PRIVACY POLICY

Effective: October 17, 2024

Spring Labs complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Spring Labs has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Spring Labs has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/\

1. Introduction
Springcoin, Inc., doing business as Spring Labs, is developing technology to (1) facilitate customer support and compliance operations through Artificial Intelligence, (2) deliver data products to financial institutions and (3) protect customer sensitive data via direct deployment of privacy preserving technology via tokenization. Spring Labs respects the privacy of its customers and individuals and is committed to protecting the information provided to Spring Labs by way of visiting our website (“Visitors”), and individuals or entities that register to use Spring Labs products and services (“Customers”). Spring Labs has published this Privacy Notice to outline our practices with respect to collecting, using, and disclosing Personal Information transferred from the EU, the UK, or Switzerland to Spring Labs in the U.S. related to: (i) Customers who interact with Spring Labs’ services including Livesight, Zanko, or TrueZero product lines (“Services”), (ii) Visitors to our Website, www.springlabs.com, (iii) engagement with our marketing communications and events, or (iiii) interactions with any of our social media accounts. This Privacy Notice does not apply to any third-party websites, services or applications, even if they are accessible through our Services. 

By interacting with us, you acknowledge you have read and understand the terms of the Privacy Notice.  Your continued interaction constitutes your ongoing acknowledgement of the collection, use, disclosure and processing of your personal information (including personal data, hereafter (“Personal Information”) by Spring Labs, as set forth in this Privacy Notice. 

We encourage you to read the Privacy Notice carefully and to use it to make informed decisions. If you do not agree with the below information, your choice is to not use our Website, not engage with our social media content, or to unsubscribe from our marketing communications and events. 

2. What this Privacy Notice Covers
This Privacy Notice covers how we treat Personal Information that we gather about you in the regular interaction with us, including when you access or use our Website or through other Visitor engagement and through marketing activities, including links on our Website and social media accounts. Specifically with these interactions, Spring Labs is the data controller of your Personal Information as described in this Privacy Notice, when it collects Personal Information from: (i) Visitors to Spring Lab’s Website; and  (ii) when we receive Personal Information from or about you through our sales and marketing activities or events. 

For a description of how Spring Labs’ Services collect and store your Personal Information, please see Section 5 “Customer End User Data” below. 

3. The Personal Information We May Collect and How We Use This Personal Information

3.1 Personal Information We May Collect
We collect information about you in a range of ways.

Information You Give Us. We may collect your first name, last name, address, email address, date of birth, as well as other information and identifiers as you provide to us.  You also provide similar Personal Information to us when you voluntarily fill out forms on our Website such as when you request a demo or to contacts sales, download a white paper, click on links, engage with various social media accounts, or to register for marketing communications or events. 

Information We Get From Others. We may get identifiers and other information about you, from other sources. For example, we may use third party providers of business contact information.

Information Automatically Collected. Like many companies, we may collect marketing and log information about you to help us better refine our marketing efforts and to reach potential customers across the Internet. For example, when visiting and accessing our Website, we track online activity such as the website you visited before browsing to our Website, pages you viewed, how long you spent on a page, access times and information about your use of our Website.

Content You Provide Through Our Products. Because the Services include the Spring Labs products you use, we collect and store content that you include by way of using our LiveSight, Zanko, and/or TrueZero Services. This content includes any information about you that you may choose to include such as the summary and description added to a chat bot interaction, any feedback provided via our Services, or files or links you upload via our Services. We do use analytics techniques that hash, filter, or scrub content in an attempt to exclude information that might identify you, but with any technology there can be oversights or exceptions, such as misspellings that prevent our technology from accurately identifying a piece of content as Personal Information.

Information You Provide Through Our Support Channels.  The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Identifying yourself as a customer contact, opening a support ticket, and engaging with our support team, will result in Spring Labs collecting your contact information, a summary of the technical issue, and any other documentation, screenshots, or information that might be helpful in resolving the issues. 

Cookies. Spring Labs also collects cookies as you navigate through and interact with our Website. We use these cookies to collect certain information about your equipment and browsing activities, or to access information about signing in and to store a limited amount of behavioral data. Spring Labs has a separate Cookie Policy accessible on the Website. Please review our Cookie Policy for more information about how we use cookies and your options related to cookies.

3.2
Use of Personal Information
We use Personal Information that we collect about you or that you provide to us only as directed by you or authorized by you to provide the Services to you, carry out our regular course of business and for other purposes as described in this Privacy Notice. How we use the Personal Information we collect depends in part on how you choose to communicate with us, how you use our Services or Website (including links on our Website and social media interactions), and any preferences you have communicated to us. In general, we use the Personal Information in order to respond to a request from you, to carry out our legal obligations, to fulfill a contract with you, to provide services, to make improvements to our services, and to provide you with notices and for other purposes with your consent as described below.

We may use your Personal Information as follows:
- To provide the Services to you, including to process transactions, authenticate your identify, provide customer support, and to operate, maintain, and improve the Services. 
- To send information including confirmations, technical notices, updates, security alerts, and support and administrative messages.
- To communicate about promotions, upcoming events, and other news about products and services offered by us and our selected partners.
- To maintain legal and regulatory compliance.
- To investigate violations and enforce our policies, and as required by law, regulation, or other governmental authority, or to comply with a subpoena or similar legal process or respond to a government request.
- To generate anonymous de-identified and/or aggregated data that we may use for any lawful purpose/
- To perform research or conduct analytics in order to improve and customize our offerings, including to undertake internal research and reporting.

As noted in the list above, we may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers or email you about our Website. If you do not want to receive communications from us, you can unsubscribe from marketing communications or email us with your preferences at compliance@springlabs.com

3.3
Legal Basis for Processing Personal Information For EEA, UK and Swiss Visitors and Customers
If you are an individual in the EU, UK, Switzerland, or another relevant jurisdiction, we collect and process Personal Information about you only where we have a legal basis or bases for doing so under applicable laws. The legal bases depend on how you use the Website or otherwise interact with us, how you choose to interact and communicate with our Website, and whether you attend our events. However, we will collect Personal Information only where we have your consent to do so, where the processing is necessary to perform a contract with you or to fulfill our legitimate interests, unless those interests are overridden by your data protection rights. In some cases, we may also have a legal obligation to collect Personal Information from you and we will endeavor to make that clear at collection.

4. When Spring Labs Discloses Personal Information
We do not rent, sell, or share your Personal Information with third-parties except as described in this Privacy Notice or as authorized by you. In addition to our duly authorized personnel, we may share Personal Information with the following recipients: (i) our subsidiaries; (ii) affiliated companies; (iii) subcontractors, vendors, or other third-party service providers; and (iv) auditors or advisers of our business processes.

We may  disclose Personal Information or any information you submitted if we have a good faith belief that disclosure of some information is helpful or reasonably necessary to: (i) comply with applicable laws, regulations, legal processes or governmental requests; (ii) enforce our policies, including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property, or safety of us, our affiliates, our Users, yourself or any third-party; (vi) for the purposes of collaborating with enforcement agencies; and (vii) in case we find it necessary in order to enforce intellectual property or other legal rights.

4.1
Information Choices and Changes
Any marketing emails we may send will tell you how to "opt-out" from further communications. If you opt out, we may still send you non-marketing emails, such as those related to transactions or your account. Non-marketing emails include emails about our business dealings with you. You are permitted to decline to share certain Personal Information with us.

You may send requests about Personal Information to our Contact Information below. You can request to change contact choices, opt-out of our sharing with others, and update your Personal Information. When you update or request a change to certain information, we may maintain a copy of the unrevised information for legal and compliance purposes.You can typically remove and reject cookies from our Site with your browser settings.

5. Customer End User Data
With respect to the Personal Information collected by our Customers and submitted to the Spring Labs platform, Spring Labs is a processor or sub-processor and only processes such Personal Information in accordance with our Customer’s instructions.  Our Customers, not Spring Labs, choose the type of Customer End User Data collected by Customer Applications, and submitted and processed through our Customers’ use of the services. We process the Customer End User Data only according to the instructions of Customers and our legal obligations with respect to the Customer End User Data is set forth in the agreement between us and our Customers. The collection of Customer End User Data through Customer Applications is governed by our Customers’ privacy policies and/or data protection agreements, and if you are a Customer End User then you should review the Customer’s applicable privacy documentation to learn more about the Customer’s data handling practices.

While Spring Labs recognizes that an individual has the right to access, delete and amend the data collected about that individual, Spring Labs only has a relationship with our Customers and does not interact with the Customer End Users. As such, if you are a Customer End User and you would like to access, amend or delete your data, you need to contact the Customer directly with your request which Customer may process. Spring Labs will respond within a reasonable period of time to any such request or assistance requested by our Customer. 

Spring Labs only retains the Customer End User Data we process on behalf of our Customers for as long as necessary or as required to comply with legal obligations, resolve disputes and enforce any agreement. 

6. International Transfer
This section applies to those that visit our Site or use our services from the EU, UK, or Switzerland.

If you are a resident of the EU, UK or Switzerland, please note that the following rights specifically apply regarding your Personal Information: (1) Receive confirmation as to whether or not Personal Information concerning you is being processed, and access your stored Personal Information, together with supplementary information; (2) receive a copy of Personal Information you directly volunteer to us in a structured, commonly used and machine-readable format; (3) request rectification of your Personal Information that is in our control; (4) request erasure of your Personal Information; (5) object to the processing of Personal Information by us; (6) request to restrict processing of your Personal Information by us; (7) withdraw your consent for data processing activities that rely on your consent as a legal basis, and (8) lodge a complaint with a supervisory authority.

However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements and/or conditions.

To exercise such rights, you may contact us at: compliance@springlabs.com

In addition, please note VeraSafe has been appointed as Spring Lab’s representative in the EU for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the EU, VeraSafe can be contacted in addition to Spring Labs only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd. 
Unit 3D North Point House
North Point Business Park New Mallow
RoadCork
T23AT2P
Ireland

7. Commitment to Data Security
Spring Labs uses commercially reasonable physical, managerial, and technical safeguards designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. These measures include, for example, physical access controls, encryption, firewalls, and detection and monitoring. Our personnel who may have access to your Personal Information are required to keep that information confidential and trained on their security and privacy obligations. You are also responsible for maintaining the confidentiality of your password and other information used by you to access our Website. 

Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse the Website, and we make no warranty, express, implied or otherwise that we will prevent such access. If you feel that your privacy was not treated in accordance with this Privacy Notice, or if any person attempted to abuse the Website or acted in an inappropriate manner, please contact us directly at compliance@springlabs.com.

8. Dispute ResolutionIf a privacy complaint or dispute relating to Personal Information received by Springcoin, Inc. d/b/a Spring Labs in reliance on the Data Privacy Framework (or any of its predecessors) cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure.

Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here:https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Spring Labs commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration. See DPF Annex 1 at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-sw-dpf for details. We are obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that you invoke binding arbitration by delivery notice to us and follow the procedures and subject to conditions set forth in Annex I of Principles.

Spring Labs is subject to the jurisdiction and investigatory and enforcement powers of the Federal Trade Commission (FTC). 

9. Other Information

9.1 Transfers of Personal Information.
 Please be aware that the Personal Information we collect may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location. Please be advised that we process and store Personal Information in the United States and you acknowledge such processing. To the extent your Personal Information is transferred by Spring Labs to recipients located outside of the EU, UK, Switzerland or a country for which an adequacy decision has been issued by the European Commission, Spring Labs will implement appropriate safeguard mechanisms to remain in compliance with the Principles.

In the event Spring Labs discloses Personal Information covered by this Notice to a non-agent third party, it will do so consistent with the choices exercised by Spring Labs’ Visitors and users regarding processing and disclosure. Spring Labs will only disclose Personal Information to third parties that have given us contractual assurances that they will provide at least the same level of privacy protection as is required by this Notice and the Principles, and that they will process Personal Information for limited and specific purposes consistent with any consent provided by the individual. If Spring Labs has knowledge that a third party to which it has disclosed Personal Information covered by this Notice is processing such Personal Information in a way that is contrary to this Notice and/or the Principles, Spring Labs will take steps to prevent or stop such processing. Spring Labs complies with the Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

9.2
Children and Minor’s Privacy. Our services are not intended for use by children or minors under the age of 18. We do not knowingly collect Personal Information from those under the age of 18 years old. Please contact us immediately if you believe we may have unknowingly collected information about a person under 18 years old.

9.3
Website, Links and Social Media. Our Website, services or marketing materials may contain links to other third-party websites or applications (such as Facebook, LinkedIn, YouTube or Twitter). This Privacy Notice does not apply to any third party websites, including through any application that may link to or be accessible from or on the Website or Services, and Spring Labs is not responsible for the privacy policies and the content of the third-party websites or applications.

9.4
Retention. We may process and store your Personal Information only for the period necessary to achieve the purpose of the storage, or as permitted by law. We may retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this policy. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract or for other lawful purposes.

9.5 Contact Information
We welcome your comments or questions about this Privacy Notice. You may also contact us at our address:
Springcoin, Inc.
4551 Glencoe Avenue, Suite 330 
Marina Del Rey, CA 90292

Or via email at: compliance@springlabs.com

Spring Labs will cooperate with the United States Federal Trade Commissions and any data protection authorities of the EU Member States (“DPAs”) and/or the Swiss Federal Data Protection and Information Commissioner in the investigation and resolution of complaints that cannot be resolved between Spring Labs and the complainant that are brought to a relevant DPA.

9.6 Changes to This Privacy Notice. We may change this Privacy Notice. If we make any material changes, we will change the Last Updated date above.