Sona Systems Supplemental Privacy Statement

Effective Date: April 11, 2024

This Supplemental Privacy Statement describes how Sona Systems, Ltd (”Sona”) collects, uses, maintains, and discloses personal data about users of Sona’s cloud-based research and participant management software (the “Services”). Each individual user is referred to in this document as a “User.” Sona’s “Customer” is the institution through which the User participates.

This Supplemental Privacy Statement applies only to personal data of which Sona is the controller for purposes of the EU General Data Protection Regulation and UK General Data Protection Regulation (together, “GDPR”) and, separately, to the extent Sona is a “business” for purposes of the California Consumer Privacy Act of 2018 (“CCPA”). To view Sona’s complete Privacy Policy, please visit:

Sona collects the User’s IP address information and associated login information when the User logs into the Services. This information is collected for the purpose of:

  • Performing the Services as set out in the agreement between Sona and its Customer;
  • Maintaining the infrastructure that supports the Services; and
  • Troubleshooting those Services in response to Customer inquiries.

This processing is necessary for the purposes of the legitimate interests pursued by Sona and its Customer. Sona retains the personal data described above for approximately 6 months, except that it may be deleted upon a Customer’s request, unless Sona is subject to other legal retention requirements.

The information referred to above will be stored on servers located within the United States, and is never transferred to a third country. Sona is certified under Privacy Shield. More information can be found at:


Under GDPR, a User has the right to:

  • information about the processing of the User’s personal data;
  • obtain access to the personal data held about the User;
  • ask for incorrect, inaccurate or incomplete personal data to be corrected;
  • request that personal data be erased when it’s no longer needed or if processing it is unlawful;
  • object to the processing of personal data for marketing purposes or on grounds relating to the User’s particular situation;
  • request the restriction of the processing of User’s personal data in specific cases; and
  • receive User’s personal data in a machine-readable format and send it to another controller (‘data portability’)

Sona does not engage in automated decision-making, including profiling, that affects Users.

European Union and UK individuals with inquiries or complaints regarding privacy matters should first contact Sona.

For EU individuals, Sona and its Data Protection Officer, Justin Fidler, may be reached by email at [email protected] or by mail at Sona Systems, Trummi 5, 12616 Tallinn, ESTONIA. EU individuals also have the right to lodge a complaint with a supervisory authority.


A User whose personal information is covered by CCPA (as defined in that law) may contact Company as follows to request required disclosures under CCPA:


Cookies are small data files that are placed automatically on a User’s computer by Sona’s computers. Sona uses cookies to keep Users logged into its service; to track a User’s language preference for the interface; and to track if a User has chosen to dismiss the window referring to this Supplemental Privacy Statement. Information collected using cookies is not sold by Sona, or used outside the services, other than as necessary to provide the services to Users.