Effective: September 14, 2021
Spot.xyz Corporation, a Delaware corporation ("Company", "we", "our", "Spot" and their derivatives) provides the websites, http://www.Spotvirtual.com, and the subdomains of each of the foregoing (collectively, the "Website") and the Spot application, a downloadable version of Spotvirtual.com (the "Application" and, with the Website, the "Services").
This Policy sets forth how we collect, use, protect, store, and otherwise process your Personal Information (defined below). This Policy does NOT apply to information we collect offline or you provide to or is collected by any third party (except as otherwise provided below). This includes any third-party that is collecting information on the Spot platform.
For our practices regarding children, please see the Children's section in Section 2 below.
1. What types of Personal Information does the Company collect?
We may collect different types of information from you depending on how you use our Services, including Personal Information. "Personal Information" means information that relates to an identified or identifiable natural person. The categories of Personal Information we may collect are listed below. Certain types of Personal Information may fall under more than one category.
- Identifiers: We may collect your first, middle and last name, email address, username, postal address, Social Security number or employer identification number, telephone number, IP address, or display name.
- Characteristics of protected classifications under California or federal law: We may collect your date of birth or age.
- Commercial information: We may collect your sale history in the Application.
- Sensory data: We may receive your voice through your microphone, video streaming, and animation data derived from your head movement and facial expressions (for example through your TrueDepth® camera on certain Apple® devices). We do not store this information.
- Internet or other similar network activity: We may collect your play history, running/loaded dynamic link library ("DLLs") on your computer or data gathered from a "small memory dump."
- Categories of personal information described in Section 1798.80(e) of the California Customer Records: We may collect your first, middle, and last name, telephone number, physical characteristics, signature, Social Security number, postal address, or account number.
- Other categories: We may collect information from the content that you create and share publicly in the Application, and information you choose to reveal in the Application through chat, video, or other public functions.
We may also collect information that does not generally identify you but may become associated with your account. We may use information that does not identify you for any permissible business purpose under applicable law.
2. Children Under the Age of 18
3. From what sources does the Company collect Personal Information?
Directly From You
We may collect your Personal Information when you provide it to us directly. For example:
- When you register for an account to use our Services, we may collect your age or date of birth, email address, phone number, username, and display name.
- When you contact us or report a problem with the Services, we may collect records and copies of your correspondence.
- When the Application crashes during use, we may collect your running/loaded DLLs on your computer, your username, and the data gathered from a "small memory dump".
- When you use the chat, video, or other public functions in the Application, we may collect the information you choose to disclose such as your username.
- When you respond to a survey or questionnaire, we may collect the information provided.
Company may request permission to access the following:
- Microphone/Video - Company requests access to the microphone and video camera in order to support real time voice chat and video. Voice/video chat is optional and may be turned off at any time. Company will continue to function (without voice/video chat) if you choose to deny permission. We don't store this information or share it with third parties.
- TrueDepth® camera - on devices that support it, Company requests access to the TrueDepth® camera in order to animate your in-Application avatar in certain scenarios. This functionality is optional and may be turned off at any time. Company will continue to function (without this animation feature) if you choose to deny permission. We don't store this information or share it with third parties.
Automatically From You
We may collect your Personal Information automatically as you use our Services. For example, we may collect your Personal Information as you browse our Website. For more information about our use of automatic tracking technologies and certain choices we offer you with respect to them, please see Section 4 below.
From Third Parties
We may receive Personal Information from or through third parties that help us provide or facilitate your access to the Services. For example, we may receive your Personal Information from:
- Cloud computing providers;
- Payment platform providers; and
- Data analytics providers.
We abide by this Policy when we use Personal Information provided to us by third parties. However, we do not control the Personal Information that third parties collect or how they use that Personal Information. You should review the third parties' privacy policies for more information about how they collect, use, and share information they obtain and use.
As you use the Services, we may use automatic data collection technologies, in particular, cookies, to collect certain Personal Information. Cookies are small data file identifiers that are transferred to your computer or mobile web browser that allow us and our service providers to recognize your browser or mobile device and transfer information about you and your use of our Services.
Third Party Cookies
Choices about Cookies
5. For what purposes does the Company collect Personal Information?
- To provide or improve the Services – We may use your Personal Information to process your requests to access the Services and certain of their features and to generally present and improve our Services. For example, we may use your Personal Information to improve the Application. By way of another example, we may use your microphone and camera to provide the real-time voice/video chat features and in-Application avatar.
- To administer the Services – We may use your Personal Information for any lawful business purpose in connection with administering the Services. For example, if you reach out to us with a customer service inquiry, we may use your Personal Information to respond to you or to troubleshoot an issue you reported having with the Services. By way of another example, we may use your Personal Information to verify your age.
- To market the Services – We may use your Personal Information to market our Services to you. For example, with your prior consent, we may send you news and updates about our products and Services, including special offers and promotions.
- In furtherance of legal, health, and safety objectives – We may access, use, and share with others your Personal Information for purposes of health, safety, and other matters in the public interest. We may also provide access to your Personal Information to cooperate with official investigations or legal proceedings (e.g., in response to subpoenas, search warrants, court orders, or other legal processes). We may also provide access to protect our rights and property and those of our agents, users, and others including to enforce our agreements, policies, and our Terms of Service.
- In connection with a sale or other transfer of our business – In the event all or some of our assets are sold, assigned, transferred to, or acquired by another company due to merger, divestiture, restructuring, reorganization, dissolution, financing, acquisition, bankruptcy, or otherwise, your Personal Information may be among the transferred assets.
- As may be described to you when collecting your Personal Information.
We do not use automated decision-making in connection with the processing of your Personal Information, except to the extent necessary for age-gating functions.
6. In what situations does the Company disclose your Personal Information?
We may disclose your Personal Information:
- To our subsidiaries and affiliates;
- To our lawyers, consultants, accountants, business advisors, and similar service providers who owe us duties of confidentiality;
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by the Company pertaining to the users of our Services is among the assets transferred;
- To comply with any court order, law, or legal process, such as responding to a government or regulatory request;
- To enforce any contract we may have in effect with you;
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our users, or others; and
- If you have consented to such a disclosure.
7. How is my Personal Information protected?
Our Retention, Purpose Limitation, and Security Policies
We protect your Personal Information through a combination of collection, security, and retention policies.
- Limited retention. We only keep your Personal Information for as long as we need it for business and operational needs or to comply with any statutory, regulatory, or legal obligations. For example, we may retain Personal Information collected from you to support customer service inquiries and prevent repeated violations or suspected violations of the Terms of Service if your account has been banned or your access to the Services has been disabled for any reason. By way of another example, we may retain the content that you create and share publicly with the Company community even after you stop using the Services.
- Purpose limitation. We will use your Personal Information only for the Services you choose to access and for the purposes for which you choose to share it. We will respect your requests to start or stop processing your Personal Information for marketing purposes, as well as the types of marketing messages you may wish to receive.
- Security measures. We use appropriate measures to ensure a level of security appropriate to the risk involved and have implemented contractual, technical, administrative, and physical security measures designed to protect Personal Information from unauthorized access, disclosure, use, and modification. For example, when you directly provide us with Personal Information, including through registration, we will encrypt that information using secure socket layer technology or similar technologies. As part of our privacy compliance processes, we review these security procedures on an ongoing basis to consider new technology and methods as necessary. However, please understand that our implementation of security measures as described in this Policy does not guarantee the security of your Personal Information.
- In the event of a security breach, no longer than 72 hours after we become aware of such a breach, we will notify the proper regulatory authorities and any users of the breach.
Your Practices and Activities
Your practices and activities are likewise very important for the protection your own Personal Information. You can take certain steps to help protect your Personal Information, such as being mindful of what you post in public places. For example:
- Do not use your real name when selecting a username.
- Do not post your real name in public-facing areas of the Services and do not share anything private about yourself.
Users should also not pick a password that is easy to guess and should not share their password.
Remember that we have no control over what third parties do with the content of such communications and no responsibility or obligation regarding third parties.
8. Additional Notice for European Union and United Kingdom Residents
The following applies to European Union residents pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) and United Kingdom residents pursuant to the Data Protection Act 2018:
Place of Business
We may store or process your Personal Information outside of the country where we collect it or which you reside. The Company has its primary place of business in the United States of America. You should understand that we may transfer some or all of your Personal Information to the United States of America to carry out certain operational and processing needs as described in this Policy.
When transferring Personal Information out of the EU or UK, we implement technical, organizational, and physical safeguards to protect your Personal Information. We use European Commission approved standard contractual clauses and implement related measures required by applicable law. Please contact us if you have questions related to the relevant transfer mechanism for your Personal Information.
We only collect, use, or store your Personal Information if:
- You voluntarily provide it to us with your specific and informed consent (for example, when you sign up for marketing communications);
- It is necessary to provide you a Service that you have requested (for example, providing you access to the Application);
- We have a legitimate business interest that is not outweighed by your privacy rights (for example, to provide customer service); or
- It is necessary to protect your vital interests or the vital interests of others (for example, we may collect or share Personal Information where necessary to resolve an urgent medical situation or protect the health or safety of one of our users or someone else).
Right to Access, Correct, Delete, or Restrict Processing
Subject to any limitations and exceptions under applicable law, you have the right to request access to your Personal Information and exercise a number of rights:
- You have the right to correct or update certain types of Personal Information. In many cases, you can review or update your account information by accessing your account online.
- You have the right to request deletion of your Personal Information. If you choose to have your Personal Information removed from our Services, we will carry out your request within 30 days of account verification, subject to extension, and will only retain minimal Personal Information to document your request and the actions we took to carry out your request.
- You have the right to restrict certain processing of your Personal Information, and the right to object to some types of processing of your Personal Information.
- You have the right to withdraw your consent at any time, including objecting to your Personal Information being used for marketing or advertising purposes.
We will comply with your requests in accordance with, and subject to, applicable law. For example, the Company is not required to delete your Personal Information if it has an overriding legitimate ground for retaining that information such as to prevent fraud. Please note that we are legally prohibited from carrying out requested actions in some instances, including (1) when we are unable to confirm your identity; (2) where the request is considered excessive; and (3) where doing so would adversely affect the rights or freedoms of other individuals.
We Are Here to Help
Please email us at email@example.com with the subject line "Data Subject Rights" if you would like to exercise any of the rights described above or if you have questions regarding your rights.
Right to Complain
You have the right to lodge a complaint regarding our collection, storage, or processing of your Personal Information with a data protection supervisory authority in the country where you live or work.
9. Additional Notice for California Residents
The following applies to California residents pursuant to the California Consumer Privacy Act of 2018 ("CCPA"):
- In the preceding 12 months, the Company may have disclosed the categories of Personal Information listed in Section 2 above to our service providers listed in Section 6 above for business purposes.
- In the preceding 12 months, the Company has not sold Personal Information. The Company only discloses Personal Information to service providers.
- You have the right to request that the Company disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you, to the extent retained by us:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information we collected about you (also known as a data portability request).
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing: (a) sales, identifying the Personal Information categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
- You have the right to request that the Company delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the Personal Information, provide the Service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug the Services to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another user to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with user expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you the Services.
- Charge you different prices or rates for the Services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of the Services.
- Suggest that you may receive a different price or rate for the Services or a different level or quality of the Services.
Verifiable Consumer Requests
To exercise your rights described above, please email us at firstname.lastname@example.org with the subject line "CCPA". Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your Child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm that the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify your identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 30 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the receipt of verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
10. How will the Company notify users of changes to this Policy?
The Company reserves the right to change this Policy from time to time consistent with applicable law. If we make changes to this Policy, we will notify you by revising the date at the top of this Policy, and in some cases, we may provide you with additional notice (such as adding a statement in the Application or the homepages of our Services, or sending you an email notification).
In the event that any changes we make to Policy affect Children in a way that requires prior parental consent under COPPA, we will obtain such prior parental consent.
11. How can someone contact the Company?
If you have questions, you may email us at email@example.com