SUPERSONIK

Privacy policy

SUPERSONIK is committed to protecting and respecting your privacy. In this privacy policy ("Privacy Policy"), we explain how SUPERSONIK collects, uses, discloses and protects the Personal Information you submit to us, including, for example, when accessing and using SUPERSONIK websites or applying for job offerings.

Our Privacy Policy has been drafted to comply with applicable data privacy laws, in particular, the EU General Data Protection Regulation (“GDPR”). If the GDPR does not apply to you, not all terms of this Privacy Policy may be relevant to you.

As used in this Privacy Policy,

“SUPERSONIK”, "we," "our" and "us" means Supersonik, Inc. and its affiliates and/or subsidiaries.
“Controller” for the purposes of the related to data protection laws, including GDPR, other data protection laws applicable in member states of the European Union and other provisions: means SUPERSONIK.
“Personal Information” generally has the same meaning as personal data or personal identifiable information (PII). Personal Information is defined in the data privacy laws applicable in your country. It includes any information relating to an identified or identifiable natural person. This means any individual who can be identified directly or indirectly by reference to an identifier such as name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Put simply, this includes data which either by itself or with other data held by us or available to us, can be used to identify you.

SUPERSONIK is committed to the following key principles:

1. We limit how, and with whom, we share your personal information.

SUPERSONIK will only share your Personal Information with others for the following purposes:

At your request.
To process or service a transaction or product authorized or requested by you; this may include sharing within the SUPERSONIK group of entities.
When required by law to disclose such information to appropriate authorities.
To companies that assist us in marketing, recruiting, placement and servicing our products and services; for example, in order to support our information technology or to handle mailings on our behalf.
To our professional advisers.

2. Purpose and legal basis of the processing.

Personal information	Purpose	Legal basis
Information we receive from you when (i) you visit www.supersonik.ai and other SUPERSONIK websites, (ii) purchase of any of our products or services, (iii) any other information you subsequently provide to us orally, in writing or through the internet: this may include your full name, postal address, e-mail address, employer/business and professional information, job titles, telephone and fax numbers, demographic information, IP address.	The Personal Information is used in providing the website and answering requests from you. For instance, (i) if you choose to register to receive information about our products and services, (ii) to join our blog or newsletter, (iii) to buy any of our products or services, or (iv) if you contact our customer service, we will use your Personal Information in order to respond).	The processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract. Processing is necessary for the purposes of our legitimate interests, i.e. to attend to your request for information, purchase of products/services or if you contact our customer service.
Name, address, e-mail address and other information about your transactions and communications with us.	The Personal Information is used to process or service a transaction or product authorized or requested by you.	The processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract.
Name, address, e-mail address and other contact information	To periodically contact you to inform you of new products and/or services we provide or that we consider to be of interest to you.	Your consent
IP address and other information submitted by your browser	To diagnose any problems with our server and administer our website.	Processing is necessary for the purposes of our legitimate interests, i.e. providing a website for information and use.
Application data, including your name, address, CV, birthdate	Processing is required to enable us to administer the recruiting process, including the set-up of an electronic job applicant HR file, managing your application, organizing interviews. We may retain your Personal Information following your unsuccessful application so that we may contact you in case of future job vacancies. Your data may also be shared with other SUPERSONIK group companies to consider your application for other job openings.	Primarily, the processing is necessary to take steps for entering into a contract with you. We also have a legitimate interest to (i) store your data for a period of up to 6 years following the conclusion of an unsuccessful application and/or (ii) to share it with the SUPERSONIK group of entities and/or (iii) to retain and use your data as far as necessary for the establishment, exercise or defense of legal claims.
All of the above	For compliance with legal and regulatory requirements and corporate governance obligations.	Processing is necessary for compliance with legal obligations to which we are subject.

Where you wish to provide us with Personal Information about another person, including colleagues or the persons you act on behalf of, you must ensure that you have their prior permission to do this. You must also share with them a copy of this Privacy Policy as well as any other relevant privacy statements (see above) before you ask them for this permission.

We collect Personal Information for the purposes described above when you visit www.supersonik.ai and other SUPERSONIK websites and from public sources, such as recruiting and business portals (i.e. www.linkedin.com).

3. We establish safeguards to help ensure the security and confidentiality of your information.

SUPERSONIK restricts access to your company’s information to our employees who need it to do their job. Employees with access to your information are required to strictly maintain the confidentiality of such information.

SUPERSONIK maintains physical, electronic and procedural safeguards that comply with Industry standards to protect your company’s information. We routinely test our information systems and websites to help ensure that unauthorized access does not occur.

4. We keep your personal information for as long as it is necessary to do so to fulfil the purposes for which it was collected as described above.

The criteria we use to determine data retention periods for Personal Information includes the following: (i) Retention in case of queries: We will retain it for a reasonable period after the relationship between us has ceased in case of queries from you; (ii) Retention in case of contracting our products/services or contacting our customer service: We will retain it for the time necessary to deliver our product/service to you according to the contract conditions, as well as to attend any of your questions; (iii) Retention in case of claims: We will retain it for the period in which you might legally bring claims against us; (iv) Retention in accordance with legal and regulatory requirements: We will consider whether we need to retain it because of a legal or regulatory requirement, e.g. to comply with tax or fiscal duties; (v) Retention in case of job applications: If you applied for a job offering with SUPERSONIK and have not been successful, your application data will be retained in our talent pool for a limited period as defined in Principle 2.

5. International transfers

SUPERSONIK operates globally, therefore your personal information may be transferred and accessed from around the world from countries where SUPERSONIK affiliates and subsidiaries are located and where our processors operate

Our Services are hosted in France. This means we may transfer your Personal Information outside your country, state or province of residence, depending on your location at that time. Regardless of your location, all Personal Information will be transferred to France for storage.

The data will be transferred for the time required to fulfill the purpose for which it is processed. It can be shared with our service providers and SUPERSONIK affiliates for the purposes listed in Principle 2. In such cases, SUPERSONIK is the controller of the data, and the service providers are processors or joint controllers, as the case may be.

We may transfer Personal Information to the following categories of recipients:

Recipient category	Countries	Purpose of Transfer	Data Types Transferred
Customer support	Spain	Customer service and technical support	Contact details.
Cloud service providers (e.g., AWS)	France	Storage and security	Name, voice data, account details, user history
Payment processors (e.g., Stripe)	US	Processing of payments	Name, credit card details, billing address and [*]
Marketing analytics platforms (e.g., Google Analytics)	Europe & US	User Analytics	IP address, device info, browsing history

Depending on where you are located, we implement the appropriate safeguards when transferring Personal Information to these countries.‍

1. Information for individuals in the European Economic Area (“EEA”) and the United Kingdom (“UK”)

SUPERSONIK may transfer personal information from the EEA or the UK to the United States (‘US’) and other countries.

When SUPERSONIK engages in such transfers of personal information, it relies on: 

Adequacy Decisions, as adopted by the European Commission, based on Article 45 of Regulation (EU) 2016/679 (GDPR) – for more information, and to access the full list of countries deemed adequate to date, please visit How EU determines if a non-EU country has an adequate level of data protection.
Adequacy Decisions, as adopted by the UK Secretary of State, based on Article 45 of the UK GDPR and Section 17A of the Data Protection Act 2018 - for more information, and to access the full list of countries deemed adequate to date, please visit UK GDPR guidance and resources.
The EC’s Standard Contractual Clauses (“SCCs”) and the UK Information Commissioner’s Office’s International Data Transfer Addendum (“IDTA”), as applicable, supplemented by additional security measures as recommended by the European Data Protection Board. The EC’s and the UK’s Information Commissioner’s Office ("ICO”) have determined that the SCCs and IDTA may provide sufficient safeguards to protect personal data transferred outside the EEA and the UK. For more information, please visit SCC for data transfers between EU and non-EU countries and UK GDPR guidance and resources.

SUPERSONIK performs transfer impact assessments (“TIA”) and continually monitors the circumstances surrounding such transfers to ensure that these maintain, in practice, a level of protection that is essentially equivalent to the one guaranteed by the EEA and UK data protection laws.

2. Information for individuals from the European Union, UK, Gibraltar and Switzerland: EU-US Data Privacy Framework

As part of our commitment to maintaining high data protection standards when transferring personal information between the US and European Economic Area (“EEA”)/UK/Gibraltar/Switzerland, we participate in the EU-US Data Privacy Framework (‘EU-US DPF’) and the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (“Swiss-US DPF”).

SUPERSONIK and all our affiliates comply with the EU-US Data Privacy Framework (EU-US DPF) and the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) as set forth by the US Department of Commerce. SUPERSONIK has certified to the U.S. Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) with regard to the processing of personal information received from the European Union, the United Kingdom and Gibraltar in reliance on the EU-US DPF and the UK Extension to the EU-US DPF. SUPERSONIK has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles (Swiss-US DPF Principles) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this Notice and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-US DPF and the UK Extension to the EU-US. DPF, and the Swiss-US DPF, SUPERSONIK commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the EU/SWISS DPF Principles.  European Union, UK, Gibraltar and Swiss individuals with DPF inquiries or complaints should first contact SUPERSONIK: Joaquin Lecha Soler, Data Protection Officer, dpo@supersonik.ai. We will investigate and attempt to resolve any complaints or disputes regarding processing of personal information within 45 days of receiving your privacy complaint. 

Accountability for Onward Transfers. We acknowledge our responsibility for the processing of personal information received and subsequently transferred to our third parties, agents, and service providers. SUPERSONIK remains liable under the DPF Principles if a third party, agent, or service provider processes personal information covered by this Notice in a manner inconsistent with the DPF Principles, except where SUPERSONIK can demonstrate that we are not responsible for the event giving rise to the damages.

6. B2B commercial level

Our websites, services and events are aimed solely at B2B commercial level. If you are a consumer or intend to use the platform for non-commercial purposes, please do not attempt to register for the services or events or send any personal information about yourself to us. If you believe we have mistakenly or unintentionally collected personal information without appropriate consent, please contact us by using the information in the “Give us your feedback” section below and we will take steps to delete their personal information from our systems.

7. Give us your feedback

Our goal is to protect your privacy. To comment or help us improve, please contact us via email (legal@supersonik.ai). You may also contact us via written letter at SUPERSONIK’s address listed above. We may ask you to provide a copy of your proof of identity.

If you consider that we are in breach of our obligations under data protection laws, you may lodge a complaint with the competent Data Protection Authority, which may be the supervisory authority in your country of residence, place of work or of an alleged infringement of data protection laws.

8. Changes to this privacy policy

This privacy policy may be modified from time to time to comply with applicable laws or to conform to our current business practices. We will post any changes to this on our website and will endeavor to notify you via your contact email. When notifying such changes to you, we will also explain what the likely impact of those changes on you will be, if any. We encourage you to revisit the Privacy Statement that is posted on our web site from time to time to check for updates.

9 Additional information we want you to know:

Provision of Personal Information / Automated decision making. Please note that the Personal Information we collect from you is necessary to provide the services and the website to you. Failure to provide such data may not enable us to provide our services to you or make our website accessible. We do not use automatic decision-making or profiling of individuals.
‍Your Rights. You have various rights under data privacy laws in your country. These may include (as relevant):
- Right to request access to the Personal Information we hold about you.
- Right to rectification including to require us to correct inaccurate Personal Information.
- Right to request restriction of processing concerning you or to object to processing of your Personal Information.
- Right to request the erasure of your Personal Information where it is no longer necessary for us to retain it.
- Right to data portability including to obtain Personal Information in a commonly used machine-readable format in certain circumstances such as where our processing of it is based on a consent.
- Right to object to automated decision-making including profiling (if any) that has a legal or significant effect on you as an individual.
- Right to withdraw your consent to any processing for which you have previously given that consent.

Marketing Information. With your consent, where relevant, we will keep your name, address and contact details (including telephone numbers and email addresses) in our databases and may from time to time use that information to make you aware of our related products and services as well as updates on developments in our industry sector generally which may be of interest to you. We may contact you in writing, by telephone or email for this. If at any time you decide that you do not want your contact details used for these purposes, you may object or revoke your consent for receiving marketing communications by following the instructions in the relevant marketing communication (e.g., clicking on the “Unsubscribe” button) or by contacting us (see “Give Us Your Feedback” above).
Security Statement. We take reasonable precautions to protect your information. In particular, we implemented appropriate technical and organizational measures designed to ensure a level of security appropriate to the risk, including as appropriate: (a) pseudonymization (such as where data is separated from direct identifiers so that linkage to an identity is not possible without additional information that is held separately) and encryption, (b) protecting the ongoing confidentiality, integrity, availability and resilience of systems and services used to process your Personal Information, (c) providing the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and (d) maintaining a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational security measures. When you submit information to us through our website, your information is protected both online and offline. All data transferred to/from the SUPERSONIK internal network, from/to an external entity, is encrypted to industry standards. Please keep in mind that messages you send to us by Internet e-mail may not be secure. We maintain appropriate physical, electronic and procedural safeguards to ensure the security, integrity and privacy of your personal information within our company. Only those employees who may require your information to perform a specific job are granted access to your organization’s identifiable information. Furthermore, all employees are kept up-to-date on our security and privacy practices.
‍Our Use of Cookies and Analytic Tools. SUPERSONIK uses “cookies” and analytic tools as further described in our Cookie Policy.

Depending on the country in which you are located, you may be asked to provide your consent for our use of Cookies (except for strictly necessary Cookies). In addition, you have the following choices concerning the use of Cookies.
‍Third Party Websites. Our websites and mobile apps may contain links to third-party websites. If you follow these links, you will exit our websites or mobile apps. This privacy policy does not apply to websites of third parties. SUPERSONIK cannot accept liability for the use of your Personal Information by these third parties. Your use of these websites is at your own risk. For more information on how these third parties treat your Personal Information, please check their privacy policy (if available).

* * *