INTRODUCTION
SonarSource SA, a Swiss company with its address at Route de Pré-Bois 1, CH - 1214, Vernier, Switzerland, with UID Registration No. CHE-114.587.664 (“SonarSource”, “we”, “us”) recognizes the importance of data privacy and of transparency in its processing of personal data.
This privacy notice (the “Privacy Notice”) provides information about the personal data SonarSource may collect and process in connection with prospects, customers, and users of its products and services, including software branded SonarQube, SonarLint, and SonarCloud (collectively, the “Products”), through its website published at www.sonarsource.com (the “Website”), and in connection with SonarSource’s general business activities (e.g., recruiting and hiring job applicants).
By accessing and using the Products or the Website, or otherwise providing SonarSource your personal data, you expressly acknowledge that SonarSource will collect and process your personal data in accordance with this Privacy Notice. We may also have additional privacy notices that apply in specific circumstances.
This Privacy Notice only applies to data processing undertaken by SonarSource or undertaken on behalf of SonarSource. Whilst we may provide links to third-party websites, contents, or services, we are not responsible for any third-party policies, content, or services in relation to personal data. In such circumstances, the collection, and use of your personal data is governed by the privacy policy of those third-party providers, which you should review carefully to learn more about their personal data processing practices.
HOW SONARSOURCE COLLECTS YOUR PERSONAL DATA
SonarSource may collect personal data that you provide when you interact with us, when you use the Products, or when you use the Website by, for example, creating or managing an account, completing a web form, or subscribing to our newsletter. The personal data that we process in this context includes: (i) first and last name, title, position, company name, email address, country and/or phone number; (ii) personal data relating to our interactions and the Products provided; and (iii) any other information you provided us.
If SonarSource is in a business relationship with an organization you work for or are affiliated with (your “Organization”), your Organization may provide your personal data to us (e.g., if your Organization designates you as the contact person to manage its relationship with SonarSource). When you or your Organization choose to disclose personal data (such as your name or email address), we will determine the purpose and means of processing in accordance with this Privacy Notice and will process the personal data as a data controller.
We may collect your personal data automatically, including by means of cookies and other active elements. For example, we may automatically collect technical information about your interactions with the Products and Website, such as IP address, the content that was accessed, date and time of access, information about your web browser, your preferences, or other information related to your interaction with the Products and Website, including your navigation details. You may define certain authorizations relating to the automatic collection of your personal data when you configure your device or your internet browser according to available functionalities. Depending on your location, you may also define certain settings for the automated collection of your personal data through the One Trust cookies setting plugin available on the Website. For more detailed information, please see our Cookie Policy.
HOW SONARSOURCE PROCESSES YOUR PERSONAL DATA
SonarSource will process your personal data in compliance with applicable law, such as Swiss data protection law, the EU General Data Protection Regulation (“GDPR”), or the California Consumer Privacy Act, in line with the purposes set out in this Privacy Notice. Some of the processing activities set out in this Privacy Notice may be undertaken on behalf of SonarSource by group entities owned or controlled by SonarSource.
SonarSource may create a marketing profile with your personal data to provide you with information relating to the Products.
SonarSource may combine your personal data with other information (aggregate) or erase any information that allows us to identify you (anonymize), so that it is no longer considered personal data under applicable data protection law. In such cases, this Privacy Notice will no longer apply to the aggregated or anonymized data and we may use such data for purposes not contemplated by this Privacy Notice (e.g., for benchmarking or analytics purposes or to develop and market new services). You may object to the anonymization or aggregation of your personal data.
LAWFUL BASIS ON WHICH SONARSOURCE PROCESSES YOUR PERSONAL DATA
SonarSource will only process your personal data if the processing is necessary (i) to fulfil contractual obligations to you or to take pre-contractual steps (Contractual Necessity); (ii) for the fulfilment of our legitimate interests, and only to the extent that your interests or fundamental rights and freedoms do not require us to refrain from processing (Legitimate Interest); (iii) to comply with our legal or regulatory obligations (Legal Obligation); and/or if (iv) SonarSource has obtained your prior consent (Consent).
PURPOSES FOR WHICH SONARSOURCE PROCESSES YOUR PERSONAL DATA
Your personal data is collected and processed for the purpose of operating the Products and the Website, for the other legitimate purposes specified below, only to the extent relevant to achieve these purposes, and is not further processed in a manner that is incompatible with them.
If we are in a business relationship with you or your Organization, we process the personal data that is necessary for our customer or supplier management, as well as for other related purposes including (i) to carry out the transactions in which we are engaged, and to procure products and services from our suppliers and subcontractors; (ii) to process quotes, orders, invoices, and payment; (iii) to interact with you, for instance to reply to your inquiries; (iv) to track our activities (measuring sales, our support cases, etc.) and those of our suppliers; and (v) to manage our records. If you are our direct customer, our basis for processing the personal data is Contractual Necessity. In other cases (e.g., if you are a representative of one of our customers), the basis for processing is our Legitimate Interests in delivering the Products to our customers. The personal data which we must retain for record-keeping, tax, or another legal obligation will be kept for the duration of the contractual relationship and, thereafter, for a legally applicable retention period.
When you access our Products and Website, we may also process your personal data for our legitimate business operations, which include (i) ensuring that the Products and Website are provided in an efficient and secure way; (ii) protecting the security of our IT systems, architecture, and networks; (iii) improving and developing the Products and Website (including monitoring the use of the Products and Website such as to understand which parts of the website are visited and how frequently, troubleshooting and diagnosing problems, and for statistical purposes); (iv) benefiting from cost-effective services (e.g., we may opt to use certain services offered by suppliers rather than undertaking the activity ourselves); and (v) achieving our business objectives. When doing so, we generally rely on our Legitimate Interests.
We also process your personal data where applicable on the basis of an explicit consent provided by you for receiving marketing communications, event information, and any service requests. You have the right to opt-out or withdraw your consent from any further processing, and may exercise such right by unsubscribing from the marketing communications or newsletter service at any time by sending a request to the contact address in the “Contact Us” section below. We may also process the time of registration and your opt-in confirmation based on our Legal Obligation to demonstrate compliance. We may also analyze your use of our newsletter (e.g., whether you have opened it or clicked on certain links) and may process this data to optimize and improve our newsletter, based on our Legitimate Interest. We may use third-party services to provide our newsletter and those services may have access to your contact details in order to provide you with the newsletter.
We may also contact you by email to inform you about our activities if you have previously interacted with us and have not objected to the corresponding use of your email address. You can object to the use of your email address for this purpose at any time by sending a request to the contact address in the “Contact Us” section below. The legal basis for the corresponding processing of your data is our Legitimate Interest to advertise certain sales offers and activities relating to our previous interactions with you.
We may process your personal data to allow you to consult and apply for job opportunities. In addition, if you provide us with links to your profile on social media platforms (such as LinkedIn) or with contact information for references, we will assume that we may gather information from these sources. Any information you submit must be true, complete, and not misleading. We will process your personal data exclusively for assessing your application, based on our Contractual Necessity or to take pre-contractual steps. Your personal data is retained for the duration of the recruitment process and may be retained thereafter subject to applicable laws and data retention periods based on our Legitimate Interests.
We may further process your personal data if we have a Legal Obligation to do so or for other Legitimate Interests. This will be the case, for instance, for the establishment, exercise, or defense of legal claims. The personal data that we may process for this purpose are those that we may have collected for one of the purposes indicated elsewhere in this Section. We will retain the personal data for the duration of the legal obligation imposed on us.
In addition to the above, we may process your personal data if we have obtained your prior consent for specific purposes. Consent given can be withdrawn at any time, but please note that this does not affect data processed prior to the withdrawal of your consent.
THE CIRCUMSTANCES IN WHICH WE MAY SHARE YOUR PERSONAL DATA WITH THIRD PARTIES
We may share your personal data with third parties in connection with the operation of the Products, Website, and our business. Third parties may include providers of cloud hosting services, databases, and cloud-based software solutions for activities like marketing and recruiting. Information on specific third parties can be found in our Cookie Policy and our Trust Center.
We may also enable you to use third-party services to log in to the Products, for instance using your Github, Bitbucket, GitLab, or Azure DevOps credentials. In such cases, you expressly acknowledge and agree that the third-party operators of such services may access some of your personal data in accordance with their own privacy practices.
If you access the Products or Website because you are affiliated with (or work for) an Organization that is our customer, we may share certain personal data, such as interaction data and diagnostic data to enable your Organization to manage the Products. We may disclose your personal data where we have a legitimate interest in doing so, for example: (i) to respond to a request from a judicial authority or in accordance with a legal obligation; (ii) to bring or defend against a claim or lawsuit; or (iii) in the context of a corporate restructuring or asset transfer to another company.
INTERNATIONAL TRANSFERS
SonarSource is headquartered in Switzerland with offices in the European Union, the United Kingdom, the United States, and Singapore, and may transfer your personal data to these jurisdictions subject to applicable data protection laws and suitable safeguards such as standard contractual clauses adopted by the European Commission.
HOW LONG WE STORE YOUR PERSONAL DATA
We will erase or anonymize personal data when it is no longer necessary for processing purposes or when there is no longer a legal basis for processing the personal data, as set out in the “Purposes for which SonarSource processes your personal data” section. This period varies, depending on the type of personal data concerned and the applicable legal requirements and data retention periods.
SECURITY
We are committed to the security of your personal data and have in place physical, administrative, organizational, and technical measures designed to keep your personal data secure and to prevent unauthorized access to it. We restrict access to your personal data to those persons who need to know it for the purpose described in this Privacy Notice. Additional information on some of the security measures we implement can be found in our Trust Center.
Although we take appropriate steps to protect your personal data, no IT infrastructure is completely secure. We cannot guarantee that any personal data you provide to us is safe and protected from all unauthorized third-party access and theft and you acknowledge and agree that we are not liable for unauthorized third-party actions beyond our reasonable control.
This Privacy Notice applies to our use of your personal data once it is under our control only. Given the inherent insecure nature of the internet, internet transmissions you send to us are carried out at your own risk and we do not assume liability for them.
If we reasonably believe that your personal data may have been acquired by an unauthorized person, and applicable law requires notification, we will promptly attempt to notify you of the breach by email and/or by other channels of communication, including by posting a notice on the Website.
YOUR RIGHTS WITH REGARD TO THE PROCESSING OF YOUR PERSONAL DATA
This Privacy Notice does not restrict any rights you might have pursuant to applicable data protection legislation under certain circumstances. In particular, if the Swiss Federal Data Protection Act or GDPR applies to the processing of your personal data, the Swiss Federal Data Protection Act or GDPR grants you certain rights as a data subject.
Unless otherwise provided by applicable law, you have the right to know whether we are processing your personal data. You may contact us per the “Contact Us” section below to know the content of such personal data, to verify its accuracy, and to the extent permitted by applicable law and subject to certain exceptions and limitations, to have it supplemented, updated, rectified, erased, or provided to you or to a verified third party free of charge in a commonly-used and machine-readable format. You also have the right to ask us to cease any specific processing of personal data that may have been obtained or processed in breach of applicable law, and you have the right to object to any processing of personal data for legitimate reasons.
In most circumstances, you will not be required to pay any fees for exercising your rights and we will respond to your request within one month. If you want to exercise any of your rights, or want additional information about them, please contact us using the contact details in the “Contact Us” section below. Individuals in Switzerland who feel their personal data rights have been infringed have the right to go directly to the Swiss FDPIC and individuals in the EU have the right to go directly to their relevant EU supervisory or legal authority, but we encourage you to contact us first so that we may try to resolve your concerns directly as best and as promptly as we can.
CONTACT US
If you believe your personal data may have been used by us in a way that is not consistent with this Privacy Notice, or if you have any questions or queries regarding the collection or processing of your personal data, please contact us at security@sonarsource.com or SonarSource SA, P.O. Box 765, CH-1215 Geneva 15, Switzerland.
UPDATES TO THIS PRIVACY NOTICE
This Privacy Notice may be subject to amendments. Any changes or additions to the processing of personal data as described in this Privacy Notice affecting you will be communicated to you through an appropriate channel, depending on how we normally communicate with you (including by email and/or via the Products or Website, e.g., banners, pop-ups, or other notification mechanisms). If you do not agree to the changes made, you must stop accessing and/or using the impacted Products or Website. You expressly understand and agree that you are responsible for checking the Privacy Notice periodically for any such changes or updates.
Last updated: May 2024