Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Sonatype, Inc. - California Privacy Notice

February 12, 2021

Persons with disabilities may obtain this notice in alternative format upon request by contacting us at privacy@sonatype.com or calling toll-free: 1-888-890-1530.

The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as to know/access, delete, and opt out of the sale of Personal Information. The CCPA defines “Personal Information” as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” To the extent that we collect Personal Information that is subject to the CCPA, that information, our practices, and your rights are described below.

Right to Notice at Collection Regarding the Categories of Personal Information Collected

You have the right to receive notice of the categories of Personal Information we collect, and the purposes for which those categories of Personal Information will be used. The categories we use to describe the information are those enumerated in the CCPA.

  • Personal Identifiers: 
    • We collect your name, phone number, email address and contact address when you provide it to us in order to create an account, complete a transaction, book an appointment, register for an event, or apply for employment with us. We may also purchase this information as lead data from third parties. If you choose to create an account, you will also be asked to create a username, and we will assign one or more unique identifiers to your profile. We use this information to provide, support, and improve the Services, respond to your requests, and send information and advertisements to you. 
    • We collect your social media handle and basic account information when you interact with our Services through social media, or if you voluntarily choose to provide that information in your application for employment or otherwise.
    • We collect a unique numerical identifier, assigned to you by a first-party cookie, automatically when you use our Services in order to identify you, provide the Services, keep you logged in to the Services, prevent fraud, and provide you with targeted information and offers.
    • We collect your IP address automatically when you use our Services. We use this information to identify you; gauge online activity on our website; measure the effectiveness of online services, applications, and tools; and serve targeted advertisements based on your online activities.
    • We do not collect your Social Security number, Driver’s License number, Passport number, any medical or health information about you, or your Device ID automatically when you use our Services. 
  • Protected Classifications: If you apply for employment with us, we will collect information regarding your citizenship or immigration status, as well as information regarding your gender, race, disability status, or veteran status that you may voluntarily choose to provide, in order to process and evaluate your application. We otherwise do not collect your gender, racial or ethnic origin, or sexual orientation when you use our Services. 
  • Commercial Information: When you engage in transactions with us, we create records of goods and services purchased or considered, as well as purchasing or consuming histories or tendencies. We use this information to provide, support, and improve the Services, measure the effectiveness of our Services, and deliver targeted information, advertisements and offers.
  • Internet or Other Electronic Network Activity Information: We collect information automatically about your interactions with our Services. We use this information to gauge online activity on our website; measure the effectiveness of online services, applications, and tools; and serve targeted advertisements based on your online activities.
  • Geolocation Data: As described above, we collect your IP address automatically when you use or attempt to use our Services. We may be able to determine your general location based on your IP address. We do not collect your precise location (e.g., your GPS coordinates). 
  • Audio, electronic, visual, thermal, olfactory, or similar information: We do not collect your image or any thermal, olfactory, or similar information. 
  • Professional or employment-related information: We collect information about your current employer in order to provide the Services and to promote our Services to others. If you apply for employment with us, we will collect any professional or employment-related information that you voluntarily choose to provide, such as your current employer, employment history, or professional experience, in order to process and evaluate your application.
  • Education information: We do not collect any information about the institutions you have attended or the level of education you have attained when you use our services. If you apply for employment with us, we will collect any education information that you voluntarily choose to provide. 
  • Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences or characteristics: We do not analyze your actual or likely preferences. 

We may use any of the categories of information listed above for other business or operational purposes compatible with the context in which the Personal Information was collected.

We may share any of the above-listed information with Service Providers, which are companies that we engage for business purposes to conduct activities on our behalf. Service Providers are restricted from using Personal Information for any purpose that is not related to our engagement. The categories of Service Providers with whom we share information and the services they provide are described in the section of our Privacy Policy titled “How We Share Your Information.”

Right to Know About Personal Information Collected, Disclosed, or Sold

You have the right to request that we disclose to you the Personal Information we collect, use, disclose, or sell. Our collection, use, disclosure, and sale of Personal Information is described in our Privacy Policy.

Right to Know/Access and Request Deletion of Information

You have the right to request access to Personal Information collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers to whom we disclose it. You also have the right to request in certain circumstances that we delete Personal Information that we have collected directly from you.

You may submit such requests here or by emailing us at privacy@sonatype.com.

We must verify your identity in order to process your request. We may do this by asking you to provide verifying information, such as your name, email, or phone number. We will review the information provided and may request additional information via email or other means to ensure we are interacting with the correct individual.

We may have a lawful basis for not complying with your request, or we may comply with your request in a more limited manner than you anticipated. We will explain such lawful basis to you in our response.

Authorized Agent

You may authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf. We may require that you and the individual complete notarized affidavits in order to verify the identity of the authorized agent and confirm that you have authorized them to act on your behalf. Parents of minor children may submit a birth certificate of the child in lieu of an affidavit, in order to make requests on the child’s behalf. The required authorized agent affidavit is available here. 

Right to Opt Out of Sale of Personal Information to Third Parties

You have the right to opt out of any sale of your Personal Information by Sonatype to third parties. 

To “sell” information means to disclose it to a company for monetary or other benefit. A company may be considered a third party either because the purpose of sharing is not an enumerated business purpose under California law, or because our contract does not restrict them from using Personal Information for other purposes. 

We sell the following information:

  • Internet or Other Electronic Network Activity Information: We provide information about how you use and engage with our sites to vendors that provide data collection, analytics, marketing and advertising services.

We may also disclose information to other entities who are not listed here when required by law or to protect Sonatype or other persons, as described in our Privacy Policy.

To exercise your right to opt out of the sale of your Personal Information, please click the Cookie Preferences link in the footer of the site’s homepage, or visit our “Do Not Sell My Personal Information” page. These links will take you to a Cookie Preferences pane at which you can set your preferences to block third-party cookies. You can also exercise your right to opt out by using an option for directly opting out of or blocking tracking by one of our third-party partners, as described in our Cookie Notice. Because we are not able to identify a particular individual in connection with any website interaction and usage data that we collect, these are the only mechanisms by which we can receive and implement requests to opt out of the sale of Personal Information. Please note that your right to opt out does not apply to Sonatype’s sharing of Personal Information with Service Providers.

Financial Incentives

Sonatype may offer certain benefits, such as access to premium content that is not available to the general public, to individuals who register for an event or create an account with us. Because we may collect your personal information (such as your name and email address) in exchange for providing these benefits, we are required under California law to explain how the value you receive from this “financial incentive” program is reasonably related to the value we receive from the personal information collected in connection with the program. The value of your personal information to us is related to the value of the benefits that an individual receives or is granted access to as a result of registering for an event or creating an account, based on the expense we incur in preparing and offering the benefits to you. You may withdraw from participation in the program at any time by following the instructions included in the applicable message, by setting preferences as may be otherwise indicated on the site or event page, or by contacting us at privacy@sonatype.com.