Privacy Policy

Effective Date: 27-Apr-2021

1.INTRODUCTION

SpringRole Inc. hereinafter referred as Springworks ("us", "we", or "our") operates https://springworks.in/ (the "Site") and has issued this Global Data Protection and Privacy Policy (“Policy”). This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site. Please read the entire Policy carefully it forms a contract between You (“Customer”) and Us.

This Policy will apply where We are Controllers or Processors of personal data. This policy is applicable to Our Products (web platform, mobile applications, API based clients) and to Our public Site https://springworks.in/

By using the Site, you agree to the collection and use of information in accordance with this policy. If you are in any doubt regarding the applicable standards, or have any comments or questions about this Policy, please contact us at the contact details provided under this Policy.

2.APPLICABILITY

This Policy applies to all the Customers who are (i) entities or individuals, including End-Users and Users, who have subscribed to our Service(s) and have agreed to the Terms and (ii) individuals (“Individuals”) from whom We collect data as a Controller.

3.DEFINITIONS

The capitalized terms used in this Policy but not defined herein shall have the same meaning as defined in the Terms of Service available on our Site.

4.THE INFORMATION WE COLLECT

We may require basic information which identifies you as an individual (“Personal Information”), such as your name, email address and phone number, in order to transact business with you, on behalf of the company you work for, as our customer. We will only use such Personal Information for the purposes of providing information which you have requested, fulfilling business transactions, or for other purposes set out in this Policy.

We may also collect Personal Information indirectly from third parties, such as our business partners, or members of your Community.

We may collect the following information, depending on the application being used:

  • Name: first name and last name
  • Job title or description
  • Company or organization name
  • Company address, including country
  • Contact information including email address and telephone number(s)
  • User names (account alias) and passwords according to the product specifications to allow users to login and use the product
  • Time zone and date/time preferences for product usage
  • IT information required to provide access to systems and networks such as IP addresses, log files and login information, encryption generation keys
  • Information pertinent to fulfilling business transactions on a customer’s behalf, such as files uploaded by a user to a product to be processed by the application’s functionality, system generated emails
  • Meta Data, such as logs, for usage information and activity logs, with identifying characteristics such as creator or author of a transaction, names of individuals who have accessed or downloaded file(s), the time file(s) were accessed or downloaded, IP addresses of users.
  • Product administration activity such as adding and deactivating users, management of the generation of encryption keys

We do not collect sensitive information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data or data concerning health or sexual orientation.

4.1Cookies

Cookies are small text files that your browser stores on your computer hard drive that enable a site to remember you or your preferences; cookies cannot access, read, or modify any other data on a computer. Through your browser settings, you may be able to manage your cookie settings. We use cookies for advertising and analytics purposes, such as to identify returning business visitors and show them customized content, for more details, refer to the Cookies Policy.

5PURPOSES FOR PROCESSING PERSONAL INFORMATION

5.1Business Transactions with Customers

We process Personal Information through Our global IT systems, which include tools and systems that help us to administer customer accounts, orders and business transactions and share information across Our systems, and with related corporate entities. This includes transferring Personal Information to our servers in the US. Our parent company in the US, SpringRole Inc. may host these servers or utilize third party servers and applications, but in either case will be responsible for the security access of Personal Information on the systems.

5.2Products

You may provide Personal Information to Us through our “registration” page, by processing orders, or by participating in a Community, in order to use the products which run on our platforms, such as:

We may make use of Personal Information that we collect to help us administer the products and platforms:

  • To analyze system usage to help maintain the operational system
  • To enable you to access customer support portals or to provide customer support services to you
  • To optimize system operation based on usage and enable future product development and improvements
  • To enable our compliance with export control and other laws and regulations

The Internet is a global environment and using the Internet to collect and process data can involve the transmission of data on an international basis. By using our products and communicating electronically through the products, you acknowledge our processing of data in this way.

The products allow users to send documents and communicate with other users. We are not responsible for the data protection or privacy practices or the content of other users’ sites. When your communications leave our platforms, we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this Policy. You should review the data protection and privacy statements applicable to such sites.

Our products use cookies. Most browsers allow you to turn off cookies or to receive a warning before a cookie is stored on your hard drive. Find out more about our cookies in our Cookie Policy.

If you do not wish us to make use of your Personal Information in this way, please email [email protected]

5.3Other legitimate business purposes

We may also collect and use Personal Information when it is necessary for other legitimate purposes, such as to help us conduct our business more effectively and efficiently, for example, for general IT resourcing on a global level and information security/management.

5.4Legal purposes

We also may use your personal information where we consider it necessary for complying with laws and regulations, or to exercise or defend the legal rights of the Springworks.

6WHO WE SHARE YOUR PERSONAL INFORMATION WITH

6.1Within Springworks

Employees, contractors and agents of Springworks may be given access to Personal Information which we collect, but their use will be limited to the performance of their duties and the reason for processing. Our employees, contractors and agents who have access to your Personal Information are required to keep that information confidential and are not permitted to use it for any other purposes.
Personal Information may be shared among related entities within Springworks. As the parent company, Springworks provides products, support and operations services, and centralized corporate functions to its subsidiary - SpringRole India Pvt. Ltd.

6.2Business Partners and Service Providers

We will never sell, rent or disclose to unaffiliated third parties your Personal Information unless we have your permission or are required by law to do so. When we permit a third party to access Personal Information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Policy and that the security and confidentiality of the information is maintained.
We disclose the Personal Information We collect, to the following third parties:

  • Business partners for the purposes of providing services, support and products to customers
  • Third parties where disclosure is required or authorized by law
  • Service Providers who provide business services to us. We do so on a "need to know basis" and in accordance with applicable data privacy law.

6.3Lawful Grounds

We may disclose Personal Information to third parties on other lawful grounds, including:

  • To comply with our legal obligations, regulation or contract, or to respond to an administrative or judicial process
  • In response to lawful requests by public authorities (including for national security or law enforcement purposes)
  • If necessary to exercise or defend against potential, threatened or actual litigation
  • If necessary to protect the vital interests of another person
  • In connection with the sale, assignment or other transfer of all or part of our business, or
  • With your consent.

7YOUR CONTROL OF YOUR PERSONAL INFORMATION

You can request correction, update and deletion of your Personal Information via e-mail sent to [email protected], and we will use reasonable efforts to contact you regarding your request. To update or delete your Personal Information or correct an inaccuracy, we may ask you to verify your identity and cooperate with us in our effort.

8PROCESSING YOUR PERSONAL INFORMATION

8.1How do We Process

For purposes of the GDPR and the Swiss Federal Act on Data Protection, we are the Processor when we process Personal Information as per your instructions. We are the Controller of Personal Information when we process Personal Information for improving our Service(s) as expressly permitted by you according to this Policy. Personal Information includes all electronic data, text, messages or other materials, including Personal Data of Users and End-Users, submitted to the Service(s) by you through your Account in connection with your use of the Service(s), including data collected and mentioned under Section 4 of this Policy.

If you are an EEA or Switzerland-based customer, then you are responsible for compliance with the applicable data protection law where you are the “controllers”. In your role as a controller, you are authorizing, on behalf of you and your authorized agents and End-Users, and representing that you have the authority to provide such authorization to the processing and transfer of Personal Information in and to the United States and other countries which may have different privacy laws from your or their country of residence. As the controller, it shall be your responsibility to inform the End-Users about the processing, and, where required, obtain necessary consent or authorization for any Personal Information that is collected as part of the Personal Information through your use of the Service(s). We will take all steps reasonably necessary to ensure that the Personal Information is treated securely and in accordance with this Policy. We will work with you to help you provide Policy to your customers concerning the purpose for which Personal Information is processed by Us.

As the processor of Personal Information on your behalf, we follow your instructions with respect to the Personal Information to the extent consistent with the functionality of our Service(s). We implement technical, physical and administrative measures against unauthorized processing of such information and against loss, destruction of, or damage to, Personal Information.
Except as expressly permitted by you under this Policy, we do not own, control or direct the use of Personal Information, and only access such information as reasonably necessary to provide the Service(s) (including to respond to support requests), as otherwise authorized by you or as required by law. Unless we explicitly agree otherwise in writing, you will not process any sensitive Personal Information on our platform.

8.2Transfer of Personal Information

As we operate at a global level, we may need to transfer Personal Information to countries other than the ones in which the information was originally collected. When we export your personal information to a different country, we will take steps to ensure that such data exports comply with applicable laws.

8.3Privacy Rights

If you are a resident of the European Union, you can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. You can exercise these rights by contacting us using the contact details provided in this Policy.

You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. If we have collected and processed your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

9DATA RETENTION

Personal Information is retained and deleted in accordance with the Terms of Service as provided on our Site. If you wish to request that we no longer use your Collected Data, please contact us at [email protected]. Personal Information will be retained no longer than necessary in relation to the business purposes for which such Personal Information is provided and to fulfill legal requirements.

10EEA AND SWISS SPECIFIC RIGHTS

As we operate at a global level, we may need to transfer Personal Information to countries other than the ones in which the information was originally collected. When we export your personal information to a different country, we will take steps to ensure that such data exports comply with applicable laws. If you are an individual and resident of the EEA or Switzerland, you have certain rights with respect to your Personal Information:

  • You can request access to, and rectification or erasure of, Personal Information;
  • If any automated processing of Personal Information is based on your consent or a contract with you, you have a right to transfer or receive a copy of your Personal Information in a usable and portable format;
  • If the processing of Personal Information is based on your consent, you can withdraw consent at any time for future processing. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent;
  • You can to object to, or obtain a restriction of, the processing of Personal Information under certain circumstances; and
  • For residents of France, you can send us specific instructions regarding the use of your Personal Information after your death.

To make such requests, contact us at the address provided in the Contact Information section of this Policy. You also have the right to lodge a complaint with a supervisory authority/ Data Protection Authority about our collection and use of your Personal Information, but we encourage you to first contact us with any questions or concerns. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws

11CALIFORNIA-RESIDENT SPECIFIC RIGHTS

If you are resident of California and is a 'consumer' as defined under the California Consumer Privacy Act of 2018 ("CCPA") and We are a 'business' as defined under CCPA, then the following provisions applies to you:

Subject to the provisions of the CCPA, you have the right to request in the manner provided herein, for the following:

Right to request for information about the

  • Categories of Personal Information We have collected about you.
  • Specific pieces of Personal Information We have collected about you.
  • Categories of sources from which the Personal Information is collected.
  • Business or commercial purpose for collecting Personal Information.
  • Categories of third parties with whom the business shares Personal Information.

Right to request for deletion of any Personal Information collected about you by Us:

If you seek to exercise the foregoing rights to access or delete Personal Information which constitutes 'personal information' as defined in CCPA, please contact us at details provided under the Contact Information clause in this Policy. We respond to all requests we receive from you wishing to exercise your data protection rights within a reasonable timeframe in accordance with applicable data protection laws. By writing to us, you agree to receive communication from us seeking information from you in order to verify you to be the consumer from whom we have collected the Personal Information from and such other information as reasonably required to enable us to honour your request.

The details and list of the mode of collection, processing and sharing of Personal Information by Us is highlighted in the present Policy. We suggest you read it carefully and then proceed.

12OUR POLICY TOWARDS CHILDREN

The Services are not directed to individuals under the age of 16 years, as on the date of accessing/ availing the Services provided by Us. We do not knowingly collect personal information from children under the age of 16 years. If we become aware that a child under the age of 16 years has provided Us with their Personal Information, then in that event We will take appropriate steps to delete such information, without undertaking any liability in that regard. If you become aware that a child has provided Us with their Personal Information, then please contact us on the details provided under the Contact Information clause incorporated under this Policy.

13SECURITY

We are committed to ensuring that your information is secure. We have put in place appropriate technical, physical and administrative procedures to safeguard and secure the information we collect in order to prevent unauthorised access or disclosure.

14UPDATES TO THIS NOTICE

Springworks reserves the right, in its discretion, to make changes to any part of the products, platforms or this Policy. Springworks may change this Policy from time to time by updating this page. You should check this page from time to time to ensure that you are aware of any changes. This Policy is effective from 01-Aug-2020. By continuing to use the products and services, you consent to this Policy as amended.

15CONTACT INFORMATION

If you have any questions about this Policy, or wish to make a complaint about our data handling practices, you may contact:

Data Protection Officer

SpringRole Inc, 1447 2nd Street Suite 200 Santa Monica, CA 90401 United States
Email: [email protected]

We will investigate any complaints received in writing and do our best to resolve them with you as soon as possible.