Wellspring Privacy Policy

This version of the Privacy Policy is in effect and was last updated on January 15, 2025.

Protecting your privacy is important to Wellspring Worldwide Inc. and its subsidiaries (“Wellspring”, “we”, “us,” “our,” or “Company”). The purpose of this privacy policy (the “Policy”) is to explain how Wellspring collects, uses, and discloses the personal and non-personal information you may provide us while using the Wellspring website at www.wellspring.com (the “Website” or “Site”) ”), in compliance with applicable data privacy and protection laws and regulations. Your use of the Site is governed by the Wellspring Terms of Use, and this Policy is part of and incorporated into those Terms of Use, published here https://www.wellspring.com/terms-of-use. Those Terms of Use contain important provisions, including provisions disclaiming, limiting, or excluding the liability of Wellspring for your use of the Website and provisions determining the applicable law and exclusive jurisdiction for the resolution of any disputes regarding your use of the Website. Each of those provisions applies to any disputes that may arise in relation to this Policy and the collection, use, and disclosure of your personal data and are of the same force and effect as if they had been reproduced verbatim in this Policy.

Wellspring and our subsidiaries Wellspring EMEA Limited (UK), Sopheon Limited (UK) PLC, Sopheon UK Limited (UK), Sopheon NV (Netherlands), Sopheon GmbH (Germany), Wellspring Japan (Japan) and Sopheon Asia Pacific Pty Limited (Australia) are committed to protecting the privacy of individuals (“Visitors”) who visit our Site, individuals who register to use or purchase the Services as defined below (“Customers”), and individuals who register to attend the Company’s corporate events (“Attendees”).

We are acting as a data controller and by law we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data, including your choices regarding online and offline collection, use, access, and correction of personal data as well as how you can ask us to stop storing data about you.

In order to provide you with relevant information and respond to your inquiries, we sometimes request that you provide us with data about yourself. Wellspring operates in the business-to-business software as a service (“SaaS”) industry, and does not focus on consumer users or the collection of consumer data. To the extent we collect data online and offline, our purpose is to better serve our business customers. Any reference to the Wellspring Site includes all of our websites and apps as well as those of our subsidiaries.

Wellspring and its subsidiaries participate in the EU-U.S. Data Privacy Framework, the United Kingdom Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding certain personal data received by Wellspring in the U.S. from European Union member countries, and the United Kingdom (and Gibraltar) and Switzerland. Please see our Wellspring Data Privacy Framework Policy here https://www.wellspring.com/eu-privacy-policy-statement for information about our data practices. To learn more about the Data Privacy Framework program generally, and to view the status, please visit https://www.dataprivacyframework.gov/. As further described in our Data Privacy Framework Policy, in certain circumstances Wellspring is subject to investigation and enforcement by the US Federal Trade Commission. To ensure proper legal transfer mechanisms are in place, Wellspring also relies on standard contractual clauses (“SCCs”) to transfer data globally.

This Policy applies to Wellspring Website interactions and serves as the basis for separate privacy policies specific to Wellspring SaaS product offerings. This Policy does not apply to the practices of third parties that Wellspring does not own or control, or to individuals that Wellspring does not employ or manage.

1. Types of Data We Collect and How We Collect It

Personal Data: Some portions of our Site may request that you provide us with data about yourself from which we are able to identify you (“Personal Data”). Examples of Personal Data include your name, professional contact data (telephone numbers, postal address, and email address), company name, and job function. We do not request or collect any data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation (“Sensitive Personal Data”) on or through the Site. If you submit any Personal Data relating to other people to us or to our service providers in connection with the Site, you represent that you have the authority to do so and to permit us to use that Personal Data in accordance with this Policy.

How We Collect Personal Data: We and our service providers may collect Personal Data in a variety of ways, including:

• Through the Site: We may collect Personal Data through the Site, for example when you contact us, download content (e.g., whitepapers), register for a webinar or event, subscribe to our newsletter or other email list, or register to use our Site.
• Offline: We may collect Personal Data from you offline, such as when you attend one of our events, during phone calls, Zoom or Teams meetings with sales representatives, or when you contact customer service.
• Through You: We may collect information such as your location or your preferred means of communication when you voluntarily provide it. Unless combined with Personal Data, this information does not personally identify you or any other user of the Sites. Note that there is no legal obligation for you to provide us with Personal Data and any information collected by us will be provided by you at your own will and with your consent.
• Data from Other Sources: To enhance our ability to provide relevant marketing, offers, and services to you, we may obtain data about you from other sources, such as public databases, joint marketing partners, social media platforms, as well as from other third parties such as industry event organizers.

Other Data. “Other Data” is any data that does not reveal your specific identity or does not directly relate to an identifiable individual. This might include, for instance, browser and device data; Site usage data; data collected through cookies, pixel tags, and other technologies; the address of the website from which you arrived at the Site, and the date and time of visits; demographic data and other data provided by you; geographic location (country only); or aggregated, non-personally identifiable data, such as the number of hits to our Site, how much time spent on which pages, links clicked, content accessed or downloaded, etc. to collect data on our users’ behavior and their devices (stored as pseudonymized user profiles). We use this data to facilitate our operation of the Site and for other purposes described below. Our vendors are contractually forbidden from selling any of the data collected on our behalf.

How We Collect Other Data. We and our service providers may collect Other Data in a variety of ways, including:

• Through Your Browser or Device: Certain data is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution and device screen size, operating system name and version, device manufacturer and model, preferred language, and Internet browser type and version.
• Through Cookies and Other Similar Technologies: Cookies and other similar technologies may be used to collect Other Data. We may use third parties to serve advertisements on other websites that may be of interest to you, based on data collected about your use of our Sites and other websites. To do so, these companies may place or recognize a unique cookie on your browser (including through the use of pixel tags and web beacons).

“Cookies” are small text files that store data about your interactions with a particular website, either temporarily (known as a “temporary” or “session” cookie and are deleted once you close your browser window) or more permanently on the hard drive of your computer (known as a “permanent” or “persistent cookie”).

Cookies can make it easier to use a website by allowing servers to access certain data quickly:

• Session cookies can be used to help a user’s browser navigate a website more smoothly and may show up if the user comes from a website with which the subsequent website has some relationship (e.g., a website of an affiliated company) and can give helpful data.
• Persistent cookies can be used to customize or tailor data for a website for a user, such as by storing sessions, passwords, preferences, and registration and account data so that users do not have to re-enter this data each time they visit a website.
• Advertisement cookies may be displayed on the Websites and may contain cookies or other technologies. Third party advertising companies may provide those advertisements, and Wellspring has no control over, and no responsibility or liability for, the cookies or other technologies used in the advertisements or for the use and disclosure of information collected through advertisement cookies or other technologies.

Our Site may use both session cookies and persistent cookies to store data that allows us to improve our service to you and provide you with the ability to navigate the Site more easily. To make our Site easier to use, we combine data collected via cookies with personally identifiable data. You can set your browser to decline cookies if you prefer or you may decline consent to the use of cookies when you visit our website. If you do so, you may not be able to access important functions or areas of our websites or enjoy the convenience of more easily navigating our Site. The types of cookies used are defined in the Cookie Preferences settings on the website. More information on how to manage or delete cookies can be found here: https://allaboutcookies.org/

IP Address: Your “IP Address” is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP Address may be identified and logged automatically whenever you access the Site, along with the time of the visit and the page(s) that you visited. Collecting IP Addresses is standard practice and is done automatically by many websites, applications and other services. Wellspring uses IP Addresses to calculate usage levels of the Site, help diagnose problems with its servers, administer the Sites and monitor the regions from which you navigate to our Site.

How We Collect IP Address: We and our service providers may collect IP Address in a variety of ways, including:

• Through Web Analytics Services: Wellspring uses web analytics services such as Hotjar, Google Analytics and HubSpot. Google Analytics is a web analytics service provided by Google Inc. (“Google“). Google Analytics uses cookies and similar technologies to analyze how users use the Site. The data generated about Site usage (including your shortened IP address) is transmitted to Google in the U.S. This data is used to evaluate visitors’ use of the Site, compile statistical reports on website and visitor activity, and provide other services related to the Site and Internet use. Google may also collect data about our Site visitors’ use of other Site. For more information about Google Analytics, or to opt out of Google Analytics, please go to: The Google Analytics Opt-out Browser Add-on page at https://tools.google.com/dlpage/gaoptout
• Through First-Party Analytics Tools: We also use first-party analytics tools, such as HubSpot, Typeform and MailChimp, to assist us with certain automated marketing efforts from your interactions on our Site, including data you may provide.

Email Communications: The Site also enables you to send certain emails to us (for example, to webmaster@sopheon.com or to info@sopheon.com or to support@wellspring.com). We store all of the e-mails sent by you to us.

Data Localization: Wellspring servers are located in the UK, EU, and USA. Your U.S. state and national privacy laws may require certain data from certain types of industry to be resident locally, which Wellspring does not currently support. Do not register with us or sign up for a Wellspring product unless you are certain that your industry is exempt from such requirements.

2. How We Use Your Data

The data Wellspring collects helps us to understand how our Site is being used so that we can improve their quality and make it more helpful to our users.

We may also use the data we collect about you or submitted by you to communicate with you about our products and services. These uses may include providing you with services and support, communicating with you and responding to your requests, and sending you information in relation to new products and services. If you choose to join any of the mailing lists, we will use the data stored about you to send mailings to you. We use any data received by us in any e-mail received from you, such as to info@sopheon.com or to support@wellspring.com, to respond to your e-mail.

We may email you several times after your enquiry in order to follow up on your interest and ensure that we have answered it to your satisfaction. We will do this based on our legitimate interest in marketing our products and services. You can ask us to stop at any time by sending an email to support@wellspring.com.

If you do not provide certain information, you may still be able to access other portions of the Site, although it may limit your access to certain information or services.

3. How We Share Your Data

Wellspring shares data for business purposes only on a need-to-know basis and only with: other companies within our group of companies such as Australia, Japan, Germany, the Netherlands, United Kingdom, and United States; its own employees and affiliates; the entity from which Wellspring received the data; agents, consultants, subcontractors, advisers and auditors; to suppliers of services to us, and third-party service-provider companies, in each case that have agreed to take measures to safeguard your data and other entities authorized to have access to such data under applicable law or regulation. Contracted service providers may also deliver artificial intelligence (“Artificial Intelligence” or “AI”) to create AI-generated responses; the information provided in interactions with AI components is not transferred to the service provider. Wellspring does not and will not sell your data.

We acknowledge our liability for such data transfers to third parties.

Disclosure to Organizations: If you use the Site on behalf of another person or organization, such as your employer and you identify your organization (an “Organization”) when you either register as a Wellspring user, or through other Wellspring services, Wellspring may provide your Personal Data to your Organization if requested by an asserted authority to obtain the information from that organization. Wellspring has no control over, and no responsibility or liability for, the use of your Personal Data by an Organization, and that use is not subject to this Policy. If you do not wish your Personal Data to be disclosed to an Organization, you should not reference that Organization in your registration, authorization for purchases, Wellspring, or for other Wellspring services that would include this information.

International Transfer of Data: Your Personal Data collected on the Wellspring Site and through our services may be transferred to, stored and processed in Europe or the United States or any other country in which Wellspring or its subsidiaries or service providers maintain facilities. By disclosing data to us, you are consenting to the transfer of the data outside of your country to any country (including countries which may have different data protection rules than those of your country or the country in which you were located when you initially provided the data).

Disclosure in Business Transfers: Wellspring may be involved in the sale or transfer of some or all of its businesses. As part of a sale or transfer, Wellspring may disclose your Personal Data to the acquiring organization but will request the acquiring organization to agree to protect the privacy of your Personal Data in a manner that is consistent with this Policy.

Disclosure for Law Enforcement Purposes: Wellspring may disclose your Personal Data to a government institution or agency that has asserted authority to obtain the information, or where Wellspring believes in good faith that the information could be useful in the investigation of potentially unlawful activity or in the prevention of harm to persons or property (including Wellspring), or to comply with a subpoena or warrant or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with court rules regarding the production of records and information, or to its legal counsel. Wellspring has no control over, and no responsibility or liability for, those persons’ use and disclosure of your personal information, and that use and disclosure is not subject to this Policy.

4. How We Keep Your Data Secure

Wellspring is committed to protecting the security of your Personal Data. We use a variety of appropriate physical, technical and administrative procedures to safeguard the data we collect – to process data only in ways compatible with the purpose for which it was collected; to carefully protect it from unauthorized access, disclosure, or alteration; and to maintain data accuracy. When collecting or transferring sensitive data, we protect it through the use of encryption, such as the Transport Layer Security (TLS) protocol.

Please keep in mind that while we have established safeguards to help prevent unauthorized access to or misuse of your personally identifiable data, we cannot guarantee that it will never be disclosed in a manner inconsistent with this Policy (for example, in the event of unauthorized acts by third parties that violate applicable law or our policies). In addition, if a password is used to help protect your accounts and Personal Data, it is your responsibility to keep your password confidential. Do not share this information with anyone. If you are sharing a computer with anyone you should always log out before leaving a site or service to protect access to your data from subsequent users.

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for six years after they cease being customers. In some circumstances you can ask us to delete your data. Please note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be communicated to you at the time of your request, if applicable.

Also, if your data is embedded in a Wellspring product or service, as these involve databases with relational links between data fields, the entire database could be corrupted if a person who had transacted on the platform asked to have their data erased. We will “erase” such data by anonymizing any personally identifying information. We may also anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

5. How You Can Access, Correct, Update, or Remove Your Data

Wellspring provides individuals with the ability to know whether we hold data about you and, if we do (subject to certain limitations), to have access to that data, to have it corrected if it is inaccurate or out of date, or to request that it be removed.

This may be accomplished:

• Via email at privacy@wellspring.com
• Via our Preferences Center (http://www.wellspring.com/preferences)
• Sending a request to the Privacy Officer at a physical address listed below

When contacting us, please specify the data that you think is incorrect, inaccurate or out of date. Please also provide us with correct replacement data. If we have asked for your consent to process your personal data, you may withdraw that consent at any time. If you wish to be removed from any of our databases or mailing lists, please include those instructions.

In your email, please include your first name, last name, mailing address, email address, and telephone number. Please note: to protect your information, we will verify your information by an appropriate method to the type of request you make; there may be instances where we may decline your request, only as permitted by applicable law.

The above represents your privacy rights under the California Consumer Privacy Act (“CCPA”).

You have the right to make a complaint at any time to your jurisdiction’s data protection authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach them. Please contact us in the first instance.

• A list of EU data protection authorities is available here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
• To contact the Swiss FDPIC visit: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection---switzerland.html
• To contact the UK Information Commissioner’s Office visit: www.ico.org.uk
• To contact the Office of the Australian Information Commissioner visit: https://www.oaic.gov.au/
• To contact the Office of the Attorney General of California, visit: https://oag.ca.gov/privacy

6. Minors

Wellspring does not offer services to minors and does not knowingly request personally identifiable data from anyone under the age of 16. Any person who provides their personal data to Wellspring through this website represents that they are 16 years of age or older.

7. Use of Social Media

We use social media widgets as dynamic information sharing tools on our website (such as LinkedIn, X (formerly Twitter) or Facebook) to engage in dialogue, share information and media, and collaborate with our visitors. Your activity on these social media sites is governed by the security and privacy policies of the third-party sites. Wellspring does not control, moderate or endorse the comments or opinions provided by visitors to these sites. You should review the privacy policies of all websites before using them and ensure that you understand how your data may be used. You should also adjust privacy settings on your account on any third-party website to match your preferences.

8. Links to Other Websites

Wellspring’s Site may provide links to unaffiliated, third-party websites for your convenience and information. If you access these links, you will leave the Wellspring Site. Wellspring has no control over these websites and is not responsible or liable for the policies and practices followed by third parties. The Personal Data you choose to provide to or that is collected by these third parties is not covered by this Policy. If you link to or otherwise visit any other websites managed by third parties, we encourage you to review the privacy policies posted at those sites to understand their information practices.

9. Updates to this Policy

Wellspring may, acting in its sole discretion, modify, revise, amend, or replace this Policy at any time and from time to time. When we do, we will also revise the “last updated” date on the Policy.

All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Policy or other notice on the Site. We encourage you to review this Policy often to stay informed of changes that may affect you, as your continued use of the Site signifies your continuing consent to be bound by this Policy. Our electronically or otherwise properly stored copies of this Policy are each deemed to be the true, complete, valid, authentic, and enforceable copy of the version of this Policy which were in effect on each respective date you visited the Site.

10. Questions, Concerns or Complaints

If you have any questions, comments, or suspect that we may have acted contrary to this Policy or any applicable legislation about our Policy or associated practices, please email us at privacy@wellspring.com or write to attention Privacy Officer at one of the following addresses:

• Privacy Officer, Wellspring Worldwide, 6870 West 52^nd Avenue, 215, Arvada, CO 80002, USA
• Privacy Officer, Wellspring Maastricht, OffiCenter Gelissendomein 8-10/92 6229 GJ Maastricht, The Netherlands
• Privacy Officer, Wellspring UK, 31-35 Kirby Street, London, EC1N 8TE, England
• Privacy Officer, Wellspring Australia, Sopheon Asia Pacific, Substation 4, 22 Petrie Terrace Brisbane QLD 4000, Australia