Last Updated: January 15, 2020
We may make changes to this Policy. If we make changes, we will notify you by revising the date at the top of this Policy and, in some cases, we may provide additional notice, such as adding a statement to our homepage or notifying you via email. We encourage you to review this Policy frequently to stay informed about our information practices and the ways you can help protect your privacy.
Highspot as Controller
Highspot is the controller of Personal Data to the extent we have identified a valid purpose and means of processing Personal Data, as described in this Policy. This Policy does not apply when we process Personal Data in the role of a processor on behalf of our customers, including where we offer customers various cloud products and services through which they (and/or their affiliates): (i) host and/or share content and collect analytics through our products and services; (ii) send electronic communications, including emails, to other individuals; or (iii) otherwise collect, use, share or process Personal Data via our Services.
Highspot is not responsible for and does not control the privacy and data security practices of its customers, which may differ from those in this Policy. If your data was submitted to us by, or on behalf of, a Highspot customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. Because we may only access customer data upon request from that customer or to comply with legal obligations, if you wish to make a request directly to us, please provide the name of the Highspot customer who submitted your data to us along with your request, and email email@example.com. We will refer your request to that customer and will support them as needed in responding to your request.
Collection of Personal Data
Information You Provide to Us
We collect information you provide directly to us. The types of Personal Data we may collect include, but is not limited to, your name, email address, password, location, job title, professional skills, phone number, social media handle, picture, and other biographical or identifying information you choose to provide. In addition, we collect information when or if you:
- Create an account, manage your user profile, or upload files;
- Participate in any interactive features of our Services, fill out a form, participate in a contest or promotion, or make a purchase;
- Request customer support or otherwise communicate with us;
- Register for or attend an event hosted, sponsored or co-sponsored by Highspot (e.g. we may, with your consent, scan your attendee badge, which will provide certain information about you such as name, title, company name, etc.);
- Register for online community events we host (e.g. we may ask you to provide a username, photo and/or biographical information, such as your occupation, company name, area of expertise, etc.);
- Use and interact with our Services (e.g. we automatically collect information about your device and interaction with our Services through cookies or web beacons, which may qualify as Personal Data; see the Cookies section below for more detail);
- Visit Highspot offices (e.g. you may be required to register as a visitor and provide your name, email address, phone number, company name, and time and date of arrival); Participate in community and open source development; or
- Receive communications from us, including emails, phone calls, or texts.
Highspot is based in the United States of America (USA). By accessing or using our Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the USA.
Information We Collect Automatically When You Use Our Services
When you access or use our Services, we automatically collect information about you, including:
- Log Information: We log information about your use of our Services, including the type of browser you use, access times, pages viewed, files read, search words, your IP address, and the page you visited before navigating to our Services;
- Information Collected by Cookies and other Tracking Technologies: We use various technologies to collect information, and this may include sending cookies to your computer or mobile device. For more information about cookies and how to disable them, please see the “Cookies” section below. We may also collect information using web beacons (also known as “tracking pixels”). Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon.
Information We Collect from Other Sources
We may also obtain information from other sources, including third parties from whom we have purchased information about you. We may combine this information with other information we have collected about you. This helps us to update, expand and analyze our records, identify new customers, and create more tailored advertising to provide offers and services that may be of interest to you. These sources may include, public databases, joint marketing partners, social media platforms, as well as other third-party sources.
Use of Personal Data
Purposes for Which We Process Personal Data
Highspot collects and processes Personal Data for the purposes and on the legal bases identified in the following:
- Handling support requests: If you fill out a web form or request user support, or if you contact us by other means including via phone, we process your Personal Data to perform our contractual obligations to you and to the extent it is necessary for your legitimate interest in fulfilling your requests and communicating with you;
- Identifying customer opportunities: We process your Personal Data to assess new potential customer opportunities to the extent that it is in our legitimate interest to ensure we are meeting our customer’s demands and user experiences;
- Account management: We process your Personal Data in connection with managing a customer’s account to the extent that it is in our legitimate interest to ensure that we are meeting our customer service and account management responsibilities.
- Registering office visitors: We process your Personal Data for security reasons, to register visitors at our offices and to manage non-disclosure agreements our visitors sign to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information from unauthorized access and disclosure;
- Sending marketing communications: We process your Personal Data to send marketing information and other marketing non-transactional communications or promotions about Highspot, its subsidiaries and affiliates, or its partners, to the extent necessary for our legitimate business interest to market our Services; and
- Complying with legal obligations: We process your Personal Data to comply with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or if necessary for our legitimate interest in protecting against misuse or abuse of our Services, pursuing remedies available to us, and complying with judicial proceedings or responding to lawful requests.
Sharing of Information
We may share information about you as follows or as otherwise described in this Policy:
- With other users of our Services in accordance with the privacy preferences you establish (please see “Your Choices” section below for more information about how to manage your privacy settings);
- With vendors, consultants, and other service providers who need access to that information to carry out work on our behalf;
- With sponsors or third-party business partners who co-sponsor events and other offerings with us. We may share your information with these co-sponsors when you sign up for events or offerings to allow our partners to send marketing communications that may be of interest to you, as permitted by applicable law;
- With a relevant third party if we are involved in a merger, reorganization, dissolution or other fundamental corporate change, or the sale of a business unit or all or a portion of our business, assets or stock;
- In response to a request for information, if we believe disclosure is in accordance with any applicable law, regulation, or legal process, or as otherwise required by any applicable law, rule or regulation;
- If we believe your actions are inconsistent with the spirit or language of our user agreements or policies, or to protect the rights, property, and safety of Highspot or other interested parties; or
- With your consent or at your direction, including if we notify you through our Services that the information you provide will be shared in a particular manner and you provide such information.
- We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
We may store and retain information about you as follows or as otherwise described in this Policy. We retain information about you for as long as reasonably necessary for the purposes for which it was collected. We also retain information about you as necessary for legitimate business purposes and to comply with our legal obligations, such as record keeping, accounting, fraud prevention, and other business administrative purposes. Information about you may also be stored in third-party services such as Amazon Web Services, Google Analytics, Marketo, and Salesforce.
We will retain information about you for a period of time consistent with the original purpose of collection, including to pursue Highspot’s legitimate business interests to comply with legal obligations, to resolve disputes, and to enforce applicable agreements.
Your Right to Control and Access Your Information
You have control over your Personal Data and how it is collected, used, and shared. For example, you have a right to:
- Erase or delete all or some of your Personal Data stored by Highspot;
- Change or correct your Personal Data; and
- Access and recover your data.
You have certain rights relating to your Personal Data, subject to applicable data protection laws. Depending on the applicable laws and, in particular, if you are located in the EEA, these rights may include:
The right to review, correct, update, or delete inaccuracies to your Personal Data or to exercise additional rights you may have relating to your Personal Data under applicable local data protection laws. For more information on your right to control and access your Personal Data, please see our GDPR Compliance page or contact us directly at firstname.lastname@example.org
Social Sharing Features
Our Services may offer sharing features and other integrated tools that allow you to share actions you take when using our Services with other media or applications, and vice versa. The use of these features enables the sharing of information with your friends or other users, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.
Analytics Services Provided by Other Companies
Protecting Personal Data
Highspot takes reasonable measures to protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction.
We take precautions including organizational, technical, and physical measures to help safeguard and prevent accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, any Personal Data we process or use.
Although we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are exclusively responsible to protect your passwords, to limit and control access to your devices, and to make sure to sign out of our Services after each session. If you have questions about the security of our systems and our Services, please contact us using the information in the Contact Us section below.
Highspot’s use of information received from Gmail APIs will adhere to Google’s Limited Use Requirements.
We ask that you not upload, send, or disclose any sensitive personal data when using our Services (e.g. health information or social security numbers).
Children & Minors
Use of our Services is not intended for children or minors. We do not knowingly collect any data from children, and we encourage parents and legal guardians to monitor their children’s internet use to help enforce this Policy by instructing their children to not disclose or upload personal data when using our Services. If you believe a child or minor, without a parent or guardian’s consent, has provided Personal Data to Highspot through our Services, please contact us at email@example.com so we can delete the information from our servers.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
Highspot complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, processing, use, and retention of Personal Data transferred from the European Union and the United Kingdom and/or Switzerland (“EU Data”) to the United States in reliance on Privacy Shield. Highspot has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in the policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit the Department of Commerce’s Privacy Shield website.
In compliance with the Privacy Shield Principles, Highspot commits to resolve complaints about our collection or use of your Personal Data. Individuals with inquiries or complaints regarding our Privacy Shield should first contact Highspot at firstname.lastname@example.org.
If Highspot does not resolve your complaint, you may submit your complaint free of charge for resolution to JAMS for mediation, pursuant to the JAMS International Mediation Rules. Under certain conditions specified by the Privacy Shield Principles, you may also be able to invoke binding arbitration to resolve your complaint. Highspot is subject to the investigatory and enforcement powers of the Federal Trade Commission. If Highspot shares EU Data with a third-party service provider that processes the data solely on Highspot’s behalf, then Highspot may be held liable for that third party’s processing of EU Data in violation of the Principles, unless Highspot can prove that it is not responsible for the event giving rise to the damage.
Highspot has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU, the United Kingdom, and Switzerland in the context of an employment relationship.
Analytics of Customer Data
Highspot may store and use metadata associated with Customer’s use of the Services, including but not limited to IP addresses, stored sessions, and network metadata (collectively, “Customer Metadata”) for the purpose of providing the Services to Customer. In addition, Highspot may track and analyze the usage of the Services for purposes of security and helping Highspot improve both the Services and the user experience in using the Services. For example, we may use this information to understand and analyze trends or track which of our features are used most often to improve product functionality. Highspot may aggregate Customer Data (electronic data and information submitted by or for Customer to the Services, excluding Non-Highspot Applications) and Customer Metadata with data and metadata from other Highspot customers or other sources, provided that such data and metadata is not identifiable as Customer Data or Customer Metadata and Customer cannot be recognized as its source. Highspot may share anonymous usage data with Highspot’s service providers for the purpose of helping Highspot in such tracking, analysis and improvements. Additionally, Highspot may share such anonymous usage data on an aggregate basis in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our Services.
How Do I Manage Cookies?
Cookie opt-out links: You have the right to decide whether to accept or reject cookies. You can exercise your cookie preferences by clicking on the appropriate opt-out links provided below. Most advertising networks offer you a way to opt out of targeted advertising. Click here for more information. You can opt out of certain cookies here and if you are located in the European Union, click here.
Browser Settings: Many web browsers accept cookies by default. You can usually change your browser’s settings to reject and/or remove many cookies. On some browsers, you can choose to let Highspot’s website place cookies, but choose to reject cookies from certain third parties (such as analytics companies and advertising companies). Please visit your browser’s help or settings menu for more information. To learn more about how to control cookie settings through your browser:
- Click here to learn more about Private Browsing and managing cookie settings in Firefox.
- Click here to learn more about Incognito and managing cookie settings in Chrome.
- Click here to learn more about “InPrivate” and managing cookie settings in Internet Explorer.
- Click here to learn more about “Private Browsing” and managing cookie setting in Safari.
Please note that if you choose to reject or remove cookies, this may prevent certain features or certain parts of our Services from working properly. Since your cookie opt-out preferences are also stored in a cookie on your website browser, please also note that if you delete all cookies, use a different browser, or buy a new computer, you will need to renew your opt-out choices.
You may manage your preferences for sharing your files and the activities you engage in via our Services with other users through your account settings. When you first create an account, we encourage you to review the default privacy settings for your account and make any desired adjustments. For instance, if you create an account using your corporate email address, the default privacy setting provides that you will share your files and activities through our Services with other users that have the same email address domain name. Additionally, please note that certain activities are inherently public and may not be managed through your privacy settings, such as when you comment on a file uploaded by another user.
You may update, correct, or delete information about you at any time by logging into your online account to manage your profile. If you wish to delete or deactivate your account, please email us at email@example.com, but note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of your account information for a certain period of time.
You may opt out of receiving promotional email messages from Highspot by following the instructions in those emails or by managing your communications preferences through your account settings. If you opt out, we may still send you transactional or relationship messages, such as those about your account or our ongoing business relations.
If you want your phone number to be added to our internal do-not-call telemarketing list, please contact us using the information below in the “Contact Us” section. Please include your first name, last name, company, and the phone number you wish to add to the do-not-contact list.
You may manage your preferences for receiving certain alerts and notifications from Highspot in connection with the use of our Services by you or other users through your account settings.
You can update your email preferences here.
If you have any questions about this Policy, please contact us at: firstname.lastname@example.org.