Spinnaker Support Privacy Policy

Effective: July 31, 2020

Introduction

At Spinnaker Support LLC (“Spinnaker Support,” “we,” “us,” “our,” or the “Spinnaker Group”), we are committed to ensuring that your privacy is protected. In addition to any other applicable data privacy or security laws, Spinnaker Support complies with the California Consumer Privacy Act and the European Union directive on the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This includes your right to access personal data, right to rectify inaccurate personal data, right to erase personal data (‘right to be forgotten’), right to restriction of processing, right to opt-out of sales of personal data, and right to personal data portability. Additionally, we comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield and we have certified that we adhere to the Privacy Shield Principles with respect to such personal data. Under the EU-US and Swiss-US Privacy Shield Frameworks, we are responsible for the processing of information about you we receive from the EU and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage. This privacy policy sets out how Spinnaker Support uses and protects any information that you give us or that we collect, through whatever method. The policy aims to inform you about the types of personal data we collect, the purposes for which the data are used and the way the data are handled. Any changes we may make to our privacy policy in the future will be posted on this page.

Who we are

Spinnaker Support LLC is a Colorado limited liability corporation, with US registration number 20081405069. For the purpose of the EU General Data Protection Regulation 2016/679 (“GDPR”) and national laws implementing GDPR, the data controller is Spinnaker Support LLC and its subsidiaries.

Our registered address is:

5445 DTC Parkway
Suite 850
Greenwood Village, CO 80111
United States

The Company is registered with the Information Commissioner’s Office as a data controller. References in this Privacy Policy to our Group of companies is to the parent company of Spinnaker Support LLC and to other trading subsidiaries of Spinnaker Support LLC. Our other offices that fall within the scope of this privacy policy are listed here.

Collection of personal data

Categories of personal data collected

The following are categories (with non-exhaustive examples) of personal data we may collect about you:

CategoriesExamples
A. Individual Identifiers and Demographic InformationName, postal address, email address, or other similar identifiers.
B. Commercial InformationRecords of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
C. Internet or Network ActivityIP address, device identifier, browsing history, search history, information on an individual’s interaction with a website, application, or advertisement.
D. Professional or Employment-Related InformationEmployer name, job title, company address, contact telephone numbers, information collected in connection with employment or application for employment.

Information we may collect from you or third parties

We collect your personal data when you voluntarily submit it to us or from other third party sources. For example, we may receive your personal data in the following circumstances:

  • when you fill in a form on our website,
  • when you meet us at trade events,
  • when you become a client,
  • when you submit a job application,
  • when you use our Partner Portal,
  • when you email, call, text, or fax us,
  • from third party sources including joint marketing partners, and
  • from publicly available sources such as LinkedIn.

Information we may collect automatically

When people visit https://spinnakersupport.com we use a third-party service, Google Analytics provided by Google, Inc., to collect information about the behavior patterns of our website visitors. This service sets a cookie in order to evaluate the use of the website and to compile a report on website traffic patterns.

We use Google AdWords in order to display our adverts to you when you enter appropriate search terms into Google’s search engine. Google, as our Data Processor, collects certain information from the browser you use, such as your IP address, device identifier, location data browser type and language, access times, the Uniform Resource Locator (URL) of the website that referred you to our website.

We also use Facebook remarketing in order to display adverts to you on the Facebook platform. When you visit our website, we drop a Facebook cookie on your browser which identifies your browser. This records the fact that you visited our website so that Facebook can display our adverts to you when you are on their platform.

Purposes and lawful bases of personal data collection

Data from our website form or at conferences

If you complete an inquiry form on our website or give us your details in person, for example at a conference, we will contact you by email or phone so that we can discuss the products or services in which you have indicated an interest. Data that you provide will be added to our Customer Relationship Management (CRM) system and used to send you marketing messages. You can opt out of these messages at any time by using the unsubscribe link that we put in every email.

Our lawful basis for processing these data is Consent. Unless you withdraw consent, we will keep your data in our systems for 10 years from the date we last had contact with you.

Data from our marketing partners

Our marketing partners may contact you by phone or email in order to tell you about our services. They will let you know who we are, where they obtained your data, and your right to opt out of future marketing. We will absolutely respect that right. If you express an interest in Spinnaker Support services, they will pass your data to us and we will contact you by email or phone and add your data to our CRM system so that we can continue to market to you.

Our lawful basis for processing these data is Legitimate Interest. Unless you exercise your right to object to processing, we will keep your data in our systems for 10 years from the date we last had contact with you.

Client data

When you become a client, we require your personal data in order for us to fulfill our contract with you. Our legal basis for processing is Contractual Obligation. We will also add your data to our CRM so that we can keep you updated with any information you might be interested in. Our legal basis for this processing is legitimate interest. We will continue to process your data for so long as you have an active account, or as needed to provide you with the services to fulfill our contractual or legal obligations.

Job applications

If you submit a job application either directly or through a recruiter, our legal basis for processing your personal data is Consent or Legitimate Interest. We will use your data in connection with the specific job that you’ve applied for and it will be stored for the duration of your application. If we think there may be other roles for which you would be suitable, we will hold your details up to two years after completion of the initial application process. We will only do this with your consent except where retention is required by law (for example candidates from the US, whose details will be held for seven years).

Your personal data may be passed to or accessed by Spinnaker Support companies both inside and outside the European Economic Area in order to offer relevant job opportunities to you. You may withdraw your permission for your data to be processed outside the EU by making a request to our team using the Contact details below. You can update your CV at any time by simply submitting a new CV.

Sometimes we use publicly available sources of data such as LinkedIn in order to source candidates. Our legal basis for processing these data is Legitimate Interest and, in these situations, we will provide you with our privacy policy within a maximum of 30 days of obtaining your data. Should be interested in working with us, we will ask your consent to store your data as above.

Our Partner Portal

When you become a Partner of ours, we collect your personal data from the login page. Our legal basis for processing these data is Contractual Obligation as we have agreed to provide you with marketing and other collateral to further our joint business objectives. We will continue to process your data for so long as you have an active account, or as needed to provide you with the services to fulfill our contractual or legal obligations.

Google Analytics, Facebook, and AdWords

Our lawful bases for all non-essential cookies (Google Analytics, Facebook, and AdWords) is Consent which we request when you visit our website for the first time or when no cookie exists on your browser.

We use Google Analytics to understand the location of our website visitors so that we can appropriately refine our business focus.  You can opt-out (withdraw your consent) for Google Analytics here or you can clear your browser’s cache and not accept them on your next visit to our website.

We use Facebook cookies to show you targeted marketing messages on their platform.  Details of how you can opt out of Facebook remarketing is available here or you can clear your browser’s cache as above.

The information collected by Google AdWords enables us to show you adverts on third party websites.  We also use the data to assess the effectiveness of our campaigns.  You can opt-out of these cookies here or, once again, you can clear your cache and not consent when we ask you on your next visit.

How we share your personal data

Related companies and M&A transactions

We may share your personal data with companies that are affiliated with us (that is, that control, are controlled by, or are under common control with us). In addition, if we transfer all or part of its business or make a transfer of assets or is otherwise involved in a merger or business transfer, we may transfer your personal information to a third party as part of that transaction, including at the negotiation stage.

Consent

We may ask if you would like us to share your personal data with other unaffiliated third parties who are not described elsewhere in this privacy policy, and we may do so with your consent.

Trusted third parties

Spinnaker Support will share your personal data with trusted third parties retained to provide services that you have requested or for our own legitimate business purposes. Such services include CRM, IT, marketing, hosting, database management, web analytics, fraud protection, or other professional support services.

Spinnaker Support LLC works with a number of trusted third parties to provide services to you:

  • The Spinnaker Support website is hosted by GoDaddy LLC (privacy policy), a company based in Scottsdale USA.
  • The sales and marketing teams use Salesforce (privacy policy) and Microsoft Office 365 (privacy policy) to store and process contact details submitted through the commercial inquiry form.
  • The finance teams use NetSuite (privacy policy) in order to process billing information.
  • The hiring team uses Microsoft Office 365 services to store and process applications and contact details.

Legal compliance

We may disclose personal data in response to subpoenas, warrants, or court orders, in connection with any legal process, or to comply with relevant laws or law enforcement requirements. We may also share your personal data in order to establish or exercise our rights; to defend against a legal claim; to investigate, prevent, or take action regarding possible illegal activities or fraud; to protect the safety and security of other clients; or to prevent a violation of our agreements.

Transfer of personal data outside the EEA

We only transfer such information outside the EEA if:

  1. Your product or service inquiry is best handled by one of our companies located outside the EEA.
  2. There is legally adequate data protection mechanism through which to transfer your data to trusted partners located outside the EEA.
  3. You have submitted a job application and it needs to be reviewed by our hiring team in Denver and other offices.

Your rights as an EU data subject

Where the processing of your personal data is subject to EU data protection laws, you have the data subject rights as set out below. If you wish to exercise any of these rights, please click here. In order to process your request, we will ask you to provide two valid forms of identification for verification purposes.

Your rights as an EU data subject are as follows:

The right to be informed

As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy policy and any related communications we may send you.

The right of access

You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:

  1. a) The purposes of the processing
    b) The categories of personal data concerned
    c) The recipients to whom the personal data has been disclosed
    d) The retention period or envisioned retention period for that personal data
    e) When personal data has been collected from a third party, the source of the personal data

If there are exceptional circumstances that provides us with the right to refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.

The right to rectification

When you believe we hold inaccurate or incomplete personal data about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.

The right to erasure (the ‘right to be forgotten’)

Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.

The right to restrict processing

You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:

  1. a) The accuracy of the personal data is contested
    b) Processing of the personal data is unlawful
    c) We no longer need the personal data for processing but the personal data is required for part of a legal process
    d) The right to object has been exercised and processing is restricted pending a decision on the status of the processing

The right to data portability

You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfillment of a contractual obligation.

The right to object

You have the right to object to our processing of your personal data where

  • Processing is based on legitimate interest;
  • Processing is for the purpose of direct marketing;
  • Processing is for the purposes of scientific or historic research; or
  • Processing involves automated decision-making and profiling.

Your rights as a CA consumer

Where the processing of your personal data is subject to CA data protection laws, you have the consumer rights as set out below. If you wish to exercise any of these rights, please click here. In order to process your request, we will ask you to provide two valid forms of identification for verification purposes.

Your rights as a CA consumer are as follows:

The right to be informed

Spinnaker Support must disclose whether the following categories of personal data are disclosed for a “business purpose” or “valuable consideration” as those terms are defined under California law.  Note that while a category below may be marked, that does not necessarily mean that we have personal data in that category about you. In the preceding twelve months, we have disclosed the following categories of personal data in the manner described.

CategoryPersonal Information is Disclosed for a Business PurposePersonal Information is Disclosed for Valuable Consideration
A. Individual Identifiers and Demographic InformationYesNo
B. Commercial InformationYesNo
C. Internet or Network ActivityYesNo
D. Professional or Employment-Related InformationYesNo

The right of access

You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:

  1. a) Specific pieces of personal data collected about you
    b) Categories of personal data collected about you
    c) Categories of sources from which personal data was collected
    d) Categories of personal data sold or disclosed
    e) Categories of third parties to whom personal data was sold or disclosed
  2. f) The business or commercial purpose for collecting and selling personal data

If there are exceptional circumstances that provides us with the right to refuse to provide the information, we will explain them. If requests are clearly unfounded, repetitive, or excessive, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you. You will not be subject to discrimination as a result of exercising the rights described herein.

The right to deletion

You may request that we delete your personal data that we have collected. We will grant a request to delete data as required by law, but you should note that in many situations we must keep your personal data to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.  Except as provided above, we will delete, aggregate, or de-identify all of your personal data as described in this subsection within the timeframes required by law. You will not be subject to discrimination as a result of exercising the rights described herein.

Notice of disclosure for direct marketing

Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with us are entitled to ask us for a notice describing what categories of personal data we share with third parties for their direct marketing purposes. This notice will identify the categories of personal data shared with and will include a list of the third parties with which it is shared, along with their names and addresses. If you are a California resident and would like a copy of this notice, please submit your request to the address listed in the Contact section below.

Your rights and choices available to all users

You can make the following choices regarding your personal data:

Changes to your personal data

You have the right to update and correct the personal data contained in your account. Note that we may keep historical information in our backup files as permitted by law. If our website does not permit you to update or correct certain personal data, please contact us as described below.

Promotional emails

You may choose to provide us with your e-mail address for the purpose of allowing us to send newsletters, surveys, offers, and other promotional materials related to our website, as well as targeted offers from third parties.  You can stop receiving promotional e-mails by clicking the “unsubscribe” links in the e-mails or by contacting us as described below. If you decide not to receive promotional e-mails, we may still send you service-related communications, such as those about your account, to fulfill orders for services you have requested, or deliver notifications directly to you through the website.

Behavioral-based advertising

We participate in behavioral-based advertising. This means that a third party may use technology (e.g., a cookie) to collect information about your use of our website so that we can provide advertising about services tailored to your interest. That advertising may appear either on our website, or on other sites. If you wish to limit third parties’ collection of information about your use of our website, you can opt-out of such at the Digital Advertising Alliance or Network Advertising Initiative in the U.S., or the European Digital Advertising Alliance in Europe. PLEASE NOTE THAT OPTING-OUT OF BEHAVIORAL ADVERTISING DOES NOT MEAN THAT YOU WILL NOT RECEIVE ADVERTISING WHILE USING THE WEBSITE. IT WILL, HOWEVER, EXCLUDE YOU FROM INTEREST-BASED ADVERTISING CONDUCTED THROUGH PARTICIPATING NETWORKS, AS PROVIDED BY THEIR POLICIES AND CHOICE MECHANISMS.

Do-not-track

Some web browsers and devices permit you to broadcast a preference that you not be “tracked” online.  At this time we do not modify your experience based upon whether such a signal is broadcast.

Security

Our information security management system (ISMS) is certified to ISO/IEC 27001.

We have what we believe are appropriate security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our ISMS. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.

Contact us

In compliance with the Privacy Shield and other data protection principles, Spinnaker Support commits to resolve complaints about our collection or use of your personal data. If you have any inquiries or if you would like to contact us about our processing of your personal data, including to exercise your rights as outlined above, please contact us by one of the methods listed below. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Spinnaker Support. Spinnaker Support has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Spinnaker Support is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and of other relevant US statutory bodies authorized to verify and ensure compliance with the Privacy Shield Principles. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

When you contact us, we will ask you to verify your identity.

Email
compliance@spinnakersupport.com

Post
5445 DTC Parkway
Suite 850
Greenwood Village, CO 80111
United States

Data Protection Officer
Devan Brua

Complaints

If you are unhappy with our use of your personal data, you can contact us using the details in the Contact section. Under certain conditions, more fully described on the Privacy Shield website you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:

Telephone
+44 0303 123 1113

Website
https://ico.org.uk/concerns/

Post
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom

If you live or work outside the UK or you have a complaint concerning our activities outside the UK, you may prefer to lodge a complaint with a different supervisory authority.

Changes to Our Privacy Policy

Spinnaker reserves the right, at any time, to modify this privacy policy. If we make revisions that change the way we collect, use, or share personal data, we will post those changes in this privacy policy. You should review this privacy policy periodically so that you keep up to date on our most current policies and practices. We will note the effective date of the latest version of our privacy policy at the top of this privacy policy. Your continued use of our website or services following posting of changes constitutes your acceptance of such changes.