The Application collects some Personal Data from its Users.
The Owner takes care of protecting the confidentiality of the information that End-Users share, and commits itself to the strictest compliance with the data protection law that applies.
This document is aimed at providing End-Users with an outline of what the Service provided consists of, what Personal Data are collected via the Service and how such Data are processed.
The SCTA App application (the ’Application’) is entirely built within the technical framework provided by SpotMe, dedicated to mobile event and engagement application solutions. The Application provides End-Users with a mobile and digital solution to interact and communicate during events, meetings or community engagements. Such communication is carried out in a paperless environment through the functionalities available in the Application. Once the End-User has joined the event environment, he can start using the engagement features of the Application, including but not limited to, posting questions, receiving learning or training material, communicating in real time with other End-Users, taking notes, casting votes etc., depending on the feature set made available in the Application and on the setting thereof.
Data Protection Officer of the Data Controller and Owner
Data Processor
SpotMe Holding SA
Avenue du Théâtre 1
4th floor
1005 Lausanne
Switzerland
Or one of its subsidiaries:
SpotMe SA
Avenue du Théâtre 1
4th floor
1005 Lausanne
Switzerland
SpotMe Inc.
935 W Chestnut St #650
Chicago, IL 60642
USA
SpotMe Pte. Ltd.
16 Raffles Quay #33-03, Hong Leong Building
Singapore 048581
Contact email: privacy@spotme.com
The contractual relationship between SpotMe and the Owner is specifically addressed in the related paragraphs of the present document.
The navigation on the Application (as well as the use of any third party’s application embedded and/or available therein), implies the communication to the Owner of Usage Data, which is implicitly acquired during the navigation of the End-User through the internet communications protocol.
Usage Data includes but is not limited to, the IP addresses or domain names of the devices utilized by the End-Users , the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the End-User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device’s operating system and/or the End-User's IT environment.
Usage Data is not collected for the purpose of identifying the End-User. However, End-User must be aware that the identification may be possible through further elaborations and associations, as well as with information held by third parties.
Should any wilful act of misconduct, fraud or criminal offence be perpetrated, Usage Data could potentially be used for ascertaining individual responsibilities.
To use the Service, End-Users may need to register and disclose the information requested in the relevant forms in a complete and truthful manner. Whenever a field in the forms provided is described as ”optional” or ”not compulsory” or is not marked with ”*” symbol it means that End-User is free not to communicate the requested Data and that the End-User’s request can be fulfilled notwithstanding the absence of this information. The Data collected by the Application for registration purposes are: email address, first name, last name. End-User’s Personal Data shall be processed upon End-User’s prior, free and informed consent, when required by the law, and solely for the purposes outlined in the present privacy policy. End-Users are responsible for any third party Personal Data obtained, published or shared through this Application and confirm that they have the third party's consent to provide the Data to the Owner.
The Data Controller processes the Data of End-Users in an appropriate manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.
The Data is processed at the Data Controller's operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller.
The Data is kept for the time necessary to provide the Service requested by the End-User, or stated by the purposes outlined in this document, and the End-User can always request that the Data Controller suspend or remove the Data. For further information, End-User can contact the Data Controller at the contact details provided at the beginning of this privacy policy.
The Data concerning the End-User is collected for the purposes described below.
In particular, Usage Data is solely processed to:
As for the Data communicated by End-User on a voluntary basis, it is processed for the following purposes:
Further details about the processing of Personal Data carried out by the Owner can be found in the section below.
End-Users must be aware that other users of the application might have access to, or re-post, or otherwise share what they have published, which could also include Personal Data such as name, nickname/screen name, location and other information about the End-User, as well as information about the event they are participating to. These other users might make such information publicly available. Also, End-Users must be aware that the Application allows interactions among mobile devices running the Application or between mobile devices running the Application and other components of the Application. In particular, at each event at which the Application is employed, the Event Organizer determines the rules as to how individually-identifiable information in the Application will be made accessible to other End-Users. Where applicable and once these rules have been determined, SpotMe enforces them, including by withholding Data from the Event Organizer where that Data was gathered under a commitment of anonymity.
Some of the ways in which individually-identifiable information about a participant are made available to others vary from event to event including, but not limited to the following:
End-Users who are not comfortable with the functioning of the Application may return their SpotMe device at any time (if they have been provided with such a device), may delete the Application from their personal mobile device or may request the deletion of their Personal Data to the Event Organizer.
The Application usually provides for a closed environment, meaning that the End-User must be authenticated with an email link or a similar authentication scheme before joining the Application. If no authentication scheme is available, End-Users can access by providing the following Data: email address, first name and last name. SpotMe does not automatically collect, via the service, any personal identifiable information from the Users. Nonetheless, the use of the Service may imply the automatic collection of some End-User's information and other Usage Data, including but not limited to, IP address, operating system and type of browser used by End-User's mobile device.
Notwithstanding the above, under specific circumstances and, namely, as part of the functioning of the Application related to a meeting or event at which the Application is employed, SpotMe may receive some personal identifiable information about the End-Users, including but not limited to, their name, surname and email address, in order to enable the particular features of the Application.
SpotMe does not own any such Data and shall process them, as Data Processor, according to the instructions and the terms and conditions set forth in the agreement entered into with the Client who remains the sole Data Controller.
The Data Controller is solely liable for the lawful transmission of Personal Data referring to End-Users to SpotMe. The Data Controller shall inform such Users accurately about the intended data transfer and collect their prior explicit consent, if needed. In particular, the Data Controller shall inform its Users about profiling activities possibly performed through recourse to services provided by SpotMe. In case such profiling activities take place, the Data Controller is solely liable for the fulfilment of the notification, if required, to the competent Data Protection Authority, as well as to comply with any requirements prescribed by the applicable privacy laws which are relevant to the aforesaid data processing activities.
Therefore, the Data Controller is bound to inform the End-Users correctly about the data treatment performed with recourse to services provided by SpotMe according to applicable law, i.e. providing a privacy policy including information about data treatment performed by SpotMe on its behalf.
To the same extent, the Data Controller is solely liable for the enforcement of consent revocations or other requests received by Data Subjects. The Data Controller shall inform SpotMe accurately and without undue delay about the revocation of consent or the request and about the Data to be deleted, amended, rectified etc. The Data Controller is solely liable for any damage possibly arising to third parties (e.g. their users or other Users) due to an unlawful processing of Personal Data transferred to SpotMe.
SpotMe operates through a network of subsidiaries.
As for the transfer of Personal Data to countries outside of the European Union, European Users must be aware of the following:
European Users must be aware that such transfer is lawfully carried out pursuant to the European Commission’s decision 2000/518/EC of 26 July 2000 on the adequate protection of Personal Data provided in Switzerland.
SpotMe, Inc. participates in and complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union to the United States. SpotMe Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.
If there is any conflict between the terms in this document and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view SpotMe Inc.’s certification, please visit https://www.privacyshield.gov/ (or find the direct link to the certification list of Privacy Shield participants maintained by the Department of Commerce here https://www.privacyshield.gov/list).
Following the decision of the Court of Justice of the EU on Case C-311/18 adopted on July 16, 2020 pursuant to which Commission Implementing Decision (EU) 2016/1250 on the adequacy of the protection provided by the EU-U.S. Privacy Shield is declared invalid, transfers of Personal Data to the US, including but not limited to SpotMe intra-group transfers, are subject to Standard Contractual Clauses (SCCs) for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection. European Users must be aware that such transfer is lawfully carried out pursuant to Commission Decision 2010/87/EU on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council.
SpotMe, Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. SpotMe, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
SpotMe Inc. is responsible for all processing of Personal Data it receives under the Privacy Shield Framework from Swiss individuals and commits to subject the processed Personal Data to the Privacy Shield Principles. This, most importantly, includes the right of individuals to access their personal data processed by SpotMe Inc. SpotMe Inc. also complies with the Privacy Shield Principles for all onward transfers of Personal Data from Switzerland, which means that it remains liable in cases of onward transfers to third parties. With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, SpotMe Inc. is subject to the investigatory and regulatory enforcement powers of the FTC, if not stated otherwise in this document. SpotMe Inc. is further required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, SpotMe Inc. commits to resolve complaints about its collection or use of the User’s Personal Data. European Union individuals with inquiries or complaints regarding this Privacy Shield policy should first contact SpotMe Inc. at privacy@spotme.com, referring to “Privacy Shield” and expect the complaint to be dealt with within 45 days. In case of failure by SpotMe Inc. to provide a satisfactory or timely response, the User has the option of involving an independent dispute resolution body, free of charge.
In this regard, SpotMe Inc. has agreed to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to data transferred from the EU. The User may therefore contact SpotMe Inc. at privacy@spotme.com, in order to be directed to the relevant DPA contacts. Under certain conditions - available for the User in full on the Privacy Shield website (https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint) - the User may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Swiss Users must be aware of the fact that the Federal Data Protection and Information Commissioner (FDPIC) can act as a mediator in all disputes related to the Swiss Users' Data protection. Therefore, Swiss Users can submit any Data protection related dispute to the mediation of the FDPIC.
Given the information above, Personal Data can be collected by using some of the following services:
Application may associate a randomly generated identification code to the User's device. Such codes shall be used exclusively for statistical purposes and any such statistics shall be carried out in aggregate and anonymous fashion. For further information, the User can contact the Owner at the contact details provided in the present document.
This type of service has the purpose of hosting data and files that enable the SpotMe App to be run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of SpotMe App. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
Softlayer Technologies
Softlayer Technologies is a cloud hosting and backend service provided by SoftLayer Technologies, Inc.
Places of processing: European Union, US, Australia, Singapore. The actual place of processing is determined by the Client or the Event Organizer. If not determination is done by the Client or the Event Organizer, SpotMe will select the location that corresponds to the closest of the Client’s jurisdiction.
Place of processing: European Union, US, Australia or Singapore - Privacy Policy
Application may send push notifications to the User.
This Application uses Cookies. To learn more and for a detailed cookie notice, you may consult the Cookie policy on http://spotme.com/specifications.
The End-User's Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the Services. The End-User declares to be aware that the Data Controller may be required to reveal Personal Data upon request of public authorities.
In addition to the information contained in this privacy policy, the Data Controller and / or SpotMe may provide the End-User with additional and specific information concerning particular services or the collection and processing of Personal Data upon request.
For operation and maintenance purposes, Application and, where applicable, third party services may collect files that record interaction with Application (System logs) or use for this purpose other Personal Data (such as IP Address).
The Service is directed to the general public. The Data Controller and SpotMe do not knowingly collect information from children under 13 years of age or have any reasonable grounds for believing that children under the age of 13 are accessing the Service. If the Data Controller or SpotMe learn that they have inadvertently collected Personal Data from a child under age 13, that Data will be deleted as quickly as possible. If you believe that we might have any information from a child under age 13, please contact us at privacy@spotme.com.
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.
Data Subjects have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller or SpotMe to learn about their contents and origin, to access, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons or to request data portability. Requests should be sent to the Data Controller (please see the contact information at the beginning of this document) or to SpotMe at privacy@spotme.com. Data Subjects can lodge a complaint with the competent supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement of GDPR in relation to the processing of their Personal Data.
In the case of a personal data breach of data where SpotMe is the data processor, but not data controller, SpotMe will notify the Data Controller without undue delay after becoming aware of a personal data breach. In the case of a personal data breach of data where SpotMe is the data controller, SpotMe will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55 GDPR, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification to the supervisory authority is not made within 72 hours, it will be accompanied by reasons for the delay. In the data breach notification, SpotMe will describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned, and communicate the name and contact details of the data protection officer or other contact point where more information can be obtained and describe the likely consequences of the personal data breach; describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. SpotMe will document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken.
You are always entitled to request information about any of your data that SpotMe has stored, as well as their origin and recipient and the purpose it was stored for. If you have any questions about data protection or if you wish to access, request data portability, correct, block or delete your profile or any of your personal data, or if you would like, at any time, to revoke a granted authorization regarding the use of your customer data or e-mail address, please contact the following: SpotMe Holding SA, Avenue du Théâtre 1, 4th floor, 1005 Lausanne, Switzerland or by email privacy@spotme.com. SpotMe external data protection officer is Dr. Christian Rauda (board-certified attorney for information technology law), GRAEF Rechtsanwälte, Hamburg, Germany. You can reach him via privacy@spotme.com.
The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its End-Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If an End-User objects to any of the changes to the Policy, the End-User must cease using SpotMe App and can request that the Data Controller remove the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about End-Users.
For any further information about the Data processing by SpotMe as regards the provision of the Service, Users can write an email to the following address privacy@spotme.com.
“Client” means the natural or legal person who has purchased SpotMe services for its professional, commercial or entrepreneurial purposes and has thus access to the Service. For the purposes of this document, the Client coincides with the Owner.
“Cookies” means a small piece of data stored in the User's device.
“Data Controller (or Owner)” means the natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of Application. The Data Controller of the Application, unless otherwise specified, is [insert name of the corporation which owns the app].
“Data Processor (or Data Supervisor)” means The natural person, legal person, public administration or any other body, association or organization authorized by the Data Controller to process the Personal Data in compliance with this privacy policy.
“Data Subject” means the legal or natural person to whom the Personal Data refers. End-User (or User) means The individual using the Application, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refers.
“Event Organizer” means any User who has been granted permission by the Client to define the functionalities and permissions of the Application during an event or a community engagement where the Application is used.
“Personal Data (or Data)” means any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.
“Service” means the services, such as access to software, content, platform, infrastructure, and storage space, that are provided to Client and made available online by SpotMe, including associated SpotMe offline or mobile components and which may entail the processing of End-Users' Data.
“[insert name of the application] App or (Application)” means the hardware or software tool and/or platform based on the Service by which the Personal Data of the User is collected.
“SpotMe” means the company SpotMe Holding SA with registered office at Avenue du Théâtre 1, 4th floor, 1005 Lausanne, Switzerland and including its subsidiaries SpotMe SA, SpotMe Inc., and SpotMe Pte. Ltd.
“Usage Data” means information collected automatically from the Application (or third party services employed in SpotMe), including but not limited to, the IP addresses or domain names of the computers utilized by the Users who use SpotMe, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
Notice to European Users: this privacy statement has been prepared in fulfillment of the obligations under Art. 10 of EC Directive n. 95/46/EC, Art. 13 and Art. 14 of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and under the provisions of Directive 2002/58/EC, as revised by Directive 2009/136/EC, on the subject of Cookies.
Latest update: January 15, 2018