Last Updated: September 2022
A reference to “Sophus,” “we,” “us” or the “Company” is a reference to Sophus Consulting and its relevant affiliates involved in the collection, use, sharing, or other processing of Personal Data.
1. Responsible Entity
2. Processing Activities Covered
3. What Personal Data Do We Collect?
4. What Device and Usage Data Do We Process?
5. Purposes for Which We Process Personal Data
6. Who Do We Share Personal Data With?
8. How Long Do We Keep Your Personal Data?
9. Your Rights Relating to Your Personal Data
10. How We Secure Your Personal Data
12. Contact Us
For more information, please also see Section 9.4 below.
• Use our Sophus Connect portal;
• Visit our branded social media pages;
• Receive communications from us, including emails, phone calls, texts or fax;
• Use our software products and services as an authorized user where we act as a controller of your Personal Data; or
• Apply for employment opportunities with us.
Our websites and services may contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any data to these websites.
The Personal Data we collect from you includes identifiers, professional or employment-related information, internet activity information, and inferences drawn from any of these categories. We collect such information in the following situations:
• If you express an interest in obtaining additional information about our services; request customer support; or use our “Contact Us” or similar features; we may require that you provide to us your contact information, such as your name, job title, company name, address, phone number, or email address;
• If you interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers), which may qualify as Personal Data (please see the “What device and usage data do we process?” section, below) using cookies, web beacons, or similar technologies;
• If you make use of our Sophus Connect portal, we will collect your name, email, and password;
• If you use and interact with our services, we automatically collect information about your device and your usage of our services through log files and other technologies, some of which may qualify as Personal Data (please see the “What device and usage data do we process?” section, below);
• If you communicate with us via a phone call from us, we may record that call; and
• If you voluntarily submit certain information to our services, such as submitting online forms or surveys, we collect the information you have provided as part of that request.
We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies to automatically collect information that may contain Personal Data as you navigate our websites, our services, or interact with emails we have sent to you.
4.1. Device and Usage Data
As is true of most websites, we gather certain information automatically when individual users visit our websites. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider, mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites.
This information is used to analyze overall trends, help us provide and improve our websites, offer a tailored experience for website users, and secure and maintain our websites.
In addition, we gather certain information automatically as part of your use of our software products and services. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, browser type, Internet service provider or mobile carrier, the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system and system configuration information and date and time stamps associated with your usage. This information is used to maintain the security of the services, to provide necessary functionality, to improve performance of the services, to assess and improve customer and user experience of the services, to review compliance with applicable usage terms, to identify future opportunities for development of the services, to assess capacity requirements, to identify customer opportunities, and for the security of Sophus generally (in addition to the security of our products and services).
Some of the device and usage data collected by the services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this device and usage data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers.
4.2. Cookies, Web Beacons and Other Tracking Technologies
To make our websites and services work properly, we sometimes place small data files called cookies on your device. A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, or other preferences) over a period of time, so you do not have to keep re-entering them whenever you come back to the site or browse from one page to another.
Most modern browsers allow you to change your cookie settings. You can usually find these settings in the options or preferences menu of your browser. To understand these settings, the following links for commonly used browsers may be helpful:
• Cookie settings in Chrome
• Cookie settings in Firefox
• Cookie settings in Microsoft Edge
• Cookie settings in Safari web and iOS
4.3. Do-Not-Track Signals
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. We do not recognize or respond to browser-initiated DNT signals, as the Internet industry is currently still working toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT.
We collect and process your Personal Data for the following purposes:
• Promoting the security of our websites and services: We process your Personal Data by tracking use of our websites and services, creating aggregated non-personal data, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies to the extent it is necessary for promoting the safety and security of the services, systems and applications;
• Handling contact and user support requests: If you fill out a web form or request user support, or if you contact us by other means including via a phone call, we process your Personal Data to perform our contract with you and to the extent it is necessary for fulfilling your requests and communicating with you;
• Developing and improving our websites and services: We process your Personal Data to analyze trends and to track your usage of and interactions with our websites and services to the extent it is necessary for developing and improving our websites and services and providing our users with more relevant content and service offerings;
• Assessing and improving user experience: We process device and usage data as described in Section 4.1 above, which in some cases may be associated with your Personal Data, to analyze trends and assess and improve the overall user experience to the extent it is necessary for developing and improving the service offering; • Identifying customer opportunities: We process your Personal Data to assess new potential customer opportunities to ensure that we are meeting the demands of our customers and their users’ experiences;
• Recording phone calls: We may record phone calls for training, quality assurance, and administration purposes. If required under applicable law, we will obtain your prior consent or give you the option to object to a call being recorded;
• Displaying personalized advertisements and content: We may process your Personal Data to conduct marketing research, advertise to you, provide personalized information about us and to provide other personalized content based upon your activities and interests (please see the “Your rights relating to your Personal Data” section below, to learn how you can control how the processing of your Personal Data by Sophus for personalized advertising purposes);
• Sending marketing communications: We will process your Personal Data or device and usage data, which in some cases may be associated with your Personal Data, to send you marketing information, product recommendations and other non-transactional communications (e.g., marketing newsletters, SMS, or push notifications) about us and our affiliates and partners, including information about our products or promotions (please see the “Your rights relating to your Personal Data” section below, to learn how you can control the processing of your Personal Data by Sophus for marketing purposes); and
• Complying with legal obligations: We process your Personal Data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws, to protect against misuse or abuse of our websites, protect personal property or safety, pursue remedies available to us, and limit our damages, comply with judicial proceedings, court orders or legal processes, respond to lawful requests, or for auditing purposes.
If we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to perform our contract with you.
We may share your Personal Data as follows:
•Other Users with Your Consent: If you use our Sophus Connect portal to post content, we may share your username and posts with other users on the platform. The settings you choose for your posts will determine how much information is shared with other users and/or the public.
• Professional Advisers: In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers – including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services; and
• Third Parties Involved in a Corporate Transaction: If we are involved in a merger, reorganization, dissolution or other fundamental corporate change, or sell a website or business unit, or if all or a portion of our business, assets or stock are acquired by a third party. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.
We may also share anonymous or de-identified usage data with Sophus’s service providers for the purpose of helping Sophus in such analysis and improvements. Additionally, Sophus may share such anonymous or de-identified usage data on an aggregate basis in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our services.
For more information on the recipients of your Personal Data, please contact us by using the information in the “Contact us” section, below.
Our websites are not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us using the contact details provided in the “Contact Us” section below. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information.
We may retain your Personal Data for a period of time consistent with the original purpose of collection (see the “Purposes for which we process Personal Data” section above) or as long as required to fulfill our legal obligations. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of or access to such data.
For more information on data retention periods, please contact us by using the information in the “Contact us” section, below.
9.1. Your Rights
You may have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws these rights may include the right to:
• Access your Personal Data held by us;
• Know more about how we process your Personal Data;
• Erase or delete your Personal Data, to the extent permitted by applicable data protection laws;
• Restrict our processing of your Personal Data, to the extent permitted by law;
• Object to our processing of your Personal Data. Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
• Opt-out of certain disclosures of your Personal Data to third parties; and
• Not be discriminated against for exercising your rights described above.
9.2. Additional Disclosures for Certain U.S. State Residents
We have listed the privacy rights for several U.S. state jurisdictions below, but we understand you may have additional rights in your jurisdiction. You may contact us directly at any time about exercising your data protection rights. We will consider your request in accordance with applicable laws.
Certain state laws require that we detail the categories of Personal Data that we disclose for certain “business purposes,” such as to service providers that assist us with securing our services or marketing our products.
We disclose the following categories of Personal Data for our business purposes:
• Personal information under California Civil Code section 1798.80;
• Internet activity information;
• Professional or employment-related information; and
• Inferences drawn from any of the above information categories.
Sensitive categories of Personal Data:
• Account log-in data.
Several jurisdictions grant state residents certain rights, including the right to access specific types of Personal Data, the right to correct inaccurate Personal Data, the right to learn how we process Personal Data, the right to know whether and how we disclose or sell Personal Data, the right to opt out of any sale of Personal Data, the right to request deletion of Personal Data in certain circumstances, the right to limit the use of your sensitive Personal Data, and the right not to be denied goods or services for exercising these rights.
Third Party Marketing. California law further permits you to request information regarding the disclosure of your personal information to third parties for the third parties’ direct marketing purposes. We do not disclose your personal information to third parties for the third parties’ direct marketing purposes.
Do Not Sell My Personal Information. Certain consumers have the right to opt out of the sale of the consumer’s personal information. In the preceding twelve months we have not sold personal information.
Limit the Use of My Sensitive Personal Information. We do not use or disclose sensitive personal information for any purpose other than providing our goods and services to you, or as otherwise permitted under applicable law.
If you are an authorized agent wishing to exercise rights on behalf of a state resident, please contact us using the information in the “Contact us” section below and provide us with a copy of the consumer’s written authorization designating you as their agent. We may need to verify your identity and place of residence before completing your rights request.
9.3. How to Exercise Your Rights
To exercise your rights, please contact us by using the information in the “Contact us” section below. Your personal data may be processed in responding to these rights. We will respond to all legitimate requests in a timely manner and in accordance with applicable laws, and will contact you if we need additional information from you in order to honor your request or verify your identity.
9.4. Your Rights Relating to Customer Data
9.5. Your Preferences for Marketing Communications
We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all of these communications from us by following the unsubscribe instructions provided in any email we send, by replying, or you can contact us using the contact details provided in the “Contact Us” section below. You will still continue to receive service-related messages concerning products and services you have purchased (unless we have indicated otherwise).
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. For example, when possible, we use encryption to transfer and store data. We further limit access to this data using access controls and confidentiality commitments.
However, no website, application, or transmission can guarantee security. Thus, while we have established and maintain what we believe to be reasonable procedures to protect the confidentiality, security, and integrity of personal information obtained through the Sites, we cannot ensure or warrant the security of any information you transmit to us.