Privacy & GDPR
Effective Date: 3rd March, 2021
Account and Marketing Data: We gather various types of Personal Information from our users, and we use this Personal Information to deliver our Services, including to personalize, provide, and improve our Services, to allow you to set up a user account and profile, to contact you and allow other users to contact you, to fulfill your requests for certain Services, and to analyze how you use the Services (“Account and Marketing Data”). In certain cases, we may also share some Personal Information with third parties, but only as described below.
User Data: Customers of our Services may collect Personal Information from individuals (e.g. their employees and customers) and upload, store or process that information to or in the Services. We may also collect Personal Information on our customers’ behalf in the course of providing our Services to those customers (e.g. where a customer uses our call recording or transcription features). We refer to this information as “User Data”.
We require our customers to obtain the necessary consents from individuals to provide User Data to us and permit us to collect and use User Data for the purposes of providing the Services to our customers. If you have any concern about our collection and use of Personal Information about you contained in User Data, please contact us at firstname.lastname@example.org.
For the purposes of the European Union General Data Protection Regulation 2016/679 (“GDPR”), and the equivalent laws of the United Kingdom (“UK GDPR”), our customers are the data controller when storing or otherwise processing User Data that we hold solely for the purpose of providing our Services and we are the data processor.
Children: We do not knowingly collect or solicit Personal Information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Information, please contact us at email@example.com.
WHAT INFORMATION DO WE COLLECT?
We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers on behalf of other businesses, or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our Services. If you do not want to receive communications from us, please indicate your preference by unsubscribing through the link at the bottom of our emails.
We may use this data to customize content for you that we think you might like. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services better, or remove Services that are not being used.
HOW DO WE USE YOUR INFORMATION?
We use your Personal Information to facilitate our ongoing and proposed business dealings with you, including to process transactions that you initiate with or through us, establish and maintain your account and to communicate updates, policy changes and other technical matters concerning these Services.
With your permission, we may use your Personal Information to market our Services, or those of our business partners, including sending announcements and other similar communications regarding the Services, sending trial or limited access opportunities to our Services, soliciting input from you regarding improvements we can make, and informing you of third-party offerings that we think you or your company may be interested in which relate to our Services.
DO WE SHARE YOUR PERSONAL INFORMATION?
We neither rent nor sell your Personal Information in personally identifiable form to anyone. However, we may share your Personal Information with third parties as described in this section:
Information that’s no longer personally identifiable: We may anonymize your Personal Information so that you are not individually identified, and provide that information to certain of our partners to help us understand our users’ online behavior. We may also provide anonymous aggregate usage information to our partners, who may use such information to understand how often and in what ways people use our Services so that we can provide you with an optimal online experience. However, we never disclose aggregate usage information to a partner in a manner that would identify you personally, as an individual. Additional information regarding our partners’ privacy policies and the option to opt-out of sharing your usage information is available at https://spokephone.comn/terms/. If you choose to opt-out, please note that your actions, such as getting a new computer, installing a new browser, erasing, or otherwise altering your browser’s cookie file, may clear any opt-out cookies that you have enabled.
Affiliated Businesses and Service Integrations: Some businesses or third-party websites we’re affiliated with provide products or services to you through or in connection with the Services or allow you to access our Services through those third-party products. For a list of our affiliates and integrations, go to https://spokephone.com/integrations. We will share your Personal Information with affiliated businesses only if you or your Spoke administrator set up an integration, and we will only share your information to the extent that it is related to the transaction or service, such as the ability for you to automatically transmit Third Party Account Information to your Services profile or to automatically transmit information in your Services profile to your third party account. If you choose to take part in any transaction or service relating to an affiliated website or business, please review their policies.
Cookies Policy, Third-Party Analytics, and Tracking: Our and our third-party service providers of tracking technologies gather non-personal information about how users enter, navigate, and leave the website and Services, the frequency and length of visits to the website or Services or third party websites, application or device usage data, and your product or service preference indicated by the number of times and the length of time you view a product. We gather this data using cookies (both first-party cookies, such as the Google Analytics cookie, and third-party cookies, such as the DoubleClick cookie), web beacons, tags, and other similar techniques that deliver small files to your computer and which allow these networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers.
We use Google Analytics and Google Adwords, which help us understand who is visiting our websites and to show relevant ads on other websites to people who have visited our websites. You can control what ads you see through the Google Ad Settings Manager. More information on how Google uses information collected when you use Google’s partner sites is available on Google’s Partner Technologies page.
You may be able to opt-out of tracking conducted by third parties through our Services by adjusting the Do Not Track settings on your browser, but we don’t control whether or how these third parties comply with Do Not Track requests. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are on our website or using the Services and after you leave our website or Services.
Agents and Subcontractors: We employ other companies and people to perform tasks on our behalf and may need to share your information with them to provide Services to you; for example, we may use a payment processing service like Stripe to receive and process your credit card transactions for us; we may use a customer engagement service like Intercom to send you tips and training on how to use our Services or we may use a customer support service like Zendesk to help answer your questions. Unless we tell you differently, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us.
User Profiles and Submissions: Certain user profile information, including your name, email, phone number, and any video or image that you upload to the Services, may be displayed to other users to facilitate user interaction within the Services or address your request for our Services. Your account privacy settings may allow you to limit the other users who can see the Personal Information in your user profile and/or what information in your user profile is visible to others.
Business Transfers: We may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that would be transferred. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
We are a global business. Personal Information may be stored and processed in any country where we have operations or where a business that supports our website and Services may be located. This means that the Personal Information we collect may be transferred to, and stored in, a country outside of the country where you are located.
If you are located in the European Union (“EU”) your Personal Information may be transferred outside of the European Economic Area (“EEA”). Under the GDPR, the transfer of Personal Information to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer Personal Information if other appropriate safeguards are in place.
If you are located in the United Kingdom (“UK”) your Personal Information may be transferred outside of the UK. Under the UK GDPR, the transfer of Personal Information to a country outside the UK may take place where the European Commission (as of 31 December 2020) or the UK government has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer Personal Information if other appropriate safeguards are in place.
Where we transfer Personal Information outside the EEA or the UK, it will only be transferred to countries that have been identified as providing adequate protection for EEA or UK data, or to a third party where approved transfer mechanisms are in place to protect your Personal Information (e.g. by entering into the European Commission’s Standard Contractual Clauses).
Some of the Personal Information we collect is processed in New Zealand. New Zealand is recognized by the European Commission as a country that has an adequate level of data protection and we rely on this decision in transferring Personal Information to New Zealand.
Some of the Personal Information we collect may be transferred to our US entity Spoke Network Inc. and/or our Australian entity Spoke Network Pty Limited. We rely on European Commission Standard Contractual Clauses when transferring Personal Information to Spoke Network Inc. and/or Spoke Network Pty Limited.
For further information, please contact us at firstname.lastname@example.org
IS MY PERSONAL INFORMATION SECURE?
We have implemented stringent security measures to protect information. These include encrypting data while at rest in our databases, encrypting data in transit to and from employee phones, rotating encryption keys and certificates on a regular basis, and, enforcing two factor authentication for all our engineers and support staff who require access to any data or system. In addition, your account is protected by either a password or a 2 factor authentication login for your privacy and security. If you access your account via a third party site or service, you may have additional or different sign-on protections via that third-party site or service.
You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password and/or another sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.
WHAT PERSONAL INFORMATION CAN I ACCESS?
General: Subject to certain grounds for refusal under applicable law, you have the right to access your personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
Where you request a correction, if we think the correction is reasonable and we are reasonably able to change your personal information, we will make the correction. In all other cases, we will take reasonable steps to make a note of the personal information that was the subject of your correction request.
If you want to exercise either of the above rights, email us at email@example.com. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information to be corrected and the correction that you are requesting).
Services: Through your account settings, you may access, and, in some cases, edit or delete the following information you’ve provided to us:
- name and password
- email address
- phone number(s)
- time zone
- place of employment
- recorded/transcribed messages and calls
- call history including incoming/outgoing number and duration
- user profile information, including images you have uploaded
- billing information
- other third-party account information you have linked to the site
The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at firstname.lastname@example.org.
California residents: Under California Civil Code Sections 1798.83-1798.84 (“CCPA”), California residents are entitled to ask us for a notice identifying the categories of Personal Information, which we share with our affiliates and/or third parties, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: email@example.com.
WHAT CHOICES DO I HAVE?
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.
You may be able to add, update, or delete the information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request deletion of your Spoke account by emailing firstname.lastname@example.org. After deletion of such information from your account, some information may remain in our records for a period of time that is consistent with the purpose for which the data was collected. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally.
WHAT IF I HAVE QUESTIONS ABOUT THIS POLICY?
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to email@example.com and we will try to resolve your concerns.
GDPR ADDITIONAL TERMS
The GDPR regulates the collection, processing, and transfer of EU individuals’ personal data (as defined in the GDPR). The collection, processing, and transfer of UK individual’s personal data is subject to the UK GDPR.
For the purposes of the GDPR and UK GDPR:
- we are the data controller (as defined in the GDPR and UK GDPR) when processing Accounting and Marketing Data and Third-Party Account Information; and
- our customers are the data controller when processing User Data.
REPRESENTATION FOR DATA SUBJECTS IN THE EU
We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/12364652032
The remainder of these GDPR additional terms apply to Account and Marketing Data and Third-Party Account Information only and do not apply to User Data.
LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION
Our lawful basis for processing (as that term is defined in the GDPR and UK GDPR) Personal Information that we collect, use and disclose depends on the Personal Information collected and the context in which we collect it.
Generally, we collect Personal Information from you where we have your consent, where processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract, or where processing is necessary for the purposes of our legitimate interests (except where such interests are overridden by your interests or fundamental rights and freedoms).
Where we process Personal Information based on your consent, you may withdraw your consent at any time.
Despite the above, we may process your Personal Information where such processing is necessary for compliance with applicable laws.
If you have any questions about the legal basis on which we process personal information or need further information, please contact us at firstname.lastname@example.org.
YOUR RIGHTS UNDER THE GDPR AND UK GDPR
If you are located in the EU or the UK, your rights in relation to your Personal Information include:
- right of access – if you ask us, we will confirm whether we are processing your Personal Information and provide you with a copy of that Personal Information
- right to rectification – if the Personal Information we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take reasonable steps to ensure inaccurate Personal Information is rectified. If we have shared your Personal Information with any third party, we will tell them about the rectification where possible
- right to erasure – when your Personal Information is no longer needed for the purposes for which you provided it, we will delete it. You may request that we delete your Personal Information and we will do so if deletion does not contravene any applicable law. If we have shared your personal data with any third party, we will take reasonable steps to inform those third parties that they must delete your Personal Information
- right to withdraw consent – if the basis of our processing of your Personal Information is consent, you can withdraw that consent at any time
- right to restrict processing – you may request that we restrict or block the processing of your Personal Information in certain circumstances. If we have shared your Personal Information with any third party, we will tell them about this request where possible
- right to object to processing – you may request that we stop processing your Personal Information at any time and we will do so to the extent required by the GDPR or the UK GDPR.
- rights related to automated decision-making, including profiling – you have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such automated decision-making is necessary for entering into, or the performance of, a contract with you, is authorized by applicable laws or is based on your explicit consent. We do not undertake automated individual decision-making.
- right to data portability – you may obtain your Personal Information from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this Personal Information in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your Personal Information directly to another data controller
- the right to complain to a supervisory authority – you can report any concern you have about our privacy practices to your local data protection authority.
Where Personal Information is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.
If you would like to exercise any of your above rights, please contact us at email@example.com. If you are not satisfied by the way we deal with your query, you may refer your query to your local data protection authority.