This Privacy Statement informs you about the type of personal data that is collected and received through our website www.sketch.com (“website”) and our cloud-based services that relate to the Sketch platform as described in our Terms of Service (“Sketch Platform”), and about how we use, share, retain and protect such personal data.
Who we are
We are the Dutch company Sketch B.V. (“we”, or “us”) with place of business at Flight Forum 40, Ground floor, 5657 DB Eindhoven, the Netherlands with chamber of commerce registration number 60360461 and VAT number NL8538.75.273.B01. We are the controller responsible for the processing of personal data through the website and Sketch Platform.
The types of personal data we may obtain and how long we retain them
Personal data means any information relating to an identified or identifiable natural person.
We may collect and receive the following personal data from you:
- Name and contact details (such as name, address, email, username, fax and phone numbers);
- Account details (such as username, password license key and whether/how often you have registered to Sketch Platform);
- Payment information (such as bank account information);
- Information on your use of the website and Sketch Platform
- Personal data included in content uploaded by you to Sketch Platform;
- Personal data included in comments posted by you on the website or in Sketch Platform;
- Personal data of individuals you wish to share your uploaded content with (such as name and email address);
- Personal data that may be entered in forms on our website;
We may collect other types of personal data if required under applicable law or if this is necessary for the purposes listed in this Privacy Statement. In such case, we will then notify you.
We retain personal data for as long as necessary to fulfill the purposes for which we collect or receive the personal data, except if required otherwise by applicable law. Typically, we will retain most of the personal data for the duration of your use of the website and Sketch Platform, until you have removed your account, unless a longer applicable statutory retention period applies.
Note that after the deletion of your account, your comments may be left on Sketch Platform, while your name and avatar will be replaced by “deleted user”.
How we obtain personal data
Personal information refers to any information that can be used to distinguish one individual from another, while personal data is defined in the GDPR as any information relating to an identified or identifiable natural person (‘data subject’). We collect and receive personal data through our website and Sketch Platform. First of all, we collect personal data that you choose to voluntarily provide to us for your use of the website and Sketch Platform. Also, we collect personal information through Sketch Platform. In addition, we collect certain personal data by using cookies, including similar technologies such as local storage when you visit the website. Cookies are bits of text that are placed on your computer’s hard drive or mobile device when you visit certain websites and whose purpose is to carry bits of useful information about your interaction with the website that sets them.
We also may track emails for marketing purposes. See our List of Subprocessors.
How we may use personal data
We may use the personal data we collect and receive for the following purposes:
- To provide and improve support to Sketch users;
- To create an account for your use of the website and Sketch Platform;
- To provide and improve our services;
- To provide content that is relevant for you / the person that is interacting with Sketch;
- To analyze how the website is used, such as which pages are visited, how long pages were visited, and the paths taken by visitors to our website as they move from page to page;
- To verify compliance with applicable legal requirements and our policies;
- To contact you, such as by sending personalized emails, about our products and services, including about Sketch Platform or to send you our newsletter. You will have the choice to opt in or opt out of receiving such marketing communications by indicating your choice by updating your app settings. You will also be given the opportunity at the bottom of every marketing e-mail to unsubscribe / opt out.
We process personal data because this is necessary for the performance of the contract between you and us, for our compliance with our legal obligations, and for the purpose of our legitimate interests. In particular, our legitimate interests are our commercial company interest (e.g. to improve our products and services), our interest to prevent fraud, our interest to report possible criminal acts or threats to competent authorities, and our interest to make use of direct marketing, a common purpose of processing that includes a number of different activities—e.g., collecting personal data from potential customers, creating profiles about those potential customers and their preferences, and then sending personalized communications to them. Some of the personal data that we process is required for us to meet our legal obligations. For example, we cannot create an account for you, if you choose not to share your personal data with us.
How we may share personal data
We may share the personal data we collect and receive on a need-to-know basis with the following third parties:
- Our service providers;
- Competent public authorities or other third parties, if required by law or reasonably necessary to protect the rights, property and safety of ourselves or others.
We reserve the right to transfer personal data about you in the event that we sell or transfer all or a portion of our business or assets, in accordance with applicable law. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use data you have provided to us in a manner that is consistent with this Privacy Statement. Following such a sale or transfer, you may contact the entity to which we transferred your data with any inquiries concerning the processing of that data.
We do not sell, rent or trade your personal data.
Data transfers outside the EEA
We may transfer the personal data we obtain to third parties in countries outside the European Economic Area (EEA). The laws in those countries may not offer an adequate level of data protection. In particular, personal data may be transferred to the United States. When we transfer your personal data outside the EEA, we will protect your personal data as described in this Privacy Statement, our Data Processing Addendum, and in accordance with applicable law, such as by entering into the European Commission’s Standard Contractual Clauses for the transfer of personal data to a processor located outside of the European Union.
How we protect personal data
We maintain appropriate technical and organizational security safeguards designed to protect your personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us or the personal information stored is absolutely secure. We will notify you of any data breach that is likely to have unfavorable consequences for your privacy in accordance with applicable law.
In relation to your personal data, you have the right to:
- obtain, at reasonable intervals and free of charge, information on whether or not your personal data are being processed and to access the personal data that is being processed in an intelligible form;
- request rectification of inaccurate personal data or erasure of personal data or restriction of or objection to processing of your personal data; and
- request us to provide you your data in a structured, commonly used and machine-readable format which can be transmitted to another controller.
To exercise these rights, please contact us using our contact details set out below. We may request you to provide a copy of your ID card or otherwise evidence your identity. We will respond to your request within the applicable statutory term.
CCPA Addendum: Compliance with the California Consumer Privacy Act (CCPA)
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their Personal Information (“PI”). This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your PI over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of PI we collected about you.
- The categories of sources for the PI we collected about you.
- Our business or commercial purpose for collecting or selling that PI.
- The categories of third parties with whom we share that PI.
- The specific pieces of PI we collected about you (also called a data portability request).
- If we disclosed your PI for a business purpose, identifying the PI categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your PI that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your PI from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the PI, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you or otherwise perform our contract with you.
- Detect security incidents; protect against malicious, deceptive, fraudulent or illegal activity; or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability and Deletion Rights
To exercise the access, data portability and deletion rights described in the preceding sections, please submit a verifiable consumer request to us emailing us at email@example.com. Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your PI. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected PI or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.
We cannot respond to your request or provide you with PI if we cannot verify your identity or authority to make the request and confirm the PI relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use PI provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your PI that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Updates to this Privacy Statement
We may update this Privacy Statement from time to time. Any changes we make to our Privacy Statement in the future will be posted on this page. Please check back frequently to see any updates or changes to our Privacy Statement. All changes shall be effective from the date of publication, unless otherwise provided in the notification.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
How to Contact Us
If you have any comments or inquiries about the information in this Privacy Statement, if you would like us to update your personal data, or to exercise your rights, please contact us by email at firstname.lastname@example.org. In addition, you always have the right to make a complaint at any time to a competent supervisory authority.