Privacy Policy

    GSPANN Privacy Notice
    Effective Date: 10 Mar 2026

    Our Commitment to Your Privacy

    At GSPANN, we value your trust and are committed to protecting your personal information. This Privacy Notice explains what personal data we collect, how we use it, how we protect it, and the rights and choices available to you under applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the EU-U.S. Data Privacy Framework.

    Information We Collect

    Personal data may be collected directly from you, automatically through your use of our website, or from third parties such as business partners or publicly available sources.

    We may collect the following categories of personal information:

    Personal details: Name, email address, postal address, phone number
    Online identifiers: IP address, device information, browser type, cookies, and usage data
    Professional details: Job title, employer, business contact information
    Communications: Messages, inquiries, feedback, and support requests
    Marketing preferences: Subscription status and opt-in or opt-out selections
    • Technical log data and security-related information where necessary to protect our systems and services

    In certain business contexts, we may also receive personal data from third parties such as business partners, event organizers, public sources, or referrals, in accordance with applicable law.

    We do not knowingly collect personal data from children under the age of 16.

    Why We Collect Your Data

    We use personal information for the following purposes:

    • To provide and operate our products, services, and customer support
    • To respond to inquiries, requests, and communications
    • To send marketing or promotional communications where you have opted in
    • To analyze usage and improve our services, security, and user experience
    • To comply with legal, regulatory, and contractual obligations

    We will not use personal data for purposes materially different from those described in this Privacy Notice without providing prior notice and, where required, by obtaining your consent.

    GSPANN does not sell personal information as defined under the CCPA.

    Legal Basis for Processing (GDPR)

    Where required under GDPR, we process personal data based on one or more of the following legal grounds:

    • Your consent
    • Performance of a contract
    • Compliance with legal obligations
    • Legitimate business interests that do not override your fundamental rights and freedoms

    We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals.

    Cookies and Tracking Technologies

    We use cookies and similar technologies to ensure website functionality, enhance user experience, and perform analytics. Additional information about our use of cookies is available in our Cookie Policy. Where required by law, cookies and similar technologies are used based on your consent, which may be withdrawn at any time through applicable consent tools or browser settings.

    Data Sharing and International Transfers

    We may share personal (Non-HR) data with:

    Service providers and vendors who process data on our behalf: GSPANN Technologies will transfer Personal Data to subcontractors or third-party service providers only for limited and specific purposes consistent with this Privacy Notice. GSPANN will obtain contractual assurances from such subcontractors requiring them to safeguard Personal Data in a manner consistent with this Privacy Notice and to provide at least the same level of protection as required under applicable data protection principles.
    Affiliates and business partners under appropriate safeguards: GSPANN acknowledges its responsibility and potential liability for the processing of Personal Data by subcontractors acting on its behalf. Where GSPANN becomes aware that a subcontractor is using or disclosing Personal Data in a manner inconsistent with this Privacy Notice or applicable data protection requirements, GSPANN will take reasonable and appropriate steps to prevent, remediate, or terminate such use or disclosure.
    • Government or legal authorities where disclosure is required by law GSPANN may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    Any international transfer of personal data described in this Privacy Notice relates exclusively to non-HR personal data collected for marketing, promotional, and business communication purposes

    Where personal data is transferred outside your country or region, including transfers from the European Economic Area (EEA), the United Kingdom, or Switzerland to the United States, we rely on appropriate safeguards such as Standard Contractual Clauses or recognized data transfer frameworks, including the EU-U.S. Data Privacy Framework.GSPANN remains liable under the DPF Principles if its third-party agents process personal data in a manner inconsistent with the Principles, unless GSPANN proves it is not responsible for the event giving rise to the damage.

    Your Privacy Rights

    If you are located in the EU or EEA (GDPR):

    • Request access to your personal data
    • Request correction, deletion, or restriction of processing
    • Request data portability
    • Withdraw consent at any time where processing is based on consent
    • Lodge a complaint with a competent supervisory authority in your country of residence, place of work, or where an alleged infringement occurred

    If you are a California resident (CCPA):

    • Know what personal information we collect and how it is used
    • Request deletion of your personal information
    • Opt out of the sale or sharing of personal information, if applicable
    • Not be discriminated against for exercising your privacy rights
    • Request correction of inaccurate personal information
    • Limit the use and disclosure of sensitive personal information, where applicable

    To exercise any of these rights, please contact us using the details provided below.

    Your Choices

    You may opt out of receiving marketing communications at any time by using the “unsubscribe” link in our emails or by contacting us directly. Where required by law, we obtain explicit consent before processing sensitive personal data. Where applicable, you may also manage cookie preferences through our cookie consent tool.

    Data Retention

    We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Notice or to comply with legal and regulatory requirements. Retention periods are determined based on the nature of the data, applicable legal obligations, and legitimate business needs.

    Addressing Concerns

    If a privacy concern relating to non-HR personal data cannot be resolved directly with GSPANN, individuals may contact the International Centre for Dispute Resolution (ICDR-AAA), at no cost. More information about ICDR-AAA’s dispute resolution services is available at https://www.icdr.org.

    In compliance with the EU-U.S. DPF, GSPANN Technologies, Inc. commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact GSPANN Technologies, Inc. at: privacy@gspann.com

    In compliance with the EU-U.S. DPF, GSPANN Technologies, Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to the International Centre for Dispute Resolution – American Arbitration Association (ICDR-AAA), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you.

    Security

    We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures include, where appropriate, encryption, access controls, secure development practices, vendor due diligence, and periodic security assessments.

    Children’s Privacy

    Our services are not directed to individuals under the age of 16, and we do not knowingly collect personal data from children. If we become aware that personal data has been collected from a child without appropriate parental consent, we will take steps to delete such information.

    EU-U.S. Data Privacy Framework (DPF)

    GSPANN Technologies, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. GSPANN Technologies, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

    GSPANN remains responsible and potentially liable under the DPF Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless GSPANN proves it is not responsible for the event giving rise to the damage.

    GSPANN is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

    GSPANN may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    Under certain conditions, for the individual to invoke binding arbitration, your organization is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to your organization and following the procedures and subject to conditions set forth in Annex I of the Principles.

    Contact Us

    If you have questions, concerns, or requests related to this Privacy Notice or our data handling practices, please contact us via:
    Privacy Contact: privacy@gspann.com

    Updates to This Notice

    We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. The effective date above indicates when this notice was last updated. Material changes will be communicated through appropriate channels where required by law.