February 12, 2021
We also include specific disclosures for residents of the state of California and of the United Kingdom, European Economic Area, and Switzerland.
This Policy applies when you interact with us through our Services. It also applies anywhere it is linked. It does not apply to non-Sonatype websites, mobile applications, and events that may link to the Services or be linked to or from the Services, including local events organized and hosted by third-parties. Please directly review the privacy policies for those non-Sonatype websites, applications, and events to understand how their privacy practices may differ.
Information you give us
Some of the Services may include features or services that permit you to enter contact information and other information about you. We collect and store any information you enter on our Services. This includes:
If you apply for employment with us, we also collect and store any information that you provide in connection with your application. This includes:
When you interact with the Services, certain information about your use of our Services is collected automatically. This includes:
Much of the above information is collected through cookies, web beacons, and other tracking technologies, as well as through your web browser or device. Sonatype relies on partners to provide many features of our sites and Services using data about your use of our and other sites, and how you interact with our emails.
Please visit our Cookie Notice for more information about how we use different categories of cookies and similar technologies and your options for managing their collection of data. We currently do not take steps to respond to browsers’ “Do Not Track” signals as no uniform standard to respond to such signals has been developed at this time.
You can learn more about ad serving companies and the options available to limit their collection and use of your information by visiting the websites for the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative. Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings and by resetting the advertiser ID on your Apple or Android device.
Please note that opting out of advertising networks services does not mean that you will not receive advertising while using our Services or on other websites, nor will it prevent the receipt of interest-based advertising from other companies that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms. If you delete your cookies, you may also delete your opt-out preferences.
We may use the information we collect from you for the following purposes:
The security of your personal information is very important to us. When you enter sensitive information (such as credit card number or your password), we encrypt that information using reasonable security measures during transmission and upon receipt. We always use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services. While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf. If you have any questions about security on our Site, you can contact us at email@example.com.
If you use our Services outside of the United States, you understand that we may collect, process, and store your information in the U.S. and other countries. The laws in the U.S. regarding information may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law. By using the Services, you consent to the collection, international transfer, storage, and processing of your data.
We post customer testimonials on our web site which may contain personal information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
Sharing of Aggregated Data
We may share aggregated or de-identified data at our discretion, including with marketing agencies, media agencies, and analytics providers. These other companies will not be able to relate this data to identifiable individuals.
Combination of Information
We purchase lead data from third parties and combine it with information we already have about you in our records to create tailored business leads.
Children Under Age 16
Sonatype does not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register for an account or event. If you are under 16, please do not attempt to send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 16 may provide any personal information to or on the Service. In the event that we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us at email@example.com.
Change of Ownership or Corporate Organization
We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Policy.
Please log into your account to update your contact information and payment method, as applicable.
If at any time you would like to unsubscribe from receiving future emails, you can click the unsubscribe link at the bottom of any email newsletter or marketing communication, or separately email us at firstname.lastname@example.org and we will promptly remove you from all correspondence.
Persons with disabilities may obtain this notice in alternative format upon request by contacting us at email@example.com or calling toll-free: 1-888-890-1530.
The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to know/access, delete, and limit sharing of Personal Information. For more information about the CCPA, including how to exercise rights that you may have under the CCPA, please see our California Privacy Notice.
Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to other companies who will sell or license their information to others. At this time, Sonatype does not engage in such sales.
We process “Personal Data,” as that term is defined in the European Union’s (“EU”) General Data Protection Regulation, on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide Services; and (3) as necessary for our legitimate interests in providing the Services where those interests do not override your fundamental rights and freedom related to data privacy. Information we collect may be transferred to, and stored and processed in, the U.S. or any other country in which we or our subcontractors, Corporate Affiliates, Service Providers, and third-party partners maintain facilities, as described above.
We only retain and use your Personal Data for as long as your account is active, as needed to provide you the Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to cancel your account or request that we no longer use your Personal Data to provide Services to you, contact us at firstname.lastname@example.org.
To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information and whether we can achieve those purposes through other means, and the applicable legal requirements. If you want to learn more about our specific retention periods for your Personal Data, you may contact us at email@example.com.
Upon expiry of the applicable retention period, we securely destroy your Personal Data in accordance with applicable laws and regulations.
Individuals located in the United Kingdom (“UK”), European Economic Area (“EEA”) or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.
If you are a resident of the UK, EEA, or Switzerland, you are entitled to certain rights. Please note: in order to verify your identity, we may require you to provide us with information prior to accessing any records containing information about you. These rights include the ability:
To submit a request to exercise your rights, please contact us at firstname.lastname@example.org. We may have a reason under the law why we do not have to comply with your request, or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
Individuals located in the UK, EEA, and Switzerland also have an absolute right to opt-out of direct marketing or profiling that we carry out for direct marketing purposes. You can do this by following the instructions included in the applicable message, by setting preferences as may be otherwise indicated on the site or event page, or by contacting us at email@example.com. If you have consented to receive direct marketing from third parties (such as affiliated Sonatype companies, business partners or independent resellers), please follow those third parties' opt-out processes.
Please note that we will send you service-related email announcements when it is necessary to do so. For instance, if our Service is temporarily suspended for maintenance, we might send you an email. You do not have an option to opt out of these emails, which are not promotional in nature.
We transfer personal data outside the UK and EEA to the U.S. When we make such transfers, we do so in compliance with the Standard Contractual Clauses for controller-to-controller transfers set forth under Decision 2004/915/EC or for controller-to-processor transfers set forth under Decision 2010/87/EU, as applicable.
In addition, Sonatype is certified to the EU-U.S. and Swiss-U.S. Privacy Shield programs (“Privacy Shield”) and the commitments thereunder, although we do not rely on Privacy Shield as a legal basis for transfers of Personal Data in light of judgments by the Court of Justice of the EU on July 16, 2020, and the Swiss Data Protection Authority on September 8, 2020, which held that Privacy Shield was no longer a valid mechanism for transferring Personal Data to the U.S. from the EU and Switzerland, respectively. Those decisions do not relieve Privacy Shield participants of their obligations under the program, and we remain committed to adhering to the Privacy Shield Principles for all Personal Data received from the EEA and Switzerland prior to and on their respective date of invalidation. More information about Privacy Shield can be found at https://www.privacyshield.gov; and the list of certified organizations can be found at www.privacyshield.gov/list.
If you have any questions or concerns regarding Personal Data that was transferred under Privacy Shield prior to invalidation as a lawful transfer mechanism, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Privacy Shield Principles.
If we are unable to resolve your complaints or disputes, you may contact TRUSTe and they will investigate and assist you, free of charge, in resolving your complaint. Please refer to https://trustarc.com/consumer-info/dispute-resolution/dispute-resolution-faqs/ for more information.
As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. Sonatype is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
We may make changes to this Policy from time to time. We will post any changes here, and such changes will become effective when they are posted. Your continued use of our Services following the posting of any changes will mean you accept those changes.
For questions or suggestions regarding our privacy practices, please contact us at:
Attn: Privacy Office/Legal Department
8161 Maple Lawn Blvd, Suite 250
Fulton, MD 20759