EU-U.S. Privacy Shield and Swiss – U.S. Privacy Shield
We participate in and have certified our compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on each Privacy Shield Framework, to each Framework’s applicable Principles. To learn more about each Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.
We are responsible for the processing of personal data that we receive, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to each Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Note that if you download software or otherwise purchase products or services through the Site or Service, use of such products or services is subject to the separate Sonatype license or other terms and conditions applicable to such product or service.
The Information We Collect and How We Use It
In general, you can use our Service without providing us with any personal information. However, there are instances where you must provide us with certain personal information (as indicated below) in order to receive full access to the Service or to assist us in delivering a superior level of customer service.
We collect the following types of information:
How Do We Use This Information, and What Is the Lawful Basis for This Use?
We process this personal data for the following purposes:
On other occasions where we ask you for consent, we will use your information for the purpose which we explain at that time.
Relying on our legitimate interests
We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us using the details set out later in this policy.
Cookies, Web Beacons and Similar Technologies
We — as well as certain third parties that provide content, functionality, or services on our Site — use a variety of technologies to learn more about how people use the Site. This section provides more information about some of those technologies and how they work.
Children Under Age 16
Sonatype does not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register. If you are under 16, please do not attempt to send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 16 may provide any personal information to or on the Service. In the event that we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us at: email@example.com.
Sharing Your Information with Third Parties
We will not share your personal information with third parties except in the following limited circumstances:
We transfer personal data outside the EEA to the United States. Where we make such transfers, we do so in compliance with the EU-U.S. and Swiss – U.S. Privacy Shield Frameworks (please see the section entitled "EU-U.S. Privacy Shield and Swiss – U.S. Privacy Shield", above, for further information).
Withdrawing Consent or Otherwise Objecting to Direct Marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests.
Please note that we will send you service-related email announcements when it is necessary to do so. For instance, if our Service is temporarily suspended for maintenance, we might send you an email. You do not have an option to opt out of these emails, which are not promotional in nature.
Social Media Widgets
Your Data Protection Rights
In certain jurisdictions, you may have certain rights in respect of your personal information. You may have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.
In addition, you may have the right object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and in national legislation. We will inform you of relevant exemptions we rely upon when responding to any request you make.
California Privacy Rights
Under the California Consumer Privacy Act (Cal. Civ. Code § 1798.100-1798.199), a California consumer has the following rights:
California consumers are also entitled to certain periodic updates concerning their personal information.
We post customer testimonials on our web site which may contain personal information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
We will only retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services contact us at email@example.com. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. If you want to learn more about our specific retention periods for your personal data, you may contact us at firstname.lastname@example.org.
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.
The security of your personal information is important to us. When you enter sensitive information (such as credit card number or your password), we encrypt that information using reasonable security both during transmission and once we receive it. If you have any questions about security on our Site, you can contact us at email@example.com.
8161 Maple Lawn Blvd, Suite 250
Fulton, MD 20759
We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer or personal data that cannot be resolved between Sonatype and an individual.
Terms of Service, Notices and Revisions
Please also see our Terms of Service, which describe the restrictions, disclaimers, indemnification and limitation of liability governing the use of the Service. The Terms of Service also further describe our Service and the information we use.
Attn: Privacy Office/Legal Department
8161 Maple Lawn Blvd, Suite 250
Fulton, MD 20759