Spinnaker Support Privacy Policy
Effective: October 24, 2024
Introduction
At Spinnaker Support LLC (together with our subsidiaries and affiliates, “Spinnaker Support,” “we,” “us,” “our,” or the “Spinnaker Group”), we are committed to ensuring that your privacy is protected.
In addition to any other applicable data privacy or security laws, Spinnaker Support complies with the California Consumer Privacy Act and the European Union directive on the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This includes your right to access personal data, right to rectify inaccurate personal data, right to erase personal data (‘right to be forgotten’), right to restriction of processing, right to opt-out of sales of personal data, and right to personal data portability.
Spinnaker Support complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Spinnaker Support has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Spinnaker Support has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Spinnaker Support commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
This Privacy Policy sets out how Spinnaker Support collects, uses, and discloses any personal data that you give us or that we collect in connection with any websites and platforms we own and operate that link to this Privacy Policy, and our related online and offline services, events, social media pages, and email and other electronic communications, and the choices you have with respect to your personal data. The policy aims to inform you about the types of personal data we collect, the purposes for which the data are used and the way the data are handled. This Privacy Policy does not apply to personal data that we may store or maintain on behalf of the users of our services, where applicable. Any changes we may make to our Privacy Policy in the future will be posted on this page.
Spinnaker Support LLC is a Colorado limited liability corporation, with US registration number 20081405069. For the purpose of the EU General Data Protection Regulation 2016/679 (“GDPR”) and national laws implementing GDPR, the data controller is Spinnaker Support LLC and its subsidiaries.
Our registered address is:
5445 DTC Parkway
Suite 850
Greenwood Village, CO 80111
United States
The company is registered with the Information Commissioner’s Office as a data controller. References in this Privacy Policy to our Group of companies are to the parent company of Spinnaker Support LLC and to other trading subsidiaries of Spinnaker Support LLC. Our other offices that fall within the scope of this Privacy Policy are listed here.
Categories of personal data collected
The following table describes the categories (with non-exhaustive examples) of personal data we may collect about you. We may also collect other personal data that is not specifically listed here, which we will use as described in this Privacy Policy or at the time of collection.
Categories | Examples |
A. Individual Identifiers | Name, postal address, email address, phone number, or other similar identifiers. |
B. Commercial Information |
Account information, such as your log-in details, information that you store in your account, and other details about your use of the Services. Transaction history, such as records of products and services you have purchased from us. Transaction and billing data, such as payment amounts and payment methods used to complete transactions, and other relevant information about the financial institutions you use to conduct business. Preferences, such as any preferences you set in your account and any marketing or communications preferences. Survey responses, such as the information you provide in response to our surveys, questionnaires, or contests. Communications, such as the information associated with your requests or inquiries, including for support, assistance, or order information, and any feedback you provide when you communicate with us. |
C. Internet or Network Activity |
Online activity information, such as the website you visited before browsing to our website, pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access. Device information, such as your computer or mobile device operating system type and version number, wireless carrier, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, and general location information such as city, state, or geographic area. |
D. Audio, Electronic, Visual, or Similar Information | Customer service call recordings or ticket communication history, recorded for training and quality assurance purposes. |
E. Professional or Employment-Related Information | Company name, employee name, job title, company address, contact telephone numbers, and information collected in connection with employment or application for employment. |
F. Inferences Drawn from Personal Data | Profiles reflecting preferences, characteristics, or behavior. |
Information we may collect from you or third parties
We collect your personal data when you voluntarily submit it to us or from other third-party sources. For example, we may receive your personal data in the following circumstances:
- when you fill in a form on our website,
- when you meet us at trade events,
- when you become a client,
- when you submit a job application,
- when you use our Partner Portal,
- when you email, call, text, or fax us,
- from third party sources including joint marketing partners, and
- from publicly available sources such as found through social media or web searches.
Information we may collect automatically
Spinnaker Support, our trusted third-party providers, and our marketing partners may automatically log information about you, your computer, or mobile device, and your activity over time on our services and other sites and online services, such as the online activity information and device information listed above. Like many online services, we use cookies and similar technologies to facilitate some of the automatic data collection described above, such as:
- Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
- Flash cookies, or locally stored objects, which are used on websites for purposes similar to cookies but allow storage of a larger amount of data.
- Web beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
- Local storage, which is used to save data on a visitor’s device. We use data from local storage to turn on web navigation, store multimedia preferences, customize what we show you based on your past interactions with our services, remember your preferences, and measure ad effectiveness.
- Session-replay technologies, which are third-party software used to record a video replay of users’ interactions with the services. The video replay may include users’ clicks, mouse movements, typing, and other activity taken during the session. We use these replays for research and development purposes, such as to help us troubleshoot problems with the services, understand how users interact with and use the services, and identify areas for improvement.
Click on the “Cookie Preferences” icon hyperlink at the foot of this page for more information about the cookies operating on our website and to review cookie settings related to information shared with certain third parties.
Data from our website form or at conferences
If you complete an inquiry form on our website or give us your details in person, for example at a conference, we will contact you by email or phone so that we can discuss the products or services in which you have indicated an interest. Data that you provide will be added to our Customer Relationship Management (CRM) system and used to send you marketing messages. You can opt out of these messages at any time by using the unsubscribe link that we put in every email.
Our lawful basis for processing this data is consent. Unless you withdraw consent, we will keep your data in our systems for 10 years from the date we last had contact with you.
Data from our marketing partners
Our marketing partners may contact you by phone or email in order to tell you about our services. They will let you know who we are, where they obtained your data, and your right to opt out of future marketing. We will absolutely respect that right. If you express an interest in Spinnaker Support services, they will pass your data to us and we will contact you by email or phone and add your data to our CRM system so that we can continue to market to you.
Our lawful basis for processing these data is legitimate interest. Unless you exercise your right to object to processing, we will keep your data in our systems for 10 years from the date we last had contact with you.
We also work with third-party advertising companies and social media companies to help us advertise our business and to display ads for our products and services. These companies may use cookies and similar technologies to collect information about you (including the online activity information and device information described above) over time across our services and other websites and services or your interaction with our emails and use that information to serve ads that they think will interest you. In addition, some of these companies may use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms. You can learn more about your choices for limiting behavioral-based advertising in the “Your rights and choices (all users)” section below.
Our lawful basis for processing this data is consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal data for this purpose based on our legitimate interest in promoting our business and providing you with tailored, relevant content.
Client data
When you become a client, we require your personal data in order for us to fulfill our contract with you. Our lawful basis for processing is contractual obligation.
We will also add your data to our CRM so that we can keep you updated with any information you might be interested in. Our lawful basis for this processing is legitimate interest. We will continue to process your data for so long as you have an active account, or as needed to provide you with the services to fulfill our contractual or legal obligations.
We may also use your personal data for research and development purposes, including to study and improve the services and our business, understand and analyze the usage trends and preferences of our users, and develop new features, functionality, products, and services. As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal data we collect. We may use this anonymous data and share it with third parties for our lawful business purposes.
Our lawful basis for this processing is our legitimate interest in the research and development purposes described above.
Job applications
If you submit a job application either directly or through a recruiter, our lawful basis for processing your personal data is consent or legitimate interest. We will use your data in connection with the specific job that you’ve applied for and it will be stored for the duration of your application. If we think there may be other roles for which you would be suitable, we will hold your details up to two years after completion of the initial application process. We will only do this with your consent except where retention is required by law (for example, candidates from the US, whose details will be held for seven years).
Your personal data may be passed to or accessed by Spinnaker Support companies both inside and outside the European Economic Area in order to offer relevant job opportunities to you. You may withdraw your permission for your data to be processed outside the EU/EEA and Swiss by making a request to our team using the Contact details below. You can update your CV at any time by simply submitting a new CV.
Sometimes we use publicly available sources of data such as LinkedIn in order to source candidates. Our lawful basis for processing this data is legitimate interest and, in these situations, upon request from the candidate, we will provide you with our Privacy Policy within a maximum of 30 days of obtaining your data. Should you be interested in working with us, we will ask for your consent to store your data as above.
Our Partner Portal
When you become a Partner of ours, we collect your personal data from the partner inquiry form or the login page.
Our lawful basis for processing this data is contractual obligation as we have agreed to provide you with marketing and other collateral to further our joint business objectives. We will continue to process your data for so long as you have an active account, or as needed to provide you with the services to fulfill our contractual or legal obligations.
Related companies and M&A transactions
We may share your personal data with companies that are affiliated with us (that is, that control, are controlled by, or are under common control with us). In addition, if we transfer all or part of its business or make a transfer of assets or is otherwise involved in a merger or business transfer, we may transfer your personal data to a third party as part of that transaction, including at the negotiation stage.
Consent
We will disclose your personal data in accordance with your prior direction or, in some cases, we may ask if you for your consent to collect, use, or share your personal data, such as when required by law.
Trusted third parties
Spinnaker Support will share your personal data with trusted third parties retained to provide services that you have requested or for our own legitimate business purposes. In order to carry out our services and/or run our website, we may disclose personal data to the third parties. Depending on how you use our website and/or services, the following categories of third parties may collect or receive personal data from us or on our behalf:
- CRM providers
- Information technology providers, hosting providers, database management providers
- Marketing partners
- Web analytics partners
- Fraud protection providers
- Other professional support services
Marketing partners
We may share personal data with third parties who we partner with for marketing campaigns or that collect information about your activity on the services for the purposes described in the “Data from our marketing partners” section above.
Legal compliance
We may disclose personal data in response to subpoenas, warrants, or court orders, in connection with any legal process, or to comply with relevant laws or law enforcement requirements. We may also share your personal data in order to establish or exercise our rights; to defend against a legal claim; to investigate, prevent, or take action regarding possible illegal activities or fraud; to protect the safety and security of other clients; or to prevent a violation of our agreements.
You can make the following choices regarding your personal data:
Choice
If personal data covered by this Privacy Policy is to be used for a new purpose that is materially different from that for which the personal data was originally collected or subsequently authorized or is to be disclosed to a non-agent third party in a manner not specified in this Policy, Spinnaker Support will provide you with an opportunity to choose whether to have your personal data so used or disclosed. Request to opt out of such uses or disclosures of Personal Data please click here. In order to process your request, we will ask you to provide two valid forms of identification for verification purposes.
Changes to your personal data
You have the right to update and correct the personal data contained in your account. Note that we may keep historical information in our backup files as permitted by law. If our website does not permit you to update or correct certain personal data, please contact us as described below.
Promotional emails
You may choose to provide us with your e-mail address for the purpose of allowing us to send newsletters, surveys, offers, and other promotional materials related to our website, as well as targeted offers from third parties. You can stop receiving promotional e-mails by clicking the “unsubscribe” links in the e-mails or by contacting us as described below. If you decide not to receive promotional e-mails, we may still send you service-related communications, such as those about your account, to fulfill orders for services you have requested, or deliver notifications directly to you through the website.
Cookies
Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the services and our website may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.
Analytics
The website uses analytics to help us analyze how the website is being accessed and used. We may use third party analytics and advertising cookies, for example, to help create reports and statistics on the performance of our services and to be able to present you with content tailored to your interests. The information collected through the use of analytics may include, for example, your IP address, the website from which you visited us, the type of device you used.
You can learn more about Google Analytics cookies by clicking here and about how Google protects your data by clicking here. To opt-out of Google Analytics, you can download and install the Google Analytics Opt-out Browser Add-on, available here.
Behavioral-based advertising
We participate in behavioral-based advertising. This means that a third party may use technology (e.g., a cookie) to collect information about your use of our website so that we can provide advertising about services tailored to your interest. That advertising may appear either on our website, or on other sites. If you wish to limit third parties’ collection of information about your use of our website, you can opt-out of such at the Digital Advertising Alliance or Network Advertising Initiative in the U.S., or the European Digital Advertising Alliance in Europe. PLEASE NOTE THAT OPTING-OUT OF BEHAVIORAL ADVERTISING DOES NOT MEAN THAT YOU WILL NOT RECEIVE ADVERTISING WHILE USING THE WEBSITE. IT WILL, HOWEVER, EXCLUDE YOU FROM INTEREST-BASED ADVERTISING CONDUCTED THROUGH PARTICIPATING NETWORKS, AS PROVIDED BY THEIR POLICIES AND CHOICE MECHANISMS.
Do-not-track
Some web browsers and devices permit you to broadcast a preference that you not be “tracked” online. At this time, we do not modify your experience based upon whether such a signal is broadcast. To find out more about “Do Not Track,” please visit here.
We only transfer personal data outside the UK/EEA and Swiss if there is legally adequate data protection mechanism through which to transfer your personal data outside the UK/EEA and Swiss. If we transfer your personal data to a country outside of the UK/EEA and Swiss such that we are required to apply additional safeguards to your personal data under European data protection laws, we will do so.
If you are an EU, UK, or Swiss individual, where we transfer your personal data to third party service providers who perform services for Spinnaker Support or on our behalf, we are responsible for the processing of that data by them and shall remain liable if they process your personal data in a manner inconsistent with the EU-GDPR, UK-GDPR, or Swiss-FADP, as applicable, or the DPF Principles referred to in the next section, unless we prove that we are not responsible for the event giving rise to the damage.
Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of Personal Data that we transfer to them.
Please contact us at [email protected] for further information about any such transfers or the specific safeguards applied.
Where the processing of your personal data is subject to UK/EEA and Swiss data protection laws, you have the data subject rights as set out below. If you wish to exercise any of these rights, please click here. In order to process your request, we will ask you to provide two valid forms of identification for verification purposes.
Your rights as an UK/EEA and Swiss individual data subject are as follows:
The right to be informed
As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this Privacy Policy and any related communications we may send you.
The right of access
You may request information about our processing of your personal information and access to your personal data free of charge. Please note, before responding to your request, we may need to verify your identity and, if relevant, the authority of any third-party requestor.
If there are exceptional circumstances that give us the right to refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or imposes an unreasonable expense (which you may have to meet), we will inform you.
The right of correction
When you believe we hold inaccurate personal data about you, you may request that we correct your personal data.
The right to deletion
You may request that we delete your personal data that we have collected from you. We will grant a request to delete data as required by law, but you should note that in many situations we must keep your personal data to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes. Except as provided above, we will delete, aggregate, or de-identify all of your personal data as described in this subsection within the timeframes required by law.
The right to erasure (the ‘right to be forgotten’)
Where no overriding lawful basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
The right to rectification
When you believe we hold inaccurate or incomplete personal data about you, you may request to exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
The right to restrict processing
In certain circumstances, you may ask us to stop processing your personal data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
- The accuracy of the personal data is contested
- Processing of the personal data is unlawful
- We no longer need the personal data for processing but the personal data is required for part of a legal process
- The right to object has been exercised and processing is restricted pending a decision on the status of the processing
The right to data portability
You may request your set of personal data be transferred to you or to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfillment of a contractual obligation.
The right to object
You have the right to object to our processing of your personal data where:
- Processing is based on legitimate interest;
- Processing is for the purpose of direct marketing;
- Processing is for the purposes of scientific or historic research; or
- Processing involves automated decision-making and profiling.
Where the processing of your personal data is subject to California data protection laws, you have the rights as set out below. For purposes of this section, “personal data” means “personal information” as defined under California data protection laws, but does not include information exempt from the scope of such laws. To exercise any of these rights, please see below. You will not be subject to discrimination as a result of exercising the rights described herein.
Your rights as a California resident are as follows
The right to be informed
We describe the personal data we collect, or have collected in the 12 months preceding the effective date of this Privacy Policy, and the potential sources of that data in the section above titled “Collection of personal data.”
We describe the specific business and commercial purposes for which we collect and use those categories of personal data in the section above titled “Purposes and lawful bases of personal data collection.”
To the extent we collect sensitive personal data (as defined under California law), we only use or disclose it for purposes permitted under California law (e.g., to perform the services, detect security incidences and prevent fraud, and to verify and maintain the quality of the services). We do not collect or use sensitive personal data for the purpose of inferring characteristics about California residents.
We will retain each of the categories of personal data collected for as long as necessary to fulfill the purpose of collection, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish and defend legal claims, for fraud prevention purposes, or as long as required to meet our legal obligations. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Spinnaker Support must also disclose whether the following categories of personal data are disclosed for a “business purpose” or “sold” to a third party for monetary or other “valuable consideration” as those terms are defined under California law. Where such disclosure is for behavioral-based advertising, whether or not for monetary or other valuable consideration, it qualifies as “sharing” under California law.
The following table describes how we disclose, “sell,” or “share” personal data, including our practices in the 12 months preceding the effective date of this Privacy Policy. Note that while a category below may be marked, that does not necessarily mean that we have personal data in that category about you. For a description of the categories of third-party recipients, please see the “How we share your personal data” section above.
Category of Personal Data | To Whom Personal Data is Disclosed for a Business Purpose | To Whom Personal data is “Sold” or “Shared” |
A. Individual Identifiers |
Related companies Trusted third parties Marketing partners Legal compliance |
Marketing Partners |
B. Commercial Information |
Related companies Trusted third parties Marketing partners Legal compliance |
Marketing Partner |
C. Internet or Network Activity |
Related companies Trusted third parties Marketing partners |
Marketing partners |
D. Audio, Electronic, Visual, or Similar Information |
Related companies Trusted third parties |
No |
E. Professional or Employment-Related Information |
Related companies Trusted third parties Legal compliance |
No |
F. Inferences Drawn from Personal Data |
Related companies Trusted third parties Marketing partners |
Marketing partners |
We have disclosed for business purposes and have “sold” or “shared” the categories of personal data indicated above for our commercial purposes as further described in this Privacy Policy under the section titled “Purposes and lawful bases of personal data collection.”
We do not knowingly “sell” or “share” the personal data of California residents under 16 years of age.
The right of access
You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:
- The categories of personal data that we have collected
- The categories of sources from which we collected personal data
- The business or commercial purpose for collecting, selling, or sharing personal data
- The categories of third parties with whom we disclose personal data
If there are circumstances that give us the right to refuse to provide the information, we will explain them. If requests are clearly unfounded, repetitive, or excessive, we reserve the right to refuse them. If answering requests is likely to require additional time or imposes an unreasonable expense (which you may have to meet), we will inform you.
The right of correction
When you believe we hold inaccurate personal data about you, you may request that we correct your personal data.
The right to deletion
You may request that we delete your personal data that we have collected from you. We will grant a request to delete data as required by law, but you should note that in many situations we must keep your personal data to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes. Except as provided above, we will delete, aggregate, or de-identify all of your personal data as described in this subsection within the timeframes required by law.
The right to opt-out of “sales”/“sharing”
If we “sell” or “share” your personal data, you can opt-out. If you direct us not to sell/share your personal information, we will consider it a request pursuant to California’s “Shine the Light” law to stop sharing your personal data covered by that law with third parties for their direct marketing purposes.
Exercising your California rights
To request to exercise your right to access, correct, or delete, please click here or call us toll-free at 1-877-476-0576.
To request to exercise your right to opt-out out of the “sale” or “sharing” of your personal data relating to the automatic collection of data for the purpose of behavioral-based advertising please:
- select the “Cookie Preferences” icon hyperlink in the footer of our website, or
- broadcast the Global Privacy Control (GPC) signal.
Note that due to technological limitations, if you visit our services from a different computer or device, or clear cookies on your browser that store your preferences, you will need to return to this screen to select your preferences and/or rebroadcast the GPC signal.
To opt-out of other “sales,” we need to collect some identifying information. Please submit your request by clicking “Do Not Sell or Share My Personal Information” to exercise your opt-out rights. to exercise your opt-out rights.
When exercising your rights or otherwise assisting you, we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure we do not disclose personal data to any person who is not entitled to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You may also designate an authorized agent to make a request on your behalf. If you do so, we may require the requester’s proof of identification, the authorized agent’s proof of identification, and any other information that we may request in order to verify your request, including evidence of valid permission for the authorized agent to act on your behalf.
We try to respond to all legitimate requests within 45 days of your request.
Occasionally it may take us longer than 45 days to respond, for instance if your request is particularly complex or you have made a number of requests. In this case, we will notify you of the delay, and may continue to update you regarding the progress of our response.
Nevada Revised Statutes Chapter 603A allows Nevada residents to opt-out of the “sale” of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. If you are a Nevada resident who wishes to exercise your “sale” opt-out rights, you may submit a request to us by clicking here.
Security
Our information security management system (ISMS) is certified to ISO/IEC 27001.
We have appropriate security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our ISMS. However, no method of transmission over the Internet, or method of electronic storage, is fully secure. Further, we do not have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We cannot guarantee the security of your personal data.
The Services may contain links to other websites and online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or online services that are not associated with us. We do not control third party websites or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use, and sharing of your personal information. We encourage you to read the privacy policies of the other websites and online services you use.
Spinnaker Support is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). If there is any conflict between the policies in this Privacy Policy and data subject rights under the Data Privacy Framework, the Data Privacy Framework shall govern. To learn more about the Data Privacy Framework, and to view our certification page, please visit https://www.dataprivacyframework.gov/.
When you contact us, we will ask you to verify your identity.
Email
[email protected]
Post
5445 DTC Parkway
Suite 850
Greenwood Village, CO 80111
United States
Data Protection Office
Mollie Nycum-Duvnjak
You may, subject to its terms, invoke binding arbitration in accordance with Annex I of the DPF Principles:https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset35584=2
This provides that you may invoke binding arbitration by delivering notice to Spinnaker Support and following the procedures and subject to conditions set forth in Annex I of the Principles.
You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Telephone
+44 0303 123 1113
Website
https://ico.org.uk/make-a-complaint/
Post
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom
If you live or work outside the UK or you have a complaint concerning our activities outside the UK, you may prefer to lodge a complaint with a different supervisory authority.
Spinnaker reserves the right, at any time, to modify this Privacy Policy. If we make revisions that change the way we collect, use, or share personal data, we will post those changes in this Privacy Policy. You should review this Privacy Policy periodically so that you keep up to date on our most current policies and practices. We will note the effective date of the latest version of our Privacy Policy at the top of this Privacy Policy. Your continued use of our website or services following posting of changes constitutes your acceptance of such changes.