Last updated: July 2020
SylLab respects your privacy and is committed to the individual’s right to privacy and to protect your Personal Information (any information that relates to an identified or identifiable individual). Our belief is that any Personal Information provided to us by you is personal and private.
Note: SylLab does not rent, sell, or trade your Personal Information.
As a global organization, we abide by all applicable data privacy laws, such as the California Consumer Privacy Act (“CCPA”), and the European Union’s General Data Protection Regulation (“GDPR”). Each of these laws focuses on transparency and trust.
Personal data may be any information relating to an identified or identifiable natural person (“data subject” or “user” or “you”). An identifiable natural person is anyone who can be directly or indirectly identified, by reference to an identifier such as a name, an identification number, location data, online identifiers, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity specific to that natural person.
Sensitive Personal Data
This refers to the various categories of personal data identified by GDPR and other data privacy laws as requiring special treatment, including (in some circumstances) the need to obtain explicit consent. These categories comprise personal identity numbers, personal data about your personality and private life, racial or ethnic origin, nationality, political opinions, membership of political parties or movements, religious, philosophical or other similar beliefs, membership of a trade union or profession or trade association, physical or mental health, genetic code, addictions, sexual life, property matters or criminal records (including information about suspected criminal activities).
When you share personal data with us for processing, you become the data subject according to the General Data Protection Regulation, making us the controller responsible for its processing.
Controller, Controller Responsible for Processing
We consider any operation or set of operations performed on any personal data to be processing, whether through automated means or otherwise. Such operations include collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, alignment or combination, restriction, erasure or destruction, and disseminating or otherwise making personal data available.
Processing personal data in a way that prevents that data from being attributed to a specific user without additional information is considered pseudonymization. This process ensures that information required to identify a natural person using pseudonymized data is kept separately, and is subject to both administrative and technical measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
As defined by the General Data Protection Regulation, the processor is a natural or legal person, public authority, agency or other body that processes data on behalf of the controller.
The recipient is any natural or legal person, public authority, agency or other body to which personal data is disclosed, whether a third party or otherwise. Public authorities, however, which may receive personal data in the framework of a particular inquiry (in accordance with the other applicable laws, rules, and regulations), are not considered recipients. Processing of personal data by those public authorities must be in compliance with the applicable data protection rules according to the purposes of such processing..
Third parties consist of any natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
We consider that the consent of a user to be any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them, either by a statement or by a clear affirmative action.
SylLab recognizes, under the CCPA and the GDPR, that you have certain rights in regards to your Personal Information. SylLab considers that your privacy and ability to preserve and exercise your rights is very important. You are encouraged to review and understand these rights as they pertain to you and your Personal Information. In certain circumstances, these rights include, but are not limited to:
Right to be Informed: you have the right to be told why we process your Personal Information, our retention periods, and who it will be shared with.
Right of Access: you have the right to be provided with a copy of your Personal Information we process upon your request.
Right to Rectification: you have the right to have inaccurate Personal Information rectified, or completed if it is incomplete.
Right to Erasure: you have the right to have your Personal Information erased.
Right to Restrict Processing: you have the right to limit the way we use your data.
Right to Data Portability: you have the right to receive a copy of your Personal Information in a structured, commonly used, and machine-readable format and gives you the right to transmit those data to another controller without hindrance.
Right to Object: you have the right to object to the processing of your Personal Information at any time.
Right to not Being Profiled: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”); Automated Decision-Making currently does not take place on our websites or in our services.
Right to Non-Discrimination: CCPA prohibits covered businesses from discriminating against consumers for exercising their CCPA rights. This means we cannot charge a different price, deny access to our products, or impose penalties for exercising your rights under the CCPA.
Right to Withdraw Consent: you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
You may exercise any of the above rights, with respect to your Personal Information upon request. You may update, correct, or delete your Personal Information; if you wish to delete or suspend your account, please note that we may retain certain information as required by law or for legitimate business purposes. If you have become aware that an account has been created about you without your knowledge or consent, you may contact us to request the deletion of that said account. To exercise your rights you may contact us by emailing email@example.com.
For your protection, we may only respond with the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will respond to your request within thirty (30) days.
Note: We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may also retain cached or archived copies of your information for a certain period of time.
Data We Collect
While we try to limit the amount of data about you that we collect, it’s not always avoidable to provide our services to you. To receive services from us, you may be asked to share certain information as a contractual or statutory requirement (e.g., tax regulations). You are not obliged to share any information with us, however, refusal to do so may result in any existing or proposed contract to be terminated or otherwise rendered void.
More specifically, the information we may collect through the Websites includes:
We may collect personal data
When you access or register with our Websites, or when you choose to participate in other activities related to the Websites like online chat, contact or support, purchases, and subscriptions to services, you may be asked to voluntarily share personally identifiable information with us. This information includes details such as your name, email address, and telephone number, as well as demographic information such as your age and place of employment. You’re not obligated to provide us with any personal information of any kind, and you are free to change or completely remove any information shared with us at any time, however refusing to provide requested personal data might prevent you from using certain features of the Websites.
We may require additional verification of your consent through a double opt-in procedure where we send a confirmation email to the email address provided for legal purposes and to prevent abuse of our services. Other than confirmation emails, we will not send unsolicited email newsletters to an email address without first receiving consent.
You might provide financial data
When you purchase, order, return, exchange, or request information about our services from the Websites, you may be asked to share financial data with us related to your payment method. This information may include your valid credit card number, card brand, and expiration date, as well as other details necessary to process your payment information. We store only very limited (if any) financial information that we collect. Otherwise, all financial information is processed and stored by our payment processors, such as Transferwise, Stripe, or Paypal. We encourage you to review their privacy policies and contact them directly for responses to your questions.
You might voluntarily share additional data
We automatically collect any information you provide when you voluntarily submit it to us such as your first name, last name, email address, phone number, job title, and company name. You may choose to contact us by email or through our Websites for a variety of purposes such as product or company inquiries, customer support inquiries, and sales requests. Throughout our Websites, we may also provide the opportunity to register for events or conferences, order or request white papers, or participate in online surveys. When we collect this type of information, we will notify you as to why we are asking for information and how this information will be used. It is completely up to you to choose whether or not you want to provide it.
We also provide the ability to submit job applications to our open job listings. To appropriately respond to your application, we need to collect and process your provided personal data, which may also be carried out electronically. If we begin an employment contract with you, your submitted application data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. With your consent, we may store your application data for up to twelve (12) months for future consideration for employment with us. Otherwise, your application data will automatically be erased six (6) months after notification of the refusal decision, provided that we have no other legitimate interests that require such data such as the burden of proof under the Equal Opportunity Act and General Equal Treatment Act.
We do collect some general data
Whenever you (or any other manual or automated system) access our Websites, we collect some general data and information about the request and store the relevant details in server or system log files. This data includes details like your IP address, your browser type and version used, your operating system, the time and date you accessed the Websites, and the pages you viewed directly before and after accessing the Websites. Additional detail may be collected or derived from this information for use in the event of an attack on our information technology systems.
We use this information to make sure the content of our Websites is delivered correctly, to optimize our Websites content, marketing and advertisements, to ensure the long-term performance and viability of our information technology systems and Websites, as well as to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
To support these efforts, we analyze anonymously collected data and information statistically, with the aim of increasing the data protection and security of our company, and to maintain an optimal level of protection for the personal data we process. This anonymous data is stored separately from all personal data provided by users to protect their privacy and ensure that we do not draw any conclusions about any individual users when analyzing this data.
How long do we keep your data?
We only process and keep any personal data that you share with us for as long as needed to achieve the purpose of storage, as long as consent is maintained, or as long as it is granted by the legislators in laws or regulations we are subject to. The exact length of time we keep personal data depends on the respective statutory retention period for that type of information. After that period of time passes, or if storage of personal data is not applicable, personal data is routinely blocked, deleted or erased as long as it is no longer necessary for the fulfillment or initiation of a contract with us.
How do we use your information?
Having accurate information about you helps us provide a smooth, efficient, and customized experience. Generally speaking, we use any information we collect to provide services to you, keep our Websites running smoothly, and protect us legally. More specifically, we may use information collected about you via our Websites to:
Create and manage your account
Contact you about your account or orders and
Fulfill and manage purchases, orders, payments and other transactions related to the Websites or SylLab
Provide and deliver services to you upon request, process transactions, and send you related information including confirmations and invoices
Respond to your comments, questions and requests and provide customer service
Send you technical notices, updates, security alerts, and support and administrative messages
Compile anonymous statistical data for use internally or with third parties
Maintain and improve the efficiency and operation of our Websites and products
Assist with the development of our products and other purposes related to SylLab’s business
Monitor and analyze usage and trends to improve your experience with our Websites and products
Assist law enforcement and respond to subpoenas, and to resolve disputes and troubleshoot problems
SylLab will not use or share your personal information in ways unrelated to those described above without first notifying you and offering you a choice as to whether or not we may use your personal data in a different manner. We do not use automatic decision-making or profiling, and will not sell your personal data for any purpose.
To obey the law or protect rights
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies or fraudulent activities, or when we believe in good faith that disclosure is necessary to protect our rights, property, and safety, we may share your information as permitted or required by applicable laws, rule or regulation, including exchanging information with other entities for fraud protection and credit risk reduction. We will have no duty to notify you of such compliance with local law where applicable.
To support necessary business activities
We may share your information with investors for the purpose of conducting general business analysis. Additionally, we may share your personal information with third parties necessary to provide you with services you have requested such as our hosting, email service, analytics, customer service, or campaign management providers. These parties are authorized to use your personal data only as necessary to provide these services to us or on our behalf, and it is up to you whether or not you choose to provide it. We may also share your information with such third parties for marketing purposes, as permitted by applicable law, rule, or regulation. Where possible, we attempt to anonymize or pseudonymize your personal data to limit any potential for direct disclosure.
We will only share your personal information if you have agreed to allow us to share your information with third parties.
If you share choose to share it
Our Websites offer publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org.
Additionally, certain features on our Websites, specifically those for applying to a job opening at SylLab, you may use sign-in services such as LinkedIn or other OpenID providers. These services will authenticate your identity, provide you with the option to share certain personal information (such as your name and email address) with us, and to pre-populate our application form. Services like LinkedIn often give you the option to post information about your activities on our Websites to your profile page to share with others within your network.
We may also partner with other companies that offer products or services related to ours or that host or sponsor related events. In such instances, we may share your information with these business partners if you express interest in such products, services, or events if you provide your personal information to event sponsors at their booths or presentations.
Note: In some cases, we may not be able to guarantee the removal of your personal data, in which case we will let you know if we are unable to do so and why.
If you leave the Websites to a third party
Before visiting and providing any information to any third-party websites, we encourage you to inform yourself of the privacy policies and practices (if any) of the third-party responsible for that website. You should take those steps necessary to protect the privacy of your information as you see fit. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from the Websites.
It’s worth noting that we have no authority to manage or control third-party solicitations, and are not responsible for the content or actions of third parties with whom you share personal or sensitive data. If you no longer wish to receive correspondence, emails, or other communications from any third parties, you are responsible for contacting such third parties directly.
In the event of a merger or acquisition
If you have any questions about our security or have reason to believe that your interaction with us is no longer secure, please contact us at email@example.com.
Policy for Children
European Union Privacy Rights: GDPR
SylLab is committed to subjecting all personal data received from the European Union (“EU”) member countries, in reliance on the General Data Protection Regulation (“GDPR”), to the GDPR’s applicable Principles.
SylLab is responsible for the processing of personal data we receive, under the GDPR. SylLab complies with the GDPR for all onward transfers of personal data from the EU, including, unless we prove that we are not responsible for the event giving rise to the damage, the onward transfer of liability provisions.
SylLab will process personal data only if and to the extent that at least one of the following applies:
You have given consent to the processing of your personal data for one or more specific purposes;
processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
processing is necessary for compliance with a legal obligation to which SylLab is subject; or
processing is necessary for the purposes of the legitimate interests pursued by SylLab or by a third party, except where such interests are overridden by your interests or your fundamental rights and freedoms.
When we collect personal data from you, we will make sure that you are aware of the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; if applicable, the legitimate interests pursued by SylLab or by a third party; the recipients or categories of recipients of the personal data, if any; and where applicable, the appropriate or suitable safeguards to protect your personal data. We will also inform you of the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period; your right to request access to and rectification or erasure of personal data or restriction of processing or to object to processing as well as the right to data portability; if processing is based on consent, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; your right to lodge a complaint with a supervisory authority; whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract with us, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data; and the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
You may exercise your data subject rights under Articles 15 to 22 of the GDPR by contacting firstname.lastname@example.org. SylLab will provide information on action taken on a request under Articles 15 to 22 to you without undue delay and in any event within one (1) month of receipt of the request.
If we need to extend by two (2) further months where necessary, taking into account the complexity and number of the requests that require more time, then SylLab will inform you of any such extension within one (1) month of receipt of the request, together with the reasons for the delay. The request shall be made through email@example.com and we will provide the information to you in the same manner, unless otherwise requested by you.
If SylLab does not take action on your request, we will inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on your possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
For our Software Solutions, SylLab is a Data Processor of EU Personal Data under the direction of our Customers who are Data Controllers. Here, SylLab has no direct relationship with the individuals whose Personal Data it processes. If you are a customer of one of our Customers and would no longer like to be contacted by one of our Customers that use our Services, please contact the Customer that you interact with directly. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct queries to the appropriate SylLab Customer (the Data Controller). If a SylLab Customer requests our assistance in the removal of data, SylLab will respond to such requests within twenty (20) business days.
California Privacy Rights: CCPA
The California Consumer Privacy Act (CCPA) is a new data privacy law that applies to certain businesses that collect Personal Information from California residents. The law became effective on January 1, 2020.
Please note that SylLab does not rent or sell any Personal Information.
In addition, California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits California residents to request and obtain from us, once a year and free of charge, 1) information about categories of Personal Information (if any) we disclosed to third parties for direct marketing purposes, and, 2) the names and addresses of the third parties with which we shared Personal Information in the preceding calendar year.
If you are under eighteen (18) years of age, reside in California, and have a registered account with our Websites, you have the right to request removal of unwanted data that you publicly post on our Websites. To request the removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on our Websites, but please be aware that the data may not be completely or comprehensively removed from our systems.
If you are a California resident and would like to make a request, please submit your request in writing to us using the contact information provided below.
Notice to All Non-U.S. Residents
Our servers are located in the U.S. If you are located outside of the U.S., please be aware that any information provided to us, including Personal Information, will be transferred from your country of origin to the U.S. SylLab transfers and processes data, including the data transfers under the GDPR, in accordance with applicable laws and regulations.
For any and all privacy-related matters, questions, or comments, or to exercise a right under the GDPR, the CCPA, or others you may contact us by email. Our contact information is as follow:
Please allow a reasonable amount of time to respond to your request.