Privacy Notice
Last updated
Last updated
Last updated: January 10, 2023
Stacksync SA ("Stacksync") respects your right to privacy. This Privacy Notice explains who we are, how we collect, store, share and use personal data about you, and how you can exercise your privacy rights. This Privacy Notice applies to personal data that we collect, including through our website at www.stacksync.com, within our product(s) and on other websites that Stacksync operates and that link to this policy ("collectively Websitesβ).
If you have any questions or concerns about our use of your personal data, then please contact us using the contact details provided at the bottom of this Privacy Notice. This privacy notice is inspired by the documentation of industry peers and best practices such as Fivetran Inc.
What personal data does Stacksync collect and why?
Broad Categories of personal data collected:
The personal data that we may collect about you broadly falls into the following categories of sources:
Information that you provide voluntarily Certain parts of our Website may ask you to provide personal data voluntarily: for example, we may ask you to provide your contact details in order to register an account with us, for technical support, to subscribe to marketing communications from us, to register for an event, to access content, and/or to submit inquiries to us. The personal data that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal data. If you decide not to provide some information voluntarily, you may still use our Websites though your access to some functionality and areas of our Websites may be restricted.
Information that we collect automatically When you visit our Website, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal data under applicable data protection laws. Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked. Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors. Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading βCookies and similar tracking technologyβ below.
Information that we obtain from third party sources From time to time, we may receive personal data about you from third-party sources (including, but not limited to, lead generation providers, partners, content syndication providers, third-party enrichment tools, and meeting maker vendors), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal data to us. The types of information we collect from third parties include name, contact information, title and or role within your organization, internet activity, company data, and we use the information we receive from these third parties to market our services to you.
Sensitive Personal Data
We may collect sensitive personal data, or special category personal data, from customers as a part of providing our services. We do not use sensitive personal data for any other commercial purpose, we do not sell sensitive personal data, and do not share sensitive personal data for online advertising.
Who does Stacksync share my personal data with?
We may disclose your personal data to the following categories of recipients:
to our group companies and third-party services providers who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Website), or who otherwise process personal data for purposes that are described in this Privacy Notice or notified to you when we collect your personal data. A list of our current subprocessors is available here https://docs.stacksync.com/security/subprocessors;
to our partners, who we may share with in connection with, selling or distributing our products and services, or engaging in joint marketing activities, in accordance with your expressed marketing preferences.
to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Privacy Notice;
to any other person with your consent to the disclosure.
Third parties we share with for a business purpose (in the last 12 months):
Third parties we share with for a commercial purpose (including sale/online advertising in the past 12 months):
Legal basis for processing personal data
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
However, we will normally collect personal data from you only (i) where we need the personal data to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.
If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).
If we collect and use your personal data in reliance on our legitimate interests (or those of any third party), this will normally be to operate our platform and to communicate with you as necessary β for example, when responding to your queries, analyzing use of and improving our platform, undertaking marketing activities for existing customers as legally permitted, and detecting or preventing illegal activities. We may have other legitimate interests and we will make clear to you at the relevant time what those legitimate interests are. We rely on these legal bases to process data for the following purposes: to help provide the services (e.g. customer support and usage data) and to market our services to you (e.g. online advertising and gauging buyer intent).
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the βHow to contact usβ heading at the bottom of this notice.
Cookies and similar tracking technology
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Website owners can use cookies for a variety of reasons that can include enabling their websites to work (or work more efficiently), providing personalized content and advertising, and creating website analytics.
Cookies set by the website owner (in this case, Stacksync) are called "first-party cookies". Only the website owner can access the first-party cookies it sets. Cookies set by parties other than the website owner are called "third-party cookies.β Third-party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content and social sharing). The parties that set these third-party cookies can recognize your device both when it visits the website in question and also when it visits other websites that have partnered with them.
Stacksync may use web beacons, tags, flash cookies, HTML5, and scripts (βData Toolsβ) in the Websites or in emails to help deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon. Stacksync may receive reports based on the use of these technologies by our service/analytics providers on an individual and aggregated basis.
If you want to learn more about cookies, or how to control, disable or delete them, please visit https://allaboutcookies.org for detailed guidance. For further information on how to manage Flash cookies, please click here.
Why do we use cookies?
We use first-party and third-party cookies for several reasons. Some cookies are required for technical reasons that are strictly necessary for our Websites to operate, and we refer to these as "essential" cookies. Other cookies also enable us to provide website functionality, or to enhance visitors' experience on our Websites by providing them with personalized content and advertising. This is described in more detail below.
Cookies collect certain standard information that your browser sends to the Websites such as your browser type and language, access times, and the address of the website from which you arrived at a Website. They may also collect information about your Internet Protocol (IP) address, clickstream behavior (i.e. the pages you view, the links you click, and other actions you take when you use the Websites) and product information. These are called first-party cookies and they are essential to the Websitesβ operation.
Stacksync may also contract with third-party advertising networks that collect non-personally identifiable information and personal data through the Websites and emails and on third-party web sites. Ad networks follow your online activities over time by collecting usage data through Data Tools. They use this information to provide advertisements about products and services tailored to your interests. You may see these advertisements on other websites. This process also helps us manage and track the effectiveness of Stacksyncβs marketing efforts.
The Websites may include third-party social media features, such as the Facebook Like button, and third-party widgets, such as the βShare Thisβ button or interactive mini-programs that run on the Websites. These features may collect your IP address, which page you are visiting on the Websites, and set a cookie to enable the feature to function properly. Your interaction with these features is governed by the privacy policy of the third-party company providing it.
We use third-party advertising companies to display ads on the Websites tailored to your individual interests based on your internet activity, as well as to provide advertising-related services such as ad delivery, reporting, attribution, analytics, and market research. You can manage your preferences with regards to the receipt of tailored advertisements in the cookie settings described below. Please note if these cookies are switched off, you will continue to see advertisements, but they will no longer be tailored to your interests.
The specific types of first- and third-party cookies served through our Websites and the purposes they perform are described in our cookie settings page.
What about other tracking technologies, like web beacons?
Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enable us to recognize when someone has visited our Website or opened an email that we have sent them. This allows us, for example, to monitor the traffic patterns of users from one page within our Websites to another, to deliver or communicate with cookies, to understand whether you have come to our Websites from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of email marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will often impair their functioning.
How can you control cookies?
You have the right to decide whether to accept or reject cookies. You can exercise your cookie preferences in our cookie settings page.
You can also set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our Websites though your access to some functionality and areas of our Websites may be restricted. As the means by which you can refuse cookies through your web browser controls vary from browser to browser, you should visit your browser's help menu for more information.
In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit https://www.aboutads.info/choices/ or https://www.youronlinechoices.eu/ if located in the European Union.
How does Stacksync keep my personal data secure?
We use appropriate technical and organizational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data. Stacksync is hosted on leading cloud service providers (linked on our security page at https://stacksync.com/docs/security#physicalandenvironmentalsafeguards) and uses industry-standard security protocols to protect personal data. Personal data is stored on private servers. All connections between the end user and our servers are encrypted with SSL, and server software is kept continuously up to date with the latest security patches.
International data transfers
Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
To view our data residency locations, view our data residency policy here at https://stacksync.com/docs/security#stacksyncdataresidency. Our group companies, third party service providers, and partners operate around the world.
However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Privacy Notice. These include implementing the European Commissionβs Standard Contractual Clauses, the UK Addendum for Standard Contractual Clauses, and other applicable standard contractual clauses for transfers of personal data between our group companies, which require all group companies to protect personal data they process in accordance with applicable data protection law.
Our Data Protection Addendum is available online at https://www.stacksync.com/legal#dpa, and our Standard Contractual Clauses can be provided on request by contacting us at privacy@stacksync.com. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.
Data retention
We retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. For more detailed information on our retention practices, see https://stacksync.com/docs/security#retentionofcustomerdata.
Your data protection rights
You have the following data protection rights:
If you wish to access, correct, update or request deletion of your personal data, you can do so at any time by contacting us using the contact details provided under the βHow to contact usβ heading at the bottom of this notice.
In addition, you can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data. Again, you can exercise these rights by contacting us using the contact details provided under the βHow to contact usβ heading at the bottom of this notice.
You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the βunsubscribeβ or βopt-outβ link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the βHow to contact usβ heading at the bottom of this notice.
Similarly, if we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
You have the right to opt out of the sale of your personal data, including sharing personal data for online advertising. For more information, visit our cookie settings page.
We do not use or disclose your sensitive personal data, except for the purposes of providing the services to our customers.
You have the right to non-discrimination, meaning we may not discriminate against a data subject for exercising a privacy right.
You have the right to have your authorized agent make a data privacy request on your behalf. For more information, please contact us using the contact details provided under the βHow to contact usβ heading at the bottom of this notice.
You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
If you are not satisfied with our response regarding your data privacy request, you have the right to appeal our decision. For more information, please contact us using the contact details provided under the βHow to contact usβ heading at the bottom of this notice. If you are not satisfied with the result of the appeal, you have the right to contact your respective attorney general depending on where you reside.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Privacy Shield Statement
To the extent Stacksync collects or processes personal data either on Stacksyncβs website or through the use of the Services, Stacksync complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the, collection, use and retention of personal data transferred from the European Union, United Kingdom and/or Switzerland to the United States, respectively. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view the certification for Stacksync, please visit https://www.privacyshield.gov/.
Stacksyncβs accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Stacksync remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Stacksync proves that it is not responsible for the event giving rise to the damage.
If you have an unresolved privacy or data use concern that Stacksync has not addressed satisfactorily, please contact our third party dispute resolution provider (at no cost to you). Contact us for more information on our current provider.
For any Privacy Shield disputes that cannot be resolved by the methods above, you may be able to invoke a binding arbitration process under certain conditions. To find out more about the Privacy Shieldβs binding arbitration scheme, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
The Federal Trade Commission has investigation and enforcement authority over Stacksyncβs compliance with the Privacy Shield. Stacksync does not rely on Privacy Shield for cross border transfers as Stacksync relies on standard contractual clauses for compliance, but is committed to maintaining Privacy Shield Principles.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the βlast updatedβ date displayed at the top of this Privacy Notice.
How to contact us
If you have any questions or concerns about our use of your personal data, please contact us at privacy@stacksync.com, or at the following address:
Stacksync SA, Attn: Data Protection Officer,
1 rte dβEguechaudens, 1030 Bussigny, Vaud, Switzerland
We have a Data Protection Officer ("DPO") responsible for compliance with data protection law. Their contact details are dpo@stacksync.com.
The data controller of your personal data is Stacksync SA when we collect information from you for marketing purposes. Our customers are the data controller for personal data they provide to us when they use our services.
For any legal claims, the jurisdiction of Canton Vaud in Switzerland is the prevailing court.
Broad Categories Collected
Examples
Identifiers
Name, contact information, and other personal data that can directly or indirectly identify an consumer
Select Information in Customer Records
Name, contact information, company information.
Commercial Purchasing Information
Records of products and services purchased
Internet or Network Activity
Browsing history,
search history,
information regarding a consumerβs interaction with an Internet Web site, application, or advertisement.
Information Typically Detected by Senses
Audio information (call recordings)
Employment Information
Role, title, and other relevant employer information
Inferences Drawn from other Personal Data
Buying intent, and other relevant information to market or provide the services
Broad Categories Collected
Types of third parties we share with
Identifiers
Group companies, service providers, and partners
Select Information in Customer Records
Group companies, service providers, and partners
Commercial Purchasing Information
Group companies, service providers, and partners
Internet or Network Activity
Group companies, service providers, and partners
Information Typically Detected by Senses
Group companies, service providers, and partners
Employment Information
Group companies, service providers, and partners
Inferences Drawn from other Personal Data
Group companies, service providers, and partners
Broad Categories Collected
Types of third parties we share with
Identifiers
Group companies, partners, and any other person with your consent
Select Information in Customer Records
Group companies, partners, and any other person with your consent
Commercial Purchasing Information
Group companies, partners, and any other person with your consent
Internet or Network Activity
Group companies, partners, and any other person with your consent
Information Typically Detected by Senses
Group companies, partners, and any other person with your consent
Employment Information
Group companies, partners, and any other person with your consent
Inferences Drawn from other Personal Data
Group companies, partners, and any other person with your consent