We'll provide extensive guidance on our revamped Data Policy to individuals using Spot.IM products. We'll do this through in-product alerts and user education campaigns to make sure people fully comprehend how their personal data is being used and the many options they have.
We will continue to provide Spot.IM users with authority over how their data is used. We’re including pertinent details to our Users' Rights section as crafted by the GDPR, i.e. The right to be forgotten, the right to data portability, the right to rectification, etc.
We will continue to meet with think tanks, government officials and business leaders from across the globe to keep ourselves accountable. We will never stop requesting feedback and ways to improve how we secure personal data.
On May 25th, 2018, Europe new’s General Data Protection Regulation (GDPR) will go into effect. This significant piece of legislation will empower and make consistent data protection laws across Europe, and rightfully offer EU citizens more ownership of their personal data.
Spot.IM acts as a data controller (unless otherwise agreed with the publisher), as we independently determine the purposes for the collection of personal data. As a data controller, we are meeting the responsibilities of data controllers (such as exercising user’s rights). When the personal data is initially collected from the data subject (i.e. in the SSO) the data is disclosed directly to us.
Spot.IM may collect two types of data and information from its Users: un-identified and non-identifiable information, and individually identifiable information.
Personal Information which is being gathered may consist of the following: User’s name, public profile picture URL address, Social Network Account User ID, e-mail address, date of birth, gender, occupation or work information, educational background, IP addresses and other information which the User made public.
GDPR allows for the transfer of personal data under certain exceptions. When transferring personal data outside the EEAU, Spot.IM ensures that is has the appropriate legal mechanism, such as to approved jurisdictions (such as Israel), entering into Standard Model Clauses or sharing data with Privacy Shield certified companies (in the US).
As of today, GDPR requires that data is only held for so long as it is necessary for the purposes for which it was initially collected, and that data subjects are informed of the retention period and retention period criteria. As thus far, Spot.IM will continue to comply with these demands.
Users are able to exercise their rights including the right to: rectification, erasure, access to data and data portability on Spot.IM’s platform via the user’s Privacy Section. Read more about it here.
Spot.IM has a documented security program that details the technical, administrative, and physical safeguards required for the processing of personal information. The procedures related to data weakness, events, and personal data breaches are: 1) The Monitoring, Measurement, Analysis, Evaluation Procedure, 2) The Data Protection Policy Review Procedure, 3) The Risk Assessment Procedure, and the 4) Reporting Information Security Weaknesses and Events Procedure.
You may delete your Spot.IM account through your profile Privacy Section. For further instruction see our detailed blog post.
Please note that when you delete your account, your comments will still be visible but will appear to be written by a guest. All of your personal information will be irreversibly anonymised.
You may receive a file with all of the data Spot.IM has collected on you through your profile Privacy Section. For further instruction see our detailed blog post.
Please note that the creation of the dataset may take up to thirty (30) days.
You may rectify any piece of personal information stored on Spot.IM’s servers through your profile Privacy Section. For further instruction see our detailed blog post.
Please note that in the case your using Spot.IM’s product on a site which is using a Single-Sign-In solution (SSO), changes to the information can only be made through the publisher.
Sure. Having a European representative is a GDPR requirement for non-European companies.
You may reach out to our representative in the EU at: firstname.lastname@example.org.