Sisu Data, Inc. Privacy Policy

Effective Date: November 19, 2020
generic-hero

This Privacy Policy explains how we collect, use, share, and protect your Personal Information, and the choices you have.

Sisu complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union, United Kingdom (UK) and Switzerland, as applicable, to the United States. Sisu adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. Sisu is responsible for any information received and subsequently sends to any third parties (‘onward transfer’) and shall remain liable under the Principles of the Privacy Shield if any agent processes such data in a manner inconsistent with the Principles, unless Sisu demonstrates that it is not responsible for the event giving rise to the damages. If there is any conflict between the terms in this policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. You can read more about Privacy Shield at https://www.privacyshield.gov.

Scope

This Privacy Policy applies to Personal Information Processed by Sisu Data, Inc. (“Sisu”, “we” or “us”) in our business, including on our website (each a “Site”), our web application, and any forums, blogs, and other services (collectively, the “Services”). All those Processing Personal Information for us are expected to comply with this Privacy Policy.

What personal information do we collect?

This is how we collect Personal Information from our customers, users, and visitors of our Site:

Account Creation.
If you create an account by registering with the Services (“Account”), we’ll collect certain Personal Information about you, such as your name, email address, physical address, and phone number.

Communications with Us.
We may collect Personal Information from you such as email address, phone number, or mailing address when you request information about our Services, register for our newsletter, request customer or technical support, or otherwise communicate with us.

Data Collected via Our Services.
We will collect any and all information, data files, and databases (including any of your or your customers’ Personal Information included in such data files or databases), provided by you to the Services whether directly by transferring such files, or indirectly by granting Sisu access to your third-party accounts where such files are stored.

Security Credentials Data.
We collect user IDs, passwords, password hints, and similar security information required for authentication and access to our users’ accounts.

Surveys.
We may contact you to participate in surveys. If you decide to participate, we may ask you for certain information which may include Personal Information.

How do we use your information?

We process Personal Information about you for a variety of business purposes, including:

To Provide Services and Other Information Requested, including to:
– provide Services and communicate with you;
– manage your information and Accounts;
– provide access to certain areas, functionalities, and features of our Services;
– answer requests for customer or technical support, and troubleshoot problems; and
– allow you to register for events.

For Administrative Purposes, including to:

– measure interest and engagement in our Site and Services;
– conduct research and development;
– improve or development new products and Services;
– ensure internal quality control;
– verify individual identity and for fraud prevention;
– communicate with you about your Account, activities on our Site and Services and policy changes;
– process your financial information and other payment methods for products or Services purchased (including through our third-party payment processor);
– prevent potentially prohibited or illegal activities;
– Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
– Debugging to identify and repair errors with our Services;
– Auditing relating to interactions, transactions and other compliance activities;
– enforce our Terms, and send you notices and alerts;
– comply with laws; and
– any other legitimate purpose.

To Market Our Products and Services.
You may contact us at any time to opt out of the use of your Personal Information for marketing purposes as described below, and we may use Personal Information to provide you with materials about offers, products, and Services that may be of interest to you, including:
– To tailor content, advertisements, and offers;
– To notify you about offers, products, and services that may be of interest to you;
– For direct marketing and research (including marketing research); and
– Other purposes disclosed to you, or that you consent to, when you provide Personal Information.

De-Identified and Aggregated Information Use.
We may use Personal Information and other information about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Site and Services, or other analyses we create. We may use de-identified or aggregated information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.

Sensitive Personal Information.
You are prohibited from providing us any sensitive personal information or special categories of personal information (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometrics or genetic data for the purposes of identifying an individual, health information) on or through the Service or otherwise. If you do disclose any sensitive personal information to us, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not provide it.

With whom do we share your information?

We may share your information as follows:

Vendors and Service Providers.
We may share your information with our vendors and service providers. For example, we may share your information with providers of IT, web hosting, and related services, or with our third-party payment processors, and other service providers that help us with the provision of the Site and Services.

Business Partners.
We may provide Personal Information to our business partners with whom we jointly offer products or services. In such cases, our business partner’s name will appear along with ours.

Friends or Colleagues.
Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend and/or colleague to use our Services. Email addresses that you may provide for a friend or colleague will be used to send your friend or colleague the content or link you request, but will not be collected or otherwise used by Sisu or any other third parties for any other purpose.

Marketing – Interest-Based Advertising and Third-Party Marketing.
Through our Services, Sisu may allow third party advertising partners to set Technologies (defined below) and other tracking tools to collect information regarding your activities and your device (e.g., your IP address, mobile identifiers, page(s) visited, location, time of day). We may also combine and share such information and other information (such as demographic information and past purchase history) with third party advertising partners for targeted advertising or interest-based advertising. You will be able to opt out of such sharing by following the instructions below.

Disclosures to Protect Us or Others.
We may access, preserve, and disclose your Personal Information and other Account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect your, our or others’ rights, property, or safety; (iv) to enforce our policies or contracts; (v) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vi) if we, in good faith, believe that disclosure is otherwise necessary or advisable.

Merger, Sale, or Other Asset Transfers.
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.

Information Posted on our Blogs and Community Forums.

If you post anything on any publicly accessible blogs, forums, social media pages, and private messaging features provided by the Services, you assume the risk that the Personal Information provided by you may be viewed and used by third parties for any number of purposes.

Information we process on behalf of our customers (as data processors)

Our customers may choose to use our Services to Process some of their data, which may contain Personal Information. The data that we Process through our Services for our customers is Processed by us purely as a data processor, on behalf of our customer, and in accordance with our customers’ instructions, and our privacy practices governing the Processing of such data will be in accordance with contracts that we may have in place with our customers. If you have any questions or concerns about how such data is handled or would like to exercise your rights as a data subject, you should contact the person or entity who has contracted with us to use the Services to Process your data (i.e., the data controller). Our customers control the Personal Information in these cases and determine the details regarding their Account, including without limitation, how and for what purpose the data collected on their behalf should be Processed. We will, however, provide assistance to our customers to address any concerns you may have, in accordance with the terms of our contract with them. For a list of our sub-processors, contact us as described below.

European Economic Area (EEA), United Kingdom or Switzerland:
If you are based in the EEA. United Kingdom, or Switzerland, you acknowledge and agree that we may transfer the data we process on your behalf, which may include Personal Information, to our facilities in the United States or elsewhere, including those of third parties as described in this Privacy Policy. In order to meet the requirements of the EU General Data Protection Regulation (“GDPR”) upon your written request, we will make available a Data Protection Addendum and/or Standard Contractual Clauses approved by the European Commission (“SCCs”) to ensure the adequate protection of Personal information we process on your behalf. You can use the contact information at the bottom of this privacy policy to communicate with Sisu.

Sisu is subject to the enforcement and investigatory power of the Federal Trade Commission (FTC). European Union and Swiss individuals have the possibility, under certain conditions, to invoke binding arbitration.

If you have an unresolved complaint, arbitration is available through the US based JAMS ADR. This is an alternative dispute provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not satisfactorily resolved your complaint, you can visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to read how to file a complaint.

The services of JAMS EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield ADR are provided at no cost to you. Mediations will be conducted pursuant to JAMS International Mediation Rules.

You can look up your local Data Protection Authority on the European Data Protection Board website.

Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising

We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services. Technologies are essentially small data files placed on your computer, tablet, mobile phone, or other devices that allow us to record certain pieces of information whenever you visit or interact with our Site and Services.

Cookies.
Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies.