Privacy Notice for the Sisense Products and Services

Last updated: February 22, 2021

What this Privacy Notice covers

This Privacy Notice describes how Sisense Ltd. (collectively with its affiliates, “Sisense” “we“, “our” or “us“) handles and protects the Personal Information it collects or receives from the users (“users” or “you“) of the Sisense Products and Services. 

Definitions

In this notice, the following capitalized terms mean the following: 

 “Sisense Customer” or “Customer” means the individual(s) or organization(s) that have entered into a agreement for Sisense Products and Services including free trial and evaluation users.

Personal Information” is information about you that is personally identifiable by name or can be linked to you through a personal identifier like your address, e-mail address, phone number, or location, and which is not otherwise publicly available. This definition is given here for this notice only, and some laws may use a different definition. If you are asserting your rights under law, the applicable legal definition governs your rights. 

“Services” means any services which may involve granting Sisense access to Sisense Customers’ information or records, such as support services, professional services, business intelligence consulting, and customer business relations. 

Product means the Sisense proprietary software and/or cloud services provided by Sisense to Customer. 

Sisense as a Data Processor

Sisense is a provider of business intelligence and analytics products and services. Sisense provides cloud-hosted, software-as-a-service (SaaS), and self-hosted Products and related Professional Services its Customers, who use the Products to analyze and create dashboards and reports of their data and embed analytics in their products, services, and business processes. For the purposes of compliance with the European Union’s General Data Protection Regulation (GDPR) and similar laws, in cases where Sisense has access to Personal Information found in a Customer’s data, the Customer is the Data Controller of that Personal Information. Sisense is the Data Processor carrying out data processing activities and instructions on behalf of each Data Controller. 

Sisense as a Data Controller under GDPR

Sisense collects Personal Information for the business purposes of carrying out its relationships with its Customers. For the purposes of compliance with the GDPR and similar laws, Sisense is a Data Controller of the Personal Information in its own business records. 

Disclosures of information under Customer control

Sisense Customers use the Products to store, process, and distribute data belonging to them (or their customers, licensees, or other end users) through their IT systems, websites, software applications, bundled products, or other means. As the controllers of Personal Information included in their data, Sisense Customers are responsible for maintaining the privacy of Personal Information included in their data.  Sisense is not responsible for disclosures of information made by Sisense Customers in their use of the Products. When we have access or process your Personal Information on behalf of our Customer, it is that Customer’s responsibility to protect your privacy rights.

If you are concerned about your privacy while interacting with products and services provided by a Sisense Customer, you should address requests and inquiries relating to your Personal Information directly to that Customer. If you contact us regarding information belonging to our Customer, we may forward your requests or inquiries to the relevant Customer.

When does Sisense have access to your Personal Information?

  • If a Customer has data about you in our Product or uses our Services, we may have access to your Personal Information.  Our customers use Sisense Products for a wide range of business analytics purposes, and we do not preview, screen, or review their data. Our access depends on the Product configurations controlled by the Customer and what the Customer discloses to us as part of the Services.   Therefore, we do not know what categories of Personal Information a Customer may collect and disclose about you in its data.
  • If you are a Sisense Product user, we collect information you provide us through your use of the Product or Service. For example, if you tag a page in our repository, we will record the keywords that you provided. Similarly, whenever you interact with our Product, we may automatically receive and record information on our server logs from your browser or device, which may include your IP address, device identification, “cookie” information, the type of browser and/or device you’re using to access our Product, and the page, dashboard, widget, or feature you requested. The data that we collect can tell us how often users use a particular feature of the Product, and we can use that knowledge to make the Product better and more useful to as many users as possible.
  • If you purchase a Product subscription, we will collect payment related information. Certain information may be required to register with us or to take advantage of some of the Product’s features and our Services. The information you give us may include your name, address, e-mail address and phone number, financial information, and personal description. If you do not provide us with such information, your access to or use of the Product or Services may be limited or we may not be able to provide you the Product or Services at all.

How we use your Personal Information

If we have access to your Personal Information as described above, we may only use it for the following purposes:

  • To provide and operate the Products and Services requested by our Customer.  
  • We may use aggregated and anonymized data derived from Personal Information to enhance, improve and further develop our Products and Services (such as, creating new features or functions, enhancing the user experience, improving technical performance, etc.).
  • If you gave us your Personal Information as a Customer, we may use this information to manage the business relationship with the Customer, such as providing service notices and billing. 
  • If you gave us your Personal Information as a Customer, we may use your contact information and billing address to send you business offers and promotional information, subject to your right to withdraw consent to marketing use.
  • If you gave our us your information as a Product user, we may use your contact information to provide you with notices related to your use of the Product. 
  • If you are a Product User, we may use Personal Information collected from your use of the Product to help personalize the Service experience for you (such as, remembering your information so you will not have to enter it each time you use the Product).
  • For the other purposes referenced in the “Disclosure of Personal Information to third parties” section below.

Aggregated Personal Information that is no longer personally identifiable

We may anonymize your Personal Information so that you are not individually identified and provide that information to our partners. We may also provide aggregate usage information to our partners, who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate information to any third party in a manner that would identify you personally, as an individual.

Service providers 

We rely on certain trusted third-party service providers to power our Products. For example, our cloud Products are hosted on third-party cloud platforms; third-party services power cloud-based features. We may also use outsourced personnel to perform technical and support functions that may involve access to customer data. 

Sisense does not disclose your Personal Information to any third parties (other than our services providers) except in the limited circumstances detailed below. Our service providers do not have permission to use your Personal Information for any purpose other than purposes consistent with provide us the services we require to provide our Products and Services to Customers.

Details of the service providers we use can be found here.

Disclosure of Personal Information to third parties

We do not disclose your Personal Information to third parties (except our service providers, as stated above), except under the following circumstances and for the following purposes:

  • If a Customer uses Personal Information about you with our Products or Services, we may disclose your Personal Information to provide the Customer in accordance with the Customers’ instructions.
  • When required by law to respond to subpoenas, court orders, or legal process by public authorities, including disclosures required by national security or law enforcement agencies.
  • When we need to establish or exercise our legal rights, or to defend against legal claims, or when we believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, data breaches, suspected fraud, situations involving potential threats to the physical safety of any person, or protect the rights, property, or safety of Sisense, our employees, our users, or others, or as otherwise required by law.
  • If Sisense is acquired by or merged with another company, Sisense will come under the control of a new entity any rights and permission that Sisense has to access your Personal Information may be assigned to the new entity.

Retention of information

We may retain your Personal Information for as long as it is necessary to for legitimate business purposes, subject to legal limitations. Legitimate data retention purposes include fulfilling our contractual obligations, meeting legal retention requirements, to enforce our agreements, legal holds and investigations, backup and business recovery preparedness, and for other legitimate business expediencies. 

Confidentiality, security, and data integrity

We take great precautions to protect the integrity of your Personal Information. However, no data transmission over the Internet or stored on any other network or system can be guaranteed to be 100% secure. While we strive to protect information on our systems and Products, we cannot and do not guarantee the security of any information you transmit.

Rights of European Data Subjects under the General Data Protection Regulation (GDPR)

If you are in one of the EU/EEA countries or Switzerland, Sisense has certain obligations as a data processor towards our Customers regarding your Personal Information, and certain obligations towards you as a data controller, under GDPR.  The Customer, as data controller, will be responsible for protecting your rights under the GDPR for your Personal information included in data under the Customer’s control. 

Subjects to limitations established by law, your rights include the right to request a copy of your Personal Information, correcting your Personal Information, the right to object to processing of your Personal Information, a right of data portability of your Personal Information, and a right to request erasure of your Personal Information (right to be forgotten). 

To learn more about your rights under the GDPR you can visit the European Commission’s page on Protection of Personal Data, at: http://ec.europa.eu/justice/data-protection/index_en.htm.

Cross-border Personal Information transfers and the EU-U.S. Privacy Shield and Swiss – U.S. Privacy Shield

Data hosted on the Sisense Cloud Products is hosted in the cloud environment selected by the Customer, which may be outside of the EU/EEA. Cloud-based Features of the Product may be hosted in the United States, Israel, and elsewhere (even if the data is hosted in another Sisense Cloud hosting region or is self-hosted). The Sisense for Cloud Data Teams Product is hosted in the United States. Our staff located in Israel, the United States, and Ukraine, have access to Customer data on the Sisense Products. Data we collect while providing our Services is hosted in the United States and Israel. 

Sisense complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, EEA, the United Kingdom, and Switzerland to the United States, in reliance on the Privacy Shield. Sisense has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

If you are in the European Union, EEA, the United Kingdom, or Switzerland, you have a right to access your Personal Information that we hold about you, and can correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Privacy Shield Principles, except where the burden or expense of providing you access would be disproportionate to the risks to your privacy in the case in question, or where the rights of other persons would be violated. 

If you wish to exercise any of your rights in your Personal Information held by a Customer, please contact the relevant Customer (the data controller). If you wish to exercise any of your rights in your Personal Information held by us, please contact us at the contact information below. Note, however, that it is usually better to address requests related to your Personal Information directly to the relevant Customer, since it controls the information, knows how it was collected and used, and has additional copies of your Personal Information in its possession. 

You have a right to choose (opt-out) whether your Personal Information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. In cases where we are acting as an agent (data processor) for a Customer, your choices are determined according to your relationship between you and that Customer, and you should direct your inquiries to that Customer. In cases where we control your information, and you gave us permission to share your information with a third party, you may exercise your choice to opt-out of the permission you gave us by contacting us at the contact information below (the services you requested from us may be affected by your choice). We will notify you and give you an opportunity to opt-out before using your Personal Information for a purpose that is materially different from the purpose for which we originally collected your data. 

In the context of an onward transfer of Personal Information to a third party (including our service providers), we have a responsibility for the processing of personal information we receive under the Privacy Shield and subsequently transfer to a third party acting as an agent on our behalf. We shall remain liable under the Privacy Shield Principles if our agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless we can prove that we are not responsible for the event giving rise to the damage.

We will investigate and attempt to resolve requests, complaints and disputes regarding use and disclosure of your information in accordance with this Privacy Notice. We may require further information from you to identify you and address the matter at issue. 

Individuals in the European Union, EEA, the United Kingdom, and Switzerland may submit unresolved complaints to binding arbitration before the American Arbitration Association (“AAA”) under certain conditions. Information about AAA services can be found at its website: http://go.adr.org/privacyshield.html.  The exclusive location for such arbitration shall be New York, NY, United States.

Sisense is subject to the regulatory authority of the U.S. Federal Trade Commission. The Federal Trade Commission may be contacted at the following address:

Federal Trade Commission

Attn: Consumer Response Center

600 Pennsylvania Avenue NW

Washington, DC 20580

Email: [email protected]
www.ftc.gov

People in the European Union and EEA, (EU Data Subjects), the United Kingdom, and Switzerland can invoke binding arbitration as stipulated in the EU-U.S. Privacy Shield Agreement, Annex I, for some residual claims not resolved by other redress mechanisms.

The Security of Your Personal Information

Sisense takes certain precautions to protect your Personal Information and to limit the risk that it will be accessed without authorization, including use of certain industry standard technologies and practices. That said, we cannot guarantee the security of such information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. No security system is perfect.

If we learn of a security systems breach, then we may attempt to notify you via email, phone, mail, or by a posting on your Product account page so that you can take appropriate protective steps.

Children

We do not knowingly collect or solicit Personal Information from anyone under the age of 16. If you are under 16, please do not attempt to register for any Product or Service or send any Personal Information about yourself to us. If we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that your child under 16 may have provided us personal information, please contact us at [email protected].

Contacting Sisense about this Privacy Notice

Any inquiries, concerns, or requests regarding the use or disclosure of your Personal Information should be directed to us at: [email protected]

Changes to this Privacy Notice

This Privacy Notice was last changed on the date set forth at the top of this Privacy Notice. Sisense may update this Privacy Notice at any time and any such changes will become effective prospectively from the date of publication. We encourage you to check this page frequently for any changes to our Privacy Notice.

TOP