Introduction
At Spinnaker SCA (“Spinnaker Services LLC,” “we,” “us,” “our,” or the “Spinnaker SCA”), we are committed to ensuring that your privacy is protected. This privacy policy sets out how Spinnaker SCA uses and protects any information that you give us or that we collect, through whatever method. The policy aims to inform you about the types of personal data we collect, the purposes for which the data are used and the way the data are handled. Any changes we may make to our privacy policy in the future will be posted on this page.

Who we are
For the purpose of the EU General Data Protection Regulation 2016/679 (“GDPR”) and national laws implementing GDPR, the data controller is Spinnaker Services LLC and its subsidiaries. Spinnaker Services LLC is a Colorado limited liability corporation, with US registration number 20121233235

Our registered address is:

4770 Baseline Road, Suite 200
Boulder, CO, 80303
United States

Collection of Personal Data

Information we may collect from you or third parties

We collect your information:

• when you fill in a form on our website,
• when you meet us at trade events,
• when you become a client,
• when you submit a job application,
• when you email, call, text, or fax us,
• from third party sources including joint marketing partners, and
• from publicly available sources such as LinkedIn.

Categories of Personal Information we collect from you or third parties may include your name, email address, job title, company address, contact telephone numbers, product interest, cookie and, in the case of job applications, employment history.

Information we may collect automatically
When people visit http://www.spinnakerSCA.com we use a third-party service, Beacon Tracking provided by Act-On, to collect information about the behavior patterns of our website visitors. This service sets a cookie in order to evaluate the use of the website and to compile a report on website traffic patterns.

Act-On, as our Data Processor, collects certain information from the browser you use, such as your IP address, device identifier, location data browser type and language, access times, the Uniform Resource Locator (URL) of the website that referred you to our website.

Purposes and lawful bases of data collection

Data from our website form or at conferences
If you complete an inquiry form on our website or give us your details in person, for example at a conference, we will contact you by email or phone so that we can discuss the products or services in which you have indicated an interest. Data that you provide will be added to our Customer Relationship Management system and used to send you marketing messages. You can opt-out of these messages at any time by using the unsubscribe link that we put in every email.

Our lawful basis for processing these data is Consent. Unless you withdraw consent, we will keep your data in our systems.

Data from our marketing partners
Our marketing partners may contact you by phone or email in order to tell you about our services. They will let you know who we are, where they obtained your data, and your right to opt-out of future marketing. We will absolutely respect that right. If you express an interest in Spinnaker SCA services, they will pass your data to us and we will contact you by email or phone and add your data to our CRM system so that we can continue to market to you.

Our lawful basis for processing these data is Legitimate Interest. Unless you exercise your right to object to processing, we will keep your data in our systems.

Client Data
When you become a client, we require your information in order for us to fulfill our contract with you. Our legal basis for processing is Contractual Obligation. We will also add your data to our CRM so that we can keep you updated with any information you might be interested in. Our legal basis for this processing is a legitimate interest. We will continue to process your data in our systems.

Job Applications
If you submit a job application either directly or through a recruiter, our legal basis for processing your data is Consent. We will use your information in connection with the specific job that you’ve applied for and it will be stored for the duration of your application. If we think there may be other roles for which you would be suitable, we will hold your details up to two years after completion of the initial application process. We will only do this with your consent except where retention is required by law (for example candidates from the US, whose details will be held for seven years).

Your personal information may be passed to or accessed by Spinnaker SCA companies both inside and outside the European Economic Area in order to offer relevant job opportunities to you. You may withdraw your permission for your data to be processed outside the EU by making a request to our team using the Contact details below. You can update your CV at any time by simply submitting a new CV.

Sometimes we use publicly available sources of data such as LinkedIn in order to source candidates. Our legal basis for processing these data is Legitimate Interest and, in these situations, we will provide you with our privacy policy within a maximum of 30 days of obtaining your data. Should be interested in working with us, we will ask your consent to store your data as above.

How We Share Your Personal Information
Spinnaker SCA will never sell your personal information. We will only share your information with trusted third parties retained to provide services that you have requested or for our own legitimate business purposes, or insofar as we may be required to do so by law. Such services include CRM, IT or professional support services.

Trusted Third Parties

Spinnaker SCA works with a number of trusted third parties to provide services to you:

• The Spinnaker SCA website is hosted by GoDaddy (privacy policy), a company based in Tempe, AZ, USA.
• The sales and marketing teams use Pipedrive (privacy policy), Act-On (privacy policy), and Microsoft Office 365 (privacy policy) to store and process contact details submitted through the commercial inquiry form.
• The finance teams use NetSuite (privacy policy) in order to process billing information.
• The hiring team uses Microsoft Office 365 services to store and process applications and contact details.

Your rights as a data subject

Where the processing of your Personal Information is subject to EU data protection laws, you have the data subject rights as set out below. If you wish to exercise any of these rights, please use the information supplied in the Contact section below. In order to process your request, we will ask you to provide two valid forms of identification for verification purposes.

Your rights are as follows:

The right to be informed

As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy policy and any related communications we may send you.

The right of access

You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requester, we will provide access to the personal data we hold about you as well as the following information:

1. a) The purposes of the processing
2. b) The categories of personal data concerned
3. c) The recipients to whom the personal data has been disclosed
4. d) The retention period or envisioned retention period for that personal data
5. e) When personal data has been collected from a third party, the source of the personal data

If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests are likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.

The right to rectification

When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.

The right to erasure (the ‘right to be forgotten’)

Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.

The right to restrict processing

You may ask us to stop processing your personal data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:

1. a) The accuracy of the personal data is contested
2. b) Processing of the personal data is unlawful
3. c) We no longer need the personal data for processing but the personal data is required for part of a legal process
4. d) The right to object has been exercised and processing is restricted pending a decision on the status of the processing

The right to data portability

You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfillment of a contractual obligation.

The right to object

You have the right to object to our processing of your data where

• Processing is based on legitimate interest;
• Processing is for the purpose of direct marketing;
• Processing is for the purposes of scientific or historical research;
• Processing involves automated decision-making and profiling.

Security

We have what we believe are appropriate security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our ISMS. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.

Contact Us

If you have any inquiries or if you would like to contact us about our processing of your personal information, including to exercise your rights as outlined above, please contact us by one of the methods listed below. When you contact us, we will ask you to verify your identity.

Email

[email protected]

Post

4770 Baseline Road, Suite 200

Boulder, CO, 80303

United States

Complaints

If you are unhappy with our use of your personal information, you can contact us using the details in the Contact section. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:

Telephone

213.443.8308

Website

https://ico.org.uk/concerns/

Post

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

United Kingdom

If you live or work outside the UK or you have a complaint concerning our activities outside the UK, you may prefer to lodge a complaint with a different supervisory authority.

Changes to Our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted to this page.