Effective Date: January 1, 2023
Collecting Personal Information
We collect personal information from you when you actively share it with us (such as during account creation) and when you provide it to us passively through use of our Services. We collect personal information from our service provider when you choose to connect your bank account to transfer money. We also collect certain categories of personal information listed below from you when you choose to sync a non-Spence Labs account/service with your Spence Labs account (through the services of our third party provider, Yodlee, discussed below in more detail). We use this information for a variety of business reasons as indicated in the chart below. Please note that the type of Personal Information collected may vary depending on the nature of your interactions with us.
|Category of Personal Information and Specific Pieces Collected||Categories of Sources from which Personal Information Collected||Purposes for Collection / Use||Categories of Third Parties to Which Disclosed|
Personal Information that includes real name, alias, postal address, unique personal identifier, online identifier, IP address, cookies that identify, email address, account name, search terms, what kinds of products you view, type of browser, time zone, or other similar identifiers.
Personal Information that reveals a consumer’s account log in, financial account, payment information, billing address, debit card, or credit card number in combination with any required security or access code, password or credentials allowing access to an account used to submit orders and perform transactions on or through the Services
|Internet or other electronic network activity information
This includes browsing history, search history, and information regarding a consumer’s interaction with an internet website, application or advertisement
|Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||
|Sensitive Personal Information
We collect Sensitive Personal Information that includes your account log-in, bank account information, debit card, or credit card number
Please note that if you do not consent to the collection of geolocation information, certain Services will not function properly and you will not be able to use those Services.
Third Party Accounts
Deidentified or Aggregated Data
Sharing Personal Information
Notice Regarding “Do Not Track” Signals
At this time, the Services are not able to respond to Do Not Track (DNT) signals.
Third Party Services
We use certain safeguards that are designed to maintain the integrity and security of personal information that we collect. Despite our efforts, please be aware that no security measures are perfect or impenetrable and thus we cannot and do not guarantee the security of your data.
How You Can Access or Change Your Personal Information or Deactivate Your Account
You can review and update your personal information or deactivate your account in your user profile at any time by logging into your account. For users of the Spence Labs website without a user account, You may exercise any of your data rights afforded to you under applicable privacy laws by contacting us at [email protected] or by using the contact information below. You may opt-out of receiving promotional email communications from us by following the unsubscribe options on such communications. Your personal information may persist in historical or archived copies if needed for legal or other legitimate business reasons.
Like many websites, we also use analytics software to collect information about your use of our Services. We collect analytics internally from our Services’ content management system to track your IP address and the various pages of our Services that you visit and the information about your visit.
This software sets cookies and may also read preexisting cookies to collect data from your web browser, such as the domain from which you access the Internet, the web address of the website from which you linked to our Services, the time and date of your visit the web pages that you view and click through and your IP address. This information is stored on servers and uses this information to provide Spence Labs with reports about traffic to our Services and your visit to our Services.
We will use this analytics data to improve our Services structure and content, and provide you with personalized content to improve your experience.
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Services. We use a number of different cookies, including functional, performance, advertising, and or content cookies. Cookies improve your browsing experience by allowing the Website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the Website or browse from one page to another. Cookies also provide information on how people use the Website, for instance, whether it’s their first time visiting or if they are a frequent visitor. Some cookies also personally identify the user, providing Personal Information such as an IP address, whereas other cookies are necessary for our Services to function properly. We use both of these types of cookies to optimize your experience on our Services and to provide our services.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our Services may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.
The CAN-SPAM Act gives recipients of commercial email the right to have emails stopped from being sent to them. You may unsubscribe from our marketing communications by clicking the “unsubscribe” link found in every commercial email we send, or (if you have an account with us) by sending us a request to unsubscribe at the following email address [email protected] . If you opt-out of receiving our marketing email communications, we may still send you email messages related to your account or specific transactions with us. Unsubscribing yourself from our marketing emails will not affect our service to you.
In general, we will retain all information collected through the Services for, at a minimum, the length of time permitted by law, and in accordance with our internal retention policy. However, we will delete any personally identifiable information in our database upon your request or as otherwise required by law.
We maintain backup files as a protection against natural disasters, equipment failures, or other disruptions. Backup files protect you and us because they lower the risk of losing valuable data. Backup files may contain records with your Personal Information. Removing a record from our active files and databases does not remove that record from any backup systems. Such backup data will eventually be passively deleted as backup records are erased through the normal recycling of backup files. In the meantime, as long as backup records exist, they receive the same security protections as our other records.
Your California Privacy Rights
California residents may exercise certain privacy rights pursuant to the California Consumer Privacy Act of 2018. Your right to submit certain requests to us as a California resident are described below. You may designate an authorized agent to make the requests below on your behalf. An authorized agent must submit proof to us that he or she has been authorized by you to act on your behalf, and you will need to verify your identity directly with us.
1. Verification of Requests
Please note that when submitting a request to exercise your data rights, You will be asked to provide information to verify your identity or authority to make the request before action is taken.
We will generally try to avoid requesting additional information from You for the purpose of verification, but we may need to do so if we cannot verify your identity based on the information already maintained by us. If we request additional information to verify your identity, it will be for that purpose only, and will be deleted as soon as practical after processing the request, except as otherwise provided by law. Verification is required in order to confirm that the person submitting the request to know or request to delete is the person to whom the information relates, and to prevent unauthorized access or deletion of information. The specific steps taken to verify the identity of the requesting person may vary based on the nature of the request, including the type, sensitivity and value of the information requested, the risk of harm posed by unauthorized access or deletion, the likelihood that fraudulent or malicious actors may seek the information, the robustness of personal information provided to verify your identity, the nature of our business relationship with you, and available technology for verification.
You may designate an authorized agent to make the requests below on your behalf. An authorized agent must submit proof to us that he or she has been authorized by you to act on your behalf, and you will need to verify your identity directly with us through the process described below.
The following generally describes the verification processes we use:
- Password Protected Accounts. If you have a password-protected account with us, we may use existing authentication practices to verify your identity, but will require re-authentication before disclosing or deleting data. If we suspect fraudulent or malicious activity relating to your account, we will require further verification (as described below) before complying with a request to know or delete.
- Verification for Non-Accountholders. If you do not have, or cannot access, a password-protected account with us, we will generally verify your identity as follows:
- For requests to know categories of personal information, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you with reliable data points maintained by us.
- For requests to know specific pieces of personal information, we will verify your identity to a reasonably high degree of certainty by matching at least three data points provided by you with reliable data points maintained by us. We will also require a declaration, signed under penalty of perjury, that the person requesting the information is the person whose information is the subject of the request or that person’s authorized representative. We will maintain all signed declarations as part of our records.
- For requests to delete personal information, we will verify your identity to a reasonable degree or a reasonably high degree of certainty depending on the sensitivity of the personal information and the risk of harm posed by unauthorized deletion. We will act in good faith when determining the appropriate standard to apply.
If there is no reasonable method by which we can verify your identity, we will state so in response to a request to know or delete personal information, including an explanation of why we have no reasonable method to verify your identity.
2. Right To Request More Information
- The categories of personal information we have collected about you.
- The categories of sources from which we have collected your personal information.
- The business or commercial purpose why we collected or, if applicable, sold your personal information.
- The categories of third parties with whom we shared your personal information.
- The specific pieces of personal information we have collected about you.
- The categories of personal information that we have shared with third parties about you for a business purpose.
- A list of all third parties to whom we have disclosed personal information, as defined under California Civil Code Section 1798.83(e) (a/k/a the “Shine the Light Law”), during the preceding year for third-party direct marketing purposes.
Please note that due to the different requirements of the applicable laws, our response times may vary depending on the specific type(s) of information sought. We respond to all verifiable requests for information as soon as we reasonably can, and no later than legally required
In connection with submission of your request, we will take steps to verify your identity as outlined below, and you will need to verify your identity before action is taken.
3. Right To Request Deletion Of Your Personal Information
You have the right to request that we delete your personal information collected or maintained by us, subject to certain exceptions. Once we receive and verify your request, we will let you know what, if any, personal information we can delete from our records, and we will direct any service providers with whom we shared your personal information to also delete your personal information from their records. There may be circumstances where we cannot delete your personal information or direct service providers to delete your personal information from their records. For example, if we need to: (1) retain your personal information to complete a transaction or provide a good or service; (2) detect security incidents; (3) protect against unlawful activities; (4) identify, debug or repair errors; or (5) comply with a legal obligation. You may submit a request to delete your personal information by calling us at (855) 773-6232, emailing us at s[email protected], or submitting a completed form available here. If your request is submitted online, we will contact you to confirm that you want your personal information deleted. Effective January 1, 2023 under the CPRA, we will also notify our service providers and contractors, and any third parties to whom we have transferred your information about your request to delete. If we cannot delete all of your Personal Information, we will let you know why.
4. Right to Opt-Out of Our Selling of Personal Information
California residents may opt-out of the sale of their Personal Information or the sharing of their Personal Information for cross-context behavioral advertising by submitting a request to [email protected] or through the “Do Not Sell My Personal Information” link on Spence Labs’ website. If you have any questions, feel free to contact us at (855) 773-6232 or [email protected].
5. Right to Non-Discrimination for the Exercise of California Resident’s Privacy Rights
If you choose to exercise any of your California rights, you have the right not to receive discriminatory treatment by us. This means that, consistent with California law, we will not deny providing goods or services to you, charge you different prices or provide a different level or quality of goods and services to you unless those differences are related to the value of your information.
6. Right to Limit the Use of Your Sensitive Personal Information.
Effective January 1, 2023 under the CPRA, if you are a California consumer, you may direct us to limit the use of your sensitive Personal Information to uses that are reasonably necessary to provide our goods and services, or as needed: to ensure security and integrity; for short-term, transient use, including for non-personalized advertising; to maintain or service accounts, provide customer service, process or fulfill orders and transactions, verify customer information, process payments, provide financing, provide analytic services, provide storage, or other similar services; and to verify or maintain the quality or safety of a service or device owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance such services or devices.
We do not use your Sensitive Personal Information beyond the purposes necessary to perform functions of our business. As such, this right is not applicable.
7. Right to Correct Inaccurate Information.
Effective January 1, 2023 under the CPRA, if you believe that any of the Personal Information we maintain about you is inaccurate, you may submit a request for us to correct that information. Upon receipt of a verifiable request to correct inaccurate Personal Information, we will use commercially reasonable efforts to correct the information as you direct.
Your Nevada Privacy Rights
If you reside in Nevada, you have the right to direct us to not sell your covered information, as defined in Chapter 603A of the Nevada Revised Statutes. We do not and will not sell your personal information to third parties. As such, there is no need to submit a request for us not to sell your personal information. If you have any questions, please contact us at our designated request address at [email protected].
Spence Labs does not intend for children under the age of 16 to use the Services or submit information. No Personal Information is knowingly collected from any person under the age of 16.
If you have any questions regarding our privacy practices or this policy, please contact us at:
By mail at: 910 W. VanBuren St., Suite 100-317, Chicago, IL 60607
By email at: [email protected]
By online submission at: https://gospence.com/pages/contact-us/