PRIVACY POLICY

Soundview Privacy Policy

This Privacy Policy is effective as of Jan 24, 2024.

This Soundview Privacy Policy (“Policy”) outlines the personal information that Soundview, Inc. (“Soundview”, “we”, “us” or “our”) gathers, how we use that personal information, and the options you have to access, correct, or delete such personal information.

Soundview's Commitment

Our commitment to advancing a more secure internet is anchored in the paramount importance we attribute to fostering trust among our Customers, users, and the global Internet community. To cultivate and uphold this trust, we pledge to communicate transparently, ensure security, and safeguard the privacy of data within our systems.

We prioritize the confidentiality of your personal information. Your data will not be sold or rented. We will only share or disclose your personal information when essential for providing our Services or as explicitly outlined in this Policy, unless we first provide you with notice and the opportunity to consent.

Policy Application

  • This Policy is relevant to Soundview’s handling of personal information across the following categories of data subjects:
  • Attendees: Individuals visiting our offices, attending Soundview-sponsored events, or participating in Soundview’s studies, including user experience research.
  • Website Visitors: Those exploring our Websites, possibly providing contact information for communications, survey responses, or feedback. "Websites" encompass www.Soundview.security and any other sites operated by Soundview that link to this Policy. Notably, this excludes sites owned or operated by our Customers, where we serve as Registrar.
  • Customers: Individuals or entities entering a subscription agreement with Soundview, receiving Services related to cloud-based solutions for enhancing Internet properties, applications, devices, and networks.
  • Administrative Users: Individuals with Soundview account login credentials or those administering Services for a Customer. This may involve cases where an Administrative User and Customer are the same or when an agent acts on behalf of a Customer.
  • End Users: Those accessing or using our Customers’ domains, networks, websites, application programming interfaces, and applications, including Customers’ employees, agents, or contractors utilizing Services like Soundview Zero Trust.
Additionally, this Policy does not extend to our Customers’ domains, websites, APIs, applications, and networks, each potentially governed by their own terms and privacy policies. Customers bear the responsibility for establishing policies and ensuring compliance with relevant laws regarding personal information collection concerning End Users interacting with our Services.

Soundview’s Websites and Services are not intended for individuals under the age of eighteen. We neither knowingly collect nor share personal information from individuals under eighteen. Upon awareness of possessing personal information of someone under eighteen, we will promptly delete it.

In instances where Soundview serves as a reverse proxy, our IP addresses may be visible in WHOIS and DNS records for websites using our Services. We operate as a conduit, with our Customers and their users assuming responsibility for the content transmitted through our network, including images, written content, graphics, and other materials.

Data Collection Details(data subject categories):

  • Attendees
  • Personal Information: We may request and collect details such as name, address, phone number, and email when you visit our offices, register for events, or participate in Soundview studies, including user experience research.
  • Image and Voice: When engaging in a Soundview study, we may seek your permission to record your voice and/or image.
  • Website Visitors
  • Contact Information: Personal data is collected when you voluntarily submit web forms on our Websites, sign up to receive communications, or engage in interactive features like surveys, contests, promotions, or studies.
  • Log Files: Information gathered during your visit to our Websites, including IP addresses, system configurations, URLs of referring pages, and language preferences, is stored in log files.
  • Cookies and Tracking Technologies: We employ cookies and similar technologies for various purposes, providing insights into your interactions with our Websites, assisting in marketing efforts. You can manage your cookie preferences through our designated links.
  • Customers and Administrative Users
  • Customer Account Information: During account registration, contact details are collected. This includes Customer names, email addresses of account administrators, telephone numbers, and addresses needed for payment processing and service delivery.
  • Payment Information: Payment details are not mandatory unless subscribing to paid Services. Payment and billing information, varying based on the chosen method, is collected.
  • Crash Reports: In case of unexpected errors, users may submit crash reports. The report content can be reviewed before submission.
  • End Users
  • Processing of Interactions: Soundview processes End Users' interactions with Customer’s Internet Properties and Services. This involves data such as IP addresses, traffic routing details, system configurations, and traffic information to and from Customers’ websites, devices, applications, and networks.
  • Customer Logs: Information accessible to Customers via the Service dashboard or online interface, defined as “Customer Logs.
  • Registrants
  • Contact and Domain Information: Data collected includes domain names, contact details (name, organization, address, phone number, and email address), name server, DNSSEC, and Form of Approval.
  • Network Data: Soundview accumulates and stores Network Data, comprising models, observations, reports, analyses, statistics, and databases derived from server, network, or traffic data. Network Data aids in identifying, analyzing, mitigating, preventing, and blocking malicious activities on Soundview’s network.

These practices align with our commitment to transparency and adherence to privacy regulations.

How We Utilize Collected Information

Soundview processes personal information in a manner aligned with its original purpose and relevance. In general, for the data categories outlined in Section 2, we may employ your personal information to:

  • Provide, operate, maintain, enhance, and market the Websites and Services for all users.
  • Facilitate your access and utilization of the Websites and Services.
  • Execute and finalize transactions, conveying related information, including purchase confirmations and invoices.
  • Dispatch transactional messages, addressing your comments, inquiries, and requests, offering customer service and support, and delivering technical notices, updates, security alerts, and support and administrative messages.
  • Fulfill legal obligations and investigate/prevent fraudulent transactions, unauthorized access, and other illicit activities.
  • Engage in additional purposes with your explicit consent.

Furthermore, information gathered from Attendees, Website Visitors, Registrants, and Customer Account Information may be utilized for:

  • Distributing commercial communications per your preferences, offering information about products, services, surveys, newsletters, promotions, contests, and events related to us and our partners.
  • Processing and delivering contest or sweepstakes entries and associated rewards.
  • Analyzing trends, usage, and activities for marketing or advertising objectives
  • Personalizing the Websites and Services by providing features or content tailored to your interests.
  • Registering office visitors and managing required non-disclosure agreements to protect our offices and confidential information.

Information from Third Party Services

We may integrate data collected from Section 2 with personal information obtained from third parties. For instance, combining information from a Soundview sales submission form with data from a third-party sales intelligence platform vendor enhances our marketing capabilities to Customers or potential Customers.

Data Aggregation

Soundview may aggregate acquired data about Customers, Administrators, and End Users. This involves assembling data to assess how web crawlers index the Internet, detect malicious activities, compile web traffic reports, and generate statistics. Non-personally identifiable, aggregated data may be shared with third parties.

Sharing of Information

We collaborate with Service Providers—external companies offering business and Soundview Service support. These partners aid in customer support, credit card processing, managing and contacting Customers and Administrators, sales leads, marketing support, and overall enhancement of our Services. Service Providers adhere strictly to our instructions, complying with this Privacy Policy, contractual agreements, and relevant confidentiality, data protection, and security regulations.

Our stringent policies prohibit Service Providers from selling shared personal information or utilizing it for their independent marketing endeavors.

Beyond Service Providers, your information may be shared in the following scenarios:

  • Within the Soundview Group, encompassing Soundview, Inc. (United States), and listed subsidiaries in Section 15.
  • With resellers and sales partners assisting in Services distribution.
  • With app developers upon app installation from our App Marketplace.
  • During mergers, sales, change in control, or business reorganization.
  • In response to subpoenas, court orders, legal processes, or to defend against legal claims.
  • When required to investigate, prevent illegal activities, suspected fraud, or threats to physical safety.
  • To comply with legal obligations or your consent.
Additional Sharing Information

Marketing & Advertising Partners

Our marketing and advertising partners may collect or receive personal information about you and analyze your interactions with our Websites or email communications. This aids in tailoring our marketing strategies. Opt-out options are available through our "Cookie Preferences" link on the Soundview.security homepage or by emailing us at info@soundview.security.

We may also share limited account information with these partners, and opting out is possible by contacting us.

California residents can find detailed information on data sharing for marketing and advertising purposes and their data subject rights in Section 16 below.

Notice to Residents of the EU, UK, and SWITZERLAND

In this Privacy Policy, the term "Personal information" refers to "personal data" as defined under the European Union ("EU") General Data Protection Regulations ("GDPR") and its United Kingdom ("UK") GDPR counterpart. Soundview acts as a data controller for personal information collected from all categories of data subjects mentioned earlier, except for being a data processor of Customer Logs, Administrative User logs, and certain account settings information. Additionally, Soundview functions as a data processor for content provided by Customers and End Users through the Services that either transits or, in some cases, is stored on the Soundview network. In situations where Soundview is a data processor, processing is conducted on behalf of Customers following their data processing instructions.

For individuals within the European Economic Area (EEA), the UK, or Switzerland, the legal basis for collecting and utilizing personal information depends on the collected information and the specific context. Generally, we collect personal information only where: (a) we have your consent, (b) it is necessary to fulfill a contract with you (e.g., delivering requested Soundview Services), or (c) processing is in our legitimate interests. Notably, failure to provide requested information may result in Soundview being unable to offer the requested service.

In certain instances, we may have a legal obligation to collect personal information, or it may be required to protect your vital interests or those of another person. If we rely on your consent for processing your personal data, you have the right to withdraw or decline consent at any time. In cases where our legitimate interests dictate personal data processing, you have the right to object, and you can contact us at info@soundview.security. For queries or additional information regarding the legal basis for collecting and using your personal information, please reach out to us at info@soundview.security.

International Transfer of Information

Soundview, being a U.S.-based global company, predominantly stores your information in the United States and the European Economic Area (EEA). To support our global operations, we may transfer and access such information globally, including from other countries where the Soundview Group operates, for the purposes outlined in this Policy.

In every instance of Soundview transferring personal information from one country to another, whether to another Soundview group company or a third-party service provider or partner, we implement suitable safeguards in accordance with the laws of the exporting territory. If you have queries or need additional information about the safeguards in place to protect your personal information, please contact us at info@soundview.security.

When Soundview transfers personal data from the EEA, Switzerland, or the United Kingdom (UK) to the United States, we rely on our certifications under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), and the UK Extension to the EU-U.S. DPF. In the event these certifications lapse or are invalidated, Soundview resorts to standard contractual clauses, incorporating supplementary measures as needed for transfers to the United States. Standard contractual clauses are also used for other international transfers from the EEA, Switzerland, or the United Kingdom.

Certification to the Data Privacy Framework

Soundview complies with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as established by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce our adherence to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) concerning the processing of personal data received from the European Union and the United Kingdom (including Gibraltar) and to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) regarding personal data received from Switzerland. In case of any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and view our certification, visit https://www.dataprivacyframework.gov/.

In line with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF (collectively, the "DPFs"), Soundview commits to address complaints related to DPF Principles about our collection and use of your personal information. Individuals from the EU, UK, and Switzerland with inquiries or complaints concerning our handling of personal data received in reliance on the DPFs should contact us at info@soundview.security or via mail at: Soundview, Inc., 101 Townsend St., San Francisco, CA 94107, Attn: Data Protection Officer. We will respond within 30 days after receiving and verifying your identity.

In accordance with the DPFs, Soundview pledges to refer unresolved complaints regarding our handling of personal information received in reliance on the DPFs to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your complaint to your satisfaction, visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TRUSTe, LLC are provided at no cost to you. Under specific conditions, you have the option to invoke binding arbitration for complaints regarding DPF compliance not resolved by other mechanisms outlined in this DPF Notice or our Privacy Notice. For more information, refer to Annex 1 of the DPF Principles, available here.

The Federal Trade Commission oversees Soundview's compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). We may be obligated to disclose personal information received under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in response to lawful requests by public authorities, including for national security or law enforcement requirements. Soundview remains responsible for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf. Soundview shall be held liable under the DPF Principles if its agent processes such personal information inconsistently with the DPF Principles, unless Soundview proves it is not responsible for the event causing the damage.

Data Subject Rights and Preferences

Soundview acknowledges individuals' rights regarding data protection. You have the authority to access, correct, update, transfer, or delete your personal information and to limit or object to the processing of such information (collectively referred to as "Rights Requests"). Kindly email us at info@soundview.security with any Rights Request, and we commit to responding within thirty (30) days. Customers and Administrative Users can also manage their Account Information by modifying their profile or organization record at Soundview.security.

Please be aware that to fulfill your Rights Request, we must verify your identity against the data for which you are exercising your rights. An email for verification will be sent separately to the email address associated with your personal information on file. If you are acting as an authorized agent, you must either (a) have the data subject verify their identity and confirm directly with Soundview that they authorized you to submit the Rights Request, (b) be granted power of attorney by the data subject according to their jurisdiction's law, or (c) submit the Rights Request in compliance with applicable privacy regulations.

We must ensure that a requestor inquires about their information before assisting with any Rights Request. In cases where a Rights Request may impact another individual's personal information, we must weigh the request against the potential violation of the other person's privacy rights. We will adhere to Rights Requests as required by applicable law or the Swiss-U.S. or EU-U.S. Data Privacy Framework. If your Rights Request is declined, residents of Virginia and Colorado in the U.S. can appeal the decision by responding to the denial email or submitting an appeal Rights Request to info@soundview.security, and we will respond within sixty (60) days. In the EEA, the UK, and Switzerland, you retain the right to file a complaint with a supervisory authority.

Furthermore, as Soundview does not directly engage with End Users, we rely on our Customers to fulfill Rights Requests in accordance with their obligations under data protection laws. If an End User seeks to exercise a Rights Request, we will direct them to contact the Customer website(s) they interacted with directly. Our Customers bear the sole responsibility for ensuring compliance with all applicable laws and regulations regarding their website users.

Communication Preferences

Soundview will deliver commercial communications based on your account settings. Additionally, you will receive service-related communications. You can manage your receipt of commercial communications by using the "unsubscribe" link in the emails, through your account settings if you have a Soundview account, or by sending a request to info@soundview.security.

Data Security, Integrity ans Access

We take reasonable measures to safeguard information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Appropriate physical, technical, and administrative measures, including privacy-enhancing technologies like encryption, are implemented to protect and secure your information. If you have security-related inquiries about your personal information, feel free to contact us at info@soundview.security.

Data Retention

We retain your personal information for a duration aligned with the business purposes outlined in Section 3 of this policy or as necessary to fulfill and adhere to legal obligations. The criteria guiding our determination of the duration for storing your personal information vary, considering factors such as: • The initial purpose of collecting the personal information. For instance, if you maintain an active account with us, we must retain your contact information throughout that period to offer support or communicate regarding your account. • The quantity, nature, and sensitivity of the processed personal information. • The potential risk of harm associated with unauthorized use or disclosure of personal information. • Whether the processing purposes can be achieved with less data or alternative methods. • Legal requirements applicable to the data, such as relevant statutes of limitation or contractual obligations.

Upon expiration of the data retention period for a specific data type, we will either delete or destroy it. In cases where technical constraints prevent immediate action, we will implement suitable security measures to prevent any further use of such data.

Nofitication of Changes

If we make changes to this Policy that we believe significantly affect the privacy of your personal information, we will promptly notify you of such changes (and, if necessary, obtain consent). Additionally, we will post the updated Policy on this website, indicating the effective date of any modifications.

Business Transactions

In the event of a merger, sale, change in control, or reorganization of all or part of our business, we reserve the right to assign or transfer this Policy and information covered by it.

English Language Controls

Translations of this Policy in languages other than English are provided for convenience only. In cases of ambiguity or conflict between translations, the English version holds authority and governs.

Dispute Resolution

Should you have an unresolved privacy or data-use concern that we haven't addressed satisfactorily, please reach out to our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Notice to California Residents

This section exclusively applies to California residents, outlining how we collect, use, and share Personal Information in operating our business and their rights concerning that information under the California Consumer Privacy Act (CCPA). "Personal Information" here refers to data that identifies, relates to, describes, or could be reasonably linked to a specific consumer or household, as defined in the CCPA.

HOW WE COLLECT, USE, AND SHARE PERSONAL INFORMATION UNDER THE CCPA

We may collect, use, and disclose the following categories of Personal Information for our business and commercial purposes:

  • Identifiers for individuals/users (e.g., email address of Customers and Administrative Users, name and contact information of Attendees);
  • Payment and customer records information of our Customers;
  • Protected classification characteristics (e.g., age, ethnicity, race, languages spoken, or gender) voluntarily disclosed or contained in content transmitted across or stored on our network;
  • Commercial information (e.g., records of products or services purchased, obtained, or considered, or other purchasing or usage histories);
  • Professional or employment information;
  • Internet or other electronic network activity information;
  • Inferences (e.g., information about your interests or preferences).

Sources, purposes, and third parties involved are detailed in Sections 2, 3, and 5 of the Soundview Privacy Policy, respectively.

Your California Privacy Rights

As a California resident, you have certain rights:

  • • Knowledge: Request information about collected personal information.
  • Access: Obtain a copy of collected Personal Information.
  • Deletion: Request deletion of collected Personal Information.
  • Correction: Ask for rectification of inaccurate personal information.
  • Opt-out of sales or sharing: Request that we do not "sell" or "share" your Personal Information.
  • Nondiscrimination: Exercise rights free from discrimination.

To submit a request under CCPA, follow the instructions in Section 8. We may need to verify your identity and California residence.

RIGHT TO OPT OUT OF THE SALE AND SHARING OF YOUR PERSONAL INFORMATION

Soundview does not sell your Personal Information for money but may share it for interest-based ads. You can opt out using the “Your Privacy Choices” link. Some browsers allow enabling opt-out signals like Global Privacy Control. Soundview responds to these signals as requests to opt out of "sale" or "sharing" of Personal Information. Verification may be requested for opt-out requests.