Last Updated: April 4, 2022
Welcome. Sassafras Software, LLC. (“Sassafras,” “Company” or “we,” “our” or “us”) respects your privacy and wants to protect your Personal Information. This Privacy Notice applies to all data collected by Sassafras by any means from our customers. It serves to describe our business practices and to notify you of your rights and options.
Personal Information is defined as any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means and may have various additional meanings under applicable data privacy laws.
Sassafras collects, uses, shares and secures Personal Information when Sassafras clients use our hosted software as well as when users visit Sassafras’ website at www.sassafras.com (the “Site”). This Privacy Notice is also part of our SaaS Subscription Agreement. We refer to all of the above as our “Services.”
By visiting the Site, contacting us to inquire about our Services or entering into a SaaS Subscription Agreement, you consent to our Privacy Notice.
If you voluntarily provide your information in the course of interacting with our Site, or otherwise using our Services, we will take that as your agreement to our collection, use, and disclosure of your information as set forth in this Privacy Notice.
We are required by law to tell you what information we collect from you, why we collect it, how we use it, under what circumstances we may share it with third parties, how we protect that information, and how you may opt out of the sale of that information. If you have questions about this Privacy Notice, contact us at email@example.com
This Privacy Notice does not apply to any products, services, websites, or content that are offered by third parties (“Third Party Services”), which are governed by their respective privacy policies.
PLEASE READ CAREFULLY PRIOR TO USING OUR SERVICES. BY ACCESSING AND USING OUR SERVICES, YOU AFFIRM THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO ABIDE TO THIS PRIVACY NOTICE AND ANY TERMS OF SERVICE AND/OR SUBSCRIPTION AGREEMENT. IF YOU DO NOT AGREE TO ABIDE TO THE SAAS SUBSCRIPTION AGREEMENT AND THIS PRIVACY NOTICE, YOU MAY NOT ENTER, ACCESS, OR OTHERWISE USE OUR SERVICES. IF YOU USE THE SERVICES ON BEHALF OF SOMEONE ELSE, YOU REPRESENT TO US THAT YOU ARE AUTHORIZED BY SUCH INDIVIDUAL TO ACCEPT THIS PRIVACY NOTICE AND YOU DO ACCEPT THIS PRIVACY NOTICE ON SUCH INDIVIDUAL’S BEHALF.
What Information We Collect
(a) Personal Information You Provide to Us
In connection with the Services we provide, we may ask you to provide us with certain information, including
- your first and last name,
- email address,
- home or business address,
- telephone number or mobile number,
- credit card and other billing information,
- other information that could reasonably be used to identify you personally or identify your household (all of the foregoing hereinafter referred to as “Personal Information”).
- Data collected by our Product Recognition Service (PRS) and the handling of that data is further detailed on our website at www.sassafras.com/hrl/7.8/prs.html .
We may collect this information when you:
- Request information from us via webforms, emails or when you sign up for our Services;
- Contact us regarding a question, concern, or inquiry, such as when you make inquiries concerning our Site and/or Services;
- Register and create an account on our Site;
- Sign up or request to be placed on our mailing and/or email marketing lists; or
- Provide billing information to us.
Your decision to provide us with information is voluntary, but if you choose not to provide any requested information, you may not be able to take advantage of all of the Site’s features or our Services.
(b) General Browsing
In addition to information that you choose to submit to us, we and/or our service providers may automatically collect and/or store certain information when you visit or interact with the Site(s) (“Usage Data”). This Usage Data may be stored and/or accessed from your personal computer, laptop, tablet, mobile phone or other device (a “Device”) whenever you visit or interact with our Site(s). Usage Data may include:
- Your IP address, IDFA, Android/Google Advertising ID, IMEI, or another unique identifier (“Device Identifier”);
- Your Device functionality (including browser, browser language, operating system, hardware, mobile network information);
- Referring and exit web pages and URLs;
- The areas within our Site that you visit and your activities there, including remembering you and your preferences;
- Your Device location or other geolocation information, including the zip code, state or country from which you accessed the Services;
- Your Device characteristics; and
- Certain other Device data, including the time of day you visit our Site(s).
(c) Location data
We do not track your location or use location data.
We may use various methods and technologies to store or collect Usage Data (“Tracking Technologies”). Tracking Technologies may set, change, alter or modify settings or configurations on your Device. A few of the Tracking Technologies used on the Site(s), include, but are not limited to, the following (as well as future-developed tracking technology or methods that are not listed here):
- Cookies. A cookie is a file placed on a Device to uniquely identify your browser or to store information on your Device. Our Site may use HTTP cookies, HTML5 cookies, Flash cookies and other types of cookie technology to store information on local storage.
- Web Beacons. A Web Beacon is a small tag (which may be invisible to you) that may be placed on our Site’s pages and messages.
- Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Site, such as the links you click on.
- ETag, or entity tag. An eTag or entity tag is a feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL.
- Browser Fingerprinting. Collection and analysis of information from your Device, such as, without limitation, your operating system, plug-ins, system fonts and other data, for purposes of identification.
- Recognition Technologies. Technologies, including application of statistical probability to data sets, which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user).
We may use Tracking Technologies for a variety of purposes, including:
- To allow you to use and access the Site, including for the prevention of fraudulent activity and improved security functionality or to allow you to make use of cart or payment functionality;
- To assess the performance of the Site, including as part of our analytic practices or otherwise to improve the content, products or services offered through the Site;
- To offer you enhanced functionality when accessing the Site, including identifying you when you sign into our Site or keeping track of your specified preferences or to track your online activities over time and across third-party sites; and
- To deliver content relevant to your interests on our Site and third party sites based on how you interact with our content.
To learn more about how to opt out of Google’s use of the Google analytics cookies, visit here https://tools.google.com/dlpage/gaoptout.
Please note that even if you exercise the opt-out choices above, you may continue to receive advertisements, for example, ads based on the particular website you are viewing (e.g., contextually based ads). Also, if your browser (like some Safari browsers) is configured to reject opt-out cookies when you opt out on the DAA or NAI websites, your opt-out may not be effective.
(e) Information We Collect When You Interact with Third-Party Sites
The Site(s) may include functionality that allows certain kinds of interactions between the Site and your account on a third-party website or application. For example, we may provide links to allow third parties to process credit card and/or electronic payments. These third parties may retain any information used or provided in any such communications or activities and these third parties’ practices are not subject to our Privacy Notice. We may not control or have access to your communications through these third parties. Further, when you use third-party sites or services, you are using their services and not our services and they, not we, are responsible for their practices. You should read the applicable third-party privacy policies before using such third-party tools on our Site.
Why We Collect Information
We may use your information for various purposes, including:
- Responding to your requests for information;
- Maintaining your account;
- Verifying your identity and for fraud prevention;
- Processing your payments or purchases;
- Sending you email communications such as electronic newsletters about our products, Services, events, and promotions;
- Improving the effectiveness of our Site, our marketing endeavors, and our product and service offerings;
- Identifying your product and service preferences, providing personalized content and ads and informing you of new or additional information, products and services that may be of interest to you;
- Helping us address problems with and improve our Site and our products and services, including testing and creating new products, features, and services;
- Protecting the security and integrity of the Site, including understanding and resolving any technical and security issues reported on our Sites;
- Engaging in analysis, research, and reports regarding the use of our Site and Services;
- For internal business purposes;
- Improving the machine learning algorithm of the Services;
- Complying with the law and protecting the safety, rights, property or security of Sassafras, the Services, and the general public; and
- For purposes disclosed at the time you provide your information or as otherwise set forth in this Privacy Notice.
When We Disclose Information
We do not sell your Personal Information to anyone.
We also do not share your information, including your Personal Information, with our affiliates and other third parties, such as companies with whom we have marketing or other relationships, for direct marketing purposes.
We may aggregate, de-identify, and/or anonymize any information collected through the Site(s) or Services such that such information is no longer linked to your personally identifiable information. We may use and share this aggregated and anonymized information (non-Personal Information) for any purpose, including without limitation, for research and marketing purposes, and may also share such data with our affiliates and third parties, including advertisers, promotional partners and others.
We may share the information we have collected about you, including Personal Information, as disclosed at the time you provide your information and as described in this Privacy Notice.
With your permission, we may direct a potential customer to you as a reference. In the normal course of business we may mention related customers to each other, but you can explicitly request to never be mentioned.
Examples of when Sassafras may share your information include as follows:
(a) Third Parties Providing Services to Sassafras. We may use Third-Party Service providers to perform certain services on behalf of us or the Site(s) or Services, such as: (i) creating and updating Site(s) functionality; (ii) billing or processing credit cards, and/or electronic or manual payments; (iii) assisting us in Site(s) operations; (iv) managing a database of customer and consumer information; (v) hosting the Site(s) and improving performance of the Sites; (vi) designing and/or operating the Site’s features; (vii) tracking the Site’s activities and analytics, including marketing and market research; (viii) data enhancement (to learn more about our customers); (ix) enabling us to send you special offers or perform other administrative services, such as customer service, security, tech, operational support, email and legal services; and (x) other services designed to assist us in maximizing our business potential. We may provide these vendors with access to user information to carry out the services they are performing for you or for us. Those vendors may have additional or different privacy policies and/or privacy notices. You should be sure that you read and agree to those policies and Terms.
We currently use the following as third-party service providers:
- CloudFront (AWS)
Additional service providers may be added from time to time and are available on request from Sassafras.
(b) To Protect the Rights of Sassafras and Others. To the fullest extent permitted by applicable law, we may also disclose your information when required to by law or if we believe in good faith that doing so is necessary or appropriate to: (i) protect or defend the rights, safety or property of Sassafras, its affiliates, third parties or the general public (including through the enforcement of this Privacy Notice, our SaaS Subscription Agreement, and other applicable agreements and policies); (ii) comply with legal and regulatory obligations (e.g., pursuant to law enforcement inquiries, subpoenas or court orders); or (iii) to respond to claims that any content violates the rights of a third party. This includes exchanging information with other companies and organizations for fraud prevention, spam/malware protection, and other similar purposes. To the fullest extent permitted by applicable law, we have complete discretion in electing to make or not make such disclosures, and to contest or not contest any requests for such disclosures, all without notice to you.
(c) Business Transfer. We also reserve the right to disclose and transfer all information: (i) to a subsequent owner, co-owner or operator of the Site and/or our Services; or (ii) in connection with a merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets or other corporate change, including during any due diligence process.
Retention of Your Personal Information
We will retain Your Personal Information only for as long as is necessary for the purposes set out in this Privacy Notice. We will retain and use Your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Information to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
Your Choices About the Information We Collect
We give you many choices regarding our use and disclosure of your Personal Information for marketing purposes. (Please note that EU residents may have different options described below). You may opt-out from:
Receiving electronic communications from us: If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out of receiving these marketing-related emails by sending a request for list removal to firstname.lastname@example.org or following the instructions for unsubscribing in the email. If you have provided your information to Sassafras, and opt-out, Sassafras will put in place processes to honor your request. This may entail keeping some information for the purpose of remembering that you have opted-out.
We will try to comply with your request(s) as soon as reasonably practicable.
Administrative Correspondence. Please also note that if you do opt-out of receiving marketing-related emails from us, we may still send you messages for administrative or other purposes directly relating to your use of the Services, and you cannot opt-out from receiving those messages.
Sassafras recognizes the importance of children’s safety and privacy. The Site and Services are not intended for use by any children under the age of 18. We do not request, or knowingly collect, any personally identifiable information from children under the age of 18. If you are the parent or guardian of a child under 18 who has provided her or his information to us, please contact us at email@example.com to request the deletion of that information.
GDPR Privacy Rights
If you are a resident of or located within the European Union (“EU”) or European Economic Area (“EEA”), you have certain additional data protection rights under the General Data Protection Regulation (“GDPR”). These rights include:
- The right to access, update or delete the information we have on you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your Personal Information.
- The right of restriction. You have the right to request that we restrict the processing of your Personal Information.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine- readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your Personal Information.
Legal Basis for Processing Personal Information under GDPR
Sassafras’s legal basis for collecting and using the Personal Information described in this Privacy Notice depends on the Personal Information we collect and the specific context in which we collect it.
Sassafras may process your Personal Information because:
- We need to perform a contract with you;
- You have given us permission to do so;
- The processing is in our legitimate interests and it is not overridden by your rights; or
- To comply with the law.
Disclosure of Personal Information under GDPR-Legal Requirements
Sassafras may disclose your Personal Information in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of Sassafras
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
Disclosure for Law Enforcement – Under certain circumstances, Sassafras may be required to disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Retention of Personal Data
- Sassafras will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Notice. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
- Sassafras will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or we are legally obligated to retain this data for longer time periods.
If you are a resident of the EU or EEA, you may initiate a request to access, reject, correct, restrict, or erase your Personal Information, or where you may initiate a request for transfer of your Personal Information or initiate a request that we refrain from sending you marketing information by sending us a request at firstname.lastname@example.org and write “GDPR Request” in the subject line. Please note that the above individual rights are not absolute, and we may be entitled to refuse requests where certain exceptions apply. Please note that where our processing of your Personal Information relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services. Should you wish to raise a concern about our use of information (without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.
Your California Privacy Rights
If you are a California resident, the following rights may apply to you and your use of the Service:
California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain from us, once per calendar year, information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year. To obtain this information, please email us at the address below at the end of this page with the subject line “Request for California Privacy Information”, and we will send you a reply e-mail containing the requested information. Not all information sharing is covered by these California requirements and only information on covered sharing will be included in our response.
Your Nevada Privacy Rights
If you are a Nevada resident, you have the right to request certain information from us regarding the collection and sale of your Personal Information (as defined in Nevada Revised Statutes 603A.320) during your visit to our websites or when you otherwise interact with us online.
As a Nevada resident, you may also request to opt out of us sharing such information about you. To make this inquiry, please submit a request in writing to email@example.com with “Nevada Privacy Rights” in the subject line. You must include your email address, and attest that you are a Nevada resident by providing a Nevada postal address in your request. Please state whether you are requesting information and/or opting out.
We will process your request within 60 days, or we will let you know if we need additional time. We may require additional information to verify your identity before we can respond.
California / Delaware Do Not Track Disclosures
Do Not Track (“DNT”) is a web browser setting that requests that a web application disable its tracking of an individual user. Our website responds to and supports the Do Not Track (DNT) header request field. If you turn DNT on in your browser, those preferences are communicated to us in the HTTP request header, and we will not track your browsing behavior.
Visitors to the Site Outside of the United States
If you are visiting the Site from a location outside of the U.S., your connection will be through and to servers located in the U.S. All information you receive from the Site may be created on servers located in the U.S., and all information you provide might be maintained on web servers and systems located within the U.S. The data protection laws in the United States may differ from those of the country in which you are located, and your information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States. By using the Site or providing us with any information, you consent to the transfer to, and processing, usage, sharing and storage of your information in the United States and in other countries, as set forth in this Privacy Notice.
Updating Personal Information
We prefer to keep your Personal Information accurate and up to date. If you would like to change your contact information, please contact us at firstname.lastname@example.org.
If so, we will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but we may retain prior information as business records). Please note that it is not always possible to completely remove or delete all of your information from our databases and that residual data may remain on backup media or for other reasons, such as a legitimate business reason.
In addition, please note that if you implement a deletion request but later sign up for information or Services, your most recent request will control our information relationship with you.
For your convenience, the Site(s) and this Privacy Notice may contain links to other websites. Sassafras is not responsible for the privacy practices, advertising, products, services, or the content of such other websites. None of the links on the Site(s) should be deemed to imply that Sassafras endorses or has any affiliation with the links.
We incorporate commercially reasonable safeguards to help protect and secure your Personal Information. However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from our Site or through our Services, and you provide us with your information at your own risk.
International Data Transfers
Because Sassafras works with global companies and technologies, we may transfer your Personal Information outside of the country in which it was originally provided. This may include transfers to third parties, such as service providers who are located outside the United States or the European Union, where data protection laws may not offer the same level of protection as those in the U.S., E.U. or European Economic Area (“EEA”). When we transfer personal data outside of these areas, we take steps to make sure that appropriate safeguards are in place to protect your Personal Information. Our transfers of your personal data outside of the E.U. if any are safeguarded by data processing agreements (“DPAs”) incorporating Standard Contractual Clauses. You may request a copy of the relevant portions of such agreements by contacting us at email@example.com. Please include the nature of your request in the subject line.
Questions / Changes in Privacy Notice
If you have any questions about this Privacy Notice, you can contact us:
- By email: firstname.lastname@example.org
- By visiting this page on our website: https://www.sassafras.com
- By phone number: +1 (603) 643-3351
- By mail: Sassafras Software, Inc.
PO Box 150
Hanover, NH 03755
We may elect to change or amend our Privacy Notice; in such event, we will post the Notice changes in our Privacy Notice on the Site, and they will become effective on the date posted. If you are concerned about how your Personal Information is used, please visit our Site often for this and other important announcements and updates.