Protecting consumer privacy is important to SPS/GZ. This privacy policy outlines our standard policy and practices for implementing the Website Privacy Principles (set out below). This includes the types of information we gather, how we use it and the notice/choice affected individuals have regarding our use of/ their ability to correct that information. This privacy policy applies to all personal information received by SPS/GZ through this website domain. This Privacy Policy does not govern information you might provide through a channel other than the Website. This Privacy Policy applies to all visitors to the Website.
“Personal Information” or “Information” means information that (1) is recorded in any form; (2) is about, or pertains to a specific individual; and (3) can be linked to that individual; (4) can directly or indirectly identify an individual.
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health. SPS/GZ’s website domain forms do not include the collection of Sensitive Personal Information.
SPS/GZ collects data from the public via the SPS/GZ web site. This data may include information volunteered by an individual who wants to obtain more information about SPS/GZ’s services or data which indicates who accessed SPS/GZ’s web site and which pages they accessed. The latter type of data may or may not include Personal Information. This data is used for SPS/GZ’s marketing purposes and is not passed to third parties for any purpose other than assisting SPS/GZ in its marketing efforts. SPS/GZ does not sell this data to third parties. Third parties who do receive this type of data are obligated to use the data only for the contracted purpose and to maintain the confidentiality of the data.
Individuals who have provided information to SPS/GZ via its web site may contact SPS/GZ to have their names and information removed from SPS/GZ’s marketing databases by contacting us at spsgzsupport@greenzapato.com SPS/GZ complies with applicable law that requires all marketing emails to include the means to opt out of such email.
SPS/GZ does not currently collect Sensitive Personal Information. In the event that SPS/GZ does receive Sensitive Personal Information, SPS/GZ shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.
As you browse spsgz.com, advertising cookies will be placed on your computer so that we can understand what you are interested in. These cookies are used to show relevant ads to you and to measure the performance of our advertising campaigns.
The techniques our partners employ do not collect personal information such as your name, email address, postal address or telephone number.
SPS/GZ has put in place appropriate physical, electronic and procedural controls to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Although information sent to and from SPS/GZ is secured according to industry best practices, SPS/GZ cannot guarantee the security of Information on or transmitted via the Internet.
SPS/GZ shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, SPS/GZ shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.
SPS/GZ shall allow an individual to access their Personal Information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. Where the information the individual seeks to edit was provided by a SPS/GZ customer, SPS/GZ will need to contact the customer and will only change the information after the customer has verified that the original information was inaccurate. Access can be initiated via email to spsgzsupport@greenzapato.com
SPS/GZ is committed to resolving complaints about your privacy and our collection or use of your Personal Information. Individuals with inquiries or complaints regarding this privacy policy should first contact SPS/GZ at spsgzsupport@spsgz.com.
We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of personal data within 45 days of receiving your complaint.
Privacy Notice for California Residents
Data Protection for California Consumers under the California Consumer Privacy Act If you are a visitor, user, or other individual who resides in the State of California
(“consumer”), you have the right to: (a) request that SPS/GZ disclose what personal information it collects, uses, discloses and sells about you, (b) request deletion of the personal information you have provided to SPS/GZ, and (c) be free from discrimination by SPS/GZ as a result of you exercising your rights under the California Consumer Privacy Act of 2018 (“CCPA”).
We note that the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication from some of its requirements, such that the rights to access and delete your personal information do not apply with respect to such information.
In addition, under the CCPA, none of the rights set forth in this Notice apply to, and “personal information” does not include, certain categories of information, such as (i) publicly available information from government records, (ii) deidentified or aggregated consumer information, (iii) health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data, and (iv) information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
If you wish to exercise any of these rights, you must submit a Verifiable Consumer Request by emailing spsgzsupport@greenzapato.com.
If you are a natural person who is resident in the state of California, you may have the following rights in relation to personal information that we collect about you.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If you believe that we have processed your personal information in violation of applicable law and failed to remedy such violation to your reasonable satisfaction, you may also lodge a complaint with the data protection supervisory authority in your country. You can find details for your relevant EU national data protection authority
at https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
information is provided to third parties outside the EEA, or who will access the information from outside the EEA, we take steps to ensure that approved safeguards are in place.
We will only share your personal information with trusted third parties where we have retained them to provide services that you have requested or for our legitimate business purposes, such as IT or professional support services.
The SPS/GZ website gathers and processes your personal data only if you actively give it to us. Under the GDPR, the legal basis for processing your personal information is Consent, respectively “legitimate interest”, which can mean you have asked us to provide a service or to contact you using the details you have submitted.
To withdraw your consent, please contact spsgzsupport@greenzapato.com.
Under our customer contracts, SPS/GZ gathers and processes customers’ customers personal data only if provided to SPS/GZ in order to fulfill its contractual obligations. Under the GDPR, the legal basis for processing your customers’ personal information is contractual obligation.
We will retain your personal information only for the time necessary to provide the Services we perform for you, or stated by the purposes outlined in this Privacy Policy. In particular, we will store certain categories of your personal information for the following periods of time:
Category of Personal Data | Storage Time Period |
Contact details for sales enquiries | Until you unsubscribe |
Email address for blog | Until you unsubscribe |
Job applications & CVs Outside EU | Indefinitely |
Job applications & CVs – EU Citizens | 1 year (or until consent withdrawn, whichever is earlier) |
If you are unhappy about our use of your personal information, you can contact us using the details in the contact details below.
You may prefer to, and are entitled to, lodge a complaint with a different supervisory authority in a country of your choice. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
Categories of Personal Information We Collect
Spsgz.com has collected the following types of personal information about consumers in the preceding 12 months:
Categories | Examples | Collected |
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, or other similaridentifiers. | YES |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medicalinformation, or health insurance information. | NO |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial geneticinformation). | NO |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or | YES |
other purchasing or consuming histories or tendencies. | ||
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, andsleep, health, or exercise data. | NO |
F. Internet or other similar network activity. | Browsing history, search history, information ona consumer’s interaction with a website,application, or advertisement. | YES |
G. Geolocation data. | Physical location or movements. | NO |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | NO |
I. Professional or employment-relatedinformation. | Current or past job history or performance evaluations. | NO |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financialinformation, or student disciplinary records. | NO |
K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence,abilities, and aptitudes. | NO |
SPS/GZ obtains the categories of personal information listed above from the following categories of sources: (a) directly from you, for example, if you contact us via our website; and (b) indirectly from you, for example, via Internet cookies
We may disclose personal information to third parties, including independent contractors or subcontractors (such as consultants who are engaged by SPSGZ), agents (recruitment agents) and service providers (such as legal and consultancy providers) who need to process your information in the course of providing services for SPSGZ or on behalf of SPSGZ for the purposes specified in this policy.
SPSGZ also uses service providers that perform business functions on our behalf, such as third-party IT service and software providers, to host, store, and process data. When using these processors, SPSGZ will enter into a data processing agreement to safeguard your privacy, and we will make sure that the information is only transferred where reasonably necessary to enable us to fulfil the purposes set out in this Policy. If our processors are located outside of the EU/EEA, SPSGZ will ensure legal grounds for such international transfers on your behalf, for example by using the EU Model Clauses.
SPSGZ may disclose your personal information: (a) as required or permitted by, or to comply with, applicable law, regulation, court or tribunal processes or other statutory requirements; (b) to respond to requests from or disclosures required by any court, tribunal, authority, regulator or supervisory or governmental body or (c) to comply with Know Your customer and anti-money laundering requirements and references, background and other similar checks on or conducted by SPSGZ.
SPSGZ sometimes provide personal information to third parties to perform services on our behalf. If SPSGZ transfers personal information received under the Data Privacy Framework to a third party, except for disclosures to government agencies, the third party’s access, use and disclosure of the personal information must also be in compliance with our Data Privacy Framework obligations and SPSGZ will remain liable under the Data Privacy Framework, unless SPSGZ proves that it is not responsible for the event giving rise to the damage. We may be required to disclose personal information that we handle under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In the preceding 12 months, SPS/GZ has disclosed the following types of personal information to its service providers and affiliates for business purposes: A. Identifiers; D. Commercial information; F. Internet or other similar network activity;
If you have any enquiries or if you would like to contact us about our processing of your personal information, including to exercise your rights as outlined above, please contact us by one of the methods listed below.
EU-US Data Privacy Framework Commitment to DPF
SPSGZ complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the
U.S. Department of Commerce. SPSGZ has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please
visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF, SPSGZ commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to Data Privacy Framework Services, operated by International Centre for Dispute Resolution (ICDR), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit here for more information or to file a complaint. The services of Data Privacy Framework Services are provided at no cost to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. For information visit DPF here.
SPSGZ will cooperate with the United States Federal Trade Commissions and any data protection authorities of the EU Member States (“DPAs”) in the investigation and resolution of complaints that cannot be resolved between SPSGZ and the complainant that are brought to a relevant DPA.
Stock Plan Solutions/Green Zapato 444 North Wells, Suite 203
Chicago, IL 60654
(888) 375-3049
complies with the EU-U.S. Data Privacy Framework