BIGID PRIVACY NOTICE
Last Updated April 23, 2021
This Privacy Notice (“Notice”) is meant to give you a sense about what information we collect and process when you visit our website www.bigid.com, (“the Website”); sign up or attend our events, webinars, and newsletters; register for a demonstration or trial of our product; use our on-premise solution or one of our cloud hosted product offerings either as a Customer or as a more limited user; and any other use of our product, apps or platform (collectively, our “Services”). If you have questions about anything in this Notice, please contact us as firstname.lastname@example.org
At BigID, Inc. (“BigID,” or “we” or “us”) we are committed to the responsible collection and use of Personal Information. This Notice governs the collection, use and sharing of any Personal Information that is provided to us by Customers or users (“You”) as part of our Services.
This Notice Explains Our Privacy Practices Around:
- Safeguarding Information
- Our Use of Information Technologies
- Managing Your Preferences
- Use of Services By Minors
- Residents in the European Economic Area
- Cross Border Data Transfer
- California Consumer Privacy Act
- Updates to this Notice
- Contact Us Information
BigID collects various types of information from you and about you, including information that may identify you as an individual (“Personal Information”) as explained in more details below.
Customer Data: BigID is a service provider/data processor for the companies that use our platform. Content and information submitted by those companies who use our platform is referred to as “Customer Data” and those companies are referred to as “BigID Customers” in this Notice.
- Personal Information: When setting up new Customers for the BigID platform, we collect Personal Information, such as name and email address, to provide them with the Services. The types of information we may collect directly from our customers and their users include: names, usernames, email addresses, postal addresses, phone numbers, job titles, transactional information (including Services purchased), as well as any other contact or other information they choose to provide us or upload to our systems in connection with the Services.
- Administrative & Support Data: BigID collects information about the use and access of our Services, which may include administrative and support communications with us, messages, people, features, content, and links you interact with, and what third party integrations you use (if any).
- Payment Information: When our Customers purchase the Services, our affiliates, consultants, vendors and our third party payment processors may collect and store billing address and credit card information on our behalf, or BigID may do this ourselves.
- Third Party Integrations: If, when using the Services, you integrate with a third party service, we will connect that service to the BigID platform. The third party provider of the integration may share certain information about your partnership with BigID.
- Additional Data: A Customer may choose to use one of our additional compliance service offerings, such as our Privacy Portal or BigID.me. The data processed through these offerings is treated as Personal Information, which is subject to the restrictions set forth in the underlying agreement between BigID and the Customer (“Customer Agreement”).
Where BigID collects or processes Customer Data, it generally does so on behalf of the Customer. If you are using the Services by invitation or on behalf of a Customer (for example, your employer) that Customer determines its own policies regarding storage, access, modification, deletion, sharing and retention of Customer Data that may apply to your use of the Services. Please check with the Customer about the policies and settings it has in place.
Website, Demo Registration & Events:
- Personal Information: We collect Personal Information that you choose to send or provide us with, for example, on our, “Request a Demo” (or similar) online form, or if you register for a BigID webinar. If you contact us through the Website, we will keep a record of the correspondence.
- Device Information: When you visit the Website, BigID collects certain information related to your device, such as your device’s IP address in an encrypted format, referring website, what pages your device visited, and the time that your device visited our Website. We consider this to be “Non-Personal Information” as defined below.
- Marketing & Promotions: We may collect information on preferences for receiving marketing communications and details about how you engage with us.
- Information From Other Sources: We may collect or use information made available to us through third-party platforms, online databases and directories, or other means. We specify that data sourced from these third parties must be legitimately obtained. Note that this information may be governed by the privacy statement of the third party.
- Information collected by cookies and other similar technologies. We use various technologies to collect information which may include saving cookies to users’ computers. For more information, see our Cookies and Similar Technologies Notice.
- Employment Information: If you apply for an open position with us, BigID will collect employment application information, such as your resume, LinkedIn profile, cover letter and online portfolio.
- Developer Community: When a Customer or user participates in our Developer Community, BigID may collect an email address, a photo, domain details, user name for the individual participating and other similar information. BigID may also collect commercial contact info, such as a mailing address, as well as information about the individual’s device.
- User Feedback: While using the Services or attending one of our events, you may be asked to provide feedback (e.g. in the software directly, following a webinar or after receiving help from our support team).
- Non-Personal Information: We may collect information that does not reveal your specific identity (“Non-Personal Information”), such as: (a) browser and device information, (b) information collected through cookies, pixel tags and other technologies; (c) demographic information; and (d) aggregated information. If we are required to treat Non-Personal Information as Personal Information under the applicable law, then we may process it for the purposes of which we collect, use and disclose Personal Information as detailed in this Notice. For more information, see our Cookies and Similar Technologies Notice.
We use your information for the following purposes, or as otherwise described to you at the time of collection.
Customer Data: BigID may access and use Customer Data as reasonably necessary in accordance with Customer’s instructions to:
- Administer & Operate the Services: We may access and use Customer data to (a) provide, operate, maintain, enhance, administer and improve Customer’s use and configuration of the BigID’s Services; (b) to prevent or address service, security, technical issues in connection with a Customer support matter; (d) to respond to Services-related or employment-related requests, questions, and feedback; and (e) as set forth in the Customer Agreement or as expressly permitted in writing by the Customer.
- Business Purposes: Customer Data may be used for legitimate business purposes such as data analysis, audits; developing new products; identifying usage trends; determining the effectiveness of our promotional campaigns and operating and expanding our Service activities.
- Benchmarking: BigID may aggregate and anonymize Customer Data across multiple accounts and use this data to improve or enhance engagement of our Services or to create and publish (subject to the confidentiality restrictions in the Customer Agreement) industry benchmarks or comparative performance metrics.
- Communications: We use Customer Data to manage and communicate with you regarding your Services, including by sending you Services announcements, technical notices, updates, security alerts, and support and administrative messages;
- Compliance with Law: Customer Data may be used as required by law or as permitted by a lawful data request (e.g. subpoena).
Website, Demo Registration & Events: We may use the information we collect from our Website, Demo Registration and Events in the following ways:
- Marketing Communications: If you request information from us, use the Services or participate in our surveys, promotions or events, we may send you BigID-related marketing communications, which we believe may be of interest to you.
- Advertising: We and our partners may tailor ads based on your interests and website browsing history or conduct retargeted advertising. See Our Use of Information Technologies section below for more details.
- Testimonials & User Generated Content: In some cases we may ask for your consent to collect, use or share your personal information, such as when you let us post your testimonials or endorsements in the Services. Please be aware that whenever you voluntarily disclose personal information online, that information becomes public and can be collected and used by others. We have no control over, and take no responsibility for, the use, storage or dissemination of such publicly-disclosed personal information. By posting personal information online in public forums, you may receive unsolicited messages from other parties.
- Security, Fraud Prevention & Compliance: We may use information as we believe appropriate to (a) investigate or prevent violation of the law or our Terms of Services; (b) secure the Services; (c) protect our, your or others’ rights, privacy, safety or property; (d) conduct fraud monitoring and prevention activities; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
- Responses for Information: If you contact us with a problem or question, we will use your information to respond in a timely and effective manner.
- Non-Personal Information: We may use Non-Personal Information for any purpose, except where we are required to do so otherwise under applicable law. For more information, see our Cookies and Similar Technologies Notice
At BigID, we do not rent or sell Personal Information and only share information as described in this Notice under the following limited circumstances:
Customer Data: BigID may share Customer Data in accordance with our agreement with the Customer and the Customer’s instructions, including:
- Service Providers: We may share your Personal Information with our third party Service Providers and Vendors in order to administer and provide the Services on our behalf, or provide other services such as marketing, billing, data analysis, customer service, email delivery, auditing, and other services. To view our current list of Service Providers please go to: https://test-big003.pantheonsite.io/sub-processors/
- Affiliates: We may engage with affiliates or consultants to process Customer Data for use consistent with this Notice. To view our current list of Affiliates please go to: https://test-big003.pantheonsite.io/sub-processors/
- Integrations: BigID may, acting on our Customer’s behalf, share Customer Data with the provider of an integration added by the Customer. BigID is not responsible for the provider of an integration that may collect, use and share Customer Data.
Website, Demo Registration & Events:
- Event Sponsors: When you register for, or attend an event or webinar organized by BigID we may share your contact details (such as your name, email address, company name and phone number) with the event sponsor. If you’d like to opt-out of sharing your information with sponsors, you can always do so by unsubscribing in one of our emails, visiting our Privacy Portal or by emailing us at email@example.com.
- Third Party Sites & Services: This Notice does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which the Website links out to. The inclusion of a link on the Website does not imply endorsement of the linked site or service by us or by our affiliates.
- Compliance with Laws and Law Enforcement; Protection and Safety: We may disclose information as we believe appropriate to government or law enforcement officials or private parties (a) for the security, compliance, fraud prevention and safety purposes described above; (b) as required by law, lawful requests or legal process, such as to respond to subpoenas or requests from government authorities; (c) where permitted by law in connection with any legal investigation; and (d) to prosecute or defend legal claims.
- Business Transfers & Structure Changes: If we engage in a merger, acquisition, bankruptcy, dissolution, financing, reorganization or a similar transaction or proceeding, some or all of BigID’s assets, financing, some or all of BigID’s assets may be included as part of that transaction or proceeding.
- Non-Personal Information: We may disclose Non-Personal Information for any purpose, except where we are required to do so otherwise under applicable law. For more information, see our Cookies and Similar Technologies Notice.
We seek to use reasonable organizational, technical, and administrative measures to protect Personal Information within our organization. As a matter of policy, we do not disclose details regarding our security measures.
Be advised, no security safeguards or standards are guaranteed to provide 100% security. You should always use appropriate self-protection measures and practice safe browsing on all websites. For more information, the National Cybersecurity Alliance provides comprehensive information on how to Stay Safe Online
OUR USE OF INFORMATION TECHNOLOGIES
The following section describes various types of technologies we use when you interact with us online and through our Services:
- Cookies and Pixel Tags: To learn more about the types of cookies we use and to manage your cookie preferences, please see our Cookies and Similar Technologies Notice.
- Website Optimization Services: BigID shares data with Google Analytics, Intercom and Matomo to understand and optimize website performance and enhance site usability. This runs in the background of our Website analyzing site usage information and then returning reports to us through an encrypted connection. These services are required to maintain data securely and confidentially.
- If you would like to opt-out of Google Analytics on a per browser basis, please Click Here to download the Google Analytics opt-out browser add-on. For more information on Google Analytics, Click Here.
- If you would like to opt out of Intercom on a per-browser basis, please contact us at firstname.lastname@example.org. For more information on Intercom, Click here.
- For more information, and if you would like to opt-out of Matomo, Click here.
- Interest Based or Online Behavioral Advertising: BigID uses third-party advertising companies to serve interest-based advertisements. These companies compile information from various online sources (including mobile-enabled browsers and applications) to match user profiles with ads we believe will be most relevant, interesting and timely based on that user profile. For additional information on interest-based advertising and options for managing preferences you can visit the Network Advertising Initiative’s opt-out page, the Digital Advertising Alliance’s opt-out page, or https://youronlinechoices.eu.
- Social Media Widgets: Our Services may include social media features, such as the Facebook “like” button and widgets, such as the “share this” button. These features may collect your information and track your use of the Services. These social media features are either hosted by a third party or hosted directly in the Services. Your interactions with these features are governed by the privacy notice of the company providing such functionality. You can manage your preferences for many of these advertising programs through the links provided below:
- Social Network & New Tech Advertising Programs: BigID has relationships with several social networks and new tech companies. These companies have specific Interest-Based Ads programs that match people who have shown interest in BigID through our website or other services with their platforms (such as LinkedIn and Twitter properties). This matching allows us to deliver relevant, interest-based ads on those companies’ networks. You can manage your preferences for many of these advertising programs through the links provided below:
- Do Not Track: BigID does not currently recognize and process Do Not Track signals from different web browsers. You can manage your preferences for tracking across sites in the Interest-Based or Online Behavioral Advertising section above. For more information on Do Not Track please visit https://www.allaboutdnt.org/ .
MANAGING YOUR PREFERENCES
- Marketing Communications: You may opt out of marketing-related emails by following the opt-out prompt in the email. You may continue to receive Services-related and other non-marketing emails.
- Testimonials: If you gave us consent to post a testimonial to our site, but wish to update or delete it, please contact us at email@example.com.
- Choosing not to share your information: If you do not provide information indicated as required or mandatory within the Services, or that is otherwise necessary to provide a requested service or feature within the Services, that portion or all of the Services may be unavailable to you.
USE OF OUR SERVICES BY MINORS
Information About Children Under 13: The Children’s Online Privacy Protection Act imposes requirements on sites that collect personal information about children under 13 years old (for example – name, address, email address, social security number, etc.). Our current policy is not to collect any personal information on any person under 13 years old. If this policy changes, we will revise this portion of our Notice and will comply with the requirements of the Children’s Online Privacy Protection Act, which includes providing notice and choice to each child’s parent or guardian before collecting any personal information.
Opt-In Consent For Minors: Our Services are offered to Customers and Users who are of the age 16 years and above. No programs, events, services or offerings are intended for children under the age of 16.
RESIDENTS IN THE EUROPEAN ECONOMIC AREA
Personal Information: References to “personal information” in this Privacy Notice are equivalent to “personal data” governed by European data protection legislation.
EU Representative: For purposes of European data protection legislation, and except when acting as a processor on behalf of our Customers, BigID is the controller of your personal information covered by this Notice. You can contact us and our Data Protection Officer using the contact details listed in the Contact Us section below. Our EU representative is:
Data Protection Representatives
The Cube, Monahan Road
Cork, T12 H1XY, Republic of Ireland
Legal bases for processing: We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at firstname.lastname@example.org
(reference applicable section in this Privacy Notice for details)
|To provide the Services||You have entered a contract with us and we need to use your personal information to provide services you have requested or take steps that you request prior to providing services.|
|To send you marketing communications
To deliver you advertising
For security, compliance, fraud prevention and safety
To prosecute or defend legal claims
|These processing activities constitute our legitimate interests. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).|
|For compliance with law||Processing is necessary to comply with our legal obligations.|
|With your consent||Processing is based on your consent. Where we rely on your consent, you have the right to withdraw it anytime in the manner indicated in the Services or by contacting us at email@example.com|
Use for new purposes – We may use your personal information for reasons not described in this Notice where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
Retention: We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your rights: European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Opt-out: Stop sending you direct marketing communications. You may continue to receive Services-related and other non-marketing communications.
- Access: Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct: Update or correct inaccuracies in your personal information.
- Delete: Delete your personal information.
- Transfer: Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict: Restrict the processing of your personal information.
- Object: Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You can submit these requests through our Privacy Portal, or to our postal address provided below. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction.
CROSS BORDER TRANSFER
The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you consent to the transfer of information to countries outside of your country of residence, including the United States. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
THE CALIFORNIA CONSUMER PRIVACY ACT
Under the California Consumer Privacy Act (“CCPA”), California residents have certain rights regarding the personal information that businesses have about them. This includes the rights to request access or deletion of your personal information, as well as the right to direct a business to stop selling your personal information.
Personal Information We Collect: We collect identifiers (such as name, address, email, phone number, job title, and transactional information), commercial information (such as a record of the services purchased or demos requested), and Internet or other electronic network activity information (such as usage information, IP address, cookie information, and customer feedback).
Why We Collect Personal Information:
- We use identifiers to provide the services requested, such as to fulfill a request for a demo, provide access to a webinar, or provide you with information about our Services.
- We use identifiers and commercial information for general Website administration, which includes record keeping, troubleshooting, data analysis, testing, and survey purposes.
- We use identifiers, commercial information, and Internet or other electronic network activity for trend monitoring, marketing, and advertising, as well as to ensure website security.
How We Collect Personal Information:
- We collect identifiers and commercial information directly from you.
- We collect Internet or other electronic network activity from your usage of the Website and related Services.
With Whom We Share Your Personal Information: BigID shares personal information as necessary for certain “business purposes,” as defined by the CCPA (Cal. Civ. Code 1798.140(d)). This includes sharing identifiers, commercial information and internet or other electronic network activity with providers of payment processing, customer relationship management, consulting, email, product feedback and helpdesk services. While BigID does not sell personal information in exchange for any monetary consideration, we do share personal information for other benefits that could be deemed a “sale,” as defined by the CCPA (Cal. Civ. Code 1798.140(t)(1)). This includes sharing identifiers, commercial information and internet or other electronic network activity with advertising networks, website analytics companies, and event sponsors.
Right to View Your Information: You have the right to request disclosure about what categories of personal information BigID has sold or disclosed for a business purpose about you and the categories of third parties to whom the personal information was sold or disclosed. Additionally, you have the right to request disclosure of specific pieces of information. Below is a full list of the information that you can include in your request.
- The categories of personal information that BigID has collected about you
- The categories of sources from which BigID collected the personal information
- The business or commercial purpose for collecting or selling the personal information
- The categories of third parties with whom BigID shares personal information
- The specific pieces of personal information BigID has collected about you
- The categories of personal information that BigID disclosed about you for a business purpose
- The categories of personal information that BigID has sold about you, as well as the categories of third parties to whom BigID sold the information
If you would like to exercise your right to request disclosure, please submit your request through our Privacy Portal. We will review your request and respond to you as soon as possible.
Right To Opt-Out of Sale: BigID does not “sell” personal information in exchange for any monetary consideration as defined by the CCPA (Cal. Civ. Code 1798.140(t)(1)). However, we do support the CCPA and wish to provide you with control over how your personal information is collected and shared. You have the right to direct BigID to not sell or share your personal information. If you would like to exercise your right to request opt-out of sale or sharing, please submit your request through our Privacy Portal. We will review your request and respond to you as soon as possible.
Please note that we may still use aggregated and de-identified personal information that does not identify you or any individual; we may also retain information as needed in order to comply with legal obligations, enforce agreements, and resolve disputes.
Right To Deletion: You have the right to request that BigID delete any personal information about you that BigID has collected from you. Please note that there are exceptions where BigID does not have to fulfill a request to delete information, such as when the deletion of information would create problems with the completion of a transaction or compliance with a legal obligation. If you would like to exercise your right to request deletion, please submit your request through our Privacy Portal. We will review your request and respond to you as soon as possible. We will review your request and respond to you as soon as possible.
Right to Non-Discrimination: BigID will not discriminate against you (e.g., through denying goods or services, or providing a different level or quality of goods or services) for exercising any of the rights afforded to you.
Contact Information: In compliance with the CCPA, we commit to resolve complaints about your privacy and our collection or use of your Personal Information. California residents with inquiries or complaints regarding this Notice should first contact BigID at firstname.lastname@example.org.
UPDATES TO THIS NOTICE
We may change this Notice from time to time. We encourage you to periodically review this page for the latest information on our privacy practices. The “last updated” legend at the top of the page indicates when this Notice was last revised. Any changes will become effective when we post the revised Notice on the Services. Your use of the Services following these changes means that you accept the revised Notice.
If you have any questions or concerns about this Notice, please contact us at:
641 Avenue of the Americas
New York, NY 10011
Attention: Privacy Officer
We are interested in hearing your feedback about this Notice and how we could improve it going forward. If you would like to provide your feedback, please fill out the survey by clicking here.