Sisu Data, Inc. Privacy Policy

Effective Date: March 26, 2020

This Privacy Policy explains how we collect, use, share, and protect your Personal Information, and the choices you have.

Sisu complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union, United Kingdom (UK) and Switzerland, as applicable, to the United States. Sisu adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. Sisu is responsible for any information received and subsequently sends to any third parties (‘onward transfer’) and shall remain liable under the Principles of the Privacy Shield if any agent processes such data in a manner inconsistent with the Principles, unless Sisu demonstrates that it is not responsible for the event giving rise to the damages. If there is any conflict between the terms in this policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. You can read more about Privacy Shield at https://www.privacyshield.gov.

Scope

This Privacy Policy applies to Personal Information Processed by Sisu Data, Inc. (“Sisu”, “we” or “us”) in our business, including on our website (each a “Site”), our web application, and any forums, blogs, and other services (collectively, the “Services”). All those Processing Personal Information for us are expected to comply with this Privacy Policy.

What personal information do we collect?

This is how we collect Personal Information from our customers, users, and visitors of our Site:

Account Creation.
If you create an account by registering with the Services (“Account”), we’ll collect certain Personal Information about you, such as your name, email address, physical address, and phone number.

Communications with Us.
We may collect Personal Information from you such as email address, phone number, or mailing address when you request information about our Services, register for our newsletter, request customer or technical support, or otherwise communicate with us.

Data Collected via Our Services.
We will collect any and all information, data files, and databases (including any of your or your customers’ Personal Information included in such data files or databases), provided by you to the Services whether directly by transferring such files, or indirectly by granting Sisu access to your third-party accounts where such files are stored.

Security Credentials Data.
We collect user IDs, passwords, password hints, and similar security information required for authentication and access to our users’ accounts.

Surveys.
We may contact you to participate in surveys. If you decide to participate, we may ask you for certain information which may include Personal Information.

How do we use your information?

We process Personal Information about you for a variety of business purposes, including:

To Provide Services and Other Information Requested, including to:
– provide Services and communicate with you;
– manage your information and Accounts;
– provide access to certain areas, functionalities, and features of our Services;
– answer requests for customer or technical support, and troubleshoot problems; and
– allow you to register for events.

For Administrative Purposes, including to:
– measure interest and engagement in our Site and Services;
– conduct research and development;
– improve or development new products and Services;
– ensure internal quality control;
– verify individual identity and for fraud prevention;
– communicate with you about your Account, activities on our Site and Services and policy changes;
– process your financial information and other payment methods for products or Services purchased (including through our third-party payment processor);
– prevent potentially prohibited or illegal activities;
– enforce our Terms, and send you notices and alerts;
– comply with laws; and
– any other legitimate purpose.

To Market Our Products and Services.
You may contact us at any time to opt out of the use of your Personal Information for marketing purposes as described below, and we may use Personal Information to provide you with materials about offers, products, and Services that may be of interest to you, including:
– To tailor content, advertisements, and offers;
– To notify you about offers, products, and services that may be of interest to you;
– For direct marketing and research (including marketing research); and
– Other purposes disclosed to you, or that you consent to, when you provide Personal Information.

De-Identified and Aggregated Information Use.
We may use Personal Information and other information about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Site and Services, or other analyses we create. We may use de-identified or aggregated information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.

Sensitive Personal Information.
You are prohibited from providing us any sensitive personal information or special categories of personal information (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometrics or genetic data for the purposes of identifying an individual, health information) on or through the Service or otherwise. If you do disclose any sensitive personal information to us, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not provide it.

With whom do we share your information?

We may share your information as follows:

Vendors and Service Providers.
We may share your information with our vendors and service providers. For example, we may share your information with providers of IT, web hosting, and related services, or with our third-party payment processors, and other service providers that help us with the provision of the Site and Services.

Business Partners.
We may provide Personal Information to our business partners with whom we jointly offer products or services. In such cases, our business partner’s name will appear along with ours.

Friends or Colleagues.
Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend and/or colleague to use our Services. Email addresses that you may provide for a friend or colleague will be used to send your friend or colleague the content or link you request, but will not be collected or otherwise used by Sisu or any other third parties for any other purpose.

Marketing – Interest-Based Advertising and Third-Party Marketing.
Through our Services, Sisu may allow third party advertising partners to set Technologies (defined below) and other tracking tools to collect information regarding your activities and your device (e.g., your IP address, mobile identifiers, page(s) visited, location, time of day). We may also combine and share such information and other information (such as demographic information and past purchase history) with third party advertising partners for targeted advertising or interest-based advertising. You will be able to opt out of such sharing by following the instructions below.

Disclosures to Protect Us or Others.
We may access, preserve, and disclose your Personal Information and other Account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect your, our or others’ rights, property, or safety; (iv) to enforce our policies or contracts; (v) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vi) if we, in good faith, believe that disclosure is otherwise necessary or advisable.

Merger, Sale, or Other Asset Transfers.
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.

Information Posted on our Blogs and Community Forums.

If you post anything on any publicly accessible blogs, forums, social media pages, and private messaging features provided by the Services, you assume the risk that the Personal Information provided by you may be viewed and used by third parties for any number of purposes.

Information we process on behalf of our customers (as data processors)

Our customers may choose to use our Services to Process some of their data, which may contain Personal Information. The data that we Process through our Services for our customers is Processed by us purely as a data processor, on behalf of our customer, and in accordance with our customers’ instructions, and our privacy practices governing the Processing of such data will be in accordance with contracts that we may have in place with our customers. If you have any questions or concerns about how such data is handled or would like to exercise your rights as a data subject, you should contact the person or entity who has contracted with us to use the Services to Process your data (i.e., the data controller). Our customers control the Personal Information in these cases and determine the details regarding their Account, including without limitation, how and for what purpose the data collected on their behalf should be Processed. We will, however, provide assistance to our customers to address any concerns you may have, in accordance with the terms of our contract with them. For a list of our sub-processors, contact us as described below.

European Economic Area (EEA) or Switzerland:
If you are based in the EEA or Switzerland, you acknowledge and agree that we may transfer the data we process on your behalf, which may include Personal Information, to our facilities in the United States or elsewhere, including those of third parties as described in this Privacy Policy. In order to meet the requirements of the EU General Data Protection Regulation (“GDPR”) upon your written request, we will make available a Data Protection Addendum and/or Standard Contractual Clauses approved by the European Commission (“SCCs”) to ensure the adequate protection of Personal information we process on your behalf. You can use the contact information at the bottom of this privacy policy to communicate with Sisu.

Sisu is subject to the enforcement and investigatory power of the Federal Trade Commission (FTC). European Union and Swiss individuals have the possibility, under certain conditions, to invoke binding arbitration.

If you have an unresolved complaint, arbitration is available through the US based JAMS ADR. This is an alternative dispute provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not satisfactorily resolved your complaint, you can visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to read how to file a complaint.

The services of JAMS EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield ADR are provided at no cost to you. Mediations will be conducted pursuant to JAMS International Mediation Rules.

You can look up your local Data Protection Authority on the European Data Protection Board website.

Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising

We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services. Technologies are essentially small data files placed on your computer, tablet, mobile phone, or other devices that allow us to record certain pieces of information whenever you visit or interact with our Site and Services.

Cookies.
Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.

Pixel Tags/Web Beacons.
A pixel tag (also known as a web beacon) is a piece of code embedded on the Site that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.

Analytics.
We may also use various analytics service providers including, Google Tag Manager and Google Analytics, to collect information regarding visitor behavior and visitor demographics on our Site and Services. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/
You can opt out of collection and Processing of data by these individual analytics services by accessing the following links: (i) for opting out of collection by Google, you can use the following link: http://tools.google.com/dlpage/gaoptout;

We use such Technologies for these purposes:
– Operationally Necessary. This includes Technologies that allow you access to our Site, Services, applications, and tools that are required to identify irregular site behavior, prevent fraudulent activity and improve security or that allow you to make use of our functions such as saved search, or similar functions;
– Performance Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services and so we can improve our Services;
– Functionality Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Site and Services. This may include identifying you when you sign into our Site or Services or keeping track of your specified preferences, interests, or past items viewed;
– Advertising or Targeting Related. We may use first party or third- party Technologies to deliver content, including ads relevant to your interests, on our Site and Services or on Third Party sites.

Third party websites, social media platforms and SDKs

The Services may contain links to other websites and other websites may reference or link to our Site or other Services. We do not control such third-party websites or resources. So please read the privacy policies of each such website before you provide any information on it. We may use third party APIs and software development kits (“SDKs”) as part of the functionality of our Services. APIs and SDKs may allow third parties including advertising partners to collect your Personal Information to provide content that is more relevant to you. For more information about our use of APIs and SDKs, please contact us as set forth below.

International data transfers.
All information Processed by us may be transferred, Processed, and stored anywhere in the world- the European Union, the United States or other countries. Personal Information may be stored in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Accordingly, Your Personal Information may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.

Your choices

General.
You may opt out of certain uses of your Personal Information, or even withdraw your previously provided consent at any time and prevent further Processing by contacting us as described below. Please note, however, that the opt out does not apply to, and we may still collect and use, any non-Personal Information regarding your activities on our Site, Services and/or information from the advertisements on third party websites for other legal purposes as described above.

Email and Telephone Communications.
We may periodically send you free newsletters and e-mails that directly promote our Services. When you receive such promotional communications from us, you will have the opportunity to use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding Services you have requested, and you will not be able to opt out of those communications (e.g., communications regarding the Services, your Account, or updates to our Terms or this Privacy Policy).

“Do Not Track”.
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Sorry- we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Do Not Sell My Information.
We collect information for the purposes of providing the Sisu website, marketing information, hiring or using the Sisu service. We do not sell that information. Nonetheless you can contact Sisu via [email protected] or the address at the bottom of this page.

Cookies and Interest-Based Advertising.
You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. You may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs via the following links: www.aboutads.info/choices/, www.networkadvertising.org/managing/opt_out.asp, http://www.youronlinechoices.eu/, and https://youradchoices.ca/choices/. Please note you must separately opt out in each browser and on each device. Advertisements on third party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.

Rights of access, reification, erasure and restriction

In accordance with applicable law, you may have the right to: request confirmation of whether we are processing your Personal Information; obtain access to or a copy of your Personal Information; receive an electronic copy of Personal Information that you have provided to us, or ask us to send that information to another entity (the “right of data portability”); restrict our uses of your Personal Information; seek correction or amendment of inaccurate, untrue, incomplete, or improperly Processed Personal Information; and request erasure of Personal Information held about you by Sisu, subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, Sisu will take steps to verify your identity before fulfilling your request.

Data retention.
Sisu retains the Personal Information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected.

Security of your information.
We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we’ll attempt to notify you electronically by posting a notice on the Services, by mail or e-mail.

Children’s information.
The Site and Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect Personal Information from children. If you learn that your child has provided us with Personal Information without your consent, you may contact us as set forth below, and we’ll promptly take steps to delete such information and terminate the child’s account.

California privacy rights.
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. Except as otherwise provided in this Privacy Policy, Sisu does not share Personal Information with third parties for their own marketing purposes. California law also permits California residents to delete certain collected information and opt-out of the collection of information. We will not discriminate against you for the exercise of your rights under the CCPA.

We have collected identifiers in the preceding 12 months, including name, IP (internet protocol) address, email address or other similar identifiers. This is collected indirectly, by visiting our Site. This is collected directly, by filling out a form requesting a response or Services.

We have collected job applicant information in the preceding 12 months. More information is available under the Job Applicant section.

In the preceding 12 months we have not sold personal information.

In the preceding 12 months we have not disclosed personal information for a business purpose, excluding service providers needed to provide Sisu services.

Job applicants.
When you apply at Sisu you choose to share information with us. We collect that personal information for legitimate business use. This includes evaluating candidates for posted and future opportunities. We use it for recording keeping, complying with legal requirements, protecting our legal rights, to perform background checks and emergency communications.

We use Lever for our recruiting software. We utilize a third party to perform background checks.

Supervisory authority.
If you are located in the European Economic Area, you have the right to lodge a complaint with a supervisory authority if you believe our Processing of your Personal Information violates applicable law.

Changes to our privacy policy.
We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law, by posting the updated Privacy Policy on our Services or other communication to you, and updating the “Effective Date” above. You understand that the new Privacy Policy will apply if you continue to use the Services.

Definitions.
“Personal Information” is any information relating to an identified or identifiable natural person.
“Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Contact us
If you have any questions about our privacy practices or this Privacy Policy, please contact us at:
535 Mission Street, Suite 1100, San Francisco, CA 94105 or [email protected].