fbpx

Privacy Policy

This Privacy Policy (the “Privacy Policy”) explains  and governs over how we, Spotinst Ltd. and its affiliates (“Spotinst”, “we”, “our”, “us” or the “Company”) use, collect and store Personal Data (as defined below) we collect or receive from or about you, such as in the following use cases: 

  • When you use our SaaS (the “Spotinst Platform”) for cloud infrastructure management and optimization (“Services“);
  • When you use and access our website, available at: https://spotinst.com (the “Site“);
  • When you make use of, or interact with, our Site, including:
    • When you create an account, purchase a product and/or Services;
    • When you request a free trial;
    • When you subscribe to the email list or newsletters; 
    • When we process your job application; and
    • When you contact us (e.g. customer support, help, submit a request).
  • When we receive your Personal Data from third-party sources; 
  • When you attend a marketing event and provide Personal Data;
  • When we use the Personal Data of our service providers and suppliers; and 
  • When we use the Personal Data of our customers. 

A User may be either: (i) an entity which executed an agreement with Spotinst or with Spotinst resellers or distributors, who provide our Services (“Customer”), or (ii) our Customer’s users of the Services or visitors of the Site (“End User(s)”, and collectively with Customers, “User(s)” or “you“).

We greatly respect the privacy of our Users and are committed to protect the Personal Data our Users share with us. We believe that you have a right to know our practices regarding the Personal Data and other information we collect and use, when you use our Site and our Services.Personal Data” means any information that can be used, alone or together with other data, to uniquely identify any living human being.

PLEASE READ THE FOLLOWING CAREFULLY TO UNDERSTAND OUR VIEWS AND PRACTICES REGARDING YOUR PERSONAL DATA AND HOW WE WILL TREAT IT. BY USING OUR SITE AND/OR SERVICES, YOU ACKNOWLEDGE YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.

Table of contents: 

  1. What Personal Data We Collect and Why We Collect It
  2. Cookies
  3. How We Share Your Personal Data
  4. How Do We Protect Your Information
  5. Data Retention
  6. Additional Information Regarding Transfers Of Personal Data
  7. Job Applications
  8. General And Individual End User’s Rights
  9. California Privacy Rights
  10. Analytics Tools
  11. Changes to The Privacy Policy
  12. Questions, Contact Information And Complaints

This Privacy Policy can be updated from time to time, therefore we ask you to check back periodically for the latest version of the Privacy Policy, as indicated below.  If there will be any significant changes made to the use of your Personal Data in a manner different from that stated at the time of collection, we will notify you by posting a notice on our Site or Services or by other means.

  • WHAT INFORMATION WE COLLECT AND WHY WE COLLECT IT
Data we collect Why is the data collected and for what purposes? Legal basis (GDPR only) Third parties with whom we share your Personal Data  Consequences of not providing the Personal Data
When you browse or visit our Site 
Analytical and Marketing Cookies – see link in Section 4 below.  This allows us to recognize and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our website works Consent Google Analytics

Heap

PowerBI

Hubspot

Crazy Egg

We will not be able to improve the way our Site works.
Functional cookies and Essential cookies and log data see – Section link in Section 4 below.
  1. technical administration for the Site;
  2. to help determine which Users have access privilege to certain content, services or recourses that the Company offers; 
  3. estimate and report total audience size and traffic;
  4.  help combat fraud and abuse and; 
  5. provide analytics and reporting in respect to the use of the Spotinst Platform.
Our legitimate interests  Zendesk

Heap

Cannot collect and store your information

Cannot use or access some parts of the Site

When you create an account (or use it thereafter), or request a free trial 
Full nameCompany

Email

Country

  • To create an account;
  • To perform/execute the Services; or 
  • To provide a free trial
It is either: (i) necessary to provide our Services to you, or (ii) following a User’s request, prior to entering into an agreement with us. Salesforce

Hubspot

Mailchimp 

Cannot create an account

Cannot perform and/or execute the Services

Cannot provide a free trial

When you sign up for contact purposes 
Full nameCompany

Email

Country

  • To provide you with initial information, including demos;
Our legitimate interests  Salesforce

Hubspot

Cannot provide you 

with initial 

information, including 

demos.

  • To add you to our mailing list; or
  • To send newsletters or other marketing communications.
Consent (where applicable)
When you contact us (e.g. customer support, help, or submit a public post on our Site)
First and last name

Email address

Any other Personal Data you choose to provide us in connection with your enquiry.

  • To process and answer questions
  • To provide support (e.g., to solve problems, bugs or issues)
  • To customize your experience
It is necessary to provide our Services to you. Zendesk

Slack

Jira

Cannot assist you and respond to your query
When we receive your Personal Data from third-party sources (such as our business partners) 
Full nameCompany

Email

Job Title

Phone Number

Address

  • To establish a business connection.
  • To send newsletters or other marketing communications.
Our legitimate interests Salesforce

Hubspot

Cannot engage you for business development reasons or send you marketing communications. 
When you attend a marketing event and provide Personal Data (for example by exchanging business cards with us)
Full name

Title

Company

Email

Country

  • To establish a business connection
  • To send marketing materials 
Consent Salesforce

Hubspot

Zoom.us

Cannot participate in events and we cannot send you marketing communications.
When we use the Personal Data of our service providers and suppliers 
Full name

Email

Country

  • To communicate with the service provider. 
our legitimate interests Netsuite We won’t be able to communicate with our services providers.
When we use the Personal Data of our customers
Account information, including User’s full name and Email.

Billing and account information for credit cards, payment cards or other payment systems.

  • To provide the Platform and Services to you.
  • To communicate with our customers
  • To bill the customer.
  • It is necessary to provide our Services to you.
iCount

Stripe

Cannot provide the Services and/or our Platform

Cannot communicate with you

  • Marketing
  • Legitimate interest, soft opt in exception 

 

 

  • HOW WE SHARE YOUR PERSONAL DATA

Spotinst is committed to protecting the privacy of its Users. We do not share, sell, rent, trade, lease, loan or otherwise transfer Personal Data to third parties, except as provided in this Privacy Policy. In addition to the recipients described in Section 1, we may share your information as follows: 

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this Privacy Policy.
  • If Spotinst or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its Customers will be one of the transferred assets (subject to applicable law).
  • If we are under a duty to disclose or share your Personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of supply terms and other agreements with you; or to protect the rights, property, or safety of Spotinst, our Customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
  • to enforce this Privacy Policy and/or contracts executed with Spotinst, including investigation of potential violations thereof and to detect, prevent, or otherwise address fraud, security or technical issues in connection with the Services or Site;
  • to protect the rights, property, or personal safety of Spotinst, its Users, or the general public if Spotinst has a good faith belief that the law requires us to do so, with or without notice.

SpotInst, as it sees fit, may share information (including Personal Data) that you voluntarily make public, including information that you post on any blogs, message boards, chat rooms or other similar forums, whether or not such forums are owned by Spotinst, subject to Spotinst’s Site Terms of Use, available at: ToS]. 

  • HOW DO WE PROTECT YOUR INFORMATION?

We take a great care in implementing, enforcing and maintaining the security of the Service, Site and our Users’ Personal Data. Spotinst is Soc 2 type II certified. All Personal Data is stored with logical separation from information of other customers. Spotinst implements, enforces and maintains security policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of personal data and monitor compliance of such policies on an ongoing basis. However, we do not guarantee that unauthorized access will never occur.

Spotinst limits access to personal data to those of its personnel who: (i) require access in order for Spotinst to fulfil its obligations under this Privacy Policy and agreements executed with Spotinst and (ii) have been appropriately and periodically trained on the requirements applicable to the processing, care and handling of the Personal Data (iii) are under confidentiality obligations as required under applicable law. 

Spotinst maintains documentation regarding compliance with the requirements of the law, including without limitation documentation of any known breaches and holds reasonable insurance policies in connection with data security. For more information see our Security Policy, available at: https://spotinst.com/security-policy (the “Security Policy”).  

  • DATA RETENTION

Your Personal Data will be stored until we no longer need the information and proactively delete it, or if you send a valid deletion request, in which case as soon as reasonably practicable, and within a maximum of 60 days.  As for cookies we store, Please this would depends on the cookie in question. Some cookies (e.g. essential cookies) cannot be disabled. You may also control and delete these cookies through your browser settings. For more information, please see our cookie policy, available at: Cookie Policy 

In some circumstances we may store your Personal Data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings.  However, Spotinst does not store or retain credit card or payment card numbers after they have been forwarded to its billing and payment processor(s), unless it is necessary for providing the Spotinst Platform.

Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. Spotinst shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of Spotinst trade secrets. Customer’s personnel shall be required to execute some non-disclosure agreements. Unless agreed otherwise with the Customer, this policy shall govern the retention operation of Spotinst. Spotinst will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements.

  • ADDITIONAL INFORMATION REGARDING TRANSFERS OF PERSONAL DATA
  • Data Hosting
  1. For Users of the Site: The Data we collect from you is hosted on servers located in the US and EU and Israel. Data we collect from you may be transferred to, and stored at, a destination outside of your jurisdiction that may not be subject to equivalent Data protection laws. 
  2. For Users of the Services: The information we collect about you is hosted on servers located in the US and EU and Israel. 
  • Intra-Group Transfers
  1. The main offices of Spotinst have their headquarters in Israel. Please be aware that information you provide to us or we obtain as a result of your use of the Site or the Spotinst Platform, may be processed and transferred to other countries and be subject to applicable law. 
  2. This information may also be processed by staff working for us or for one of our suppliers. The privacy and data protection laws in Israel may not be equivalent to such laws in your country of residence. By using our Site or the Spotinst Platform, or by providing us with your information, you consent to this collection, transfer, storage, and processing of information to and in Israel.
  3. We do however ensure transfers within the Spotinst group will be covered by an agreement entered into by members of the Spotinst group (an intra-group agreement) which contractually obliges each member to ensure that Personal Data receives an adequate and consistent level of protection wherever it is transferred to. 
  • Outbound Transfers
  1. Where we transfer your Personal Data outside of Spotinst, for example to third parties who help provide our products and services, we will obtain contractual commitments from them to protect your Personal Data.  Some of these assurances are well recognized certification schemes like the EU – US Privacy Shield for the protection of Personal Data transferred from within the EU to the United States.
  2. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any Personal Data is disclosed.
  • JOB APPLICATIONS

We may collect information (including Personal Data) provided to us by job candidates (“Applicants”), when they apply to a position in our super great company. Spotinst welcomes all qualified Applicants to apply to any of the open positions by sending us their contact details and CV (“Applicants Information”). Applicants Information will be maintained, processed and stored in Israel, US and in the applied position’s location(s), and as necessary, in secured cloud storage provided by our third party service providers (as described in Section 1 above).

We are committed to keep Applicants Information private and use it solely for our internal recruitment purposes (including for identifying Applicants, evaluating their applications, making hiring and employment decisions, background checks on Applicants (where permitted under applicable law) and contacting Applicants by phone or in writing).

Please note that Spotinst may retain Applicants Information submitted to it even after the applied position has been filled or closed for no more than 12 months thereafter so we can re-consider Applicants for other positions and opportunities and in case the Applicant is hired, for additional employment and business purposes related to his/her work.

If you previously submitted your Applicants Information to Spotinst, and now wish to have it deleted, amended or in your possession, please contact us via the company website. We will be happy to assist in any manner.

  • GENERAL AND INDIVIDUAL END USER’S RIGHTS

The following rights (which may be subject to certain exemptions or derogations), shall apply to Users who are protected by the GDPR. Please note that some of these rights may also apply under other jurisdictions as well:

  • You have a right to access information held about you. Your right of access can normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
  • You have the right to request that we amend any Personal Data we hold that it is inaccurate or misleading.
  • You have the right to request the erasure of the Personal Data that relates to you, If you submit a valid deletion request, as soon as reasonably practicable, and within a maximum of 60 days. Please note that there may be circumstances in which we are required to retain your data, for example for the establishment, exercise or defense of legal claims;
  • The right to object to or to request restriction of the processing. However, there may be circumstances in which we are legally entitled to refuse your request;
  • The right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
  • You have the right to object to profiling;
  • You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority.
  • The right to withdraw your consent. Please note that there may be circumstances in which we are entitled to continue processing your Personal Data, in particular if the processing is required to meet our legal and regulatory obligations.
  • You also have a right to request details of the basis on which your Personal Data is transferred outside the European Economic Area, but you acknowledge that data transfer agreements may need to be partially redacted for reasons of commercial confidentiality.

You can exercise your rights by contacting us at legal@spotinst.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfil your request.  When processing your request, we may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.  

Please note that Spotinst may also process Personal Data of an End User on behalf of its Customers (who would be considered the Data Controller, as applicable), when the Customer is under the requirement to obtain consent from an End User, or when there is another basis for doing so under applicable law. Customers who cause Spotinst to process Personal Data of an End User are obligated to hold all appropriate consents (if applicable) and may only utilize the Services pursuant to applicable law. Spotinst supports End Users’ rights to retrieve any information retained on its servers which relates to such End User. 

  • CALIFORNIA PRIVACY RIGHTS
  • California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to legal@spotinst.com. Please note that we are only required to respond to one request per customer each year.
  • California Do Not Track Notice. We do not track consumers over time and across third party websites and therefore do not respond to Do Not Track signals. We do not allow third parties to collect Personal Data about an individual consumer’s online activities over time and across different web sites when a consumer uses the Services.
  • ANALYTIC TOOLS

We utilize certain analytics tools, such as:

  • Google Analytics. The Site uses a tool called “Google Analytics” to collect information about use of the Site. Google Analytics collects information such as how often users visit this Site, what pages they visit when they do so, and what other websites they used prior to coming to this Site. We use the information we get from Google Analytics to maintain and improve the Site and our products. We do not combine the information collected through the use of Google Analytics with Personal Data. Google’s ability to use and share information collected by Google Analytics about your visits to this Website is restricted by the Google Analytics Terms of Service, available at http://www.google.com/analytics/terms/us.html/, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about how Google collects and processes data specifically in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.
  • CHANGES TO THE PRIVACY POLICY

The terms of this Privacy Policy will govern the use of the Site and Service and any information collected in connection therewith, however, Spotinst may amend or update this Privacy Policy from time to time. The most current version of this Privacy Policy will always be posted at http://www.Spotinst.com/privacy-policy. We will endeavor to provide notice of material changes to this policy on the homepage of the Site and/or via an e-mail. Such material changes will take effect seven (7) days after such notice was provided on our Site or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of the Site and/or Services will constitute your written acceptance of, and agreement to be bound by, the changes to the Privacy Policy.

  • QUESTIONS, CONTACT INFORMATION AND COMPLAINTS

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email or otherwise contact us at the following address and we will make an effort to reply within a reasonable timeframe.

E.U. citizens have the right to lodge a complaint with a supervisory authority (Data Protection Authority in your jurisdiction) in case of a breach of any E.U. data protection and privacy regulations. If the supervisory authority fails to deal with a complaint or inform you within the time frame set under applicable law, you have the right to an effective judicial remedy.

Please do not hesitate to contact us via the “contact us” section in the Site.

Last updated: July 2019