Skytap Privacy Policy

Effective October 1, 2018
Last updated July 5, 2022

Introduction

Skytap considers your privacy paramount, and we take great care in keeping the information of our users private and secure. This Privacy Policy describes our policies and procedures regarding the information that we collect or process when you use our services, websites and/or products (the “Services”), as well as how we use, disclose, protect, and share your information. Except where indicated otherwise, this Privacy Policy does not apply to third-party services that are not under Skytap’s control; those parties’ services are governed by their own privacy policies.

If you are located in the European Union, the General Data Protection Regulation effective 25 May 2018 (“GDPR”) applies to information about you (“Personal Data” under GDPR) that Skytap may collect. (NOTE: “GDPR” as used in this Privacy Policy also will refer to the UK General Data Protection Regulation if you are located in the United Kingdom because, for purposes of this Privacy Policy and in general, these two forms of distinct and potentially applicable Data Protection Legislation are materially the same.) In that case, and under GDPR, you are defined as a “Data Subject,” Skytap is a “Data Controller” for Personal Data that Skytap obtains and “Processes,” and this policy explains your rights with respect to that Personal Data.

In addition, The California Consumer Privacy Act, codified at Cal. Civ. Code §1798.100 et seq., including future amendments as well as any final implementing regulations adopted either by the State of California Department of Justice Office of The Attorney General or the California Privacy Protection Agency (collectively, “CCPA”) also now protects “Personal Information” that identifies, relates to, describes or can be associated with, or reasonably can be linked (directly or indirectly) with a specific individual (“Consumers”) or household in California. If you think Skytap is processing your Personal Information, please see the section in the Policy below with the heading “Your Rights Under California Privacy Statutes” for more information about Skytap and CCPA.

Terminology Used in This Privacy Policy Will Align More with GDPR Unless Referring Specifically to a CCPA Requirement

This Privacy Policy has been written, revised, and adopted by Skytap with regard to GDPR, that the EU enacted before California enacted CCPA. Thus, for general purposes and simplicity, (1) the term “Personal Data” in this Privacy Policy will also refer to “Personal Information” under CCPA, (2) the term “Data Subject” in this Privacy Policy will also refer to the persons protected under CCPA, which CCPA defines as “Consumers,” and (3) the term “Controller” in this Privacy Policy will refer to the persons and organizations regulated by CCPA that CCPA defines as a “Business,” unless a provision of this Privacy Policy or in another related on-line disclosure linked to this Privacy Policy is unique to CCPA, in which case the CCPA specifically defined terms may be used instead.

Your Rights Under California Privacy Statutes

Cal. Civ. Code Section § 1798.83, commonly referred to as California’s “Shine the Light” law, permits users of our Sites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@skytap.com or write us at: 255 South King Street, Suite 800 Seattle, WA 98104.

Skytap is preparing its processes, technology and disclosures related to managing regulated Personal Information as needed to comply with CCPA by the extended deadline (or its successor as of January 1, 2023, The California Privacy Rights Act of 2020 or “CPRA”). Other than CCPA’s regulations related to “Sale” of Personal Information and certain disclosures related to Personal Information of “Consumers” (California residents) seeking employment with or employed by Skytap, Skytap will not become subject to most of CCPA’s requirements under two exemptions, until January 1, 2023. The first of the two CCPA exemptions applies to the remainder of CCPA’s obligations related to any applications by Consumers for, and any resulting, employment with, Skytap and commonly is referred to as “the Employee Personal Information Exemption.” The Employee Personal Information Exemption is codified in CCPA at Cal. Civ. Code § 1798.145(m)(1). The second of the two CCPA Exemptions deferring for Skytap most of CCPA’s obligations applies to businesses collecting Personal Information in the process of doing business with other businesses, and commonly is referred to as “the Temporary B2B Exemption.” The Temporary B2B Exemption is codified in CCPA at Cal. Civ. Code § 1798.145(n)(1).

Skytap does not sell data about its customers or their employees. CCPA, however, adds specific requirements for third parties to be a “Service Provider” to otherwise avoid transfer of Personal Information to these third parties being deemed a “Sale” under CCPA. Like most companies, managing vendor or other third-party access to Skytap information is a complicated and continuing effort. In this ongoing process, if Skytap determines its relationships with any third-party having access to CCPA Personal Information risks being a “Sale” for lack of meeting the Service Provider definition or satisfying another CCPA exception to a “Sale,” Skytap will promptly act to remediate that relationship by aligning it with CCPA’s Service Provider requirements or otherwise to prevent the relationship resulting in a Sale under CCPA. Again, Skytap has never wanted and Skytap does not want to sell to or provide any Personal Information to any third party for their own exclusive marketing purposes.

Skytap’s required CCPA disclosures that Skytap believes are not subject to the Employee Personal Information Exemption (and that are provided in order to comply with the UK and EU versions of GDPR for employee and employment candidate related Personal Data) are located here. The linked disclosure in the previous sentence relating to employee and candidate Personal Data/Personal Information will be modified as needed to comply generally with any other future applicable data protection and privacy regulations (for example, the Virginia Consumer Data Protection Act or “VCDPA,” which becomes effective January 1, 2023).

Definitions of Data Controller and Processor Under GDPR

A Controller is an agency, entity, or legal person who determines the purposes and means of processing Personal Data.
A Processor is an agency, entity, or legal person with responsibility for processing Personal Data on behalf of a Controller.

Skytap as a GDPR Data Processor

Skytap primarily provides its customers with hosting infrastructure, has limited knowledge of customer data within that infrastructure, and only processes hosted data in accordance with the customer’s instructions. Skytap is a Processor of hosted data. The customer is the Controller for that hosted data.

Skytap hosts information under the direction of its customers and may have no direct relationship with the individuals whose Personal Data it processes technically through the customers’ use of Skytap’s virtualized infrastructure technology as a subscription service offering, which is part of the Services from Skytap. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Skytap customer (the Data Controller).

Similarly, Skytap has no direct control over the data collected by its customers. Skytap customers choose the geographical regions for the storage of data for which they are the Controller, are directly responsible for the security, configuration, and administration of their Skytap environments, and are responsible for adhering to legal and regulatory requirements for the data which they collect and process as a Controller.

Skytap as a GDPR Data Controller

In some circumstances, such as during the account registration process for customer use of Skytap Services, Skytap collects and maintains Personal Data. This data is collected and maintained solely for the offer and maintenance of Skytap Services for customer use, and for the relevant communications and uses detailed within this policy. For these purposes, Skytap is the Controller.

The collection and processing of your Personal Data for direct use and administration of our Services is based on contractual obligation, necessary to provide you with access and use of the Services.

Personal Data We Collect

Definition of Personal Data

“Personal Data” is any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable person is one who can be identified by referencing an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Information you give us

Skytap requires some of your Personal Data to effectively operate, while providing you the best experiences with our Services. Some of this data comes directly from you when you perform transactions with Skytap, such as place an order, create a Skytap account, administer your organization’s dashboard access, or register for a newsletter. This data may include name, username, title, address, organization or employer, phone number, and/or email address.

Information we collect automatically

As is true of most websites, we also gather certain information automatically when you visit our website, mobile application, or interact with our Services. This information is used to analyze aggregated trends and to administer our Services, and may include Internet protocol (IP) addresses, the type of device you use, operating system and version, device identifier, where the application was downloaded from, usage information, events that occur within the application, performance data, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), date/time stamp, and/or clickstream data. Please see the Cookies and Similar Technology section below for more details.

Information we receive from third parties

We may receive information about you from other sources, including publicly available databases or from third parties. This data helps us to update, expand, and analyze our records, identify new customers, and identify Services that may be of interest to you. This may include purchased marketing data about our customers from third parties, that is combined with information we already have about you, to create more tailored advertising and Services.

Mobile App

When you download and use our Services, we may automatically collect information on the type of device you use, operating system version and the device identifier (or “UDID”).

Within our mobile application we may send you push notifications from time-to-time in order to update the services, or to notify you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level.

We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.

How We Use Personal Data

This section describes how Skytap uses the Personal Data that we collect to operate our business and to provide you our Services, including improvements to those Services and in the personalization of your experiences. We may also use the data to communicate with you, providing account information, security updates and Service information. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers. Additionally, data is used to market our Services, to comply with applicable laws and legal processes, to enforce our terms and conditions, and to allow us to pursue available remedies or limit any damages that we may sustain.

To provide a requested service or carry out a contract with you

We use data collected from you in the following ways:

Customer Support: to diagnose and repair technical issues and provide other customer care and support services.
Account Notifications: to communicate Service and account notifications to you. For example, we may contact you by phone, email, or other means to inform you of account status, usage, and billing details, and to notify you when security updates are available.
Security, Safety, and Dispute Resolution: to protect the security and safety of our Services and our customers, to detect and prevent fraud, to resolve disputes, and to enforce our agreements.
Providing the Services: to carry out your transactions with us and to provide our Services to you, such as the account administration, authorization, and audit tools provided within our Services.

Where we have a legitimate interest

We use data collected from you in the following ways:

Service Personalization: to include personalized features and recommendations that enhance your productivity and user experience enjoyment, and automatically tailor your Service experiences based on the data we have about your activities, interests, and locations. To better understand how to access and control the Personal Data collected for these types of processing, please see the Access and Control section below.
Business Operations: to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions about, and report on the performance of our business.
Service Improvement: to continually improve our Services, including adding new features or capabilities. For example, we use error reports to improve security features of our Services, and usage data to determine new features or Services to prioritize.

Where we rely on legitimate interest for processing your information, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing. You can find out more about the information in these balancing tests by contacting us using the details below.

Where we have your consent

We use data we collect to communicate with you in a variety of formats and to tailor those communications to you. Examples include inviting you to participate in surveys, email subscriptions, and promotional communications from Skytap by email, SMS, physical mail, or telephone. For information about managing your contact data, email subscriptions, and promotional communications, please visit the Access and Controls section of this privacy statement.

Automated decision making

Skytap employs automated decision making (also known as “profiling”) in the processing of your data in very limited ways, and only in accordance with the specifications of this Policy and applicable laws. For example, we may auto-assign customer support personnel to respond to your inquiries, based on your organization or employer, and necessary details of that contract, or auto-assign a regional contact to assist you, based on your location. These actions are necessary to provide you with our Services and related support.

Similarly, some automated decision making is used, with your consent, to determine appropriate communications to you, as detailed above.

Reasons We Share Personal Data

This section describes how Skytap may share and disclose Personal Data. Customers determine their own policies and practices for the sharing and disclosure of data, and Skytap does not control how they choose to share or disclose Information.

Skytap may share your Personal Data with your consent, or as necessary to complete a transaction or provide a Service you have requested or authorized. For example:

If you elect to use connected third-party applications, we may share Personal Data with companies who provide those applications. In those cases, we encourage you to review and understand the terms and conditions and privacy policies of those third parties, over whom we have no control.
We may disclose generic, aggregated (pseudonymized) demographic information, not linked to any specific Data Subject, regarding Skytap visitors and users to our business partners, trusted affiliates, and suppliers or agents working on our behalf.
We may use third-party service providers to help us operate or administer the Services. For example, companies we’ve hired to provide customer service support or to assist in protecting and securing our services and systems may need access to Personal Data to complete those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use Personal Data they receive from us for any other purpose.
We may disclose Personal Data to a third-party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
As we believe to be necessary or appropriate, we may disclose Personal Data: (a) under applicable laws, including laws outside your country of residence; (b) to comply with a subpoena or other legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

How We Protect Your Information

Skytap has adopted reasonable security measures to protect Personal Data against loss, theft, unauthorized access, alteration, disclosure, or destruction. These measures include policies, procedures, employee training, physical access control, and technical elements relating to data access controls. In addition, Skytap uses industry standard encryption to facilitate the exchange and transmission of data. Skytap only processes Personal Data in compliance with the purposes for which it has been collected, in accordance with this Policy.

In the event that Personal Data is acquired by an unauthorized person, and applicable law requires notification, we will promptly notify the affected Data Subject. Notice will be consistent with the legitimate needs of law enforcement, and any measures necessary for Skytap or law enforcement to determine the scope of the breach and to ensure or restore the integrity of a system. Skytap may delay notification if we, or a law enforcement agency, determine that the notification will impede a criminal investigation. In such case, notification will not be provided unless and until we or the agency determines that notification will not compromise the investigation.

Data Retention

We only retain your Personal Data for as long as is necessary for us to use your information as described above or to comply with our legal obligations. Please be advised that this means that we may retain some of your information after you cease to use our Services. For instance, we may retain your data as necessary to meet our legal obligations, such as for tax and accounting purposes.

When determining the relevant retention periods, we take the following factors into account:

our contractual obligations and rights in relation to the information involved;
legal obligation(s) under applicable law to retain data for a certain period of time;

our legitimate interest where we have carried out a balancing test;

statute of limitations under applicable law(s);
(potential) disputes;
if you have made a request to have your information deleted; and
guidelines issued by relevant data protection authorities.

Otherwise, we securely erase your information once this is no longer needed.

Your Rights as a Data Subject

You have a number of rights when it comes to your Personal Data. Further information and advice about your rights can be obtained from the data protection regulator in your country.

RIGHTS	WHAT DOES THIS MEAN?
1. The right to object to processing	You have the right to object to certain types of processing, including processing for direct marketing. You can access and manage your preferences for these as detailed in the Access and Controls section of this document.
2. The right to be informed	You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. We are providing you with this information through this Privacy Policy.
3. The right of access	You have the right to obtain access to your Personal Data information that Skytap processes, in order to ensure that we’re using your information in accordance with data protection laws. Upon request, we will provide you with information about whether we hold any of your personal information.
4. The right to rectification	You are entitled to have your information corrected if it’s inaccurate or incomplete. You can manage this as detailed in the Access and Controls section of this document.
5. The right to erasure	This is also known as ‘the right to be forgotten’ and enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
6. The right to restrict processing	You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. Skytap maintains lists of individuals who have asked for further use of their information to be ‘blocked’ or ‘restricted’ to ensure the request is respected in future.
7. The right to data portability	You have rights to obtain and reuse your Personal Data for your own purposes across different services. If you request a copy of the Personal Data that Skytap maintains on you, we will deliver it in .csv format or similar.
8. The right to lodge a complaint	You have the right to lodge a complaint about the way we handle or process your Personal Data with your national data protection regulator.
9. The right to withdraw consent	If you have given your consent to anything we do with your Personal Data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your Personal Data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your Personal Data for marketing purposes. You can review and manage your consent as detailed in the Access and Controls section.

(The rights above currently are not available to Data Subjects protected under CCPA, but similar rights will be available under CPRA as of January 1, 2023.)

Please contact us using the details below to exercise any of your rights. We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

baseless or excessive/repeated requests, or
further copies of the same information.

Alternatively, we may be entitled to refuse to act on the request.

Please consider your request responsibly before submitting it. These requests do not apply to mandatory service communications that are part of certain Skytap services, or to surveys or other informational communications that can be managed directly (see details in the Access and Controls section). We’ll respond as soon as we can. Generally, this will be within 30 days from when we receive your request, unless the request will take substantially longer to fulfill.

If you cannot access certain Personal Data collected by Skytap via the Preference Center, directly through the Skytap Services you use, or if you do not have a personal Skytap account, you can always contact Skytap by emailing us at privacy@skytap.com.

How to Access and Control Your Personal Data

Access and control to your Personal Data is managed by the Skytap Preference Center. For example, in the Preference Center you may elect to:

Receive electronic communications from us. Change your mind? Opt-out for those promotional emails.
Allow the sharing of your Personal Data with our affiliates for their direct marketing purposes. Similarly, you may update your preference to opt-out if you so desire via the Preference Center.
Skytap may partner with third-parties to manage our advertising on other sites. Our third-party partners may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests, please see below for more information on cookies and similar technologies and how to control them.

Cookies & Similar Technologies

Skytap and our partners may use cookies or similar technologies to analyze trends, administer the website, track users‘ movements around the website, and to gather demographic information about our user base as a whole. You can control the use of cookies and similar technologies at the individual browser level. However, if you choose to disable any of these, it may limit your use of certain features or functions on our website or service. Below we have included additional information on the types of cookies and technologies that Skytap uses. To manage cookies and similar technologies for your browser, see our page on How to Manage Cookies.

Strictly Necessary Cookies: These cookies are necessary for the website to function. They are usually only set in response to actions made by you that amount to a request for services, such as logging in or filling in forms. These cookies do not store any Personal Data.
Performance Cookies: These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All of the information collected by these cookies is aggregated and therefore pseudonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
Functionality Cookies: These cookies enable the website to provide enhanced functionality and personalization, such as playback of tutorial videos, and customer support chat functionality. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.
Targeting Cookies: These cookies may be set through our site by us or our advertising partners. They may be used to build a profile of your interests and show you content in which you may be interested. Generally, they do not store any Personal Data, but are based on uniquely identifying your browser and internet device. However, we sometimes use these cookies to do individualized tracking down to the name for marketing purposes. If you do not allow these cookies, you will experience less targeted content. If you wish to opt out of interest-based advertising, click here. Please note that you will continue to receive generic ads.
Web Beacons: Skytap web pages may contain electronic images known as web beacons (also called single-pixel gifs) that we use to help deliver cookies on our websites, count users who have visited those websites and deliver co-branded Services. We also include web beacons in our promotional email messages or newsletters to determine whether you open and act on them.
Analytics Services: Skytap Services often contain web beacons or similar technologies from third-party analytics providers, which help us compile pseudonymized aggregated statistics about the effectiveness of our promotional campaigns or other operations. These technologies are strictly prohibited from collecting or accessing information that directly identifies you. If you do not allow these services, we will not be able to monitor the performance of some of our operations.
Other Similar Technologies: In addition to standard cookies and web beacons, our Services can also use other similar technologies to store and read data files on your computer. This is typically done to maintain your preferences or to improve speed and performance by storing certain files locally. But, like standard cookies, these technologies can also be used to store a unique identifier for your computer, which can then be used to track behavior. If you block these at the browser level, you will experience less targeted content, and may also experience performance issues when visiting our website or using our Services.

International Data Transfers

Skytap may transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards when transferring Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law:

European Union Model Clauses

Skytap offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Customer Data. A copy of our standard data processing addendum, incorporating Model Clauses, is available upon request by contacting us at privacy@skytap.com.

EU-U.S. Privacy Shield

While Skytap participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework, unless and until EU-U.S. Privacy Shield is reinstated by the EU following invalidation by the EU Court, Skytap will rely on the Standard Contractual Clauses and the following is informational only. Skytap remains committed to subjecting all Personal Data received from European Union (EU) member countries and the United Kingdom, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. (https://www.privacyshield.gov/list).

Skytap is responsible for the processing of Personal Data it receives, under the Privacy Shield Framework, and subsequently transfers to third parties acting as an agent on its behalf. Skytap complies with the Privacy Shield Principles for all onward transfers of Personal Data from the EU and the United Kingdom, including the onward transfer liability provisions.

With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, Skytap is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Skytap may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Skytap commits to cooperate with EU data protection authorities, and comply with the advice given by such authorities, with regard to human resources data transferred from the EU in the context of the employment relationship.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

PIPEDA

Skytap is committed to fulfilling its responsibilities under Canada’s Personal Data Protection and Electronic Documents Act (PIPEDA). For purposes of fulfilling these responsibilities, if applicable, you consent to using SkytapsSkytap’s website and services, and you consent to Skytap’s collection and use of your Personal Data for the purposes described above. If you do not consent, you may not access our website or the Services. Please contact our Data Protection Officer (see below) with any questions, concerns or requests about how Personal Data is collected or used.

Other Important Privacy Information

Notice to End Users

Skytap Services are intended for use by organizations and are administered to you by your organization. Your use of Skytap Services may be subject to your organization’s policies and procedures. If your organization is administering your use of the Skytap Services, please direct your privacy inquiries to your administrator. Skytap is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement.

If you use an email address provided by an organization you are affiliated with, such as an employer or school, to access Skytap online services, the owner of the domain (e.g., your employer) associated with your email address may: (i) control and administer your Skytap online services account and (ii) access and process your data, including the contents of your communications and files.

Information from Children

Skytap’s website and services are not designed for use by children under the age of 13. Skytap does not voluntarily or knowingly collect information from children under 13. As such, if you are under the age of 13, please stop using this website and/or Skytap services. If you are a parent or guardian and believe that we may have collected Personal Data from someone under the age of 13, please let us know by emailing privacy@skytap.com.

Changes to this Privacy Policy

Skytap may change, modify, or update this Privacy Policy at any time. When we do, we will revise the date at the top of this page. If we make any material changes, we will notify you by means of a notice through the Services. We encourage you to frequently check this page for any changes, to stay informed about how we are helping to protect the Personal Data we collect. If you continue to use the Services, you acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of any modifications.

Contacting Skytap

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with the Services, please contact us at privacy@skytap.com.

Inquiries may also be addressed to:

Skytap, Inc.
Data Protection Officer
255 S King St, Ste 800
Seattle, WA 98104
206-866-1162

Skytap Employee and Candidate CCPA and EU/UK GDPR Privacy Regulation Disclosure

Updated January 20, 2022

If you are a resident of California, the United Kingdom or the European Union and are applying for employment with, are already, or apply and then become employed by Skytap, a Skytap-owned subsidiary in a country other than the USA, or a Professional Employer Organization (or PEO) engaged by Skytap in any country other than the USA, please read this Skytap Employment Applicant and Employee Privacy Disclosure.

Skytap provides this notice and disclosure to comply with the CCPA, UK GDPR, and EU GDPR with regard to Personal Data collected related to applications for and actual employment on behalf of Skytap.

CCPA and both of the two GDPR’s (EU and UK) define the same subject matter, but using different terms.

The information about individual people that the regulations protect are referred to by EU and UK GDPR as “Personal Data” and by CCPA as “Personal Information.” This disclosure for simplicity will use the GDPR term “Personal Data,” but it applies equally to Personal Data under the EU and UK GDPR versions.
The individual persons who are and whose Personal Data are subject to protection under the EU and UK versions of GDPR are referred to under GDPR as “Data Subjects” and under CCPA as “Consumers.” This disclosure for simplicity will use the GDPR term and refer to the individuals as “Data Subjects.” Thus, references to Data Subjects in this disclosure will mean Consumers for purposes of CCPA.

Under CCPA, the Personal Data identified in the Table below is shared with “Service Providers” who do not use the Personal Data for any purposes other than providing contracted services to Skytap, and Skytap’s Service Providers include employee benefits management companies, benefits providers, providers of payroll, human resources information systems, compensation benchmarking analytics providers, job applicant tracking software.

Skytap retains the Personal Data below for a duration that depends on whether the Data Subject is only an applicant for employment or Skytap employs the Data Subject or an applicant that is not hired immediately for an open position might be suitable for a future open position. Certain categories of Personal Data are retained for longer durations if the potential exists to rehire the Data Subject after their employment with Skytap ends.

Personal Data Category	Specific Types Of Personal Data	Skytap Business Purpose (See The Key Below)
Personal Identifiers	Name, alias, postal or mailing address, email address, telephone number, tax ID or social security number (international equivalent), driver’s license or identification card number, passport number	1-5, 9, 10, 11, 12, 13, 14
Financial Information	Bank account number, credit card number, debit card number, or other financial account information	2, 9
Protected Classifications	Race, ethnicity, national origin, sex, gender, sexual orientation, gender identity, religion, age, disability, medical or mental condition, military status, familial status, language spoken	1, 3, 5, 9
Personal Interests	Personal background, interests, hobbies	8
Professional or Employment-Related Information	Personnel file, new hire or onboarding records, I-9 forms, tax forms, time and attendance records, non- medical leave of absence records, workplace injury and safety records, performance evaluations, disciplinary records, training records, licensing and certification records, compensation and health benefits records, and payroll information and records	1-9, 11, 14, 15
Medical and Health Information	Doctor’s notes for absences or work restrictions, medical leave of absence records, requests for accommodation, interactive process records, and correspondence with employee and his/her medical or mental health provider(s) regarding any request for accommodation or medical leave of absence	1, 2, 4, 5, 9
Education Information	Transcripts or records of degrees and vocational certifications obtained	9, 11
Visual, Audio or Video Recordings in the Workplace	Surveillance cameras or pictures of employees taken in the workplace or at a Skytap function or event	7, 8, 12
Facility Access Records	Information identifying which employees accessed secure Skytap facilities and at what times using their keys, badges, fobs, or other security access method	7, 12
Internet and Network Activity	Internet or other electronic network activity information on Skytap-issued computers and electronic devices, including browsing history, search history, and usage history	7, 13

Key: Employment Related Personal Data and Purposes for Collection and Use.

To comply with state and federal law and regulations requiring employers to maintain certain records (such as immigration compliance records, personnel files, wage and hour records, payroll records, accident or safety records, and tax records).
Process payroll and/or reimburse expenses.
Maintain commercial insurance policies and coverages, including for workers’ compensation and other liability insurance.
Manage workers’ compensation claims.
Administer and maintain group employee benefits such as health insurance benefits, 401K and/or retirement plans.
Manage employee performance of their job duties
Conduct workplace investigations (such as investigations of workplace accidents or injuries, harassment, or other misconduct).
Provide for employee morale and engagement.
Assess and benchmark Skytap compensation packages for employees against relevant markets, Personal Data is provided to compensation benchmarking Services Providers who promptly anonymize/de-identify the data so that it is no longer Personal Data regulated under CCPA or EU or UK GDPR, or any other privacy regulation and the raw data is permanently erased so that it cannot be recovered in raw form or attributed to the individual Data Subjects. Some service providers use APIs to pull data securely from Skytap systems, but not all of the data is usable for benchmarking purposes, and only usable data is anonymized or de-identified, and all of the raw data is promptly, and security destroyed.
Obtain and verify background checks on job applicants and employees *.
Evaluate, make, and communicate decisions regarding an employee’s employment, including decisions to hire, terminate, promote, demote, transfer, suspend or discipline.
Grant employees access to secure Skytap facilities and maintain information on who accessed the facility.
Implement, monitor, and manage electronic security measures on employee devices that are used to access Skytap networks and systems.
Engage in corporate transactions requiring review of employee records, such as for evaluating potential mergers and acquisitions of the Skytap.
Respond to employment verification requests (such as pre-employment, loan, or government agency inquiries).

*Background checks actually are performed by a third party who is responsible for any obligations under CCPA related to Personal Data submitted by the applicant to the background check provider for purposes of the background check.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-non-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookielawinfo-checkbox-preferences	1 year	This cookie is set by the GDPR Cookie Consent plugin to check if the user has given consent to use cookies under the "Preferences" category.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
55d66ab20f0ad28a_cfid	2 years	Set by ChatFunnels to store chat sessions
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
sc_anonymous_id	9 years	Cookie is placed by SoundCloud to provide functions across pages.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc		The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	The cookie is set by Google Analytics and is used to throttle the request rate.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.
_gat_UA-4086838-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_uetsid	1 day	Bing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid	1 year 24 days	Bing Ads sets this cookie to engage with a user that has previously visited the website.
YSC		This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gcl_au	2 months	This cookie is placed by Google Tag Manager to place and track conversions.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
_uv_id	2 years	Slideshare: Collects data on the user's visits to the website, such as which pages have been read.
browser_id	5 years	This cookie is used for identifying the visitor browser on re-visit to the website.
bscookie	2 years	This cookie is placed by Linkedin to store performed actions on the website.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
GPS	30 minutes	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location
li_sugr	2 months	This cookie is placed by Linkedin to store browser details.
lissc	1 year	Used by the social networking service, LinkedIn, for tracking the use of embedded services.
MR	1 week	This cookie is used to measure the use of the website for analytics purposes.
pardot		The cookie is set when the visitor is logged in as a Pardot user.
undefined	never	Wistia sets this cookie to collect data on visitor interaction with the website's video-content, to make the website's video-content more relevant for the visitor.
vuid	2 years	Vimeo

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
IDE	2 years	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
MUID	1 year	Used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronize the ID across many different Microsoft domains to enable user tracking.
SRM_B	1 year	Bing.com
SRM_I	1 year	Bing.com
u	2 months	Collects data on user visits to the website, such as what pages have been accessed. The registered data is used to categorize the user's interest and demographic profiles in terms of resales for targeted marketing
uid	1 year	This cookie is used to measure the number and behavior of the visitors to the website anonymously. The data includes the number of visits, average duration of the visit on the website, pages visited, etc. for the purpose of better understanding user preferences for targeted advertisments.
UserMatchHistory	1 month	This cookie is place by Linkedin to enable ad delivery or retargeting.
VISITOR_INFO1_LIVE	5 months	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Skytap Privacy Policy

How to Access and Control Your Personal Data

Cookies & Similar Technologies

International Data Transfers

European Union Model Clauses

Skytap Employee and Candidate CCPA and EU/UK GDPR Privacy Regulation Disclosure

Product

Company

Help

Cookie	Duration	Description
_clck	1 year	No description
_clsk	1 day	No description
AnalyticsSyncHistory	1 month	No description
CLID	1 year	No description
ingrammicro.com	1 hour	No description
li_gc	2 years	No description
loglevel	never	No description available.
original_req_url	past	No description
visitor_id869971	10 years	No description
visitor_id869971-hash	10 years	No description