Skip to main content
Sigma Computing

Employee Privacy Policy

This Employee Policy ("Privacy Policy") describes how Sigma Computing, Inc., its subsidiaries, and its affiliates (collectively "Sigma", "we", and "us") collect, use, and process Personal Data of Sigma’s Employees (defined below). As used in this Privacy Policy, "Personal Data", means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you.

1. Purpose.

The purpose of this Privacy Policy is to provide Sigma employees (part-time and full-time), Sigma interns, and other individuals legally and contractually engaged by Sigma to perform certain services (each an "Employee", "you", your") with information about how and why Sigma collects, uses, and processes your Personal Data, and your choices and rights with respect to such processing. Sigma’s processing of Personal Data is in all cases subject to the requirements of applicable national, federal, state, and local laws, and Sigma’s internal policies and procedures. To the extent this Privacy Policy conflicts with applicable laws in your location, the applicable law in your location shall control.

2. Scope.

This Privacy Policy applies to all use, storage, and processing of Employee Personal Data by any Employees, systems, applications, and devices that are owned, managed, or controlled by us or otherwise forms part of our commercial cloud boundary (including system users, groups, services, protocols and functions).

Our processing activities in connection with your use of or interaction with Sigma’s websites, products, services, platforms, or applications (collectively "Sites"), including our use of cookies and similar technologies on our Sites, are not in scope for this Privacy Policy, and are covered instead by our Website Privacy Policy and Cookie Policy. This Privacy Policy does not form part of any contract of employment or engagement you may have with Sigma.

3. Ownership & Maintenance.

Sigma’s Data Protection Officer owns, implements, and maintains this Privacy Policy in conjunction with Sigma’s human resources team and is responsible for coordinating with policy enforcement entities to develop procedures, guidelines and standards relevant to the policies.

4. General Acknowledgement.

As a Sigma Employee, you acknowledge and recognize that Sigma takes privacy very seriously and requires all Employees to follow Sigma’s internal privacy and data handling procedures. This Employee Privacy Policy reflects Sigma’s commitment to protecting the Personal Data of its Employees, stakeholders, and other individuals, whose information we process. Sigma’s acknowledgment demonstrates that Sigma strives to ensure compliance with the relevant privacy laws and frameworks to maintain transparency in our data processing practices.

5. Changes to this Privacy Policy.

This Privacy Policy is to be reviewed and updated by Sigma’s Data Protection Officer at least annually. Changes or revisions to this policy shall follow Sigma’s internally established approval process. Employees must acknowledge and comply with changes to the policy upon notification of changes. We reserve the right to change this Privacy Policy at any time. Any changes will be posted on this page with an updated revision date. It is your responsibility to periodically review this Privacy Policy to remain informed about our collection, processing and sharing of your Personal Data. We may, in our sole discretion, provide you communications, including via email, about changes to our Privacy Policy; however, such communications do not abrogate or otherwise limit your responsibility to periodically review the Privacy Policy to determine whether any amendments have been made hereto.

6. Privacy Principles.

Sigma is committed to safeguarding your Personal Data in the following manner.

  • We will only collect and use your Personal Data where we have a lawful basis and/or legitimate business purposes to do so.
  • We will be transparent in our dealings with you and will tell you about how we will collect and use your Personal Data.
  • If we have collected your Personal Data for a particular purpose, we will not use it for anything other purpose unless you have been informed and, where relevant, your permission has been obtained.
  • We will not ask for more Personal Data than we need for the purposes for which we are collecting it.
  • We will update our records when you inform us that your Personal Data have changed.
  • We will continue to review and assess the quality of Personal Data we have collected.
  • We will update our records when you inform us that your Personal Data have changed.
  • We will implement and adhere to information retention policies relating to your Personal Data, and will ensure that your Personal Data is securely disposed of at the end of the appropriate retention period.
  • We will honor the rights granted to you under applicable privacy and data protection laws, and will ensure that your privacy rights related requests are promptly and transparently dealt with.
  • We will provide general awareness training to our staff about privacy obligations.
  • We will ensure we have appropriate physical, administrative, and technological security measures to protect your Personal Data.
  • We will ensure that when we outsource any processes to third-parties, such third-parties have appropriate security measures in place and will contractually require them to comply with these privacy principles.

7. Data Transfers.

Your Personal Data may be transferred to, stored, and processed in a country other than the one in which it was provided. Sigma will ensure that appropriate or suitable safeguards are in place to protect the Transferred Data and that transfer is in compliance with applicable data protection laws.

  1. For transfers of Personal Data between Sigma legal entities, we have implemented data transfer agreements with appropriate safeguards, such as the Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum (as applicable) to enable the transfer of the Personal Data. Additionally, Sigma Computing, Inc. is certified under the Data Privacy Framework Program (DPF) as further described in Section 8.
  2. For transfers of Personal Data from territories other than EEA and UK, and to the extent required by applicable laws, we have implemented data transfer agreements and/or obtained your consent, to securely the transfer your Personal Data to territories other than the one in which it was provided your Personal Data or your home country.
  3. For transfers of Personal Data from the EEA, and the UK to third parties outside of these territories, we implement appropriate data transfer mechanisms and safeguards to require that your Personal Data remains protected, including implementing applicable data transfer mechanisms, such as European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum (as applicable) or other lawful mechanisms for transfers of Personal Data as approved by the applicable regulators or legislators. Sigma Computing Inc. has also self-certified compliance with the DPF, as further described in Section 8 below.

8. Data Privacy Framework Notice.

Sigma Computing Inc. has self-certified compliance with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK extension to the EU-U.S. Data Privacy Framework ("UK Extension"), and the Swiss-U.S. Data Privacy Framework set forth by the U.S. Department of Commerce ("Swiss-U.S. DPF" and collectively, the "DPF").

  • Certification. Sigma has certified to the U.S. Department of Commerce that it adheres to (a) the EU-U.S. DPF Principles with regard to the processing of Personal Data received from the EU in reliance on the EU-U.S. DPF, (ii) the UK Extension with regard to the processing of Personal Data received from UK (and Gibraltar) in reliance on the UK Extension, and (iii) the Swiss-U.S. DPF Principles with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF (collectively, the "DPF Principles"). If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF and view our certification, please visit https://www.dataprivacyframework.gov/s/us-businesses.
  • Inquiries or Complaints. If you have any inquiries or complaints about the handling of your Personal Data, please contact us in accordance with Section 14 of the Privacy Policy. We will aim to investigate and attempt to resolve complaints within 30-45 days of receiving your complaint. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/DPF-Dispute-Resolution. A binding arbitration option may also be available to you in order to address residual complaints not resolved by any other means. Sigma is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
  • Choice and Disclosure. To the extent required by the DPF Principles, Sigma will offer you the opportunity to choose (opt out) when your Personal Data is to be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by you. To the extent required by the DPF Principles, when processing sensitive Personal Data, Sigma will offer you the opportunity to give affirmative express (opt-in) choice, subject to certain exceptions, if the Sensitive Personal Data is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individual through the exercise of the opt in choice. Sigma may disclose Personal Data in response to lawful requests by public authorities, including national security or law enforcement requirements. Sigma may also disclose Personal Data, without offering you a choice, in the following cases: to our processors or service providers; to our affiliates; or as part of a corporate restructuring, mergers and acquisitions. If we disclose your Personal Data to other third parties, we will obtain your consent. You may choose to disable third-party cookies that collect Personal Data through Sigma’s website.
  • Liability for Onward Transfers. Sigma complies with DPF Principles regarding accountability for onward transfers. Sigma is responsible for the processing of Personal Data subject to the DPF, which is subsequently transferred to a third party. Before disclosing Personal Data to such third-parties, we will obtain assurances from the recipient that it will (a) process the Personal Data in accordance with Sigma’s instructions and only for the purposes specifically permitted by Sigma; (b) provide at least the same level of protection for Personal Data as required by the DPF Principles; (c) notify Sigma if the recipient is no longer able to provide the required protections. Sigma shall remain liable under the DPF Principles if the third-party processes such Personal Data in a manner inconsistent with the DPF Principles.

9. Your rights and how to exercise them.

  1. Your Rights. Depending on your region, and/or your residency, your local data protection and privacy laws may grant you rights with respect to your Personal Data. These rights differ based on the local laws that apply to you but could include one or more of the following:
    • Right to know (and/or access) the Personal Data that we hold about you, including access to duplicates of the Personal Data retained.
    • Right to correct your Personal data if it is inaccurate, outdated, or incomplete.
    • Right to request deletion of irrelevant Personal Data that we hold about you. Please note: We may have an overriding lawful basis for retaining your Personal Data (e.g., we may have to retain your Personal Data pursuant to our legal obligations).
    • Right to limit processing, use, or disclosure of your sensitive Personal Data;
    • Right to withdraw consent, where we have relied on your consent to process certain Personal Data;
    • Right to request suspension of processing your Personal Data in certain circumstances, including when you believe that the Personal Data, we hold about you is inaccurate or unlawful;
    • Right to file a complaint with a supervisory authority;
    • In certain US states, you may also have a right to opt-out of sale, sharing, targeted advertising, profiling or cross-context behavioral advertising, and from automated decision making technologies
  2. Your Rights and Obligations. To exercise your rights or to submit an appeal of a denial of your privacy rights, please contact us by emailing us at privacy@sigmacomputing.com or by using this link to submit your request. It is your responsibility to ensure that information you submit does not violate any third party’s rights. You should keep your Personal Data on file with Sigma up to date and inform us of any significant changes to it.
  3. Our Obligations. We value your privacy and will not discriminate in response to your exercise of your privacy rights. We will take commercially reasonable efforts to confirm receipt of your request within 10 business days and will respond to your request within 30 to 45 calendar days (subject to the applicable privacy regulation in your region, and after requisite verification), unless we need additional time, in which case we will let you know. We may charge you a reasonable fee in instances that require a disproportionate effort, but we will advise you of any fee in advance. We may decline to process requests that are frivolous, unreasonably repetitive or burdensome, risk the privacy or impact the rights of others, or are extremely impractical.
  4. Verification. We may request certain information about you or your interactions with Sigma to verify your identity before we can respond to your requests to exercise your rights. This is done to protect your privacy and maintain security. We may require you to verify your name, region/country, location, email address, home address, and/or phone number in our records and provide information about your prior applications with Sigma (such as roles and positions for which you previously applied). In certain limited circumstances, we may require you to sign a declaration under penalty of perjury that you are the candidate whose Personal Data is the subject of the request.
  5. Agent Requests. You may authorize someone to make a privacy rights request on your behalf (an authorized agent). Authorized agents will need to demonstrate that you’ve authorized them to act on your behalf or must demonstrate they have power of attorney pursuant to applicable probate law. Sigma retains the right to request confirmation directly from you confirming that the agent is authorized to make such a request, or to request additional information to confirm the agent’s identity. An authorized agent is prohibited from using your Personal Data, or any information collected from or about you, for any purpose other than to fulfill your requests, for verification, or for fraud prevention.

10. Types of Personal Data Collected and Processed.

Sigma collects and processes Personal Data about current, past, or prospective Employees. This information is initially provided to Sigma by a prospective Employee on an application form or service contract, or through third parties Sigma works with for background and candidate screening before and during employment or service engagement. Sigma also collects Personal Data that you provide us via other means, such as survey feedback and responses where you choose to identify yourself and information provided by other third-party sources such as employment agencies, job boards, references, prior employers, and others. This information mainly comprises of:

  • Identity Data
  • Contact Data
  • Biographical Data
  • Immigration (when applicable)
  • Related Persons Data
  • Compensation Data
  • Expenses and Travel Data
  • Employment Data
  • Data from 3rd party sources (eg. Employment agency)
  • Performance Data
  • Systems Data
  • Compliance Data
  • Health Data ((including information about disabilities and doctors details).

Where Sigma obtains information about others (for example ‘referring a friend’), Sigma Employees providing such information must ensure that they gained the other’s consent or are otherwise entitled to provide this information to us.

11. Use and Disclosure of Personal Data.

Our legal basis for collecting and using your Personal Data will depend on the Personal Data we collect and the context in which we collect such Personal Data. In most cases, our processing of your Personal Data will be justified on one of the following bases:

  • As necessary for the performance of a contract with you or to take steps at your request to enter a contract, such as to perform our obligations under your employment contract and providing you with employment benefits;
  • As necessary for compliance with a legal obligation to which Sigma is subject, such as meeting statutory record keeping requirements, avoiding unlawful and discriminatory actions, and completing, legally required work authorization verifications;
  • As necessary for the legitimate interests pursued by the Sigma, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of Personal Data, including (i) for compliance, fairness, and fraud prevention purposes, including to implement diversity and equal opportunity programs, to comply with applicable laws and exercise or defend our legal rights and obligations; (ii) for Sigma’s security, business, planning, reporting and administration purposes related to your employment; (iii) to manage, maintain, develop, and improve our Employee benefits and management processes; (iv) to communicate with you and provide you with access to technologies, applications, tools, and software relevant and necessary for your job duties; (v) to manage our travel, expense, relocation, and other benefits related programs, (v) to provide you with reasonable accommodations and necessary adjustments and comply with our obligations under applicable law.
  • In limited circumstances, we will rely on your consent for processing of your Personal Data. Where we rely on your consent, we will make this clear at the relevant time to you. Whenever such consent is granted, you may withdraw your consent at any time.

Per our Privacy Principles stated in Section 6, we may share your Personal Data with certain third party service providers, such as screening services, legal, immigration lawyers, benefits providers etc, as applicable, including for following purposes:

  • Managing Human Resources processes.
  • Facilities and work environment services.
  • Monitoring equal opportunities.
  • Detecting crime.
  • Providing company news and updates.
  • To enforce compliance or contractual obligations.
  • To comply with any legal requirements.
  • To provide Employee benefits.
  • To prosecute and defend a court, arbitration, or similar legal proceeding.
  • To provide o respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.Employee benefits.
  • When we believe it is appropriate to do so to protect the rights, property, or safety of our company.

As part of our compliance with legal obligations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including those pertaining to national security or law enforcement purposes.

Personal Data collected by Sigma is not used for purposes unrelated to the purpose for which the information was originally collected. You as a data subject may at any time request Sigma to:

  • To review, update your Personal data held by Sigma.
  • Remove your Personal data from Sigma systems "the right to be forgotten"

Personal data relating to employment or services may be retained for 7 years following end of relationship or as otherwise required by law and regulations of the applicable jurisdiction.

12. Security and Integrity of Personal Data.

Sigma endeavors to protect the Personal Data of its Employees from unauthorized access or disclosure; to maintain data accuracy and completeness; and to ensure the appropriate use of information. Security measures including 3rd party audits, assessments, data monitoring, access controls are enabled to protect the data. All Sigma Employees are subject to strict confidentiality clauses in their contracts of employment. Access to Personal Data or sensitive Personal Data is restricted to authorized Employees.

13. Exceptions.

In situations where this Privacy Policy cannot be applied, an exception will be required with documented measures and controls. Employees should reach out to Human Resources for direction (in the manner stated in internal Sigma policies). Decisions will be made on the case-by-case basis, and if required Human Resources will also extend a security exception requirement upon discussing the matter with the Data Protection officer. All exemptions to Sigma’s internal policies must have an approved security exemption when applicable, or it will be considered out of compliance and subject to corrective actions.

14. Contact Us.

If you have any questions about this Privacy Policy or our privacy practices, or would like to access the information it contains in a different format please contact us at privacy@sigmacomputing.com or write to us at:

Sigma Computing, Inc.,
116 New Montgomery St., Suite 700,
San Francisco CA 94105