This Supplemental Privacy Statement describes how Sona Systems, Ltd (”Sona”) collects, uses, maintains, and discloses personal data about users of Sona’s cloud-based research and participant management software (the “Services”). Each individual user is referred to in this document as a “User.” Sona’s “Customer” is the institution through which the User participates.
Sona collects the User’s IP address information and associated login information when the User logs into the Services. This information is collected for the purpose of:
Performing the Services as set out in the agreement between Sona and its Customer;
Maintaining the infrastructure that supports the Services; and
Troubleshooting those Services in response to Customer inquiries.
This processing is necessary for the purposes of the legitimate interests pursued by Sona and its Customer. Sona retains the personal data described above for approximately 6 months, except that it may be deleted upon a Customer’s request, unless Sona is subject to other legal retention requirements.
The information referred to above will be stored on servers located in Canada, and is never transferred to a third country. Canada is the subject of an adequacy decision by the European Commission.
Under GDPR, a User has the right to:
information about the processing of the User’s personal data;
obtain access to the personal data held about the User;
ask for incorrect, inaccurate or incomplete personal data to be corrected;
request that personal data be erased when it’s no longer needed or if processing it is unlawful;
object to the processing of personal data for marketing purposes or on grounds relating to the User’s particular situation;
request the restriction of the processing of User’s personal data in specific cases; and
receive User’s personal data in a machine-readable format and send it to another controller (‘data portability’)
Sona does not engage in automated decision-making, including profiling, that affects Users.
European Union individuals with inquiries or complaints regarding privacy matters should first contact Sona. Sona and its Data Protection Officer, Justin Fidler, may be reached by email at [email protected] or by mail at Sona Systems, Trummi 5, 12616 Tallinn, ESTONIA. EU citizens also have the right to lodge a complaint with a supervisory authority.
A User whose personal information is covered by CCPA (as defined in that law) may contact Company as follows to request required disclosures under CCPA:
Manage participant pools, increase participation, and eliminate no-shows