Data Processing Policy
What does this policy cover?
Our Data Processing Policy (the “policy”) applies to information that we collect and use via our websites, products, and services. It also applies to information we may obtain at events we host or participate in and from third parties we may contract with to acquire data.
The policy describes the ways in which we process information. Processing is any automated or manual operation that we may perform on information. Examples include but are not limited to collection, use, creation, storage, transfer, and deletion.
What kinds of information do we process?
We process a different kinds of information depending on how you are engaging with us. These data include Personal Information, Usage Information, and User Generated Information.
- Personal Information is and data that identifies or describes you or another individual. Personal Information often relates to an individual’s person, communications, movements and surroundings, and behaviors online and in the real world. This information need not directly connect to a known or identifiable individual. Data associated with proxies for individuals like a device serial number or an account number can also be Personal Information when it describes or otherwise relates to the person, communications, movements and surroundings, and behaviors of the person or people who use the device, account, or other proxy. Some examples of Personal Information we may process include your name and contact information, your government ID numbers, your payment card or bank information, photos of you, and so on. We obtain Personal Information by collecting it directly from you, such as through online forms on our websites or through our product registration and customer service systems; through reports created using our products and services; through automated methods integrated into our products, services, and websites; and from third parties we have contracted with.
- Usage Information is data generated by your use of a Sphera product, service, or website. When you visit a Sphera website, your browsing generates information like logs that include information about what pages you visited, what content you interacted with, and when you visit pages and interact with elements on them. Sphera products and services and their associated software like web portals, mobile applications, and other tools may also generate information when you use them. We may collect this information and use it as described in this policy. This information can include data about how often you use our products, performance related information like crashes and memory consumption, information about how you interact with our user interfaces, and other information related to the way our products and services are performing.
- Our websites, products, and services, as well as the tools, applications, and software associated with them, may let you create your own content and upload it to your Sphera products or incorporate it into work product generated by your use of Sphera services. This User Generated Information varies depending on what products, services, or websites you are interacting with but examples include messages you send to us via our websites; search queries; photos, videos, and sound recordings you create with our mobile applications; and reports, charts, and other documents you create using our products; and the work product produced by engaging Sphera services. User Generated Information may also include Personal Information, for example when a user of one of our products submits a report relating to an incident you and others may have been involved in.
What do we do with information we process?
When we process information, we do so in order to fulfill our legitimate business purposes. These include:
- Delivering requested functionality. Many features of our products, services, and websites process information in response to your requests. For example, when you create an account we collect Personal Information like your email address, password, and profile information so you can log into our websites and use our products and services. If you use our websites to communicate with us, we collect Personal Information and User Generated information like your name, contact information, and message content and make it available to the people who will be responding to you. When you browse our websites or use our tools, applications, and other software we collect User Generated Information you make available to us in order to incorporate it into reports and other documents you wish to create (which are themselves User Generated Information).
- Protecting our rights. When we license software products to you, we reserve the right to collect Personal Information like your account credentials and information about the computers and mobile devices you use to access licensed products and Usage Information like the number of unique users logging into our software in order to monitor compliance with the terms of our license agreements with our customers.
- Supporting our users. We collect Usage Information like errors that occur when you use our products, services, and websites and logs that describe when and how you interact with our user interfaces so we can better diagnose and resolve technical problems you may experience.
- Improving our products, services, and websites. We may use Personal Information we have collected to ask you to participate in surveys, focus groups, and other forums where we will solicit feedback about your user experience. We may also collect and use anonymous Usage Information about errors and interactions with our user interfaces and excerpts from User Generated Information like support and service requests. We use this information to identify, prioritize, and develop patches, enhancements, and other improvements to our products, services, and websites as well as to create new products and services responsive to our customers’ needs.
- Promoting our products, and services. We use Personal Information we collect from our websites, events we sponsor online and in person, from downloads of publications we make available ourselves or through partners to identify potential customers for our products and services and to contact them to initiate sales efforts. We also use Personal Information we have collected from existing customers along with Usage Information about how their users interact with our products and services and User Generated Information like issues you have raised with our support teams to identify other Sphera products and services our customers might be interested in and to reach out to them to discuss new business. We may supplement Personal Information we have collected with information we get from third parties in order to improve our data about potential leads.
How do we secure information we process?
When we collect and store information on our systems as described in this policy, we apply reasonable and appropriate administrative, physical, and technical safeguards to detect and prevent unauthorized access, disclosure, use, and loss of Personal and User Generated Information. These safeguards include monitoring and auditing of our IT infrastructure, encryption of files in transit and at rest, strong password policies, limiting access to User Generated and Personal Information to personnel with a legitimate business purpose, and where applicable, data protection training for our personnel. When our customers choose to host our products within their own networks, Personal and User Generated Information are wholly customer controlled and subject to their individual security practices.
In the event that we discover or reasonably suspect that there has been unauthorized access, disclosure, use, loss, or other processing of your Personal or User Generated Information (a “security incident”) we will notify you by email address we have on file within a reasonable period of time.
No safeguards are 100 percent effective. While our safeguards offer a reasonable and appropriate level of protection to information that we process, we do not warrant or guarantee that data we process will never be affected by a security incident.
Cookies, web beacons, and similar local objects are small files that record or collect information. Our websites place them on your computer when you visit them. Our service providers collect information that these local objects place on your computer and use that information as described by this policy. We also use local objects to record personalized preferences like saving your login information for the next time you visit our site or to set language preferences. You can learn more about the way we use local objects by reviewing our Cookies Policy.
What do we do with children’s Personal Information?
Our products, services, and websites are not intended for use by children. We never intentionally collect information from children. If we discover that we have collected a child’s Personal Information intentionally we will delete it.
Who do we share information with?
We will make information we have collected available to third parties under the following circumstances.
- Where required by law. We will make information available to government agencies who serve us with valid legal process. If this information includes Personal Information or your proprietary User Generated Information we will notify you of governmental requests for information where permitted to do so by law.
- Where we have relationships with service providers. We may partner with third parties in the ordinary course of our business to perform services or provide product functionality on our behalf. Examples include recruitment software providers; payment processors; hosting providers; marketing and market research providers; resellers of our products and services; data brokers who help us supplement our records with publicly available information; and call center and other service providers supporting our customer service personnel. Our contracts with service providers require them to implement reasonable and appropriate safeguards for information we share with them and limit their rights to use that information to purposes consistent with this policy.
- In order to protect our rights or the rights of third parties. We may share information with legal counsel, auditors, and related service providers in the course of evaluating or pursuing potential claims involving enforcement of our or third parties’ contractual and other legal rights. We will take steps to ensure that we disclose only the information necessary for this purpose and impose confidentiality obligations and use restrictions consistent with this policy where appropriate.
- With Sphera affiliates around the world. We have personnel and operations in countries around the world who work together to deliver products and services and process information as described in this policy. These affiliates may be located in countries other than the one where you reside, including the United States. Laws governing processing of information, including Personal Information, vary from country to country and may differ from the laws applicable in your home country. All Sphera affiliates and personnel comply with the terms of this policy when processing information. Your use of our products, services, and websites constitutes your permission for us to share information with our affiliates without restriction.
What are my rights under this policy?
You have the right to access, correct, modify, and object to processing of Personal Information we have collected from you. Your Personal Information is available by logging into your account. You can update whenever you like. You can also make other changes or delete your account and the Personal Information associated with it by contacting us via the Sphera Customer Network.
You have the right to export Personal Information and User Generated Information we process for you as a customer. Your customer care representative can assist you with these requests.
You have the right to opt into and out of receiving marketing communications from us. When we collect Personal Information, we will give you the opportunity to decide whether or not you want to receive marketing communications from us. No matter what you decide, you will have the opportunity to change your mind later. Your decisions with respect to marketing communications will not affect your ability to receive communications that are based on existing business relationships like customer satisfaction outreach, acknowledgement of transactions, customer service follow-up, and so on.
You have a right to be notified of changes to this policy. If we make material changes that affect the rights and/or responsibilities described in this policy, we will publish notice of changes to our websites. Sphera customers will also receive notices via the Sphera Customer Network. If you continue to use our products, services, or websites we will consider that acceptance of the changes.
How do I contact you with questions or requests relating to this policy?
If you are a registered Sphera customer, the best way to contact us is to via the Sphera Customer Network. Our customer service team will open a case number and get your question or request to the right personnel who can assist you. They will also track progress of your case to ensure that it gets resolved. If you don’t have an account on the Sphera Customer Network, you can use the “Contact Us” form on the home page.
You may also reach us by mail at:
Sphera Solutions, Inc.
ATTN: Legal Department
130 E Randolph Street #1900
Chicago, IL 60601