SugarCRM Notice of Certification Under the EU-U.S. Privacy Shield Framework
Effective as of September 26, 2016
Scope of this Notice
This Notice does not apply to SugarCRM (and its subsidiary’s) employee data, or the data that we receive directly through SugarCRM’s publicly accessible websites.
Data processed (categories of data)
SugarCRM, together with our subsidiaries ("We"), sell customer relationship management (CRM) solutions that our customers use to manage their customer relationships. In providing these tools, SugarCRM processes data our customers enter into our products or instruct us to process on their behalf. SugarCRM`s customers decide what to enter. SugarCRM generally has no knowledge about what is being stored. However, our understanding is that typically the information includes business-related information about our customers’ customers (e.g. names, business addresses, work phone numbers, work e-mail addresses etc.), prospects and/or sales leads.
SugarCRM processes Customer Data pursuant to our subscription agreement. Our products may be deployed On-Demand or On-Site and customers may also engage us for professional services and customer support. To fulfill our contractual obligations, SugarCRM may access Customer Data to provide services, to correct and address technical or service problems, or to follow instructions of the customer who submitted the data, or in response to contractual requirements.
Third Parties who may receive personal data (Onward Transfer)
SugarCRM may engage a limited number of third-party service providers to assist us in providing our services to customers. These third party providers may offer customer support,, data storage services (data centers), or technical operations. These third parties may access, process, or store personal data in the course of providing their services.
SugarCRM maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations. SugarCRM may be liable if the third parties fail to meet their obligations.
SugarCRM may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Data Integrity & Security
SugarCRM employs procedural and technological measures that are reasonably designed to help protect personal information from loss, unauthorized access, disclosure, alteration, or destruction. For example, among other measures, we have implemented physical security measures at our premises (e.g., key cards) and we have established technical safeguards such as firewalls and security patches.
Your rights to access, to limit use and to limit disclosure
If you are an individual based in the EU and our product holds your personal data, you may request access to your personal data. You also have the right to update, correct or delete, or to limit the use or disclosure of, your personal data. SugarCRM is committed to respect your rights.
Please either contact the business that provided your personal data to us directly to make your requests, or alternatively you can contact us directly. If you contact us directly, you will need to provide the name of the SugarCRM customer who submitted your personal data to our product. We will refer your request to that customer and will support them as needed in responding to your request.
Inquiries and complaints
We encourage you to direct any inquiries or complaints concerning our Privacy Shield compliance to SugarCRM Inc., attn. General Counsel 10050 N. Wolfe Road, SW2-130, Cupertino, CA 95014, USA, or call us at (408) 454-6900, or email us at email@example.com. We will investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Notice. If you have a comment or concern that cannot be resolved with us directly within forty-five (45) days time, or if our response does not address your concern, you may contact JAMS, an independent third party dispute resolution body based in the Unites States. JAMS has committed to respond to complaints and to provide appropriate dispute resolution at no cost to you. To contact JAMS and/or learn more about the company’s dispute resolution services, including instructions for submitting a complaint, please visit: https://www.jamsadr.com/eu-us-privacy-shield.
U.S. Federal Trade Commission enforcement
SugarCRM’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Last Update: September 2016