Privacy Policies

Last updated: July 2020

Overview

This Privacy Policy (“Privacy Policy”, “Policy”) describes how SylLab Systems, Inc. (“SylLab”, “we”, “us” or “our”) collects, uses, shares, processes and protects personal information (“Personal Information”) relating to individuals (“you”, or “your”), who may use or interact with our websites or services, communicate with us, contact us, or attend our events. You may be a visitor to one of our websites, a user of one or more of our services (“User”), a collaborator, or a customer (“Customer”).

SylLab respects your privacy and is committed to the individual’s right to privacy and to protect your Personal Information (any information that relates to an identified or identifiable individual). Our belief is that any Personal Information provided to us by you is personal and private.

Note: SylLab does not rent, sell, or trade your Personal Information.

Scope

This Privacy Policy applies to all visitors of our websites, and users of our products, websites, features or services, or any other SylLab websites that link to this Policy (collectively, the “Websites”), unless covered by a separate privacy policy expressly, and explains how we collect, use, disclose, and safeguard your information. Please note that this Privacy Policy does not apply to the extent that we process Personal Information in the role of a processor (or a comparable role such as “service provider” in certain jurisdictions) on behalf of our customers, including where we offer to our customers’ various cloud products and services, through which our customers (and/or their affiliates) connect their own applications to our hosted platform, sell or offer their own products and services, send electronic communications to other individuals, or otherwise collect, use, share or process Personal Information via our cloud products and services.

Please read this Privacy Policy carefully.

As a global organization, we abide by all applicable data privacy laws, such as the California Consumer Privacy Act (“CCPA”), and the European Union’s General Data Protection Regulation (“GDPR”). Each of these laws focuses on transparency and trust.

Definitions

Our Privacy Policy is primarily based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). We believe that our policies should be legible and easy to understand for the general public, as well as our customers and business partners. Please review the definitions of the following terms as they are used in this Privacy Policy.

Personal Data

Personal data may be any information relating to an identified or identifiable natural person (“data subject” or “user” or “you”). An identifiable natural person is anyone who can be directly or indirectly identified, by reference to an identifier such as a name, an identification number, location data, online identifiers, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity specific to that natural person.

Sensitive Personal Data

This refers to the various categories of personal data identified by GDPR and other data privacy laws as requiring special treatment, including (in some circumstances) the need to obtain explicit consent. These categories comprise personal identity numbers, personal data about your personality and private life, racial or ethnic origin, nationality, political opinions, membership of political parties or movements, religious, philosophical or other similar beliefs, membership of a trade union or profession or trade association, physical or mental health, genetic code, addictions, sexual life, property matters or criminal records (including information about suspected criminal activities).

Data Subject

When you share personal data with us for processing, you become the data subject according to the General Data Protection Regulation, making us the controller responsible for its processing.

Controller, Controller Responsible for Processing

The legal person, public authority, agency or other body which determines the purposes and means of processing personal data, whether alone or jointly with others. Where the purposes or means of processing are determined by Union or Member State law or other applicable law, rules, or regulations, the controller (or the specific criteria for nominating the controller) may be provided for by the governing authority. For the purposes of Privacy Policy, and applicable data protection laws, rules, regulations, and provisions, SylLab is deemed to be the Controller.

Processing

We consider any operation or set of operations performed on any personal data to be processing, whether through automated means or otherwise. Such operations include collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, alignment or combination, restriction, erasure or destruction, and disseminating or otherwise making personal data available.

Pseudonymization

Processing personal data in a way that prevents that data from being attributed to a specific user without additional information is considered pseudonymization. This process ensures that information required to identify a natural person using pseudonymized data is kept separately, and is subject to both administrative and technical measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Processor

As defined by the General Data Protection Regulation, the processor is a natural or legal person, public authority, agency or other body that processes data on behalf of the controller.

Recipient

The recipient is any natural or legal person, public authority, agency or other body to which personal data is disclosed, whether a third party or otherwise. Public authorities, however, which may receive personal data in the framework of a particular inquiry (in accordance with the other applicable laws, rules, and regulations), are not considered recipients. Processing of personal data by those public authorities must be in compliance with the applicable data protection rules according to the purposes of such processing..

Third-Party

Third parties consist of any natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent

We consider that the consent of a user to be any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them, either by a statement or by a clear affirmative action.

Your Rights

SylLab recognizes, under the CCPA and the GDPR, that you have certain rights in regards to your Personal Information. SylLab considers that your privacy and ability to preserve and exercise your rights is very important. You are encouraged to review and understand these rights as they pertain to you and your Personal Information. In certain circumstances, these rights include, but are not limited to:

  • Right to be Informed: you have the right to be told why we process your Personal Information, our retention periods, and who it will be shared with.

  • Right of Access: you have the right to be provided with a copy of your Personal Information we process upon your request.

  • Right to Rectification: you have the right to have inaccurate Personal Information rectified, or completed if it is incomplete.

  • Right to Erasure: you have the right to have your Personal Information erased.

  • Right to Restrict Processing: you have the right to limit the way we use your data.

  • Right to Data Portability: you have the right to receive a copy of your Personal Information in a structured, commonly used, and machine-readable format and gives you the right to transmit those data to another controller without hindrance.

  • Right to Object: you have the right to object to the processing of your Personal Information at any time.

  • Right to not Being Profiled: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”); Automated Decision-Making currently does not take place on our websites or in our services.

  • Right to Non-Discrimination: CCPA prohibits covered businesses from discriminating against consumers for exercising their CCPA rights. This means we cannot charge a different price, deny access to our products, or impose penalties for exercising your rights under the CCPA.

  • Right to Withdraw Consent: you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.

You may exercise any of the above rights, with respect to your Personal Information upon request. You may update, correct, or delete your Personal Information; if you wish to delete or suspend your account, please note that we may retain certain information as required by law or for legitimate business purposes. If you have become aware that an account has been created about you without your knowledge or consent, you may contact us to request the deletion of that said account. To exercise your rights you may contact us by emailing contact@syllab.io.

For your protection, we may only respond with the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will respond to your request within thirty (30) days.

Note: We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may also retain cached or archived copies of your information for a certain period of time.

Data Collection

Overview

This Privacy Policy describes how we collect and use your Personal Data, whether it is shared and/or disclosed, and how we address privacy matters, such as deletion of your Personal Information upon request, and opting-out of marketing communications. Lastly, we describe methods for contacting us if you have privacy questions, comments, or feedback.

Data We Collect

While we try to limit the amount of data about you that we collect, it’s not always avoidable to provide our services to you. To receive services from us, you may be asked to share certain information as a contractual or statutory requirement (e.g., tax regulations). You are not obliged to share any information with us, however, refusal to do so may result in any existing or proposed contract to be terminated or otherwise rendered void.

More specifically, the information we may collect through the Websites includes:

We may collect personal data

When you access or register with our Websites, or when you choose to participate in other activities related to the Websites like online chat, contact or support, purchases, and subscriptions to services, you may be asked to voluntarily share personally identifiable information with us. This information includes details such as your name, email address, and telephone number, as well as demographic information such as your age and place of employment. You’re not obligated to provide us with any personal information of any kind, and you are free to change or completely remove any information shared with us at any time, however refusing to provide requested personal data might prevent you from using certain features of the Websites.

If you choose to register for an account with SylLab or on our Websites, it may be possible for you to share personal data with us. Personal data that we ask for will be indicated as such with an explanation of why we are requesting it, and what it will be used for. By registering and providing us with personal data in this manner, you are providing explicit consent for your information to be used in accordance with this Privacy Policy.

We may require additional verification of your consent through a double opt-in procedure where we send a confirmation email to the email address provided for legal purposes and to prevent abuse of our services. Other than confirmation emails, we will not send unsolicited email newsletters to an email address without first receiving consent.

We generally don’t seek to collect sensitive personal data through our Websites, but if we do, we will ask you to consent to our proposed uses of the data. We may also collect some sensitive personal data incidentally. By providing us with unsolicited sensitive personal data, you consent to our using the data subject to applicable law as described in this Privacy Policy.

You might provide financial data

When you purchase, order, return, exchange, or request information about our services from the Websites, you may be asked to share financial data with us related to your payment method. This information may include your valid credit card number, card brand, and expiration date, as well as other details necessary to process your payment information. We store only very limited (if any) financial information that we collect. Otherwise, all financial information is processed and stored by our payment processors, such as Transferwise, Stripe, or Paypal. We encourage you to review their privacy policies and contact them directly for responses to your questions.

You might voluntarily share additional data

We automatically collect any information you provide when you voluntarily submit it to us such as your first name, last name, email address, phone number, job title, and company name. You may choose to contact us by email or through our Websites for a variety of purposes such as product or company inquiries, customer support inquiries, and sales requests. Throughout our Websites, we may also provide the opportunity to register for events or conferences, order or request white papers, or participate in online surveys. When we collect this type of information, we will notify you as to why we are asking for information and how this information will be used. It is completely up to you to choose whether or not you want to provide it.

We also provide the ability to submit job applications to our open job listings. To appropriately respond to your application, we need to collect and process your provided personal data, which may also be carried out electronically. If we begin an employment contract with you, your submitted application data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. With your consent, we may store your application data for up to twelve (12) months for future consideration for employment with us. Otherwise, your application data will automatically be erased six (6) months after notification of the refusal decision, provided that we have no other legitimate interests that require such data such as the burden of proof under the Equal Opportunity Act and General Equal Treatment Act.

We do collect some general data

Whenever you (or any other manual or automated system) access our Websites, we collect some general data and information about the request and store the relevant details in server or system log files. This data includes details like your IP address, your browser type and version used, your operating system, the time and date you accessed the Websites, and the pages you viewed directly before and after accessing the Websites. Additional detail may be collected or derived from this information for use in the event of an attack on our information technology systems.

We use this information to make sure the content of our Websites is delivered correctly, to optimize our Websites content, marketing and advertisements, to ensure the long-term performance and viability of our information technology systems and Websites, as well as to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

To support these efforts, we analyze anonymously collected data and information statistically, with the aim of increasing the data protection and security of our company, and to maintain an optimal level of protection for the personal data we process. This anonymous data is stored separately from all personal data provided by users to protect their privacy and ensure that we do not draw any conclusions about any individual users when analyzing this data.

How long do we keep your data?

We only process and keep any personal data that you share with us for as long as needed to achieve the purpose of storage, as long as consent is maintained, or as long as it is granted by the legislators in laws or regulations we are subject to. The exact length of time we keep personal data depends on the respective statutory retention period for that type of information. After that period of time passes, or if storage of personal data is not applicable, personal data is routinely blocked, deleted or erased as long as it is no longer necessary for the fulfillment or initiation of a contract with us.

If you would like to withdraw your consent to data processing by us, we have established processes to support your requests. To withdraw consent for any purpose, please contact us at contact@syllab.io and allow a reasonable amount of time to respond to your request. Should you decide to opt-out of receiving future mailings, we might send you notices of any updates to our Terms of Service or Privacy Policy.

How do we use your information?

Having accurate information about you helps us provide a smooth, efficient, and customized experience. Generally speaking, we use any information we collect to provide services to you, keep our Websites running smoothly, and protect us legally. More specifically, we may use information collected about you via our Websites to:

  • Create and manage your account

  • Contact you about your account or orders and

  • Fulfill and manage purchases, orders, payments and other transactions related to the Websites or SylLab

  • Provide and deliver services to you upon request, process transactions, and send you related information including confirmations and invoices

  • Respond to your comments, questions and requests and provide customer service

  • Send you technical notices, updates, security alerts, and support and administrative messages

  • Compile anonymous statistical data for use internally or with third parties

  • Maintain and improve the efficiency and operation of our Websites and products

  • Assist with the development of our products and other purposes related to SylLab’s business

  • Monitor and analyze usage and trends to improve your experience with our Websites and products

  • Assist law enforcement and respond to subpoenas, and to resolve disputes and troubleshoot problems

In accordance with applicable law, information covered by this Privacy Policy may be transferred to, and processed in, the United States or any other country in which SylLab or its affiliates, subsidiaries or service providers maintain facilities, even if the level of data privacy required in that country is less than that required by the European Union or other jurisdictions. By accessing our Websites or submitting your personal data to us, you consent to such transfers and to the worldwide processing of your personal data.

SylLab will not use or share your personal information in ways unrelated to those described above without first notifying you and offering you a choice as to whether or not we may use your personal data in a different manner. We do not use automatic decision-making or profiling, and will not sell your personal data for any purpose.

To obey the law or protect rights

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies or fraudulent activities, or when we believe in good faith that disclosure is necessary to protect our rights, property, and safety, we may share your information as permitted or required by applicable laws, rule or regulation, including exchanging information with other entities for fraud protection and credit risk reduction. We will have no duty to notify you of such compliance with local law where applicable.

To support necessary business activities

We may share your information with investors for the purpose of conducting general business analysis. Additionally, we may share your personal information with third parties necessary to provide you with services you have requested such as our hosting, email service, analytics, customer service, or campaign management providers. These parties are authorized to use your personal data only as necessary to provide these services to us or on our behalf, and it is up to you whether or not you choose to provide it. We may also share your information with such third parties for marketing purposes, as permitted by applicable law, rule, or regulation. Where possible, we attempt to anonymize or pseudonymize your personal data to limit any potential for direct disclosure.

We will only share your personal information if you have agreed to allow us to share your information with third parties.

If you share choose to share it

Our Websites offer publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at contact@syllab.io.

Additionally, certain features on our Websites, specifically those for applying to a job opening at SylLab, you may use sign-in services such as LinkedIn or other OpenID providers. These services will authenticate your identity, provide you with the option to share certain personal information (such as your name and email address) with us, and to pre-populate our application form. Services like LinkedIn often give you the option to post information about your activities on our Websites to your profile page to share with others within your network.

We may also partner with other companies that offer products or services related to ours or that host or sponsor related events. In such instances, we may share your information with these business partners if you express interest in such products, services, or events if you provide your personal information to event sponsors at their booths or presentations.

Note: In some cases, we may not be able to guarantee the removal of your personal data, in which case we will let you know if we are unable to do so and why.

If you leave the Websites to a third party

Our Websites may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Additionally, some of our Websites may use framing techniques to serve content to or from our partners while preserving the look and feel of our Websites. Once you have used these links, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information.

Before visiting and providing any information to any third-party websites, we encourage you to inform yourself of the privacy policies and practices (if any) of the third-party responsible for that website. You should take those steps necessary to protect the privacy of your information as you see fit. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from the Websites.

It’s worth noting that we have no authority to manage or control third-party solicitations, and are not responsible for the content or actions of third parties with whom you share personal or sensitive data. If you no longer wish to receive correspondence, emails, or other communications from any third parties, you are responsible for contacting such third parties directly.

Note: SylLab does not endorse or make any representations about third-party websites. We encourage you to carefully read the privacy policy of any website you visit.

In the event of a merger or acquisition

If SylLab is involved in a merger, acquisition, sale of all or a portion of our assets, or bankruptcy, your information would be an asset transferred or acquired by the successor entity or third party. You acknowledge that such transfers may occur and that the transferee may decline to honor commitments we have made in this Privacy Policy. You will be notified by email and/or a prominent notice on our Websites of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

Security

SylLab takes appropriate administrative, technical, physical, and organizational security measures to protect your Personal Information from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once it is received, taking into account the nature of such information and the risks involved in processing, and comply with applicable laws and regulations. While we have taken reasonable steps to secure the Personal Information you provide to us, please be aware that despite our best efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. SylLab ensures to process your personal data only for the purposes mentioned in this privacy policy and to keep data no longer than necessary. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide Personal Information via our Websites.

If you have any questions about our security or have reason to believe that your interaction with us is no longer secure, please contact us at contact@syllab.io.

Policy for Children

Our Websites, services, and products are not intended for, nor designed to attract individuals under the age of eighteen (18). SylLab does not knowingly solicit or collect personally identifiable information from or market to individuals under the age of eighteen (18). If you are under age eighteen (18), please do not give us any Personal Information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help us enforce our Privacy Policy by instructing them to never share Personal Information through our Websites without their permission. If you suspect or become aware of any data we have collected from children under age eighteen (18), please contact us immediately using the contact information provided below.

European Union Privacy Rights: GDPR

SylLab is committed to subjecting all personal data received from the European Union (“EU”) member countries, in reliance on the General Data Protection Regulation (“GDPR”), to the GDPR’s applicable Principles.

SylLab is responsible for the processing of personal data we receive, under the GDPR. SylLab complies with the GDPR for all onward transfers of personal data from the EU, including, unless we prove that we are not responsible for the event giving rise to the damage, the onward transfer of liability provisions.

This section provides specific information about how SylLab complies with the GDPR. It supplements the information contained in the rest of our Privacy Statement and applies to all data subjects residing in the EU. If there is a conflict between this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

SylLab will process personal data only if and to the extent that at least one of the following applies:

  • You have given consent to the processing of your personal data for one or more specific purposes;

  • processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;

  • processing is necessary for compliance with a legal obligation to which SylLab is subject; or

  • processing is necessary for the purposes of the legitimate interests pursued by SylLab or by a third party, except where such interests are overridden by your interests or your fundamental rights and freedoms.

When we collect personal data from you, we will make sure that you are aware of the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; if applicable, the legitimate interests pursued by SylLab or by a third party; the recipients or categories of recipients of the personal data, if any; and where applicable, the appropriate or suitable safeguards to protect your personal data. We will also inform you of the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period; your right to request access to and rectification or erasure of personal data or restriction of processing or to object to processing as well as the right to data portability; if processing is based on consent, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; your right to lodge a complaint with a supervisory authority; whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract with us, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data; and the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

You may exercise your data subject rights under Articles 15 to 22 of the GDPR by contacting contact@syllab.io. SylLab will provide information on action taken on a request under Articles 15 to 22 to you without undue delay and in any event within one (1) month of receipt of the request.

If we need to extend by two (2) further months where necessary, taking into account the complexity and number of the requests that require more time, then SylLab will inform you of any such extension within one (1) month of receipt of the request, together with the reasons for the delay. The request shall be made through contact@syllab.io and we will provide the information to you in the same manner, unless otherwise requested by you.

If SylLab does not take action on your request, we will inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on your possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

For our Software Solutions, SylLab is a Data Processor of EU Personal Data under the direction of our Customers who are Data Controllers. Here, SylLab has no direct relationship with the individuals whose Personal Data it processes. If you are a customer of one of our Customers and would no longer like to be contacted by one of our Customers that use our Services, please contact the Customer that you interact with directly. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct queries to the appropriate SylLab Customer (the Data Controller). If a SylLab Customer requests our assistance in the removal of data, SylLab will respond to such requests within twenty (20) business days.

California Privacy Rights: CCPA

The California Consumer Privacy Act (CCPA) is a new data privacy law that applies to certain businesses that collect Personal Information from California residents. The law became effective on January 1, 2020.

Please note that SylLab does not rent or sell any Personal Information.

In addition, California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits California residents to request and obtain from us, once a year and free of charge, 1) information about categories of Personal Information (if any) we disclosed to third parties for direct marketing purposes, and, 2) the names and addresses of the third parties with which we shared Personal Information in the preceding calendar year.

If you are under eighteen (18) years of age, reside in California, and have a registered account with our Websites, you have the right to request removal of unwanted data that you publicly post on our Websites. To request the removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on our Websites, but please be aware that the data may not be completely or comprehensively removed from our systems.

If you are a California resident and would like to make a request, please submit your request in writing to us using the contact information provided below.

Notice to All Non-U.S. Residents

Our servers are located in the U.S. If you are located outside of the U.S., please be aware that any information provided to us, including Personal Information, will be transferred from your country of origin to the U.S. SylLab transfers and processes data, including the data transfers under the GDPR, in accordance with applicable laws and regulations.

Changes to this Privacy Policy

If SylLab makes material changes to this Privacy Policy, SylLab will revise these terms by indicating the “Last Updated” date at the top of this Privacy Policy, and in some cases, SylLab may provide you with more prominent notice (such as adding a statement to our homepage or sending an email notification to our customers and/or users). Any changes or modifications will be effective immediately upon posting of the updated Privacy Policy, and you waive the right to receive specific notice of such changes or modifications.

We encourage you to review the Policy whenever you access the Websites and Services to stay informed about our information practices and the ways you can help protect your privacy. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes to the Privacy Policy by your continued use of the Websites and Services after the date such Privacy Policy is posted.

Contact Us

For any and all privacy-related matters, questions, or comments, or to exercise a right under the GDPR, the CCPA, or others you may contact us by email. Our contact information is as follow:

Email: contact@syllab.io

Please allow a reasonable amount of time to respond to your request.