Last Updated: September 15, 2022
Sagemath complies with the requirements of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively “Privacy Shield”), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Economic Area and Switzerland to the United States. Sagemath commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship. Sagemath has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and Supplemental Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Sagemath’s certification, please visit www.privacyshield.gov. Additionally, Sagemath may protect information through other legally valid methods, including international data transfer agreements.
This Policy applies to all Sagemath’s operating divisions, subsidiaries, affiliates, and branches, including its U.S. affiliates certified under the Privacy Shield and any additional subsidiary, affiliate, or branch of Sagemath that we may subsequently form.
NOTE: Regarding the United Kingdom, EU law (including EU data protection law) will continue to apply to and in the UK during the Transition Period from January 31, 2020, until December 31, 2020.
3 TRANSPARENCY/NOTICE—TYPES of Personal Information We Collect and How We Use It
The types of Personal Information we may collect (directly from you or from Third-Party sources) and our privacy practices depend on the nature of the relationship you have with Sagemath and the requirements of applicable law. Some of the ways that Sagemath may collect Personal Information include:
You may provide Personal Information directly to Sagemath through interacting with the Services, participating in surveys, and requesting Services, or information.
As you navigate the Services, certain passive information may also be collected about your visit, including through cookies and similar technologies as described below.
We endeavor to collect only that information which is relevant for the purposes of Processing. Below are the ways we collect Personal Information and how we use it.
3.1 Types of Personal Information We Collect
Sagemath collects Personal Information regarding its current, prospective, and former clients, customers, users, visitors, guests, and Employees (collectively “Individuals”).
Information You Provide Directly to Us. When you use the Services or engage in certain activities, such as registering for an account with Sagemath, responding to surveys, requesting Services or information, or contacting us directly, we may ask you to provide some or all of the following types of information:
Communications with Us. We may collect Personal Information from you such as email address, phone number or mailing address when you choose to request information about our Services, register for Sagemath’s newsletter or a loyalty program that we may offer, request to receive customer or technical support, or otherwise communicate with us.
Surveys. We may contact you to participate in surveys. If you do decide to participate, you may be asked to provide certain information which may include Personal Information. All information collected from your participation in our surveys is provided by you voluntarily.
Posting on the Services. Sagemath may offer publicly accessible forums, blogs, and social media pages. You should be aware that, when you disclose information about yourself in on Sagemath’s forums, blogs, and social media pages, the Services will collect the information you provide in such submissions, including any Personal Information. If you choose to submit content to any public area of the Site, such content will be considered “public” and will not be subject to the privacy protections set forth herein.
Automatic Data Collection. We may collect certain information automatically through our Services or other methods of web analysis, such as your Internet protocol (IP) address, cookie identifiers, mobile carrier, mobile advertising identifiers, MAC address, details about your browser or device, geo-location information, Internet service provider, pages that you visit before and after using the Services, and other information about how you use the Services.
Information from Other Sources. We may receive information about you from other sources, including through Third-Party services and organizations to supplement information provided by you. This supplemental information allows us to verify information that you have provided to Sagemath and to enhance our ability to provide you with information about our business, products, and Services.
3.2 How Sagemath, Inc. Uses Your Information
We Process Personal Information about Individuals for the following business purposes:
To Provide Products, Services, or Information Requested:
- Generally manage Individual information and accounts;
- Respond to questions, comments, and other requests;
- Provide access to certain areas, functionalities, and features of Sagemath’s Services;
- Contact you to answer requests for customer support or technical support;
- Allow you to register for events.
- Measure interest in Sagemath’s Services;
- Develop new products and Services;
- Ensure internal quality control;
- Verify Individual identity;
- Communicate about Individual accounts and activities on Sagemath’s Services and systems, and, in Sagemath’s discretion, changes to any Sagemath policy;
- Send email to the email address you provide to us to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance;
- Process payment for products or services purchased;
- Process applications and transactions;
- Prevent potentially prohibited or illegal activities;
- Enforce our Terms.
Marketing Sagemath Products and Services:
- To tailor content, advertisements, and offers;
- To notify you about offers, products, and services that may be of interest to you;
- To provide Services to you and our sponsors;
- For other purposes disclosed at the time that Individuals provide Personal Information;
- Otherwise with your consent.
You may contact us at any time to opt out of the use of your Personal Information for marketing purposes as set forth below.
Research and Development. Sagemath may use Personal Information to create non-identifiable information that we may use alone or in the aggregate with information obtained from other sources, in order to help us to optimally deliver our existing products and Services or develop new products and Services. We may share anonymous Individual and aggregate data for research and analysis purposes.
Direct Mail, Email and Outbound Telemarketing. Individuals who provide us with Personal Information, or whose Personal Information we obtain from Third Parties, may receive periodic emails, newsletters, mailings, or phone calls from us with information on Sagemath’s or our business partners’ products and services or upcoming special offers/events. We offer the option to decline these communications at no cost to the Individual by following the instructions set forth below.
Anonymous and Aggregated Information Use. Sagemath may use Personal Information and other information about you to create anonymized and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access Sagemath’s Services, or other analyses we create. Anonymized or aggregated information is not Personal Information, and Sagemath may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. We may share this information within Sagemath and with Third Parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
Other Uses. Sagemath may use Personal Information to pursue our legitimate interests, such as direct marketing, marketing research, network and information security, and fraud prevention and any other purpose disclosed to you at the time you provide Personal Information or otherwise with your consent.
3.5 Third-Party Payment Processing
When you make purchases through the Services, we process your payments through a Third-Party application, including Stripe, PayPal, (together with any similar applications, “Payment Processor”) and Social Networking Sites (“SNS”) such as Facebook, GitHub, Google, or Twitter. The Third-Party application may collect certain financial information from you to process a payment on behalf of Sagemath, including your name, email address, address and other billing information.
4 Human Resources Data
Sagemath collects Personal Information from current, prospective, and former Employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy (“Human Resources Data”). The Human Resources Data we collect may include title, name, address, phone number, email address, date of birth, passport number, driver’s license number, Social Security number or other government-issued identification number, financial information related to credit checks, bank details for payroll, information that may be recorded on a CV or application form, language abilities, contact information of third parties in case of an emergency and beneficiaries under any insurance policy. We may also collect Sensitive Human Resources Data such as details of health and disability, including mental health, medical leave, and maternity leave; information about national origin or immigration status; and optional demographic information such as race, which helps us achieve our diversity goals.
We Process Human Resources Data for a variety of business purposes including:
- Workflow management, including assigning, managing and administering projects;
- Human Resources administration and communication;
- Payroll and the provision of benefits;
- Compensation, including bonuses and long-term incentive administration, stock plan administration, compensation analysis, including monitoring overtime and compliance with labor laws, and company recognition programs;
- Job grading activities;
- Performance and employee development management;
- Organizational development and succession planning;
- Benefits and personnel administration;
- Absence management;
- Helpdesk and IT support services;
- Regulatory compliance;
- Internal and/or external or governmental compliance investigations;
- Internal or external audits;
- Litigation evaluation, prosecution, and defense;
- Diversity and inclusion initiatives;
- Restructuring and relocation;
- Emergency contacts and services;
- Employee safety;
- Compliance with statutory requirements;
- Processing of Employee expenses and travel charges; and
- Acquisitions, divestitures, and integrations.
5 Onward Transfer—Sagemath May Disclose Your Information
5.2 International Data Transfers
You agree that all information collected via or by Sagemath may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States, the European Union, in the cloud, on our servers, on the servers of our affiliates, or the servers of our service providers, in order to provide the Services.
6 Opt-Out (RIGHT TO object to PROCESSING)
You have the right to object to and opt out of certain uses of your Personal Information. Where you have consented to Sagemath’s Processing of your Personal Information or Sensitive Personal Information, you may withdraw that consent at any time and opt out of further Processing by contacting [email protected]. Even if you opt out, we may still collect and use non-Personal Information regarding your activities on our Services and/or information from the advertisements on Third-Party websites for non-interest based advertising purposes, such as to determine the effectiveness of the advertisements.
6.2 Email and Telephone Communications
We maintain telephone “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within 60 days after receipt, or such shorter time as may be required by law.
6.3 Mobile devices
Sagemath may occasionally send you push notifications through our mobile applications with notices that may be of interest to you. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. Sagemath may also collect location-based information if you use our mobile applications. You may opt out of this collection by changing the settings on your mobile device.
6.4 Human Resources Data
With regard to Personal Information that Sagemath receives in connection with the employment relationship, Sagemath will use such Personal Information only for employment-related purposes as more fully described above. If Sagemath intends to use this Personal Information for any other purpose, Sagemath will notify the Individual and provide an opportunity to opt out of such uses.
6.5 “Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
7 Rights of Access, Rectification, Erasure, and Restriction
In accordance with applicable law, you may have the right to: (i) request confirmation of whether we are processing your personal information; (ii) obtain access to or a copy of your personal information; (iii) receive an electronic copy of personal information that you have provided to us, or ask us to send that information to another company (the “right of data portability”); (iv) restrict our uses of your personal information; (v) seek correction of inaccurate, untrue or incomplete personal information; and (vi) request erasure of personal information held about you by Sagemath, subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us as set forth below.
We will process such requests in accordance with applicable laws. To protect your privacy, Sagemath will take steps to verify your identity before fulfilling your request.
8 Data Retention
9 Security of Your Information
By using the Services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services or sending an e-mail to you. You may have a legal right to receive this notice in writing.
10 Children’s Privacy
The Services are not directed to children under 16 years of age, and Sagemath does not knowingly collect Personal Information from children under 16 years of age. If we learn that we have collected any Personal Information from children under 16 years old, we will promptly take steps to delete such information.
11 Redress/Compliance and Accountability
If you are an EU or Swiss citizen and feel that Sagemath is not abiding by the terms of this Policy, or is not in compliance with the Privacy Shield Principles, please contact Sagemath at the contact information provided above.
In addition, Sagemath has agreed to refer unresolved complaints related to Personal Information to JAMS Privacy Shield Dispute Resolution Program and, with respect to Employee and human resources data, has committed to cooperate with the panel established by local data protection authorities and comply with the advice given by the panel for EU citizens and with the Swiss Federal Data Protection and Information Commissioner’s authority and advice for such data of Swiss citizens. For more information and to submit a complaint regarding Individual data to JAMS, a dispute resolution provider which has locations in the United States and EU, visit www.jamsadr.com/eu-us-privacy-shield.
Such independent dispute resolution mechanisms are available to citizens free of charge. If any request remains unresolved, you may contact the national data protection authority for your EU Member State.
You may also have a right, under certain conditions, to invoke binding arbitration under Privacy Shield; for additional information, see www.privacyshield.gov/article?id=ANNEX-I-introduction. The FTC has jurisdiction over Sagemath’s compliance with the Privacy Shield.
12 Other Rights and Important Information
12.2 California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the Third Parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. Sagemath does not share Personal Information with Third Parties for their own marketing purposes.
This Policy shall be implemented by Sagemath and all its operating divisions, subsidiaries and affiliates. Sagemath has put in place mechanisms to verify ongoing compliance with Privacy Shield Principles and this Policy. Any Employee that violates these privacy principles will be subject to disciplinary procedures.
The following capitalized terms shall have the meanings herein as set forth below.
“Agent” means any Third Party that Processes Personal Information pursuant to the instructions of, and solely for, Sagemath or to which Sagemath discloses Personal Information for use on its behalf.
“Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, worker, or retiree of Sagemath or its subsidiaries worldwide.
“Personal Information” is any information relating to an identified or identifiable natural person (“Individual”).
“Privacy Shield” means the seven (7) principles of the Privacy Shield Framework: (1) notice, (2), choice, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access, and (7) recourse, enforcement, and liability. Additionally, it includes the sixteen (16) supplemental principles described in the Privacy Shield: (1) sensitive data, (2) journalistic exceptions, (3) secondary liability, (4) performing due diligence and conducting audits, (5) the role of the data protection authorities, (6) self-certification, (7) verification, (8) access, (9) human resources data, (10) obligatory contracts for onward transfers, (11) dispute resolution and enforcement, (12) choice – timing of opt-out, (13) travel information, (14) pharmaceutical and medical products, (15) public record and publicly available information, and (16) access requests by public authorities.
“Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes Personal Information regarding EU residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the Individual’s sex life; or (8) information relating to the commission of a criminal offense.
“Third Party” is any company, natural or legal person, public authority, agency, or body other than the Individual, Sagemath or Sagemath’s Agents.
14 Revision history
A revision control history for this web page can be found at github.com/sagemathinc/cocalc/commits/master/src/packages/next/pages/policies/privacy.tsx.