This article is intended to provide basic information to SpotMe customers about data processing, user data privacy and user consent.
Please note that the information in this article should not serve as or substitute legal advice, and should not be solely relied as a basis for making any legal, business, or any other decisions.
The processing of personal data should be based on legal grounds in order for it to be compliant with rules and regulations related to personal data. Such grounds may be an explicit consent, the performance of a contract that a person is or will be part of, compliance with a legal obligation of the person/entity processing the personal data, and others.
The processing of personal data itself is a process which includes several parties: the person whose data is being processed (data subjects), and the companies who process the data subjects’ data (data controllers) or subcontract some of the processing activities to third parties (data processors).
We, at SpotMe, are the data processor of the personal data that our customers- data controllers, provide us with. The relationship with our customers is governed by SpotMe’s Terms of Service and the respective Data Processing Agreement.
For SpotMe customers this means that we trust that you have the right to share the data with us and that you have collected user consent before doing so. Such consent is needed in order for us to render the services. It also means we will process the data only in accordance with the need to render services as per the concluded agreement and based on your instruction(s).
Learn more: What is a data controller or a data processor?
What is data processing?
Processing generally refers to any operation that includes the handling of personal data, like data collection, use and storage, data recording, updates, transfers and others.
Personal data may include things that allow an individual to be identified, such as their name, photo, occupation and mailing address. Personal data also encompasses the digital identity that one has, such as their email address or the IP address of the device he/she is using.
Learn more: What constitutes data processing?
What personal data does SpotMe have?
SpotMe processes the data that was shared with us by our customers, which generally contains names and email addresses of app users. Users of SpotMe apps can also additionally provide more personal information like their LinkedIn user name or a phone number to make it easier to connect with other app users.
Additionally, we keep track of IP addresses and other device identifiers. This helps us prevent malicious attacks on our services or resolve support issues faster, if they arise. This type of data is stored temporarily.
SpotMe is not a part of an ad syndication network and we never share your data with third-parties for advertising or targeting purposes. We never sell user data to any third-parties.
What is consent?
Consent, in the context of data privacy, is a freely and explicitly given permission from a user to a company for processing their data for a particular reason.
For consent to be obtained explicitly and clearly, it should never be buried or bundled with other options, or assumed to be given by default.
Learn more: What is a valid consent
How to obtain consent?
As our client, it is your responsibility to always secure consent before you share an individual’s data with SpotMe. Never assume that you have the consent, and when in doubt, please request confirmation from the data subject (app user).
Depending on the type of app users and the purpose of a workspace, consent can be obtained as follows:
Ways to obtain consent
Customer or a partner
How to implement informed consent as part of your registration process
You add a required checkbox to your registration form:
Only users that have given their consent should be then imported into SpotMe. For users that have not given their permission you may use other means of contacting them and asking to join the app, ie. using emailing system they have already given consent for.