable Customers to connect other accounts they may have on social media networks or apps, such as Facebook and Twitter.  This Privacy Policy does not govern the collection of content by other websites, apps, networks or otherwise which is not published or generated through the Spredfast Services, except to the extent that we act as a processor with respect to such content.  Our Customers are required to abide by the applicable policies and requirements of social media networks or any other websites or apps used in connection with the Spredfast Services.  

  1. Information We Collect

The specific types of information we receive from those who provide content through one of our Spredfast Services include the following:

Information Provided to Us by Individuals

Personally Identifiable Information.  When Visitors sign up on our website to receive information or to otherwise engage with us or when Customers use Spredfast Services, it is their choice to do so and if they so choose, such Visitors or Customers may be required to provide his or her name, address, telephone number, email address, or other types of personally identifiable information (collectively, “Personally Identifiable Information”).

Content and third party information provided or accessed through Spredfast Services. Our Customers may use Spredfast Services to connect with their own Customers or others over social media and there are a variety of opportunities for a third party user of a social media or other website to provide content.  For example, someone may provide general information and opinions, upload pictures and videos, and refer, share, or provide information to another person or audience.  This information is referred to in this privacy policy as “Third Party Information” and if it is generated or accessed through the Spredfast Services, it is information that we process as a data processor, as described further below.  

Information We Collect from Computers or Internet Devices

Access device and browser information. When a Visitor uses one of our websites or when a Customer uses a Spredfast Service, we may collect information from that device, such as the browser type, location of the device, operating system, and IP address, as well as which website or Spredfast Service was used.

Cookie and web beacon Information. We may store cookies on a Visitor’s or Customer’s computer or other Internet device. A cookie is a small amount of data that is sent from a web server and stored on a Visitor’s device.  We also occasionally use web beacons, which assist us (and our Customers) to determine, for example, whether an email has been read or forwarded to someone else.  We also collect and monitor aggregate data called “web log information” (such as a Visitor’s web browser, operating system, etc.) and use cookies and web beacons in connection with certain Spredfast Services (collectively, the “Aggregate and Statistical Data”). 

Google Analytics.  Spredfast uses a specific cookie in order to facilitate the use of Google Analytics with respect to our Customers using Spredfast Services.  We may use Customers' Spredfast log in information together with Google Analytics to track and analyze the web pages Customers visit so that we can better understand and improve Spredfast Services.  With respect to Visitors of our websites, we also use Google Analytics features such as Google Analytics Demographics and Interest Reporting.  For more information about Google Analytics, please visit: www.google.com/policies/privacy/partners/

Information We Receive from Customers and Third Parties

Customer Data.  Customers provide us with data to enable them to log on and use the Spredfast Services, which consists of personally identifiable information of their authorized users, company information and configuration, content, internal communications and notes.  This information is what we refer to as “Customer Data” in most agreements with our Customers.

Customer websites and social media websites. We do not own or operate our Customers’ websites or the social media or other websites used in connection with the Spredfast Services.  When a Customer provides or accesses information through one of our Spredfast Services, we may receive information from the Customer input, in response to, or by way of interaction with, content generated by Customers using Spredfast Services as well as from the Customer’s website or the relevant social media site, including information about actions that the third party takes and may include additional information about the third party that was published on or provided to the Customer website or social media site.

Information from other websites. We may obtain information from partners and other websites concerning Visitors.  For example, we may ask or engage third parties to tell us additional information about Visitors, such as how they responded to our communications or promotions. 

2. Quality, Use, Disclosure, Retention, and Disposal: How We Can Use and Share Information

Maintaining the privacy of Personally Identifiable Information is important to us.  Except as provided in this Privacy Policy, we will not use or disclose to anyone Personally Identifiable Information.  We use Personally Identifiable Information only in ways that are relevant and compatible with the purposes for which that information was collected by our Customers, subsequently authorized by the individual user, or as otherwise provided in this Privacy Policy.  We take all commercially reasonable steps to ensure that Personally Identifiable Information collected is only used for its intended use and our Customers must do the same.  Our policy is to limit access to Personally Identifiable Information to those of our employees or contractors who need access to it to perform their duties and wo are subject to obligations to protect such information.  Any employee who violates our privacy or security policies may be subject to disciplinary action. 

We consider information such as answers to surveys, comments, ideas, and suggestions (in each case, which do not contain Personally Identifiable Information) to be non-personal and do not classify such as Personally Identifiable Information. Except as otherwise provided by applicable contracts with our Customers or a third party, we are free to disclose and use such data or information without any obligation.

Information from Spredfast Services Used by Customers

Customers may initiate a transfer of information collected from their use of Spredfast Services or their Customers or other third party’s interaction with, or response to, content generated by a Customer’s use of Spredfast Services.  The Customer may transfer such information from our systems to their systems. The information may also be consolidated with other information collected through a Spredfast Service.  We do not control how Customers use the information collected by way of their use of a Spredfast Service, but Customers must comply with all applicable laws and any applicable terms and conditions, such as terms and conditions of social media networks, when collecting and using such information.

Aggregate and Statistical Data

We use Aggregate and Statistical Data to enable Spredfast and our Customers to better understand our tools and Spredfast Services-related activity. The Aggregate and Statistical Data also allows us to (a) effectively troubleshoot and resolve issues, (b) provide technical support assistance, (c) improve our offerings by enabling us to better understand which Spredfast Services Customers prefer and (d) provide relevant information to Customers relating to their usage of the Spredfast Services. 

When we use Aggregate and Statistical Data, we do not link it to Personally Identifiable Information. We use the Aggregate and Statistical Data we collect and share it with selected affiliates and Customers in analyzing trends, the demographics of social media users, and usage of our Spredfast Services.  We may use Aggregate and Statistical Data to improve our marketing and promotional efforts, to statistically analyze site and Spredfast Services usage, and to improve our content service offerings.

Point of Collection Purposes

Sometimes, our Customers have specific purposes for which they plan to use an individual user’s information, and our Customers describe those purposes at the point of collection.  For example, a Customer may solicit a user’s feedback in order to improve services and products, respond to a user’s questions or comments, register in connection with a contest, giveaway, or drawing, respond to a request for a brochure, or to otherwise send information to the user.  We may be asked to fulfill or assist with the fulfillment of the requirements associated with the point of collection purposes.

Vendor Services to Spredfast

We may share Personally Identifiable Information and other information with our vendors, contractors, and partners in connection with services that these individuals or entities perform for or with us and our Customers. The services they provide may include such activities as tools that work with Spredfast Services, fulfillment services, and promotional email or direct mail campaigns for the benefit of our Customers or prospective customers. These vendors, contractors, and partners are restricted from using this data in any way other than to provide services for us.  They may not share or resell any information, including Personally Identifiable Information.

Acquiror of Spredfast

We may disclose Personally Identifiable Information and other information about Visitors in connection with an anticipated change of control of Spredfast pursuant to a merger, acquisition, or sale of all or substantially all of our assets.  Such disclosure will be governed by appropriate non-disclosure contractual provisions. 

Disclosure and Use for Legal Reasons

We may disclose Personally Identifiable Information and other information we receive if we believe in good faith that we are required to do so by law or court order.  We may also disclose or use information if it is necessary to identify, contact, or bring legal action against someone who may cause or is causing harm to, or interference with, our rights or other property, Customers, Visitors, or anyone else.  In addition, we may also use IP addresses in cooperation with Internet service providers to identify Visitors if we deem it necessary to comply with laws, to enforce compliance with this Privacy Policy or contractual obligations, or to protect our Customers, ourselves, or others. 

Respond to Requests Initiated by Visitors

We may disclose and use Personally Identifiable Information and other information about an individual Visitor in order to respond to an inquiry, request, or complaint that the Visitor has made or to provide the Visitor with additional requested information, alerts, and updates regarding relevant services and products.

Deletion of All Personally Identifiable Information

At the request of a Visitor, we will delete from our active databases all Personally Identifiable Information the Visitor provided to us.  In addition, at the request of a Customer, we will delete from our active databases all Personally Identifiable Information collected through Spredfast Services collected by such Customer.   However, we may not be able to delete information accessed or provided through Spredfast Services if we do not control such information, such as information that originated through a social media network and is consequently controlled by such social media network.  In addition, we may retain such information to the extent required by law or if copies are kept in archival backups, but in no event will we use or disclose such information except as required by law.  To request the removal of Personally Identifiable Information, please send us an email to legal@spredfast.com. See “Access to and Correction of Personally Identifiable Information” below for additional information as to correction and deletion of Personally Identifiable Information of individual Visitors.

3. Access, Security, and Other Important Matters Related to Privacy

Access to and Correction of Personally Identifiable Information

If a Visitor has provided us Personally Identifiable Information and (a) would like that information deleted from our records, or (b) would like to update or correct that information, the Visitor can contact us at our email address, legal@spredfast.com, with the subject line “Privacy Policy Request” and provide us with the relevant name, postal address, and any other information necessary to respond to the request.  If requested to do so, we will use reasonable efforts to make corrections or remove from our active databases applicable portions of Personally Identifiable Information.

Protection of Children’s Personally Identifiable Information

We do not intend to collect Personally Identifiable Information from anyone under age 13 and will not knowingly collect, maintain, or disclose such information.  As a condition to using the Spredfast Services, Customers should not knowingly collect information from anyone under age 13.  If a Customer or a parent or guardian has discovered that a child under age 13 has submitted his or her Personally Identifiable Information, upon notification of us, we will make reasonable efforts to remove the information from our database.  To request the removal of a child’s information, please send us an email to legal@spredfast.com.

Security Program

We have developed and implemented a security policy and program that includes administrative, technical, and physical safeguards to protect Personally Identifiable Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. In addition, we have restricted logical access to Personally Identifiable Information, and we have restricted physical access to the environment where we store that information. When transmitting Personally Identifiable Information from our database through a Spredfast application programming interface to a Customer, we use an encryption protocol to help ensure the information is kept secure.  In other circumstances, we strongly urge our Customers who collect Personally Identifiable Information while using a Spredfast Service to retrieve the collected information from our database using an encryption protocol or other adequate measures to maintain the security of the information retrieved.

4. Staying Informed about this Privacy Policy and Our Information Practices

Changes to our Privacy Policy.  If we make a material change to this Privacy Policy, we will notify Customers by one of the following methods: (a) by sending a notice to the Customer pursuant to the procedures described in the contract with the Customer, describing the change; or (b) by sending the Customer an email notifying the Customer of the change. We will also post the most recent version of this Privacy Policy on our website.

Contacting us with questions.  Questions or concerns about this Privacy Policy or our related information practices should be directed to us by email to legal@spredfast.com with the subject line “Privacy Policy Question,” or by writing to us at Spredfast, Inc., attention: Melissa Frugé, Chief Legal Officer, #600, 200 W Cesar Chavez St, Austin, TX 78701 Please include your name, address and any other information necessary to respond to your question.

5. EU Privacy Shield and Swiss Safe Harbor

Spredfast has certified to the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.  We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.  If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.

Additionally, we adhere to the Swiss Safe Harbor Program (http://export.gov/safeharbor/) (the “Safe Harbor”) and its principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement with respect to personal information (as defined below).  We will respond to requests to access or delete personal information within 30 days.  We will adhere to the requirements of the Safe Harbor with respect to sensitive information (as defined below).  As a condition to using the Spredfast Services, Customers are required to obtain all necessary individual consents in order to collect and use sensitive information.   

For purposes of this Safe Harbor disclosure, “personal information” means data that is (a) transferred from the European Union or Switzerland, as the case may be, to the United States; (b) recorded in any form; and (c) about, or pertains to, a specific individual who is identified in, or is identifiable from, the data.  “Sensitive information” means personal information specifying medical or health conditions, personal sexuality, racial or ethnic origin, political opinions, religious, ideological, philosophical, or trade union-related beliefs, views or activities, trade union membership, information specifying the sex life of the individual, information on social security measures, or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.  Sensitive information also includes personal information received from a third party where the third party treats and identifies it as sensitive. 

Monitoring and Enforcement

Generally.  We have a process in place to address inquiries, complaints, and disputes. Each inquiry or complaint is addressed and its resolution is documented and communicated to the individual initiating the inquiry, complaint, or dispute.  Instances of non-compliance with this Privacy Policy and its procedures are documented and reported to management. If needed, corrective actions are taken on a timely basis.

Spredfast is subject to the investigatory and enforcement powers of the US Federal Trade Commission (the “FTC”).  In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Spredfast is potentially liable.

Audit. An independent audit regarding our security controls for Personally Identifiable Information is conducted annually.  These audits are designed to help us maintain the effectiveness of our Privacy Policy, security practices, and corrective actions.

ICDR Online program: privacy complaints by European Union and Switzerland citizens.    In compliance with the EU-US Privacy Shield and Safe Harbor, Spredfast commits to resolve complaints about privacy and our collection or use of personal information.  European Union and Switzerland citizens with inquiries or complaints regarding this Privacy Policy should first send us an email to legal@spredfast.com

Spredfast has further committed to refer unresolved privacy complaints under both the EU-US Privacy Shield Principles and Safe Harbor, to the International Centre for Dispute Resolution (the “ICDR”), an international dispute resolution provider. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.icdr.org   for more information and to file a complaint. 

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

6. Conflicts. 

If there is a conflict between this Privacy Policy and a legal requirement, the legal requirement will take precedence.  We also may agree to privacy-related obligations with Customers, however such agreements will not diminish or remove the protections provided to individuals under this Privacy Policy.