Privacy Policy
Effective Date: July 1, 2024
Last Updated on: July 1, 2024
This privacy policy (“Policy”) explains how Sprinto (“We”, “Us”, “Our”) Processes data collected from natural persons as specified in Clause 2 below (“You”, “Your”), as a Controller.
1. Definitions
Capitalised terms not specifically defined herein shall have the meaning ascribed to them in the Terms of Service.
1.1. “Subscriber” means the entity that has subscribed to the Services by accepting the Terms of Service or by entering into an agreement for subscribing to Sprinto’s Services.
1.2. “Controller” means the natural or legal person, public authority, agency, or other body which alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
1.3. “End-User(s)” means any person or entity other than the Subscriber or the Users whose data is transmitted by or on behalf of the Subscriber to the Services.
1.4. “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.5. “Process/To process” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.6. “Processor” means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.
1.7. “Sprinto” shall mean Sprinto Technology Private Limited, Sprinto, Inc and any of its affiliates.
1.8. “Terms of Service” means the binding contract between Us and the Subscriber which governs the access and use of the Service(s) by You. Our standard Terms of Service is available at https://sprinto.com/terms.
1.9. “Website(s)” means the websites that We own and operate.
1.9. “You” and “Your” means an identified or identifiable natural person whose Personal Data We Process as a Controller.
2. HOW WE COLLECT, USE AND SHARE YOUR PERSONAL DATA
2.1. PERSONAL DATA THAT YOU PROVIDE US
When You are a(n) | What Personal Data We Collect | How We Use Your Personal Data | Whom We Share Your Personal Data With |
---|---|---|---|
User who is provided with login credentials to sign into Services as a Subscriber or on behalf of the Subscriber. | Your contact information, such as Your full name, email address. |
|
Third-party applications that assist Us in creating Your Account, sending You notifications and information about our Services and third-party applications that assist Us in product analytics. |
User who provides certain information through the Services, while a) filling out a survey about their user experience or feedback, b) contacting Us or speaking to Our representatives. | Information You have provided as part of it. |
|
Third parties who assist Us in providing these services. |
Individual who requests a demo. | Your contact information including Your full name, email address, and phone number. |
|
Third parties who assist Us in providing these services. |
Individual who a) provides information by filling out forms on Our Website, or b) contacts Us or speaks to our sales representatives. | Information You have filled in or have submitted via the web forms or information You have provided in Your interaction with Us. |
|
Third parties who assist Us in providing these services. |
User who requests customer support services. | Your contact information such as Your name, email, and phone number and any other information that the User provides as part of the support request. |
|
Third parties who assist Us in providing these services. |
Individual who applies for an employment opportunity with Us. | Your contact information, such as full name, email address, mobile number, details of Your education and previous employment, and any other information You volunteer in Your interactions with Us or any information You provide during the evaluation process, including any resume that You submit to Us. | To evaluate You for any position that You have applied for or that We may consider You at the time that You submitted Your resume or at a later date. |
|
Individuals who are Subscribers. | Your full name, email address, billing email address, billing address and shipping address. | To process the payment made by You and provide You the subscription to the Services. | Third-parties who process the payments on behalf of Us. |
2.2 PERSONAL DATA THAT WE COLLECT NOT PROVIDED DIRECTLY BY YOU
When You are a(n) | What Personal Data We Collect | How We Use Your Personal Data | Whom We Share Your Personal Data With |
---|---|---|---|
a. Website visitor | Internet Protocol (IP) addresses, operating system and browser information, and Your session activity including page views, time spent on each page, scrolling activity, and data collected through cookies. |
|
Third parties who provide Us with services in connection with such Processing. |
b. User | Information relating to Your use of or interaction with the Services, operating system, and the type of device You use. | To develop, improve, support, operate and provide the Services. | Third parties who provide Us with services in connection with such Processing. |
c. Individual whose information (a) third-party sources share with Us through a valid agreement without breach of any confidentiality clause and with all necessary approvals and authorizations, in accordance with applicable law; or (b) is available on public platforms. | Your contact information: such as Your full name, email address, phone number, age, gender, company-level information; and other unique identifiers which may be considered as Personal Data. | Create more tailored advertising to provide Our Services that may be of interest to You. | Third-party partners who assist Us in such Processing. |
d. A User who logs-in to the Services using the third-party sign-on service. In case You log-in using any third-party sign-on services, such information as available on those third-party Services that You have made public or authorized to share with Sprinto. | In case You log-in using any third-party sign-on services, such information as available on those third-party Services that You have made public or authorized to share with Sprinto. |
|
Third-party applications that enable logging in to Your Account, sending You notifications and information about our products, services, Services, webinars, etc. |
e. Individuals who interact with Our social media accounts. | Your social media account’s user-id, and any contact information You provide with such user-id. | To inform, promote and market Our Services to You. | Third parties who provide Us with services in connection with such Processing. |
2.3 If You provide Us with any Personal Data relating to other individuals, You represent that You have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Policy. If You believe that Your Personal Data has been provided to Us improperly, please contact Us by using the information in Clause 12 below.
2.4 In addition to the details provided in the table above, We may also share Your Personal Data with
a. an entity to which we divest all or a portion of Our business, or otherwise in connection with a merger, consolidation, change in control, reorganisation or liquidation of all or a portion of Our business.
b. Law enforcement authorities, government authorities, courts, dispute resolution bodies, regulators, auditors, and any party appointed or requested by applicable regulators to carry out investigations or audits of Our activities.
c. Professional advisors who advise and assist Us in enforcing Our contracts and policies, handling Our claims, effective management of Our company and in relation to any disputes We may become involved in.
d. credit reference agencies and use the resulting information to prevent fraudulent purchases.
2.5 Limited Use Disclosure: Our use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements
3. LEGAL BASIS FOR PROCESSING
3.1. If You are a data subject from the European Economic Area, Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which We collect it.
3.2. We will normally collect Personal Data from You only where it is needed to perform a contract with You, where the Processing is in Our legitimate interests and not overridden by Your data protection interests or fundamental rights and freedoms, or where We have Your consent. In some cases, We may also have a legal obligation to collect Personal Data from You. If We Process Personal Data with reliance on Your consent, You may withdraw Your consent at any time.
4. INTERNATIONAL TRANSFER
4.1. We mainly Process Personal Data in the United States of America and India. However, We may transfer Personal Data outside these regions only for the purposes referred to in Clause 2. We will ensure that the recipient of Your Personal Data offers an adequate level of protection that is at least comparable to that which is provided under applicable data protection laws.
4.2. If You are a resident of the European Economic Area and when Your Personal Data is Processed outside EEA, We will ensure that the recipient of Your Personal Data offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of Personal Data as approved by the European Commission (Article 46 General Data Privacy Regulation, 2016), or We will ask You for Your prior consent to such international data transfers.
5. SECURITY OF PERSONAL DATA
We use appropriate technical and organizational measures to protect the Personal Data that We collect and Process. The measures We use are designed to provide a level of security appropriate to the risk of Processing Your Personal Data. If You have questions about the security of Your Personal Data, please contact Us using the contact details provided under Clause 12.
6. RETENTION OF PERSONAL DATA
6.1. We retain Personal Data collected where an ongoing legitimate business requires retention of such Personal Data such as to defend or pursue legal claims, to fulfil any surviving obligations arising from a contract, to provide You with information regarding Our products or Services, or to comply with any legal, tax or accounting requirements.
6.2. In the absence of a need to retain Personal Data under Clause 6.1 above, We will either delete it or anonymize it, or, if this is not technically possible then We will securely store Your Personal Data and isolate it from any further Processing until deletion is possible.
7. YOUR RIGHTS
You are entitled to the following rights:
7.1. You can request Us for access and correction of Your Personal Data.
7.2. If We have collected and Processed Your Personal Data with Your consent, then You can withdraw Your consent at any time. Withdrawing Your consent will not affect the lawfulness of any Processing We have conducted prior to Your withdrawal, nor will it affect Processing of Your Personal Data conducted in reliance on lawful Processing grounds other than consent.
7.3. You have the right to complain to a data protection authority about Our collection and use of Your Personal Data. For more information, please contact Your local data protection authority as specified by the applicable data protection laws.
7.4. You have the right to opt out of marketing communications We send You at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails We send You.
7.5. If You are a resident of the EEA, UK, or Switzerland, You are also entitled to the following rights:
7.5.1. You can request Us for deletion and erasure of Your Personal Data.
7.5.2. You can object to the Processing of Your Personal Data, ask Us to restrict the Processing of Your Personal Data, or request portability of Your Personal Data.
7.6. If You seek to exercise Your rights under this clause, please contact Us at the details provided in Clause 12. We will verify any requests before acting on the request and respond to all requests We receive from individuals wishing to exercise their data protection rights within a reasonable timeframe in accordance with applicable data protection laws.
8. NOTICE FOR CALIFORNIA RESIDENTS
8.1. Clause 8 applies only to California residents and the Personal Information We collect as a Business. “CCPA” means the California Consumer Privacy Act of 2018 as amended by the CPRA. “CPRA” means the California Privacy Rights Act of 2020. For the purposes of this section, the terms “Business”, “Business Purpose”, “Consumer” “Personal Information”, “Sale/Sell”, “Service Provider” and “Sensitive Personal Information” and “Share” shall have the meaning given to them under the CCPA.
8.2. The categories of Personal Information We have collected in the twelve (12) months prior to the Effective Date and We may collect include:
- Identifiers such as a real name, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, or other similar identifiers.
- Personal Information such as education, employment, employment history.
- Commercial Information such as transaction information, financial details, and payment information.
- Internet or other electronic network activity information and device information such as, Your usage of the Services, operating system, browser information, and Your session activity including page views, time spent on each page, scrolling activity, and data collected through cookies.
- Geolocation data such as device location.
8.3. Disclosure of Personal Information. We have disclosed the categories of Personal Information listed in clause 8.2 above for a Business Purpose (which is listed under “How We use Your Personal Data” section in clauses 2.1 and 2.2) in the twelve (12) months prior to the Effective Date and may disclose such Personal Information to service providers or contractors or to any other third parties who support our business (who are listed under “Whom We share Your Personal Data with” section under clauses 2.1 and 2.2). We shall not disclose further the Personal Information collected for verification of a consumer’s request or retain it longer than it is necessary for the purpose of verification.
8.4. Sharing and Selling of Personal Information. We do not Sell or Share the Personal Information We collect without providing You a right to opt-out. We do not Sell or Share the Personal Information of minors of at least the age of thirteen (13) but less than sixteen (16) years without receiving such minor’s consent or the consent of the minor’s guardian if the minor is less than thirteen (13) years. We permit third parties (such as ad networks, analytics providers, or marketing providers) to collect information directly from Your browser or device through cookies or similar tracking technology when You visit or interact with Our Website or access Our Services. This information retrieved may include device information, browsing history, and location data that are used to undertake “cross-context behavioural advertising” that provides personalized advertisements to You on other websites or sites that You may visit or access. This may be considered as a “Sale” or “Share” of Personal Information, You may opt-out of the Sale or Share by following the instructions provided under Clause 8.5.9.
8.5. You are entitled to the following rights under the CCPA:
8.5.1. You can request Us to disclose details, and categories of Your Personal Information collected by Us.
8.5.2. You can request Us to disclose Your Personal Information collected twelve (12) months prior to the Effective Date.
8.5.3. You can request Us to disclose (a) Your Personal Information Sold or Shared and (b) the Service Provider or contractor, or a third-party to whom such information is Sold or Shared.
8.5.4. You can request Us to correct Your inaccurate Personal Information.
8.5.5. You have the right to request deletion of Your Personal Information held by the Us or by Our Service Provider, contractor, or any other third party to whom We have disclosed Your Personal Information. We shall hold a confidential record of all deletion requests for the purpose of preventing the selling of such Personal Information for which You have submitted a deletion request.
8.5.6. You can request us to limit the use of Your Sensitive Personal Information.
8.5.7. You can request the transfer of specific pieces of Your Personal Information to any other entity.
8.5.8. You have the right to not be discriminated against for exercising Your rights under CCPA.
8.5.9. You have the right to opt out of any Sale or Sharing of Your Personal Information. You may submit a request to Us by contacting Us in accordance with clause 8.6 or by clicking the “Do not Sell or Share My Personal Information” link at the bottom of Our Website.
8.6. California Consumers may make a request pursuant to their rights under the CCPA by contacting Us at the details provided in clause 12. We will verify any requests before acting on the request and respond to all requests We receive from individuals wishing to exercise their data protection rights within a reasonable timeframe in accordance with the CCPA. Consumers may also designate an authorised agent to exercise these rights on their behalf.
9. Cookie Policy
9.1. Cookies are text files that are placed on Your computer to collect standard internet log information and visitor behaviour information by Us. When You visit the Website(s), We may collect Personal Data automatically from You through cookies or similar technology. We set cookies to collect information that is used either in aggregate form to help Us understand how Our Website is being used or how effective Our marketing campaigns are, to help customize the Website for You or to make advertising messages more relevant to You.
9.2. Necessary Cookies: We set essential cookies that enable core functionality such as security, network management, and accessibility. You may not opt-out of these cookies. However, You may disable these by changing Your browser settings, but this may affect how the Website(s) functions.
9.3. Statistics, Preference, and Marketing Cookies: We set these cookies to help Us improve Our Website by collecting and reporting information on how You use the Website. The cookies collect information in a way that does not directly identify anyone.
9.4. When You visit the Website, a cookie banner will be displayed providing additional information about cookies and options to opt out of non-essential cookies as required by applicable laws.
10. PRIVACY OF CHILDREN
We recognize the importance of children’s safety and privacy. We do not request, or knowingly collect, any Personal Data from children under the age of 18. If a parent or guardian becomes aware that his or her child has provided Us with Personal Data, they should write to Us at the email address provided in Clause 12.
11. EXCLUSIONS
11.1. End-User Exclusions. Our Services is intended for use by businesses. This Policy is not applicable to Our Processing of any Personal Data forming a part of the Service Data. We may receive End- Users’ Personal Data as a part of the Service Data for which We will only act as a processor and such Processing will be governed by the Terms of Service. In such a case, the End-User’s data privacy questions and requests should be submitted to the Subscriber in its capacity as a Data Controller. We are not responsible for Subscribers’ privacy or security practices which may be different from this notice. Subscribers of the Services are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations, relating to the collection of Personal Data in connection with the use of Services by the Subscriber.
11.2. Third-party links. Our Website(s) contain links to other websites. Our Policy applies only to Our Website(s), so if You click on a link to another website, You should read their privacy policy. We encourage You to review the privacy statements of any such other websites to understand their Personal Data practices.
11.3. Dr. Sprinto. Where the Subscriber uses Dr. Sprinto tool, We are the Processor and the Subscriber is the Controller. The Subscriber, in its privacy notice to Users may describe what information the Dr. Sprinto tool collects and the purposes for which such information is used by the Subscriber. You may include the following text in the privacy notice modified as needed to make stylistic changes or include defined terms in the privacy notice without substantially changing its meaning:
“The Company uses Sprinto, a third party tool to track the Company’s compliances. As a part of it, the employee may be required to install a tool (“Dr. Sprinto”) on their device to enable tracking of certain compliance-related processes of the Company.
The following information is collected by Dr. Sprinto and shared with the Company and Company’s information security auditors:
- Device identity, such as the device name, serial number, operation system, etc.;
- device’s operating system;
- hard disk encryption configuration;
- Screen lock status;
- Antivirus installed on device
- Additional information containing some operating system config values, a list of processes running on the device, etc. (“Debug Logs”) in the event the Employee faces an issue relating to bugging of Dr. Sprinto.
The above-mentioned information is collected and used for the following purposes:
- To run checks and alert the employee of any changes needed to be made to their device for compliance with the Company’s policies
- To enable reporting of device status as requested by the Company.
- Debug Logs are used in order to resolve issues relating to support for the Dr. Sprinto feature.
Please note that Dr. Sprinto does not collect any private or sensitive information of the employee. If you have any questions, please reach out to the Company representative at support@sprinto.com”
12. CONTACT INFORMATION
You may contact Us if You have any inquiries or feedback on Our data protection policies and procedures in the following manner:
Kind Attention: Privacy Team
Email Address: privacy@sprinto.com
Address: 175/176, 91 Springboard, J P Nagar, Bannerghatta Road, Bangalore 560076, India
13. OUR REPRESENTATIVES
If You are a resident of the EEA or the UK, please contact the respective representatives if You have any questions or concerns about how Your Personal Data is handled by Us.
Our EU Representative is:
Rickert Rechtsanwaltsgesellschaft mbH
Colmantstraße 15
53115 Bonn
Germany
Contact: art-27-rep-sprinto@rickert.law
Our UK Representative is:
Rickert Services Ltd UK
PO Box 1487
Peterborough
PE1 9XX
United Kingdom
Contact: art-27-rep-sprinto@rickert.law
14. CHANGES TO THE POLICY
We keep this Policy under regular review and may update this webpage at any time. This Policy may be amended at any time, and You shall be notified only if there are material changes to this Policy.