“Sensitive Personal Data” means any personal data that reveals race, ethnic origin, sex life or sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health data , biometric data for the purpose of uniquely identifying a natural person or genetic data. Sovos’ services do not require the collection of Sensitive Personal Data.
Collection of Personal Data / Fair and Lawful Processing
Sovos collects personal data from you via the Sovos web site including navigational information, browsing data and how many visits are made. This data is used for Sovos internal’ analysis of trends, marketing and sales purposes and to administer our web sites and is not passed to third parties for any other purpose. Sovos does not sell this data to third parties.
Sovos performs tax determination, remittance, and reporting functions. Personal data provided by our customers requesting these functions is only used and retained to the extent necessary for the administration of the services and not processed further for other purposes.
Sovos primarily receives personal data as a result of consumers’ financial transactions with Sovos business customers. However, in the event Sovos collects personal data directly from individual consumers, we will only obtain the personal data that is necessary to provide our goods or services and to fulfill any legal, contractual, or regulatory requirements.
Sovos’ customers are requested to provide Sovos with the minimal personal data necessary for Sovos or its customers to make their required tax, compliance and/or business-to-government reporting disclosures to the relevant taxing authorities. This may include social security numbers and the name and address of an individual, including information about payments the Sovos’ customer has made to the individual. Sovos may also collect personal data about individuals from government-run or sponsored web sites, in order to verify accuracy of social security numbers etc. This personal data is used solely for the provision of Sovos’ services to its customers and is not used for any other purpose.
Choice/ Purpose limitation / Legitimate Use
Individuals who have provided their personal data to Sovos directly via the web site or other means may contact Sovos to have their names and personal data amended or removed from Sovos’ marketing and sales databases, or unsubscribe from our newsletter by contacting us at email@example.com. to opt-out of receiving marketing emails at any time.
Individuals whose Personal data is provided by Sovos’ customers can also opt out of Sovos’ use of their personal data by contacting the Sovos customer who has provided the data to us.
Where customers have asked us to perform services for them, it will be necessary for Sovos to process that personal data as part our contractual obligations and/ or legitimate interest use. Sovos will hold the personal data to enable it to properly and effectively administer, monitor and improve the services provided and the customer relationship it has with you.
As you browse Sovos.com, a feature known as a “cookie” will be placed on your computer so that we can understand what you are interested in. This assigns a unique identification to your computer. We use this to track your selections in order to optimise your experience on our web site. Our display advertising partner, Google AdWords, enables us to present you with retargeting advertising on other sites based on your previous interaction with Sovos.com.
The techniques our partners use do not collect personal data such as your name, email address, postal address or telephone number. You can visit this page to opt out of AdWords and their partners’ targeted advertising.
Data Protection in the European Union (EU)
As a global business Sovos may collect personal data from individuals within the EU, or European Economic Area (EEA). Sovos complies with the EU General Data Protection Regulation 2016/679 (“GDPR”) and relevant national laws in the EEA and approved countries which implement GDPR such as the UK Data Protection Act 2018.
Data Protection in the US – Privacy Shield (or its replacement)
Sovos complies with the EU-U.S. Privacy Shield Framework Principles (and its replacement) and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries (and Iceland, Liechtenstein, and Norway) and Switzerland transferred to the United States pursuant to Privacy Shield. Sovos has certified that it adheres to the Privacy Shield Principles with respect to such data and has in addition adopted the EU standard model form contract clauses (SCC’s) . To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/
The Federal Trade Commission (FTC) has jurisdiction over Sovos’ compliance with respect to the Privacy Shield.
Sovos has certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. We are subject to the investigatory and enforcement powers of the Federal Trade Commission. To learn more about the Privacy Shield Principles, and to view our certification, please visit https://www.privacyshield.gov.
Data collected from the public via the Sovos web site may be transferred to:
- Sovos’ Customer Resource Management (“CRM”) provider
- Third parties which assist Sovos in sales and marketing
- Sovos’ data hosting services providers
- Sovos’ printing partners
All third parties to whom Sovos may disclose personal data (excepting government agencies), all either: (a) have subscribed to the Privacy Shield Principles, (b) adopted the EU Standard Model Clauses, or (c) have a contractual obligation to Sovos which prohibits them from making any use of the data beyond what is required to fulfill their contractual obligations to Sovos. A list of these third parties is available upon request by contacting us at firstname.lastname@example.org.
Data collected from customers related to Sovos’ services may be transferred to:
- Government agencies: Sovos may transfer tax-reporting related data to government agencies
- Sovos’ data hosting services providers
- Applicable member states of the Streamlined Sales Tax Initiative
- Sovos’ print services providers
A list of these third parties is available upon request by contacting us at email@example.com.
Note: Sovos does not decide what government agencies will do with the data. Sovos provides government agencies only with such data as is required to fulfill tax reporting requirements of Sovos and its customers.
In certain situations, Sovos may be required to disclose personal data it holds in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. or a court subpoena / order. In this event, Sovos will try to ensure that the disclosure is minimised and will notify (where legally permitted) the individual or customer in advance.
Sovos’ is accountable for the personal data that it receives and subsequently transfers to a third party. In particular, Sovos remains responsible and liable for the third-party agents / sub-contractors that it engages to process the personal data on its behalf.
Data Security and Confidentiality
Sovos has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the personal data from loss, misuse, unauthorized access or disclosure, alteration or destruction. Although personal data sent to and from Sovos is secured according to industry best practices, Sovos cannot guarantee the security of any information on or transmitted via the internet.
Sovos shall only process personal data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Sovos shall take reasonable steps to ensure that all personal data is accurate, complete, current and reliable for its intended use.
Under the Data Protection laws and subject to the conditions and requirements set forth in such laws, you may, in respect of your personal data kept by Sovos, exercise your rights of rectification, erasure, restriction of processing, data portability and right to object. You are further entitled to lodge a complaint with a supervisory authority.. Your rights may be exercised via email to firstname.lastname@example.org
Transfer of Personal Data – Outside the EU / EEA and US
Under the General Data Protection Regulation, we are required to tell you if we transfer, or intend to transfer personal data which we hold on you to countries outside the European Economic Area (“EEA”).
If you visit our Sovos web site from outside of the United States, your connection will be through and to servers situated in the United States. Any information (including personal data) will be held and maintained in servers and Sovos internal systems located inside the United States.
Except as prohibited by law, the personal data that you provide may be stored on Sovos servers outside of Europe and the EEA and other Sovos companies or business partners may process this personal data on Sovos’ behalf (subcontractors and sub-processors) , however, this will always be under strict conditions of data processing agreements and confidentiality. We transfer such personal data outside the EEA only if:
- a) your product or service enquiry is best handled by one of our companies located outside the EEA; and / or
- b) the service you have requested (such as a newsletter), is delivered through a third-party located outside the EEA.
A list of companies we may utilize outside the EEA is available upon request by contacting us at email@example.com.
We apply the same level of security of data held and processed by us, or our subcontractors outside of the EEA. We have taken steps to ensure that our subsidiaries and affiliates and those who process data on our behalf located outside of the EEA enter into the EU standard model contractual clauses approved by the European Commission, to safeguard the personal data which is transferred to and from the EEA and beyond, or the EU-US Privacy Shield.
Third Parties / Linked pages
How Long We Hold you Personal Data For/ Storage Minimization ?
Sovos will retain your personal data for no longer than is necessary for the processing purpose, or unless otherwise required to extend this period under the permitted retention period by law, contract or equivalent requirement.
Sovos Compliance, LLC
Attn: Office of Information Security
200 Ballardvale Street
Building 1, 4th Floor
Wilmington, MA 01887
or by email to: firstname.lastname@example.org
We will investigate and attempt to respond to any complaints or disputes regarding the use or disclosure of personal data within 30 days of receiving your complaint.
Sovos has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
If your complaint involves human resources data transferred to the United States from the EU, UK and/or Switzerland in the context of the employment relationship, and Sovos does not address it satisfactorily, Sovos commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) and/or the Swiss Federal Data Protection and UK Information Commissioner, as applicable and to comply with the advice given by the relevant Data Protection Authority panel and/or Commissioner, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labour authority in the appropriate jurisdiction. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
Under certain limited circumstances, individuals in the EEA may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution (discussed above) have been unsuccessful. To learn more about this method of resolution and its availability to you, please visit https://www.privacyshield.gov/.
Complaints from The UK and European Individuals
If you are unhappy about our use of your personal data, you can contact us using the details in the contact details below. In addition, you are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Telephone: 0303 123 1111
Web site: https://ico.org.uk/concerns/
Post: Information Commissioner’s Office
Within Europe you may prefer to, lodge a complaint with a different supervisory authority in a country of your choice. A list of European Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Further Information on Data Protection and Personal Data Privacy
If you have any enquiries or if you would like to contact us about our use of your personal data including how to exercise your rights as outlined above, please contact us by one of the methods listed below. Please note that when you contact us, it will be necessary for us to ask you to verify your identity.
For EU and UK – Fiscal Reps Limited
Attn: Data Protection Officer (DPO)
200 Fwler Avenue
England, GU14 7JP
For US and Latin – Sovos Compliance, LLC
Attn: Office of Information Security
200 Ballardvale Street
Building 1, 4th Floor
Wilmington, MA 01887