PRIVACY POLICY

SORCE, having a place of business as 181 Pier Ave. Santa Monica, CA 90405 (also referred to as “Company”, “our”, “us” or “we”) operates a software platform in the name and style of SORCE App, which offers biofeedback-driven coaching to increase performance and prevent burnout for organizations.

Your privacy is so very important to us! This Privacy Policy covers: (i) the types of information collected from the users through our SORCE app including sensitive personal data or information; (ii) the purpose, means and modes of usage of such information; (iii) your rights as a user of SORCE; and (iv) how and to whom such information which has been collected will be disclosed.

For the purpose of this Privacy Policy, wherever the context so requires “you”, “your” or “user” shall mean any natural person who uses SORCE’s mobile or web app.

Additional terms related to data privacy laws in certain countries:

For the purposes of interpreting data privacy laws and regulations in certain countries (including the European Union General Data Protection Regulation or “GDPR”, and the United Kingdom 2018 Data Protection Act), we are considered to be a “data processor” of the Personal Information that is collected and processed through SORCE. We process your personal data on behalf of your Employer, who is the “data controller” of that Personal Information. We provide more information in the section titled “Information for Users Located in the European Union or United Kingdom”, about how we protect the rights granted to you under these laws, and how you can exercise those rights. 

To the extent allowed by law, we reserve the right to make changes to this Privacy Policy at any time. Any such modifications will become effective immediately upon posting on SORCE’s application or website and your continued use of SORCE and/or the Services (as defined in the Terms of Use) constitutes your agreement to such modifications. You agree to periodically review the current version of the Privacy Policy as posted on SORCE’s application. If you do not agree with the terms of this Privacy Policy, please do not use SORCE and/or the Services.

INFORMATION THAT WE COLLECT

Information that is collected as you use SORCE is summarized in the following table:

Collected from

Type of information

When it is collected

You

Your Employer

Automated Means

Personal Information

Collected from you at registration or by your employer.

Yes

Yes

No

Sensitive Personal Information 

When you submit any information in our application

Yes

Yes

No

Activity Information

When you access or use SORCE.

Yes

No

Yes

Your Personal Information: When you sign up and register through the SORCE app, we ask you for your Personal Information. “Personal Information” means information that would allow someone to identify or contact you, such as your First and Last Name, Title, and E-mail Address. However, Personal Information does not include aggregated information and that, by itself, does not include Activity Information (defined below).

Your Sensitive Personal Information: In order for your Employer to provide you the Services on SORCE, we collect the following sensitive personal information: (a) details such as your Employer Name, a Company Code (provided to you by your company) and application activity. (b) information related to your physiology, including Gender, Age, and Weight. 

Activity Information: As part of our service, SORCE provides arm bands that record your Heart Rate Variability (HRV) at a point in time, which syncs with the mobile application on your phone. 

 HOW WE USE THE INFORMATION

We will use your name and email, as well as a unique Company Code,  in order to synchronize your user account with your registered account/records of your Employer.

We use your name to customize messaging in the service.

Your date of birth is collected and will be used to verify your age. We also use your date of birth to ensure that we are complying with laws protecting children in the countries where we offer our app for download.

Your email address will be used to communicate the following:

  1. a one-time registration code and instructions for registering your account (if it hasn’t been provided by your employer);
  2. any forgotten password(s) in order to help you access your User Account, upon a request; 
  3. a temporary unique code when you have enabled Multi-Factor Authentication (MFA) and are attempting to log in; and
  4. any other communication that we wish to send to you in relation to the Services made available on SORCE.

In order to improve the quality of SORCE and/or the Services we may ask you to provide us with information regarding your experiences within the SORCE app on a periodic basis. Users have the option of choosing not to provide us with this information;

We will use the information that we collect for the following purposes related to the Services:

  1. To track your usage of the Services;
  2. To improve the quality, features and functionality of the Services;
  3. To improve the security of the Services;
  4. To back up our systems and allow for disaster recovery; and
  5. As may be necessary to enforce the terms of this Policy or your Terms of Use.

INFORMATION FOR USERS LOCATED IN THE EUROPEAN UNION OR UNITED KINGDOM

Individuals who reside in the European Union (“EU”) or the United Kingdom (“UK”) have “data subject” rights which may be subject to limitations and/or restrictions. You can exercise your privacy rights or send privacy related queries to us at any time by sending us an email at privacy@sorce.io.

If you do not live in a country where you are legally entitled to these rights, we will still respect a request from you to exercise any of these rights to the extent that we are able!

LEGAL BASIS FOR PROCESSING PERSONAL DATA

We process personal data based on one or more of the following:

  • As a “data processor” we rely primarily on the fact that your Employer (the “data controller”) is legally entitled to collect information through our application, and that we have a legal obligation to process your Personal Information and Sensitive Personal Information systematically on your Employer’s behalf. Because we want to make sure we are respecting your rights, we are happy to provide more details about those rights here.  Please note that as a data processor, we may have a limited ability to respond to your requests directly. If we are unable to act on your request ourselves, we will let you know, and promptly forward your request to your Employer.
  • In other instances, we may process your Personal Information and/or Sensitive Personal Information based on either our legitimate interests, or the legitimate interests of your Employer.
    • Some examples of your Employer’s legitimate interests are that your Employer is using our app as a part of their gauge on employee productivity or physical/mental well-being.
    • Some examples of our legitimate interests are that we may need to use personal data if we’re troubleshooting issues with, or testing improvements to our application. Depending on those purposes, you may have the right to opt-out of such processing. You may do so by contacting us as described in the “How to Reach Us” section below.

YOUR PRIVACY RIGHTS AND HOW TO CONTACT US 

Users of SORCE are considered to be “data subjects” under applicable data protection laws (including the European Union General Data Protection Regulation or “GDPR” and the United Kingdom 2018 Data Protection Act). You can exercise your privacy rights or send privacy related queries to us at any time by sending us an email at privacy@sorce.io.

This section discusses what those rights are, and what you may request from us. As discussed elsewhere in this Privacy Policy, we are considered a “data processor” of your Employer (who is the “data controller” of your Personal Information and Sensitive Personal Information). As such, we may have a limited ability to respond to your requests directly. However, if we are unable to act on your request ourselves, we will let you know, and promptly forward your request to your Employer.

Right to access your information – Information that you provide is generally available for you to view. However, you may also ask us to provide supplementary information about:

  • Information about you stored in our databases that is not visible to you through our application
  • The categories of data that we are processing
  • The purposes of data processing
  • The categories of third-parties who we disclose data to
  • How long we will store data, and the criteria that we use to determine how long data will be stored
  • Your other rights regarding our use of data

Although we do not process or store your data directly, upon this type of inquiry we will provide you with the requested information within 30 days of receiving your request. If providing you with any piece of information that you have requested would affect the rights and freedoms of another person, we won’t be able to share that piece of information. If we can’t provide a complete response to your request for information based on that reason, we will inform you. We will still provide you with all of the other information that you have requested that we are able to share.

Right to correct your information – In the event that you provide, or that we collect any inaccurate information about you, we forward your request to your Employer. If you have a concern about the accuracy of your information, you also have a right to ask us to temporarily restrict the processing of your Personal Information, while its accuracy is verified. To ask us to restrict processing, you may contact our privacy team at privacy@sorce.ioio .

Right to object to certain kinds data processing – In certain circumstances, such as if you believe your Personal Information has been recorded inaccurately, you may object to us processing your data, either temporarily, or for those purposes. To object to processing, you can contact our privacy team at privacy@sorce.io . While we evaluate your objection, you may also ask us to temporarily restrict processing of your data. SORCE does not use any personal data that we collect, either from you or from your Employer, for marketing purposes.

Right to your data in a portable format – With agreement from, and at the direction of your Employer, we will give you an extract of your data so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not provide any information to the extent that this involves disclosing data about any other individual.

Right to erasure -You can contact our privacy team at privacy@sorce.io  to request erasure of any Personal Information that we hold about you. You understand that because your personal data has been collected on behalf of your Employer, we will likely need to forward any such request to your Employer for review and approval, before we can act on a request to erase data.

Right to lodge a complaint – If you have any concerns about how we are handling your Personal Information, you have a right to file a complaint with the data protection authority, or other relevant regulator, in your country. However, we are dedicated to protecting your personal data and we want to make sure you feel safe when you process it, and if you have any concerns about how we are processing your Personal Information, we would appreciate the opportunity to resolve the issue before you contact the data protection authority. You can contact our privacy team at privacy@sorce.io

Right to withdraw your consent – At any point, you may contact your Employer to withdraw your consent for the SORCE application to collect or process your Personal Information. Because we process your Personal Information on behalf of your Employer, we will forward any such request that we receive to your Employer for review. Withdrawing your consent will require us to delete your account and suspend your access to our app.

DISCLOSURE OF THE INFORMATION

We do not sell, trade, or rent your Personal Information or your Sensitive Personal Information to any third party, and we only disclose your Personal Information and your Sensitive Personal Information to third-parties as described in the section “Third Party Service Providers”. However, we cannot completely ensure that such information will not be disclosed to third parties. For example, we may be legally obliged to disclose information to the government or third parties under certain circumstances, third parties may circumvent our security measures to unlawfully intercept or access transmissions or private communications, or an error may occur in the administration of SORCE. In the unlikely event that we need to investigate or resolve possible problems or inquiries, we may, and you authorize us to, disclose any information about you to government officials as permitted by applicable law.

We reserve the right to disclose any Personal Information and/or Sensitive Personal Information as required by applicable law and when we believe, at our sole discretion that disclosure is necessary to protect our rights, protect someone from injury and/or to comply with a judicial proceeding, court order, or legal process served on SORCE.

If we become involved in a merger, acquisition, or any form of sale of some or all of its assets, Personal Information and Sensitive Personal Information will be transferred to the new entity to continue providing SORCE.

INFORMATION RETENTION

Once we receive a request to deactivate your User Account, we will forward that request to your Employer for processing. Once complete, they are required to deactivate your User Account. Data that was already de-identified and/or aggregated at the time that we received your request will not be deleted, however we will render it impossible to re-identify you as the subject of that data.

THIRD PARTY SERVICE PROVIDERS

You acknowledge that your personal information and/or sensitive personal information may be shared with our third party service providers for monitoring your SORCE usage patterns, enabling additional settings, or providing aggregate feedback to your employer. Some of these third parties may be located outside of your home country. We will ensure that all adequate safeguards are in place and that all applicable laws and regulations are complied with in connection with such transfers.

We share information with these third parties to the minimum extent necessary for the functioning of our app. Any time we share data, it is done according to the safeguards and practices described in this Privacy Policy.

This table lists the types of activities we use service providers for, where they process the data that they receive and why they need it:

Activity

Purpose

User Location

Place of Processing

Application or Website Hosting

We work with third-party cloud hosting providers to host our app and our website, and to help us manage our cloud infrastructure in a secure and compliant manner.

Global (other than the UK or EU)

United States

UK or EU

UK & Germany

 

SECURITY PROCEDURES

We follow software & technology industry best practices to implement technical safeguards to protect your personal data, consistent with all applicable data protection laws. We review the effectiveness of these safeguards on a regular basis to evaluate our compliance with applicable laws and regulations. We take these precautions in an effort to protect your personal data. However, we do not guarantee that personal data may not be accessed, disclosed, altered, or destroyed as a result of a security breach. By using our app, you understand the risks of providing your personal data.

In the event of a security breach, we commit to complying with all local, state and national laws to notify you and any relevant data protection authorities, to the extent required under applicable laws.

PRIVACY TEAM

The contact details of our privacy team are provided below:

E-mail Address: privacy@sorce.io

Postal Address: 181 Pier Ave. Santa Monica, CA 90405