Privacy Shield Notice

Effective as of June 27, 2018.

BigID (“BigID” or “we”, “us” or “our”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred to the United States pursuant to Privacy Shield.  BidID has certified that it adheres to the Privacy Shield Principles with respect to such data.  If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, the Privacy Shield Principles and to view our certification, please visit www.privacyshield.gov.

Scope.  Our certification of adherence to the Privacy Shield Principles applies to the personal data that (a) we collect from our customers and other visitors to our website for account management, billing or marketing purposes (“BigID User Data”); (b) we process on behalf of our customers in providing online services to them under a service agreement (“Services Data”) and (c) we collect about our employees (past or present) collected in the context of the employment relationship (“HR Data”). BigID commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to HR Data transferred from the EU in the context of the employment relationship. Please contact us to be directed to the relevant SA contacts.

Data processed.  The BigID User Data that we collect, use and share is described in our Privacy Policy.  While our customers decide what Services Data to submit, it typically includes information about their own users and how they use the customer’s sites, applications and services and third-party applications.  We process Services Data as instructed by our customers and do not own or control Services Data.

Purposes of data processing.  We collect, use and share BigID User Data for the purposes described in our Privacy Policy.  We process Services Data for the purpose of providing our online services to our customers, which may include accessing and processing the data to provide the services, to correct and address technical or service problems, to follow instructions of the customer who submitted the data, or in response to contractual requirements.

Inquiries and complaints.  In compliance with the Privacy Shield Principles, BigID commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact BigID at:

BigID, Inc.
524 Broadway, 7th Floor
New York, NY 10012
Attention: Privacy Officer
Email: privacy@bigid.com

BigID has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/ for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your complaint involves human resources data transferred to the United States from the EU and/or Switzerland in the context of the employment relationship, and BigID does not address it satisfactorily, BigID commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable and to comply with the advice given by the DPA panel and/or Commissioner, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.

Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

Arbitration.  If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1.

Third parties who may receive personal data. We share BigID User Data with third parties as described in our Privacy Policy.  We may share Services Data with third parties under the following circumstances and only in accordance with the applicable customer agreements:

  • Affiliates.  We may disclose Services Data to our subsidiaries and corporate affiliates for use consistent with this Privacy Policy. 
  • Service Providers. We may employ third party companies and individuals to administer and provide the Services on our behalf (such as customer support, hosting, website analytics, email delivery, database management services).  BigID maintains contracts with these service providers restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations, including the onward transfer provisions, and we may be liable if they fail to meet those obligations and we are responsible for the event giving rise to damage. 
  • Legal requirements.  We may disclose Services Data if required to do so by law in order to (for example) respond to a subpoena or request from law enforcement, a court or a government agency, or in the good faith belief that such action is necessary (a) to comply with a legal obligation, (b) to protect or defend our rights, interests or property or that of third parties, (c) to prevent or investigate possible wrongdoing in connection with the services, (d) to act in urgent circumstances to protect the personal safety of customers, their users or the public; or (e) to protect against legal liability.
  • Business Transfers. As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Services Data may be part of the transferred assets.

In addition, we may be required to disclose any personal data that we process in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Your rights to access, to limit use, and to limit disclosure. Individuals in the EEA and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data.  With our Privacy Shield self-certification, we have committed to respect those rights.

If your personal data includes BigID Personal Data, you can request access to that data and request that we correct, amend, or delete it if it is inaccurate or processed in violation of Privacy Shield by emailing your request to privacy@bigid.com.  We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why, subject to legal restrictions.

U.S. Federal Trade Commission Enforcement.  BigID’s commitments under the Privacy Shield are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.  

If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall take precedence.