This Privacy Statement informs you about the type of personal data that is collected and received through our website https://www.sketch.com (“website”) and our cloud-based services that relate to the Sketch platform as described in our Terms of Service (“Sketch Cloud”), and about how we use, share, retain and protect such personal data.
Who we are
We are the Dutch company Sketch B.V. (“we”, or “us”) with place of business at Flight Forum 40, Ground floor, 5657 DB Eindhoven, the Netherlands with chamber of commerce registration number 60360461 and VAT number NL8538.75.273.B01. We are the controller responsible for the processing of personal data through the website and Sketch Cloud.
The types of personal data we may obtain and how long we retain them
Personal data means any information relating to an identified or identifiable natural person.
We may collect and receive the following personal data from you:
- Name and contact details (such as name, address, email, username, fax and phone numbers);
- Account details (such as username, password license key and whether/how often you have registered to Sketch Cloud);
- Payment information (such as bank account information);
- Information on your use of the website and Sketch Cloud;
- Personal data included in content uploaded by you to Sketch Cloud;
- Personal data included in comments posted by you on the website or in Sketch Cloud;
- Personal data of individuals you wish to share your uploaded content with (such as name and email address);
- Personal data that may be entered in forms on our website;
We may collect other types of personal data if required under applicable law or if this is necessary for the purposes listed in this Privacy Statement. In such case, we will then notify you.
We retain personal data for as long as necessary to fulfil the purposes for which we collect or receive the personal data, except if required otherwise by applicable law. Typically, we will retain most of the personal data for the duration of your use of the website and Sketch Cloud, until you have removed your account, unless a longer applicable statutory retention period applies.
Note that after the deletion of your account, your comments may be left on Sketch Cloud, while your name and avatar will be replaced by “deleted user”.
How we obtain personal data
Personal information refers to any information that can be used to distinguish one individual from another, while personal data is defined in the GDPR as any information relating to an identified or identifiable natural person (‘data subject’). We collect and receive personal data through our website and Sketch Cloud. First of all, we collect personal data that you choose to voluntarily provide to us for your use of the website and Sketch Cloud. Also, we collect personal information through Sketch Cloud. In addition, we collect certain personal data by using cookies, including similar technologies such as local storage when you visit the website. Cookies are bits of text that are placed on your computer’s hard drive or mobile device when you visit certain websites and whose purpose is to carry bits of useful information about your interaction with the website that sets them.
We also may track emails for marketing purposes. See our List of Subprocessors.
How we may use personal data
We may use the personal data we collect and receive for the following purposes:
- To provide and improve support to Sketch users;
- To create an account for your use of the website and Sketch Cloud;
- To provide and improve our services;
- To provide content that is relevant for you / the person that is interacting with Sketch;
- To analyze how the website is used, such as which pages are visited, how long pages were visited, and the paths taken by visitors to our website as they move from page to page;
- To verify compliance with applicable legal requirements and our policies;
- To contact you, such as by sending personalized emails, about our products and services, including about Sketch Cloud or to send you our newsletter. You will have the choice to opt in or opt out of receiving such marketing communications by indicating your choice by updating your app settings. You will also be given the opportunity at the bottom of every marketing e-mail to unsubscribe / opt out.
We process personal data because this is necessary for the performance of the contract between you and us, for our compliance with our legal obligations, and for the purpose of our legitimate interests. In particular, our legitimate interests are our commercial company interest (e.g. to improve our products and services), our interest to prevent fraud, our interest to report possible criminal acts or threats to competent authorities, and our interest to make use of direct marketing, a common purpose of processing that includes a number of different activities—e.g., collecting personal data from potential customers, creating profiles about those potential customers and their preferences, and then sending personalized communications to them. Some of the personal data that we process is required for us to meet our legal obligations. For example, we cannot create an account for you, if you choose not to share your personal data with us.
How we may share personal data
We may share the personal data we collect and receive on a need-to-know basis with the following third parties:
- Our service providers;
- Competent public authorities or other third parties, if required by law or reasonably necessary to protect the rights, property and safety of ourselves or others.
We reserve the right to transfer personal data about you in the event that we sell or transfer all or a portion of our business or assets, in accordance with applicable law. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use data you have provided to us in a manner that is consistent with this Privacy Statement. Following such a sale or transfer, you may contact the entity to which we transferred your data with any inquiries concerning the processing of that data.
We do not sell, rent or trade your personal data.
Data transfers outside the EEA
We may transfer the personal data we obtain to third parties in countries outside the European Economic Area (EEA). The laws in those countries may not offer an adequate level of data protection. In particular, personal data may be transferred to the United States. When we transfer your personal data outside the EEA, we will protect your personal data as described in this Privacy Statement, our Data Processing Addendum, and in accordance with applicable law, such as by entering into the European Commission’s Standard Contractual Clauses for the transfer of personal data to a processor located outside of the European Union.
How we protect personal data
We maintain appropriate technical and organizational security safeguards designed to protect your personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us or the personal information stored is absolutely secure. We will notify you of any data breach that is likely to have unfavorable consequences for your privacy in accordance with applicable law.
In relation to your personal data, you have the right to:
- obtain, at reasonable intervals and free of charge, information on whether or not your personal data are being processed and to access the personal data that is being processed in an intelligible form;
- request rectification of inaccurate personal data or erasure of personal data or restriction of or objection to processing of your personal data; and
- request us to provide you your data in a structured, commonly used and machine-readable format which can be transmitted to another controller.
To exercise these rights, please contact us using our contact details set out below. We may request you to provide a copy of your ID card or otherwise evidence your identity. We will respond to your request within the applicable statutory term.
Updates to this Privacy Statement
We may update this Privacy Statement from time to time. Any changes we make to our Privacy Statement in the future will be posted on this page. Please check back frequently to see any updates or changes to our Privacy Statement. All changes shall be effective from the date of publication, unless otherwise provided in the notification.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
How to Contact Us
If you have any comments or inquiries about the information in this Privacy Statement, if you would like us to update your personal data, or to exercise your rights, please contact us by email at firstname.lastname@example.org. In addition, you always have the right to make a complaint at any time to a competent supervisory authority.