Privacy Policy

 

Versions: April 13, 2021 (current)

LAST UPDATED: April 13, 2021

 

1. Introduction

This Privacy Policy specifically applies to the services, websites and apps branded as SpreadCtrl offered by Azonic Lab Ltd. (“Azonic Lab”), except where otherwise noted. We refer to those services, websites, and apps collectively as the “Services” or “SpreadCtrl Services” in this policy.

References to "data" in this Privacy Policy will refer to whatever data you use our Services to collect, whether it be questionnaire responses, data collected for booking worksite, or data inserted on a site hosted by us – it’s all your data! Reference to personal information or just information, means information about you personally that we collect or for which we act as custodian.

If you want to identify your data controller please see the “Who is my data controller” section below.

 

2. Information we collect

2.1 Who are “you”?

We refer to “you” a lot in this Privacy Policy. To better understand what information is most relevant to you, see the following useful definitions.

Manager

You hold a Manager Account within the SpreadCtrl Services and you directly create health screening questionnaires, review health screening responses and work passes, create worksite location codes, manage worksite occupancy limit, perform contact tracing, manage Staff Accounts, and manage billing within an organization account.

Staff

You have been invited by a Manager through email and signed up for a Staff Account within the SpreadCtrl Services and agreed to take health screening questionnaire, book your onsite days, report your lab test and vaccination status through the web applications powered by SpreadCtrl on behalf of Managers. We deal with Staffs in an entirely separate section of our Privacy Policy, which you can read here.

Visitor

You have been instructed by a Manager or a Staff to sign up as a visitor within the SpreadCtrl Services and agreed to take health screening questionnaire through the web application powered by SpreadCtrl on behalf of Managers before entering the worksite of an organization. We deal with visitors as staffs with limited access to SpreadCtrl Services (i.e. A Staff account with access to the health screening application only) Please refer to the Staff section of our Privacy Policy for details.

 

Website Visitor

You are just visiting our website because you are curious, or you have heard about us from our marketing and sales channels!

 

2.2 Information we collect about you.

Contact Information (for example name or email address).

You might provide us with your contact information, whether through use of our Services, a form on our website, an interaction with our sales or customer support team, or a response to one of SpreadCtrl’s own surveys.

Usage information.

We collect usage information about you whenever you interact with our websites and Services. This includes which webpages you visit, what you click on, when you perform those actions, what language preference you have, what you buy and so on.

Device and browser data.

We collect information from the device and application you use to access our Services. Device data mainly means your IP address, operating system version, device type, device ID/MAC address, system and performance information, and browser type. If you are on a mobile device, we also collect the UUID for that device.

Information from page tags.

We use first party and third-party cookies and tracking services that employ cookies and page tags (also known as web beacons) to collect data about visitors to our websites. This data includes usage and user statistics. Emails sent by SpreadCtrl or by users through our Services also include page tags that allow the sender to collect information about who opened those emails and clicked on links in them. We provide more information on cookies below and in our Cookies Policy.

Log Data.

Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.

Referral information.

If you arrive at a SpreadCtrl website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.

Information from third parties and integration partners.

We collect your personal information from third parties where, for example, you give permission to those third parties to share your information with us or where you have made that information publicly available online.

Registration information.

You need a SpreadCtrl Manager Account before you can use SpreadCtrl Services. When you register for an account, we collect your first and last name, username, password and email address.

 

If you are a Manager, we may also collect:

Billing information.

If you make a payment to Azonic Lab to purchase the SpreadCtrl Services, we require you to provide your billing details, a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number).

Account settings.

You can set various preferences and personal details on pages like your account settings page.

Use of some of our Services will also result in us collecting the following data on your behalf:

Staff email addresses.

We allow you to import email addresses into Accounts page Invitations section so you can easily invite Staffs to sign up for our Services. We do not use this data for our own purposes or contact anyone, except at your direction.

Survey/form/application data.

We store your survey/form/application data (questions and responses) for you and provide analysis tools for you to use with respect to this data.

Profile information.

When you sign up for our Services you are asked to provide us with information about yourself and to give us more detailed insights into who you are.

 

3. How we use the information we collect

3.1 Manager

We process personal data about you either with your consent or in order to:

In each of the instances where we describe how we use your data in this privacy policy, we have identified which of these grounds for processing we are relying upon.

You have consented to us using certain types of tracking and third-party cookies on our websites. In particular:

3.1.1 Cookies and Similar technology.

We or third-party data and advertising platforms that we work with may use or combine multiple technologies, such as cookies, page tags, mobile identifiers and IP addresses to infer users’ common identities across different Services and multiple devices such as tablets, browsers, and mobile phones. We may do so, for instance, to tailor ads to users, to enable us to determine the success of our advertising campaigns and to improve upon them. These third-party data and advertising platforms may sometimes use data that we provide to them in order to improve their technologies and their ability to match common devices to users.

We process your personal information in the following categories of data for legitimate interests pursued by us, which are described in detail in this Privacy Policy. We have undertaken to ensure that we place clear limitations on each of these uses so that your privacy is respected and only the information necessary to achieve these legitimate aims is used. Our primary goal is to improve upon and make sure our Services and messaging are relevant for all our users, while also ensuring that personal information of all users is respected and protected.

3.1.2 Contact Information.

We use contact information to respond to your inquiries, send you information as part of the Services, and send you marketing information (for as long as you do not opt-out).

3.1.3 How you use our Services.

We use information about how you use our Services to improve our Services for you and all users.

3.1.4 Device and browser data.

We use device data both to troubleshoot problems with our service and to make improvements to it. We also infer your geographic location based on your IP address.

3.1.5 Log data.

We use log data for many different business purposes to include:

3.1.6 Service and Marketing uses.

Profiling. We use the information we hold about you to create a user profile, which will help us to make our sales and marketing efforts more relevant to you and to personalize and improve your service experience.

Machine learning. We use machine learning techniques on certain data in order to provide users with useful statistics and more relevant insights from the data they have collected using our Services and to optimize our marketing campaigns and for fraud detection.

To manage our Services, we will also internally use your information and data, for the following limited purposes:

We collect and use the following on the basis that we have to use this information in order to fulfill our contract with you:

3.1.7 Your Account Information.

We need to use your account information to run your account, provide you with Services, bill you for our Services, provide you with customer support, and contact you about your service or account. We occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our Services or policies, a welcome email when you first register). You cannot opt out of these communications since they are required to provide our Services to you.

3.1.8 Your Profile.

We process other aspects of your account information for legitimate interests like providing you with a personalized experience and relevant and useful marketing information as well as to make other product, feature and service recommendations to you and your organization to optimize the use of the Services we offer.

3.1.9 Data Collected from Using Services

We use data collected from using SpreadCtrl Services on an aggregated and anonymized basis as described in this Privacy Policy. We will never sell these data or identify / contact individual staffs except on your request or where required by law.

The data impacted by this section includes:

SpreadCtrl will use automated processes and machine learning, to analyze these data, for our legitimate interests as described below:

Aggregate data and activity:

We will aggregate activities and behaviors of Managers so that we can identify trends, build product features that optimize responses, make product recommendations and provide guidance on which products and services work best in different scenarios.

Extract and analyze usage patterns:

By understanding these data and manager interaction in different types of applications we can:

 

3.2 Staff

We process your personal information in the following categories of data for legitimate interests pursued by us, which are described in detail in this Privacy Policy. We have undertaken to ensure that we place clear limitations on each of these uses so that your privacy is respected and only the information necessary to achieve these legitimate aims is used. Our primary goal is to improve upon and make sure our Services and messaging are relevant for all our users, while also ensuring that personal information of all users is respected and protected.

3.2.1 Cookies (to include page tags).

We collect information using cookies when you use SpreadCtrl Services. These cookies are used to ensure that the full functionality of our Services is operational, to ensure the applications operate appropriately and optimally.

3.2.2 Contact Information.

We use contact information, which uploaded by your Manager or submitted by you, to send you information as part of the Services and respond to your inquiries.

3.2.3 How you use our Services

We use information about how you use our Services to improve our Services for you and all users.

3.2.4 Device and browser data.

We use device data both to troubleshoot problems with our service and to make improvements to it. We also infer your geographic location based on your IP address.

3.2.5 Log data.

We use log data for many different business purposes to include:

3.2.6 Machine learning.

We will use machine learning techniques on data collected from staff interaction, and cookie data, in order to provide Managers with useful and relevant insights from the data they have collected using our Services, to build features, improve our Services, for fraud detection and to develop aggregated data products.

To manage our Services, we will also internally use your information and data, for the following limited purposes:

3.2.7 Data Collected from Using Services

In general, the data collected from you using SpreadCtrl Services are controlled and managed by the Manger (the person who sent you the registration invitation). In those instances, SpreadCtrl is only processing those data on behalf of the Manager.

When we do analysis of those data collected from using SpreadCtrl Services, we only do so once we have ensured the anonymity of individual users (by aggregating and anonymizing the data).

Our goal is to improve the user experience across SpreadCtrl Services while maintaining the confidentiality and privacy of users.

The data impacted by this section includes:

SpreadCtrl will use automated processes and machine learning, to analyze these data, for our legitimate interests as described below:

Aggregate data and activity:

We will aggregate responses, activities and behaviors of Staffs so that we can identify trends, build product features that optimize responses, make product recommendations and provide guidance on which products and services work best in different scenarios.

Extract and analyze usage patterns:

By understanding these data and staff interaction in different types of applications we can:

 

3.3 Website Visitor

We process personal data about you where:

In each of the instances where we describe how we use your data in this Privacy Policy, we have identified which of these grounds for processing we are relying upon.

When you have consented or we have a legitimate basis for doing so, we collect and use the following information about you:

3.3.1 Contact Information.

We use contact information to respond to your inquiries or send you information about our Services, (either where you have agreed to this at the point of providing your information or where you operate in a business which may be interested in our Services and for as long as you do not opt-out).

3.3.2 Cookies and similar technology.

We or third-party data and advertising platforms that we work with may use or combine multiple technologies, such as cookies, page tags, mobile identifiers and IP addresses to infer users’ common identities across different Services and multiple devices such as tablets, browsers, and mobile phones. We may do so, for instance, to tailor ads to users, to enable us to determine the success of our advertising campaigns and to improve upon them. These third-party data and advertising platforms may sometimes use data that we provide to them in order to improve their technologies and their ability to match common devices to users.

As a result of the above data we collect, we also carry out the following processing for legitimate business interests pursued by us:

3.3.3 Profiling.

We use the information we hold about you to create a user profile, which will help us to make our sales and marketing efforts more relevant to you and to personalize and improve our marketing/sales campaigns and website experience.

3.3.4 Machine learning.

We use machine learning techniques on certain data in order to optimize our marketing campaigns.

We process your personal information in the following categories of data for legitimate interests pursued by us, which are described in detail in this Privacy Policy. We have undertaken to ensure that we place clear limitations on each of these uses so that your privacy is respected and only the information necessary to achieve these legitimate aims is used. Our primary goal is to improve upon and make sure our Services and messaging are relevant for all our users, while also ensuring that personal information of all users is respected and protected.

3.3.5 Device data.

We use device data both to troubleshoot problems with our service and to make improvements to it. We also infer your geographic location based on your IP address.

3.3.6 How you use our Services.

We use information about how you have interacted with our websites to improve our website Services for you and all users.

3.3.7 Log data.

We use log data for many different business purposes to include:

To manage our Services, we will also internally use your information and data, for the following limited purposes:

In some cases, as a former website visitor, we may not have any personal information about you (for example if you have not interacted with our site or have cleared your cookies).

 

4. Information we share

We do not share your information or data with third parties outside SpreadCtrl except in the following limited circumstances:

If you are a Staff that is part of a team plan using SpreadCtrl, your account information and data will be shared with the Manager(s). Your Manager(s) will be able to view your account data, terminate your account or restrict your settings. Please refer to your organization’s internal policies if you have questions about this.

To help us provide certain aspects of our Services, we use our affiliates and trusted key partners – in particular, we engage third parties to:

We also may have to share information or data in order to:

 

6. Cookies

We and our partners use cookies and similar technologies on our websites. We use certain cookies that you agree to when you use our sites and, in the case of some cookies, for legitimate interests of delivering and optimizing our Services (where the cookie delivers essential functionality). Cookies are small bits of data we store on the device you use to access our Services so we can recognize repeat users. Each cookie expires after a certain period of time, depending on what we use it for. We use cookies and similar technologies for several reasons:

You can choose to remove or disable cookies via your browser settings.

 

7. Security

SpreadCtrl Services are hosted on Amazon Web Services (“AWS”) cloud infrastructure, which enables us to deliver highly scalable, available and fault-tolerant services.  Our application architecture has been designed to leverage AWS’s strong geo-redundancy, replication, and recovery options, and follows AWS’s recommended best practices and processes. Point in time backups are also automatically executed daily for database and general file storage.

Our server instances run behind AWS’s comprehensive firewall and load balancing solution.  Inbound connections from both the Internet and remote management ports are blocked by default, with access tightly restricted to legitimate protocol and traffic only. All firewall configurations are version controlled and peer-reviewed as part of our standard change management processes.

Backend access to databases, storage accounts and server instances is restricted to qualified SpreadCtrl team members only, with all actions performed using AWS provided management tools across SSL secured connections.

All apps, web browser and REST API interactions with the platform occur using 256 bit SSL/TLS encryption (HTTPS protocol).  Users are required to log in with an email and password, and their login and access activity is recorded.  API access is authenticated against a platform generated 32 character secret key token. Passwords stored on SpreadCtrl servers are always encrypted according to industry standard practices. When a user account is terminated or deactivated, a wipe of server data is executed when/if the user next attempts to access the web app.

 

8. Data Retention

If you hold an account with SpreadCtrl we do not delete the data in your account – you are responsible for and control the time periods for which you retain this data. There are controls in your account where you can delete data at the account level (all data in your account). If you are a Staff, you will need to ask the Manager how long your data will be stored in SpreadCtrl Services.

 

9. Safety of Minors

Our Services are not intended for and may not be used by minors. “Minors” are individuals under the age of 18. SpreadCtrl does not knowingly collect personal data from Minors or allow them to register. If it comes to our attention that we have collected personal data from a Minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact customer support.

 

10. Changes to our Privacy Policy

We can make changes to this Privacy Policy from time to time. We will identify the changes we have made on this page. In circumstances where a change will materially change the way in which we collect or use your personal information or data, we will send a notice of this change to all of our account holders.

 

11. Who is my data controller?

As mentioned above – all data collected at an individual level is controlled by the Manager. SpreadCtrl can be a data controller of data about Staffs only in the very limited ways described in the section here called “How we use the information we collect - Staff”.

 

12. Your rights

You may wish to exercise a right to obtain information about yourself or to correct, update or delete that information. For more information about these rights you can read about it here. Some of these rights may be subject to some exceptions or limitations in local law.

Manager

Where you hold an account with any SpreadCtrl Service, you are entitled to a copy of all personal data which we hold in relation to you. You also may be entitled to request that we restrict how we use your data or object to some aspect of our treatment of your data. You can access a lot of your data in your own account when you log in.

By way of reminder, SpreadCtrl also enables you to export your own staffs data from our system so that you can back it up.

Staff

Where you have been invited to sign up for SpreadCtrl Services sent to you by a Manager, and agreed to use SpreadCtrl Services, you will need to reach out directly to that individual or organization to discuss managing, deleting, accessing, restricting access to or otherwise withdrawing consent for use of, the information which you provided to them when you use SpreadCtrl Services. We does not control your data and, accordingly, is not in a position to directly handle these requests in relation to that data. If you are having difficulties finding this Manager or if you have any other questions after reading this Privacy Policy, you can contact us through our support team and we will try our best to help you.

Website Visitor

Where you have visited our website and you want to exercise any of the above rights please contact our support team here. Alternatively, if your request is for the right to be forgotten as it relates only to our use of cookies you can achieve this by clearing the cookies in your browser settings.

 

13. Exercising your rights

Except as explicitly provided herein, please use the following Contact Information for Privacy Inquiries:

info@spreadcontrl.com