- The types of information we collect and how we use the data.
- The steps we take to make sure your data is secure.
- The rights you have to your data, and how you can manage the data we have on you.
- We collect cookie and usage data for analytics and research purposes only.
- IP addresses are anonymized when storing usage data, so usage data is not easily identifiable.
- If you subscribe to our mailing list or contact us directly, your contact information will be stored and only used to communicate with you
- We use third parties to help us manage our relationship with you and monitor how you use our site and our service. They cannot use your personal data for their own purposes and may only use it to help us provide our service. We also make sure all third parties comply with applicable data protection laws.
Information we collect:
We only collect information that we need to provide you our services, and information that you voluntarily provide to us.
Here is a list of personal data we may collect in the course of business:
|Personal Data Type||Reason for Processing||Lawful Basis for Processing|
|IP address||For security purposes and to track how you use our site.||Legitimate interests|
|Locational data||To improve your site experience by adjusting the language and currency to fit your likely preferences||Consent|
|Email address||To contact you if you sign up for marketing emails, or if you subscribe to the Hub||Legitimate interests|
|Site/platform usage data||To improve our website and Hub platform||Legitimate interests|
|Hub profile data||To tailor your policies, offer recommendations, and attest to your compliance progress as part of our service.||Performance of contract|
|Payment details||To provide our service||Performance of contract|
|Marketing and communications data||To document our communication history and improve the quality of our marketing materials||Legitimate interests|
How your Personal Data is Collected
We use different methods of obtaining personal data from and about you, including:
- Direct interactions: You provide the information to us, either by filling in forms on our site or in the Sovy Hub, or through email correspondence. This information could include email address, locational data, hub profile data, payment details, and marketing and communications data.
- Website, cookies, and marketing: when you use our site, we may drop cookies on your computer to track your location, ip address, and site usage data.
- Publicly available sources: we collect identity data such as your name, email address, and company information from public registers of individuals or organisations (for example, Companies House in the United Kingdom).
Why we collect that data, and how we use it:
We collect and process only the personal information that we need to ensure that our services work properly.
For example, if you use our Privacy Checkup, we’ll only collect the information that you provide us, and store it as part of your profile so that you don’t have to input that information again. Then we’ll use that information in order to analyze what issues exist in your company’s data management, and to recommend services for you.
We may combine data, including personal information, from multiple Sovy services (e.g. the Privacy Scan and the Sovy Hub). This is so that we can aggregate all your – and your business’ – information under one profile and make more informed and holistic recommendations. We only do this if you have subscribed to the Sovy Hub so we can help autofill information that you have already given us.
We do not collect or store any highly sensitive, or "special categories", of personal information.
We only retain, or store, personal information for as long as necessary for our original purpose of our service to be carried out. All data we store is secured through strict access controls, meaning only those who need the information for their job are allowed to access it. We also employ pseudonymization and anonymization where possible.
We will ask for your consent before using personal data for a purpose other than the original purpose(s) we used to collect it.
A cookie is a small amount of data generated by a website and saved by your web browser. We do collect certain cookies to improve your experience on our site, but we also offer resources to manage what cookies you want to allow, we will not associate an identifier from cookies or similar technologies with special categories.
Cookies help us keep track of your profile and preferences as you navigate through different pages across our services. Because your privacy is important, we give you control over your cookies. You can see the cookies we collect and control them through our cookie consent manager, which you can access by clicking "Manage Cookies" on our cookie banner or by clicking "Manage Consent" under "Quick Links" at the bottom of our homepage.
Some of our services are automated processes, in that humans are not involved. However, the decisions made at the end are simply to provide recommendations for you and have no legal or similarly significant effect. We also make sure that no automated decision is based on sensitive categories of data.
We use third party data processors to help us manage our relationship with you and monitor how you use our site and our service. They cannot use your personal data for their own purposes and may only use it to help us provide our service. We also make sure all third parties comply with applicable data protection laws. If those companies are outside the country you’re in or we’re in, then we’ll make sure that their privacy practices are compliant with ours and the data transfer conforms with applicable laws, such as the General Data Protection Regulation (GDPR)
We may outsource some of our processing to a third-party, called a data processor, who acts on our authority. In such cases, we will make sure that any data we give them is contractually protected under the same (or better) technical and organizational safeguards that Sovy uses.
Some of our processing and storage takes place in the United States, and some of it may take place in Ireland and the United Kingdom. In the event that your personal information is transferred from one country to another, we ensure that the transfer is compliant with the appropriate data protection and privacy laws. When transferring personal data from the EU to the US, we ensure that the organization is contractually bound by agreements such as Standard Contract Clauses approved by the European Commission, or confirm that the organization is certified under the EU-US Privacy Shield.
Your rights to your data
We want to make it easy for you to understand your rights and empower you to use them.
You have the right to:
- Access any personal information we have on you
- Rectify any personal information that may be incorrect
- Object to processing
- Restrict processing
- (Request to) Erase any of your personal information
- Data Portability (the right to get your information in a machine-readable format and transfer it easily and freely from us to another controller.
If, upon accessing what data we have on you, you feel like we shouldn’t have certain data, don’t hesitate to contact us and request that we stop processing that data and erase it. When you make any legitimate requests for restriction, erasure, or rectification, we’ll notify you as soon as we’ve made the necessary corrections/deletions.
To effect any of these rights, contact us at firstname.lastname@example.org.
You can also contact our Data Protection Officer:
152-160 City Road
If you feel like your rights are infringed and wish to lodge a complaint about us, you have the right to register a complaint to your Supervisory Authority. You can find their contact information here. Before submitting your complaint to a Supervisory Authority, we ask that you first try to settle the matter with us.
We take great care to make sure any personal information is secure, in motion and at rest. We use state-of-the-art encryption, pseudonymization, and privacy by design techniques to make sure that all of your information is safe. In the unlikely event of a data breach, we’ll make sure to contact you if your personal information was compromised and has the risk of causing significant harm.
Compliance and Changes
Our services and products are not knowingly directed at, nor do we knowingly collect any information from persons under the age of sixteen (16). If you are under the age of sixteen (16), please do not use this website or its applications. If you learn that your minor child has provided us with personal information without your consent, please contact us.
Last revised: August 27, 2019