Privacy & GDPR

Effective Date: 3rd March, 2021

At Spoke, we care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn more about our Privacy Policy.

We are a global business and your interaction with us or our Services may be with one or more members of our group. A list of our entities is provided in the contact section of this Privacy Policy. For the purposes of this Privacy Policy, unless we specifically say otherwise, a reference to “we”, “us” or “our” is a reference to the member or members of our group with whom you are interacting with.

By using or accessing our products, applications and other services provided to you by Spoke and its distribution partners through this website and other delivery methods (collectively “Services” or “Service”) in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you consent that we will collect, use, and share your information as set out in this Privacy Policy.

Your use of our Services is at all times subject to the Terms of Use, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use.

WHAT DOES THIS PRIVACY POLICY COVER?

General: This Privacy Policy covers our treatment of personally identifiable information and equivalent information under applicable privacy and data protection laws (“Personal Information”) that we gather when you are accessing or using our website or Services, but not to the practices of companies we don’t own or control, or people that we don’t manage.

Account and Marketing Data: We gather various types of Personal Information from our users, and we use this Personal Information to deliver our Services, including to personalize, provide, and improve our Services, to allow you to set up a user account and profile, to contact you and allow other users to contact you, to fulfill your requests for certain Services, and to analyze how you use the Services (“Account and Marketing Data”). In certain cases, we may also share some Personal Information with third parties, but only as described below.

User Data: Customers of our Services may collect Personal Information from individuals (e.g. their employees and customers) and upload, store or process that information to or in the Services. We may also collect Personal Information on our customers’ behalf in the course of providing our Services to those customers (e.g. where a customer uses our call recording or transcription features). We refer to this information as “User Data”.

We require our customers to obtain the necessary consents from individuals to provide User Data to us and permit us to collect and use User Data for the purposes of providing the Services to our customers. If you have any concern about our collection and use of Personal Information about you contained in User Data, please contact us at privacy@spokephone.com.

For the purposes of the European Union General Data Protection Regulation 2016/679 (“GDPR”), and the equivalent laws of the United Kingdom (“UK GDPR”), our customers are the data controller when storing or otherwise processing User Data that we hold solely for the purpose of providing our Services and we are the data processor.

We only process User Data as authorized by our customers in our Terms of Use and/or other agreements with our customers that govern the processing of User Data (as applicable). Unless required otherwise under applicable law, if we receive any request or inquiry relating to User Data that we hold solely for the purpose of providing our Services, we will forward this request to the relevant customer.

Children: We do not knowingly collect or solicit Personal Information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Information, please contact us at support@spokephone.com.

WILL THIS PRIVACY POLICY EVER CHANGE?

We are constantly trying to improve our Services, and as such, we may need to change this Privacy Policy from time to time. If we do need to change this Privacy Policy, we will alert you to any changes by placing a notice on the Spokephone.com website, by sending you an email, and/or by some other means. Please note that if you’ve opted not to receive communications from us, those notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. Links to previous versions of our Privacy Policy can be found at the end of this Privacy Policy.

WHAT INFORMATION DO WE COLLECT?

Information You Provide to Us: We receive and store any information you knowingly provide to us. For example, through the registration process and/or through your account settings, we may collect Personal Information such as your name, email address, phone number, and third-party account credentials (for example, your log-in credentials for Google or other third party sites). If you provide your third-party account credentials to us or otherwise sign in to the Services through a third party site or service such as Office365 or Google, you understand some content and/or information in those accounts (“Third Party Account Information”) may be transmitted into your account with us if you authorize such transmissions, and that Third Party Account Information transmitted to our Services is covered by this Privacy Policy. Certain information may be mandatory for you to provide in order to register with us and/or to take advantage of some of our features.

We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers on behalf of other businesses, or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our Services. If you do not want to receive communications from us, please indicate your preference by unsubscribing through the link at the bottom of our emails.

Information Collected Automatically: Whenever you interact with our website or Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, device identification, “cookie” information, the type of browser and/or device you’re using to access our website or Services, and the page or feature you requested. “Cookies” are identifiers we transfer to your browser or device that allow us to recognize your browser or device and tell us how and when pages and features on our website or Services are visited and by how many people. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features. Our partners may also transmit cookies to your browser or device, when you use or interact with their products provided via our Services. Also, if you click on a link to a third party website or service, such third party may also transmit cookies to you. Again, this Privacy Policy does not cover the use of cookies by any third parties, and we aren’t responsible for their privacy policies and practices.

We may use this data to customize content for you that we think you might like. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services better, or remove Services that are not being used.

Information Collected from Other Websites and Do Not Track Policy: Through cookies we place on your browser or device, we may collect information about your online activity after you leave our website or Services. Just like any other usage information we collect, this information allows us to improve our website and Services and customize your online experience, and otherwise as described in this Privacy Policy. Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and/or across different websites. Our website and Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are on our website or using the Services and after you leave our website or Services.

HOW DO WE USE YOUR INFORMATION?

We use your Personal Information to facilitate our ongoing and proposed business dealings with you, including to process transactions that you initiate with or through us, establish and maintain your account and to communicate updates, policy changes and other technical matters concerning these Services.

With your permission, we may use your Personal Information to market our Services, or those of our business partners, including sending announcements and other similar communications regarding the Services, sending trial or limited access opportunities to our Services, soliciting input from you regarding improvements we can make, and informing you of third-party offerings that we think you or your company may be interested in which relate to our Services.

DO WE SHARE YOUR PERSONAL INFORMATION?

We neither rent nor sell your Personal Information in personally identifiable form to anyone. However, we may share your Personal Information with third parties as described in this section:

Information that’s no longer personally identifiable: We may anonymize your Personal Information so that you are not individually identified, and provide that information to certain of our partners to help us understand our users’ online behavior. We may also provide anonymous aggregate usage information to our partners, who may use such information to understand how often and in what ways people use our Services so that we can provide you with an optimal online experience. However, we never disclose aggregate usage information to a partner in a manner that would identify you personally, as an individual. Additional information regarding our partners’ privacy policies and the option to opt-out of sharing your usage information is available at https://spokephone.comn/terms/. If you choose to opt-out, please note that your actions, such as getting a new computer, installing a new browser, erasing, or otherwise altering your browser’s cookie file, may clear any opt-out cookies that you have enabled.

Affiliated Businesses and Service Integrations: Some businesses or third-party websites we’re affiliated with provide products or services to you through or in connection with the Services or allow you to access our Services through those third-party products. For a list of our affiliates and integrations, go to https://spokephone.com/integrations. We will share your Personal Information with affiliated businesses only if you or your Spoke administrator set up an integration, and we will only share your information to the extent that it is related to the transaction or service, such as the ability for you to automatically transmit Third Party Account Information to your Services profile or to automatically transmit information in your Services profile to your third party account. If you choose to take part in any transaction or service relating to an affiliated website or business, please review their policies.

Cookies Policy, Third-Party Analytics, and Tracking: Our and our third-party service providers of tracking technologies gather non-personal information about how users enter, navigate, and leave the website and Services, the frequency and length of visits to the website or Services or third party websites, application or device usage data, and your product or service preference indicated by the number of times and the length of time you view a product. We gather this data using cookies (both first-party cookies, such as the Google Analytics cookie, and third-party cookies, such as the DoubleClick cookie), web beacons, tags, and other similar techniques that deliver small files to your computer and which allow these networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers.

We use Google Analytics and Google Adwords, which help us understand who is visiting our websites and to show relevant ads on other websites to people who have visited our websites. You can control what ads you see through the Google Ad Settings Manager. More information on how Google uses information collected when you use Google’s partner sites is available on Google’s Partner Technologies page.

We also use a marketing automation tool called HubSpot® to handle various marketing tasks, such as contacting visitors who provide their contact information and requested additional information. You can read more about HubSpot’s Privacy Policy and opt-out options here via HubSpot’s Privacy Notice.

You may be able to opt-out of tracking conducted by third parties through our Services by adjusting the Do Not Track settings on your browser, but we don’t control whether or how these third parties comply with Do Not Track requests. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are on our website or using the Services and after you leave our website or Services.

Agents and Subcontractors: We employ other companies and people to perform tasks on our behalf and may need to share your information with them to provide Services to you; for example, we may use a payment processing service like Stripe to receive and process your credit card transactions for us; we may use a customer engagement service like Intercom to send you tips and training on how to use our Services or we may use a customer support service like Zendesk to help answer your questions. Unless we tell you differently, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us. 

User Profiles and Submissions: Certain user profile information, including your name, email, phone number, and any video or image that you upload to the Services, may be displayed to other users to facilitate user interaction within the Services or address your request for our Services. Your account privacy settings may allow you to limit the other users who can see the Personal Information in your user profile and/or what information in your user profile is visible to others. 

Business Transfers: We may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that would be transferred. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.

Other Access to your Personal Information: We reserve the right to access, read, preserve, and disclose any information that we believe is necessary to comply with the law, or in response to a court order or subpoena; enforce or apply our Terms of Use and other agreements; or protect the rights, property, or our safety or that of our employees, users, or others.

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

We are a global business. Personal Information may be stored and processed in any country where we have operations or where a business that supports our website and Services may be located. This means that the Personal Information we collect may be transferred to, and stored in, a country outside of the country where you are located.

If you are located in the European Union (“EU”) your Personal Information may be transferred outside of the European Economic Area (“EEA”). Under the GDPR, the transfer of Personal Information to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer Personal Information if other appropriate safeguards are in place.

If you are located in the United Kingdom (“UK”) your Personal Information may be transferred outside of the UK. Under the UK GDPR, the transfer of Personal Information to a country outside the UK may take place where the European Commission (as of 31 December 2020) or the UK government has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer Personal Information if other appropriate safeguards are in place.

Where we transfer Personal Information outside the EEA or the UK, it will only be transferred to countries that have been identified as providing adequate protection for EEA or UK data, or to a third party where approved transfer mechanisms are in place to protect your Personal Information (e.g. by entering into the European Commission’s Standard Contractual Clauses). 

Some of the Personal Information we collect is processed in New Zealand. New Zealand is recognized by the European Commission as a country that has an adequate level of data protection and we rely on this decision in transferring Personal Information to New Zealand.

Some of the Personal Information we collect may be transferred to our US entity Spoke Network Inc. and/or our Australian entity Spoke Network Pty Limited. We rely on European Commission Standard Contractual Clauses when transferring Personal Information to Spoke Network Inc. and/or Spoke Network Pty Limited.

For further information, please contact us at privacy@spokephone.com

IS MY PERSONAL INFORMATION SECURE?

We have implemented stringent security measures to protect information. These include encrypting data while at rest in our databases, encrypting data in transit to and from employee phones, rotating encryption keys and certificates on a regular basis, and, enforcing two factor authentication for all our engineers and support staff who require access to any data or system. In addition, your account is protected by either a password or a 2 factor authentication login for your privacy and security. If you access your account via a third party site or service, you may have additional or different sign-on protections via that third-party site or service. 

You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password and/or another sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

WHAT PERSONAL INFORMATION CAN I ACCESS?

General: Subject to certain grounds for refusal under applicable law, you have the right to access your personal information that we hold and to request a correction to your personal information.  Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.

Where you request a correction, if we think the correction is reasonable and we are reasonably able to change your personal information, we will make the correction. In all other cases, we will take reasonable steps to make a note of the personal information that was the subject of your correction request.

If you want to exercise either of the above rights, email us at privacy@spokephone.com. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information to be corrected and the correction that you are requesting).

Services: Through your account settings, you may access, and, in some cases, edit or delete the following information you’ve provided to us:

  • name and password
  • email address
  • phone number(s)
  • location
  • time zone
  • place of employment
  • devices
  • recorded/transcribed messages and calls
  • call history including incoming/outgoing number and duration
  • user profile information, including images you have uploaded
  • billing information
  • contacts
  • other third-party account information you have linked to the site

The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at privacy@spokephone.com.

California residents: Under California Civil Code Sections 1798.83-1798.84 (“CCPA”), California residents are entitled to ask us for a notice identifying the categories of Personal Information, which we share with our affiliates and/or third parties, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: privacy@spokephone.com.

WHAT CHOICES DO I HAVE?

You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.

  • EU and UK: In addition to the rights to access and correct your personal information as detailed above, if you are based in the EU or the UK, you have the additional rights set out in the GDPR additional terms section of this Privacy Policy below.
  • California residents: Under the CCPA, California residents are entitled to exercise a right to opt-out from the sale of their personal information that may take place. We do not sell Personal Information to third parties. We may share Personal Information as described in the “Do we share your Personal Information?” section of this Privacy Policy.

You may be able to add, update, or delete the information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request deletion of your Spoke account by emailing support@spokephone.com. After deletion of such information from your account, some information may remain in our records for a period of time that is consistent with the purpose for which the data was collected. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally.

Following the cancellation of your Services, we may retain the information covered by this Privacy Policy for a period of eighteen months from the date of termination of your relationship with us.

WHAT IF I HAVE QUESTIONS ABOUT THIS POLICY?

If you have any questions or concerns regarding our privacy policies, please send us a detailed message to privacy@spokephone.com and we will try to resolve your concerns.

GDPR ADDITIONAL TERMS

If you are based in the EU or the UK and use our website and/or our Services, these additional terms form part of our privacy policy.

The GDPR regulates the collection, processing, and transfer of EU individuals’ personal data (as defined in the GDPR). The collection, processing, and transfer of UK individual’s personal data is subject to the UK GDPR.

Personal Information described in our Privacy Policy is personal data under the GDPR and UK GDPR. We are committed to complying with the GDPR and UK GDPR when dealing with the personal data of our website visitors and service users based in the EU or the UK.

For the purposes of the GDPR and UK GDPR:

  • we are the data controller (as defined in the GDPR and UK GDPR) when processing Accounting and Marketing Data and Third-Party Account Information; and
  • our customers are the data controller when processing User Data.

We will not process User Data except as provided in our Terms of Use and/or other agreements without customers that govern the processing of User Data (as applicable) and we require our customers to comply with applicable privacy and data protection laws. If we receive any data subject requests relating to User Data such as requests to access Personal Information, we will forward this request to the relevant customer.

REPRESENTATION FOR DATA SUBJECTS IN THE EU
We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/12364652032

Prighter certificate of Art 27 representation

The remainder of these GDPR additional terms apply to Account and Marketing Data and Third-Party Account Information only and do not apply to User Data.

LAWFUL BASIS FOR PROCESSING PERSONAL INFORMATION

Our lawful basis for processing (as that term is defined in the GDPR and UK GDPR) Personal Information that we collect, use and disclose depends on the Personal Information collected and the context in which we collect it. 

Generally, we collect Personal Information from you where we have your consent, where processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract, or where processing is necessary for the purposes of our legitimate interests (except where such interests are overridden by your interests or fundamental rights and freedoms). 

Where we process Personal Information based on your consent, you may withdraw your consent at any time. 

Despite the above, we may process your Personal Information where such processing is necessary for compliance with applicable laws.

If you have any questions about the legal basis on which we process personal information or need further information, please contact us at privacy@spokephone.com.

YOUR RIGHTS UNDER THE GDPR AND UK GDPR

If you are located in the EU or the UK, your rights in relation to your Personal Information include:

  • right of access – if you ask us, we will confirm whether we are processing your Personal Information and provide you with a copy of that Personal Information
  • right to rectification – if the Personal Information we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take reasonable steps to ensure inaccurate Personal Information is rectified. If we have shared your Personal Information with any third party, we will tell them about the rectification where possible
  • right to erasure – when your Personal Information is no longer needed for the purposes for which you provided it, we will delete it. You may request that we delete your Personal Information and we will do so if deletion does not contravene any applicable law. If we have shared your personal data with any third party, we will take reasonable steps to inform those third parties that they must delete your Personal Information
  • right to withdraw consent – if the basis of our processing of your Personal Information is consent, you can withdraw that consent at any time
  • right to restrict processing – you may request that we restrict or block the processing of your Personal Information in certain circumstances. If we have shared your Personal Information with any third party, we will tell them about this request where possible
  • right to object to processing – you may request that we stop processing your Personal Information at any time and we will do so to the extent required by the GDPR or the UK GDPR.
  • rights related to automated decision-making, including profiling – you have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where such automated decision-making is necessary for entering into, or the performance of, a contract with you, is authorized by applicable laws or is based on your explicit consent. We do not undertake automated individual decision-making.
  • right to data portability – you may obtain your Personal Information from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this Personal Information in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your Personal Information directly to another data controller
  • the right to complain to a supervisory authority – you can report any concern you have about our privacy practices to your local data protection authority.

Where Personal Information is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.

If you would like to exercise any of your above rights, please contact us at privacy@spokephone.com. If you are not satisfied by the way we deal with your query, you may refer your query to your local data protection authority.

Past revisions: