Last modified March 28, 2019
You may contact us under OneLogin Inc., 848 Battery Street, San Francisco, CA 94111.
Our EU representative is: OneLogin Ltd, 2 Sheraton Street, W1F 8BH London.
You may contact our Data Protection Officer at firstname.lastname@example.org.
Information you provide: When a Subscriber registers for the Service, we require a first and last name, company name, email, and phone number. After the initial registration, the Subscriber’s designated Client Administrator can share additional end user information with OneLogin in order to enable those end users to use the Service; however, OneLogin never directly collects any end user information, personal or otherwise, without the explicit direction of the Client Administrator. Subscribers are responsible for providing notice to end users concerning the information they collect and share with OneLogin as part of their use of the Service.
If you do not provide the listed personal data to us, we may not be able to provide you with certain features of our Web site.
We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. OneLogin collects PII in order to provide high level of security by assessing the risk of the user authenticating from the correct user device.
Mobile: When you download and use our Services, we automatically collect information on the type of device you use, the frequent usage, application version, operating system version, the time it been used, and the device identifier (or “UDID”).
OneLogin uses the personal data including your use of the Service to operate and make the Service available to you, for billing, identification and authentication, to contact you about your use of the Service, research purposes, and to generally improve the content, functionality, and security of the Web site and the Service. OneLogin will also use the collected personal information to send you periodic newsletters to inform you about OneLogin and our services.
The processing is based on our legitimate interests (Art. 6 (1)(f) of the GDPR).
We may use personal data provided as testimonials, which is always based on consent (Art. 6(1)(a) of the GDPR).
We do not use automated decision-making, including profiling.
The use of information collected through our Service shall be limited to the purpose of providing the service for which the client has engaged OneLogin.
OneLogin collects information under the direction of its clients. If your personal information changes, or if you no longer desire to use the Service, you may correct, update, delete or deactivate it by making the change within the Service or by reaching out to OneLogin Customer Success via support.onelogin.com. We will respond to your request within a reasonable timeframe. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our clients.
OneLogin (the data processor) has no direct relationship with the end users that are part of a Service Subscription plan. An end user who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their request to their designated Client Administrator (the data controller). The Client Administrator can modify your account information at any time within the Service’s Account settings or by contacting our OneLogin Customer Success Team. If the Client Administrator requests that OneLogin to remove the data, we will respond to their request within a reasonable timeframe.
We will retain end user information for as long as a Subscription is active, the Client Administrator requests the deletion of the same, or as needed to provide you with services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
OneLogin uses a third party intermediary to perform credit card processing when registering for the paid Subscription plans of the Service. This intermediary is not permitted to store, retain, or use your billing information except for the sole purpose of credit card processing on OneLogin’s behalf.
OneLogin may also transmit personal data to its third party vendors and the hosting partners that provide the necessary hardware, software, networking, storage, and other technology and maintenance services required to operate and maintain the Web site and the Service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Clients. This may require that your personal data be transferred from your current location to the offices and servers of OneLogin and these authorized third parties.
We share personal data with the following categories of recipients:
For a list of our current subprocessors, follow this link: https://www.onelogin.com/data-subscribe.
We intend to transfer personal data to the following third countries:
|Third country||Legal safeguards|
|US||EU-U.S. Privacy Shield, Standard Contractual Clauses|
|Australia||Standard Contractual Clauses|
|Brazil||Standard Contractual Clauses|
|China||Standard Contractual Clauses|
|India||Standard Contractual Clauses|
|Japan||Standard Contractual Clauses|
|Philippines||Standard Contractual Clauses|
|Singapore||Standard Contractual Clauses|
|Taiwan||Standard Contractual Clauses|
You may get a copy of the respective safeguards by requesting these from email@example.com.
Except as described in this Policy, OneLogin will not give, sell, rent, share or loan any personal information to any third party other than as outlined in this Policy.
OneLogin maintains reasonable security measures to protect your information from loss, destruction, misuse, unauthorized access or disclosure. These technologies help ensure that your data is safe, secure, and only available to you and to those you provided authorized access. When you enter sensitive information (such as your login information) on our Web site or connect to our Service, we encrypt the transmission of that information using Transport Layer Security (TLS). If you have any questions about security on our Web site, you can contact us at firstname.lastname@example.org.
If you would like to exercise any of your rights, or receive more information about them, please contact us via the contact details set forth in the “Contact Us” section of this Policy and we will help you out. We promptly respond to all requests from individuals seeking to exercise their rights described below and pursuant to applicable data protection laws. Please note that some of the following rights may not be applicable to your situation:
Right of access: You have the right to gain access to information about the personal data that we process about you. Should you have any questions regarding the processing or want more insight into the personal data we process from you, you are always welcome to contact us and we will provide you with further information.
Right to rectification: You have the right to get your personal data updated or corrected. Upon your request to us, we will promptly (in no event more than 72 hours from your request) correct your information inaccurately stored by us and/or supplement incomplete personal data completed by including a supplementary statement provided by you.
Right to erasure/right to be forgotten: You have the right to request of us to permanently delete your personal information. You can make such a request if you for example believe that the personal data are no longer necessary in relation to the purpose for which the personal data were collected or otherwise processed.
Right to restrict the processing activities: You have the right to restrict our processing activities. If you choose to restrict our processing activities regarding certain personal data, note that you may not be able to use our Web site properly.
If you are unsatisfied with the way we treat your personal data, you may reach out to us at all times to solve the issue. However, you always have the right to lodge a complaint to a supervisory authority.
OneLogin participates in and has certified its compliance with both the EU-U.S. Privacy Shield Framework and the Swiss-US Privacy Shield Framework (collectively, the “Frameworks”). We are committed to subjecting all personal data received from European Union (EU) member countries, United Kingdom, and Switzerland, in reliance on the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, respectively, to the Frameworks’ applicable Principles. To learn more about the Privacy Shield program, and view our certifications, visit the U.S. Department of Commerce’s Privacy Shield List, https://www.privacyshield.gov/list.
Under the Frameworks, OneLogin is responsible for the processing of personal data it receives and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU, United Kingdom (UK), and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Frameworks, OneLogin is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield Web site, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
If you have any questions regarding this Policy you may contact us at email@example.com or via postal mail at:
848 Battery Street
San Francisco, CA 94111