Last updated: February 22, 2021
This Privacy Notice describes how Sisense Ltd. (collectively with its affiliates, “Sisense” “we“, “our” or “us“) handles and protects the Personal Information it collects or receives from the users (“users” or “you“) of the Sisense Products and Services.
In this notice, the following capitalized terms mean the following:
“Sisense Customer” or “Customer” means the individual(s) or organization(s) that have entered into a agreement for Sisense Products and Services including free trial and evaluation users.
“Personal Information” is information about you that is personally identifiable by name or can be linked to you through a personal identifier like your address, e-mail address, phone number, or location, and which is not otherwise publicly available. This definition is given here for this notice only, and some laws may use a different definition. If you are asserting your rights under law, the applicable legal definition governs your rights.
“Services” means any services which may involve granting Sisense access to Sisense Customers’ information or records, such as support services, professional services, business intelligence consulting, and customer business relations.
“Product” means the Sisense proprietary software and/or cloud services provided by Sisense to Customer.
Sisense is a provider of business intelligence and analytics products and services. Sisense provides cloud-hosted, software-as-a-service (SaaS), and self-hosted Products and related Professional Services its Customers, who use the Products to analyze and create dashboards and reports of their data and embed analytics in their products, services, and business processes. For the purposes of compliance with the European Union’s General Data Protection Regulation (GDPR) and similar laws, in cases where Sisense has access to Personal Information found in a Customer’s data, the Customer is the Data Controller of that Personal Information. Sisense is the Data Processor carrying out data processing activities and instructions on behalf of each Data Controller.
Sisense collects Personal Information for the business purposes of carrying out its relationships with its Customers. For the purposes of compliance with the GDPR and similar laws, Sisense is a Data Controller of the Personal Information in its own business records.
Sisense Customers use the Products to store, process, and distribute data belonging to them (or their customers, licensees, or other end users) through their IT systems, websites, software applications, bundled products, or other means. As the controllers of Personal Information included in their data, Sisense Customers are responsible for maintaining the privacy of Personal Information included in their data. Sisense is not responsible for disclosures of information made by Sisense Customers in their use of the Products. When we have access or process your Personal Information on behalf of our Customer, it is that Customer’s responsibility to protect your privacy rights.
If you are concerned about your privacy while interacting with products and services provided by a Sisense Customer, you should address requests and inquiries relating to your Personal Information directly to that Customer. If you contact us regarding information belonging to our Customer, we may forward your requests or inquiries to the relevant Customer.
If we have access to your Personal Information as described above, we may only use it for the following purposes:
We may anonymize your Personal Information so that you are not individually identified and provide that information to our partners. We may also provide aggregate usage information to our partners, who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate information to any third party in a manner that would identify you personally, as an individual.
We rely on certain trusted third-party service providers to power our Products. For example, our cloud Products are hosted on third-party cloud platforms; third-party services power cloud-based features. We may also use outsourced personnel to perform technical and support functions that may involve access to customer data.
Sisense does not disclose your Personal Information to any third parties (other than our services providers) except in the limited circumstances detailed below. Our service providers do not have permission to use your Personal Information for any purpose other than purposes consistent with provide us the services we require to provide our Products and Services to Customers.
Details of the service providers we use can be found here.
We do not disclose your Personal Information to third parties (except our service providers, as stated above), except under the following circumstances and for the following purposes:
We may retain your Personal Information for as long as it is necessary to for legitimate business purposes, subject to legal limitations. Legitimate data retention purposes include fulfilling our contractual obligations, meeting legal retention requirements, to enforce our agreements, legal holds and investigations, backup and business recovery preparedness, and for other legitimate business expediencies.
We take great precautions to protect the integrity of your Personal Information. However, no data transmission over the Internet or stored on any other network or system can be guaranteed to be 100% secure. While we strive to protect information on our systems and Products, we cannot and do not guarantee the security of any information you transmit.
If you are in one of the EU/EEA countries or Switzerland, Sisense has certain obligations as a data processor towards our Customers regarding your Personal Information, and certain obligations towards you as a data controller, under GDPR. The Customer, as data controller, will be responsible for protecting your rights under the GDPR for your Personal information included in data under the Customer’s control.
Subjects to limitations established by law, your rights include the right to request a copy of your Personal Information, correcting your Personal Information, the right to object to processing of your Personal Information, a right of data portability of your Personal Information, and a right to request erasure of your Personal Information (right to be forgotten).
To learn more about your rights under the GDPR you can visit the European Commission’s page on Protection of Personal Data, at: http://ec.europa.eu/justice/data-protection/index_en.htm.
Data hosted on the Sisense Cloud Products is hosted in the cloud environment selected by the Customer, which may be outside of the EU/EEA. Cloud-based Features of the Product may be hosted in the United States, Israel, and elsewhere (even if the data is hosted in another Sisense Cloud hosting region or is self-hosted). The Sisense for Cloud Data Teams Product is hosted in the United States. Our staff located in Israel, the United States, and Ukraine, have access to Customer data on the Sisense Products. Data we collect while providing our Services is hosted in the United States and Israel.
Sisense complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, EEA, the United Kingdom, and Switzerland to the United States, in reliance on the Privacy Shield. Sisense has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
If you are in the European Union, EEA, the United Kingdom, or Switzerland, you have a right to access your Personal Information that we hold about you, and can correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Privacy Shield Principles, except where the burden or expense of providing you access would be disproportionate to the risks to your privacy in the case in question, or where the rights of other persons would be violated.
If you wish to exercise any of your rights in your Personal Information held by a Customer, please contact the relevant Customer (the data controller). If you wish to exercise any of your rights in your Personal Information held by us, please contact us at the contact information below. Note, however, that it is usually better to address requests related to your Personal Information directly to the relevant Customer, since it controls the information, knows how it was collected and used, and has additional copies of your Personal Information in its possession.
You have a right to choose (opt-out) whether your Personal Information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. In cases where we are acting as an agent (data processor) for a Customer, your choices are determined according to your relationship between you and that Customer, and you should direct your inquiries to that Customer. In cases where we control your information, and you gave us permission to share your information with a third party, you may exercise your choice to opt-out of the permission you gave us by contacting us at the contact information below (the services you requested from us may be affected by your choice). We will notify you and give you an opportunity to opt-out before using your Personal Information for a purpose that is materially different from the purpose for which we originally collected your data.
In the context of an onward transfer of Personal Information to a third party (including our service providers), we have a responsibility for the processing of personal information we receive under the Privacy Shield and subsequently transfer to a third party acting as an agent on our behalf. We shall remain liable under the Privacy Shield Principles if our agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless we can prove that we are not responsible for the event giving rise to the damage.
We will investigate and attempt to resolve requests, complaints and disputes regarding use and disclosure of your information in accordance with this Privacy Notice. We may require further information from you to identify you and address the matter at issue.
Individuals in the European Union, EEA, the United Kingdom, and Switzerland may submit unresolved complaints to binding arbitration before the American Arbitration Association (“AAA”) under certain conditions. Information about AAA services can be found at its website: http://go.adr.org/privacyshield.html. The exclusive location for such arbitration shall be New York, NY, United States.
Sisense is subject to the regulatory authority of the U.S. Federal Trade Commission. The Federal Trade Commission may be contacted at the following address:
Federal Trade Commission
Attn: Consumer Response Center
600 Pennsylvania Avenue NW
Washington, DC 20580
People in the European Union and EEA, (EU Data Subjects), the United Kingdom, and Switzerland can invoke binding arbitration as stipulated in the EU-U.S. Privacy Shield Agreement, Annex I, for some residual claims not resolved by other redress mechanisms.
Sisense takes certain precautions to protect your Personal Information and to limit the risk that it will be accessed without authorization, including use of certain industry standard technologies and practices. That said, we cannot guarantee the security of such information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. No security system is perfect.
If we learn of a security systems breach, then we may attempt to notify you via email, phone, mail, or by a posting on your Product account page so that you can take appropriate protective steps.
We do not knowingly collect or solicit Personal Information from anyone under the age of 16. If you are under 16, please do not attempt to register for any Product or Service or send any Personal Information about yourself to us. If we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that your child under 16 may have provided us personal information, please contact us at [email protected].
Any inquiries, concerns, or requests regarding the use or disclosure of your Personal Information should be directed to us at: [email protected].
This Privacy Notice was last changed on the date set forth at the top of this Privacy Notice. Sisense may update this Privacy Notice at any time and any such changes will become effective prospectively from the date of publication. We encourage you to check this page frequently for any changes to our Privacy Notice.