Effective as of December 17, 2018
- Personal Information We Collect
- How We May Use Your Personal Information
- How Your Personal Information May Be Disclosed
- Other Information
- International Data Use
- Your Choices and Access
- Tracking and Targeted Advertising
- Social Media Widgets
- Third Party Sites and Services
- User-Generated Content
- Use of Services By Minors
- Contact Us
- Additional Information For European Union Users
PERSONAL INFORMATION WE COLLECT
We collect personal information about you in the following ways:
Information you give us
Personal information that you may provide through the Services or otherwise communicate with us includes:
- Identity information, such as your first name, last name, username or similar identifier, title or role, date of birth and gender;
- Contact information, such as your postal address, email address and telephone number, social network handle;
- Trial and demo registration information, such as your company name and job title;
- Feedback and correspondence, such as information you provide when you send us a message, report a problem with Services, receive customer support or otherwise correspond with us;
- Usage information, such as information about how you use the Services and interact with us;
- Marketing information, such as your preferences for receiving marketing communications and details about how you engage with us; and
- Employment application information, such as your resume, LinkedIn profile, cover letter and online portfolio when applying for a job with us.
Information automatically collected
Sensitive personal information
Subject to the following paragraph, we ask that you not send or disclose to us any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or union membership) on or through the Services or otherwise.
Changes to your personal information
It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us by updating your registration profile or emailing us at firstname.lastname@example.org.
HOW WE MAY USE YOUR PERSONAL INFORMATION
We may use Personal Information for the following purposes or as otherwise described to you at the time of collection:
To provide the Services
We use your personal information:
- to operate, maintain, administer and improve the Services;
- for our business purposes, such as data analysis, audits; developing new products; and operating, maintaining, administering, enhancing, improving or modifying our Services; identifying usage trends; determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
- to manage and communicate with you regarding your Services, including by sending you Services announcements, technical notices, updates, security alerts, and support and administrative messages;
- to send administrative information to you, such as information regarding the Services and changes to our terms, conditions, and policies.
- to better understand your needs and interests, and personalize your experience with the Services; and
- to respond to your Services-related or employment-related requests, questions, and feedback.
To send you marketing communications
If you request information from us, use the Services or participate in our surveys, promotions, or events, we may send you BigID-related marketing communications, which we believe may be of interest to you, as permitted by law but will provide you with the ability to opt out.
To deliver you advertising and other BigID information
We and our partners may tailor ads based on your interests and browsing history or conduct retargeted advertising. See the Tracking and Targeted Advertising section below for more details.
For security, compliance, fraud prevention and safety
We may use your personal information as we believe appropriate to (a) investigate or prevent violation of the law or our Terms of Services; (b) secure the Services; (c) protect our, your or others’ rights, privacy, safety or property; (d) conduct fraud monitoring and prevention activities; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
For compliance with law; legal claims
We may use your personal information as we believe appropriate (a) under applicable law, including laws outside your country of residence; (b) to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (c) where permitted by law in connection with a legal investigation; (d) to enforce our terms and conditions; (e) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (f) to prosecute or defend legal claims; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
With your consent
In some cases, we may ask for your consent to collect, use or share your personal information, such as when you let us post your testimonials or endorsements in the Services.
HOW YOUR PERSONAL INFORMATION MAY BE DISCLOSED
- Service Providers. We may share your personal information with our third-party service provides so that they may administer and provide the Services on our behalf, or provide other services such as marketing, billing, data analysis, customer service, email delivery, auditing, and other services.
- Compliance with Laws and Law Enforcement; Protection and Safety. We may disclose your personal information as we believe appropriate to government or law enforcement officials or private parties (a) for the security, compliance, fraud prevention and safety purposes described above; (b) as required by law, lawful requests or legal process, such as to respond to subpoenas or requests from government authorities; (c) where permitted by law in connection with any legal investigation; and (d) to prosecute or defend legal claims.
Other Information We May Collect
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as:
- Browser and device information
- Information collected through cookies, pixel tags and other technologies
- Demographic information
- Aggregated information
If we are required to treat Other Information as Personal Information under applicable law, then we may use it for the purposes for which we use and disclose Personal Information as detailed in this Policy.
How We May Collect Other Information
HOW WE MAY USE AND DISCLOSE OTHER INFORMATION
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.
THIRD-PARTY SITES AND SERVICES
We seek to use reasonable organizational, technical, and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure and we cannot guarantee the security of your information.
INTERNATIONAL DATA USE
BigID is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may be collected, used and stored in the United States or other locations outside of your home country. Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your home country.
European Union users should read the important information provided here about transfer of personal information outside of the European Economic Area.
YOUR CHOICES AND ACCESS
Access, Update, Correct or Delete Your Information
All Website users who provide their personal information to request a trial or schedule a demo may review, update, correct or delete the personal information they provided during registration by contacting us at email@example.com.
You may opt out of marketing-related emails by logging in and changing your account settings or by following the opt-out prompt in the email. You may continue to receive Services-related and other non-marketing emails.
If you gave us consent to post a testimonial to our site, but wish to update or delete it, please contact us at firstname.lastname@example.org
Choosing not to share your personal information
If you do not provide information indicated as required or mandatory within the Services, or that is otherwise necessary to provide a requested service or feature within the Services, that portion or all of the Services may be unavailable to you.
Tracking and Targeted Advertising
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to do not track or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
In some of our communications, we track clicks on links in the communications to content in the Services to help us measure the effectiveness of our communications.
Social Media Widgets
Third-Party Sites and Services
The Services may contain links to other websites and services operated by third parties, such as social media platforms, advertising services and other websites and applications. These links are not an endorsement of, or representation that we are affiliated with, any third party. We do not control third-party websites, applications or services, and are not responsible for their actions. Other websites and services follow different rules regarding their collection, use and disclosure of your personal information. We encourage you to read their privacy policies to learn more.
We may make available in the Services, or link to, features that allow you to share information online (e.g., on message boards, in chat areas, in file uploads, through events, etc.). Please be aware that whenever you voluntarily disclose personal information online, that information becomes public and can be collected and used by others. We have no control over and take no responsibility for, the use, storage or dissemination of such publicly-disclosed personal information. By posting personal information online in public forums, you may receive unsolicited messages from other parties.
USE OF SERVICES BY MINORS
The Website and Services are not directed to individuals under the age of thirteen (13), and we request that they not provide Personal Information through the Services. If we learn that any user of the Services is under the age of 13, we will take appropriate steps to delete that individual’s personal information and restrict that individual from future access to the Services.
New York, NY 10012
Attention: Privacy Officer
Additional Information for European Union Users
Controller and EU Representative
- sending an email to DPR Group at email@example.com quoting in the subject line;
- contacting us via this online webform at www.dpr.eu.com/datarequest; or
- mailing your inquiry to DPR Group:
Data Protection Representatives
Office 29, Clifton House,
Fitzwilliam Street Lower,
PLEASE NOTE: when mailing inquiries, it is essential that you mark your letters for “DPR Group’” and not “BigID Inc.”. Please refer clearly to BigID Inc. in your correspondence. On receiving your correspondence, we may likely request evidence of your identity, to ensure your personal data and information connected with it is not provided to anyone other than you. If you have any concerns over how DPR Group may handle the personal data they will require to undertake representation services, please refer to its privacy notice at: https://www.dpr.eu.com/legal-privacy.
Legal bases for processing
We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at firstname.lastname@example.org.
|To provide the Services||You have entered a contract with us and we need to use your personal information to provide services you have requested or take steps that you request prior to providing services.|
|To send you marketing communications To deliver you advertising For security, compliance, fraud prevention and safety To prosecute or defend legal claims||These processing activities constitute our legitimate interests. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).|
|For compliance with law||Processing is necessary to comply with our legal obligations.|
|With your consent||Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Services or by contacting us at email@example.com.|
Use for new purposes
We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Opt-out. Stop sending you direct marketing communications. You may continue to receive Services-related and other non-marketing communications.
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You can submit these requests by email to firstname.lastname@example.org or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you consent to the transfer of information to countries outside of your country of residence, including the United States. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
If you are in the EU or Switzerland, please refer to our Privacy Shield Notice for more information about our EU-compliant data processing practices and your data protection rights.
Privacy Shield Notice
Effective as of December 17, 2018.
Scope. Our certification of adherence to the Privacy Shield Principles applies to the personal data that (a) we collect from our customers and other visitors to our website for account management, billing or marketing purposes (“BigID User Data”); (b) we process on behalf of our customers in providing online services to them under a service agreement (“Services Data”) and (c) we collect about our employees (past or present) collected in the context of the employment relationship (“HR Data”). BigID commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel with regard to HR Data transferred from the EU in the context of the employment relationship. Please contact us to be directed to the relevant SA contacts.
Inquiries and complaints. In compliance with the Privacy Shield Principles, BigID commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact BigID at:
524 Broadway, 7th Floor
New York, NY 10012
Attention: Privacy Officer
BigID has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/ for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your complaint involves human resources data transferred to the United States from the EU and/or Switzerland in the context of the employment relationship, and BigID does not address it satisfactorily, BigID commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) and/or the Swiss Federal Data Protection and Information Commissioner(FDPIC), as applicable and to comply with the advice given by the DPA panel and/or Commissioner, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm .
Contact details for the Swiss Data Protection Authorities can be found at: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.
Arbitration. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
- Service Providers. We may employ third party companies and individuals to administer and provide the Services on our behalf (such as customer support, hosting, website analytics, email delivery, database management services). BigID maintains contracts with these service providers restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations, including the onward transfer provisions, and we may be liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
- Legal requirements. We may disclose Services Data if required to do so by law in order to (for example) respond to a subpoena or request from law enforcement, a court or a government agency, or in the good faith belief that such action is necessary (a) to comply with a legal obligation, (b) to protect or defend our rights, interests or property or that of third parties, (c) to prevent or investigate possible wrongdoing in connection with the services, (d) to act in urgent circumstances to protect the personal safety of customers, their users or the public; or to protect against legal liability.
- Business Transfers. As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Services Data may be part of the transferred assets.
In addition, we may be required to disclose any personal data that we process in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
BigID’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, BigID remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless BigID proves that it is not responsible for the event giving rise to the damage.
Your rights to access, to limit use, and to limit disclosure. Individuals in the EEA and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield self-certification, we have committed to respect those rights.
If your personal data includes BigID Personal Data, you can request access to that data and request that we correct, amend, or delete it if it is inaccurate or processed in violation of Privacy Shield by emailing your request to email@example.com. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
We will provide an individual opt-out choice (for personal data) or opt-in choice (for sensitive data) before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to firstname.lastname@example.org.
U.S. Federal Trade Commission Enforcement. BigID’s commitments under the Privacy Shield are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall take precedence.
Cookies and Similar Technologies Notice
Last Updated: December 17, 2018
Cookies are small data files stored in your browser by a website. They transmit information about your use of the site to its operator or to third parties that placed the cookie. Some cookies are “session cookies” that expire when you close your browser, and others are “persistent cookies” that stay on your computer or mobile device until you delete them.
For instance, Matomo is an open source web analytics platform built with privacy in mind. We use Matomo cookies to measure, collect, analyze and report visitor data for purposes of understanding and optimizing our website. While Matomo serves the cookies, by design it cannot access the web analytics for tracking purposes. Without the data, we would not be able to provide you the service we are currently offering to you. Your data will be used only to improve the user experience on our website and help you find the information you are looking for.
Our Site also uses session cookies to facilitate social media interaction and for other lawful purposes.
Our Website (“Site”) uses session cookies to enable you to use our Site, analyze how they perform, personalize your experience with them, provide interest-based advertising, facilitate social media interaction and for other lawful purposes. We may also use other similar technologies for these purposes, such as web pixels that track browsing activity, social media widgets that facilitate interaction with social media platforms, and unique device identifiers. In some cases, these cookies and similar technologies are used by third parties.
The cookies and similar technologies used in our Site are as follows:
|Essential||Essential to provide you with services available through our sites and to enable you to use some of their features.
We cannot provide the services our users request without them.
|Authentication||Allow you to log into our sites and mobile apps by using your Google or Facebook account credentials.||None|
|Functionlity||Allow our sites to remember the choices you make when you use our sites.
Intended to provide you with a more personal experience and to avoid you having to re-select your preferences every time you visit our sites.
|Analytics and customization||Collect information about traffic to our Site, and how our users use them, such as the number of visitors, the websites that referred them, the pages they visited, what time of day they visited, whether they have visited before, what features they used and other similar information. We use this information to help operate and improve our sites and mobile applications.||Google Analytics. Learn more information about Google Analytics cookies (https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage) and about how Google protects your data (https://support.google.com/analytics/answer/6004245). You can prevent the use of Google Analytics relating to your use of our sites by downloading and installing the Google browser plugin available (https://tools.google.com/dlpage/gaoptout?hl=en-GB).|
|Advertising||Used by advertising companies to collect information about how you use our sites and other sites and applications over time. These companies use this information to show you ads they believe will be relevant to you within our sites and elsewhere, and to measure how the ads perform.||Google AdWords
|Social Media||Used by social media widgets that enable “like” buttons and allow you to share content from our Site on social media. Your social media platform may be able to link information or actions about your interactions with our Site to your account with them.||Facebook
LinkedInPlease see your social media platform’s privacy policies for more details.
Disabling cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org. If you do not accept our cookies, you may experience some inconvenience on our sites. If you disable cookies, certain features of our website may not work.
For more information about targeting and advertising cookies and how you can opt out, you can visit the Network Advertising Initiative’s opt-out page, the Digital Advertising Alliance’s opt-out page, or http://youronlinechoices.eu.