Privacy Policy

Effective Date: August 18, 2021

This is Sona Systems, Ltd’s. (Company, we, us, our) privacy policy (Policy). If you are a customer, it is part of your contract with the Company. For customers in the United States; Canada (unless set out on your invoice); and South America, Company transmits data to servers located in the United States. For customers in Europe, Company may transmit the Customer Record and Inquiry Information to servers located in the United States, on the basis of Company’s participation in the EU-U.S. Privacy Shield Framework and the related adequacy decision by the European Commission, but will not transmit Subject Information to servers located outside the European Union. Company complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Company has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit:

In compliance with Privacy Shield Principles, Company commits to resolve complaints about our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Company. Company and its Data Protection Officer, Justin Fidler, may be reached at [email protected] or by mail at Sona Systems, Trummi 5, 12616 Tallinn, ESTONIA. If you have a question regarding our privacy policy please contact us. Company commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to data transferred from the EU to the US. The Federal Trade Commission has jurisdiction over Company’s compliance with the Privacy Shield. Under certain conditions, you may have the right to invoke binding arbitration for complaints regarding Privacy Shield not resolved by any of the other Privacy Shield mechanisms. More information can be found at:

Company also complies with the European Union’s General Data Protection Regulation (GDPR), enforceable as of May 25, 2018. EU citizens also have the right to lodge a complaint with a supervisory authority.

Finally, Company complies with the California Consumer Privacy Act of 2018 (“CCPA”). A consumer whose personal information is covered by CCPA (as defined in that law) may contact Company as follows to request required disclosures under CCPA:

The most recent version of this Policy will always be available at this address. Any changes to this policy, other than necessary to remedy typographical errors, will be announced by email to customers to the primary address you have on file with us.

This privacy policy applies to the following information:

  • Information obtained via inquiries
  • Information necessary to provide Company’s services to customers; and
  • Information processed by Company while providing services to customers.

How Company uses information obtained via inquiries

When a third party contacts us via our website or other means, Company may collect information voluntarily provided by that third party, including (“Inquiry Information”):

  • Third party’s Corporate name;
  • Name of an individual who serves as the third party’s contact;
  • Email address of contact person

How Company uses information necessary to provide Company’s services to customers

Company collects the following information from customers when they contract for Company’s services (the “Customer Record”):

  • Customer corporate name;
  • Contact name of an individual at customer’s location who is responsible for the services;
  • Email addresses provided to Company by the customer as contact points;
  • Physical address; and
  • Payment information.

Information that is part of the Customer Record will be used by Company to:

  • Collect payment;
  • Market Company’s services to the customer;
  • Contact the customer about issues related to the service; and
  • Contact the customer about issues of general interest to Company’s customers;
  • In response to an inquiry about the status of Company’s services and to provide troubleshooting about those services.

The Customer Record may be shared with third parties only in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

The Customer Record will only be sold by Company in conjunction with the sale, or other acquisition, of its business. It is not otherwise sold or rented to third parties.

The Company does not market to individuals under sixteen years of age and does not knowingly collect information directly from these individuals.

Customer Record information is collected on the basis of the contractual relationship between the Company and Customer, except that contact names and email addresses of individuals may be collected on the basis of the Company’s legitimate interest in having one or more contacts with whom Company can correspond regarding the Customer. Customers may opt out of providing information for their Customer Record by declining to be Customers. Providing information for a Customer Record is required to become a Customer. Customers may request from the Company access to, rectification of, erasure of, restriction of processing of the Customer Record when applicable, and may inform the Company by email of any changes to the Customer Record. Customers also have the right to object to processing of applicable data within the Customer Record and the right to data portability.

Should Company practices with respect to processing or use of a Customer Record change, or should Company desire to disclose the Customer Record to any third party not acting as an agent of Company, Company will provide you with notice (either by means of an amendment to this Privacy Policy or otherwise) and provide an opportunity for you to opt out.

The Privacy Shield Principles describe Company’s obligations with respect to personal information that it transfers to third parties as described in this Privacy Policy. Company remains responsible and liable as provided in the Principles if the third party processes the personal information in a manner that is not consistent with the Privacy Shield Principles, unless Company proves that it is not responsible for the event giving rise to the damage.

How Company uses information processed by it while providing services to customers

Company’s services process the following personally identifiable information provided to Company by its customers (the “Subject Information”):

  • Full name and email address of each user, and user’s language preference for the system interface.
  • Other information chosen by the customer in Company’s interface, which may include, but is not limited to: university identification number, telephone number, course enrollment information, study sign-up information, research data collected in online surveys, data collected as part of prescreening for eligibility in research studies.

For the sake of clarity, you should know that Company does not collect this Subject Information independently and does not export any Subject Information that originates in the EU.

Subject Information will be used by Company to:

  • Perform the services as set out in the agreement between Company and its customer;
  • To maintain the infrastructure that supports the services; and
  • In response to an inquiry by the customer providing the Subject Information to Company to troubleshoot those services.

Subject Information will be provided to third parties in the following circumstances:

  • To backup the Subject Information;
  • As authorized by Company’s customer; and
  • In response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Subject Information will only be sold by Company in conjunction with the sale, or other acquisition, of its business.

How Company uses other types of information

Cookies. Cookies are small data files that are placed automatically on a customer’s computer by our computers. These data files are read by our computer to determine whether you have visited our site before, how often, the length of time and which pages you view. Company uses cookies to keep customers logged into its service; to collect transactional information about where its customers go during their use of our services and how they behave as well as to set language preferences. Cookies are not used in conjunction with Subject Information, and, other than as necessary to keep a customer logged into the services, do not identify an individual. Information collected using cookies is not sold by Company, or used outside the services, other than as necessary to provide the services to customers.

Google Analytics. Company uses Google Analytics where visitors to our website consent to such use. You may view information about how Google Analytics collects and processes data at: When you first visit or use our website, you will be asked to consent to the storing and accessing of cookies and other information on your computer or other electronic device.

Statistical Information. Company uses statistical information to operate the infrastructure necessary to provide the services to customers and to diagnose problems with this infrastructure. Statistical information is the following: the IP address used by a customer, or subject, to access the services; page access information; study selection, modification, and other transactional information related to the studies and study sign-ups. Statistical information is not used in conjunction with Subject Information. Statistical Information, including IP address, is collected on the basis of the Company’s legitimate interest in operating its infrastructure so as to provide services to its customers. Statistical information is not sold by Company, or used outside the services, other than as necessary to provide, troubleshoot, and bill the services to customers.

Credit Card Information. The Company directs Customers who seek to pay by credit card to a credit card processing company. This may be either PayPal or Stripe, depending upon the amount of the transaction and the currency in which Customer proposes to pay. Information transmitted to a credit card company directly by Customers is governed by and subject to the terms and conditions of such credit card processing company.

Deletion and Preservation of Information. Information covered by this Policy may be deleted upon a customer’s request or, for Subject Information, by customer’s own independent action in its discretion. Absent a request for deletion, Company may otherwise retain Customer Record and Inquiry Information for the convenience of those using or inquiring about its services. Company may also retain information as required by law.

Changing and Correcting Information. To access or update Customer Record or Inquiry Information, customer must contact Company as described above in this Policy. Subject Information can be accessed or updated by a data subject or by customer’s administrator.