Effective Date: August 18, 2021
Company also complies with the European Union’s General Data Protection Regulation (GDPR), enforceable as of May 25, 2018. EU citizens also have the right to lodge a complaint with a supervisory authority.
Finally, Company complies with the California Consumer Privacy Act of 2018 (“CCPA”). A consumer whose personal information is covered by CCPA (as defined in that law) may contact Company as follows to request required disclosures under CCPA:
- Toll-free at 800-775-3772; or
- Using the contact form available at https://www.sona-systems.com/contact.aspx
The most recent version of this Policy will always be available at this address. Any changes to this policy, other than necessary to remedy typographical errors, will be announced by email to customers to the primary address you have on file with us.
- Information obtained via inquiries
- Information necessary to provide Company’s services to customers; and
- Information processed by Company while providing services to customers.
How Company uses information obtained via inquiries
When a third party contacts us via our website or other means, Company may collect information voluntarily provided by that third party, including (“Inquiry Information”):
- Third party’s Corporate name;
- Name of an individual who serves as the third party’s contact;
- Email address of contact person
How Company uses information necessary to provide Company’s services to customers
Company collects the following information from customers when they contract for Company’s services (the “Customer Record”):
- Customer corporate name;
- Contact name of an individual at customer’s location who is responsible for the services;
- Email addresses provided to Company by the customer as contact points;
- Physical address; and
- Payment information.
Information that is part of the Customer Record will be used by Company to:
- Collect payment;
- Market Company’s services to the customer;
- Contact the customer about issues related to the service; and
- Contact the customer about issues of general interest to Company’s customers;
- In response to an inquiry about the status of Company’s services and to provide troubleshooting about those services.
The Customer Record may be shared with third parties only in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
The Customer Record will only be sold by Company in conjunction with the sale, or other acquisition, of its business. It is not otherwise sold or rented to third parties.
The Company does not market to individuals under sixteen years of age and does not knowingly collect information directly from these individuals.
Customer Record information is collected on the basis of the contractual relationship between the Company and Customer, except that contact names and email addresses of individuals may be collected on the basis of the Company’s legitimate interest in having one or more contacts with whom Company can correspond regarding the Customer. Customers may opt out of providing information for their Customer Record by declining to be Customers. Providing information for a Customer Record is required to become a Customer. Customers may request from the Company access to, rectification of, erasure of, restriction of processing of the Customer Record when applicable, and may inform the Company by email of any changes to the Customer Record. Customers also have the right to object to processing of applicable data within the Customer Record and the right to data portability.
How Company uses information processed by it while providing services to customers
Company’s services process the following personally identifiable information provided to Company by its customers (the “Subject Information”):
- Full name and email address of each user, and user’s language preference for the system interface.
- Other information chosen by the customer in Company’s interface, which may include, but is not limited to: university identification number, telephone number, course enrollment information, study sign-up information, research data collected in online surveys, data collected as part of prescreening for eligibility in research studies.
For the sake of clarity, you should know that Company does not collect this Subject Information independently and does not export any Subject Information that originates in the EU.
Subject Information will be used by Company to:
- Perform the services as set out in the agreement between Company and its customer;
- To maintain the infrastructure that supports the services; and
- In response to an inquiry by the customer providing the Subject Information to Company to troubleshoot those services.
Subject Information will be provided to third parties in the following circumstances:
- To backup the Subject Information;
- As authorized by Company’s customer; and
- In response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Subject Information will only be sold by Company in conjunction with the sale, or other acquisition, of its business.
How Company uses other types of information
Google Analytics. Company uses Google Analytics where visitors to our website consent to such use. You may view information about how Google Analytics collects and processes data at: www.google.com/policies/privacy/partners/. When you first visit or use our website, you will be asked to consent to the storing and accessing of cookies and other information on your computer or other electronic device.
Statistical Information. Company uses statistical information to operate the infrastructure necessary to provide the services to customers and to diagnose problems with this infrastructure. Statistical information is the following: the IP address used by a customer, or subject, to access the services; page access information; study selection, modification, and other transactional information related to the studies and study sign-ups. Statistical information is not used in conjunction with Subject Information. Statistical Information, including IP address, is collected on the basis of the Company’s legitimate interest in operating its infrastructure so as to provide services to its customers. Statistical information is not sold by Company, or used outside the services, other than as necessary to provide, troubleshoot, and bill the services to customers.
Credit Card Information. The Company directs Customers who seek to pay by credit card to a credit card processing company. This may be either PayPal or Stripe, depending upon the amount of the transaction and the currency in which Customer proposes to pay. Information transmitted to a credit card company directly by Customers is governed by and subject to the terms and conditions of such credit card processing company.
Deletion and Preservation of Information. Information covered by this Policy may be deleted upon a customer’s request or, for Subject Information, by customer’s own independent action in its discretion. Absent a request for deletion, Company may otherwise retain Customer Record and Inquiry Information for the convenience of those using or inquiring about its services. Company may also retain information as required by law.
Changing and Correcting Information. To access or update Customer Record or Inquiry Information, customer must contact Company as described above in this Policy. Subject Information can be accessed or updated by a data subject or by customer’s administrator.