BIGID PRIVACY NOTICE
Last Updated: March 11, 2025

This Privacy Notice (or “Notice”) describes the information that BigID Inc., its subsidiaries, and its affiliated companies (“BigID”, “our”, “we”, or “us”) may collect, use, and disclose about customers or users (“you” or “your”) when you visit our websites www.bigid.com and university.bigid.com (“Websites”); register for or attend our events, webinars, and newsletters; and register for a demonstration or trial of our products. 

BigID is committed to the responsible collection and use of your personal information under this Notice, which includes any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with an identified or identifiable individual. If an applicable law describes personal information more broadly, we will apply that definition. However, this Notice does not address any personal data included in documents, content, intellectual property, or information that is input into the software or used in advisory services (collectively, the “Services”) by you or on your behalf or that output from your use of the Services, which we address in our software licensing agreements with customers.

If you have questions about anything in this Notice, please contact us at [email protected].

This Notice addresses the following:

1. Personal Information Collected
2. Uses of Personal Information
3. Disclosure of Personal Information
4. Selling/Sharing Personal Information
5. Retention of Personal Information
6. Safeguarding Personal Information
7. Managing Your Personal Information
8. Use of BigID’s Service by Minors
9. International Transfers of Personal Information
10. EU-US Data Privacy Framework Principles
11. Residents of the EEA, UK and Switzerland
12. US Data Privacy Laws
13. Updates to This Notice
14. How to Contact Us

1. Personal Information Collected

Data Collected Directly from You:

BigID collects personal information directly from you, which may include:

• Contact Details: We collect your contact details when you register for an event, inquire about or sign up for our Services, or download or sign up for our content (e.g., newsletters). This may include your name, email address, company name, job title, postal addresses, and phone number. We also keep a record of any correspondence that you send when you contact us through the Websites.
• Account Creation Data: When creating an account for new customers, we collect log-in credential data, transactional information (e.g., Services purchased), as well as any contact details or other personal information you choose to provide us or upload to our systems when creating your account.
• Device Information: We may collect certain personal information related to your device when you visit our Websites, such as your device’s IP address, the referring website, the pages your device visited, and the time and date that your device visited our Websites.
• Preferences: We may collect personal information on your preferences for receiving marketing communications and details about how you engage with us.
• Chatbot Data: We may collect a log of your interactions with BigID’s chatbot.
• Administrative and Support Data: We may collect personal information about your use of and access to our Services, which may include administrative and support communications with us, third-party integrations you use (if any), and messages, persons, features, content, and links you interact with.
• Payment Information: We may collect and store payment information as needed to facilitate transactions with BigID.
• Cookies and Similar Technologies: We use various technologies to collect information on our Websites and online services. For more information, see our Cookies and Similar Technologies Notice.
• User Feedback: We may collect feedback data via the Services, following a webinar, or after receiving help from our support team.
• BigID University and BigID On-Demand Lab Services Usage Data: When accessing BigID University or the BigID sandbox environments offered through our On-Demand Lab Services, we may collect certain personal information about your general usage data, which may include but is not limited to website clicks, learning history, mouse movements, and browser types.
• Developer Community Data: When you participate in our Developer Community, BigID may collect your contact information, including mailing address, email address, photo, domain details, username, and other similar information, as well as information about the individual’s device.
• Employment information: If you apply for an open position with BigID, we will collect employment application information, such as your resume, LinkedIn profile, cover letter, and online portfolio.

Data Collected from Other Sources:

Online Sources. BigID may collect personal information from other sources, including third-party platforms and online databases and directories, as well as third parties from whom we have purchased personal data. We may combine this data with personal information we already have about you to ensure such personal information maintained by BigID is accurate and up to date. BigID may also engage in joint marketing activities or event sponsorships with third-party partners, and we may collect personal information about you from these activities. We rely on our partners to obtain your consent before sharing your personal information with us.

Integrations. If a customer integrates a third-party service with the BigID platform, BigID may receive certain information from the third-party provider about the customer’s partnership with the third party.

2. Uses of Personal Information

BigID uses your personal information for the following purposes:

• Communicating with You. BigID uses the personal information it collects to (1) communicate with you regarding our Services, including by sending you announcements, technical notices and updates, security alerts, and support and administrative messages, and (2) to allow you to download white papers, inquire about our Services, and participate in our surveys, promotions or events. We use this information to provide you with the material(s) you requested, to follow up with you about your interest in the Services, and/or to register you for an event. Additionally, we may use personal information to understand your preferences in order to enhance your experience and send you information about BigID, such as upcoming promotions or events.
• Providing and Improving the Services. BigID uses the personal information it collects to (1) provide, operate, maintain, administer and improve the Services; (2) prevent or address issues in connection with support matters; and (3) respond to Services- and employment-related requests, questions, and feedback.
• Managing the Websites. BigID uses the personal information it collects to manage the Websites, including by enhancing their functionality, maintaining user-selected preferences and delivering relevant content to enrich the user’s experience. More information on how web trackers are managed on the Websites can be found in BigID’s Cookies and Similar Technologies Notice.
• Marketing and Advertising. BigID may use the personal information it collects to manage advertising, conduct market research and/or provide you with offers or advertisements based on your browsing activities. Using personal data obtained by third party sources helps us to update, expand and analyze our records, identify new customers, and create more tailored advertising to provide products and services that may be of interest to you. You have the right to opt out of any marketing or advertising communications via the link ‘Your Privacy Choices’ in the footer of www.bigid.com or via the opt out prompt in a marketing email.
• Testimonials and User-Generated Content. We may ask for your explicit consent to collect or use your personal information to post a testimonial or endorsement of the Services on our websites. Please be aware that whenever you voluntarily disclose personal information online, the information becomes public and can be collected and used by others. We have no control over, and take no responsibility for, the use, storage, or dissemination of such publicly disclosed personal information. By posting personal information online in public forums, you may receive unsolicited messages from other parties.
• Legal Bases for Processing. We collect and process personal information where there is a legal basis to do so. There are four primary bases upon which we rely when processing personal information:
  • Contract. We process personal information to fulfill terms of a contract entered between BigID and its customers, vendors, and partners.
  • Legitimate Interest. We have a legitimate interest in operating and improving the Services, protecting the security of personal information we process, supporting our customers, marketing and promoting our Services as otherwise necessary to protect BigID.
  • Consent. Where a user provides consent, BigID uses their personal information for a specific purpose.
  • Legal Obligation. We may be required to process a user’s personal information to comply with applicable law; to pursue, defend, and manage legal claims and disputes; to enforce our contracts; to ensure compliance with our legal and contractual obligations and our internal policies; and to respond to lawful requests from governmental authorities.
• Use for New Purposes: Where permitted by law, we may use your personal information for reasons not described in this Notice when the reason is consistent with the purpose for which it was collected.

3. Disclosure of Personal Information

BigID may disclose your personal information for the following purposes:

• To Provide Services. We may share your personal information with our affiliates and service providers in order to administer and provide the Services on our behalf, and/or provide other services such as marketing, billing, data analysis, customer service, email delivery, auditing, etc. These service providers are authorized to use your personal information only as necessary to provide the requested services to BigID.
• Marketing and Advertising. We may share personal information with third-party social networking programs, like LinkedIn, for marketing and advertising purposes. We may also share your data with our partners who co-sponsor events that you choose to attend. We may share or sell your personal information as described in Section 4. You may opt out through the portal in the footer of www.bigid.com labeled ‘Your Privacy Choices’ or by implementing the Global Privacy Control (“GPC”).
• Third-Party Partners. BigID discloses personal information to third parties for the purposes of providing and operating the Services. For example, our network of partners enables us to offer various integrations that interconnect with third-party software and BigID may, acting on our customer’s behalf, share personal information with the provider of an integration selected by the customer. BigID is not responsible for the acts and omissions of such third parties, and such relationship is governed by the contract signed between the customer and the partner. Note that this Notice does not address, and BigID is not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any site or service to which the Websites link. The inclusion of a link on the Websites does not imply endorsement of the linked site or service by us or our affiliates.
• Compliance with Laws and Disputes. We may disclose information as necessary (a) for security, compliance, fraud prevention, and safety purposes; (b) as required by law, lawful requests, or legal process, such as to respond to subpoenas or requests from government authorities; (c) where required by law in connection with any legal investigation; and (d) to take legal action or defend legal claims.
• Business Transfers and Structure Changes. If we engage in a merger, acquisition, bankruptcy, dissolution, financing, reorganization or a similar transaction or proceeding, some or all of BigID’s business records and/or assets containing personal information may be disclosed as part of that transaction or proceeding.

4. Selling/Sharing Personal Information

BigID does not sell your personal information for money. However, some laws define the “sale” of personal information to include disclosures of personal information for commercial activities, such as targeting advertising, and may define “sharing” of personal information as providing it to advertising networks and other companies that facilitate digital advertising for purposes of cross-context behavioral advertising. Under that broader definition, in the past 12 months, BigID has shared and/or sold personal information with third parties to promote our Services.

BigID may sell the following categories of personal information: (i) identifiers, (ii) internet/electronic activity, (iii) commercial and/or financial information, (iv) professional and/or employment information, and (v) inferences/preferences.

BigID does not knowingly sell or share the personal information of minors under the age of 16.

5. Retention of Personal Information

We retain your personal information for the least amount of time necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider its volume, nature, and sensitivity, the potential risk of harm from its unauthorized use or disclosure, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and applicable legal requirements.

6. Safeguarding Personal Information

BigID maintains organizational, technical, and administrative security measures designed to protect personal information within our organization.

Please be advised that no security safeguards or standards are guaranteed. You should always use appropriate self-protection measures and practice safe browsing on all websites. For more information, the National Cybersecurity Alliance provides comprehensive information on how to stay safe online.

7. Managing Your Personal Information

Individuals in specific jurisdictions, including but not limited to the EEA, Switzerland, UK, California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, Virginia and Brazil, have certain rights to their personal information. This section describes those rights and how you can exercise them with BigID.

• Marketing Preferences.
• • You may opt out of certain marketing communications or withdraw previously provided consent for posted testimonials.
  • You may opt out of the sale or sharing of your personal information for targeted advertising through the portal in the footer of www.bigid.com labeled ‘Your Privacy Choices’ or by implementing the Global Privacy Control (“GPC”).
  • You can learn more about BigID’s use of information technologies with respect to our marketing efforts in Exhibit A.
• Right to View and Access. You have the right to know whether your personal information is being processed and how and with which third parties it’s being shared. You also have the right to request access to your personal information and request a copy of the personal information being processed.
• Right to Erasure. You may request that we erase your personal information, subject to certain exceptions as set forth in applicable laws.
• Right to Rectification. You may request that we correct or rectify your personal information that is inaccurate.
• Right to Restrict Processing. You may request that we restrict processing of your personal information
• Right to Data Portability. You have the right to receive the personal information you provided us in a structured, industry-standard and machine-readable format and you have the right to transmit the personal information to a third-party of your choice.
• Right to Limit Use of Sensitive Personal Information. You have the right to limit our use and disclosure of your sensitive personal information.
• Right to Object to Processing. You have the right to object to our processing of your personal information for direct marketing or on our reliance of legitimate interests as the basis of our processing of your personal information when you have specific grounds to object.
• Right to Opt Out of Automated Decision Making. You have the right not to be subject to a decision based solely on automated processing, including profiling.
• Right Not to Receive Discriminatory Treatment. You have the right to not be discriminated against for exercising your privacy rights.

The rights set forth in this section can be actioned either through the portal accessed through the ‘Your Privacy Choices’ link at the footer of www.bigid.com, by emailing [email protected], or by mail sent to our postal address below:

BigID, Inc.
379 W Broadway, Floor 2, New York, NY 10012
Attention: Privacy Officer

We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will provide you with the reason for such determination, if permitted by law. If you would like to appeal our decision or submit a complaint about our use of your personal information or response to your requests, you may contact us at [email protected] or submit a complaint to the data protection regulator in your jurisdiction.

8. Use of BigID’s Service by Minors

Our Websites and Services are intended for use by individuals who are 18 years old and older. BigID’s policy is to not seek to collect personal information on any person under the age of 18. If you inform us or we otherwise become aware that we have unintentionally received personal information from an individual under the age of 18, we will delete this information from our records.

9. International Transfers of Personal Information

Your personal information may be stored and processed in any country where we have facilities or in which we engage service providers and, by visiting our Websites and/or using the Services, you consent to the transfer of information to countries outside of your country of residence. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal information.

10. EU-US Data Privacy Framework Principles

• The Principles. BigID complies with the EU-US Data Privacy Framework and, as applicable, the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (“Swiss-US DPF”) (collectively, the “EU-US DPF” for purposes of this Notice) as set forth by the US Department of Commerce. BigID has certified to the US Department of Commerce that it adheres to the EU-US DPF Principles with regard to the processing of personal information received from the European Union in reliance on the EU-US DPF.
• Conflict. If there is any conflict between the terms in this Notice and the EU-US DPF Principles, the EU-US DPF Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
• Your Rights. You are entitled to manage your rights as detailed in Section 7. Further, pursuant to the EU-US DPF Principles, EU, UK, and Swiss residents have the right to obtain confirmation of whether BigID maintains your personal information in the United States.
• Inquiries and Complaints. Residents of the EU, UK, and Switzerland with inquiries or complaints regarding BigID’s handling of personal information received in reliance on the EU-US DPF should contact BigID to discuss and resolve such inquiries and/or complaints. You may contact BigID at [email protected] or at the following address:

BigID Inc.
379 W Broadway, Floor 2
New York, NY 10012
Attention: Privacy Officer
Email: [email protected]

• Independent Recourse Mechanism Further, BigID has committed to refer unresolved privacy complaints under the EU-US DPF Principles to BBB National Programs (“BBB”), a US-based independent dispute resolution mechanism. If you do not receive timely acknowledgment of your complaint from BBB, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
• Arbitration. If your EU-US DPF Principles-related complaint cannot be resolved through the channels listed in this section, under certain conditions, you may invoke binding arbitration for residual claims not resolved by any of the other DPF redress mechanisms. For additional information, please review Annex 1 to EU-US DPF.
• US Federal Trade Commission Enforcement. The US Federal Trade Commission has jurisdiction over BigID’s compliance with the EU-US DPF.

11. Residents of the EEA, UK and Switzerland

• EEA Representative: Under European data protection laws, and except when acting as a processor on behalf of our customers, BigID is the controller of your personal information covered by this Notice. You can contact us and our EU Representative at [email protected].
• UK Representative: Under UK data protection laws, and except when acting as a processor on behalf of our customers, BigID is the controller of your personal information covered by this Notice. You can contact us and our UK Representative at [email protected].
• Swiss Representative: Under Swiss data protection laws, and except when acting as a processor on behalf of our customers, BigID is the controller of your personal information covered by this Notice. You can contact us and our Swiss Representative at [email protected].
• Legal bases for processing: We only use your personal information where we have a legal basis to do. The following table describes the legal bases we rely upon to process your personal information. If you have questions about the legal basis under which we process your personal information, you may contact us at [email protected].

Purpose of Processing Data	Legal Based Supporting the Processing
Providing and improving the Services	Performance of a contract; legitimate interests
Communicating with you	Consent; performance of a contract
Marketing and advertising	Legitimate interests
Security, compliance, fraud prevention and safety reasons	Legitimate interests
To establish a claim, exercise a legal action, or defend against legal claims	Legitimate interests
To comply with applicable law	Legal obligations
When you provide consent (which is revocable at any time by emailing [email protected])	Consent

 

 

 

 

 

 

 

If you are in the EEA, UK, or Switzerland you have the following rights related to your personal information: (1) right to view and access, (2) right to erasure, (3) right to rectification, (4) right to restrict processing, (5) right to data portability, (6) right to object to processing of your personal information for direct marketing purposes and (7) the right to opt out of automated decision making. These rights can be actioned either through the portal accessed through the ‘Your Privacy Choices’ link at the footer of www.bigid.com or by emailing [email protected].

You have the right to submit a complaint to the supervisory authority of the appropriate jurisdiction via the contact information detailed here.

12. US Data Privacy Laws

We process personal information in accordance with applicable US state privacy laws. Several state laws require additional information on the processing of residents’ personal information. The below disclosure supplements the Notice.

• US State Privacy Law Disclosures. Several states, including the California Consumer Privacy Act of 2018, as amended by the newly enacted California Privacy Rights Act of 2020 and the California Consumer Privacy Act Regulations (collectively defined as the “CCPA”), require BigID to provide residents additional information, as set forth below.
• Rights Available to You.
  • Residents of states with privacy laws may have rights to manage their personal information, as outlined in Section 7. For example, California residents have the right to view, access, delete, and correct their personal information. They also have the right to opt out of the sale or sharing of their personal information, to limit the use and disclosure of their sensitive personal information, and to not receive discriminatory treatment by BigID for the exercise of their privacy rights. Please note that BigID does not use or disclose sensitive personal information except to provide you the Services or as otherwise permitted by applicable privacy law.
  • You or your authorized agent can submit a request to exercise your rights by visiting the portal in the footer of www.bigid.com labeled ‘Your Privacy Choices’ and following the prompts on the screen. Should you submit a request, BigID will verify your or your authorized agent’s identity.
• Collection, Use, and Disclosure of Personal Information. For information on the types of personal information we collect, including the personal information we have collected from California residents in the last 12 months, the sources of that collected personal information, the purposes for collecting personal information, and the categories of third parties with whom we share that information, please refer to Sections 1, 2, and 3 on collection, use, and disclosure.
• Data of Minors. BigID does not seek to process personal information of individuals under the age of 18.
• Retention. We only retain your personal information for as long as necessary to fulfill the purposes for which it was collected. To determine the appropriate retention period for personal information, we consider the volume, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
• California’s Shine the Light Law. California residents may ask BigID to provide the names of third parties to whom we have disclosed personal information in the last 12 months for direct marketing purposes and to identify the categories of personal information disclosed to them. You can request this information by emailing BigID at [email protected]. We may require additional information from you to verify your identity and California residency.
• Submitting a Complaint. If you would like to appeal our decision or submit a complaint about our use of your personal information or response to your requests, you may contact us at [email protected] or submit a complaint to your state’s Attorney General or, for California residents, to the California Privacy Protection Agency.

13. Updates to This Notice

We may periodically review and update this Notice as appropriate. Any changes or updates we make will become effective once we post the revised Notice on the Websites. The date at the top of the page indicates when this Notice was last revised.

We encourage you to please review this page regularly for the latest information on our privacy practices. By visiting the Websites following these changes, you accept the revised Notice.

14. How to Contact Us

If you have any questions or concerns about this Notice, please contact us at:

BigID Inc.
379 W Broadway, Floor 2
New York, NY 10012
Attention: Privacy Officer
Email: [email protected]

Exhibit A

BigID’s Use of Information Technologies

The following table describes various types of technologies BigID uses when a user or customer interacts with us online:

Type of Technology	Description of Use
Cookies	BigID uses a cookie consent tool, which allows a user to customize their cookie preferences. When you visit our Websites for the first time, a cookie consent banner will pop up and ask you to customize your cookie preferences. Please note that required cookies cannot be disabled and if you opt out of functional cookies, certain functionality of our Websites may be impacted. To learn more about the types of cookies we use please see our Cookies and Similar Technologies Notice.
Global Privacy Control (“GPC”)	The GPC is a technical specification that you can use to inform websites of your privacy preferences regarding web trackers. To set up the GPC, you can visit the Global Privacy Control website. If you choose to set up GPC, we will automatically turn off all non-required cookies on BigID’s websites for you. Please note that this may impact the functionality of our Websites.
Web Optimization Services	BigID shares data with Google Analytics to understand and optimize website performance and enhance site usability. Google Analytics runs in the background of www.bigid.com, analyzing site usage information and then returning reports to us through an encrypted connection. These services are required to maintain data securely and confidentially. If you would like to opt out of Google Analytics on a per browser basis, you can Click Here to download the Google Analytics opt out browser add-on. For more information on Google Analytics, click here.
Social Media Widgets	Our Services may include social media features, such as the Facebook “like” button, and widgets, such as the “share this” button. These features may collect your information and track your use of the Services. These social media features are either hosted by a third party or hosted directly in the Services. Your interactions with these features are governed by the privacy notice of the company providing such functionality. You can manage your preferences for many of these advertising programs directly through the links provided below: Facebook Instagram LinkedIn
Social Network and New Technology Advertising Programs	BigID has relationships with several social networks and new technology companies. These companies have specific interest-based advertising programs that match people who have shown interest in BigID through our Websites or other services with their platforms (such as LinkedIn features). This matching allows us to deliver relevant, interest-based advertisements on those companies’ networks. You can manage your preferences for many of these advertising programs through the links provided below: Google LinkedIn StackAdapt 6Sense

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Do Not Track. BigID does not currently recognize nor process Do Not Track signals from different web browsers. You can manage your preferences for tracking across sites in the table above. For more information on Do Not Track please visit https://allaboutdnt.com/.