Mabel

Privacy Policy

Last Updated: November 22nd, 2024

Siena Labs Inc. ("Siena", "we", "our", or "us") values the privacy of its users, customers, and visitors. This Privacy Policy ("Policy") outlines the types of information we collect, how we use, share, and protect this information, and your rights and choices when it comes to your personal data. This Policy applies to the use of our artificial intelligence solutions and support services for customer experience, including customer support "AI Agents" (collectively, the "Services"), our website https://siena.cx/, (“the Site”) and any other interactions you may have with Siena.

By accessing or using our Services or Site, you agree to this Policy. If you do not agree with this Policy, please do not use our Services or Site.

1. Scope of this Policy

For purposes of this Policy:

  • An "Authorized User" means an individual who accesses the Services as, or on behalf of, a Customer, including Customer personnel.
    A "Customer" means an entity that has contracted with Siena (such as through an applicable Services Agreement or our Terms of Use) to access our Services.
  • A "Customer End User" means an individual whose information Siena receives from Customer, or otherwise processes on Customer's behalf, in connection with the Services provided by Siena to Customer pursuant to an applicable Services Agreement. Chatters who interact with the chatbot through the Services are "Customer End Users."
  • A "Site Visitor" means an individual who visits our Site outside of the context of our Customers' use of the Services.
  • “GDPR” means the Regulation(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  • “CPRA”means California Privacy Rights Act of 2020.

Who We Are And Whose Data We Process:

The data controller of:

  1. users of our Services;
  2. visitors of our Site;
  3. individuals who follow and interact with our profiles on our social media profiles;
  4. individuals who contact us via email or other available communication channels;
  5. individuals who are contacted by us in our sales and marketing efforts;
  6. candidates for our recruitment efforts;
  7. our business partners (advisors or consultants; contractors and service providers to our Services;

is Siena Labs Inc., 1209 Orange Street, Wilmington, Delaware, 19801, United States, e-mail address for data protection issues: privacy@siena.cx.

This Policy applies to our handling of information about Site Visitors, prospective Customers, and Customers and Authorized Users (in relation to their procurement of the Services and management of their relationship with Siena). We refer collectively to these categories of individuals as "you" throughout this Policy.

However, this Policy does not cover information about Customer End Users that Siena receives from Customer, or otherwise processes on Customer's behalf, in connection with the Services provided by Siena to Customer pursuant to an applicable Services Agreement (including the content of messages of Customer End Users ("End User Communications")). Siena processes End User Communications and other information of Customer End Users under the instructions of the relevant Customer, which is the "data controller" (or occupies a similar role as defined in applicable privacy laws), as described in the applicable Services Agreement between such Customer and Siena. Siena's obligations as a "data processor" or "service provider" with respect to such information are defined in such Services Agreement and applicable data protection addendum and are not made part of this Policy.

If you are a Customer End User and you have questions about how your information is collected and processed through the Services, please contact the organization (Siena Customer) who has provided your information to us for more information.

2. The Information We Collect

We collect, store, and use certain information from or about you for the purposes described below:

  1. Information You Provide To Us

We collect a variety of information that you provide directly to us. For example, we collect information from you when you:

  • Sign up for and use the Services;
  • Communicate with us (for example, when you communicate with our customer service teams or submit requests or questions to us via online forms, email, phone, chat, or otherwise);
  • Interact with us when we reach out to you by phone or email in our sales and marketing efforts;
  • Attend our conferences or events or interact with us at other conferences or events;
  • Apply for a job position in Siena;
  • Are our business partner (advisor or consultant, contractor and service provider).

We also obtain your personal information for Third Parties when we receive contact to you from our employees or associates, as part of a referral system. The types of data we collect directly from you include:

  • First and last name
  • Personal contact information (email address, phone number, postal address)
  • Online identifiers (such as Username and password associated with the Services)
  • Your position and role in your company or organization
  • In accordance with applicable law, photos, videos, or audio recordings of sales calls by voice or video chat

Any other information you choose to directly provide to us in connection with your use of the Site or Services.

In cases where personal data is obtained from third parties (e.g., clients of Siena using our AI product), we process this data solely based on the contract with the client and according to their instructions. The client, as the data controller, is responsible for ensuring compliance with the law regarding the processing of this data. In such cases, we act as a data processor (Article 28 of the GDPR).

Our AI product is used by Siena’s clients to improve their customer interactions. In these cases, Siena may process personal data provided by our clients. This means that the personal data we process is not collected directly from the data subject, but from a third party (the client).

In such scenarios:

  • Siena acts as a data processor on behalf of the client, who is the data controller.
  • We process the data strictly in accordance with the client’s instructions and the terms outlined in our agreement with the client.
  • The personal data that we process may include information about individuals who interact with our clients’ services, such as their customers or end users, as required for the operation of our AI solutions.

If you are a Customer End User whose personal data is processed through our AI services, and you wish to understand how your data is processed, please contact the organization (our client) that provided your data to us. Our obligations regarding this data are governed by the data processing agreement with our client, and we act in accordance with applicable data protection laws, such as GDPR or CPRA.

  1. Information We Collect Through Automated Means

When you use our Site or Services, we and our service providers (who are third parties that perform services on our behalf) automatically collect certain information about your device and how you use the Site or Services, including your IP address, browser type, browser language, operating system, the state or country from which you accessed the Site or Services, software and hardware attributes (including device IDs), number of clicks, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Site or Services, and other similar information. From your IP address, we may be able to infer your general location (e.g., city/state or postal code).

To collect this information, we and our service providers may use "cookies" or similar tools that track, measure, and analyze the behaviors and usage patterns of our users. Cookies are small data files that can be stored on your browser and device so we can recognize you when you return. We use cookies for analytics purposes, to deliver certain features of the Site or Services, to help us understand how users engage with the Site or Services, and to improve your experience. You may set your web browser to notify you when you receive a cookie and to accept or refuse certain cookies. However, if you elect not to accept cookies, some functionality and areas of the Site or Services may be restricted. To learn how to manage your cookies, please follow the instructions from your specific browser, or if accessing the Site or Services via a mobile device, refer to the manufacturer's instructions.

  1. Information We Collect From Others

From time to time, we may collect information about you from other sources, including our affiliates, marketing vendors, and third-party databases. We use this information to supplement the information that we collect directly from you and for any of the purposes described in the next section.

When you "like" or "follow" us on Facebook, LinkedIn, Twitter or other social media sites, we may collect some information from you including your name, email address, and any comments or content you post relevant to us.

3. How We Use Your Information

We use your information for various purposes depending on the types of information we have collected from and about you to:

  • Provide and maintain our Site and Services
  • Respond to your inquiries and requests for information, and provide you with more effective and efficient customer service
  • Engage in analysis and research regarding use of the Site and Services, improve the Site and Services, and develop new products and services
  • Measure the effectiveness of our advertising and deliver relevant advertising to you
  • To suggest Services that may be of interest to you
  • Secure our Site and Services and resolve technical issues being reported
  • Comply with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others
  • Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others

We process your personal data to provide our services, including managing your user account, offering technical support, tailoring our products to your needs, and analyzing user activity to improve our services. The legal basis for processing is your consent and the fulfillment of a contract. In some cases, we may also process data to pursue our legitimate interests.

Aggregate/De-Identified Information:

We may aggregate and/or de-identify any information collected through our Services so that such information can no longer be linked to you or your device ("Aggregate/De-Identified Information"). We may use such information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, partners, and sponsors.

4. Legal Bases For Use Of Your Information

We process personal data for the following purposes:

  1. Signing up and using the Services:
  • performing the contract we are about to enter into or have entered into with you for the Site or Services (Article 6(1)(b) GDPR);
  • providing access to the Application and its features in accordance with the Terms of Service (Article 6(1)(b) of the GDPR), including but not limited to enabling you to use the following features:some text
    • creating and maintaining personal account which You use while using the Application;
    • texting with our AI chatbot
  • ensuring the proper technical functioning of our Site (Article 6(1)(f) GDPR);
  • profiling for the purpose of analyzing statistics on the use of our Site (Article 6(1)(f) GDPR);
  • carrying out analysis (including statistical analysis) of the Site, i.a. for its functioning, improvement of the performance of the available services, or assessment of the main interests and needs of users, which constitutes our legitimate interest (legal basis: Article 6(1)(f) of the GDPR).
  • sending marketing, commercial or other information related to the services provided to users - based on your consent or our legitimate interest in informing you about our services in connection with your consent (Article 6(1)(a) or Article 9(2)(a) or Article 6(1)(f) of GDPR);
  • promoting safety, security and integrity of our services - verify accounts and related activity, find and address violations of our policies and Terms of Service, investigate suspicious activity, detect, prevent and combat harmful or unlawful behavior, detect fraudulent behavior (Article 6(1)(c) or (f) of the GDPR).

  1. Communicating with us:
  • responding to inquiries and comments received (Article 6(1)(f) of the GDPR).

The provision of your personal data is necessary to respond to your enquiries.

  1. Interacting with us when we reach out to you by phone or email in our sales and marketing efforts:
  • responding to inquiries received (Article 6(1)(f) of the GDPR);

  1. Attending our conferences or events or interact with us at other conferences or events:
  2. Applying for a job position in Siena:
  • keeping records relating to your job application for the purposes of future recruitment processes - provided you have given your consent (Article 6(1)(a) of the GDPR);
  • carrying out the recruitment process and assessment of your abilities, competences and suitability for the position you are applying for (Article 6(1)(b) of the GDPR and Article 6(1)(a)of the GDPR);
  • fulfilling legal obligations that arise from the provisions of the relevant labor regulations and other provisions (Article 6(1)(c) of the GDPR).

Providing some of your personal data is necessary for the recruitment process. For the rest, the provision of data is voluntary and is not a necessary condition for taking part in the recruitment process. If you do not want us to process your personal data beyond the scope of the relevant labor regulations, simply do not include it in your application.

  1. Our business partners (advisors or consultants, contractors and service providers):
  • contacting with our business partners (article 6(1)(b) of the GDPR);
  • contacting with employees of our business partners (Article 6(1)(f) of the GDPR);
  • defending and enforcing claims arising from contracts concluded with our business partners (Article 6(1)(f) of the GDPR).

5. Online Analytics And Advertising

ANALYTICS

We may use third-party web analytics services (such as those of Google Analytics) on our Site or Services to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here. If you receive email from us, we may use certain analytics tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

ONLINE ADVERTISING

In using the Site or Services, we may allow select third party advertising technology partners to place cookies or other tracking technologies on the browser of your device to collect information about you as discussed above. These third parties (e.g., ad networks and ad servers such as Twitter Ads, Bing Ads, and others) may use this information to serve relevant content and advertising to you as you browse the Internet, and access their own cookies or other tracking technologies on your browser to assist in this activity. If you are interested in more information about these online advertising activities, and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative's Consumer Opt-Out link, the Digital Advertising Alliance's Consumer Opt-Out link, or Your Online Choices to opt-out of receiving tailored advertising from companies that participate in those programs. We do not control these opt-out links or whether any particular company chooses to participate in these opt-out programs. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms. Please note that if you use these mechanisms, you may still see advertising on our Site or Services or across the Internet, but it will not be tailored to you based on your online behavior over time.

DO NOT TRACK ("DNT")

DNT is a privacy preference that web users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our Services through cookies and similar technologies, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals.

6. Disclosure of Information

We will share your information in the following ways:

Vendors and Service Providers

To assist us in meeting business operations needs and to perform certain services and functions, we may disclose Information to vendors and service providers, including cloud services, billing and payment, advertising and marketing, analytics, event management services, data storage or processing, and other information technology services providers.

Affiliates and Subsidiaries

We may share the information we collect within the Siena family of companies for the purposes outlined in this Policy.

Your Company

If you are an Authorized User, we may provide your information to the company you are engaged or employed by to fulfill and enforce our applicable sales agreement with your company, and to inform your company regarding usage, support, or training needs.

Protection of Siena and Others

By using the Site or Services, you acknowledge and agree that we may access, retain, and disclose the information we collect and maintain about you if required to do so by applicable law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process (e.g. a subpoena or court order); (b) enforce any contracts with you; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property or personal safety of Siena, its agents and affiliates, its users and/or the public.

‍Business Transactions

In accordance with applicable legal obligations, your information may be provided to third parties in connection with a merger or acquisition (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Siena or our assets, or as part of a corporate reorganization or stock sale or other change in corporate control or business change, including for the purpose of determining whether to proceed or continue with such transaction or business relationship.

With Your Consent or at Your Direction

In addition to the sharing described in this Policy, we may share information about you with third parties whenever you consent to or direct such sharing.

We do not sell personal data to third parties for monetary gain, nor do we share your personal data for cross-context behavioral advertising, including any sensitive personal data.

However, we may disclose your personal data to third parties to assist us in providing services, protecting our customers from risk, marketing our products, and fulfilling legal obligations.

Your personal data may be transferred by these entities outside the US and European Economic Area on the basis of relevant security measures mentioned in Article 46(2) of the GDPR. Any questions regarding the transfer of data outside the US and EEA should be addressed directly to these entities. 

7. Retention Of Your Information

We keep your information for no longer than necessary for the purposes for which it is processed.

Below you will find out how long we keep the personal data, depending on the subjects and categories of data processed:

  1. users of our Services:
  • we store information about your IP address for as long as it is archived in the logs of the server on which our Website is can be found;
  • we store the information contained in cookies in accordance with their retention periods;
  • if you consent to sending you marketing, commercial or other information related to the services we provide on the Application, we will continue to send you such information until you withdraw your consent.

  1. persons who follow and interact with our social media profiles: 
  • we store the data necessary to follow our social media profiles and respond to your enquiries via these media for as long as you remain a follower of our profiles or interact with them, whereby your interactions such as comments or likes remain visible even after you stop following our profiles, for as long as you do not revoke or delete them.

  1. individuals who contact us via email, contact form, telephone or other available communication channels:
  • we keep the data necessary to respond to your enquiries for as long as it is necessary to resolve your case or as long as the statutory limitation periods require;
  • in addition, we retain personal data needed for defense or assertion of claims for as long as required by the statutory limitation periods;
  • if you have consented to sending you marketing, commercial or other information relating to the services we provide on our Services we will continue to do so until you withdraw your consent.

  1. candidates for employees:
  • if you do not consent to the processing of your personal data contained for the purposes of your participation in future recruitment processes, we delete this data immediately after the recruitment process for the position you are applying for has ended;
  • if you consent to the processing of your personal data contained for the purposes of your participation in future recruitment processes, we retain this data until you withdraw your consent, but for no longer than for a period specified by relevant legal regulations.

  1. our business partners (advisors or consultants, contractors and service providers):
  • we retain personal data that we obtain through contact with employees or associates of our business partners and through contact with our business partners for the period of storing accounting or tax documentation as required by law;
  • additionally, we retain the data we need for defense or assessment of claims arising from contracts concluded with our business partners, for as long as the statutory limitation periods require us to do so.

8. Your Rights And Your Choices

You have certain rights with respect to your information as further described in this section and the 12 section, if you are a California resident.

Your Legal Rights

If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the "Contact Information" section below at any time. Your local laws (e.g., if you are a citizen or resident of the European Economic Area or California) grant you the following rights to:

  • request access to and rectification of your personal data

At any time you have the right to access information about you and to have it rectified if it is incorrect.

  • delete your personal data and the right to restrict its processing

Upon your request, we will delete the data collected about you, once the purpose for which the data was collected has been fulfilled. You have the right at any time to request that we delete your data or restrict its processing.

  • right to data relocation

To the extent in which personal data is processed by automated means for the purpose of execution of a contract (Article 6(1)(b) of the GDPR) or on the basis of your consent (Article 6(1)(a) of the GDPR, Article 9(2)(a) of the GDPR), you have the right to receive your personal data from us in a structured, commonly used machine-readable format, and you have the right to send this personal data to another data controller without any hindrance from us.

  • right to object to processing

To the extent that your personal data is processed for the execution of our legitimate interests (Article 6(1)(f) GDPR), you have the right to file an objection to the processing of your personal data.

  • the right to lodge a complaint with a supervisory authority

If you believe that our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with the supervisory authority.

  • the right to withdraw consent to the processing of personal data

If we process your personal data on the basis of your consent, you have the right to withdraw the consent you have given at any time, which does not affect the compatibility of the processing carried out on the basis of this consent before its withdrawal. 


Such laws may also permit you to revoke your consent to the processing of your information for certain purposes. We will consider all requests and provide our response within the time period stated by applicable law and as otherwise required by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.

If you are a Customer End User and your information has been collected by Siena as a result of our Customer's use of the Services pursuant to a Services Agreement between Customer and Siena, Siena collects and processes any information of yours under the directions of the relevant Customer. If these circumstances apply to you and you wish to access, correct, delete or exercise any rights you may have under applicable data protection laws with respect to any information that we have collected about you, please direct your query to the relevant Customer, as this may expedite the completion of your request. We will provide reasonable assistance to our Customers to give effect to data subject rights as appropriate and required by applicable laws.

Marketing Communications

If, in accordance with applicable legal requirements, we send you marketing communications regarding our Services or the services of third parties that we believe will be interesting to you, you can ask us to stop sending such communications at any time by contacting us using the information in the "Contact Information" section below. In our marketing email messages, you can also opt out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and share certain information as permitted by this Policy or as required by applicable law. For example, you may not opt out of certain transactional emails from us, such as those confirming your requests or providing you with updates regarding our Policy or other terms.

You can exercise these rights by contacting our Data Protection Officer at privacy@siena.cx.

9. Third Party Links And Features

Our Services may contain links to third-party websites. If you choose to visit these sites and use their services, please note that we are not responsible for their content or privacy practices. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party websites, and not this Policy. We urge you to read the privacy policies of these third parties.

10. International Users

Your information is maintained and processed by us and our third-party service providers in the United States, and elsewhere. Thus, your information may be maintained, processed, and stored in other jurisdictions that may have different data protection laws than those in your country of residence. In the event that your information is transferred in these ways, please note that we comply with applicable legal requirements governing the transfer of information across borders. By using the Services, you agree to and acknowledge these transfers.

11. How We Protect Your Information

Siena takes a variety of technical and organizational security measures to protect the information provided to us from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Please keep this in mind when disclosing any information to us online.

12. Privacy Information For California Users

Additional Information for California Residents

This section complements other parts of our Policy and offers additional details for California residents, as required by the CPRA. It outlines both our personal information processing activities over the past 12 months and our current practices. Please review this information alongside the rest of our Policy. For example, we’ve already described the categories of personal information we collect, the sources of that information, and our reasons for collecting it earlier in the Policy. We have also covered how we share personal information with others and how you can exercise your privacy rights. If we mentioned “information” or “data” above this section within the document, for those covered by the CPRA, it is “personal information” within the meaning of the CPRA.

Do Not Sell Rights.

Please note that the CPRA sets forth certain obligations for businesses that "sell" personal information to third parties. We do not engage in such activity as defined in the CPRA and have not engaged in such activity in the past twelve months from the Effective Date of this Policy.

Your California Privacy Rights

In addition to the rights indicated in section 8, CPRA empowers you to:

  • opt out from the sale or sharing of Personal Information;
  • limit the use and disclosure of Sensitive Personal Information.

California Shine the Light Law

California’s “Shine the Light” law gives Californians the right to request information from us about how we share personal information with other parties for their direct marketing purposes. We share this kind of information for this purpose (as stated in Section 3). This means that you can submit a request to share this data.

Your Right To Opt Out of The Sale or Sharing Your Personal Information and how you can exercise it

We share your personal information with the third parties listed on Section 6 within this document.

You have the right to opt out of sharing your personal information, which means that whenever you request us to stop sharing your personal information, we will abide by your request. Such requests can be made freely, at any time, without submitting any verifiable request. To fully exercise your right to opt out, you can contact us at any time using the contact details provided in this document. We use any personal information collected from you in connection with the submission of your opt-out request solely for the purposes of complying with the opt-out request.

Once you have opted out, we are required to wait at least 12 months before asking whether you have changed your mind.

The right to not be discriminated against for exercising Consumer rights:

The CPRA further provides you with the right not to be discriminated against (as provided for in applicable law) for exercising your rights. We are obligated to avoid discriminating against Consumers who choose to exercise their rights under this law. This means that if a Consumer decides to exercise any rights concerning their Personal Information—such as the right to access, delete, or opt out of the sale of their data—we cannot respond by:

  • Refusing to provide goods or services;
  • Charging different prices or fees, including withholding discounts or benefits;
  • Offering a lower quality or standard of goods or services;
  • Taking any negative action against employees, job applicants, or contractors for asserting their rights.

Please note that certain information may be exempt from such requests under California law. For example, we need certain information to provide the Services to you. We also will take reasonable steps to verify your identity before responding to a request. If we are unable to verify you, we shall have the right, but not the obligation, to request additional information from you. Remember that personal information collected in relation to your request must only be used for verifying that request and should not be disclosed or retained longer than necessary.

Children:

Our Service is not intended for children under 13 years old, and we do not knowingly collect personal data from anyone under this age. If you suspect that a child under 13 has shared personal information through our Service, please contact us at privacy@siena.cx. We will review the situation and, if necessary, remove the data from our systems. If you are between 13 and 18 years old, you must have your parent or guardian's consent to use our Service.

If you would like further information regarding your legal rights under California law or would like to exercise any of them, or if you are an authorized agent making a request on a California consumer's behalf, please contact us using the contact information provided below. If you are a Customer End User, please contact the Customer who has provided your information to us for more information.

13. Changes To Our Policy

The provisions of Privacy Policy may be subject to improvements and changes and the latest version will be published on our Site each time and will be dated as of the last update, unless another type of notice is required by applicable law. By continuing to use our Service or providing us with Personal Information after we have posted an updated Privacy Policy, or notified you by other means, you consent to the revised Privacy Policy. We update our Privacy Policy at least once a year.

14. Contact Information

If you have any questions or concerns not already addressed in this Privacy Policy please email us at privacy@siena.cx or write to: Siena Labs Inc., 1209 Orange Street, Wilmington, Delaware, 19801, United States.

15. EU representative and DPO 

We have appointed Honest Tech s.r.l. as our representative in the European Union. Honest Tech s.r.l. is located at Sat. Sînmartin - com. Sînmartin 417495 Str. Liviu Rebreanu nr. 19, Romania.

Additionally, we have appointed Damian Klimas as our Data Protection Officer (DPO). He can be contacted via email at privacy@siena.cx for any inquiries or concerns regarding the processing of personal data.