Effective Date: April 12, 2017
The website you are visiting is owned and operated by Armillaria, LLC (d/b/a Sphaera Solutions) on its behalf or for its licensees. This policy applies to your use of the services provided through the following websites:
(a) Sphaera’s main solutions exchange hub, the Resilience Exchange ("Resilience Exchange"); and
(b) such other websites owned or operated by Sphaera on behalf of its licensees who offer solutions hubs in a separate and brand-specific environment that are linked to the Resilience Exchange ("Rex Partner Sites"). Resilience Exchange and Rex Partner Sites are collectively referred to as "Sphaera Websites."
EU-US PRIVACY SHIELD
INFORMATION WE COLLECT AND USE
Sphaera collects only the information necessary to serve our Users, including for the purpose of creating User accounts and allowing User navigation and access to website content including the Resilience Exchange platform and its posted solutions (“Solutions”) and building blocks (“Building Blocks”). When you visit any of the Sphaera Websites, you may provide us with two general types of information, and we may receive the following categories of Personal Data, including:
- Information You Give Us – We only request the Personal Data necessary to establish and service our User’s accounts with our websites. Personal Data that you consciously choose to disclose to us on an individual basis may include, depending on the service purchased:
- Full name
- Company Name
- Mailing address
- Phone number
- Credit card account information for billing purposes
- Information We Get from Your Use of our Services– Sphaera collects website use information on an aggregate basis as you and other Users browse our websites.
- To learn more about how our visitors use our websites by analyzing usage patterns in the aggregate. We never use information collected from cookies to profile individual visitor behavior; and
- To keep track of services you purchase from us, if any.
- Internet Protocol addresses. An IP address is a number that is assigned to your computer each time you log onto the Internet. If you register with any of the Sphaera Websites, the messages that you send through our servers typically contain your IP address in the header information of the message. IP addresses provide the recipient of your message with the ability to track your IP address to your Internet service provider or the location of the computer from which you sent the message.
We may receive the above categories of Personal Data in the US from Users in the EU and Switzerland. Sphaera will only process Personal Data, received from any User wherever located, in ways that are compatible with the purpose that Sphaera collected it for, or for purposes the individual later authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose that we collected it for or that you later authorized, we will provide you with the opportunity to opt out. Sphaera maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.
DATA TRANSFER TO THIRD PARTIES
Sphaera does not rent, sell, or trade your Personal Data (e.g., email addresses) to third parties, with the exception of the following:
- Third-Party Agents or Service Providers. We may transfer Personal Data to our third-party agents or service providers who perform functions on our behalf including third parties assisting us in providing the services requested by you. Where required by the Privacy Shield, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection as set forth in this policythe Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process Personal Data in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing. For example, we will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of Personal Data that we transfer to them.
- Credit Card Transactions. We have chosen a third party to process our credit card transaction for safety, efficiency, and reliability. The credit card information that you choose to provide during your purchase is maintained in our credit card processing company’s database for accounting and billing purposes. Unless expressly authorized in writing by you, we do not maintain a copy of your credit card information on our server. Credit card account numbers you choose to authorize us to maintain are encrypted and access is restricted.
- Disclosures for National Security or Law Enforcement. Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements. In order to cooperate with legitimate governmental requests, subpoenas, or court orders, to protect Sphaera and/or Sphaera's systems and Users, or to ensure the integrity and operation of Sphaera Websites and/or Sphaera’s business and systems, Sphaera may access and disclose any information it considers necessary or appropriate under such circumstances.
Sphaera maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.
With respect to any Personal Data about you, we do not access this information other than on a random or infrequent basis as necessary for the performance of our services. Nonetheless, in order to appropriately protect the information transmitted by our Users, and to prevent unauthorized access and to maintain data security of our Users’ Personal Data, we maintain commercially accepted physical, electronic, administrative and managerial security and enforcement procedures to safeguard against the loss, misuse, corruption and unauthorized access, disclosure, alteration or destruction of credit card and personal information.
If you sent your information from the EU or Switzerland, you may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can submit a written request to the contact information provided below under “Questions and Information.” We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information.
We keep Personal Data for as long as we think is necessary or advisable and we reserve the right to retain it to the full extent not prohibited by law. We may discard Personal Data at our discretion, so you should retain your own records, and not rely upon our storage of any Personal Data or other information.
- Updating your personal information. You may access and update the registration data that you provided to us when you set up your account by clicking here.
- External links. For the convenience of our Users, Sphaera may provide links to third party websites that are external to Sphaera Websites. These websites are not operated or controlled by Sphaera, and Sphaera is not responsible for the privacy practices or the content of such external websites.
THIRD PARTY INFORMATION
Our services are not intended to be used by children under the age of 18 (“minor children” or “minor child”). We do not collect personal information from minor children, and we ask minor children not to transmit any information to any Sphaera Website. Sphaera welcomes the parent or guardian of a minor child under the age of 18 to use Sphaera Websites and provide any information, service, or product gained from such websites to their minor child. We comply with all federal laws and regulations regarding the privacy of minor children, including the Children’s Online Privacy Protection Act.
CONSENT TO ELECTRONIC NOTICE
In case of unauthorized access or other invasion of certain security systems, you agree that we may notify you by posting notice on the relevant Sphaera Website or sending notice to your email address in our possession in our good faith discretion. You agree that notice to you will count as notice to others for whom you are acting, and agree to pass the notice on to them.
For purposes of enforcing compliance with the Privacy Shield, Sphaera is subject to the investigatory and enforcement authority of the US Federal Trade Commission.
QUESTIONS OR COMPLAINTS
You can direct any questions or complaints about the use or disclosure of your Personal Data to us by email at firstname.lastname@example.org. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your Personal Data within 45 days of receiving your complaint.
For any unresolved complaints for Users sending data from the EU and Switzerland, we have agreed to cooperate with the BBB EU PRIVACY SHIELD, a nonprofit alternative dispute resolution provider located in the United States and Operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit BBB EU PRIVACY SHIELD for more information and to file a complaint.
If you sent your information from the EU or Switzerland, you may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your complaint directly with Sphaera and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, please refer to the US Department of Commerce's Privacy Shield Framework: Annex (Binding Arbitration).
CHANGES TO THESE POLICIES