Effective date: 25/02/2025

Privacy Policy

Spott Inc. ("Spott" or "We") values the privacy of users of the www.spott.io platform ("Site") and is committed to protecting their personal data in accordance with applicable data protection laws, including EU Regulation 2016/679 (GDPR), California Consumer Privacy Act (CCPA), and other relevant laws for international clients. This Privacy Policy explains how we process, use, and protect Personal Data.

1. Scope of this Policy

This Policy applies to the processing of Personal Data conducted by Spott as the Data Controller in connection with the Site and services offered through the Spott Platform. It complements other agreements, such as the Terms and Conditions, Data Processing Agreement, and Service Level Agreement.

2. Who is the Data Controller?

In this Policy, the Data Controller of Personal Data processing is Spott Inc., with its registered office located at 2261 Market Street, #22840, San Francisco, California 94114, United States.

Any questions or requests concerning Data Processing can be sent to the following email address: legal@spott.io

3. Why does Spott process Users' Personal Data and on what grounds?

Purpose of collecting and processing personal data and Legal basis for processing Users' personal data

A. Managing relationships with Spott's prospects and clients

Spott's legitimate interest in collecting and processing data related to contact persons among its clients and prospects, including those filling out the Contact form on Spott’s Site

B. Handling disputes and litigation (with clients and prospects)

Spott’s legitimate interest in collecting and processing data related to contact persons among its clients and prospects to manage a dispute or litigation with a client or prospect, and, if applicable, the necessity of executing the disputed contract

C. Marketing and statistical studies (e.g., sending newsletters, information about services and products, invitations to professional events, and requests for participation in satisfaction surveys) for clients and prospects

Spott’s legitimate interest in collecting and processing data related to contact persons among its clients and prospects to offer services and products, inform them of its activities, and evaluate their satisfaction. Consent is sometimes required by specific email marketing regulations

D. Managing cookies on Spott’s Site

Spott’s legitimate interest in collecting and processing data related to visitors to Spott's Site (via cookies). Consent is sometimes required by specific cookie-related regulations. Additional information is provided in the Cookie Policy

4. What Personal Data does Spott process?

To achieve the purposes listed in section 3 of this Policy, the following Personal Data is collected and processed by Spott:

Name and surname;
Date of birth;
Postal address, email address, and any similar information necessary or useful for contract execution and handling inquiries addressed to us;
Mobile phone number;
Electronic identification data (IP address, cookies, login information, etc.);
In general, any information voluntarily provided while using the Site or making any request on the Site.

5. To whom may Spott disclose Users' Personal Data?

Disclosure to Public Authorities: Spott may disclose Users' Personal Data to public authorities in response to legal requests, including for national security or law enforcement purposes.
Disclosure to Third Parties: Users' Personal Data is only disclosed to third parties with their consent.
International Transfers: Data transfers outside the EEA, including to the US, comply with GDPR (using Standard Contractual Clauses) and CCPA, with supplementary measures like encryption and pseudonymization applied.

6. How long does Spott retain Users' Personal Data?

Spott has established criteria for the retention period of Users' Personal Data. This duration varies depending on specific purposes and may be extended based on legal obligations to retain certain data.

If a contract exists between the User and Spott, this period corresponds to the duration of said contract, plus any potentially applicable limitation period.

In general, Personal Data is not retained for longer than necessary for the specified purposes.

7. What are Users' Rights regarding their Personal Data, and how can they exercise them?

Spott aims to inform Users clearly about their rights concerning their Personal Data and make it simple to exercise these rights.

Here is a summary of these rights and how to exercise them.

7.1. Right of Access

Users can request a copy of their Personal Data held in Spott’s systems and the following information:

The categories of Personal Data collected and processed about Users,
The reasons why Spott processes this Data,
The categories of persons to whom this Personal Data has been or will be disclosed, including those outside the European Union,
The retention period of Personal Data in Spott’s systems,
The right to request correction, erasure, restriction of the use of Personal Data, or to object to its use,
The right to file a complaint with a competent data protection authority,
Information on the origin of the Data if not collected directly by Spott

Exercising the Right of Access

To exercise their right of access, Users are asked to contact Spott by email at legal@spott.io, with the subject “Right of Access: Personal Data,” and attach a copy of their ID card. Unless otherwise specified, Users will receive a free electronic copy of their data within one month, extended to two months for complex requests.

Users may also send their requests by postal mail to: Spott Inc., 2261 Market Street, #22840, San Francisco, California 94114, United States. If submitted by mail, the request must be signed, accompanied by a copy of the User’s ID card, and include the address for the response. Users will receive a reply within one month, extended to two months if necessary.

7.2. Right to Rectification

Users may request Spott to correct and/or update their Personal Data.

Exercising the Right to Rectification

To exercise this right, Users should contact Spott by email at legal@spott.io, with the subject “Right to Rectification: Personal Data,” and attach a copy of their ID card.

Alternatively, requests may be sent by post to the address mentioned above, including the reason for correction, the information to be modified, and any supporting documentation, if applicable.

Spott will respond within one month of receiving the request, extended to two months for complex inquiries.

7.3. Right to Erasure

Users may request Spott to delete Personal Data under the following conditions :

The data is no longer necessary for the reasons for which it was collected or processed;
Users believe that processing violates their privacy and causes excessive harm;
The data is not processed in accordance with the GDPR, CCPA or any other data protection laws or with Belgian law;
Erasure is necessary to comply with a legal obligation under EU, US or Belgian law.

However, the right to erasure is not absolute. Spott may deny requests if they conflict with other important rights or values, such as freedom of expression, legal obligations, or public interest.

Exercising the Right to Erasure

To exercise this right, Users should contact Spott by email at legal@spott.io, with the subject “Right to Rectification: Personal Data,” and attach a copy of their ID card.

Alternatively, this request can be mailed to Spott’s address as previously provided.

7.4. Right to Object

Users have the right to object to the processing of their Personal Data if, for a personal reason, they consider a specific processing activity infringes their privacy and causes undue harm.

Users may also object to the use of their Personal Data for marketing purposes, particularly email advertising. Marketing emails or newsletters will include an opt-out link to unsubscribe from promotional information.

Exercising the Right to Object

Users may exercise this right by emailing Spott with “Right to Object: Personal Data” as the subject and attaching a copy of their ID card.

7.5. Right to Withdraw Consent

When Users have consented to processing, they may withdraw consent at any time. Withdrawal does not affect the legality of prior processing based on consent.

Exercising the Right to Withdraw Consent

To withdraw consent, Users can email Spott with the subject "Withdrawal of Consent" or click the unsubscribe link in any Spott email.

Data Transfers Within and Outside Europe

Spott processes Personal Data in compliance with applicable data protection laws, ensuring a consistent level of protection across all jurisdictions. Personal Data processed within the European Economic Area (EEA) is handled according to GDPR standards.

For international operations, including services involving US-based clients or data, Spott may transfer Personal Data outside the EEA. These transfers are conducted in compliance with GDPR, using Standard Contractual Clauses (SCCs) or other legally recognized mechanisms. Where necessary, supplementary safeguards such as encryption and pseudonymization are applied to mitigate risks associated with data transfers to non-EEA countries.

Contacting Spott for Privacy-Related Inquiries or Complaints

For questions or complaints regarding this Policy, contact Spott by email at legal@spott.io or by mail at the address provided.

Complaints about data protection issues can also be filed with the Belgian Data Protection Authority:

By postal mail: Rue de la Presse, 35, 1000 Brussels
By email: contact@apd-gba.be