For the purposes of EU data protection laws (“Data Protection Law“), Sonnedix is data controller (i.e., the company who is responsible for, and controls the processing of, your personal data).
Sonnedix will notify you of the following:
- What personally identifiable information is collected from you as part of any Service, how it is used and with whom it may be shared.
- What choices are available to you regarding the use of your data.
- The security procedures in place to protect the misuse of your information.
- How you can correct any inaccuracies in the information.
Information Collection, Use, and Sharing
We only have access to collect information that you voluntarily give us via email or other direct contact from you.
The categories of information we collect can include:
- Information you provide to us directly. We may collect personal information such as your contact information including your full name and e-mail address. We may also collect information when you sign up for our mailing list, fill out a contact form on our website, or otherwise communicate with us. We may also collect any communications between you and Sonnedix and any other information you provide to Sonnedix.
- Information we receive from third parties. From time to time, we may receive information about you from third parties and other users, such as our business partners. We may also collect information about you that is publicly available.
Sonnedix will use your information to respond to you, regarding the reason you contacted us. Sonnedix will not sell or rent this information to anyone. We will also use this information to consider potential business opportunities with you, as well as do business with you.
We will also use your information to operate, maintain, and provide to you the features and functionality of our website, to prevent fraud or other unauthorized or illegal activity and to diagnose or fix technology problems on our website.
In addition, Sonnedix performs routine background checks on our potential business partners to comply with bribery, anti-corruption and anti-money laundering laws and regulations. To do this, we may collect your date of birth, place of birth, tax id, passport number, any other government identification number(s), address, phone number, employment and educational background as well as your criminal history.
We may share your personal information with:
- Third party service providers that perform services on our behalf, as needed to carry out their work for us, which may include preventing fraud or other illegal activity, such as anti-money laundering services, verifying your identity and status as an accredited investor, identifying and serving targeted advertisements, providing mailing services, providing tax and accounting services, web hosting, or providing analytic services;
- Other companies and brands owned or controlled by Sonnedix and other companies owned by or under common ownership as Sonnedix, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies will use your personal information in the same way as we can under this Policy;
- Other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party, or in the event of a bankruptcy or related or similar proceedings; and
- Third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Service or to protect the security or integrity of our services; and/or (c) to exercise or protect the rights, property, or personal safety of Sonnedix, our visitors, or others.
We may also share information with others in an aggregated or otherwise anonymized form that does not reasonably identify you directly as an individual.
Legal basis for processing in the EU
In the EU, the purposes for which we process your personal data are:
- because it is necessary for the performance of any contractual relationship we have with you;
- where it is necessary for compliance with our legal obligations laid down by EU law;
- where in our legitimate interests (provided these are not overridden by your interests and fundamental rights and freedoms – this includes our own legitimate interests and those of other entities and branches in our group of companies) such as:
- to contact you and respond to your requests and enquiries;
- for business administration, including statistical analysis;
- to provide your with our services;
- for fraud prevention and detection; and
- to comply with applicable laws, regulations or codes of practices such as the Foreign Corrupt Practices Act 1977.
Storing and transferring your personal information
- International Transfers of your personal information. As we have subsidiaries located in the USA, any information you provide may be processed and stored in the USA. If you are in the EU or EEA, this may mean that your personal information will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal information than the jurisdiction you are typically resident in.
Jurisdiction and Enforcement
- As part of our participation in the Privacy Shield, SUSASL is subject to the investigatory and enforcement powers of the US Federal Trade Commission (“FTC”).
- For European Union residents, you also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
- We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States. Under certain conditions specified by the Principles, you may also be able to invoke binding arbitration to resolve your complaint. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information and to file a complaint. The services of JAMS are provided at no cost to you.
Your Access to and Control Over Information
You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website or by contacting: email@example.com.
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Have us delete any data we have about you.
- Express any concern you have about our use of your data.
For residents in the EU
Consumers residing in the EU are entitled to certain rights over how we use personal information, including right of access, right to rectification, right to erasure, right to restriction and right to make a complaint to the relevant supervisory authority. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
You may contact us to discuss how to exercise those rights by sending an email to firstname.lastname@example.org.
If you are located in the EU, you have the following rights in respect of your personal data that we hold:
- Right of access. The right to obtain access to your personal data.
- Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
- Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal data in certain circumstances, such as where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data.
- Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another.
- Right to object. You have a right to object to processing based on legitimate interests and direct marketing.
If you wish to exercise one of these rights, please contact us using the contact details at the end of this Policy.
You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Sonnedix take precautions to protect your information. The computers on which we store personally identifiable information you may have provided to us are kept in a secure environment. For example, we use Security Sockets Layer (SSL) encryption technology to encrypt sensitive personal information we collect through this website. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
For individuals based in the EU, we store personal data for as long as necessary to fulfil the purposes for which we collect the data (see above under “Information Collection, Use, and Sharing”), except if required otherwise by law.
Changes to our Policy