Sona Systems : Privacy


View this privacy policy in PDF
Privacy Policy - PDF (81 kb)

Effective Date: May 24, 2017

This is Sona Systems, Ltd’s. (Company, we, us, our) privacy policy (Policy). If you are a customer, it is part of your contract with the Company. For customers in the United States; Canada (unless set out on your invoice); and South America, Company transmits data to servers located in the United States. For customers in Europe, Company may transmit the Customer Record to servers located in the United States but will not transmit Subject Information to servers located in the United States. Company complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Company has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit:

In compliance with Privacy Shield Principles, Company commits to resolve complaints about our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Company at or by mail at Sona Systems, Trummi 5, 12616 Tallinn, ESTONIA. If you have a question regarding our privacy policy please contact us. Company commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to data transferred from the EU to the US. The Federal Trade Commission has jurisdiction over Company’s compliance with the Privacy Shield. Under certain conditions, you may have the right to invoke binding arbitration for complaints regarding Privacy Shield not resolved by any of the other Privacy Shield mechanisms. More information can be found at:

The most recent version of this Policy will always be available at this address. Any changes to this policy, other than necessary to remedy typographical errors, will be announced by email to the primary address you have on file with us.

This privacy policy applies to the following information:

• Information necessary to provide Company’s services to customers; and
• Information processed by Company while providing services to customers.

How Company uses information necessary to provide Company’s services to customers

Company collects the following information from customers when they purchase its services (the “Customer Record”):

• Customer corporate name;
• Contact name of an individual at customer’s location who is responsible for the services;
• Email addresses provided to Company by the customer as contact points;
• Physical address; and
• Payment information.

Information that is part of the Customer Record will be used by Company to:

• Collect payment;
• Market Company’s services to the customer;
• Contact the customer about issues related to the service; and
• Contact the customer about issues of general interest to Company’s customers;
• In response to an inquiry about the status of Company’s services and to provide troubleshooting about those services.

The Customer Record may be shared with third parties only in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

The Customer Record will only be sold by Company in conjunction with the sale, or other acquisition, of its business. It is not otherwise sold or rented to third parties.

The Company does not market to individuals under thirteen years of age, and does not knowingly collect information directly from these individuals.

Customers may opt out of providing information for their Customer Record by declining to be Customers. Providing information for a Customer Record is required to become a Customer. Customers may inform the Company by email of any changes to the Customer Record.

Should Company practices with respect to processing or use of a Customer Record change, or should Company desire to disclose the Customer Record to any third party not acting as an agent of Company, Company will provide you with notice (either by means of an amendment to this Privacy Policy or otherwise) and provide an opportunity for you to opt out.

The Privacy Shield Principles describe Company’s obligations with respect to personal information that it transfers to third parties as described in this Privacy Policy. Company remains responsible and liable as provided in the Principles if the third party processes the personal information in a manner that is not consistent with the Privacy Shield Principles, unless Company proves that it is not responsible for the event giving rise to the damage.

How Company uses information processed by it while providing services to customers

Company’s services process the following personally identifiable information provided to Company by its customers (the “Subject Information”). Company does not collect this Subject Information independently and does not export Subject Information originating from the EU to the US:

• Full name and email address of each user, and user’s language preference for the system interface.
• Other information chosen by the customer in Company’s interface, which may include, but is not limited to: university identification number, telephone number, course enrollment information, study sign-up information, research data collected in online surveys, data collected as part of prescreening for eligibility in research studies.

Subject Information will be used by Company to:

• Perform the services as set out in the agreement between Company and its customer;
• To maintain the infrastructure that supports the services; and
• In response to an inquiry by the customer providing the Subject Information to Company to troubleshoot those services.

Subject Information will be provided to third parties in the following circumstances:

• To backup the Subject Information;
• As authorized by Company’s customer; and
• In response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Subject Information will only be sold by Company in conjunction with the sale, or other acquisition, of its business.

How Company uses other types of information

Cookies. Cookies are small data files that are placed automatically on a customer’s computer by our computers. These data files are read by our computer to determine whether you have visited our site before, how often, the length of time and which pages you view. Company use cookies to keep customers logged into its service; to collect transactional information about where its customers go during their use of our services and how they behave as well as to set language preferences. Cookies are not used in conjunction with Subject Information, and, other than as necessary to keep a customer logged into the services, do not identify an individual. Information collected using cookies is not sold by Company, or used outside the services, other than as necessary to provide the services to customers.

Statistical Information. Company uses statistical information to operate the infrastructure necessary to provide the services to customers and to diagnose problems with this infrastructure. Statistical information is the following: the IP address used by a customer, or subject, to access the services; page access information; study selection, modification, and other transactional information related to the studies and study sign-ups. Statistical information is not used in conjunction with Subject Information. Statistical information is not sold by Company, or used outside the services, other than as necessary to provide, troubleshoot, and bill the services to customers.

Credit Card Information. The Company directs Customers who seek to pay by credit card to PayPal. Information transmitted to PayPal is governed by their terms and conditions.

Deletion and Preservation of Information. Information covered by this Policy may be deleted upon a customer’s request. The Company may keep information covered by this Policy for a period of six months from the date of Customer’s termination of their relationship with Company, or as required by law.

Changing and Correcting Information. If a customer wishes to access and/or update the information Company has collected, the customer may either log in to our website or client systems and view and change its information.