Effective Date: November 19, 2020
Sisu complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union, United Kingdom (UK) and Switzerland, as applicable, to the United States. Sisu adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. Sisu is responsible for any information received and subsequently sends to any third parties (‘onward transfer’) and shall remain liable under the Principles of the Privacy Shield if any agent processes such data in a manner inconsistent with the Principles, unless Sisu demonstrates that it is not responsible for the event giving rise to the damages. If there is any conflict between the terms in this policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. You can read more about Privacy Shield at https://www.privacyshield.gov.
This is how we collect Personal Information from our customers, users, and visitors of our Site:
If you create an account by registering with the Services (“Account”), we’ll collect certain Personal Information about you, such as your name, email address, physical address, and phone number.
Communications with Us.
We may collect Personal Information from you such as email address, phone number, or mailing address when you request information about our Services, register for our newsletter, request customer or technical support, or otherwise communicate with us.
Data Collected via Our Services.
We will collect any and all information, data files, and databases (including any of your or your customers’ Personal Information included in such data files or databases), provided by you to the Services whether directly by transferring such files, or indirectly by granting Sisu access to your third-party accounts where such files are stored.
Security Credentials Data.
We collect user IDs, passwords, password hints, and similar security information required for authentication and access to our users’ accounts.
We may contact you to participate in surveys. If you decide to participate, we may ask you for certain information which may include Personal Information.
We process Personal Information about you for a variety of business purposes, including:
To Provide Services and Other Information Requested, including to:
– provide Services and communicate with you;
– manage your information and Accounts;
– provide access to certain areas, functionalities, and features of our Services;
– answer requests for customer or technical support, and troubleshoot problems; and
– allow you to register for events.
For Administrative Purposes, including to:
– measure interest and engagement in our Site and Services;
– conduct research and development;
– improve or development new products and Services;
– ensure internal quality control;
– verify individual identity and for fraud prevention;
– communicate with you about your Account, activities on our Site and Services and policy changes;
– process your financial information and other payment methods for products or Services purchased (including through our third-party payment processor);
– prevent potentially prohibited or illegal activities;
– Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
– Debugging to identify and repair errors with our Services;
– Auditing relating to interactions, transactions and other compliance activities;
– enforce our Terms, and send you notices and alerts;
– comply with laws; and
– any other legitimate purpose.
To Market Our Products and Services.
You may contact us at any time to opt out of the use of your Personal Information for marketing purposes as described below, and we may use Personal Information to provide you with materials about offers, products, and Services that may be of interest to you, including:
– To tailor content, advertisements, and offers;
– To notify you about offers, products, and services that may be of interest to you;
– For direct marketing and research (including marketing research); and
– Other purposes disclosed to you, or that you consent to, when you provide Personal Information.
De-Identified and Aggregated Information Use.
We may use Personal Information and other information about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Site and Services, or other analyses we create. We may use de-identified or aggregated information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.
Sensitive Personal Information.
We may share your information as follows:
Vendors and Service Providers.
We may share your information with our vendors and service providers. For example, we may share your information with providers of IT, web hosting, and related services, or with our third-party payment processors, and other service providers that help us with the provision of the Site and Services.
We may provide Personal Information to our business partners with whom we jointly offer products or services. In such cases, our business partner’s name will appear along with ours.
Friends or Colleagues.
Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend and/or colleague to use our Services. Email addresses that you may provide for a friend or colleague will be used to send your friend or colleague the content or link you request, but will not be collected or otherwise used by Sisu or any other third parties for any other purpose.
Marketing – Interest-Based Advertising and Third-Party Marketing.
Through our Services, Sisu may allow third party advertising partners to set Technologies (defined below) and other tracking tools to collect information regarding your activities and your device (e.g., your IP address, mobile identifiers, page(s) visited, location, time of day). We may also combine and share such information and other information (such as demographic information and past purchase history) with third party advertising partners for targeted advertising or interest-based advertising. You will be able to opt out of such sharing by following the instructions below.
Disclosures to Protect Us or Others.
We may access, preserve, and disclose your Personal Information and other Account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect your, our or others’ rights, property, or safety; (iv) to enforce our policies or contracts; (v) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vi) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
Merger, Sale, or Other Asset Transfers.
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.
Information Posted on our Blogs and Community Forums.
If you post anything on any publicly accessible blogs, forums, social media pages, and private messaging features provided by the Services, you assume the risk that the Personal Information provided by you may be viewed and used by third parties for any number of purposes.
Our customers may choose to use our Services to Process some of their data, which may contain Personal Information. The data that we Process through our Services for our customers is Processed by us purely as a data processor, on behalf of our customer, and in accordance with our customers’ instructions, and our privacy practices governing the Processing of such data will be in accordance with contracts that we may have in place with our customers. If you have any questions or concerns about how such data is handled or would like to exercise your rights as a data subject, you should contact the person or entity who has contracted with us to use the Services to Process your data (i.e., the data controller). Our customers control the Personal Information in these cases and determine the details regarding their Account, including without limitation, how and for what purpose the data collected on their behalf should be Processed. We will, however, provide assistance to our customers to address any concerns you may have, in accordance with the terms of our contract with them. For a list of our sub-processors, contact us as described below.
European Economic Area (EEA), United Kingdom or Switzerland:
Sisu is subject to the enforcement and investigatory power of the Federal Trade Commission (FTC). European Union and Swiss individuals have the possibility, under certain conditions, to invoke binding arbitration.
If you have an unresolved complaint, arbitration is available through the US based JAMS ADR. This is an alternative dispute provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not satisfactorily resolved your complaint, you can visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to read how to file a complaint.
The services of JAMS EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield ADR are provided at no cost to you. Mediations will be conducted pursuant to JAMS International Mediation Rules.
You can look up your local Data Protection Authority on the European Data Protection Board website.
Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
Pixel Tags/Web Beacons.
A pixel tag (also known as a web beacon) is a piece of code embedded on the Site that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.
We may use Technologies and other third-party tools to process analytics information on our Services. Some of our analytics partners include:
We use such Technologies for these purposes:
– Operationally Necessary. This includes Technologies that allow you access to our Site, Services, applications, and tools that are required to identify irregular site behavior, prevent fraudulent activity and improve security or that allow you to make use of our functions such as saved search, or similar functions;
– Performance Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services and so we can improve our Services;
– Functionality Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Site and Services. This may include identifying you when you sign into our Site or Services or keeping track of your specified preferences, interests, or past items viewed;
– Advertising or Targeting Related. We may use first party or third- party Technologies to deliver content, including ads relevant to your interests, on our Site and Services or on Third Party sites.
The Services may contain links to other websites and other websites may reference or link to our Site or other Services. We do not control such third-party websites or resources. So please read the privacy policies of each such website before you provide any information on it. We may use third party APIs and software development kits (“SDKs”) as part of the functionality of our Services. APIs and SDKs may allow third parties including advertising partners to collect your Personal Information to provide content that is more relevant to you. For more information about our use of APIs and SDKs, please contact us as set forth below.
International data transfers.
All information Processed by us may be transferred, Processed, and stored anywhere in the world- the European Union, the United States or other countries. Personal Information may be stored in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Accordingly, Your Personal Information may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.
You may opt out of certain uses of your Personal Information, or even withdraw your previously provided consent at any time and prevent further Processing by contacting us as described below. Please note, however, that the opt out does not apply to, and we may still collect and use, any non-Personal Information regarding your activities on our Site, Services and/or information from the advertisements on third party websites for other legal purposes as described above.
Email and Telephone Communications.
“Do Not Track”.
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Sorry- we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Cookies and Interest-Based Advertising.
You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. You may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs via the following links: www.aboutads.info/choices/, www.networkadvertising.org/managing/opt_out.asp, http://www.youronlinechoices.eu/, and https://youradchoices.ca/choices/. Please note you must separately opt out in each browser and on each device. Advertisements on third party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.
In accordance with applicable law, you may have the right to: request confirmation of whether we are processing your Personal Information; obtain access to or a copy of your Personal Information; receive an electronic copy of Personal Information that you have provided to us, or ask us to send that information to another entity (the “right of data portability”); restrict our uses of your Personal Information; seek correction or amendment of inaccurate, untrue, incomplete, or improperly Processed Personal Information; and request erasure of Personal Information held about you by Sisu, subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, Sisu will take steps to verify your identity before fulfilling your request.
Security of your information.
The Site and Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect Personal Information from children. If you learn that your child has provided us with Personal Information without your consent, you may contact us as set forth below, and we’ll promptly take steps to delete such information and terminate the child’s account.
Supplemental Notice for California Residents.
This Supplemental California Privacy Notice only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California residents with the right to know what categories of personal information Sisu has collected about them and whether Sisu disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information below:
|Category of Personal Information Collected||Category of Third Parties Information is Disclosed to for a Business Purpose|
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, or other similar identifiers.
|Protected classification characteristics under California or federal law
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
|Internet or other electronic network activity
Browsing history, search history, information on a consumer’s interaction with an internet website, application, or advertisement.
|Professional or employment-related information
Current or past job history or performance evaluations.
The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth above.
“Sales” of Personal Information under the CCPA
For purposes of the CCPA, Sisu does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.
Additional Privacy Rights for California Residents
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth below.
Verification. To protect your privacy, we will take steps the following steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include name, email address, physical address, and phone number.
If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth below. We will process such requests in accordance with applicable laws.
When you apply at Sisu you choose to share information with us. We collect that personal information for legitimate business use. This includes evaluating candidates for posted and future opportunities. We use it for recording keeping, complying with legal requirements, protecting our legal rights, to perform background checks and emergency communications.
We use Lever for our recruiting software. We utilize a third party to perform background checks.
If you are located in the European Economic Area, you have the right to lodge a complaint with a supervisory authority if you believe our Processing of your Personal Information violates applicable law.
“Personal Information” is any information relating to an identified or identifiable natural person.
“Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.