Introduction: Privacy Policy for EU-based Data Subjects

Protection of your privacy is our highest priority. SoundBite Technology, LLC, doing business as LabStar Software (hereafter “LABSTAR” or “we” or “us”), is committed to transparency in how we protect your privacy and how we process your personal data, in accordance with applicable data protection laws and best privacy practices. This Privacy Policy describes and outlines how we collect, process and protect customer data in all our operations.

This Privacy Policy concerns the processing of customer data and applies to customers, potential customers, subscribers and website visitors of the LabStar Software website (“Website”) and the LabStar Software application (“Service”).

1. Using and processing personal data

We collect and process personal data only to such extent that is necessary for our business operations, and for providing and developing our Service. We collect and process your personal data for

• providing and developing the Service
• business operation purposes
• preparing and implementing customer agreements
• customer relationship management and customer service
• customer communication for the Website and Service
• invoicing
• marketing (email newsletter) and advertising
• and whenever we are required to do so by law

As a rule, personal data will be collected from you personally when preparing and performing customer agreements and during our customer relationship.

The type of personal data we choose to collect in various situations and for different reasons will depend on the purpose of the processing. We process your personal data, as detailed below, only on legitimate grounds for the below defined purposes.

PURPOSE OF PERSONAL DATA PROCESSING & LEGAL BASIS FOR PROCESSING

Provision and delivery of service
Legal basis: Agreement / Legitimate interest

We process your personal data to prepare and implement customer agreements. We also process the information to provide and maintain the Website and to provide the Service.

• Contact information, e.g. the customer’s name, company name, address, phone number, email address
• Registration details, e.g. user ID and password
• Invoicing: billing information, billing name and address

Customer relationship management and customer communication
Legal basis: Agreement / Legitimate interest

In providing and delivering services, we will process your personal data also based on our legitimate interest for maintaining customer relations, providing customer service, and resolving misconduct and/or issues. We also process your personal data for customer communication, for example to contact you to further discuss interest in our company, the services that we provide, and to send information regarding our company or partners, such as promotions and events. We may also send information regarding updates to the marketing website or the LabStar Software application.

• Customer relationship data, e.g. buying behavior, information on newsletter subscriptions, information on your interests, customer feedback
• Contact information, e.g. the customer’s name, company name, address, phone number, email address

Analysis, statistics, development of business operations, products, and services
Legal basis: Legitimate interest

We collect information regarding your use of the LabStar service in order to provide and develop the Service and for business operation purposes.

• Customer relationship data, e.g. buying behavior, customer feedback
• Information regarding the use of the Website

Direct Marketing and marketing campaigns
Legal basis: Consent

For electronic direct marketing purposes, we may enrol you to receive our email newsletters (opt-in)

• Contact information, e.g. address, phone number, email address
• Buying behavior, information on newsletter subscriptions, information on your interests

Website Analytics
Legal basis: Consent / Legitimate interest

We also collect certain information from visitors to, and users of, the website and service, such as Internet addresses. This information is logged to help diagnose technical problems, to administer our Website, and to constantly improve the quality of the Service. We may also track and analyze non-identifying and aggregate usage and volume statistical information from you and provide such information to third parties.

• IP address and logs, cookies, operating system, browser version and end device model
• Website from which the user came to the website or service
• Information regarding the use of the Website

2. Disclosure and transfer of data

We will process your personal data confidentially and will not disclose the data to third parties except as stated in this section. Your personal data will not be distributed or shared with third parties unless it is to transact or conduct such business as you have contracted us to do. We may also have to disclose some data to authorities or judicial administrators when required by law.

We use subcontractors and service providers in our processing activities (e.g. for technical maintenance or carrying out campaigns and direct marketing). They have the right to process your personal data only to the extent necessary for carrying out the agreed services. This means that the third-party subcontractors cannot use your personal data for their own purposes. Any service provider we use is under contractual obligation to ensure an adequate level of data protection in all processing of your personal data.

Data we have collected will be stored and processed outside the European Economic Area. We take all reasonable steps, including the execution of data transfer agreements incorporating European Commission Standard Contractual Clauses for the processing of personal data, to ensure that personal data is kept secure at all times. Any service provider we use is under contractual obligation to ensure an adequate level of data protection in all processing of your personal data.

3. Information security

We have taken adequate technical and organizational measures for protecting your personal data from loss, misuse or other similar unlawful access. These methods include, among others, use of firewalls, encrypting and safe server premises. Personal Data is backed up at regular intervals. The backup files are produced on a daily and weekly basis using AES-256 Encryption for storage.

Access to your personal data is restricted internally through access control, as well as through granting and controlling access rights. Your personal data will be processed only by such employees who have the right to do so within the scope their duties.

The data transfer is protected by using Secure Sockets Layer (SSL) technology. SSL encrypts the information to ensure it remains private and secure.

4. Access to data and using the rights

You have the right to review the data we have collected in our register and influence the way we use them. You can for example decide whether you want to receive direct marketing, and in certain cases you have the right to erasure or to ask your data to be transferred to another controller. Your rights are as follows:

• The right to withdraw consent
  If data processing is based on your consent, you have the right withdraw your consent at any time. For example, you can withdraw your consent to electronic direct marketing at any time.
• The right of access and right to rectification
  You have the right to access the personal data we have collected about you at any time or receive confirmation that we do not have any personal data about you in our filing systems. If your personal data is inaccurate or incomplete, you have the right to make a request for rectification or completion of your personal data.
• Right to restrict or object to processing
  In certain circumstances, for example if your personal data is inaccurate, you have the right to restrict us from processing until we have verified the accuracy of your personal data. Further, in certain situations you also have the right to object to the processing of your personal data completely. You can for example object to the processing for direct marketing purposes at any time (including profiling).
• Right to be forgotten
  In some cases, you have the right to be forgotten. We will erase all personal data we have collected if they no longer are needed for the purposes they were originally collected for. We will also erase personal data if the processing was based on consent and you decide to withdraw your consent or restrict the processing, or there is no other reason nor grounds for the processing.
• Right to transfer data from one system to another
  You have the right to request transferring your personal data. This is possible only in such cases, when we process your personal data based on your consent or agreement and applies only to such personal data you have provided us yourself. We will provide your personal data in machine-readable format so that you can store them yourself or transfer them to another controller (e.g. another service provider). Upon your request, we will transfer the data to another controller directly if it is technically feasible.
• Right to complain
  In addition to the above-mentioned rights, you have the right to make a complaint about your personal data processing to a relevant supervisory authority.

How can I use my rights?

If you need to update or change your information, you may do so by editing the user record to the extent allowed on the Service. To update your user profile, log in to the Service and add or update your information.

Electronic marketing: You can unsubscribe to any emails or mailings by clicking on an “unsubscribe” hyperlink contained in promotional email we send you, or by contacting us at support@labstar.com. Please note, if you use the Service, you will continue to receive email correspondence from LABSTAR other than the newsletter (customer communication).

You have the right to access the personal data we have collected about you at any time or receive confirmation that we do not have any personal data about you in our systems. Please send your access request at support@labstar.com.

Should you have questions about your rights or how to use them, please contact: support@labstar.com.

5. Data retention

We will retain your personal data as long as needed for the purpose they were originally collected for, as long as we are legally obligated or until we receive a request for erasure.

We will retain your personal data only as long as it’s necessary to fulfil the purposes specified in section 1, and within the limits of applicable laws (e.g. tax or accounting law).

All customer data will be deleted from the Service within 30 days of the termination of Services. After this, personal data is stored in backup files for a limited amount of time. We retain encrypted data backups for a maximum of 8 weeks. After this your personal data will be erased completely.

Upon your request made within 30 days after the termination of Services, we will make available to you a file of your customer data in comma separated value (.csv) format along with attachments in their native format.

The cookie duration for retargeting ads from Google is 30 days.

6. Cookie policy

We collect data about your Website visits by using cookies and other equivalent techniques. A cookie is a small text file your browser stores on your computer. The cookies contain a unique identifier, which is used for identifying browsers and counting visits our site. We use retargeting ads for online advertising to re-engage site visitors after they have left the website.

7. Updates to this privacy policy

We are continuously developing our Privacy Policy; thus this Privacy Policy is subject to changes. Changes may also be based on changes in the law. We recommend that you regularly visit this Privacy Policy page in order to keep track of possible changes. If we make any material changes to this Privacy Policy, we will inform you by posting a notice on our website notifying users of the changes. In some cases, we also may send email notifying users directly of the changes. You should check this Website periodically to see if any recent changes to this Privacy Policy have occurred.

8. Controller and contact information

LABSTAR is the controller of your personal data. Should you have any questions or comments regarding this Privacy Policy or the processing of your personal data, please contact us:

SoundBite Technology, LLC
Jeffrey Noles
State of CA ID: 201010410221
2525 Hyperion Avenue, Suite 6
Los Angeles, CA 90027
support@labstar.com

Updated: May 15, 2018