Last updated: May 24, 2018
Sauce Labs Inc. and its affiliated companies, including Sauce Labs Europe GmbH and Sauce Labs Canada Inc. (which are collectively referred to in this Privacy Notice as “Sauce Labs”, “we”, “us” or “our”) know that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly. An affiliated company (referred to in this Privacy Notice as “Affiliated” or an “Affiliate”) means any entity that directly or indirectly controls, is controlled by, or is under common control with us, and “control” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
In this Privacy Notice, we provide information about how we collect, use and disclose personal information about you. We use the terms “personal information” and “personal data” to mean any information relating to an identified or identifiable individual.
If you are located in the European Economic Area (“EEA”), please also see our Supplemental EEA Privacy Notice below.
Table of Contents
- What Types of Personal Information Do We Collect?
- How Do We Use Your Personal Information?
- To Whom Do We Disclose Your Personal Information?
- What Security Measures Have We Implemented?
- What about Third-Party Advertisers and Links to Other Websites?
- How Can You Access and Correct Personal Information, and Exercise Other Rights?
- Your Choices
- Amendments; Contact Us
- Who is the Data Controller?
- What Are Our Legal Bases for Processing Personal Data?
- Where Do We Transfer Personal Data and How Do We Protect Such Transfers?
- What Data Subject Rights Do You Have?
- How Long Do We Retain Your Personal Data?
- Are You Required to Provide Personal Data?
This Privacy Notice applies to our collection, use and disclosure of personal information received via the following channels:
- Any websites, products, services and software that we operate and in which we post a direct link to this Privacy Notice (collectively our “Services”); and
- Face-to-face, phone, email, mail or other business interactions with individual representatives of our customers, vendors or other businesses interested in our products and services.
This Privacy Notice does not apply to data that is uploaded to customer accounts in our Services (including accounts supplied through free trial offerings) for processing in the course of testing websites or native mobile applications, including any data contained in the websites or native mobile applications being tested, test commands and input data, output data, test logs, screen shots, videos, reports and analytics furnished by our Services. We refer to this data as “Test Data” and our processing of Test Data is governed by the terms of our agreements with our account holders.
If you access or use our Services or otherwise actively provide us with your personal information, you agree that we may collect, use and process your personal information as outlined in this Privacy Notice and as permitted by applicable laws. If you do not agree to the terms of this Privacy Notice, please do not use our Services or provide us with any personal information. This section regarding consent does not apply if you are based in the EEA or Switzerland.
What Types of Personal Information Do We Collect?
Information You Actively Submit on our Services: If you create an account, register for a free trial, order services, or otherwise send us data through our Services, we collect personal information about you and the company or other entity you represent (e.g., your name, organization, address, email address, phone number and fax number). You may also provide information specific to your interaction with our Services, such as payment information to make a purchase. In such instances, you will know what data is collected, because you will actively submit it.
- To remember when you have logged into your account on our Services;
- To process any transactions you make on our Services;
- To prevent fraud;
- To gather statistical information about usage of our Services;
- To enable interactive features in our Services;
- To advertise our Services on third party websites and other digital media.
Information You Actively Submit in Person or via Email, Mail or Phone: We may also collect your personal information outside of the Services in various business situations, such as if you speak with our personnel at a trade show or industry event, call us for phone-based customer service, or email or mail our personnel for business purposes. In these circumstances, we may collect and process your contact information (e.g., name, email address, phone number and business address), information about your business and its interactions with us, and any other personal information you actively provide to us. In such instances, you will know what data is collected, because you will actively submit it.
Publicly Available Information: If you have identified yourself to us as a user of our Services or expressed interest in our products or services, we may collect the following personal information about you from publicly available sources: your organization, contact information, preferences and demographic information. These publicly available sources include public profiles on company and professional networking websites.
How Do We Use Your Personal Information?
We offer our websites, products and Services to business customers. Our Services are not intended or suited for consumers or children.
We use personal information that we collect about you to:
- Upon request, create an account for you or the organization for which you work;
- Fulfill your orders for products and services;
- Update your account, orders and transactions;
- Discharge our contractual obligations to you;
- Provide requested services and information;
- Respond appropriately to your inquiries;
- Secure, debug, optimize and improve the performance of our Services;
- Customize your experience on the Services; and
- Comply with any legal obligations that apply to us.
To the extent permitted by applicable law, including in accordance with your consent where required by applicable law, we use your email address to send you marketing communications. If you do not wish to receive such marketing emails, you may opt out by declining to receive such emails when registering or at other information collection points on our Services or by following opt-out instructions included in such emails.
We may use personal information about you collected from publicly available sources, and combine it with other personal information we have collected about you, to complete our customer profile of you in support of our sales and marketing activities.
We also perform statistical analyses of the users of our Services to improve the content, design and navigation of the Services. In these cases, we use anonymized, aggregate or statistical data that cannot be used to identify you.
To Whom Do We Disclose Your Personal Information?
Information about our customers is an important part of our business, and we are not in the business of selling it to others. We share your personal information only as described below and in accordance with applicable law.
Third-Party Service Providers: We employ our Affiliated and other unaffiliated companies and individuals to perform functions on our behalf, such as to send email, remove repetitive information from customer lists, analyze data, provide marketing assistance, provide search results and links (including paid listings and links), process credit card payments, and provide customer service. They have access to personal information needed to perform their functions, but may not use it for other purposes.
Affiliates: We share your personal information with our Affiliates to help fulfil sales, respond appropriately to requests and to improve our and their services and business practices. A list of our operating Affiliates and their addresses is available here.
Business Transfers: As we continue to develop our business, we might sell or buy subsidiaries, business units or our entire business. In such transactions, customer information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless the customer consents otherwise) and applicable laws.
Protection of Sauce Labs and Others: We disclose account and other personal information when we believe it is appropriate to comply with the law; enforce or apply our Conditions of Use and other agreements; or protect the rights, property, or safety of Sauce Labs, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. This does not include selling, renting, sharing, or otherwise disclosing personally identifiable information from customers for commercial purposes in violation of the commitments set forth in this Privacy Notice.
With Your Consent: Other than as set out above, we will obtain your consent as required by law before disclosing your personal information to a third party.
What Security Measures Have We Implemented?
We take reasonable steps to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. For example, we use Secure Sockets Layer (SSL) software, which encrypts information you input, to protect information you submit via our Services.
We reveal only the last four digits of your credit card numbers when confirming an order. Of course, we transmit the entire credit card number to the appropriate credit card company during order processing.
It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer.
What about Third-Party Advertisers and Links to Other Websites?
Sauce Labs does not display third-party advertisements on its Services at this time.
We may provide links to other third-party websites and services that are outside our control and not covered by this Privacy Notice. We encourage you to learn about the privacy practices of those third parties.
How Can You Access and Correct Personal Information, and Exercise Other Rights?
If you have an account on our Services, please note that our Services give you access to a broad range of information about your account and your interactions with our Services for the limited purpose of viewing and, in certain cases, updating that information.
Otherwise, to exercise the statutory rights you may have under applicable law, such as to access, correct, update, delete, block or limit our use of your Personal Information, please contact us at firstname.lastname@example.org and clearly describe your request. We will try to comply with your request as soon as reasonably practicable and always under the timeframes set forth by applicable laws. Please note that we may need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to your request, or for other purposes as required or authorized by law.
You can choose not to provide personal information to us. However, some features of our Services, such as your profile, require that we collect some personal information about you.
If you do not want to receive marketing emails from us, please adjust your email preference settings by clicking here or click on the “opt-out” link in the communication. Even after you have opted out of receiving marketing emails from us, we may still contact you for transactional or informational purposes. These include, for example, customer service issues or any questions regarding a specific inquiry you made to us.
Amendments; Contact Us
Our business changes constantly, and our Privacy Notice will also change. If we change, modify, add or remove portions of this Privacy Notice, we will provide you with notice of such updates as required by applicable law and upload the updated Privacy Notice to our website saucelabs.com. You should check our website regularly to see any recent changes we may have made.
Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account. We stand behind the promises we make and will never materially change our policies and practices to make them less protective of customer information collected in the past without the consent of affected customers.
If you have any questions or concerns about the contents of this Privacy Notice, please contact us at email@example.com, and we will try to resolve them.
SUPPLEMENTAL EEA PRIVACY NOTICE
European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”), requires Sauce Labs to provide additional and different information about its data processing practices to data subjects in the European Economic Area (“EEA”).
If you are located in a member state of the EEA and access our Services or otherwise provide us with your personal data in-person or via phone, email or mail, this Supplemental EEA Privacy Notice applies to you.
Who is the Data Controller?
If you are using our Services, the data controller is Sauce Labs Inc., 116 New Montgomery St, 3rd Floor, San Francisco, California, 94105 USA +1.855.677.0011.
If you are communicating with the personnel of a Sauce Labs entity in-person or via phone, email or mail, the data controller is the Sauce Labs entity with whom you are communicating and any other Sauce Labs entity with whom you or your organization does business. A list of our operating Affiliates and their addresses is available here.
Sauce Labs is a Data Processor on behalf of the applicable account holder with respect to Test Data uploaded to an account in our Services.
What Are Our Legal Bases for Processing Personal Data?
We process your personal data on several different legal bases, as follows:
Contract Performance: Use of our Services is subject to our Conditions of Use and other applicable terms and conditions. We process the personal data of users of our Services as necessary to perform our contractual obligations in respect of such users or take steps at such users’ request prior to entering into a contract, pursuant to Article 6(1)(b) of the EU GDPR.
Legitimate Interests: We process the personal data of users of our Services as necessary to pursue the following legitimate interests, pursuant to Article 6(1)(f) of the EU GDPR: To provide users with a good user experience, to maintain and secure our Services, to understand our users so that we can tailor our communications and services, including our marketing communications, to them, and to support and provide requested services and information to our users or customers. In these cases, we will ensure that your privacy and other fundamental interests do not override our legitimate interests.
Legal Obligations: If we are subject to a lawful access request, engaged in a legal proceeding or suspect a user of illegal conduct, we may need to process your personal data as necessary to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal process, pursuant to Article 6(1)(c) of the EU GDPR.
Consent: If we are required to obtain your consent to send you marketing communications, place certain cookies on your device, or engage in other processing activities associated with the Services, we may perform such processing on the basis of your consent if you have provided it, pursuant to Article 6(1)(a) of the EU GDPR. In such cases, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. In such cases, providing your consent is voluntary, but we will not be able to provide you with a service for which we require your consent until we obtain such consent.
Vital Interests: In extenuating circumstances, we may need to process your personal data to protect the vital interests of you or another natural person, pursuant to Article 6(1)(d) of the EU GDPR.
Where Do We Transfer Personal Data and How Do We Protect Such Transfers?
We disclose your personal data to recipients in the following jurisdiction or jurisdictions outside of the EEA which provide adequate protection to personal data according to the European Commission: Canada. In each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective (see Article 45 of the EU GDPR).
We disclose your personal data to recipients in the following jurisdiction or jurisdictions outside of the EEA which do not provide adequate protection to personal data according to the European Commission: the United States of America. By entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Article 46(5) of the EU GDPR or other adequate means, we have established that all such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer (including to our Affiliates outside the EEA) is subject to appropriate onward transfer requirements as required by the applicable contract or applicable law. You can ask for a copy of such appropriate data transfer agreements by contacting firstname.lastname@example.org.
What Data Subject Rights Do You Have?
Under the conditions set out under the EU GDPR and any other national data protection laws in the EEA, you have the following rights:
- Right of access: You have the right to obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to the personal data. The access information includes, among other things, the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. You have the right to obtain a copy of the personal data undergoing processing. Subject to applicable law, we may charge a reasonable fee for copies, based on administrative costs.
- Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure: You have the right to ask us to erase your personal data to the extent it is not required for legally required purposes.
- Right to restriction of processing: You have the right to request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
- Right to data portability: You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
- Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. Exercising this right will not incur any cost. Such a right to object may not exist, in particular, if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
- Right to Submit Complaints: You have a right to lodge a complaint with a supervisory authority.
Please note that these rights may be limited under the applicable national data protection law. To exercise your rights please contact us at email@example.com.
How Long Do We Retain Your Personal Data?
If you register for an account on our Services, we retain your personal data for as long as you have an account with us. If you provide your personal data in connection with a request for information or other services from us, we retain your personal data for as long as necessary to provide you with the requested information or services. We will delete, erase or anonymize your personal data within one month after your personal data is no longer necessary for us to provide you with any information or services you have requested, pursue any of the legitimate interests specified herein where the legitimate interest is not overridden by your fundamental rights or privacy interests, comply with any legal obligations to which we are subject, or defend any legal claim against us or support any legal claim made by us, including any potential appeal.
Are You Required to Provide Personal Data?
You are not required to provide any personal data to us, but if you do not provide any personal data to us, you may not be able to use certain features of our Services, such as those available to accountholders. You can use our Services without consenting to cookies that are not strictly necessary; the only consequence is that our Services will be less tailored to you. You can also use our Services without consenting to receiving marketing communications from us; the only consequence is that you may not receive marketing communications that you may be interested in.