3.1 Types of Personal Information We Collect

Sagemath collects Personal Information regarding its current, prospective, and former clients, customers, users, visitors, guests, and Employees (collectively “Individuals”).

Information You Provide Directly to Us. When you use the Services or engage in certain activities, such as registering for an account with Sagemath, responding to surveys, requesting Services or information, or contacting us directly, we may ask you to provide some or all of the following types of information:

• Communications with Us. We may collect Personal Information from you such as email address, phone number or mailing address when you choose to request information about our Services, register for Sagemath’s newsletter or a loyalty program that we may offer, request to receive customer or technical support, or otherwise communicate with us.

• Surveys. We may contact you to participate in surveys. If you do decide to participate, you may be asked to provide certain information which may include Personal Information. All information collected from your participation in our surveys is provided by you voluntarily.

• Posting on the Services. Sagemath may offer publicly accessible forums, blogs, and social media pages. You should be aware that, when you disclose information about yourself in on Sagemath’s forums, blogs, and social media pages, the Services will collect the information you provide in such submissions, including any Personal Information. If you choose to submit content to any public area of the Site, such content will be considered “public” and will not be subject to the privacy protections set forth herein.

Automatic Data Collection. We may collect certain information automatically through our Services or other methods of web analysis, such as your Internet protocol (IP) address, cookie identifiers, mobile carrier, mobile advertising identifiers, MAC address, details about your browser or device, geo-location information, Internet service provider, pages that you visit before and after using the Services, and other information about how you use the Services.

Information from Other Sources. We may receive information about you from other sources, including through Third-Party services and organizations to supplement information provided by you. This supplemental information allows us to verify information that you have provided to Sagemath and to enhance our ability to provide you with information about our business, products, and Services.

3.2 How Sagemath, Inc. Uses Your Information

We Process Personal Information about Individuals for the following business purposes:

To Provide Products, Services, or Information Requested:

• Generally manage Individual information and accounts;
• Respond to questions, comments, and other requests;
• Provide access to certain areas, functionalities, and features of Sagemath’s Services;
• Contact you to answer requests for customer support or technical support;
• Allow you to register for events.

Administrative Purposes:

• Measure interest in Sagemath’s Services;
• Develop new products and Services;
• Ensure internal quality control;
• Verify Individual identity;
• Communicate about Individual accounts and activities on Sagemath’s Services and systems, and, in Sagemath’s discretion, changes to any Sagemath policy;
• Send email to the email address you provide to us to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance;
• Process payment for products or services purchased;
• Process applications and transactions;
• Prevent potentially prohibited or illegal activities;
• Enforce our Terms.

Marketing Sagemath Products and Services:

• To tailor content, advertisements, and offers;
• To notify you about offers, products, and services that may be of interest to you;
• To provide Services to you and our sponsors;
• For other purposes disclosed at the time that Individuals provide Personal Information;
• Otherwise with your consent.

You may contact us at any time to opt out of the use of your Personal Information for marketing purposes as set forth below.

• Research and Development. Sagemath may use Personal Information to create non-identifiable information that we may use alone or in the aggregate with information obtained from other sources, in order to help us to optimally deliver our existing products and Services or develop new products and Services. We may share anonymous Individual and aggregate data for research and analysis purposes.

• Direct Mail, Email and Outbound Telemarketing. Individuals who provide us with Personal Information, or whose Personal Information we obtain from Third Parties, may receive periodic emails, newsletters, mailings, or phone calls from us with information on Sagemath’s or our business partners’ products and services or upcoming special offers/events. We offer the option to decline these communications at no cost to the Individual by following the instructions set forth below.

• Anonymous and Aggregated Information Use. Sagemath may use Personal Information and other information about you to create anonymized and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access Sagemath’s Services, or other analyses we create. Anonymized or aggregated information is not Personal Information, and Sagemath may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. We may share this information within Sagemath and with Third Parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.

• Sharing Content. Sagemath’s Services may offer various tools and functionalities that allow you to share content. For example, Sagemath allows you to provide information about your friends through our referral services, such as inviting a collaborator to a project. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services. Email addresses that you may provide for a friend or colleague will be used to send your friend or colleague the content or link you request, but will not be collected or otherwise used by Sagemath or any other Third Parties for any other purpose. The Services also allow you to share your content with Third Parties such as GitHub and NPM. Any Personal Information you choose to share with these Third Parties is not covered by this Privacy Policy. We encourage you to review the privacy policy of these Third Parties before submitting your Personal Information.

• Other Uses. Sagemath may use Personal Information to pursue our legitimate interests, such as direct marketing, marketing research, network and information security, and fraud prevention and any other purpose disclosed to you at the time you provide Personal Information or otherwise with your consent.

3.3 Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising

We, as well as Third-Parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services.

• Cookies. Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.

• Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded on the Services that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

• Analytics. We may also use Google Analytics and other services to collect information regarding visitor behavior and visitor demographics on some of our Services, and to develop website content. This analytics data is not tied to any Personal Information. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and Processing of data generated by your use of the Services by going to tools.google.com/dlpage/gaoptout.

If you would like to opt-out of the Technologies we employ on the Services, you may do so by blocking, disabling, or deleting them as your browser or device permits. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of interest based advertisements on some mobile applications by following the instructions for Android and iOS.

3.4 THIRD-PARTY WEBSITES, SOCIAL MEDIA PLATFORMS, AND SOFTWARE DEVELOPMENT KITS

The Services may contain links to other websites and other websites may reference or link to our Services. These other domains and websites are not controlled by us, and Sagemath does not endorse or make any representations about Third-Party websites or social media platforms. We encourage our users to read the privacy policies of each and every website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

The Services may include publicly accessible forums, blogs, and social media pages You should be aware that Personal Information which you voluntarily include and transmit online in a publicly accessible forum, blog, or social media page may be viewed and used by others without any restrictions. By using such services you assume the risk that the Personal Information provided by you may be viewed and used by third parties for any number of purposes.

We use Third-Party software development kits (“SDKs”), such as the Stripe, Inc. SDK, as part of the functionality of our Services.

3.5 Third-Party Payment Processing

When you make purchases through the Services, we process your payments through a Third-Party application, including Stripe, PayPal, (together with any similar applications, “Payment Processor”) and Social Networking Sites (“SNS”) such as Facebook, GitHub, Google, or Twitter. The Third-Party application may collect certain financial information from you to process a payment on behalf of Sagemath, including your name, email address, address and other billing information.

5.1 Information We Share

We may share your information as described in this Privacy Policy (e.g., with our Third-Party service providers; to comply with legal obligations; to protect and defend our rights and property) or with your permission.

• We Use Vendors and Service Providers. We may share any information we receive with vendors and service providers. The types of service providers (processors) to whom we entrust Personal Information include service providers for: (i) provision of IT, marketing, and related services; (ii) provision of information and services you have requested; (iii) payment processing; (iv) customer service activities; and (v) in connection with the provision of the Services.

• Business Partners. Sagemath may share Personal Information with our business partners, and affiliates for our, our business partners’ and our affiliates’ internal business purposes or to provide you with a product or service that you have requested. Sagemath may also provide Personal Information to business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. In such cases, our business partner’s name will appear, along with Sagemath. Sagemath requires our affiliates and business partners to agree in writing to maintain the confidentiality and security of Personal Information they maintain on our behalf and not to use it for any purpose other than the purpose for which Sagemath provided them.

• DPF. With respect to onward transfers to Agents under DPF, DPF requires that Sagemath remain liable should its Agents Process Personal Information in a manner inconsistent with the DPF Principles.

• Displaying to Other Users. The content you post to the Services may be displayed on the Services. Other users of the Services may be able to see some information about you, such as your name. We are not responsible for privacy practices of the other users who will view and use the posted information.

• Marketing – Interest-Based Advertising and Third Party Marketing. Through our Services, Sagemath may allow Third-Party advertising partners to set tracking tools (e.g., cookies) to collect information regarding your activities (e.g., your IP address, page(s) visited, time of day). We may also share such de-identified information as well as selected Personal Information (such as demographic information and past purchase history) we have collected with Third-Party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit non-Sagemath related websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising”.

• Disclosures to Protect Us or Others (e.g., as Required by Law and Similar Disclosures). We may access, preserve, and disclose your Personal Information, other account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect yours’, ours’ or others’ rights, property, or safety; (iv) to enforce Sagemath policies or contracts; (v) to collect amounts owed to Sagemath; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.

• Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.

5.2 International Data Transfers

You agree that all information collected via or by Sagemath may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States, the European Union, in the cloud, on our servers, on the servers of our affiliates, or the servers of our service providers, in order to provide the Services.

6.1 General

You have the right to object to and opt out of certain uses of your Personal Information. Where you have consented to Sagemath’s Processing of your Personal Information or Sensitive Personal Information, you may withdraw that consent at any time and opt out of further Processing by contacting [email protected]. Even if you opt out, we may still collect and use non-Personal Information regarding your activities on our Services and/or information from the advertisements on Third-Party websites for non-interest based advertising purposes, such as to determine the effectiveness of the advertisements.

6.2 Email and Telephone Communications

If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. We will process your request within a reasonable time after receipt. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding Sagemath and our Services and you will not be able to opt out of those communications (e.g., communications regarding updates to our Terms or this Privacy Policy).

We maintain telephone “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within 60 days after receipt, or such shorter time as may be required by law.

6.3 Mobile devices

Sagemath may occasionally send you push notifications through our mobile applications with notices that may be of interest to you. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. Sagemath may also collect location-based information if you use our mobile applications. You may opt out of this collection by changing the settings on your mobile device.

6.4 Human Resources Data

With regard to Personal Information that Sagemath receives in connection with the employment relationship, Sagemath will use such Personal Information only for employment-related purposes as more fully described above. If Sagemath intends to use this Personal Information for any other purpose, Sagemath will notify the Individual and provide an opportunity to opt out of such uses.

6.5 “Do Not Track”

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

6.6 Cookies and Interest-Based Advertising

As noted above, you may stop or restrict the placement of cookies on your computer or remove them by adjusting your preferences as your browser or device permits. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of interest based advertisements on some mobile applications by following the instructions for Android and iOS.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from advertisers that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, or www.youronlinechoices.eu and www.aboutads.info/choices/.

12.1 Changes To Our Privacy Policy and Practices

We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.

12.2 California Privacy Rights

California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the Third Parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. Sagemath does not share Personal Information with Third Parties for their own marketing purposes.

12.3 Supervisory Authority

If you are located in the European Economic Area, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your Personal Information violates applicable law.

12.4 Compliance

This Policy shall be implemented by Sagemath and all its operating divisions, subsidiaries and affiliates. Sagemath has put in place mechanisms to verify ongoing compliance with DPF Principles and this Policy. Any Employee that violates these privacy principles will be subject to disciplinary procedures.