Last revised 30 September 2019
Saba is committed to protecting information which can be used to directly or indirectly identify an individual ("Personal Data") when using our Website. For that reason, Saba created this Policy which explains what Personal Data Saba collects about you, the purposes for which it uses and shares this Personal Data, how you may correct such Personal Data and how we safeguard that Personal Data.
With this Policy we also fulfil our duty to inform you pursuant to Art. 13 General Data Protection Regulation (“GDPR“). We may update this Policy from time to time. When we do so, changes in our Policy will be effective immediately upon posting the revised Policy to the Website. As a result, we recommend that you check this Policy on a regular basis.
2. Identity of the controller and contact details of our Data Protection Officer
The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:
Saba Software Inc.
4120 Dublin Blvd, Suite 200
Dublin 94568, California
You can contact our Data Protection Officer at:
3. When, how and why we process Personal Data
3.1 Personal Data
Personal Data means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location Personal Data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3.2 Which kind of Personal Data we process and how we collect it
3.2.1 General use of our Site
Insofar as you do not actively make Personal Data available to us, we do not store Personal Data while you use our Site except that our webserver(s) register all connections to the Site automatically and collect the following technical information about your visit:
- Your IP address
- The name of the files accessed
- Information about the transmission
- Date and time of the connection
- The amount of Personal Data transmitted
- The requesting provider
- The referrer
- The web browser/user agent
We do not store your IP address after it is communicated to our webserver via your device. Hence, all information listed above is stored anonymously, and we cannot identify you through this information.
We may collect Personal Data that you choose to provide to us. For example, this may occur when you
- Register for events, training or other Saba offerings
- Participate in online surveys, bulletin boards or discussion groups
- Request access to limited-entry areas of our Website
- Download materials from the Website
- Provide us with a written or video testimonial
- Ask us to contact you, or pose questions for us to answer
- Otherwise submit your contact information to Saba
- Email address
- Phone number
- Social media information
- Information about the company you are working for (such as: your company's name, address, your job title/seniority level)
- In the event you choose to provide Saba with your social media information, Saba may retrieve publicly available information about you on such social media platforms
3.2.3 Online application
If you apply for a position at Saba, we collect the following Personal Data either directly from you, or, if you gave us the permission, from a social network profile:
- Email Address
- Alternative Email Address
- Phone number
- Links to your social media profiles
- Cover Letter
- How you learned about the vacancy
If you subscribe to the newsletter on our Website, we may collect the following Personal Data directly from you:
- Email Address
- Phone number
- Preferred job location
- Job categories
- Your IP address
3.2.6 Contract/Account Personal Data
In order to enter into and to perform a contract we process the following Personal Data from the respective contact person as well as the signatories:
- Email Address
- Phone number
3.3 Why and on which legal basis do we do that
We process your IP address only to allow your device to establish a connection to our webserver over the Internet. This processing is based on the legitimate interests of Saba. The purpose as well as our legitimate interest is to provide the Website to you.
If you contact us, the processing is based on the performance of an existing contract with you or necessary in order to take steps prior to entering into a contract with you or based on the legitimate interests of Saba. The purpose as well as our legitimate interest is to answer your inquiry.
If you apply for a job position at Saba, we process your Personal Data for the purpose of the recruitment process. The processing is necessary in order to take steps prior to entering into an employment contract with you. In case a consent is necessary in order to process your Personal Data for the purpose of the recruitment process we will ask you for such. The legal basis for such processing is your consent. If you gave us your consent, we process the Personal Data in order to consider you for and inform you about job positions at Saba in the future. The legal basis for such processing is your consent.
If you subscribed for a newsletter and gave us your consent, we process the Personal Data in order to provide the newsletter service. The legal basis for such processing is your consent.
The legal basis for processing contract and account Personal Data is the performance of an existing contract with you or necessary in order to take steps prior to entering into a contract with you.
We will not use Personal Data for any other purpose incompatible with the purposes listed in this Policy, unless it is authorized by you, or is necessary for us to comply with a legal obligation.
4. Who receives Personal Data from us and when it is transferred to third countries
Internally, the relevant department processes your Personal Data. Personal Data may be shared within the companies making up the Saba group, solely in connection with the purposes set out in this Policy. All such companies are bound by appropriate Personal Data processing agreements and/or confidentiality undertakings, and will only use Personal Data in accordance with this Policy. Such companies are located within the European Economic Area, in countries that are regarded by the EU Commission as featuring an adequate level of Personal Data protection, or are subject to a valid transfer mechanism.
If you subscribed for the newsletter Saba may process the Personal Data for the purpose described in the respective consent text.
Externally, we use IT service providers. Personal Data collected by Saba may be stored in the US or other countries in which Saba maintain facilities.
Personal Data may also be shared, as required, with those who provide products and/or services to Saba and it customers - such as web site hosting, information technology consulting, web site management, foreign language support, complementary products and services requested by Users, Personal Data analysis, audit, legal, administrative, back-up, security, marketing and promotion. We only provide these third parties with the minimum amount of Personal Data necessary to provide the services on our behalf, and the third parties are (where legally required) bound by appropriate order Personal Data processing agreements (including a GDPR compliant level of data protection) and/or comprehensive confidentiality undertakings and therefore not permitted to use your Personal Data except for the limited purpose of completing the requested service or transaction.
Circumstances may arise where Saba may decide to sell, buy or otherwise reorganize some or all of its business. Such a transaction may involve, in accordance with applicable law, the disclosure of Personal Data to prospective or actual purchasers. Saba will seek appropriate protection for Personal Data in these types of transactions. Saba may also retain and disclose Personal Data in order to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal processes; (4) protect the rights, privacy, safety or property of Saba, Website visitors, clients or the public; and (5) enforce our Website terms of service.
5. Period for which Personal Data will be stored
6. Your rights as a Data Subject
If the respective requirements are met, you are granted certain rights as a Data Subject:
- Right of access: You shall have the right to obtain from us confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the Personal Data and certain information.
- Right to rectification: You shall have the right to obtain from us without undue delay the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
- Right to erasure: You shall have the right to obtain from us the erasure of Personal Data concerning you without undue delay.
- Right to restriction of processing: You shall have the right to obtain from us the restriction of processing.
- Right to data portability: You shall have the right to receive the Personal Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you shall have the right to transmit those Personal Data to another controller without hindrance from us. You shall also have the right to have the Personal Data transmitted directly from us to another controller, where technically feasible.
- Right to object: You shall have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Data concerning you, which is based on legitimate interests or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In such case, we shall no longer process the Personal Data unless we demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms or where the processing is necessary for the establishment, exercise or defense of legal claims.
- Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of Personal Data relating to you infringes the GDPR.
Where the processing is based on your informed consent, you shall have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Therefore, you may send us a message to PrivacyRequests@saba.com
7. Your obligation to provide us with Personal Data
You have no statutory or contractual obligation to provide us with any Personal Data except in regards to an application according to section 3.2.3 Online Application. However, we may not be able to provide you with our services if you decide not to do so.
8. Existence of automated decision-making, including profiling
We do not use automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you.
9. Internet specific processing or use of Personal Data
When you visit our Website, we may collect information regarding your visit for marketing purposes and to better improve our Website and your experience with it. Technologies such as cookies, beacons, tags and scripts are used by Saba and our online marketing partners. These technologies are used in analyzing trends, administering the Website, tracking users' movements around the Website and to gather demographic information about our user base as a whole.
Please, be aware that not accepting cookies may lead to you not being able to fully use the Site. Our usage of cookies finds its legal basis in Art. 6 par. 1 lit. f) GDPR. The aforementioned purposes constitute also the legitimate interests we pursue with it.
The cookies we use and their functionality are as follows:
Web Functionality Cookies: These cookies are used to remember information you have entered or the choices you have made to provide a more personalized experience on our Website. These cookies are owned by Saba and will remain on your computer for up to a year.
Web Analytics cookies: These cookies are used to determine how our Website is functioning and what areas of our Websites interest our visitors. This enables us to make the structure, navigation, and content of our Websites as user friendly as possible. It also helps us respond to our users in a more relevant way when they ask to be contacted by us. These cookies are owned by 3rd party tools that Saba leverages. For more information about these cookies, please consult the vendor's respective Personal Data privacy policies.
9.3 Beacons, Tags & Scripts
When you visit our Website, we may also use clear GIFs, web beacons, pixel tags or similar techniques in our Website and/or in our communications with you. A clear GIF is typically a one-pixel, transparent image located on a web page or in an e-mail or other type of message that helps us to verify an individual's viewing or receipt of a web page or message. Clear GIFs allow us to know whether you have viewed a web page prior to visiting our Website and may enable us to relate such information to other information, including your Personal Data. We use information provided from these to allow more accurate reporting and improve the effectiveness of our marketing.
9.4 IP Addresses, Log Files & Other Personal Data
As is true of most web sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream Personal Data. We may combine this automatically-collected log information with other information we collect about you. We do this to improve services we offer you, to improve marketing, analytics, or site functionality.
We also use local storage (also referred to as HTML5) to store content information and preferences. Third parties with whom we partner to provide certain features on our Website or to display advertising based upon your web browsing activity use local storage to collect and store information.
9.5 Social Media Widgets
9.6 Pre-populate application
We provide you the option to share certain Personal Data with us such as your name and email address to pre-populate our application form via uploading a CV, or through LinkedIn or Xing.
9.7 Behavioral Targeting/Re-Targeting
We partner with a third party to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking こちら (or if located in the European Union click こちら). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
Saba may also receive information about you from other sources, including third parties from whom we have purchased data, and combine this information with personal data we already have about you. This helps us to update, expand and analyze our records, identify new customers, and create more tailored advertising to provide products and services that may be of interest to you.
10. External Links
11. Security and Confidentiality
Saba takes appropriate and commercially reasonable technical and organizational measures to protect Personal Data against unauthorized access, accidental loss or damage and unauthorized destruction. Saba staff and third parties who handle Personal Data are required to treat it confidentially and are not permitted to use or share it except as provided in this Policy.
Your Personal Data is encrypted during transmission using Transport Layer Security (TLS). This means that the communication between your computer and the servers of the Website takes place using a recognized encryption method, which is considered secure in the current version (currently TLS 1.2). If your browser supports TLS, this function protects the transmission of Personal Data. In this case, most browsers display a short dialog box or a graphic icon to indicate whether the security protocol is supported. You can find further information in the help function of your browser.
12. APEC Cross Border Privacy Rules & U.S. Privacy Shield Framework
12.1 Saba Software, Inc.
Saba's privacy practices described herein comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. For more information, please visit this website.
Saba Software, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework's applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce's Privacy Shield List.
Saba is responsible for the processing of Personal Data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Saba complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU and Switzerland, including the onward transfer liability provisions. With respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks, Saba is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or Personal Data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at this website. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
12.2 Lumesse, Inc.
Lumesse, Inc. is part of Saba. Lumesse may receive and process Personal Data as contemplated in Section 3.2 above.
Lumesse uses Personal Data only for the purposes indicated in this policy unless it has a legal basis, such as consent, to use it for other purposes. Lumesse takes reasonable steps to ensure that the Personal Data Lumesse processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete and current.
Lumesse, Inc. may disclose Personal Data to comply with or respond to lawful requests made by public authorities, including: to meet national security or law enforcement requirements; to comply with governmental, professional and legal obligations or inquiries; carry out investigations and perform internal administrative activities.
If Lumesse, Inc. shares Personal Data with a third-party service provider that processes the Personal Data solely on Lumesse, Inc. behalf, then Lumesse, Inc. will be liable for that third party’s processing of Personal Data, unless Lumesse, Inc. can prove that it is not responsible for the event giving rise to the damage.
Lumesse, Inc. may disclose Personal Data without offering an opportunity to opt out (i) to service providers who are providing services on Lumesse, Inc. behalf to support Lumesse, Inc. service, (ii) if it is required to do so by law or legal process, (iii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Except as permitted or required by applicable law, Lumesse, Inc. requires non-affiliated parties to whom it discloses Personal Data and who are not subject to the General Data Protection Regulation (GDPR) (EU) 2016/679 or an adequacy finding to either (i) subscribe to the relevant Principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant principles.
Where appropriate, Lumesse, Inc. provides individuals with reasonable access to the Personal Data Lumesse, Inc. maintains about them. Lumesse, Inc. also provides a reasonable opportunity for individuals to correct, amend or delete that information where it is inaccurate, as appropriate. Lumesse, Inc. may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by applicable laws and/or regulations. The right to access Personal Data also may be limited in some circumstances by local law requirements
In circumstances in which Lumesse, Inc. processes Personal Data as a processor, Lumesse, Inc. customers are responsible for providing the relevant individuals with access to their Personal Data and the right to correct, amend or delete the information where it is inaccurate. In these circumstances, any questions should be directed to the appropriate party from which Lumesse, Inc. obtained the Personal Data. Lumesse, Inc. will provide reasonable assistance.
If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU data protection authorities (DPAs) for more information or to file a complaint. The services of EU data protection authorities (DPAs) are provided at no cost to you.
To contact Lumesse, Inc. with questions or concerns about this Policy or Lumesse, Inc. practices concerning Personal Data write to:
2705 Bee Cave Road
Austin, Texas 78746