This privacy statement describes the information we collect from individuals, how we use that information, and what we do to protect the information we obtain from individuals and clients. For greater detail on how Sky Analytics receives and uses personal information obtained from clients, please consult Sky Analytics Safe Harbor Policy, which is also available on this website, and the appropriate client agreement.
Security of Personal and Client Information
Sky Analytics is committed to protecting the security of your information. We follow industry best practices to maintain the security of your data including limiting physical access to our computers systems, using network security devices such as firewalls and intrusion protection systems, conducting regular security audits of our computer systems, and regularly training our personnel on security and privacy. Furthermore, Sky Analytics complies with the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks and adheres to the Safe Harbor Privacy Principles.
Sky Analytics does not share the specific personal information collected on our sites or obtained from our clients with third parties except in three cases:
- In the event that Sky Analytics sells (whether by asset sale, stock sale, merger or otherwise) all or substantially all of the business to which any of its sites relates, the personal information will be shared with the acquirer of such business.
- When required to do so by law, if we believe in good faith that it is necessary to comply with a legal process served on Sky Analytics; or in urgent circumstances to protect the personal safety of Sky Analytics employees, Sky Analytics clients, or members of the public
- In the event that Sky Analytics enters into an agreement with a third party agent, some or all of the personal information may be shared with the third party per the relevant client agreement. Sky Analytics will not transfer specific personal information pertaining to an EU or Swiss citizen to a third party agent unless the person or entity subscribes to the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks or enters into a written agreement with Sky Analytics requiring the same level of privacy protection as provided by Sky Analytics.
Personal Information We Collect
The sites covered by this policy collect personal information that you voluntarily provide to us. Examples of personal information collected include name, company name, job title, address, telephone number, and any other information we may wish to collect as part of our services. In addition, we collect your Internet Protocol (IP) address, browser type, and the date and time that you accessed the web site.
Cookies are used to personalize your experience on our sites, assist with authentication for password protected portions of sites, and collect information about how people are using our sites and how our site is performing.
You may select to disable cookies by changing the settings of your web browser. However, if you choose to disable cookies, parts of our web site will not function properly. See your browser's documentation for more information on how to disable cookies.
The sites covered by this policy may use electronic images known as web beacons. Web beacons are used to collect information about how people are using a web site. We do not accept third-party web beacons on our sites.
From time to time we may communicate with you by email if you have chosen to provide us with your email address. You may opt-out at any time by following the instructions at the bottom of each email communication. Some of our emails may include web beacons so that we may determine if our emails have been read.
Uses of Client Information You Provide Us
Sky Analytics uses the client information provided to our website to provide the services that you have requested and to enhance our sales and marketing efforts. This includes providing aggregated information derived from our client database.
Access to Personal and Client Information
Access to all information is limited to Sky Analytics employees and third party agents who need to access that information to fulfill the duties of their job, and to our clients to whom the information pertains.
In the event an individual covered by the Safe Harbor Frameworks wishes to access, change, or delete personal information about them that Sky Analytics holds, the individual may contact Sky Analytics using the Contact Information provided below. Sky Analytics will provide reasonable access to individuals for all personal information collected by Sky Analytics and may charge a reasonable fee for such access. However, if Sky Analytics received the pertinent personal information from a client, individuals should contact that client directly. Sky Analytics will cooperate fully with its clients in responding to any such request.
If you have any questions or comments about this policy, you can contact us electronically at the following address: email@example.com.
NOTIFICATION OF CHANGES
Sky Analytics' Safe Harbor Policy
For purposes of the Sky Analytics Safe Harbor Policy ("Policy"):
- "Data Controller" means an entity that determines the purposes and the means of the processing of Personal Information.
- "Data Processor" means an entity that processes Personal Information on behalf of a Data Controller in accordance with the Data Controller's instructions.
- "Personal Information" means any information that is transferred from the EU, EEA, or Switzerland to Sky Analytics in the U.S.; relates to an identified or identifiable individual; and is recorded in any form.
- "Sky Analytics" or "Sky" means Sky Analytics, Inc., a corporation organized under the laws of Delaware.
Overview of How Sky Analytics May Receive Personal Information
Sky Analytics provides legal spend analysis and services (the "Service(s)") to corporate clients ("Client(s)").
The Services are provided via an application service provider (ASP) / software as a service (SaaS) model according to the terms of an agreement between Sky Analytics and a Client (the "Client Agreement"). The Client accesses the Services via a secure, password protected Internet Site (the "Secure Site") using a computer application (the "Application"). Once authorized access to the Secure Site is gained, the Client may use the Application to review and analyze legal spend data related to outside vendors, including legal service providers (such vendors, collectively, "LSPs").
The Client determines which individuals within its organization ("Client Users") and in LSPs ("LSP Users") are permitted to access the Secure Site as well as their level of access. The Client may submit Personal Information to the Application during the process of registering Users for access to the Secure Site, or in order to configure User rights ("User Information"). The Client may require Users to submit User Information for these purposes. The submission of User Information is determined by the Client, and the Client has the right to alter, delete or otherwise configure User Information as it sees fit.
Users may provide data ("Data") for inclusion in the Secure Site while using the Service or before the Service is put into operation. Users may also cause the Application to process such Data. Clients are solely responsible for the contents of the Data provided. Clients determine which, if any, Personal Information is submitted to the Application. Sky Analytics does not receive Personal Information directly from, nor does it have a direct relationship with, individuals whose Personal Information is included in Data. The Application processes the Client Data based on the instructions of and for the purposes determined by the applicable Client.
With respect to the User Information and any Personal Information included in the Data, Sky Analytics is a Data Processor and each of its Clients is a Data Controller.
Safe Harbor Privacy Principles
Sky Analytics has certified its privacy practices as consistent with the U.S. Department of Commerce Safe Harbor Privacy Principles: Notice, Choice, Onward Transfer, Access, Security, Data Integrity, and Oversight/Enforcement. The European Commission and the Swiss Federal Data Protection and Information Commissioner recognize the respective Safe Harbor Frameworks, which include the Safe Harbor Privacy Principles, as providing adequate protection for Personal Information sent to Safe Harbor certified companies from Europe. More information about the U.S. Department of Commerce Safe Harbor Privacy Principles is available at http://www.export.gov/safeharbor/. Without limiting the foregoing, Sky Analytics hereby supplies the following additional information; to the extent that any conflict may exist between the following and the provisions of the Safe Harbor Frameworks, the provisions of the Frameworks will control:
Sky Analytics does not have a direct relationship with individuals whose Personal Information is included in Data. Clients, as Data Controllers, are responsible under applicable law for providing the required notice to individuals. The form of such notice is determined by the data protection law applicable to the relevant Client.
User Information is used for the sole purposes determined by Clients pursuant to each Client Agreement. Sky Analytics does not use User Information for any purpose other than the fulfillment of Sky Analytics obligations to its Clients under the applicable Client Agreement.
Clients are responsible for providing choice to individuals as to whether their Personal Information included in Data may be disclosed to Sky Analytics or used for a purpose that is incompatible with the purpose(s) for which the information was originally collected or subsequently authorized by the individual.
Clients are also responsible for providing choice to individuals as to whether their Personal Information may be included in User Information provided to Sky Analytics.
Onward Transfer of Personal Information
Sky Analytics will transfer Personal Information only as is permitted by a Client in the applicable Client Agreement. Sky Analytics does not transfer onward any Personal Information in any human-readable (i.e., unencrypted) form, with the exception of the Application making Data (which may contain Personal Information) available to Users in the course of their authorized use of the Services. Sky Analytics may transfer encrypted data files (which may contain Personal Data) to the service provider whose facilities host the Data and the Application. Such data files are encrypted in transit and at rest, and the service provider does not have or otherwise control the encryption keys to either the in-transit or at-rest data files. The secure hosting facility and emergency backup hosting facility are both located within the United States.
Sky Analytics requires or otherwise verifies that service providers to whom it transfers data files which may contain Personal Information and who are not subject to laws based on the European Union Data Protection Directive or Swiss Federal Data Protection Act either (i) subscribe to the Safe Harbor principles or (ii) contractually agree to provide at least the same level of protection for Personal Information as is required of a Data Processor by the relevant Safe Harbor principles.
Sky Analytics may disclose Personal Information if such Personal Information is within information required to be disclosed by legal process or otherwise required by law. To the extent that the information is designated confidential or otherwise protected in a Client Agreement, Sky Analytics will follow any applicable provisions regarding Client notification and pursuit of a protective order set forth in the applicable Client Agreement. Sky Analytics reserves the right to transfer Personal Information in the event of a sale or transfer of all or a portion of Sky Analytics business or assets. Should such a sale or transfer occur, Sky Analytics will use reasonable efforts to direct the transferee to use Personal Information in a manner that is consistent with Sky Analytics Safe Harbor Policy.
Access to Personal Information
Clients are responsible, pursuant to applicable law, for providing individuals with reasonable access to their Personal Information and allowing individuals to correct, amend and delete their information, as required by applicable law. To exercise these rights, individual should contact the appropriate Client that transferred their Personal Information to Sky Analytics. Sky Analytics will cooperate fully with its Clients in responding to any such request. In the event a request is made directly to Sky Analytics, Sky Analytics will notify the applicable Client for appropriate resolution and will respond within a reasonable period of time.
Sky Analytics reserves the right to charge a reasonable fee for access, and may not respond to repetitious or vexatious requests for access.
Sky Analytics maintains reasonable administrative, technical and physical safeguards to protect Personal Information from loss, misuse and unauthorized access, disclosure, alternation and destruction. In the applicable Client Agreement, further information is provided, on a confidential basis, to provide Clients greater detail regarding Sky Analytics' security measures.
Clients are responsible, pursuant to their contractual relationships with Sky Analytics, for taking reasonable steps to ensure that the Personal Information is reliable for its intended use, accurate, complete, and current.
Individuals should submit complaints concerning the processing of their Personal Information to the Client that originally collected their information for resolution in accordance with the Client's relevant dispute resolution mechanism (if available). Sky Analytics will participate in the Client's dispute resolution process at the request of the individual.
To the extent that a dispute regarding Personal Information is deemed not to be controlled by a Client's dispute resolution mechanism, in addition to any measures set forth on Sky Analytics Safe Harbor certification, individuals shall communicate any complaints or concerns to Sky Analytics through its Information Security Officer. If Sky Analytics fails to provide a satisfactory response within a reasonable period of time, individuals may submit complaints to the appropriate third-party dispute resolution provider provided below.
In the interest of providing readily available and affordable dispute resolution, ICDR/AAA dispute resolution may be commenced as provided for under the ICDR/AAA Safe Harbor Program and the ICDR Dispute Resolution Procedures which are accessible on the ICDR/AAA Safe Harbor Program website (http://go.adr.org/safeharbor). Arbitration will be conducted by telephone, email or other electronic means of communication, or via a "documents only hearing." Sky Analytics will take steps, consistent with applicable law, to remedy any problem arising out of a failure to comply with the Safe Harbor Privacy Principles.
The arbitrator or the individual may also refer the matter to the U.S. Federal Trade Commission, which has Safe Harbor enforcement jurisdiction over Sky Analytics.
HOW TO CONTACT US
Please address any questions or concerns regarding this Policy or Sky Analytics' practices concerning Personal Information by contacting us through our website: www.skyanalytics.com or by writing to:
Information Security Officer
Sky Analytics, Inc.
160 Speen Street, Suite 309
Framingham, MA 01701
NOTIFICATION OF CHANGES
This Safe Harbor Policy was last revised March 21, 2014