Sonatype, Inc. Privacy Policy

December 29, 2022

Sonatype, Inc., and its subsidiaries (collectively referred to as “Sonatype,” “our,” “us,” and “we”), understand that you care about how we collect, use, and share information when you interact with our websites, events, contests and surveys, social media sites and handles, email, support services, and online services (our “Services”), and we value the trust you place in us. This Privacy Policy explains:

• the types of information we collect through our Services
• how we use and protect that information
• the types of information we may share with others and under what circumstances
• the choices you have regarding our collection, use, and sharing practices
• details regarding our use of third-party cookies and other tracking technologies

We also include specific disclosures for residents of the state of California and of the United Kingdom, European Economic Area, and Switzerland.

This Policy applies when you interact with us through our Services. It also applies anywhere it is linked. It does not apply to non-Sonatype websites, mobile applications, and events that may link to the Services or be linked to or from the Services, including local events organized and hosted by third-parties. Please directly review the privacy policies for those non-Sonatype websites, applications, and events to understand how their privacy practices may differ. 

Information We Collect 

Information you give us

Some of the Services may include features or services that permit you to enter contact information and other information about you. We collect and store any information you enter on our Services. This includes:

• Name, contact and demographic information when completing forms or registering to use our Services.
• Payment information and associated contact information when engaging in a transaction on our site.
• Appointment booking and event registrations you carry out through our site.
• Email address information when subscribing to our email newsletters or marketing communications.
• Any information or data you provide by interacting in our online forums and chatrooms, or by commenting on content posted on our Services. Please note that these comments are also visible to other users of our Services and may also be visible to the public.
• Information you provide if you complete a survey administered by us or a service provider acting on our behalf.
• Information you provide if you participate in a contest that we offer.
• A record of correspondence and any contact information provided if you contact us.

If you apply for employment with us, we also collect and store any information that you provide in connection with your application. This includes:

• Your name, phone number, and email address.
• Your citizenship or immigration status.
• Information that you voluntarily may choose to provide, such as your social media profile(s), gender, race, disability status or veteran status, current employer, professional or employment experience, and educational background.

Information We Collect Automatically

When you interact with the Services, certain information about your use of our Services is collected automatically. This includes:

• Details of your visits to our site and information generated in the course of the use of our Services (including the timing, frequency, and pattern of service use) including, but not limited to, traffic data, Internet Protocol (“IP”) address, Internet Service Provider (“ISP”), date and time stamps, clickstream data, weblogs, other communication data, the resources that you access, and how you reached and exited the site.
• Details regarding the device you use to access our Services, including, but not limited to, your IP address, operating system, and browser type.
• Information about how you interact with our ads, newsletters, and marketing communications, including whether you open or click links in any correspondence.
• Information that you make available to us on a social media platform (such as by clicking on a social media icon linked from our Services), including your account ID or username and other information included in your posts.

Third-Party Cookies and Tracking Technologies

Much of the above information is collected through cookies, web beacons, and other tracking technologies, as well as through your web browser or device. Sonatype relies on partners to provide many features of our sites and Services using data about your use of our and other sites, and how you interact with our emails.

Please visit our Cookie Notice for more information about how we use different categories of cookies and similar technologies and your options for managing their collection of data. We currently do not take steps to respond to browsers’ “Do Not Track” signals as no uniform standard to respond to such signals has been developed at this time.

You can learn more about ad serving companies and the options available to limit their collection and use of your information by visiting the websites for the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative. Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings and by resetting the advertiser ID on your Apple or Android device.

Please note that opting out of advertising networks services does not mean that you will not receive advertising while using our Services or on other websites, nor will it prevent the receipt of interest-based advertising from other companies that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms. If you delete your cookies, you may also delete your opt-out preferences.

How We Use and Protect Your Information

We may use the information we collect from you for the following purposes:

• To provide you with our products and services, including to take steps to enter into a contract for sale or for services, process payments, fulfill orders, verify identity, process contest entries and prizes, and send service communications.
• To enable additional features on our Services and to provide you with a personalized service.
• Create custom audiences on social media sites.
• To provide you with the best service and improve and grow our business, including by sending invitations to take part in surveys and market research, understanding our customer base and purchasing trends, and understanding the effectiveness of our marketing.
• To understand how our Services are being used, track site performance, and make improvements.
• To deliver tailored advertising on our Services based on your preferences or interests across services and devices and measuring the effectiveness of ads.
• To plan, conduct, and administer our business, including responding to comments and complaints about our products and services, maintaining records and accounts, and in connection with legal claims, compliance, regulatory, and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation).
• To detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal, and to comply with legal requirements regarding the provision of products and services.
• To process and evaluate your application for employment.

How We Secure the Information We Collect From or About You

The security of your personal information is very important to us. When you enter sensitive information (such as credit card number or your password), we encrypt that information using reasonable security measures during transmission and upon receipt. We always use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services. While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf. If you have any questions about security on our Site, you can contact us at security@sonatype.com.

How We Share Your Information

• Service Providers: We engage vendors to perform certain functions on our behalf such as: billing and collection providers; auditing and accounting firms; professional services consultants; providers of analytics services; security vendors; employment recruiters, and IT vendors.
• Social Media Platforms: Where you choose to interact with us through social media, your interaction with these programs typically allows the social media company to collect some information about you through digital cookies and other tracking mechanisms that they place on your device. In some cases, the social media company may recognize you through its digital cookies even when you do not interact with their application. Please visit the social media companies’ respective privacy policies to better understand their data collection practices and the controls they make available to you.
• Companies involved in advertising: We partner with companies that assist us in advertising about our Services to others who may be interested in the Services. These companies may use tracking technologies on our website to collect or receive information from the Services and elsewhere on the internet and use that information to provide measurement services and target ads. 
• Corporate Affiliates: We share customer data with our subsidiary companies.

Cross-border Transfer of Data

If you use our Services outside of the United States, you understand that we may collect, process, and store your information in the U.S. and other countries. The laws in the U.S. regarding information may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law. By using the Services, you consent to the collection, international transfer, storage, and processing of your data.

Additional Information About Our Data Collection and Sharing Practices

Customer Testimonials

We post customer testimonials on our web site which may contain personal information. We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us at privacy@sonatype.com.

Sonatype Blog

Our website offers a publicly accessible blog, which is managed by a third-party application that may require you to register to post a comment. We do not have access or control of the information posted to the blog. You will need to contact or login to the third-party application if you want the personal information that was posted to the comments section removed. To learn how the third-party application uses your information, please review their privacy policy.

Sharing of Aggregated Data

We may share aggregated or de-identified data at our discretion, including with marketing agencies, media agencies, and analytics providers. These other companies will not be able to relate this data to identifiable individuals.

Lawful Requests

We may share data when we believe in good faith that we are lawfully authorized or required to do so to respond to lawful subpoenas, warrants, court orders, or other regulatory or law enforcement requests.

Combination of Information

We purchase lead data from third parties and combine it with information we already have about you in our records to create tailored business leads. 

Children Under Age 16

Sonatype does not knowingly collect or solicit personal information from anyone under the age of 16 or knowingly allow such persons to register for an account or event. If you are under 16, please do not attempt to send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 16 may provide any personal information to or on the Service. In the event that we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us at privacy@sonatype.com.

Change of Ownership or Corporate Organization

We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Policy.

Your Options and Rights Regarding Your Information

Please log into your account to update your contact information and payment method, as applicable. 

If at any time you would like to unsubscribe from receiving future emails, you can click the unsubscribe link at the bottom of any email newsletter or marketing communication, or separately email us at privacy@sonatype.com and we will promptly remove you from all correspondence.

Your California Privacy Rights

Persons with disabilities may obtain this notice in alternative format upon request by contacting us at privacy@sonatype.com or calling toll-free: 1-888-890-1530.

The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to know/access, delete, and limit sharing of Personal Information. For more information about the CCPA, including how to exercise rights that you may have under the CCPA, please see our California Privacy Notice.   

Special Information for Nevada Residents

Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to other companies who will sell or license their information to others. At this time, Sonatype does not engage in such sales. 

Information for Individuals Located in the UK, EEA, and Switzerland

We process “Personal Data,” as that term is defined in the European Union’s (“EU”) General Data Protection Regulation, on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide Services; and (3) as necessary for our legitimate interests in providing the Services where those interests do not override your fundamental rights and freedom related to data privacy. Information we collect may be transferred to, and stored and processed in, the U.S. or any other country in which we or our subcontractors, Corporate Affiliates, Service Providers, and third-party partners maintain facilities, as described above.

We only retain and use your Personal Data for as long as your account is active, as needed to provide you the Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to cancel your account or request that we no longer use your Personal Data to provide Services to you, contact us at privacy@sonatype.com. 

To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information and whether we can achieve those purposes through other means, and the applicable legal requirements. If you want to learn more about our specific retention periods for your Personal Data, you may contact us at privacy@sonatype.com.

Upon expiry of the applicable retention period, we securely destroy your Personal Data in accordance with applicable laws and regulations.

Individuals located in the United Kingdom (“UK”), European Economic Area (“EEA”) or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.

If you are a resident of the UK, EEA, or Switzerland, you are entitled to certain rights. Please note: in order to verify your identity, we may require you to provide us with information prior to accessing any records containing information about you. These rights include the ability:

• to request from us access to information held about you.
• to ask for the information we hold about you to be rectified if it is inaccurate or incomplete.
• to ask for data to be erased if the data is no longer necessary for the purpose for which it was collected, you withdraw consent and no other legal basis for processing exists, or you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing.
• to request that we restrict our processing if we are processing your data based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling); using your data for direct marketing (including profiling); or processing your data for purposes of scientific or historical research and statistics.

To submit a request to exercise your rights, please use the request form located here or contact us at privacy@sonatype.com. We may have a reason under the law why we do not have to comply with your request, or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Individuals located in the UK, EEA, and Switzerland also have an absolute right to opt-out of direct marketing or profiling that we carry out for direct marketing purposes. You can do this by following the instructions included in the applicable message, by setting preferences as may be otherwise indicated on the site or event page, by using the request form here or by contacting us at privacy@sonatype.com. If you have consented to receive direct marketing from third parties (such as affiliated Sonatype companies, business partners or independent resellers), please follow those third parties' opt-out processes.

Please note that we will send you service-related email announcements when it is necessary to do so. For instance, if our Service is temporarily suspended for maintenance, we might send you an email. You do not have an option to opt out of these emails, which are not promotional in nature.

We transfer personal data outside the UK and EEA to the U.S. When we make such transfers, we do so in compliance with the Standard Contractual Clauses for controller-to-controller transfers set forth under Decision 2004/915/EC or for controller-to-processor transfers set forth under Decision 2010/87/EU, as applicable.

In addition, Sonatype is certified to the EU-U.S. and Swiss-U.S. Privacy Shield programs (“Privacy Shield”) and the commitments thereunder, although we do not rely on Privacy Shield as a legal basis for transfers of Personal Data in light of judgments by the Court of Justice of the EU on July 16, 2020, and the Swiss Data Protection Authority on September 8, 2020, which held that Privacy Shield was no longer a valid mechanism for transferring Personal Data to the U.S. from the EU and Switzerland, respectively. Those decisions do not relieve Privacy Shield participants of their obligations under the program, and we remain committed to adhering to the Privacy Shield Principles for all Personal Data received from the EEA and Switzerland prior to and on their respective date of invalidation. Under certain circumstances, Sonatype may bear liability for onward transfers of Personal Data where a third party agent acting on our behalf processes Personal Data inconsistent with the Privacy Shield Principles, unless we can prove we are not responsible for the event giving rise to the damage. More information about Privacy Shield can be found at https://www.privacyshield.gov; and the list of certified organizations can be found at www.privacyshield.gov/list.

If you have any questions or concerns regarding Personal Data that was transferred under Privacy Shield prior to invalidation as a lawful transfer mechanism, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Privacy Shield Principles.

If you have an unresolved privacy data or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. Sonatype is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Changes to This Policy

We may make changes to this Policy from time to time. We will post any changes here, and such changes will become effective when they are posted. Your continued use of our Services following the posting of any changes will mean you accept those changes.

For questions or suggestions regarding our privacy practices, please contact us at:

Sonatype, Inc.
Attn: Privacy Office/Legal Department
8161 Maple Lawn Blvd, Suite 250
Fulton, MD 20759
1-888-890-1530
Email: legal@sonatype.com