1. Introduction
Flat Spell Technologies, Inc. (collectively, “we,” “us,” “our,” or “Company”) also refers any of our corporate affiliates or subsidiaries, respect the privacy of our customers and individuals who use our services. This SaaS Privacy Notice (“Notice”) is made available to you to describe how we collect, use, and share personal data we process on behalf of our Customers when you use our hosted software applications (“Services”). It also describes your choices regarding the use, access and correction of your Personal Information that we process in the course of fulfilling our obligations as a service provider according to the Flat Spell Technologies Inc. Services Agreement (“Services Agreement”) executed between Flat Spell Technologies Inc. and our customer (“Customer”). Customer may be your employer, or if you are an independent contractor, they may be the entity that has engaged you to provide your services to them.
This Notice does not cover any information or data collected by Flat Spell Technologies Inc. for other purposes, such as information collected for marketing purposes. Please see the Website Privacy Policy for more information.
2. About Flat Spell Technologies Inc. and the Personal Information We Collect Flat Spell Technologies Inc. is a services and products company that provides software solutions for people, businesses and assets to enable those entities to reach their full potential. While using our Services, Customers and their authorized users input or transfer electronic data into the Flat Spell Technologies Inc. systems (“Customer Data”). Customer Data may include an individual’s name, email address, unique identifier(s), phone number(s), company position, business unit, cost center and location within Customer’s workplace (“Personal Information”).
3. Retention of Personal Information Flat Spell Technologies Inc. will retain Personal Information we process on behalf of our Customers for as long as needed to provide Services to our Customer and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
4. Transfers of Personal Information Flat Spell Technologies Inc. is responsible for the processing of Personal Information it receives from Customers and any onward transfers to third parties acting on our behalf in compliance with applicable law, including but not limited to, the Australian Privacy Act 1988; California Consumer Privacy Act of 2018 (“CCPA”); the EU General Data Protection Regulation 2016/679 (“GDPR”) and its respective national implementing legislations; the Swiss Federal Act on Data Protection; the United Kingdom General Data Protection Regulation (“UK GDPR”); and the United Kingdom Data Protection Act 2018 (in each case, as amended, adopted, or superseded from time to time).
Flat Spell Technologies Inc. Services and sites are provided and hosted from the United States; however, we may transfer, and process, your personal data outside of the country in which you are resident to a country that may not have equivalent privacy and data protection laws (and, in some cases, may not be as protective). Any such transfers will be performed consistent with the Service Agreement between Flat Spell Technologies Inc. and our Customers. When transferring data across borders, we will make sure that an appropriate transfer agreement is in place to protect Personal Information
Certain recipients (our service providers and other companies) who process Personal Information on our behalf may also transfer personal data outside the country in which you are resident. Where such transfers occur, we will make sure that an appropriate transfer agreement is put in place to protect Personal Information.
If you are a resident of the EEA, the UK or Switzerland, we will protect Personal Information when it is transferred outside of the EEA, the UK or Switzerland by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal data or we will rely on the Standard Contractual Clauses approved by the European Commission.
5. How We Collect Personal Information 5.1 From Customers Flat Spell Technologies Inc. processes Customer Data under the direction of Customers and has no direct control or ownership of the Personal Information it receives or processes. If you are an authorized user of one of our Customers and would no longer like to be contacted by one of our Customers that use our Service, please contact the Customer that you interact with directly. Customers are responsible for complying with regulations or laws that require providing notice, disclosure and/or obtaining consent prior to transferring the data to Flat Spell Technologies Inc. for processing purposes
5.2 From You Flat Spell Technologies Inc. may collect Personal Information directly from you. This information may be collected when: you register to use the Services you use the Services, or another application that the Services are embedded in (eg. as a mobile application provided by Flat Spell Technologies Inc.’s Customer) you contact the Flat Spell Technologies Inc. Support team you use your work PC to access the Services you access our website
5.3 Passive Collection As is true of most websites and web applications, we gather certain information automatically. This information may include Internet Protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the features viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, usage, change history, and/or clickstream data to analyze trends in the aggregate and administer the site.
6. You May Request Access, Changes and/or Removal to/of Your Personal Information Flat Spell Technologies Inc. acknowledges that you have the right to access your personal information. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate Personal Information should first direct your query to Flat Spell Technologies Inc.’s Customer (the data controller), or second by emailing your request to privacy@Flat Spell Technologies Inc..com
Flat Spell Technologies Inc. will process your request as soon as reasonably practicable, or within a reasonable timeframe, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why. For example, it may be necessary for us to deny your request if it would have an unreasonable impact on the privacy or affairs of other individuals, or if it is not reasonable and practicable for us to process your request in the manner you have requested. In some circumstances, it may be necessary for us to seek to arrange access to your personal information through a mutually agreed intermediary (for example, our Customer).
7. Customer Obligations Around Personal Information Through our Customer’s use of the Services, Flat Spell Technologies Inc. may collect information about our Customer’s personnel from our Customer. Similarly, through your use of the Services, Flat Spell Technologies Inc. may also collect information from you about someone else.
In either case, if you or our Customer (each an “Information Provider”) provide Flat Spell Technologies Inc. with Personal Information about someone else, the Information Provider must ensure that they are authorized to disclose that information to Flat Spell Technologies Inc. and that, without Flat Spell Technologies Inc. taking any further steps required by applicable data protection or privacy laws, Flat Spell Technologies Inc. may collect, use and disclose such information for the purposes described in this Notice.
This means that if required by applicable law, the Information Provider must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Notice, including the fact that their Personal Information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, Flat Spell Technologies Inc.’s identity, and how to contact Flat Spell Technologies Inc..
Where requested to do so by Flat Spell Technologies Inc., the Information Provider must also assist Flat Spell Technologies Inc. with any requests by the individual to access or update the Personal Information it has collected from them and entered into the Service.
It is your responsibility to ensure that the Personal Information provided to us is accurate, complete, and up to date.
8. Flat Spell Technologies Inc. Collects, Holds and Uses Your Personal Information for Limited Purposes 8.1 To Provide the Services The use of Personal Information collected through the Services is limited to the purpose of providing the Service in the Service Agreement. Flat Spell Technologies Inc. uses your information to provide the Services to you, including to verify your identity when you log in, communicate with you about the Service, prevent or address service or technical problems, respond to support issues, provide transaction histories, produce de-identified industry trends/benchmarks, or otherwise operate, maintain, and improve the Services. We may also use your information when responding to Customer’s instructions or as may be required by law in accordance with the Services Agreement.
We analyze information about how people use our services, such as information about your use of facilities, statistics about general room utilization by type, and other activity germane to the work environment and office and facilities management, to identify trends, usage, activity patterns, and to develop new products, features, and technologies that benefit our users. With user consent as a user where required, we also test and analyze certain new features with some Customers before rolling the feature out to all Customers.
To provide certain features in the Services, we may create aggregated, de-identified data from Customer Data by removing, obfuscating, or otherwise anonymizing data components (such as your name, email address, or linkable tracking ID) that make the data personally identifiable. Our use of anonymized data is not subject to this Notice.
For example, we may use aggregated data to produce de-identified industry trends/benchmarks that allow users to benchmark their utilization of the Services against how others use our Services. When aggregate data is used or displayed to our users, we leverage analytics techniques that hash, filter, or otherwise scrub the information to exclude information that might identify you as an individual or your organization.
8.2 To Secure the Services We use information about you and your use of the Services to verify accounts and activity, to detect, prevent, and respond to potential or actual security incidents and to monitor and protect against other malicious, deceptive, fraudulent, or illegal activity, including violations of service policies.
8.3 To Protect our Legitimate Interests and Legal Rights Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, including our Customers, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
We process this information about you only where we have a legal basis for doing so. This means we process your information only when:
We need it to provide you the Services, including to operate the Services, provide customer support and personalized features, and to protect the safety and security of the Services;
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to secure the Services, or to protect our legal rights and interests;
You give us consent to do so for a specific purpose (limited to specific Services); or
We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
9. What does Flat Spell Technologies Inc.’s Customer do with the Information? How Flat Spell Technologies Inc.’s Customer uses your Personal Information will be subject to the Customer’s internal policies, which will indicate how it uses the information including any disclosure to third parties.
10. Can I Withhold My Personal Details? If you do not consent to us collecting, using, and storing your Personal Information we may be unable to provide the Services to our Customer.
In limited circumstances, you may be able to use a pseudonym. Please direct any such requests to the Flat Spell Technologies Inc. Customer.
11. Flat Spell Technologies Inc. Takes Steps to Protect Your Personal Information Flat Spell Technologies Inc. is committed to protecting the security of your Personal Information and we take all reasonable precautions to protect it from unauthorized access, modification or disclosure. We maintain a comprehensive, written information security program that contains industry standard, administrative, technical, and physical safeguards designed to prevent unauthorized access to our Customer’s Data. We also use appropriate industry-standard security technology as agreed with our Customer to ensure that your information is protected. When we no longer need your Personal Information, we will take all reasonable steps required to de-identify or destroy it.
12. Flat Spell Technologies Inc. only Discloses Personal Information in Limited Circumstances Your Personal Information may be shared with our authorized Affiliates and sub-contractors (“Personnel”) as necessary and appropriate to facilitate the purpose for which your Personal Information was collected pursuant to this Notice. They are only authorized to use Personal Information as necessary to provide services to us. These services include cloud computing infrastructure.
All Flat Spell Technologies Inc. Personnel who have access to Personal Information are legally bound not to disclose it and may only use it for the purposes incidental to undertaking their duties to Flat Spell Technologies Inc..
Flat Spell Technologies Inc. will not otherwise disclose your Personal Information to a third party outside of our Affiliates without your express consent. However, you should be aware that Flat Spell Technologies Inc. may be required to disclose your Personal Information without your consent in order to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities if such disclosure is required by law. Where possible and appropriate, to protect your rights, protect your safety or the safety of others, investigate fraud, or respond to a government request we will notify you if we are required by law to disclose your Personal Information.
If Flat Spell Technologies Inc. is involved in a merger, acquisition, or sale of all or a portion of its assets, our Customer will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with our Customer’s prior consent.
The third parties who host our servers do not control and are not permitted to access or use your Personal Information except for the limited purpose of storing the information.
13. Flat Spell Technologies Inc. Uses Cookies Flat Spell Technologies Inc. and its partners use cookies or similar technologies to help us process your transactions and requests, analyze trends, administer the website, track aggregate and statistical information about user activity and gather statistics about our user base as a whole.
In the Services, we use essential cookies for authentication and session management. These technologies may provide us with personal data, information about devices and networks you utilize to access our Services, and other information regarding your interactions with our Services. We may combine the information we receive from cookies with personal data we have otherwise collected.
Third-Party Analytics. We also use automated devices and applications including Google Analytics (more info here) to evaluate the use of our Services. We use tools to gather non-personal information about users to help us improve our Services and user experiences. These analytics providers may use cookies and other technologies to perform their services and may combine the information they collect about you on our Services with other information they have collected for their own purposes. Please note, for the Services, any data sent is anonymized. This notice does not cover such uses of data by third parties.
Browser Level Opt-Out. You can set or change your web browser controls to accept or refuse cookies. The “help,” “tools,” or “edit” portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Your ability to completely prevent your browser from accepting new cookies may depend on the sophistication of your browser software. If you disable cookies, you may still access our Sites but be aware that some features of our Services may not function. Most advertising networks offer you a way to opt-out of targeted advertising.
Please note, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms. You will continue to receive ads on the websites you visit, but the ad networks from which you have opted out will no longer target ads to you based upon your activities on other sites.
Do Not Track. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish for your online activities to be tracked. Currently, our systems do not recognize browser DNT requests. In the meantime, you can use the “help” portion of the toolbar on most browsers to learn how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether as explained above.
14. Flat Spell Technologies Inc. has a Privacy Complaints Process Flat Spell Technologies Inc. commits to resolve complaints about our collection or use of your Personal Information. For questions regarding this Notice, please contact us by emailing [email protected] or by mailing Flat Spell Technologies Inc. at the following address: Flat Spell Technologies Inc., Attention Privacy, PO Box 341, Rumson, NJ, 07760.
15. Our Privacy Officer will endeavor to: provide an initial response to your query or complaint within 15 Business Days, and investigate and attempt to resolve your query or complaint within 45 Business Days or such longer period as is necessary and notified to you by our Privacy Officer. Changes to This Policy From time to time, we may update this Notice to reflect the changes to our information practices. We encourage you to periodically review this page for the latest information on our privacy practices.