Sonatype, Inc. Privacy Policy

TRUSTe

November 9, 2023

Sonatype, Inc., and its subsidiaries (collectively referred to as “Sonatype,” “our,” “us,” and “we”), understand that you care about how we collect, use, and share information when you interact with our websites, events, contests and surveys, social media sites and handles, email, support services, products and online services (our “Services”), and we value the trust you place in us. This Privacy Policy explains:

We also include specific disclosures for residents of the state of California and of the United Kingdom, European Economic Area, and Switzerland.

This Policy applies when you interact with us through our Services. It also applies anywhere it is linked. It does not apply to non-Sonatype websites, mobile applications, and events that may link to the Services or be linked to or from the Services, including local events organized and hosted by third-parties. Please directly review the privacy policies for those non-Sonatype websites, applications, and events to understand how their privacy practices may differ.

Information We Collect 

Information you give us

Some of the Services may include features or services that permit you to enter contact information and other information about you. We collect and store any information you enter on our Services. This includes:

  • Name, contact and demographic information when completing forms or registering to use our Services.
  • Payment information and associated contact information when engaging in a transaction on our site.
  • Appointment booking and event registrations you carry out through our site.
  • Email address information when subscribing to our email newsletters or marketing communications.
  • Any information or data you provide by interacting in our online forums and chatrooms, or by commenting on content posted on our Services. Please note that these comments are also visible to other users of our Services and may also be visible to the public.
  • Information you provide if you complete a survey administered by us or a service provider acting on our behalf.
  • Information you provide if you participate in a contest that we offer.
  • A record of correspondence and any contact information provided if you contact us.

If you apply for employment with us, we also collect and store any information that you provide in connection with your application. This includes:

  • Your name, phone number, and email address.
  • Your citizenship or immigration status.
  • Information that you voluntarily may choose to provide, such as your social media profile(s), gender, race, disability status or veteran status, current employer, professional or employment experience, and educational background.

Information We Collect Automatically

When you interact with the Services, certain information about your use of our Services is collected automatically. This includes:

  • Details of your visits to our site and information generated in the course of the use of our Services (including the timing, frequency, and pattern of service use) including, but not limited to, traffic data, Internet Protocol (“IP”) address, Internet Service Provider (“ISP”), date and time stamps, clickstream data, weblogs, other communication data, the resources that you access, and how you reached and exited the site.
  • Details regarding the device you use to access our Services, including, but not limited to, your IP address, operating system, and browser type.
  • Information about how you interact with our ads, newsletters, and marketing communications, including whether you open or click links in any correspondence.
  • Information that you make available to us on a social media platform (such as by clicking on a social media icon linked from our Services), including your account ID or username and other information included in your posts.

Third-Party Cookies and Tracking Technologies

Much of the above information is collected through cookies, web beacons, and other tracking technologies, as well as through your web browser or device. Sonatype relies on partners to provide many features of our sites and Services using data about your use of our and other sites, and how you interact with our emails.

Please visit our Cookie Notice for more information about how we use different categories of cookies and similar technologies and your options for managing their collection of data. We currently do not take steps to respond to browsers’ “Do Not Track” signals as no uniform standard to respond to such signals has been developed at this time.

You can learn more about ad serving companies and the options available to limit their collection and use of your information by visiting the websites for the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative. Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings and by resetting the advertiser ID on your Apple or Android device.

Please note that opting out of advertising networks services does not mean that you will not receive advertising while using our Services or on other websites, nor will it prevent the receipt of interest-based advertising from other companies that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms. If you delete your cookies, you may also delete your opt-out preferences.

How We Use and Protect Your Information

We may use the information we collect from you for the following purposes:

  • To provide you with our products and services, including to take steps to enter into a contract for sale or for services, process payments, fulfill orders, verify identity, process contest entries and prizes, and send service communications.
  • To enable additional features on our Services and to provide you with a personalized service.
  • Create custom audiences on social media sites.
  • To provide you with the best service and improve and grow our business, including by sending invitations to take part in surveys and market research, understanding our customer base and purchasing trends, and understanding the effectiveness of our marketing.
  • To understand how our Services are being used, track site performance, and make improvements.
  • To deliver tailored advertising on our Services based on your preferences or interests across services and devices and measuring the effectiveness of ads.
  • To plan, conduct, and administer our business, including responding to comments and complaints about our products and services, maintaining records and accounts, and in connection with legal claims, compliance, regulatory, and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation).
  • To detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal, and to comply with legal requirements regarding the provision of products and services.
  • To process and evaluate your application for employment.

How We Secure the Information We Collect From or About You

The security of your personal information is very important to us. When you enter sensitive information (such as credit card number or your password), we encrypt that information using reasonable security measures during transmission and upon receipt. We always use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services. While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf. If you have any questions about security on our Site, you can contact us at security@sonatype.com.

How We Share Your Information

  • Service Providers and Contractors: We engage vendors to perform certain functions on our behalf such as: billing and collection providers; auditing and accounting firms; professional services consultants; providers of analytics services; security vendors; employment recruiters, and IT vendors.
  • Social Media Platforms: Where you choose to interact with us through social media, your interaction with these programs typically allows the social media company to collect some information about you through digital cookies and other tracking mechanisms that they place on your device. In some cases, the social media company may recognize you through its digital cookies even when you do not interact with their application. Please visit the social media companies’ respective privacy policies to better understand their data collection practices and the controls they make available to you.
  • Companies involved in advertising: We partner with companies that assist us in advertising about our Services to others who may be interested in the Services. These companies may use tracking technologies on our website to collect or receive information from the Services and elsewhere on the internet and use that information to provide measurement services and target ads.
  • Corporate Affiliates: We share customer data with our subsidiary companies.

Cross-border Transfer of Data

If you use our Services outside of the United States, you understand that we may collect, process, and store your information in the U.S. and other countries. The laws in the U.S. regarding information may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law. By using the Services, you consent to the collection, international transfer, storage, and processing of your data.

Additional Information About Our Data Collection and Sharing Practices

Customer Testimonials

We post customer testimonials on our web site which may contain personal information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at privacy@sonatype.com.

Sonatype Blog

Our website offers a publicly accessible blog, which is managed by a third-party application that may require you to register to post a comment. We do not have access or control of the information posted to the blog. You will need to contact or login to the third-party application if you want the personal information that was posted to the comments section removed. To learn how the third-party application uses your information, please review their privacy policy.

Sharing of Aggregated Data

We may share aggregated or de-identified data at our discretion, including with marketing agencies, media agencies, and analytics providers. These other companies will not be able to relate this data to identifiable individuals.

Lawful Requests

We may share data when we believe in good faith that we are lawfully authorized or required to do so to respond to lawful subpoenas, warrants, court orders, or other regulatory or law enforcement requests, including requests made by public authorities to meet national security or law enforcement requirements.

Combination of Information

We purchase lead data from third parties and combine it with information we already have about you in our records to create tailored business leads.

Children Under Age 16

Sonatype does not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register for an account or event. If you are under 16, please do not attempt to send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 16 may provide any personal information to or on the Service. In the event that we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us at privacy@sonatype.com.

Change of Ownership or Corporate Organization

We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Policy.

Your Options and Rights Regarding Your Information

Please log into your account to update your contact information and payment method, as applicable.

If at any time you would like to unsubscribe from receiving future emails, you can click the unsubscribe link at the bottom of any email newsletter or marketing communication, or separately email us at privacy@sonatype.com and we will promptly remove you from all correspondence.

Your California Privacy Rights

Persons with disabilities may obtain this notice in alternative format upon request by contacting us at privacy@sonatype.com or calling toll-free: 1-888-890-1530.

The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to know/access, delete, correct, and limit sale and sharing of Personal Information. You also have the right to be free from discrimination based on your exercise of your CCPA rights. For more information about the CCPA, including how to exercise rights that you may have under the CCPA, please see our California Privacy Notice.   

Special Information for Nevada Residents

Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to other companies who will sell or license their information to others. At this time, Sonatype does not engage in such sales.

Information for Individuals Located in the UK, EEA, and Switzerland

Information for Individuals Located in the UK, EEA, and Switzerland

We process “Personal Data,” as that term is defined in the European Union’s (“EU”) General Data Protection Regulation, on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide Services; and (3) as necessary for our legitimate interests in providing the Services where those interests do not override your fundamental rights and freedom related to data privacy. Information we collect may be transferred to, and stored and processed in, the U.S. or any other country in which we or our subcontractors, Corporate Affiliates, Service Providers, and third-party partners maintain facilities, as described above.

We only retain and use your Personal Data for as long as your account is active, as needed to provide you the Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to cancel your account or request that we no longer use your Personal Data to provide Services to you, contact us at privacy@sonatype.com

To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information and whether we can achieve those purposes through other means, and the applicable legal requirements. If you want to learn more about our specific retention periods for your Personal Data, you may contact us at privacy@sonatype.com.

Upon expiry of the applicable retention period, we securely destroy your Personal Data in accordance with applicable laws and regulations.

Individuals located in the United Kingdom (“UK”), European Economic Area (“EEA”) or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.

If you are a resident of the UK, EEA, or Switzerland, you are entitled to certain rights. Please note: in order to verify your identity, we may require you to provide us with information prior to accessing any records containing information about you. These rights include the ability:

  • to request from us access to information held about you.
  • to ask for the information we hold about you to be rectified if it is inaccurate or incomplete.
  • to ask for data to be erased if the data is no longer necessary for the purpose for which it was collected, you withdraw consent and no other legal basis for processing exists, or you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing.
  • to request that we restrict our processing if we are processing your data based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling); using your data for direct marketing (including profiling); or processing your data for purposes of scientific or historical research and statistics.
  • To opt-out, with respect to Personal Data received in reliance on the EU-U.S. DPF or Swiss-U.S. DPF, of the disclosure of your data to a third party, or the use of your data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you.

To submit a request to exercise your rights, please use the request form located here or contact us at privacy@sonatype.com. We may have a reason under the law why we do not have to comply with your request, or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Individuals located in the UK, EEA, and Switzerland also have an absolute right to opt-out of direct marketing or profiling that we carry out for direct marketing purposes. You can do this by following the instructions included in the applicable message, by setting preferences as may be otherwise indicated on the site or event page, by using the request form here or by contacting us at privacy@sonatype.com. If you have consented to receive direct marketing from third parties (such as affiliated Sonatype companies, business partners or independent resellers), please follow those third parties' opt-out processes.

Please note that we will send you service-related email announcements when it is necessary to do so. For instance, if our Service is temporarily suspended for maintenance, we might send you an email. You do not have an option to opt out of these emails, which are not promotional in nature.

We may transfer personal data outside the UK and EEA and Switzerland to the U.S. When required, we make such transfers from the EEA and Switzerland in compliance with the Standard Contractual Clauses for international transfers from the European Economic Area to third countries, Commission Implementing Decision (EU) 2021/914 of 4 June 2021(as modified for compliance with the Swiss Federal Data Protection Act where necessary), and from the UK in compliance with the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers issued under Section 119A of the Data Protection Act of 2018.

EU-U.S. Data Privacy Framework with UK Extension, and Swiss-U.S. Data Privacy Framework

Sonatype complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF (UK Extension), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). We have certified our adherence to the EU-U.S. DPF Principles and Swiss-U.S. SPF Principles with regard to the processing of Personal Data received from the European Union and the United Kingdom (and Gibraltar) and from Switzerland, respectively, in reliance on the Data Privacy Framework applicable to transfers from each jurisdiction. Click here to learn more about the Data Privacy Framework (DPF) program, and here to view our certification.

Sonatype complies with the DPF Principles for all onward transfers of Personal Data from the EU, UK, and Switzerland, including the onward transfer liability provisions. Our compliance with the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF is subject to the investigatory and enforcement powers of the Federal Trade Commission.

We commit to resolving DPF Principles-related complaints about our collection and use of your data received in reliance on the EU-U.S. DPF, the UK Extension, and the Swiss U.S. DPF. You may submit inquiries or complaints regarding our handling of personal data to Sonatype’s General Counsel by using the request form located here or contacting privacy@sonatype.com

We also commit to referring unresolved complaints concerning our handling of such data to TRUSTe, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The TRUSTe services are provided at no cost to you.

For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found in Annex 1 of the DPF Principles.

Changes to This Policy

We may make changes to this Policy from time to time. We will post any changes here, and such changes will become effective when they are posted. Your continued use of our Services following the posting of any changes will mean you accept those changes.

For questions or suggestions regarding our privacy practices, please contact us at:

Sonatype, Inc.
Attn: Privacy Office/Legal Department
8161 Maple Lawn Blvd, Suite 250
Fulton, MD 20759
1-888-890-1530
Email: legal@sonatype.com