Privacy Policy

Effective Date: April 12, 2017

Sphaera Solutions takes on-line privacy very seriously. This privacy policy (“Privacy Policy”) describes how Sphaera Solutions (a business name of Armillaria, LLC) and its affiliate, Island Institute, in the United States (collectively, “Sphaera,” “Company,” “we” or “us”) can collect, use, and disclose information you elect to provide to us (“Personal Data”). Personal Data includes certain personally identifiable information received in the US from the European Union and Switzerland. It does not include publicly available information.

The website you are visiting is owned and operated by Armillaria, LLC (d/b/a Sphaera Solutions) on its behalf or for its licensees. This policy applies to your use of the services provided through the following websites:

(a) Sphaera’s main solutions exchange hub, the Resilience Exchange ("Resilience Exchange"); and

(b) such other websites owned or operated by Sphaera on behalf of its licensees who offer solutions hubs in a separate and brand-specific environment that are linked to the Resilience Exchange ("Rex Partner Sites"). Resilience Exchange and Rex Partner Sites are collectively referred to as "Sphaera Websites."

SCOPE OF PRIVACY POLICY

If you access the Sphaera Websites for any purpose, register with any Sphaera Website as a User, purchase any services from Sphaera, provide us with Personal Data, or access or use any Sphaera Website on behalf of an entity with such entity’s implicit or express consent (“User” or “you”), you authorize us to use such Personal Data as set forth in this Privacy Policy.

Visitors to any of the Sphaera Websites are required to register in order to use such web site. If you do not agree to our use of your Personal Data as set forth in this Privacy Policy, please do not use any of the Sphaera Websites and or provide any personal information, or allow others to do so on your behalf.

Our databases are located in the United States (“US”). If you are outside of the US, you may be located in a region with laws or regulations governing personal data collection, use or disclosure that differ from US laws. By providing your data, you specifically acknowledge and agree that Sphaera may collect, use, access, process, disclose, transfer, store, delete, and otherwise deal with your Personal Data for any reason that is not prohibited by this Privacy Policy.

EU-US PRIVACY SHIELD

Sphaera recognizes that the European Union (“EU”) and Switzerland have established strict protections regarding the handling of Personal Data, including requirements to provide adequate protection for Personal Data transferred outside of the EU and Switzerland. To provide adequate protection for certain Personal Data, including Personal Data about Users, customers, and partners that is received in the US, Sphaera has elected to self-certify to the EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks administered by the US Department of Commerce (“Privacy Shield”). Sphaera has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability (the “Principles”). If there is any conflict between this Privacy Policy and the Principles, the Principles shall govern. For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review Sphaera’s representation on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list.

INFORMATION WE COLLECT AND USE

Sphaera collects only the information necessary to serve our Users, including for the purpose of creating User accounts and allowing User navigation and access to website content including the Resilience Exchange platform and its posted solutions (“Solutions”) and building blocks (“Building Blocks”). When you visit any of the Sphaera Websites, you may provide us with two general types of information, and we may receive the following categories of Personal Data, including:

DATA TRANSFER TO THIRD PARTIES

Sphaera does not rent, sell, or trade your Personal Data (e.g., email addresses) to third parties, with the exception of the following:

DATA SECURITY

Sphaera maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.

With respect to any Personal Data about you, we do not access this information other than on a random or infrequent basis as necessary for the performance of our services. Nonetheless, in order to appropriately protect the information transmitted by our Users, and to prevent unauthorized access and to maintain data security of our Users’ Personal Data, we maintain commercially accepted physical, electronic, administrative and managerial security and enforcement procedures to safeguard against the loss, misuse, corruption and unauthorized access, disclosure, alteration or destruction of credit card and personal information.

ACCESS RIGHTS

If you sent your information from the EU or Switzerland, you may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can submit a written request to the contact information provided below under “Questions and Information.” We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information.

We keep Personal Data for as long as we think is necessary or advisable and we reserve the right to retain it to the full extent not prohibited by law. We may discard Personal Data at our discretion, so you should retain your own records, and not rely upon our storage of any Personal Data or other information.

THIRD PARTY INFORMATION

You are not permitted to provide any personal information about others (“third-party personal information”) unless such third party has specifically permitted in writing your disclosure of such third-party personal information to us or you are authorized to do so under applicable law. In addition, you may not disclose any third-party person information to us unless such third party was provided with a copy of our EULA, the Rules, and this Privacy Policy, and has confirmed in writing their agreement to be bound by the terms of both. By submitting any third party personal information, you represent and warrant that you are authorized to do so and that you obtained the foregoing written consents before submitting the information. If applicable law allows you to supply the information without doing the foregoing, you represent and warrant that you have abided by that law and that it allows us to receive and disclose the information under this Privacy Policy without any further action on our part. You agree to indemnify, defend and hold us harmless against any failure by you to comply with this paragraph.

MINOR CHILDREN

Our services are not intended to be used by children under the age of 18 (“minor children” or “minor child”). We do not collect personal information from minor children, and we ask minor children not to transmit any information to any Sphaera Website. Sphaera welcomes the parent or guardian of a minor child under the age of 18 to use Sphaera Websites and provide any information, service, or product gained from such websites to their minor child. We comply with all federal laws and regulations regarding the privacy of minor children, including the Children’s Online Privacy Protection Act.

CONSENT TO ELECTRONIC NOTICE

In case of unauthorized access or other invasion of certain security systems, you agree that we may notify you by posting notice on the relevant Sphaera Website or sending notice to your email address in our possession in our good faith discretion. You agree that notice to you will count as notice to others for whom you are acting, and agree to pass the notice on to them.

ENFORCEMENT

This Privacy Policy is part of and supplemented by our Terms of Use, which together with any supplemental privacy policy form an agreement between us and you. If there is a conflict between the Terms of Use and this Privacy Policy, the latest version of this Privacy Policy will control. Sphaera and you are bound by the Terms of Use, including this Privacy Policy.

For purposes of enforcing compliance with the Privacy Shield, Sphaera is subject to the investigatory and enforcement authority of the US Federal Trade Commission.

QUESTIONS OR COMPLAINTS  

You can direct any questions or complaints about the use or disclosure of your Personal Data to us by email at info@sphaera.world. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your Personal Data within 45 days of receiving your complaint.

For any unresolved complaints for Users sending data from the EU and Switzerland, we have agreed to cooperate with the BBB EU PRIVACY SHIELD, a nonprofit alternative dispute resolution provider located in the United States and Operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit BBB EU PRIVACY SHIELD for more information and to file a complaint. 

BINDING ARBITRATION

If you sent your information from the EU or Switzerland, you may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your complaint directly with Sphaera and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, please refer to the US Department of Commerce's Privacy Shield Framework: Annex (Binding Arbitration).

CHANGES TO THESE POLICIES

From time to time, Sphaera may revise this Privacy Policy at its discretion and consistent with the Privacy Shield and other legal requirements. We note the date of the policy below, so you know when it was last updated. Sphaera advises you to check back periodically to review the Privacy Policy because users of the websites will be bound by the then-current version of this Privacy Policy.

FURTHER ASSISTANCE

If you have any further questions about our privacy policy, please send us an email at info@sphaera.world.