Effective Date: December 17, 2021
We care deeply about your rights as a Spot User or Organization using Spot for Teams. We've done our best to clearly lay out our policies related to privacy, including a three-point summary of our privacy protection philosophy. If you see an opportunity for improvement, please let us know by emailing [email protected]
The policy below explains in detail how we operate in accordance with this philosophy.
When using Spot as an Individual User, All Turtles is a data controller. If you use Spot for Teams as a Verified Employee, the data controller is the Organization you are working for and All Turtles is the data processor of this Organization.
We collect and process your personal data based on the consent you gave us when using Spot. You have the possibility to withdraw your consent at any time by writing to us at [email protected]
When you answer questions or submit other information to Spot, you may elect to provide Spot certain personal information. The personal data or categories of data processed are the following, taking into account that the provision of certain information by the Team Member is compulsory and the provision of other information is optional.
Depending on how you decide to use Spot, the personal information we collect from you may vary. For example, you may only want to submit keywords or tags to summarize your experience for the relevant organization. Summarizing your experience in keywords, without adding identifying details, helps protect anonymity while still alerting your employer of inappropriate behavior.
You may elect to submit to an organization a more detailed report that includes information such as your name or the names of people who treated you unfairly. You should not include sensitive data (such as names, places, or events) in a Spot report if you want to submit it to your employer and preserve anonymity. Spot highlights instances in which you’re asked to submit sensitive information and tells you what we’ll do with that information. Please understand that you are solely responsible for your decision as to the amount of personal information to include in a Spot report.
You may elect to provide information and generate a confidential record or report solely for your own purposes. If you create a report only for yourself, you’ll receive it as an email attachment from Spot. Once Spot has sent you the email, you’ll go through a step that deletes all the data from your chat with Spot. We strongly advise checking the email attachment you receive before you agree to delete all data from your chat with Spot. We are not able to retrieve data once it’s deleted.
Spot can send a version of your report to your employer or anyone else. How you submit will vary slightly depending on whether you’re using Spot as (A) an Individual User or (B) a Verified Employee of an Organization that uses Spot for Teams.
When using Spot, you have the possibility to send your report to your employer or another party. To do so, you must provide us with the recipient’s email address. We use such email addresses solely for the purpose of submitting the report on your behalf.
The recipient receives an email from Spot with a link to download the report, and you receive a link to a status webpage that shows if the recipient has initiated a download. Spot retains the report for 30 days after the recipient downloads it for the first time. If the recipient hasn’t downloaded the report three months after receiving the download link, Spot deletes that version of the report from our servers. If you sent a report via Spot and the recipient has not yet downloaded it, you can delete that version of the report from our servers on the status webpage.
When Spot emails a download link, Spot retains the recipient’s email address and a timestamp for when the download link was sent. If the recipient downloads the report, Spot also retains a timestamp for that event. We do not retain any other data about your report. Should the recipient ever deny that they received a download link or initiated a download of your report, Spot can offer proof that the email was sent and indicate whether a download for the report was initiated. We will not have the report itself after the expiration of the 30-day period following the first download. We also will not have the report itself if you manually deleted it on the status webpage before the recipient downloaded it.
If you wish to obtain information regarding the delivery of a report download link or download initiation, email Spot at [email protected] If possible, please provide: (1) the report ID on the version of the report you kept for your records, (2) the email address where you asked Spot to send the report, and (3) the date and time you chatted with Spot. We review all requests for information and will investigate as to whether or not the individual requesting information is entitled to receive it. We retain the right to decide whether or not to provide the information requested.
Verified Employees of Organizations that use Spot for Teams should receive a response to their report from their Organization within 10 working days. If your Organization fails to follow up on a report, email us at [email protected] Please provide the report ID on the version of the report you kept for your records. We’ll initiate a review and determine whether we need to terminate or monitor that Organization’s use of Spot for Teams.
Reports submitted to Organizations using Spot for Teams may be retained by the Organization indefinitely. They cannot be manually deleted by the person who submitted them. For more information regarding the retention of your data contact your Organization.
The Organization Data we collect from Organizations subscribing to Spot for Teams includes the information described below:
Please note that the processing of your data is necessary for the performance of the contract you signed with us by choosing to use Spot for Teams.
We use Organization Data to:
We retain Organization Data as long as we believe it is necessary and relevant for the operation of Spot. When your Organization stops using Spot for Teams and your relationship with All Turtles stops, we retain your Organization Data for 3 months starting from the moment you stop using Spot.
Organization Data does not include the content of chats of Verified Employees nor any identifying information that will be stored on Spot servers. We have strict internal policies that prohibit All Turtles personnel from monitoring communications with the Spot chatbot, reading reports submitted to the Organization, or reading report comments and activity logs.
The Organization’s Buyer and Administrator(s) choose what information we obtain by providing us the Organization Data. The Buyer and each Administrator must ensure the Organization Data is correct, and we may rely upon that information being current. You consent to our using the then-current Organization Data to deliver notices and important messages.
You agree that All Turtles and you act respectively as data processor and data controller regarding the processing of personal data of Team Members, and respect the following data protection clause.
All Turtles, that acts as a data processor, processes the personal data following the instructions received from the Team, acting as a data controller. All Turtles and the Team shall comply with their respective obligations under any applicable data protection laws and regulations and in particular under the General Data Protection Regulation 2016/79 of 27th April 2016 (“GDPR”) which article 28.3 prescribe to detail the following points:
We do not sell or rent your information to third parties for their marketing purposes without your explicit consent. We use Spot Users’ email addresses to send PDF versions of Spot documents, to verify them as employees of an Organization that uses Spot for Teams, to notify Verified Employees of action taken on their reports, and/or to respond if they contact us. We use an Administrator’s email address to notify them about report updates.
You may choose to sign up for a newsletter on our website. In this case, we may contact you via email with special offers. We may also contact you with information about products and services from our business partners. You may opt out of such commercial communications at any time by following the opt-out instructions provided in these messages.
We will honor any statutory right you might have. In accordance with the applicable law, each Spot User has a right to access, rectify and erase personal data by writing at [email protected] Spot Users can also, using the same email address, ask for their data to be transferred to them or to another controller or request restriction of the processing of their personal data.
In accordance with certain applicable law, you also have the right to lodge a complaint to us by writing at [email protected] or to a data protection authority.
Please be aware that in certain cases, we cannot guarantee the success of your request, as we will not always be able to identify your data set. We may have to retain certain data to comply with legal obligations, to resolve disputes, and to enforce our agreements.
When you use Spot, your computing device is automatically providing technical information to us so we can customize our responses to you and improve the user experience. The type of information we collect may vary but generally includes technical information about your computer, such as its Internet protocol (“IP”) address or other device identifier and operating system. It may also include usage information and statistics about your interaction with Spot such as URLs of the Spot web pages you visit, URLs of referring and exiting pages, page views, time spent on a page, number of clicks, platform type, and location data.
When you visit a Spot web page, your browser automatically sends us your IP address so that the web pages you request can be sent to your computer or device. We use your IP address to determine additional information, such as whether the device has ever been used to visit Spot and how much time was spent on a page. Information about your general location may be discernable from your device's IP address or the URLs we receive.
We use this information for analytical purposes and to manage technical issues that may arise. At no point do we attempt to identify Individual Users through this information.
We may log information using "cookies." Cookies are small data files stored on your hard drive by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on Spot. This type of information is collected to make Spot more useful to you and to tailor the experience with us to meet your special interests and needs. Please note, you have the possibility to block and delete these cookies through your browser settings.
We created Spot to provide a secure way to report harassment and discrimination, not to obtain User Content or Organization Data to sell or rent to third parties. The circumstances in which we disclose User Content or Organization Data are limited to the following:
While we use contractual and other measures to ensure protection of information, the laws and regulations relating to privacy and information protection in other legal jurisdictions may not be the same as, or similar to, your local privacy laws. The governments, courts, law enforcement, or regulatory agencies in these other jurisdictions may be able to request disclosure of personal information through the laws of these countries. In an effort to respect your privacy, we will not otherwise disclose your personal information to law enforcement, other government officials, or other third parties without a subpoena, court order, or substantially similar legal procedure, except when we believe in good faith that the disclosure of information is necessary to prevent imminent physical harm or financial loss, or to report potentially illegal or fraudulent activity.
We’re committed to protecting the security of your information and take reasonable precautions to protect it. We use industry-standard encryption to protect your data in transit and while it is stored on our servers. This is commonly referred to as transport layer security (TLS) or secure socket layer (SSL) technology. However, Internet data transmissions are not guaranteed to be 100% secure, and we cannot ensure the security of information during its transmission between you and us. Accordingly, you acknowledge that when you transport such information, you do so at your own risk.
We protect your information in our systems using technical and administrative security measures designed to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centers, and information access to authorization controls.
If we learn of a system breach, we we notify you as soon as possible and in any event within 7 days and provide information on protective steps, if available, using the information that you have provided to us. We may also post a notice on our website and/or notify you via other communication platforms. Depending on where you live, you may have a legal right to receive such notices in writing.
We explicitly recommend that you do not access www.talktospot.com from any work device or while on a work network. We cannot prevent, nor be held responsible for, you being monitored by others, particularly if you communicate using computing devices or networks owned or controlled by third parties, such as your employer.
If you received suspicious reports via a Spot email address, please contact us at [email protected]
Spot is committed to protecting your safety and keeping your data secure. If you believe you’ve discovered a potential security vulnerability with Spot’s online systems, we appreciate your help in disclosing the issue to us at [email protected]
Spot is not intended for minors. Minors, as defined in the country of the Spot User, are expressly prohibited from using Spot or providing any personal information. If you become aware that a minor has provided us with personal information without parental consent, please contact us at [email protected] If we become aware that that we have inadvertently obtained information in violation of applicable laws, we will delete such information if we can identify it.
Most of your data is only temporarily stored on our servers and will be removed after your report is downloaded. If you use Spot for Teams, your data may be stored longer. During the period that your personal data is stored on our servers, it may be collected, processed, and/or otherwise transferred outside your current geographic location and may be processed not only in the country in which it was collected but also in other countries, including the United States, where data protection and privacy laws and regulations may not offer the same level of protection as in other parts of the world.
By providing your personal data to us, you consent to such transfer, collection, and/or processing in the United States of your personal data. In addition, we have implemented organizational and technical measures to guarantee that, as the case may be, any potential data transfer complied with applicable law.
California privacy rights
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected] or write to us at the address provided below.
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that Spot disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
In particular, Spot has collected and processed the following categories of personal information within the last twelve (12) months:
Category: Identifiers, including personal information listed in customer records statutes.
A real name; email address.
Category: Protected classification characteristics.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, or veteran or military status.
Information on the user's interaction with Spot.
Category: Geolocation data.
Physical location of users, generally and specifically.
We may use or disclose the personal information we collect for one or more of the following business purposes:
Spot will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Email: [email protected]