By clicking here , you find instructions on how you can submit a request to exercise you rights under applicable law.
BY USING THIS WEBSITE OR ANY FASTSPRING OPERATED ECOMMERCE SOLUTION OR SUBMITTING PERSONAL INFORMATION TO FASTSPRING THROUGH THIS WEBSITE OR ANY FASTSPRING POWERED ECOMMERCE SOLUTION, YOU ARE CONSENTING TO THE COLLECTION, USE, TRANSFER, AND DISCLOSURE OF INFORMATION AS DESCRIBED IN THIS PRIVACY STATEMENT IN JURISDICTIONS WHERE IMPLIED CONSENT IS ACCEPTABLE. IF YOU DO NOT AGREE TO ABIDE BY THIS PRIVACY STATEMENT, DO NOT USE THIS WEBSITE. YOUR CONTINUED USE OF THE WEBSITE FOLLOWING THE POSTING OF ANY CHANGES TO THIS STATEMENT CONSTITUTES ACCEPTANCE OF SUCH CHANGES.
1. SCOPE AND PURPOSE OF THIS PRIVACY STATEMENT
Introduction. This Bright Market, LLC d/b/a FastSpring, Bright Market, LLC dba FastSpring Limited, FastSpring B.V., and SalesRight Technologies, ULC dba FastSpring (collectively “FastSpring”, “we”, “our” or “us”) Privacy Statement (“Privacy Statement”) applies to each ecommerce solution, which may be but is not limited to, a website, portion of a website or a software application branded with the look and feel of a software publisher or entity operated by FastSpring for the purpose of buying or selling such software publisher’s products and/or services (“Ecommerce Engine” or “Website”) where this Privacy Statement can be accessed from a hyperlink on, or otherwise appears on, that Ecommerce Engine. If you are purchasing products through a software Seller (“Seller”), a FastSpring subsidiary and not FastSpring directly, please note that this Ecommerce Engine is hosted and/or operated by FastSpring under an agreement with the Vendor or subsidiary of FastSpring who is listed as the seller of products in the terms of sale on this Ecommerce Engine.
Purpose. FastSpring respects the privacy of all individuals that interact or do business with FastSpring. This Privacy Statement is intended to explain how we collect, use, maintain, share, transmit and store your Personal Data in accordance with applicable data protection laws. Additionally, this Privacy Statement describes your relationship to us depending on the context in which you interact with us. Further, this Privacy Statement details your rights and how to contact us to exercise your rights or to obtain additional information about your rights and our privacy practices.
2. DEFINITIONS
“Buyer” means the individual or company purchasing a digital goods or services.
“Controller” means the natural or legal person that determines the purposes and means of the processing of personal data.
“Consent” means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Data Subject” means an identified or identifiable natural person whose personal data is processed.
“Joint Controller” means two or more controllers jointly determining the purposes and means of processing.
“Merchant of Record” means a legal entity that sells digital goods and services to a customer and is the responsible party for the transaction including, but not limited to, collecting payment, processing chargebacks and refunds, handling currency exchanges, collecting taxes, managing subscriptions, and ensuring compliance with applicable laws, regulations and industry standards.
“Personal Data” means any information allowing the identification, directly or indirectly, of a natural person including, but not limited to, name, identification number, location data, online identifier, email, phone number, address, bank account details, debit card number, credit card number, geolocation, etc.
“Processing” means any operation performed on personal data including, but not limited to, collection, recording, storage, consultation, use, transmission, erasure, destruction, etc.
“Processor” means a natural or legal person, which processes personal data on behalf of the controller.
“Prospect” means someone the Sales and/or Marketing department contacts for targeted outreach based on information collected during an event, from a lead generation service, or from some other source.
“Reseller” means a company that has a partnership/agreement with the owner of the digital good or service and a license to sell the digital good or service.
“Seller” means the creator and/or owner of the intellectual property of the digital good or service.
“Visitor” means someone that goes to the website or an office.
3. RELATIONSHIPS
Depending on the context in which you interact with FastSpring, the FastSpring entity or entities involved and your relationship to those entities will vary.
3.1 RELATIONSHIP OF FASTSPRING ENTITIES
Bright Market, LLC dba FastSpring, 801 Garden St. #201, Santa Barbara, CA 93101, is the primary entity involved in processing your Personal Data.
Bright Market LLC dba FastSpring Limited located at 2 Minton Place, Victoria Road, Bicester, England, OX26 6QB, is a financial transaction processing entity allowing FastSpring to conduct business in the United Kingdom.
FastSpring B.V. located at Fred. Roeskestraat 115, 1076 EE Amsterdam, Netherlands, is a financial transaction processing entity allowing FastSpring to conduct business in the European Union.
SalesRight Technologies ULC dba FastSpring located at 5475 Spring Garden Road, Suite 600 Halifax, NS, B3J 3T2, Canada, is a financial transaction processing entity allowing FastSpring to conduct business in Canada as well as providing the interactive quotes portion of FastSpring’s service offerings.
3.2 RELATIONSHIP TO YOU
Depending upon your relationship with us, FastSpring operates as either a controller, joint controller, or processor of your Personal Data.
FastSpring acts as a Controller when FastSpring conducts processing activities on its own behalf such as for sales and marketing.
FastSpring is a Joint Controller with the Seller/Reseller when acting as a Merchant of Record for processing financial transactions related to the sale of digital goods and services. Additionally, FastSpring entities function as Joint Controllers in certain contexts to facilitate transfers of Personal Data.
FastSpring acts as a Processor when working on behalf of the Seller/Reseller providing a marketplace platform for the Seller/Reseller to market digital goods and/or services. In this context the Seller/Reseller is the Controller.
For additional information on the distinction between these roles, please see FastSpring’s Data Processing Agreement.
Any Personal Data collected by visiting this Website is controlled by Bright Market, LLC d/b/a FastSpring, 801 Garden Street, #201, Santa Barbara, CA 93101, United States of America.
4. GENERAL DISCLOSURES
The following portion of this Privacy Statement provides general information related to FastSpring’s processing of Personal Data. For additional region-specific information depending on your location, please see the “Additional Disclosures for Specific Laws/Regulations” Section below or click on the appropriate region listed here:
FastSpring collects and processes various categories of Personal Data. Depending on the context, FastSpring either collects Personal Data directly from you or from other sources.
5.1 PERSONAL DATA COLLECTED DIRECTLY FROM YOU
The Personal Data collected directly from you includes:
Category of Personal Data
Personal Data
Situation/Source
Identifiers
Name (First/Last), Signature/E-Signature, Mailing Address, Email Address, Telephone Number(s), IP Address, Driver’s License Number/Other Government Number (GST/VAT), Tax Exemption Status, Bank Account Numbers, Debit/Credit Card Number & Information, Customer Identification, Geolocation information
Purchase/Sale Information, Account/Mailing List Registration, Cookie, Web Beacon, Other Technologies, Transaction Details You Provide to Our Customer Service Teams, Marketing and Sales Activities
Internet or Other Similar Network Activity Information
Browsing History, Search History, Other Information Related to Our Consumer’s Interactions with Our Website, Application, and/or Advertisements, including (1) Buyer Usage Activities (adding/removing products from checkout; currency used for purchase) and Analytics, (2) Vendor Platform Usage Activities (submissions, clicks on navigation links, video usage and duration, page views, search requests, time spent on page, cursor movement, clicks on any “get support” or “sign up” buttons) and Analytics
Purchase/Sale Information, Cookie, Web Beacon, Other Technologies, Marketing and Sales Activities
Commercial Information
Records of Products or Services Purchased, Obtained, or Considered
Purchase/Sale Information
Geolocation Data
Location of the Individual and Device Used to Access Our Website
Purchase/Sale Information, Account/Mailing List Registration, Cookie, Web Beacon, Other Technologies
5.2 PERSONAL DATA COLLECTED FROM OTHER SOURCES
We may obtain information including Personal Data about you from sources other than directly from you such as from publicly available sources, Sellers/Resellers, or third parties. We may combine this information with Personal Data you provided to us.
Category of Personal Data
Personal Data
Situation/Source
Identifiers
Name (First/Last), Signature/E-Signature, Mailing Address, Email Address, Telephone Number(s), IP Address, Driver’s License Number/Other Government Number (GST/VAT), Tax Exemption Status, Bank Account Numbers, Debit/Credit Card Number & Information, Customer Identification, Geolocation information
Information We Receive from Vendors
Internet or Other Similar Network Activity
Browsing History, Search History, Other Information Related to Our Consumer’s Interactions with Our Website, Application, and/or Advertisements, including (1) Buyer Usage Activities (adding/removing products from checkout; currency used for purchase) and Analytics, (2) Vendor Platform Usage Activities (submissions, clicks on navigation links, video usage and duration, page views, search requests, time spent on page, cursor movement, clicks on any “get support” or “sign up” buttons) and Analytics
Third Party Sources
6. PURPOSES FOR PROCESSING PERSONAL DATA AND THE LEGAL BASES
FastSpring collects Personal Data of our Buyers, Sellers/Resellers, Prospects, and Visitors for specified, explicit purposes only and will not process this Personal Data in a manner that is incompatible with those purposes.
Your Personal Data will only be processed if such processing is based on one or more of the grounds listed in Section 6(1) of the European Union General Data Protection Regulation (“EU GDPR”) as outlined below:
Performance of a Contract with You. We will process your Personal Data if it is necessary in order to enter into or perform a contract with you. For example, we will process your payment information in order to complete your purchase/sales transaction.
Legitimate Interest. We will process your Personal Data if it is necessary for the purposes of FastSpring’s legitimate interests, except where FastSpring’s interests are overridden by your interests or fundamental rights and freedoms that require protection of your Personal Data. FastSpring’s legitimate interests in processing your Personal Data include: FastSpring’s prevention of fraud or misuse of services, IT and network security, marketing and advertising of products sold by FastSpring, enforcement of legal claims including debt collection via out-of-court procedures, and processing for marketing research purposes.
Consent. If you provide informed affirmative consent, we will process your Personal Data such as completing a purchase/sales transaction. You may withdraw your consent at any time. If you withdraw your consent after previously providing it, the effect will be related processing in the future, and you will be able to use our services and in particular order digital products or services on our Website. Where consent to the collection of Personal Data is revoked, we will stop processing that Personal Data. For further information or if you wish to withdraw your consent, please email us at [email protected].
Legal Obligation. We will process your Personal Data where we are under a legal obligation to do so, including tax compliance obligations.
We collect, process and store your Personal Data for the following purposes and rely on the following associated legal bases. The tables below are categorized by your relationship to us as either a Buyer, Seller/Reseller, or Visitor/Prospect, then additional information is provided under General Business.
Buyers
Purpose
Description
Legal Basis
Identity Verification
Process of confirming an individual is who he/she claims to be
Consent, Legal Obligations to verify ability to complete transaction
Complying with Legal and Regulatory Obligations
Confirming transaction is authorized under applicable laws including, but not limited to, checking sanctions list, unauthorized countries, and scam detection
Legal Obligations
Processing and documenting Purchase/Sales Transactions
Process of completing a transaction for the purchase of a digital good or service
Consent,Performance of a Contract, Legal Obligations
Processing Taxes
Collecting and remitting the necessary taxes based on regulatory obligations dependent on the applicable jurisdiction
Legal Obligations
Customer Service
Process of supporting and aiding customers prior to, during, and after of purchase transaction
Consent, Legitimate Interest in understanding and resolving any transactional questions or issues
Detecting Fraud
Process of analyzing and identifying suspicious activity or anomalies within financial transactions
Legal Obligations, Legitimate Intertest in the protection and integrity of the intent of the buyer
Understanding our customers
Trend analysis
Legitimate Interest in understanding behavioral patterns of customers
Surveys
Process of requesting feedback regarding your experience and satisfaction in your purchase/sales transaction conducted with us
Consent,Legitimate Interest in obtaining feedback and understanding regarding our customers’ experience and satisfaction related to purchase/sales transactions conducted with us
Sellers and Resellers
Processing Purpose
Description
Legal Basis
Account Setup
Process of onboarding seller/reseller
Consent, Performance of a Contract
Complying with Legal and Regulatory Obligations
Complying with requirements regarding what types of digital goods and services that can be sold within the marketplace and country specific requirements
Legal Obligations
Know Your Customer (KYC) / Anti-Money Laundering (AML)
Process of complying with legal obligations related to banks and countries
Legal Obligations
Processing Taxes
Collection of data to accurately report to the correct entity taxes or Value-Added Tax (“VAT”) as applicable under the law
Consent,Performance of a Contract,Legal Obligations
Processing and documenting Purchase/Sales Transactions
Remitting Proceeds to Seller
Remitting proceeds for a purchase/sales transaction for a digital good or service to the Seller
Performance of a Contract
Account Management
Account maintenance for the seller/reseller related to the marketplace
Consent,Performance of a Contract
Customer Service
Process of supporting and aiding customers
Consent, Performance of a Contract
Detecting Fraud
Process of analyzing and identifying suspicious activity or anomalies within financial transactions
Legal Obligations
Communications
Process of sending and receiving information such as via emails or phone calls
Consent,Performance of a Contract
Understanding our customers
Company demographics such as region differences, scopes, buying cycles, and seller verticals
Consent,Legitimate Interest in understanding the relevant markets customers operate in
Marketing
Process of creating awareness of and interest in our products and services
Legitimate Interest in marketing our products and services
Surveys
Process of requesting feedback regarding your experience and satisfaction in your interactions and relationship with us
Consent,Legitimate Interest in obtaining feedback and understanding regarding our customers’ experience and satisfaction in their interactions and relationship with us
Visitors and Prospects
Purpose
Description
Legal Basis
Personalizing web experience
Tailoring or customizing a user’s experience when interacting with our website such as through the use of cookies
Consent
Marketing
Process of creating awareness of and interest in our products and services
Consent,Legitimate Interest in marketing our products and services
Generating Leads
Process of identifying potential customers
Legitimate Interest in identifying potential customers for our products and services
Hosting Events/Conferences
Process of registering for and providing events and conferences that you may attend including sending related communications
Consent
Podcasting
Process of registering podcast participants for lead generation
Consent
Communications
Process of sending and receiving information such as via emails or phone calls
Consent, Legitimate Interest in providing and/or exchanging information or news relevant to the context in which you interact with us
Recording/Transcribing Calls
Process of capturing conversations with Prospects, Sellers/Resellers, and Buyers to improve sales and support performance, training, general note taking, and quality assurance purposes
Consent,Legitimate Interest in ensuring accuracy and quality assurance purposes
Registering Visitors
Process of an individual signing in at a physical office of FastSpring
Consent, Legitimate Interest in identifying individuals for security and authorization purposes
General Business
Purpose
Description
Legal Basis
Improving the quality and security of our Products/Services
Process of ensuring the use of our products/services meets or exceeds the expectations of our customers related to providing a secure and ease to use environment to conduct business and transactions
Legitimate Interest in providing and administering our products and services in a quality and secure manner
Improving the quality and security of our Website
Process of ensuring the use of our Website meets or exceeds expectations of our customers including related to content and ease of use as well as providing a secure environment to interact with us
Legitimate Interest in providing online content to our customers and potential customers regarding our products and services in a safe and secure environment.
Marketing Communications. We may send you email marketing communication about FastSpring products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with the consent requirements that are imposed by applicable law. You may opt out of receiving marketing communication at any time.
Our Use of Anonymous Information. We may use anonymous information (i.e., information that does not allow direct or indirect identification of the individual to whom such information relates) collected by us:
to personalize and support your use of this Ecommerce Engine, our services, and/or the services of our partners;
to improve this Ecommerce Engine, the customer experience, our advertising systems, and our products and services;
for fraud prevention purposes, such as device fingerprinting;
to identify actions or transactions as originating through an affiliate marketing or referral program;
to deliver targeted advertisements on this Ecommerce Engine and other Websites and/or ecommerce solutions;
to provide reporting to our current and prospective partners and service providers; and
for statistical or research and analysis purposes.
In addition, we may anonymize Personal Data by removing any information that identifies you permanently, and use the rest for the purposes set forth above.
7. COOKIES AND OTHER TRACKING TECHNOLOGIES.
A cookie is a commonly used automated data collection tool. Cookies are small text files that are placed on your computer or device by websites that you visit or HTML-formatted emails you open, in order to make websites work, or to work more efficiently. We may use cookies, web beacons, pixel tags or other similar technologies on our Website or emails for the following reasons:
Tailor information presented to you based on your browsing preferences, such as language and geographical region;
Collect statistics regarding your Website usage;
Provide us with information to support technical functionality of service, improve the Website experience and measure marketing effectiveness; and
In some cases, to enable a third party to deliver future advertising for our products and services to you when you visit certain websites owned by such third parties.
There are several different kinds of cookies, and should we be deploying cookies we (or a third party provider be deploying them in connection with our ecommerce activities) would be using one of the following common types of cookies, which may be persistent cookies or session cookies:
Strictly Necessary Cookies Strictly necessary cookies are required for our website to function properly and to provide users with a functional and elegant experience. As a result, you may not opt-out of this category of cookie. Information about how to block all cookies from loading in your browser can be found here: https://www.cookiesandyou.com/disable-cookies/, however this is not recommended as it will break many web experiences.
Functional Cookies support the features and user interface that you, the user, experience while browsing our website. For example, these cookies may be used when displaying our online chat feature, oranonymously analyzing site usage with metrics such as what pages get the most visits or which navigation links are clicked on most frequently. Depending on your geographic region you may be able to opt out of Functional Cookies, but some elements of our website may not function properly.
Media Partner Cookies are used to track the performance of FastSpring’s advertising efforts, and to improve the accuracy of ads that we place on external websites. For example, if you visit fastspring.com and then leave, a cookie may be used to show you an ad promoting FastSpring’s services on external websites. You may opt-out of these cookies by disabling the Media Partner cookie category with the toggle switch in the Cookie Preference center.
Performance & Analytics CookiesThese cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
Our Website includes a cookie banner allowing you to select whether to allow, you will typically find a hover button at the bottom of your screen. If in the future if you wish to receive cookies, you may be able to refuse them by adjusting your browser settings to reject cookies. If you do so, we may be unable to offer you some of our functionalities, services or support. If you have previously visited our Website, you may also have to delete any existing cookies from your browser.
For additional information regarding cookies and other tracking technologies, please refer to our Cookie Policy.
Do-Not-Track. There are different ways you can prevent tracking of your online activity. One of them is setting a preference in your browser that alerts websites you visit that you do not want them to collect certain information about you. This is referred to as a Do-Not-Track (“DNT”) signal. Please note that our Website may not recognize or take action in response to DNT signals from web browsers. At this time, there is no universally accepted standard for what a company should do when a DNT signal is detected. In the event a final standard is established, we will assess how to appropriately respond to these signals. For more detailed information about cookies, Do-Not-Track and other tracking technologies, please visit http://www.youronlinechoices.com.
Social Media Features and Widgets. Our Website may include social media features, such as Facebook’s “Like” button, and widgets, such as the “Share This” button. These features are usually recognizable by their third-party brand or logo and may collect your IP address, which page you are visiting on our Website, and set a cookie to enable the feature to work properly. Social media features and widgets are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policy of the company providing it. Currently, we use the features and widgets (“Plugins”) of Facebook, Google, Twitter, and LinkedIn offered by the companies Facebook Inc., Google Inc., Twitter Inc. and LinkedIn Corporation (“Providers”).
When you access our Website, which contains a Plugin, your browser establishes a direct connection with the servers of Facebook, Google, Twitter, and LinkedIn. The content of the Plugin is transferred by the respective Provider directly to your browser, which then integrates it into the Website. Integration of the Plugin allows the Provider to receive the information that you have accessed the respective Website even if you do not maintain a profile with that Provider or if you are not logged in at the moment. This information (including your IP address) will be transferred by your browser directly to the Provider in the U.S. and stored there. If you are logged in with one of the Providers’ services, they will be able to assign your visit on our Website to your profile with the respective Provider. If you interact with any of the Plugins, e.g. by pressing the ‟Like” or the ‟+1” button, this information will also be sent directly to the server of the Provider and stored there. The information will also be published in the social network on your respective account, e.g. Twitter, and displayed to your contacts there.
For more information on the purpose and extent of the data acquisition and how data are processed and used by the respective Provider as well as regarding your rights and optional settings to protect your privacy, please refer to the privacy policies of the respective Provider:
If you accept a session or persistent cookie, you can delete it at any time through your web browser (e.g., as soon as you leave our Ecommerce Engine). If you do not wish to receive cookies or wish to manage when you accept cookies in general, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. Although you are not required to accept our cookies, if you set your browser to reject cookies, you may not be able to use all of the features and functionality of this Ecommerce Engine.
We and our partners use third party service providers in connection with this Ecommerce Engine and our business to gather user metrics and usage data. These service providers may collect anonymous information about your visits to our Ecommerce Engine or to a Website, your interaction with our Ecommerce Engine or that Website, and the products and services offered by us, our partners and our suppliers through the use of cookies, pixel tags, JavaScript code or other web technologies. This information may be transferred to servers in the U.S. and stored there. We and our partners may use this anonymous information to provide targeted advertisements to you for goods and services, for marketing analysis, and for quality improvement purposes. Currently, we use the following web tracking services:
Google Analytics: Google Analytics is a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the Website analyze how users use the site. The information generated by the cookie about your use of the Website will normally be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymization, Google will shorten the IP address in EU Member States or other countries of the European Economic Area. Only in exceptional cases, the full IP address is sent to a Google server in the US and shortened there. On behalf of the Website provider Google will use this information for the purpose of evaluating your use of the Website, compiling reports on Website activity for Website operators and providing other services relating to Website activity and internet usage to the Website provider. Google will not associate the IP address transmitted by your browser with any other data stored by Google.
We may share your Personal Data in a limited number of circumstances, including with:
Our Partners. When we make products available for sale through an Ecommerce Engine, we are doing so as an independent ecommerce reseller of, or service provider for, the partner whose name and/or logo appears as part of the particular Ecommerce Engine. In connection with your purchase of a product or service through an online store we operate that is co-branded with our partner’s branding, we will provide certain of the Personal Data and/or anonymous information you provide in connection with your purchase to that partner for reporting purposes, to allow our partner or its service provider to register your purchase, to enable your access to products or services provided by our partner or its suppliers, to facilitate warranty, technical support or after-sales service, to allow our partner or its subcontractor to send communications to you if you have previously consented to receive them, to allow our partner or its service provider to provide services in connection with this Ecommerce Engine such as customer support or single sign-on functionality on this Ecommerce Engine and our partner’s Website, or for similar purposes in order to fulfill obligations to you. We may also provide certain of the Personal Data you provide in connection with your purchase to the publisher or manufacturer of a product you purchase, or operator of a service for which you purchase a service use right from us, if different than the partner whose name and/or logo appears on this Ecommerce Engine. The privacy policy of our partner, and of the publisher, manufacturer or operator of the product or service you purchase, will govern how that party uses and protects any of your Personal Data that we provide to them.
Our Service Providers or Processors. We use other companies, which may include but are not limited to present or future corporate affiliates, to provide joint services or certain services to us or on our behalf and help us to operate our business. We may share your information with our service providers in connection with their provision of services to us. We may also allow these companies to use anonymous information, and to use aggregated Personal Data on an anonymous basis (i.e., where the aggregated data cannot identify you personally), for their business purposes. We select our partners and service providers on the basis of their security and confidentiality commitments and their compliance with data protection laws.
To Comply With Legal Requirements, Cooperate With Law Enforcement, Prevent Fraud and Other Crimes, and Protect Legal Rights, Ecommerce Engine, You and Others. To the extent not expressly prohibited by applicable law, we may disclose Personal Data we collect on this Ecommerce Engine without notifying you when we, in good faith, believe disclosure is appropriate: (a) to comply with the law or a regulatory requirement; (b) to comply with governmental, administrative or judicial process, requirement or order, such as a subpoena or court order; (c) to cooperate with law enforcement or other governmental investigations (without necessarily requiring the law enforcement or government agency requesting the information to formally serve us with a subpoena); (d) to prevent or investigate a possible crime, such as fraud or identity theft; (e) to enforce a contract; to protect the legal rights, property or safety of FastSpring, its corporate affiliates, and their respective employees, clients and partners and agents, other users or the public in general; or (f) to protect your vital interests if determined necessary by us. In addition, we may review our server logs for security purposes, such as detecting intrusions into our network. If we suspect criminal activity, we may share our server logs – which contain visitors’ IP addresses – with the appropriate investigative authorities who may use that information to trace and identify individuals. We also reserve the right to report to appropriate law enforcement or government agencies any activities that we, in good faith, believe are or may be in violation of applicable laws, rules or regulations without providing notice to you. We are subject to the investigation and enforcement powers of the Federal Trade Commission (FTC). We may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In Connection With Corporate Events/Transitions. If one of our corporate affiliates or a third party has acquired our business, specific assets or the business of one of our operating divisions through which you have provided information to us, for example, as the result of a sale, merger, reorganization, insolvency, dissolution or liquidation, your Personal Data may become owned by that company in compliance with applicable data protection laws. In that event, the acquiring company’s use of your Personal Data will still be subject to this Privacy Statement, any applicable Supplemental Privacy Notices, and the privacy preferences you have expressed to us.
We do not sell your Personal Data.
9. SECURITY OF YOUR PERSONAL DATA
We are committed to keeping your Personal Data secure. We have implemented physical, technical and administrative safeguards reasonably designed to protect your Personal Data from unauthorized access and disclosure. When we collect or transmit sensitive information such as a financial account number, we use industry standard methods to protect that information. We encrypt Personal Data whenever possible and otherwise restrict access to Personal Data to those employees and individuals with a need to know that information. It is important that you understand, however, that no Ecommerce Engine, Website, database or system is completely secure or “hacker proof.” You are also responsible for taking reasonable steps to protect your Personal Data against unauthorized disclosure or misuse, for example, by protecting your password. Different countries have different privacy laws and requirements. Please know, however, that no matter where your Personal Data is collected, used, transferred or stored, if it was collected through this Ecommerce Engine, it will be protected by us in accordance with the terms of this Privacy Statement, any Supplemental Privacy Notices that apply to you, and applicable data protection laws.
10. DATA RETENTION
We will retain your Personal Data only for as long as necessary to fulfill the purposes for which we have collected it. To determine the appropriate retention period, we consider the amount, nature and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means and the applicable legal requirements. We will also retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes and enforce our policies. If you stop using our services or if you delete your account with us, we will delete your information in accordance with applicable laws.
11. YOUR RIGHTS & CHOICES WITH RESPECT TO YOUR PERSONAL DATA
Your Rights
We provide everyone the right to update or correct Personal Data regarding himself/herself by contacting us by using the information in the How to Contact Us section below. Also, everyone has the right to opt-out of marketing communications as discussed below under Opting-Out. Additionally, based upon where you reside, certain choices and rights with regards to your Personal Data may be available to you or your authorized agent under applicable data protection laws. For Additional information regarding our rights under the EU GDPR, the Japan Act on the Protection of Personal Information (“APPI”), or the California Consumer Privacy Act/California Privacy Rights Act (“CCPA/CPRA”) as applicable to you based on your location, please refer to the Additional Disclosures for Specific Laws/Regulations section below.
If you contact us, we may, for your protection, ask you for additional information to verify your identity. We will facilitate you in exercising your rights as a Data Subject to the full extent possible. We reserve the right, however, to limit or deny your request to the extent permitted by applicable law such as if the disclosure may lead to a breach of applicable law or regulation, in case of a legal obligation to retain certain data, or if you have failed to provide sufficient evidence to verify your identity.
Opting Out
FastSpring respects your right to make choices about the ways we collect, use, and disclose information about you. We ask you to indicate your choices at the time, and on the page, where you provide your Personal Data. When you provide Personal Data, we may offer you a choice as to whether you would like to receive further communications from us and/or from our partners via a box to check, such as communications related to updates, upgrades, special offers and pricing. You have the right to withdraw your consent at any time. If you decide you no longer want to receive marketing messages from us, you may let us know by e-mailing us at [email protected] or by following any unsubscribe link in our e-mails; please specify which consent you are revoking in your e-mail to us. Please note, however, if you give us permission to add your contact information to our partner’s mailing list and later withdraw your permission, you will have to contact our partner (or use the “opt-out” provided in the e-mails our partner sends you) to have your name removed from our partner’s mailing lists.
12. LINKS TO THIRD PARTY WEBSITES
FastSpring’s Website provides links to third-party web sites, which are not under the control of FastSpring. FastSpring makes no representations about third-party web sites. When you access a non-FastSpring website, you do so at your own risk. FastSpring is not responsible for the reliability of any data, opinions, advice, or statements made on third-party sites. FastSpring provides these links merely as a convenience. The inclusion of such links does not imply that FastSpring endorses, recommends, or accepts any responsibility for the content of such sites.
13. CHILDREN’S PRIVACY
This Ecommerce Engine and our services are not directed at nor targeted to children under the age of 16. If you have not reached the age of 16 or are not able to enter into legally binding agreements in your country, you may not use this Ecommerce Engine unless supervised by an adult. Our goal is to comply with applicable laws and regulations relating to collection and use of information from children as such terms are defined by applicable laws. If you believe that we have received information from a child or other person protected under such laws, please notify us immediately by postal mail addressed to FastSpring’s Privacy Department, 801 Garden Street #201, Santa Barbara, CA 93101, United States of America or by e-mail at [email protected], and we will take reasonable steps to remove that information from our databases.
14. CHANGES TO THIS PRIVACY STATEMENT
We may occasionally update this Privacy Statement. These updates may reflect, among other things, changes in applicable laws, rules or regulations, changes in our data collection practices, and/or changes to our business or services. If revisions to the Privacy Statement materially affect how we may use Personal Data collected from you prior to the date of the revised statement, then we will request that you opt-in to the revised Privacy Statement via a checkbox for each new order/purchase. We will post an updated version of this Privacy Statement on the Ecommerce Engine with a revised effective date, to let you know that we updated the Privacy Statement.
15. HOW TO CONTACT US
If you have any questions, comments, or concerns regarding this Privacy Statement or our privacy practices, have privacy-related questions not answered online, or if you would like to exercise any of your rights outlined in this Privacy Statement you may contact us by any of the following means:
Mail: You may contact us by postal mail addressed to Bright Market, LLC d/b/a FastSpring, ATTN: Privacy Department, 801 Garden Street, #201, Santa Barbara, CA 93101, United States of America.
Email: You may contact us by e-mail at [email protected]. Please specify “Global Privacy Request” in the subject line to help us to expedite our review of your e-mail.
16. ADDITIONAL DISCLOSURES FOR SPECIFIC LAWS/REGULATIONS
The following sections provide region/jurisdiction specific disclosures.
16.1 ADDITIONAL DISCLOSURES FOR THE EU GDPR
There are no cases where FastSpring makes decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you.
FastSpring requires certain Personal Data in order to verify, secure, and process a purchase/sales transaction for a digital good. If the necessary Personal Data is not provided in order complete the transaction, then you will not be able to purchase the digital good. Under no circumstances are you obliged to provide Personal Data that you do not want to for a statutory or contractual requirement. You simply will not be able to purchase the digital good desired and/or certain functionality on the website may not be available to you.
RIGHTS
Right of Access: A Data Subject has the right to obtain from the Controller confirmation as to whether Personal Data concerning the Data Subject is being processed by the Controller, and where it is the case, access to the Personal Data as well as information regarding the processing of the Data Subject’s Personal Data.
Right to Rectification: A Data Subject has the right to obtain from the controller without undue delay the correction or updating of inaccurate, incomplete or out of date Personal Data regarding the Data Subject.
Right to Erasure (“Right to be Forgotten”): A Data Subject has the right to obtain from the Controller without undue delay the deletion of Personal Data regarding the Data Subject in certain circumstances as provided by the GDPR.
Right to Restriction of Processing: A Data Subject has the right to obtain from the Controller restriction of the processing of the Data Subject’s Personal Data in certain circumstances as provided by the GDPR.
Right to Data Portability: A Data Subject has the right to receive the Personal Data concerning the Data Subject provided to a controller in a structured, commonly used and machine-readable format, and a Data Subject has the right to have the Data Subject’s Personal Data transmitted to another Controller where technically feasible and in certain circumstances as provided by the GDPR.
Right to Object: A Data Subject has the right to object to the processing of the Data Subject’s Personal Data on grounds relating to the Data Subject’s situation at any time where the processing of the Data Subject’s Personal Data is based on legitimate interest of performance of a task carried out in the public interest unless the Controller demonstrates compelling grounds for the processing which override the interests, rights and freedoms of the Data Subject, or for legal reasons such as the establishment, exercise or defense or legal claims.
Right to Object to Direct Marketing: A Data Subject has the right to opt out of the processing of the Data Subject’s Personal Data for direct marketing purposes.
Right to Withdraw Consent: A Data Subject has the right to withdraw consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
Right to Lodge a Complaint with a Supervisory Authority: A Data Subject has the right to lodge a complaint with a supervisory authority. A supervisory authority is an independent public authority established by a Member State of the European Union.
HOW TO EXERCISE YOUR RIGHTS
If you have any questions regarding or would like to exercise any of your rights outlined in this Privacy Statement you may contact us by any of the following means:
Mail: You may contact us by postal mail addressed to Bright Market, LLC d/b/a FastSpring, ATTN: Privacy Department, 801 Garden Street, #201, Santa Barbara, CA 93101, United States of America.
Additionally, if you would like to opt out of receiving marketing communications, you can email [email protected] or by following any unsubscribe link in our e-mails.
16.2 ADDITIONAL DISCLOSURES FOR CCPA/CPRA
Access Request Rights
You have the right to request that we provide to you the following information about our collection and use of your personal information: 1. The categories of Personal Information we have collected about you. 2. The categories of sources for the Personal Information we have collected about you (e.g., use of cookies, third party, etc.). 3. Our business or commercial purpose for collecting that Personal Information. 4. The categories of third parties with whom we share or have shared that Personal Information. 5. The specific pieces of Personal Information we collected about you (also called a data portability request), and 6. Information regarding any disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
Deletion, Rectification and Restriction Request Rights
You have the right to request that we delete, restrict or, if you believe that our processing of your Personal Information is incorrect or inaccurate, change any of the Personal Information collected from you and retained, subject to certain exceptions. Once your verifiable consumer request is confirmed, we will delete, restrict, or change, as the case may be, and direct our service providers to delete, restrict, or change your Personal Information. Your request to delete the Personal Information collected may be denied if it is necessary for us to retain your information under one or more of the exceptions listed in the GDPR or CCPA.
Data Portability Rights
In some cases, you may receive your Personal Information provided by yourself in a structured, commonly used and machine-readable format.
Right to Object
Where we process your Personal Information based on a “legitimate interest”, you may have the legal right to object to the processing of your Personal Information.
Right to Revoke Consent
Where we process Personal Information based on your consent, you have the right to revoke such consent at any given time.
Post-mortem Right to Privacy
If you are located in EEA, you have the right to set instructions regarding the storage, deletion or communication of your Personal Information after your death.
Right to Complaint
You have the legal right to lodge a complaint with the competent authority.
When you visit, buy, or sell via our Website, we may capture the following information about you:
Categories of Personal Information Collected
Specific Personal Information
Source of Personal Information
Purpose of Collection
Legal Grounds for Collection
Identifiers
Sellers and BuyersName (First/Last), Signature/E-Signature, Mailing Address, Email Address, Telephone Number(s), IP Address, Driver’s License Number/Other Government Number (GST/VAT), Tax Exemption Status, Bank Account Numbers, Debit/Credit Card Number & Information, Customer Identification.
Purchase/Sale Information, Account/Mailing List Registration, Cookie, Web Beacon, Other Technologies, Transaction Details You Provide to Our Customer Service Teams, Information We Receive from Vendors.
Complete Purchase/Sales Transactions, Customer Service Issues (seller marketplace and buyer transaction), Marketing, Legal and Regulatory Obligations
Consent, Necessary for Performance of Contract, Compliance with Legal Obligation, Legitimate Interest.
Internet or Other Similar Network Activity
Browsing History, Search History, Other Information Related to Our Consumer’s Interactions with Our Website, Application, and/or Advertisements, including (1) Buyer Usage Activities (adding/removing products from checkout; currency used for purchase) and Analytics, (2) Vendor Platform Usage Activities (submissions, clicks on navigation links, video usage and duration, page views, search requests, time spent on page, cursor movement, clicks on any “get support” or “sign up” buttons) and Analytics.
Purchase/Sale Information, Cookie, Web Beacon, Other Technologies, Third Party Sources.
Complete Purchase/Sale Transactions, Marketing, Understand Our Customers, Improve Our Products/Usage and Data Analytics.
Consent, Necessary for Performance of Contract, Compliance with Legal Obligation, Legitimate Interest.
Commercial Information
Records of Products or Services Purchased, Obtained, or Considered.
Purchase/Sale Information.
Complete Purchase/Sale Transactions.
Consent, Necessary for Performance of Contract, Compliance with Legal Obligation, Legitimate Interest.
Geolocation Data
Location of the Individual and Device Used to Access Our Website.
Purchase/Sale Information, Account/Mailing List Registration, Cookie, Web Beacon, Other Technologies.
Complete Purchase/Sale Transactions, Marketing, Legal and Regulatory Obligations.
Consent, Necessary for Performance of Contract, Compliance with Legal Obligation, Legitimate Interest.
16.3 ADDITIONAL DISCLOSURES FOR APPI
If you are located in Japan, your Personal Data is protected under the APPI. The APPI requires us to ensure that we have specified as much as possible the purpose for which we use your Personal Data. Please refer to the Purposes for Processing Personal Data and the Legal Basessection above for purposes for which we use your Personal Data. Your Personal Data will not be used beyond the scope necessary for achieving the purposes specified in this Policy without your prior consent. Any alteration of the purpose of use will be notified to you or publicly disclosed and will not go beyond what can be appreciably linked to the original purpose. Subject to limited exceptions under the APPI, we will not collect your sensitive information without obtaining your prior consent to do so.
Right to be Informed: Businesses handling Personal Data must make certain information available to data subjects including the name and address of the business handling Personal Data, the purpose of use of all Personal Data the business holds, how data subjects can exercise their rights, and security measures the business takes for handling Personal Data.
Right of Access: A Data Subject has the right to obtain from the business the Personal Data that the business holds on the Data Subject.
Right to Correction, Addition, or Deletion: If the Personal Data a business holds is not correct, a Data Subject has the right to request that the business handling the Personal Data make a correction, addition, or deletion.
Right Cessation of Use/Erasure: A Data Subject may request that a business handling their Personal Data ceases to use or deletes that Personal Data if the Personal Data is being handled in violation of Articles 18 or 19 or has been obtained in violation of Article 20.
Right to Stop Third-Party Provision: A Data Subject may request that a business handling Personal Data ceases to provide a third party with the Personal Data if the Personal Data the business holds is being provided to a third party in violation of Articles 27 or 28.
Explanation of Reasons: If a business handling Personal Data notifies a Data Subject that it will not take all or part of the measures which the Data Subject has requested that the business take, or that it will take different measures, the business must endeavor to explain its reasons for this to the Data Subject.
HOW TO EXERCISE YOUR RIGHTS
If you have any questions regarding or would like to exercise any of your rights outlined in this Privacy Statement you may contact us by any of the following means:
Mail: You may contact us by postal mail addressed to Bright Market, LLC d/b/a FastSpring, ATTN: Privacy Department, 801 Garden Street, #201, Santa Barbara, CA 93101, United States of America.
Additionally, if you would like to opt out of receiving marketing communications, you can email [email protected] or by following any unsubscribe link in our e-mails.
Buyer Support
Seller Support
