Last Updated: October 11, 2021
We may make changes to this Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Policy and, in some cases, we may provide additional notice, such as adding a statement to our homepage or notifying you via email. We encourage you to review this Policy frequently to stay informed about our information practices and the ways you can help protect your privacy.
Highspot as Controller
If you are resident in the European Economic Area (“EEA”), UK or Switzerland, the controller of Personal Data that we process for the purposes described in this Policy is Highspot, Inc. This Policy does not apply when we process Personal Data as a processor on behalf of our customers in the course of providing our Services, including where we offer customers various cloud products and services through which they (and/or their subsidiaries or affiliates): (i) host and/or share content and collect analytics through our Services; (ii) send electronic communications, including emails, to other individuals; or (iii) otherwise collect, use, share or process Personal Data via our Services.
Highspot is not responsible for and does not control the privacy and data security practices of its customers, which may differ from those in this Policy. If your data was submitted to us by, or on behalf of, a Highspot customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. Because we may only access customer data upon request from that customer or to comply with legal obligations, if you wish to make a request directly to us, please provide the name of the Highspot customer who submitted your data to us along with your request, and email email@example.com. We will refer your request to that customer and will support them as needed in responding to your request.
The Services may contain links to other websites, applications or online services that are operated and maintained by other entities and that are not under our control of or managed by us. Such links do not constitute an endorsement by us of such other websites, applications, or online services, the content displayed therein, or the persons or entities associated therewith. This Policy does not cover the practices of such other entities, instead their own privacy policies and terms of service will apply. We make no representation or warranty as to the privacy policies of any other entities, including the providers of third party applications. If you are submitting information to any such other entity through our Services, we encourage you to review and understand such entity’s applicable policies.
Collection of Personal Data
Information You Provide to Us
We collect information you provide directly to us. The types of Personal Data we may collect include, but are not limited to, your name, email address, password, location, job title, professional skills, phone number, social media handle, picture, and other biographical or identifying information you choose to provide. In addition, we collect information when or if you:
- Create an account, manage your user profile, or upload files;
- Participate in any interactive features of our Services, fill out a form, participate in a contest or promotion, or make a purchase;
- Request customer support or otherwise communicate with us;
- Register for or attend an event hosted, sponsored or co-sponsored by Highspot (e.g. we may, with your consent, scan your attendee badge, which will provide certain information about you such as name, title, company name, etc.);
- Register for online community events we host (e.g. we may ask you to provide a username, photo and/or biographical information, such as your occupation, company name, area of expertise, etc.);
- Use and interact with our Services (e.g. we automatically collect information about your device and interaction with our Services through cookies or web beacons, which may qualify as Personal Data; see the Cookies section below for more detail);
- Visit Highspot offices (e.g. you may be required to register as a visitor and provide your name, email address, phone number, company name, and time and date of arrival);
- Participate in community and open source development; or
- Receive communications from us, including emails, phone calls, or texts.
Highspot is based in the United States of America (USA). By accessing or using our Services or otherwise providing information to us, Personal Data about you may be processed and transferred to the USA (and any other countries where our subsidiaries, affiliates and/or service providers may be located).
Information We Collect Automatically When You Use Our Services
When you access or use our Services, we automatically collect information about you, including:
- Log Information: We log information about your use of our Services, including the type of browser you use, device information, access times, pages viewed, files read, search words, your IP address, information about your activity within the Services (such as the pages and files viewed, searches and other actions you take such as which features you used) and the page you visited before navigating to our Services;
Information We Collect from Other Sources
In order to enhance our ability to provide relevant marketing, offers, and services to you, and update our records, we may obtain information about you from other sources. We may combine such information with other information we have collected about you. This helps us to update, expand and analyze our records, identify new customers, and create more tailored advertising to provide offers and services that may be of interest to you. These sources may include public databases, joint marketing partners, social media platforms, as well as other third-party sources.
Use of Personal Data
Purposes for Which We Process Personal Data
Highspot collects, uses and processes Personal Data for the purposes and on the legal bases identified in the following:
- Handling support requests: If you fill out a web form or request user support, or if you contact us by other means including via phone, we process your Personal Data to perform our contractual obligations to you and to the extent it is necessary for your legitimate interest in fulfilling your requests and communicating with you;
- Identifying customer opportunities: We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest to ensure we are meeting our customer’s demands and user experiences;
- Account management: We process your Personal Data in connection with managing a customer’s account to the extent that it is in our legitimate interest to ensure that we are meeting our customer service and account management responsibilities.
- Registering office visitors: We process your Personal Data for security reasons, to register visitors at our offices and to manage non-disclosure agreements our visitors sign to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information from unauthorized access and disclosure;
- Sending marketing communications: We process your Personal Data to send marketing information and other marketing non-transactional communications or promotions about Highspot, its subsidiaries and affiliates, or its partners, to the extent necessary for our legitimate business interest to market our Services
- Business reporting and product improvement: We use data to create statistics and analysis (e.g., financial and product reports in a given geographical region), improve our products, add new features or capabilities, report errors, improve security, determine what new features to prioritize, and improve efficiency. We may also share information publicly to show trends about the general use of our Services (e.g., number of visitors);
- Aggregating or anonymizing data: We may aggregate and/or anonymize data so that it no longer relates to an identifiable individual. We do so for example in order to understand and analyze trends or track which of our features are used most often to improve product functionality;
- Complying with legal obligations: We process your Personal Data to comply with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or if necessary for our legitimate interest in protecting against misuse or abuse of our Services, pursuing remedies available to us, and complying with judicial proceedings or responding to lawful requests; and
- General Business Operations: As necessary for general business administration, such as but not limited to, accounting, recordkeeping, and legal functions to meet our business obligations.
Legal Basis for Processing
Our legal basis for collecting and using Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. However, we normally rely on our legitimate interests to collect Personal Data from you, except where such interests are overridden by your data protection interests or fundamental rights and freedoms.
In some cases, we may rely on your consent or have a legal obligation to collect Personal Data from you. If we rely on consent to collect and/or process your Personal Data, we will obtain such consent in compliance with applicable laws.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided under the “Contact Us” heading below.
Sharing of Information
We may share or disclose information about you as follows or as otherwise described in this Policy:
- With other users of our Services in accordance with the privacy preferences you establish (please see “Your Choices” section below for more information about how to manage your privacy settings);
- With vendors, consultants, and other service providers who need access to that information to carry out work on our behalf;
- With sponsors or business partners who co-sponsor events and other offerings with us. We may share your information with these co-sponsors when you sign up for events or offerings to allow our partners to send marketing communications that may be of interest to you, as permitted by applicable law;
- With a relevant third party if we are involved in a merger, reorganization, dissolution or other fundamental corporate change, or the sale of a business unit or all or a portion of our business, assets or stock;
- In response to a request for information, if we believe disclosure is in accordance with any applicable law, regulation, or legal process, or as otherwise required by any applicable law, rule or regulation;
- If we believe your actions are inconsistent with the spirit or language of our user agreements or policies, or to protect the rights, property, and safety of Highspot or other interested parties;
- With your consent or at your direction, including if we notify you through our Services that the information you provide will be shared in a particular manner and you provide such information; or
- In accordance with applicable laws and regulations, we may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
We do not believe that our sharing in this regard would qualify as a “sale” under applicable data protection laws. Nonetheless, depending on the circumstances and in accordance with applicable data protection laws, you may submit a request to record your preference to opt out of certain disclosures by submitting a request to us as further described in the “Contact Us” section below. Please note that to protect your information, we may need to verify your identity before processing your request.
We may store and retain information about you as follows or as otherwise described in this Policy. We retain information about you for as long as reasonably necessary for the purposes for which it was collected. We also retain information about you as necessary for legitimate business purposes and to comply with our legal obligations, such as record keeping, accounting, fraud prevention, and other business administrative purposes. Information about you may also be stored in third-party services such as Amazon Web Services, Google Analytics, Marketo, and Salesforce.
We will retain information about you for a period of time consistent with the original purpose of collection, including to pursue Highspot’s legitimate business interests to comply with legal obligations, to resolve disputes, and to enforce applicable agreements. We may further retain information in an anonymous or aggregated form where that information could not reasonably be used to identify you.
Your Right to Control and Access Your Information
Depending on your location and subject to applicable law, you have certain rights relating to your Personal Data. For example, you may have a right to:
- Erase or delete all or some of your Personal Data stored by Highspot;
- Change or correct your Personal Data; and
- Access and recover your Personal Data.
Depending on the applicable laws and, in particular, if you are located in the EEA, these rights may include:
The right to review, correct, update, or delete inaccuracies to your Personal Data or to exercise additional rights you may have relating to your Personal Data under applicable local data protection laws. For more information about these rights or to submit a request, please see our GDPR Compliance page or contact us directly at firstname.lastname@example.org.
For more information about these rights, or to submit a request, please email us at email@example.com, or contact us as described in the “Contact Us” section below. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
Social Sharing Features
Our Services may offer sharing features and other integrated tools that allow you to share actions you take when using our Services with other media or applications, and vice versa. The use of these features enables the sharing of information with your friends or other users, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.
You can choose to connect your Highspot account with third-party services—for example, via Highspot APIs. By doing so, you’re enabling Highspot and those third parties to exchange information about you and data in your account so that Highspot and those third parties can provide, improve, and protect their services. Please remember that third parties’ use of your information will be governed by their own privacy policies and terms of service.
Analytics Services Provided by Other Companies
Integrations with Third-Party Applications
Our Services include features that allow users to integrate with various third-party applications. For more information on the third-party applications available to integrate with your use of our Services, please visit this webpage. Integrations may include features that pull and/or push Personal Data from or to the Services offered by Highspot. For more information about the purpose and scope of data collection and processing in connection with third-party applications, please visit the privacy policies of the entities that provide these applications. In regards to the use and transfer of any Personal Data or additional information received through the Google Application Programming Interface (API) from integrations with products offered by Google, Highspot will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Highspot takes reasonable measures to protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction.
We take precautions including organizational, technical, and physical measures to help safeguard and prevent accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, any Personal Data we process or use.
Although we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are exclusively responsible to protect your passwords, to limit and control access to your devices, and to make sure to sign out of our Services after each session. If you have questions about the security of our systems and our Services, please contact us using the information in the Contact Us section below.
We ask that you not upload, send, or disclose any sensitive personal data (e.g., health information, payment card information, social security numbers, or any information defined as sensitive personal data or personal information (or related definitions) under applicable data protection laws, including GDPR and CCPA) when using our Services.
Children & Minors
Use of our Services is not intended for children or minors under the age of 18 (or other applicable age of consent in your state or country). We do not knowingly collect any data from children under the age of 18, and we encourage parents and legal guardians to monitor their children’s internet use to help enforce this Policy by instructing their children to not disclose or upload Personal Data when using our Services. If you believe a child or minor, without a parent or guardian’s consent, has provided Personal Data to Highspot through our Services, please contact us at firstname.lastname@example.org so we can delete the information from our servers.
International Data Transfers
The Services are provided and hosted in the United States. If you are using the Services from outside the United States, your information may be transferred to, stored, and processed by Highspot in our facilities and by those third parties with whom we may share information, in the United States, the European Union and other locations where we operate. These countries may have data protection laws that are different to the laws of your country. Regardless of where your data is located, we:(a) treat all personal information in accordance with applicable laws and regulations; and (b) take reasonable steps to ensure the security of personal information.
If you are resident in or a visitor from the EEA, UK, or Switzerland, we will protect your personal information when it is transferred outside of the EEA, UK, or Switzerland by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal information; or otherwise by implementing appropriate safeguards to protect your personal information, including through the use of Standard Contractual Clauses, and we also comply with the Privacy Shield Framework for transfers of personal information from EEA, UK, and Switzerland to US (see below) or other lawful transfer mechanism as approved by the European Commission.
If you require further information about our international transfers of personal information, please contact us using the contract details in the “Contact Us” section further below.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
Highspot complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, processing, use, and retention of Personal Data transferred from the European Union and the United Kingdom and/or Switzerland (“EU Data”) to the United States in reliance on Privacy Shield. Highspot has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in the policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit the Department of Commerce’s Privacy Shield website.
To learn more about recent developments relating to the Privacy Shield Framework, click here.
In compliance with the Privacy Shield Principles and as part of our obligations under applicable privacy and data protection laws generally, Highspot commits to resolve complaints about our collection or use of your Personal Data. Individuals with inquiries or complaints (including regarding our Privacy Shield) should first contact Highspot at email@example.com.
If Highspot does not resolve your complaint, you may submit your complaint free of charge for resolution to JAMS for mediation, pursuant to the JAMS International Mediation Rules. Under certain conditions specified by the Privacy Shield Principles, you may also be able to invoke binding arbitration to resolve your complaint. Highspot is subject to the investigatory and enforcement powers of the Federal Trade Commission. If Highspot shares EU Data with a third-party service provider that processes the data solely on Highspot’s behalf, then Highspot may be held liable for that third party’s processing of EU Data in violation of the Privacy Shield Principles, unless Highspot can prove that it is not responsible for the event giving rise to the damage.
If you are in Australia, you may also approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available if you have any privacy related concerns or complaints.
Highspot has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU, the United Kingdom, and Switzerland in the context of an employment relationship.
This Policy also applies to your use of the Highspot Marketplace, and the third-party apps made available through that marketplace. In connection with your use of those apps, we collect certain log information and other related usage information, such as time/date of access, features used and other related activity information.
Additional Information for California Residents
In this section, we provide additional information to California residents about how we handle their Personal Data, as required under California law, such as the California Consumer Privacy Act (“CCPA”). Our use and disclosure of Personal Data varies based upon our relationship and interactions with you, as described in the sections “Collection of Personal Data” and and “Use of Personal Data” above, which describe generally how we have collected and disclosed Personal Data about consumers in the prior 12 months (from the Last Updated date above). We collect Personal Data from the sources described in the “Collection of Personal Data” section above. For information about the business and commercial purposes for which we collect, use and disclose personal information, please see the “Use of Personal Data” section above.
In the preceding 12 months, we have disclosed the following categories of Personal Data for business purposes to the following categories of recipients:
- Identifiers and Contact or Registration Information, such as your name or email address;
- Demographic Information, such as gender or age;
- Commercial Information, such as information about your transactions and purchases with us;
- User-generated content, such as photos, videos, audio and any information you provide;
- Customer service information, such as questions and other messages you address to us directly through online forms, chat, by email, over the phone, or by post;
- Device Information and Device Identifiers, such as the IP address and browser type;
- Connection and Usage Data, such as information pages viewed, forms you complete or partially complete, error logs, and other similar information;
- Geolocation, such as city, state and ZIP code associated with your IP address; and
- Other Information, such as any other information you choose to directly provide to us in connection with your use of the Services, surveys we sent to you, or sweepstakes you may enter.
Privacy Rights of California Residents
Depending on your location and subject to applicable law, California residents have the following rights:
- Right to Know: You have the right to request that we disclose to you the personal information we have collected, used and disclosed over the past 12 months, and information about our data practices.
- Right to Request Deletion: You have the right to request that we delete your personal information that we have collected from you.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
- Right to be Notified of Financial Incentives: You have the right to be notified of any financial incentives offers and their material terms, and to opt-out of such incentives. We do not offer any such incentives at this time.
- California Shine the Light: Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at firstname.lastname@example.org or as described in the “Contact Us” section below.
- Right to Opt-Out of Sales – As explained above, we do not believe that we “sell” personal information pursuant to the CCPA’s definition. However, we may share your information with third-party advertising networks so that you receive more advertising that is more relevant to you. If you wish to opt-out from this information sharing, you may submit a request to us at email@example.com or as described in the “Contact Us” section below.
Please note that, depending on the context and circumstances, certain information may be exempt from such requests under California law.
To exercise the rights described above, you or your authorized agent (defined below) must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a valid request to verify your identity and complete your request.
You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf. Authorized agents will be required to provide proof of their authorization, which may include providing a copy of your written permission to the Authorized Agent. We may also ask that you directly verify your identity and the authority of the authorized agent to us.
You may manage your preferences for sharing your files and the activities you engage in via our Services with other users through your account settings. When you first create an account, we encourage you to review the default privacy settings for your account and make any desired adjustments. For instance, if you create an account using your corporate email address, the default privacy setting provides that you will share your files and activities through our Services with other users that have the same email address’ domain name. Additionally, please note that certain activities are inherently public and may not be managed through your privacy settings, such as when you comment on a file uploaded by another user.
You may update, correct, or delete information about you at any time by logging into your online account to manage your profile. If you wish to delete or deactivate your account, please email us at firstname.lastname@example.org, but note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of your account information for a certain period of time.
You may opt out of receiving promotional email messages from Highspot by following the instructions in those emails or by managing your communications preferences through your account settings. If you opt out, we may still send you transactional or relationship messages, such as those about your account or our ongoing business relations.
If you want your phone number to be added to our internal do-not-call telemarketing list, please contact us using the information below in the “Contact Us” section. Please include your first name, last name, company, and the phone number you wish to add to the do-not-contact list.
You may manage your preferences for receiving certain alerts and notifications from Highspot in connection with the use of our Services by you or other users through your account settings.
You can update your email preferences here.
If you have any questions about this Policy, please contact us at email@example.com.
Alternatively, you can reach out to us by mail at:
2211 Elliott Ave
Seattle, WA 98121
If you are located in the European Union, you may also contact our EU office at:
Highspot Germany GmbH