.png)
Privacy Statement
Effective Date: Dec 13th 2023
​
Table of Contents
-
Introduction
-
Data Protection Officer
-
How we collect and use (process) your personal information
-
Use of the spate.nyc website
-
Cookies and tracking technologies
-
Use of the Spate services
-
When and how we share information with third parties
-
Transferring personal data to the U.S.
-
Data Subject rights
-
Security of your information
-
Data storage and retention
-
Questions, concerns, or complaints
​
Introduction
We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Notice describes the Spate’s policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.
Data Protection Officer
Spate is headquartered at 49 Elizabeth street, NY 10013, New York, in the United States. Spate has appointed an internal data protection officer for you to contact if you have any questions or concerns about Spate’s personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to Spate’s data protection officer. Spate’s data protection officer’s name and contact information are as follows:
​
Olivier Zimmer
Spate
49 Elizabeth street, NY 10013, New York
+1 516-715-1752
​
How we collect and use (process) your personal information
Spate collects personal information about its website visitors and customers. With a few exceptions, this information is generally limited to:
-
name
-
job title
-
employer name
-
work address
-
work email
-
work phone number
​
We use this information to provide prospects and customers with services.
We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services.
From time to time, Spate receives personal information about individuals from third parties. Typically, information collected from third parties will include further details on your employer or industry. We may also collect your personal data from a third party website (e.g. LinkedIn)
​
Use of the Spate Website
As is true of most other websites, Spate’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of Spate’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.
Spate has a legitimate interest in understanding how members, customers and potential customers use its website. This assists Spate with providing more relevant products and services, with communicating value to our sponsors and corporate members, and with providing appropriate staffing to meet member and customer needs.
Cookies and tracking technologies
Spate makes available a comprehensive Cookie policy that describes the cookies and tracking technologies used on Spate website and provides information on how users can accept or reject them. To view the notice, just click Cookie Policy.
​
Sharing information with third parties
The personal information Spate collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. On occasion, Spate engages third parties to send information to you, including information about our products, services, and events.
​
A list of our third party sub processors can be found here: Auth0, FullStory, Google Ads, Google Analytics, Google Cloud Platforms,Hubspot, Linkedin Ads, Meta Ads Manager, Mixpanel.
​
We do not otherwise reveal your personal data to non-Spate persons or businesses for their independent use unless: (1) you request or authorize it; (2) it’s in connection with Spate-hosted and Spate co-sponsored conferences as described above; (3) the information is provided to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (4) the information is provided to our agents, vendors or service providers who perform functions on our behalf; (5) to address emergencies or acts of God; or (6) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf. We may also gather aggregated data about our services and website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers, and/or other third parties for marketing or promotional purposes.
The Spate website connects with third party services such as Facebook, LinkedIn, Twitter and others. If you choose to share information from the Spate website through these services, you should review the privacy policy of that service. If you are a member of a third party service, the aforementioned connections may allow that service to connect your visit to our site to your personal data.
​
Transferring personal data to the U.S.
Spate has its headquarters in the United States. Information we collect about you will be processed in the United States. By using Spate’s services, you acknowledge that your personal information will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Pursuant to Article 46 of the GDPR, Spate is providing for appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA and the UK. These clauses have been enhanced based on the guidance of the European Data Protection Board and will be updated when the new draft model clauses are approved.
Depending on the circumstance, Spate also collects and transfers to the U.S. personal data with consent; to perform a contract with you; or to fulfill a compelling legitimate interest of Spate in a manner that does not outweigh your rights and freedoms. Spate endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Spate and the practices described in this Privacy Statement. Spate also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate. Since it was founded, Spate has received zero government requests for information.
For more information or if you have any questions, please contact us at privacy@spate.nyc
Data Subject rights
The European Union’s General Data Protection Regulation (GDPR) and other countries’ privacy laws provide certain rights for data subjects. Data Subject rights under GDPR include the following:
-
Right to be informed
-
Right of access
-
Right to rectification
-
Right to erasure
-
Right to restrict processing
-
Right of data portability
-
Right to object
-
Rights related to automated decision making including profiling
This Privacy Notice is intended to provide you with information about what personal data Spate collects about you and how it is used.
If you wish to confirm that Spate is processing your personal data, or to have access to the personal data Spate may have about you, please contact us.
You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Spate might have received the data from Spate; what the source of the information was (if you didn’t provide it directly to Spate); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by Spate if it is inaccurate. You may request that Spate erase that data or cease processing it, subject to certain exceptions. You may also request that Spate cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Spate processes your personal data. When technically feasible, Spate will—at your request—provide your personal data to you.
Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, Spate will provide you with a date when the information will be provided. If for some reason access is denied, Spate will provide an explanation as to why access has been denied.
For questions or complaints concerning the processing of your personal data, you can email us at privacy@spate.nyc. Alternatively, if you are located in the European Union, you can also have recourse to the European Data Protection Supervisor or with your nation’s data protection authority.
Lawful Basis for Processing Personal Data
This section of our Privacy Policy is dedicated to explaining the lawful basis on which we process personal data, in compliance with the General Data Protection Regulation (GDPR). We are committed to ensuring that all personal data is processed lawfully, transparently, and for a specific purpose.
1. Consent
We may process data on the basis of explicit and informed consent obtained from you. This means that we will ask for your clear agreement to process your personal data for a specific purpose. You have the right to withdraw your consent at any time.
2. Contractual Necessity
If you enter into a contract with us, we will process your personal data as necessary to fulfill the terms of our contract. This includes any actions required prior to entering into a contract, such as responding to inquiries or providing quotes.
3. Legal Obligations
We may process your personal data where it is necessary for compliance with a legal obligation to which we are subject. This includes, but is not limited to, financial and tax reporting requirements, or responding to legal processes.
4. Legitimate Interests
We may process personal data based on legitimate interests, provided that these interests are not overridden by your data protection rights. Such processing will be conducted in a manner that respects your privacy and is necessary for the purposes of our legitimate interests.
5. Vital Interests
In rare circumstances, we may process personal data to protect an individual’s vital interests, particularly in emergency situations where the processing of personal data could prevent harm.
6. Public Interest
Where applicable, we may process personal data for tasks carried out in the public interest or in the exercise of official authority vested in us.
8. Rights and Choices of Individuals
You have various rights in relation to the personal data we hold about you. These rights include accessing or rectifying your data, erasing it, restricting its processing, objecting to its processing, and the right to data portability. Please contact us to exercise any of these rights.
9. Changes to Our Processing Basis
Should the basis on which we process your personal data change, we will update this policy and inform you of these changes.
​
Data storage and retention
Your personal data is stored by the Spate on its servers, and on the servers of the cloud-based database management services the Spate engages, located in the United States. The Spate retains service data for the duration of the customer’s business relationship with the Spate and for a period of time thereafter, to analyze the data for Spate’s own operations, and for historical and archiving purposes associated with Spate’s services. Spate retains prospect data until such time as it no longer has business value and is purged from Spate systems. All personal data that Spate controls may be deleted upon verified request from Data Subjects or their authorized agents. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at: privacy@spate.nyc
System or Application: Spate, Inc. SaaS Products
Data Description: Customer Data
Retention Period: Indefinite
​
System or Application: Spate, Inc. AutoSupport
Data Description: Customer instance and metadata, debugging data
Retention Period: Indefinite
System or Application: Spate, Inc. Customer Support Tickets
Data Description: Support Tickets and Cases
Retention Period: Indefinite
System or Application: Spate, Inc. Customer Support Phone Conversations
Data Description: Support Phone Conversations
Retention Period: Indefinite
System or Application: Spate, Inc. Security Event Data
Data Description: Security and system event and log data, network data flow logs
Retention Period: Indefinite
System or Application: Spate, Inc. Vulnerability Scan Data
Data Description: Vulnerability scan results and detection data
Retention Period: Indefinite
System or Application: Spate, Inc. Customer Sales
Data Description: Opportunity and Sales Data
Retention Period: Indefinite
System or Application: Spate, Inc. QA and Testing Data
Data Description: QA, testing scenarios and results data
Retention Period: Indefinite
System or Application: Security Policies
Data Description: Security Policies
Retention Period: Indefinite
System or Application: Temporary Files
Data Description: Ephemeral storage
Retention Period: automatically when process finishes
Children’s data
We do not knowingly attempt to solicit or receive information from children.
Questions, concerns or complaints
If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at:
Spate
49 Elizabeth street, NY 10013, New York
+1 516-715-1752
_________________________
Our UK Representative:
Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is: GDPR Local Ltd.
Adam Brogden contact@gdprlocal.com
Tel +44 1772 217800
1st Floor Front Suite
27-29 North Street, Brighton
England
_________________________
Our EU Representative:
Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is: Instant EU GDPR Representative Ltd.
Adam Brogden contact@gdprlocal.com
Tel +35315549700
INSTANT EU GDPR REPRESENTATIVE LTD
Office 2,
12A Lower Main Street, Lucan Co. Dublin