November 9, 2023
We also include specific disclosures for residents of the state of California and of the United Kingdom, European Economic Area, and Switzerland.
This Policy applies when you interact with us through our Services. It also applies anywhere it is linked. It does not apply to non-Sonatype websites, mobile applications, and events that may link to the Services or be linked to or from the Services, including local events organized and hosted by third-parties. Please directly review the privacy policies for those non-Sonatype websites, applications, and events to understand how their privacy practices may differ.
Some of the Services may include features or services that permit you to enter contact information and other information about you. We collect and store any information you enter on our Services. This includes:
If you apply for employment with us, we also collect and store any information that you provide in connection with your application. This includes:
When you interact with the Services, certain information about your use of our Services is collected automatically. This includes:
Much of the above information is collected through cookies, web beacons, and other tracking technologies, as well as through your web browser or device. Sonatype relies on partners to provide many features of our sites and Services using data about your use of our and other sites, and how you interact with our emails.
Please visit our Cookie Notice for more information about how we use different categories of cookies and similar technologies and your options for managing their collection of data. We currently do not take steps to respond to browsers’ “Do Not Track” signals as no uniform standard to respond to such signals has been developed at this time.
You can learn more about ad serving companies and the options available to limit their collection and use of your information by visiting the websites for the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative. Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings and by resetting the advertiser ID on your Apple or Android device.
Please note that opting out of advertising networks services does not mean that you will not receive advertising while using our Services or on other websites, nor will it prevent the receipt of interest-based advertising from other companies that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms. If you delete your cookies, you may also delete your opt-out preferences.
We may use the information we collect from you for the following purposes:
The security of your personal information is very important to us. When you enter sensitive information (such as credit card number or your password), we encrypt that information using reasonable security measures during transmission and upon receipt. We always use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services. While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf. If you have any questions about security on our Site, you can contact us at firstname.lastname@example.org.
If you use our Services outside of the United States, you understand that we may collect, process, and store your information in the U.S. and other countries. The laws in the U.S. regarding information may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law. By using the Services, you consent to the collection, international transfer, storage, and processing of your data.
We post customer testimonials on our web site which may contain personal information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at email@example.com.
We may share aggregated or de-identified data at our discretion, including with marketing agencies, media agencies, and analytics providers. These other companies will not be able to relate this data to identifiable individuals.
We may share data when we believe in good faith that we are lawfully authorized or required to do so to respond to lawful subpoenas, warrants, court orders, or other regulatory or law enforcement requests, including requests made by public authorities to meet national security or law enforcement requirements.
We purchase lead data from third parties and combine it with information we already have about you in our records to create tailored business leads.
Sonatype does not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register for an account or event. If you are under 16, please do not attempt to send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 16 may provide any personal information to or on the Service. In the event that we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us at firstname.lastname@example.org.
We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Policy.
Please log into your account to update your contact information and payment method, as applicable.
If at any time you would like to unsubscribe from receiving future emails, you can click the unsubscribe link at the bottom of any email newsletter or marketing communication, or separately email us at email@example.com and we will promptly remove you from all correspondence.
Persons with disabilities may obtain this notice in alternative format upon request by contacting us at firstname.lastname@example.org or calling toll-free: 1-888-890-1530.
The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to know/access, delete, correct, and limit sale and sharing of Personal Information. You also have the right to be free from discrimination based on your exercise of your CCPA rights. For more information about the CCPA, including how to exercise rights that you may have under the CCPA, please see our California Privacy Notice.
Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to other companies who will sell or license their information to others. At this time, Sonatype does not engage in such sales.
Information for Individuals Located in the UK, EEA, and Switzerland
We process “Personal Data,” as that term is defined in the European Union’s (“EU”) General Data Protection Regulation, on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide Services; and (3) as necessary for our legitimate interests in providing the Services where those interests do not override your fundamental rights and freedom related to data privacy. Information we collect may be transferred to, and stored and processed in, the U.S. or any other country in which we or our subcontractors, Corporate Affiliates, Service Providers, and third-party partners maintain facilities, as described above.
We only retain and use your Personal Data for as long as your account is active, as needed to provide you the Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to cancel your account or request that we no longer use your Personal Data to provide Services to you, contact us at email@example.com.
To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information and whether we can achieve those purposes through other means, and the applicable legal requirements. If you want to learn more about our specific retention periods for your Personal Data, you may contact us at firstname.lastname@example.org.
Upon expiry of the applicable retention period, we securely destroy your Personal Data in accordance with applicable laws and regulations.
Individuals located in the United Kingdom (“UK”), European Economic Area (“EEA”) or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.
If you are a resident of the UK, EEA, or Switzerland, you are entitled to certain rights. Please note: in order to verify your identity, we may require you to provide us with information prior to accessing any records containing information about you. These rights include the ability:
To submit a request to exercise your rights, please use the request form located here or contact us at email@example.com. We may have a reason under the law why we do not have to comply with your request, or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
Individuals located in the UK, EEA, and Switzerland also have an absolute right to opt-out of direct marketing or profiling that we carry out for direct marketing purposes. You can do this by following the instructions included in the applicable message, by setting preferences as may be otherwise indicated on the site or event page, by using the request form here or by contacting us at firstname.lastname@example.org. If you have consented to receive direct marketing from third parties (such as affiliated Sonatype companies, business partners or independent resellers), please follow those third parties' opt-out processes.
Please note that we will send you service-related email announcements when it is necessary to do so. For instance, if our Service is temporarily suspended for maintenance, we might send you an email. You do not have an option to opt out of these emails, which are not promotional in nature.
We may transfer personal data outside the UK and EEA and Switzerland to the U.S. When required, we make such transfers from the EEA and Switzerland in compliance with the Standard Contractual Clauses for international transfers from the European Economic Area to third countries, Commission Implementing Decision (EU) 2021/914 of 4 June 2021(as modified for compliance with the Swiss Federal Data Protection Act where necessary), and from the UK in compliance with the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers issued under Section 119A of the Data Protection Act of 2018.
Sonatype complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF (UK Extension), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). We have certified our adherence to the EU-U.S. DPF Principles and Swiss-U.S. SPF Principles with regard to the processing of Personal Data received from the European Union and the United Kingdom (and Gibraltar) and from Switzerland, respectively, in reliance on the Data Privacy Framework applicable to transfers from each jurisdiction. Click here to learn more about the Data Privacy Framework (DPF) program, and here to view our certification.
Sonatype complies with the DPF Principles for all onward transfers of Personal Data from the EU, UK, and Switzerland, including the onward transfer liability provisions. Our compliance with the EU-U.S. DPF, UK Extension, and Swiss-U.S. DPF is subject to the investigatory and enforcement powers of the Federal Trade Commission.
We commit to resolving DPF Principles-related complaints about our collection and use of your data received in reliance on the EU-U.S. DPF, the UK Extension, and the Swiss U.S. DPF. You may submit inquiries or complaints regarding our handling of personal data to Sonatype’s General Counsel by using the request form located here or contacting email@example.com
We also commit to referring unresolved complaints concerning our handling of such data to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The TRUSTe services are provided at no cost to you.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found in Annex 1 of the DPF Principles.
We may make changes to this Policy from time to time. We will post any changes here, and such changes will become effective when they are posted. Your continued use of our Services following the posting of any changes will mean you accept those changes.
For questions or suggestions regarding our privacy practices, please contact us at:
Attn: Privacy Office/Legal Department
8161 Maple Lawn Blvd, Suite 250
Fulton, MD 20759