Last updated: 16 September 2024
European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”) and the EU GDPR it forms part of the laws of the United Kingdom (“UK GDPR”) by virtue of section 3 of the European Union (Withdrawal) Act 2018 (as amended, including by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019) (“UK GDPR”), including, in each case (i) and (ii) any applicable national implementing or supplementary legislation (e.g., the UK Data Protection Act 2018), and any successor, amendment or re-enactment, to or of the foregoing (together, the “GDPR”) and Switzerland require Sauce Labs to provide additional and different information about its data processing practices to data subjects in the European Economic Area (“EEA”), the United Kingdom and Switzerland (collectively, “EEA+”).
Scope
If you are located in the EEA+ and access our Services or we collect, transmit, capture, or otherwise process your personal data, this Supplemental EEA+ Privacy Policy applies to you.
This Supplemental EEA+ Privacy Policy does not apply where:
You are not in the EEA+; or
Sauce Labs acts as a Processor and not a Controller.
Sauce Labs acts as a Processor on behalf of our customers, where we process personal data contained in their Customer Data (as defined in the Sauce Labs Terms of Service) to provide our services to them. In these cases, we process that personal data on their behalf under the terms and conditions of our Sauce Labs Customer Data Processing Addendum.
Who is the Controller?
If you are using our Services, the Controller is Sauce Labs Inc, 450 Sansome Street, 9th Floor, San Francisco, California, 94111 USA +1-855-677-0011.
If you are communicating with the personnel of a Sauce Labs entity in-person or via phone, email or mail, the controllers are Sauce Labs Inc., the Sauce Labs entity with whom you are communicating and any other Sauce Labs entity with whom you or your organization does business.
What Are Our Legal Bases for Processing Personal Data?
We process your personal data on several different legal bases, as follows:
Contract Performance: We process the personal data of users of our Services as necessary to perform our contractual obligations to such users or take steps at such users’ request prior to entering into a contract, pursuant to Article 6(1)(b) of the GDPR.
Legitimate Interests: We process the personal data of users of our Services as necessary to pursue the following legitimate interests, pursuant to Article 6(1)(f) of the GDPR: To provide users with a good user experience, to maintain and secure our Services, to manage and secure our events, to understand our users so that we can tailor our communications and services, including our marketing communications, to them, and to support and provide requested services and information to our users or customers. In these cases, we will ensure that your privacy and other fundamental interests do not override our legitimate interests.
Legal Obligations: If we are subject to a lawful access request, engaged in a legal proceeding or suspect a user of illegal conduct, we may need to process your personal data as necessary to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal process, pursuant to Article 6(1)(c) of the GDPR.
Consent: If we are required to obtain your consent to send you marketing communications, place certain cookies on your device, or engage in other processing activities associated with the Services, we may perform such processing on the basis of your consent if you have provided it, pursuant to Article 6(1)(a) of the GDPR. In such cases, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. In such cases, providing your consent is voluntary, but we will not be able to provide you with a service for which we require your consent until we obtain such consent.
Vital Interests: In extenuating circumstances, we may need to process your personal data to protect the vital interests of you or another natural person, pursuant to Article 6(1)(d) of the GDPR.
We have set out below the legal bases we rely on in respect of the relevant purposes for which we use your personal data, as further described in ‘How Do We Use Your Personal Information?’ in the Privacy Policy.
Data Types | Purposes | Legal Bases |
Contact Data | To communicate with you in relation to your account | Contract Performance |
To provide you with marketing communications, promotional offers and updates on new products and services | Legitimate Interests We have a legitimate interest in promoting our operations and goals as an organization and sending marketing communications for that purpose Consent, in circumstances or in jurisdictions where consent is required under applicable data protection laws to the sending of any given marketing communications | |
To administer, secure, optimize, and run a Sauce Labs event, such as SauceCon, and improve future events | Contract Performance to administer Sauce Labs events in accordance with the terms or rules thereof In respect of securing, optimizing, and running Sauce Labs events and improving future events, these promotions and contests: Legitimate Interests – we have a legitimate interest in promoting Sauce Labs events, including associated publicizing of our business and operations; and Consent – in circumstances or in jurisdictions where consent is required under applicable data protection laws to the sending of any given promotional communications | |
Account Information | To create an account for you or the organization for which you work | Contract Performance Legitimate Interests We have a legitimate interest in using and authenticating your Account Information with a view to ensuring the ongoing security of our Services and associated systems and networks |
To manage the account | Contract Performance Legitimate Interests We have a legitimate interest in using and authenticating your Account Information with a view to ensuring the ongoing security of our Services and associated systems and networks | |
To fulfil your orders for products and services | Contract Performance Legitimate Interests We have a legitimate interest in using and authenticating your Account Information with a view to ensuring the ongoing security of our Services and associated systems and networks | |
Correspondence Data | To respond to any specific comments or questions you may have | Legitimate Interests We have a legitimate interest in responding to you where you have asked questions or made comments about our Services or Sauce Labs |
Technical Data and Usage Date | To provide, maintain, monitor, secure, debug, customize and optimize our Services | Legal Obligations Legitimate Interests We have a legitimate interest in ensuring the ongoing security and proper operation of our Services and associated systems and networks |
To develop and improve our products and Services | Legitimate Interests We have a legitimate interest in providing you with a good service, which is personalized to you and that remembers your selections and preferences Consent, in respect of any optional cookies used for this purpose | |
Publicly Available Information | To supplement the other personal data we hold about you in support of our sales and marketing activities | Legitimate Interests We have a legitimate interest in promoting our operations and goals as an organization and ensuring our marketing databases are accurate, relevant and up-to-date for that purpose |
Any and all data types relevant in the circumstances (Applies to the following rows) | To perform activities necessary to ensure compliance with applicable national, state, provincial and other applicable laws, and to respond to requests from government authorities | Legal Obligations Legitimate Interests Where Legal Obligations is not applicable, we have a legitimate interest in participating in, supporting, and following legal process and requests, including through cooperation with authorities. We may also have a legitimate interest in ensuring the protection, maintenance, and enforcement of our rights, property, and/or safety Vital Interests, where necessary in extenuating circumstances such as needing to protect the health or safety of a user or another natural person |
" " | To protect the legal interests, health or safety of a user, us, or other third parties, such as in the event of a complaint or dispute, or to perform credit recovery procedures or credit assignments to authorized third parties | Legal Obligations Legitimate Interests Where Legal Obligations is not applicable, we have a legitimate interest in participating in, supporting, and following legal process and requests, including through co-operation with authorities. We may also have a legitimate interest in ensuring the protection, maintenance, and enforcement of our rights, property, and/or safety Vital Interests, where necessary in extenuating circumstances such as needing to protect the health or safety of a user or another natural person |
" " | Sharing amongst our Affiliates | Legitimate Interests We and our Affiliates have a legitimate interest in ensuring the effective and connected operation of our Group and to help to improve our and their services and business practices. |
" " | In the context of corporate events, we may share certain personal information in the context of actual or prospective business transactions (e.g., investments in Sauce Labs, financing of Sauce Labs, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain personal information with prospective counterparties and their advisers. We may also disclose your personal information to an acquirer, successor, or assignee of Sauce Labs. as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets | Legitimate Interests We and any relevant third parties have a legitimate interest in providing information to relevant third parties who are involved in an actual or prospective corporate event (including to enable them to investigate – and, where relevant, to continue to operate – all or relevant part(s) of our operations). However, we would always look to take steps to minimize the amount and sensitivity of any personal information shared in these contexts as possible and as we consider appropriate in the circumstances. |
Where Do We Transfer Personal Data, and How Do We Protect Such Transfers?
We disclose your personal data only to recipients in the following jurisdictions outside of the EEA+:
Jurisdictions deemed by the relevant bodies to provide an adequate level of protection for personal data that is equivalent to that provided by applicable data protection laws in the EEA+ and
Other jurisdictions in circumstances where:
We have established specific appropriate safeguards, which are designed to give personal data effectively the same protection it has in the EEA+ – for example, standard-form contracts approved by the relevant bodies used for this purpose (e.g., the ‘Standard Contractual Clauses’ in the EEA, or the ‘International Data Transfer Agreement’ in the UK); or
We can rely on an exception, or ‘derogation,’ which permits us to transfer your personal data to such a country despite the absence of an ‘adequacy decision’ or ‘appropriate safeguards’ – for example, reliance on your explicit consent to that transfer.
Participation in the Data Privacy Framework (DPF), as detailed below:
Data Privacy Framework (DPF)
Sauce Labs complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
Sauce Labs has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.
Sauce Labs has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.
You can ask for more information, including a copy of such appropriate safeguards, by contacting privacy@saucelabs.com.
Data Protection Officer (DPO) and Supervisory Authority
Sauce Labs maintains a relationship with the following Data Protection Officers (DPO) via ISiCO Datenschutz, GmbH in Berlin:
Iana Kaminska (kaminska@isico-datenschutz.de)
Joanna Zielinska (zielinska@isico-datenschutz.de)
The application of relevant laws and regulations for Sauce Labs in Europe is governed by the Berlin Supervisory Authority :
Berlin Commissioner for Data Protection and Freedom of Information Berliner Beauftragte fur Datenschutz und Informationsfreiheit: Friedrichstrasse 219 10969 Berlin Tel: 030/138 89-0 Fax: 030/215 50 50 mailbox@datenschutz-berlin.de
