Privacy Policy

Last updated on 05/15/24

Sanas.AI, Inc., along with its subsidiaries and affiliates worldwide, hereinafter referred to as “Sanas,” “we”, “us,” or “our”) provides software and other technologies specializing in real-time accent translation and voice related services. We are dedicated to respecting your privacy and preferences. This Privacy Policy ("Policy") outlines the collection of Personal Information by Sanas and its Affiliates through www.sanas.ai and other websites or applications linking to this Notice. It emphasizes our privacy practices concerning the Personal Data we gather and handle in accordance with relevant data privacy regulations.

Please be aware that this Policy does not encompass the handling of Personal Information when Sanas processes it on behalf of its clients. For instance, Personal Information submitted by individuals for processing through Sanas-hosted platforms to provide services to clients is not covered by this Policy. Typically, our clients act as Controllers for their relevant Personal Information, including any uploaded by third parties in connection with our services, while Sanas acts as a Processor under applicable Service and/or data processing agreements ("Agreements"). Specific obligations of Controllers and Processors can be found in these Agreements.

We encourage you to review this Policy, along with any supplementary and more detailed information we may provide on various occasions when collecting or processing your personal information through Sanas' website, products, or applications, as well as events and initiatives. This will help you understand how and why we process your personal information.

1. DEFINITIONS
2. SCOPE
3. PERSONAL INFORMATION WE COLLECT
4. HOW WE USE YOUR INFORMATION
5. HOW WE DISCLOSE YOUR INFORMATION
6. LEGAL BASIS FOR PROCESSING
7. YOUR PRIVACY CHOICES
8. YOUR PRIVACY RIGHTS.
9. CONTACT YOUR REGIONAL DATA PROTECTION AUTHORITY.
10. SECURITY OF YOUR INFORMATION
11. INTERNATIONAL DATA TRANSFERS
12. RETENTION OF PERSONAL INFORMATION
13. SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS
14. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS
15. SUPPLEMENTAL NOTICE FOR JOB APPLICANTS AND INTERNS.
16. SUPPLEMENTAL NOTICE FOR VISITORS.
17. SUPPLEMENTAL NOTICE FOR VENDORS
18. CHILDREN’S INFORMATION
19. OTHER PROVISIONS
20. CONTACT US
21. PROCESSING OF PERSONAL DATA IN PHILIPPINES.
22. PROCESSING OF PERSONAL DATA IN UK
23. PROCESSING OF PERSONAL DATA IN EU/EEA REGIONS DEFINITIONS

1. Definitions

Personal Data refers to information that, either on its own or when combined with other data, allows for the direct or indirect identification of an individual (“Personal Information”or “Personal Data”).

A Data Controller or Business (“Controller”) is an entity that determines the purposes and methods of processing Personal Information. A Data Processor, Service Provider, Contractor, or Third Party (“Processor”or “Third Party”) is an entity that processes Personal Information on behalf of the Controller.

2. Scope

This Policy is designed to help you understand your rights under relevant laws, including instructions on how to exercise them. It also outlines how we collect, use, process, disclose, and store Personal Data as a Controller when you:

  • Interact with or use our website, including but not limited to downloading materials from our webpages, requesting a demo, or asking us to contact you.
  • Interact with our software application.
  • Register for and/or attend our events, conferences, or webinars (individually referred to as an “Event” or collectively as “Events”).
  • Provide your Personal Data for administering our services and managing our relationship with you in any capacity, such as setting up an account or collecting Personal Data to process invoices for accounting purposes.
  • Provide your Personal Data for any of our online or offline offerings.
To make this Policy easier to read, our website, software applications, and other offerings online or offline will collectively be referred to as “Services.”

While this Policy applies globally, specific additional details may pertain to you based on your country of residence. Such additional terms, tailored to these specific countries or regions, are outlined in region-specific statements below.

Personal Information We Collect

The categories of personal information we collect depend on how you interact with us, our Services, and the requirements of applicable law. For instance, we may collect different information about you depending on whether you are a customer of our Services (“Customer”) who downloads our customer- facing software product (“Customer Software”), or a contributor of vocal sound samples on our web application (“Target Speaker”). We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations, as described below.

A. Information You Provide to Us Directly via our Websites or Events

We may collect the following personal information that you provide to us.
Tester Account Creation
If you agree to provide audio samples for the purpose of improving the Services, you will be assigned a Group ID, and we may collect your full name, gender, age range, and accent.
Vocal Samples. As a Tester, you will need to provide access to a microphone to use the web application. The application will then collect recordings of your voice speaking certain words and phrases.

Note: although we do collect vocal samples from Testers and tie these samples tied individual Tester profiles for our internal purposes, we only use this information to improve our Services, and do not derive a voice print or any other information that could be used to identify you from your vocal data.
Customer Account Creation
To create an account to use the Customer software, we may collect information about you, such as your full name, email address, password, and the name of your business if applicable.
Purchases.
We may collect personal information and details associated with your purchases, including payment information. Any payments made via our Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).
Your Communications with Us.
We may collect personal information, such as email address, phone number, or mailing address when you request information about our Services, register for our newsletter, request customer or technical support, apply for a job, or otherwise communicate with us.
Surveys
We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include personal information.
Interactive Features
We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., messaging and chat features, commenting functionalities, forums, blogs, and social media pages). Any information you provide using the public sharing features of the Services (referred to herein as “User Content”) will be considered “public,” unless otherwise required by applicable law, and is not subject to the privacy protections referenced herein. 
Conferences, Trade Shows, and Other Events
We may collect personal information such as audio-visual information, photographs or images captured, video recordings (if enabled) from individuals when we attend conferences, webinars, trade shows, and other events.
Business Development and Strategic Partnerships
We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
Job Applications
We may post job openings and opportunities on our Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and use your information to assess your qualifications.
Feedback
We may collect queries, comments, or feedback as submitted by you, including any correspondence you have made with us.

B. Information Collected Automatically 

We may collect personal information automatically when you use our Services:
Automatic Data Collection
We may collect certain information automatically when you use our Services, such as your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, location information (including approximate location derived from IP address), and Internet service provider. We may also automatically collect information regarding your use of our Services, such as pages that you visit before, during and after using our Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services.
Data collection from the Customer Software.

Please note that by default, we do not collect voice recordings from the Customer Software. We may however collect diagnostic or other usage information related to your use of the Customer Software, such as to verify your purchases, ensure you are billed correctly, or to troubleshoot errors with customer support. 
Cookies, Pixel Tags/Web Beacons, and Other Technologies.
We, as well as third parties that provide content, advertising, or other functionality on our Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through your use of our Services.
Cookies

Cookies are small text files placed in device browsers that store preferences and facilitate and enhance your experience
Pixel Tags/Web Beacons.

A pixel tag (also known as a web beacon) is a piece of code embedded in our Services that collects information about engagement on our Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
Our uses of these Technologies fall into the following general categories:
Operationally Necessary
This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality.
Performance-Related
We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how individuals use our Services (see Analytics below).
Functionality-Related.
We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed.

See “
Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.
Analytics
We may use Technologies and other third-party tools to process analytics information on our Services. Some of our analytics partners include Google Analytics. For more information, please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your information, please click here
Biometric Information.
While we do not currently collect any information that can be used on its own to identify any particular speaker, we may collect this information from Target Speakers in the future. If you consent to our collection of biometric information or if our collection of biometric information is otherwise permitted, you agree that we may collect your voice data

C. Information Collected from Other Sources

We may obtain information about you from other sources, including through third-party services and organizations. For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made available via your privacy settings.

HOW WE USE YOUR INFORMATION

We use your information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market our products and Services, as described below.

A. Provide Our Services

We use your information to fulfil our contract with you and provide you with our Services, such as:
  • Managing your information and accounts.
  • Providing access to certain areas, functionalities, and features of our Services.
  • Providing better usability, troubleshooting and site maintenance.
  • Understanding which parts of the website are visited and how frequently.
  • Answering requests for customer or technical support.
  • Communicating with you about your account, activities on our Services, and policy changes.
  • Processing your financial information and other payment methods for products or Services purchased.
  • Facilitating communication with you, including contacting you and responding to your queries.
  • Processing applications if you apply for a job we post on our Services; and
  • Allowing you to register for events.

B. Administrative Purposes 

We use your information for various administrative purposes, such as:
  • Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.
  • Measuring interest and engagement in our Services.
  • Short-term, transient use, such as contextual customization of ads.
  • Improving, upgrading or enhancing our Services.
  • Developing new products and Services.
  • Ensuring internal quality control and safety.
  • Authenticating and verifying individual identities, including requests to exercise your rights under this policy.
  • Auditing relating to interactions, transactions and other compliance activities.
  • Sharing information with third parties as needed to provide the Services.
  • Enforcing our agreements and policies; and
  • Complying with our legal obligations.

C. Marketing and Advertising our Products and Services

We may use personal information to
  • Tailor and provide you with content and advertisements for our Services. We may provide you with these materials as permitted by applicable law.
  • Invite you for events, seminars and equivalent ceremonies organized by us and related purposes such as running marketing or promotional campaigns, including such promotions or publications on social media.
  • Publish testimonials and case studies.
  • Generate and maintain leads as part of our Customer Relationship Management database
Some of the ways we market to you include email campaigns and custom audiences advertising.

If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below.

D. Other Purposes

We also use your information for other purposes as requested by you or as permitted by applicable law.
Consent
We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
Automated Decision Making.
We may engage in automated decision making, such as to improve our AI algorithm using voice samples uploaded by Target Speakers. Sanas’ processing of your personal information will not result in a decision based solely on automated processing that significantly affects you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making. If you have questions about our automated decision making, you may contact us as set forth in “Contact Us” below.
De-identified and Aggregated Information
We may use personal information and other information about you to create de-identified and/or aggregated information, such as de-identified demographic information, information about the device from which you access our Services, or other analyses we create
Share Content with Friends or Colleagues
Our Services may offer various tools and functionalities. For example, we may allow you to provide information about your friends through our referral services. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services. Please only share with us contact information of people with whom you have a relationship (e.g., relative, friend neighbor, or co-worker).

HOW WE DISCLOSE YOUR INFORMATION

We disclose your information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

A. Disclosures to Provide our Services

The categories of third parties with whom we may share your information are described below.
Service Providers
We may share your personal information with our third-party service providers who use that information to help us provide our Services. This includes service providers that provide us with IT support, hosting, payment processing, customer service, and related services.
Business Partners.
We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information to business partners with whom we jointly offer products or services.
Affiliates
We may share your personal information with our company affiliates for our administrative purposes, including activities such as IT management, for them to provide services to you or support and supplement the Services we provide.
APIs/SDKs
We may use third-party Application Program Interfaces (“APIs”) and Software Development Kits (“SDKs”) as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth in “Contact Us below.

B. Disclosures to Protect Us or Others 

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

LEGAL BASIS FOR PROCESSING

Privacy and data protection laws outline specific justifiable grounds for collecting and processing Personal Data, commonly known as the legal basis of processing. Our primary reliance is on the following legal bases:
  • We process your Personal Data when it's necessary for fulfilling a contract you're a party to or to take pre-contractual steps at your request. For instance, when engaging with us to receive services or managing employee data to ensure compliance with their employment contract.
  • We process your Personal Information when it's necessary for legitimate interests pursued by us or a third party, provided these interests do not override your data protection rights. This includes understanding your website usage, generating secure login credentials, or optimizing our processes.
  • We process your Personal Information with your consent, which you can revoke at any time. For instance, when registering for events organized by us or receiving marketing communications from us.
  • We may process your Personal Information to comply with legal obligations, including applicable laws and safeguarding our legal rights, seeking remedies, and defending against claims.

YOUR PRIVACY CHOICES

Your Privacy Choices.

The privacy choices you may have about your personal information are determined by applicable law and are described below.
Email Communications.

If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms or this Privacy Policy). 
California and Delaware “Do Not Track.”

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers.  Privacy regulations in the United States, such as the laws of California and Delaware, require Sanas to indicate whether it honors your browser’s “Do Not Track” settings concerning targeted advertising. Sanas adheres to the standards set out in this Notice and does not monitor or respond to Do Not Track browser requests.regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms or this Privacy Policy). 

YOUR PRIVACY RIGHTS.

In accordance with applicable law, you may have the right to:
Access Personal

Information about you, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information in a structured, commonly used, and machine readable format; and (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine readable format (the “right of data portability”);
Request Correction

Request Correction of your personal information where it is inaccurate or incomplete. (Note: In some cases, we may provide self-service tools that enable you to update your personal information);
Request Deletion

Request Deletion of your personal information;
Request Restriction

Request Restriction of or Object to our processing of your personal information including where the processing of your personal information is based on our legitimate interest or for direct marketing purposes; and
Withdraw your Consent

Withdraw your Consent to our processing of your personal information
If you would like to exercise any of these rights, please contact us as set forth in “Contact Us below. We will process such requests in accordance with applicable laws.

Should you desire an authorized agent to make a privacy rights request on your behalf, the agent may do so by contacting us as set forth in “Contact Us” below. We will require written, signed permission indicating that the agent has been duly authorized to act on your behalf. Upon receipt of the written authorization, we will review the privacy rights request and respond accordingly. We will directly correspond with the e-mail address provided by the authorized agent.

CONTACT YOUR REGIONAL DATA PROTECTION AUTHORITY.

If you're dissatisfied with our handling of your Personal Data, you may have the right, as per the laws of your residing country, to lodge a complaint with your regional data protection authority.

SECURITY OF YOUR INFORMATION

At Sanas, there exists a perfect balance between Governance, Process and Technology, the combination of which has established Sanas' commitment to its customers and stakeholders. Sanas adopts reasonable and appropriate security controls, practices and procedures including administrative, physical security, and technical controls in order to safeguard your Personal Data. We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We have taken appropriate safeguards to require that your personal information will remain protected and require our third-party service providers and partners to have appropriate safeguards as well. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.

By using our Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail or by sending an email to you.

Our updated list of all certifications and security reports are as follows:
  • ISO/IEC 27001:2022
  • Health Insurance Portability and Accountability Act (HIPAA)
  • California Consumer Privacy Act (CCPA)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • SSAE-21 SOC 2 Type 2
  • General Data Protection Regulation- (EU) 2016/ 679 (GDPR)

INTERNATIONAL DATA TRANSFERS

All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws. Sanas operates on a global scale. As a result, the Personal Data of individuals who visit our websites, use our services, or engage with us in any way may be transferred and accessed worldwide, including countries where Sanas, our affiliates, or processors operate. Regardless of where it is processed, we will safeguard your Personal Data in accordance with this policy. Sanas does not willingly or proactively transfer or disclose our customers' Personal Data to government or law enforcement authorities ("Authorities") or grant Authorities access to your Personal Data.

RETENTION OF PERSONAL INFORMATION

We retain your Personal Data for varying durations depending on the category of Personal Data and your relationship with us. The duration is determined on a case-by-case basis, with our aim being to keep it for the shortest period necessary to fulfill the purpose for which it was collected. When deciding on retention periods, we consider the following criteria:
  • The type of Personal Information.
  • Whether the Personal Information is typically subject to specific deletion schedules, such as marketing data.
  • Whether the Personal Information is essential for operating or providing our services; for instance, account information may be retained longer based on your agreement with us.
  • The duration required to comply with legal obligations.
  • Our legitimate interests or legal purposes, including network improvement, fraud prevention, record-keeping, safety promotion, security and integrity maintenance, or enforcing our legal rights.

SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS

This Supplemental California Privacy Notice only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California residents with the right to know what categories of personal information Sanas has collected about them and whether Sanas disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information below:
The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth in “Personal Information We Collect” and “How We Use Your Personal Information” above, respectively.
“Sales” of Personal Information under the CCPA

For purposes of the CCPA, Sanas does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.
Additional Privacy Rights for California Residents
Non-Discrimination.

California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Authorized Agent.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth in “Contact Us” below and provide written authorization signed by you and your designated agent.
Verification.

To protect your privacy, we will take steps the following steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include asking you to answer questions regarding your account and use of our Services
If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws. 
Refer-a-Friend and Similar Incentive Programs.

As described above in How We Use Your Personal Information (“Share Content with Friends or Colleagues”), we may offer referral programs or other incentivized data collection programs. For example, we may offer incentives to you such as discounts or promotional items or credit in connection with these programs, wherein you provide your personal information in exchange for a reward, or provide personal information regarding your friends or colleagues (such as their email address) and receive rewards when they sign up to use our Services. (The referred party may also receive rewards for signing up via your referral.) These programs are entirely voluntary and allow us to grow our business and provide additional benefits to you. The value of your data to us depends on how you ultimately use our Services, whereas the value of the referred party’s data to us depends on whether the referred party ultimately becomes a Customer or Target Speaker and uses our Services. Said value will be reflected in the incentive offered in connection with each program.
Accessibility.
This Privacy Policy uses industry-standard technologies and was developed in line with the World Wide Web Consortium’s Web Content Accessibility Guidelines, version 2.1. If you wish to print this policy, please do so from your web browser or by saving the page as a PDF.
California Shine the Light.

The California “Shine the Light” law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties.

SUPPLEMENTAL NOTICE FOR JOB APPLICANTS AND INTERNS.

Categories of Personal Data (including sensitive personal information) we process:

Candidate name, Contact details, Date of Birth, Educational qualifications, Resume including skill details, Employment-related information, details pertaining to background checks, passport details (only if shortlisted), and a few other optional details such as web address, willingness to travel, etc. Financial details and national identification details are collected only in selected countries where required by law.Please note that the categories of personal (or sensitive personal) details processed may vary based on the business requirements of the entity and legal requirements of a country.

Use of your Personal Data:

We utilize your Personal Data for the following purposes:
Assessing a candidate's suitability for job requirements as part of the recruitment or internship selection process, including background verification by our authorized vendor.Conducting various employer-related activities if you are selected to join the organization and ensuring compliance with any applicable labor and/or other relevant laws.
Legal Basis of Processing:
We process your Personal Data when necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract, or based on your consent, as per applicable laws.
Data Recipients/Access:
Your data may be accessible to authorized internal recipients within Sanas, its subsidiaries or affiliates, our authorized service providers including cloud service providers who offer services to Sanas, business partners, government bodies including statutory regulatory authorities, law enforcement agencies (where applicable), auditors (internal/external), and Sanas’ clients (where applicable) based on contractual obligations.

SUPPLEMENTAL NOTICE FOR VISITORS.

Categories of Personal Information (including sensitive personal information) that we process:

Use of your Personal Data:
We utilize your Personal Information for the following purpose:

To grant access to Sanas offices.
Legal Basis of Processing:
We process your Personal Information when it is necessary for the purposes of a legitimate interest pursued by us or based on your consent, wherever applicable.
Data Recipients/Access:
Your data may be accessible to authorized internal recipients within Sanas, its subsidiaries or affiliates, government bodies including statutory regulatory authorities, law enforcement agencies (where applicable), auditors (internal/external).

SUPPLEMENTAL NOTICE FOR VENDORS

Categories of Personal Data (including sensitive personal information) that we process:
Vendor name, contact details, address, tax details, contact details of Vendor point of contact.

* Please note that the categories of personal (or sensitive personal) details processed may differ based on the business requirement of the entity and legal requirement of a country.
Use of your Personal Data:
  • We use your Personal Information for the following purposes:
  • For vendor empanelment
  • Purchase order and Invoice creation.
  • For facilitating communications with you
  • For submitting quotations
Legal Basis of Processing:
We process your Personal Information when it is necessary for the performance of a contract to which you are the party or based on your consent, as per applicable laws.
Data Recipients/Access:
Your data may be accessible to authorized internal recipients within Sanas, its subsidiaries or affiliates, tax consultants and authorities, Government Bodies including statutory, regulatory authorities, law-enforcement agencies (where applicable), Auditors (internal/external).

CHILDREN’S INFORMATION

The Services are not directed to users under 18, and we do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has uploaded personal information to our site without your consent, you may contact us as described in “Contact Us” below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child’s account if applicable.

OTHER PROVISIONS

Third-Party Websites/Applications.
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk. For your convenience, hyperlinks may be posted on the Websites that link to other websites (“Linked Sites”). We are not responsible for, and this Notice does not apply to, the privacy practices of any Linked Sites or of any companies that we do not own or control. Linked Sites may collect information in addition to that which we collect on the Websites. We do not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read each Linked Site’s privacy notice to understand how the Personal Information about you is used and protected.
Supervisory Authority.
If you are located in the European Economic Area, Switzerland, the United Kingdom or Brazil, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.
Changes to our Privacy Policy.
We are constantly trying to improve our Websites and Services, so we may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use our Services after the new Privacy Policy takes effect. You are responsible for periodically reviewing this Privacy Policy.

CONTACT US

If you have any questions about our privacy practices or this Privacy Policy, or to exercise your rights as detailed in this Privacy Policy, please contact us at:

Sanas.AI Inc.
437 Lytton Avenue, Suite 200, Palo Alto, CA 94301
privacy@sanas.ai 

PROCESSING OF PERSONAL DATA IN PHILIPPINES.

For the purposes of processing your Personal Data in Philippines, we will follow the Data Privacy Regulations, including Data Protection Act, 2012. Please note that the following provisions will apply to you if you are a Data Subject (resident or citizen) in Philippines, in addition to the Privacy Policy outlined here.
Cross Border Transfer of Data
In general, Sanas, headquartered in Palo Alto, is the Sata Controller processing your Personal Information. We may transfer your personal data outside Philippines to third parties including countries where the data protection legislation may differ from that of Philippines.As per the obligation called out under the Data Protection law in Philippines, when we transfer your personal information to subsidiaries of Sanas and service providers outside Philippines, Sanas as the transferring organization ‎will remain accountable for the protection of your Personal Data and ensuring ‎compliance with the applicable legislation, using contractual or other means to provide a comparable level of protection while the Personal Data is being processed by the third party. Additionally, we shall also take all the necessary steps to ensure confidentiality and security of the transferred data.
Your Data Subject Rights in Philippines
As a Data Subject located in Philippines, you are entitled to the following rights:
  • The right to be informed when your personal data is being processed.
  • The right to reasonably access matters relating to the processing of your personal data such as, among others, the identity of the Personal Information Controllers (“Data Controllers”) or Personal Information Processors (PIPs) that will be given access to your personal data.
  • The right to rectification or the right to dispute the inaccuracy or error in your personal data and have the Data Controllers correct it within a reasonable period of time.
  • The right to suspend, withdraw, or order the blocking, removal, or destruction of your personal data from the Data Controllers filing system.
  • The right to object to the processing of your personal data, including processing for direct marketing, automated processing, or profiling.
  • The right to obtain from the Data Controllers a copy of your personal data in an electronic or structured format that is commonly used and allows for further use.
  • The right not to be subject to automated decision making.
  • The right to be indemnified for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data. In addition, you also have the right to lodge a complaint before the National Privacy Commission.
If you are a resident of Philippines and you wish to exercise your data subject rights as called out above, please refer to section YOUR PRIVACY RIGHTS.

PROCESSING OF PERSONAL DATA IN UK.

For the purposes of processing your Personal Information in UK, we will follow all the applicable Data Privacy Regulations, including UK General Data Protection Regulation. Please note the below provisions will apply to you if you are a data subject residing in UK, in addition to the Privacy Policy outlined here.
Cross Border Transfer of Data
In general, Sanas, headquartered in Palo Alto, is the data controller processing your Personal Information. We may transfer your personal data outside UK to third parties including countries where the data protection legislation may differ from that of UK.As per the obligation called out under the UK Data Protection Regime, when we process your Personal Information in countries deemed adequate by the UK Secretary of State we will rely on the adequacy regulations published by them to protect your Personal Information.For transfers to Sanas subsidiaries and service providers outside UK, where Adequacy decision is not available, we use standard contractual clauses or rely on a service provider's (UK data protection authority approved) corporate rules that are in place to protect your Personal Information. Additionally, we shall take all the necessary steps to ensure confidentiality and security of the transferred data.
Your Data Subject Rights in UK
As a Data Subject located in UK, you are entitled to the following rights:
  • The right to access the personal information that we collect about you through DSARs.
  • The right to be informed about the way in which we process your personal data
  • The right to obtain rectification of your personal data.
  • The right to erasure of your personal data, where applicable.
  • The right to object to processing of your personal data, where applicable.
  • The right to data portability- meaning you have the right to receive the data in a structured format and to transmit the data to another data controller, where applicable.
  • The right not to be subject to automated decision making.
  • The right to restriction of processing your personal data, where applicable.
If you are a resident of UK and you wish to exercise your data subject rights as called out above, please refer to section YOUR PRIVACY RIGHTS.

PROCESSING OF PERSONAL DATA IN EU/EEA REGIONS.

For the purposes of processing your Personal Data within the EU/ EEA Regions, we will follow the Data Privacy Principles and regulations of the General Data Protection Regulation (commonly known as 'GDPR’). Please note that the following provisions will apply to you if you are a Data Subject (resident or citizen) within the EU/EEA region, in addition to the Privacy Policy outlined here.
Cross Border Transfer of Data
In general, Sanas, headquartered in Palo Alto, is the data controller processing your Personal Data. We may transfer your personal data outside the EU/EEA region to third parties including countries where the data protection legislation may differ from that of the EU/ EEA region.As per the obligation called out under the GDPR, when we process your Personal Data in countries deemed adequate by the European Commission, we will rely on the European Commission's decision to protect your Personal Information.For transfers to Sanas subsidiaries and service providers outside the EEA, where Adequacy decision is not available, we use standard contractual clauses or rely on a service provider's (EU data protection authority approved) corporate rules that are in place to protect your Personal Information. Additionally, we shall take all the necessary steps to ensure confidentiality and security of the transferred data.
Your Data Subject Rights in EU/EEA
As a Data Subject located in EU/EEA, you are entitled to the following rights:
  • Right to be informed when personal data has been obtained from the data subject, where applicable.
  • Right to access the personal information that we collect about you.
  • Right to rectify the inaccurate personal data that we hold about you.
  • Right to request erasure of your personal data, where applicable.
  • Right to object to the processing of your personal data, where applicable.
  • Right to data portability, i.e. to request your personal data to be transferred to a third party, where applicable.
  • Right to be informed before being made a part of automated decision making, where applicable
  • Right to obtain restriction of processing from the controller, where applicable
If you are an EU/EEA resident and you wish to exercise your data subject rights as called out above, please refer to section YOUR PRIVACY RIGHTS.