LogicGate, Inc.® Privacy Policy

Effective October 13, 2023

privacy-policy_hero-device

Introduction

Data privacy and transparency are important to LogicGate, Inc. and its wholly owned affiliate, LogicGate UK, Ltd., (collectively “LogicGate”). This Privacy Policy describes how Personal Information is collected, used, disclosed, and otherwise processed, along with information on how to exercise data privacy rights, security, and other general information. LogicGate only collects and uses information necessary for its legitimate business purposes as set forth in this Privacy Policy and limits the amount and type of data it collects and uses to the extent possible.

This Privacy Policy applies to:

  • LogicGate’s public website (https://www.logicgate.com) and other websites which we may operate (referred to as “the Website” or “LogicGate Website”)
  • LogicGate’s Risk Cloud® platform, a cloud-based software-as-a-service GRC platform, and its present and future features including LogicGate apps (referred to as “the Service” or “LogicGate Service”)
  • Other Personal Information when LogicGate provides this Privacy Policy or indicates in writing that this Privacy Policy covers the applicable information
  • Personal Information received by LogicGate that is entered into our systems, such as contact information after an exchange of business cards at an event

For ease of understanding, some information is provided separately within this policy, for example, regarding the LogicGate Service and for job applicants.

Because terms used for data privacy matters can vary, following is a description of the terms we use in this Policy:

  • An “Individual” may also be known as a data subject, consumer, applicant, candidate, lead, trainee, attendee, visitor, or other similar reference
  • Visitor” means any individual who visits or interacts with a LogicGate Website
  • Customer” means an individual and/or an entity who purchases a subscription to the LogicGate Service
  • Authorized-User” means an authorized individual who uses or otherwise directly interacts with the LogicGate Service (e.g., employees of Customers)
  • Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person (“individual”). Primarily, the Personal Information referred to within this policy is synonymous with Personal Business Information
  • LogicGate Offerings” means the Service and its present and future features, informational or promotional materials, and events organized or sponsored by LogicGate

This Privacy Policy does not cover the Personal Information collection, processing or handling practices of organizations that are a Customer of the LogicGate Service. LogicGate does not control or manage what information Customers collect or use in connection with LogicGate’s provision of the Service, nor how the Customer may access, disclose, or use that information. For questions, contact the Customer organization directly.

Section I. LogicGate

Categories of Personal Information Collected

LogicGate primarily functions in a business to business (“B2B”) capacity and therefore, it is our intent to only collect Personal Business Information; however, this distinction is not always confirmable due to use of personal mobile devices for work purposes, remote workers receiving mail, and other such instances. If non-business Personal Information is received, it is still intended to be used only for business purposes.

LogicGate may collect or receive the following categories of Personal Information. LogicGate’s collection is not restricted to the example types provided, and in almost all cases, the individual has a choice on whether or not to provide the information.

  • Contact information and identifiers: Examples include name, title, email address, postal address, phone number, and a signature. Although not generally requested, Individuals may use prefixes, suffixes, handles, or nicknames in the course of communication with LogicGate or a LogicGate website.
  • Digital IDs and information from cookies and similar technologies: Examples include IP addresses, general location (city/country), company level information, browser type, operating system, device identifiers, URLs of referring pages, time stamp, crash data, and usage data such as views of subpages and time spent. Examples may also include, as applicable, login information used for LogicGate sites that are not a part of the LogicGate Service, such as our Risk Crowd community site.
  • Photography and recordings: Examples include personal images that may be a result of photographs taken at events (such as Agility) or provided to us on our websites (such as Risk Crowd or LinkedIn), or from recordings, which may also record your voice, made during virtual calls, podcasts, webinars, or other similar activities. An individual’s image may be recorded when visiting a LogicGate office. Notice signs and a CCTV privacy policy are available physically and digitally.
  • Business related information: Examples include information from registration, attendance, participation and/or results of classes, webinars, training, webcasts, or other events. Participation or contribution to articles or whitepapers, preferences, support inquiries, or information provided to LogicGate blogs, surveys, or forms found on our Website or otherwise provided by LogicGate (or one of our service providers as instructed), or communications with the Website Chat function. Events coordinated through our business such as charitable, volunteer, or fund-raising events. This information may also include consents or acknowledgements.
  • Professional and employment related information: Examples include education and training, professional history, LinkedIn and other work board profile addresses, personal website addresses used for professional purposes, and information that is usually received via job related inquiries, application for employment, or internships. (Also see “Information received from Job Applicants/Candidates” below.) LogicGate may receive information about a company worked for such as name, size, location and the individual’s role within the company.
  • Inferences: In some instances, LogicGate may use portions of the data collected above to determine what LogicGate topics or products you may be interested in.

LogicGate may provide Individuals/Visitors the ability to interact with LogicGate or post on social media websites. LogicGate may review and/or collect some of these publicly posted comments or information. Unless stated otherwise, Personal Information that you post publicly on social media is governed by the Privacy Policy of the social media platform and is considered public information, including responses to a LogicGate post.

LogicGate does not generally collect Personal Information classified as highly sensitive or special category Personal Information. Highly sensitive or special category Personal Information is known to include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health, data concerning a natural person’s sex life or sexual orientation, personal financial data, specific geolocation, or other similar sensitive personal information. If such occasion arose in which this type of personal information was reasonably required, LogicGate will request consent. In completion of diversity, inclusion, and other legal or company initiatives to ensure equal opportunity employment and continued fairness and opportunities for our employees, LogicGate may request one or more types of this information to be provided on a voluntary basis.

California CCPA notice: If LogicGate collects sensitive personal information as that term is defined by the CCPA (The California Consumer Privacy Act of 2018), and which may include government identification numbers, such as those found on a driver’s license or state id, LogicGate will only use or disclose the information for the permitted purposes set forth in the CCPA, such as to perform the services, ensure the physical safety of persons and to prevent, detect and investigate security incidents.

How Information Is Collected

LogicGate receives or collects Personal Information both directly and indirectly. The type of information that LogicGate collects may depend on the interaction with LogicGate.

Directly submitted information is collected when it is directly provided to LogicGate. This may include, but is not limited to:

  • Interaction with the online chat feature.
  • Submitting online forms found on or linked to a LogicGate Website.
  • Registering for LogicGate events or requesting to receive information.
  • Posting on LogicGate blogs, social media, Risk Crowd, or other forums.
  • Creating a user account, such as for Risk Crowd.
  • Submission of contest/raffle entries, business cards, sign-in forms.
  • Responses to surveys, evaluations, questionnaires.
  • Participation in recorded or photographed functions.
  • Corresponding with LogicGate.
  • Submittal of a Data Access Request (DAR) (also known as a consumer request or data subject access request).
  • Application for employment, internship, contract, or consultancy, and information that might be provided during subsequent evaluation and interview processes.
  • During procurement, correspondence and/or as the representative of a vendor (service providers/processor/subprocessor) to LogicGate.
  • Requesting support or assistance, or resolution of concern or inquiry.

Indirectly, LogicGate may passively collect information related to your use of the LogicGate Website and response to our emails through the use of technology, such as cookies, web-beacons, or pixels. (See Cookies and Similar Technologies below for more information.) Types of cookies or web-beacons used for the collection of information on the LogicGate website is limited to the consent received.

In addition, LogicGate may indirectly receive contact or other information for other individuals in an organization when the information is provided to us, for example, when scheduling demonstrations, completing RFPs/ISQs or risk assessments, executing contracts, scheduling events, or via copy in an email or other correspondence. (For information associated with Customer and Authorized-User data in the implementation and use of the Risk Cloud, see “The LogicGate Service” section.).

Personal Information may be received or collected from third parties, such as an employer or coworker, previous employers, and Customers or Partners. LogicGate may use a third party to supplement contact, professional or business information to improve the overall accuracy of the information and its completeness and to improve communications. LogicGate may periodically collect contact information through a vendor or attendee list, such as those distributed by the host of a conference or event to which you registered and/or attended. LogicGate may receive your information from a referral, such as from a Customer, Business Partner, employee, or employment agency.

How and Why Personal Information is Used

LogicGate may use Personal Information for the following purposes:

  • Operation, improvement, maintenance, and security of our website and to enable, enhance, and customize the Visitor’s online experience. Collection of Visitor usage data helps LogicGate determine which online resources are helpful, which are being utilized, what topics are of interest, what needs improvement, and more.
  • Communication and correspondence with you for business purposes including through email, calendar invites, virtual conference, social media interactions, and other means.
  • Authentication of accounts.
  • Security, safety and integrity, such as to identify, detect, investigate, and prevent malicious, fraudulent or other illegal activities.
  • Marketing to provide potential and current LogicGate Customers with information about LogicGate Offerings and our Services, and to pursue and deepen business relations.
  • To advertise to you on other sites.
  • To receive, process, and respond to your feedback, requests or queries through our products, Website, or social media.
  • Fulfillment of requests, technical support, and to provide notice of and completion of training, special services such as our GRC Maturity Workshop, and similar events.
  • Preparation, execution, and follow-up for live events, conferences, webinars, interviews, articles, workshops, training, and other events.
  • Provision of special promotional materials, gifts, or supplies.
  • Administrative purposes, such as invoicing, contracts, and general record keeping.
  • To meet legal and regulatory requirements.
  • For any other purposes as disclosed or notified.

With Whom Information Is Shared

LogicGate may disclose your Personal Information with the following categories of recipients:

  • LogicGate Affiliate: For the purposes of, and to the extent necessary, to conduct business, LogicGate’s affiliate will receive and have access to Personal Information.
  • Business Partners and Contractors: LogicGate may provide personal information in support of our business or for services to be provided on our behalf. If you directly share your information with business partners or sponsors, unless stated otherwise, your information will be subject to the respective business partner or sponsor’s privacy statement.
  • Third Party Service Providers (vendors): LogicGate may contract with third party service providers to provide services necessary for our operations, growth, and development; for example credit card processing and financial services, event and campaign management, assistance with marketing, sales and communications, to provide analytics, shipping, website maintenance, marketing intelligence, platforms/applications, information security, and services provided by consultants, professional advisors, and others for our legitimate business purposes.
  • Sponsors, Co-Hosts, Partners or other Third Parties directly related to events, conferences, webinars, and similar activities: If you register for one of these described activities with LogicGate and provided your consent, we may share your personal business contact information with other organizations working with us in relation to the activity. LogicGate provides this notice and further information in the registrations.
  • Law Enforcement, public authority, government agency, regulatory bodies, or other party as required by law or legal process: LogicGate will review and respond to a duly authorized and lawful request, to enforce or protect rights, to provide safety or protect property, in situations involving national security, or to protect or defend our rights in legal procedures.

Your Personal Information may be shared or transferred if LogicGate is merged, sold in part or in whole (acquisition), or if some or all of our assets are transferred in a corporate event (including in the event of a reorganization, dissolution or liquidation).

Cookies and Similar Technologies

LogicGate and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies, e.g., web beacons, device identifiers and pixels, (collectively Cookies) to provide functionality, customize content, and to recognize Visitors and other individuals across different services and devices. The following types of cookies are used on the Website:

  • Necessary: Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  • Preferences: Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
  • Statistics: Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
  • Marketing: Advertising cookies allow us to select which advertisements or offers are most likely to appeal to you. We also use them to track responses to online advertisements and marketing, and we may use it to better understand your interests so we may present you with relevant messages and offers. These cookies may also allow you to share certain pages with social networks.

Visitors may exercise choice regarding the use of cookies when they first visit the Website and may change their preferences at any subsequent time by clicking the cookie preference icon. Necessary cookies are not optional. The cookie preference center will provide the categories and information regarding the specific cookies. Visitors may also choose not to have cookies downloaded onto their computers by restricting cookies within their browser settings. However, should Visitors restrict their cookies settings, LogicGate cannot guarantee that all Website functionality will work as intended.

Web beacons or pixels are used on LogicGate’s website and in e-mail messages. Using the technology in communications allows us to track whether a message is opened, which is important when tracking whether or not required Notices were received or when used in conjunction with our marketing efforts allowing us to measure the overall effectiveness of our online content, advertising campaigns, and products and services we offer through the Site.

Do Not Track. Some Visitors use web browsers which contain a “Do Not Track” feature whereby the browser feature sends a signal to each website visited indicating that the Visitor does not want its online activities to be tracked by technologies third parties. LogicGate cannot guarantee that the Website will always respond to the Do Not Track features of all websites due to a lack of uniformity within the industry for Do Not Track technology.

Third Party Websites and Applications

LogicGate’s Website, correspondence, newsletters, and other such material may sometimes contain a link to websites or applications that are not owned, operated, or controlled by LogicGate. This Privacy Policy does not apply to those websites and LogicGate does not provide any guarantees on their safety, security, or privacy practices.

Legal Basis for Processing

LogicGate’s legal basis for collecting and using an Individual’s personal information varies depending upon what information is provided, how it is collected, and why it was submitted. In general, LogicGate will only collect and use an Individual’s Personal Information with their consent and in accordance with the general purpose for which the Individual submitted their information. LogicGate receives consent for direct marketing when provided directly through contact, registration or other digital forms, when a business card is received directly from the Individual, when consent is provided to other parties allowing them to share the Individual’s information with us, and similar circumstances. LogicGate may use legitimate interests to contact Individuals to offer related services that may be of interest based on existing services with us, requests for information or requests for contact not made directly to LogicGate, or in relation to webinars, videos, demos, or related LogicGate resources that were requested or viewed.

LogicGate may use other legal bases or lawful purposes set forth in this Privacy Policy including, without limitation, the performance of a contract an Individual may have with LogicGate, where LogicGate is legally obligated to collect such personal information, where processing the personal information is necessary for the legitimate interests pursued by LogicGate or by a third party and where LogicGate’s legitimate interests may outweigh the Individual’s data protection or other rights.

Choice

Individuals have Choice in relation to their Personal Information:

  • To provide personal information: Individuals have Choice in providing their Personal Information. In some instances, if an Individual or Visitor chooses not to provide information, LogicGate may be unable to respond to a request or provide a service, or some functionality to the Website may be limited.
  • Sharing or selling Personal Information with third parties: LogicGate does not share or sell Personal Information (as described in the CCPA and in the Data Privacy Framework [DPF] Program) with third parties.
  • Direct Marketing: LogicGate may periodically send you GRC information, product descriptions and other promotional materials related to our products and services which we believe are useful for you, if you have consented to receive such messages via e-mail or any other electronic channel (where such opt-in is required under your local law). You may opt-out at any time by using the unsubscribe link in the footer of our marketing emails.

How We Secure Information

LogicGate implements and maintains appropriate administrative, physical, and technical safeguards to protect personal information of Individuals from accidental or unlawful disclosure, loss, destruction, alteration, unauthorized access, or misuse. Employees of LogicGate receive security and privacy training and are taught to handle Personal Information with care and respect. Noncompliance by employees can result in disciplinary measures or termination. Any LogicGate service providers utilized in provision of the Website or who have access to the personal information collected are required to keep it secure and confidential.

Retention

LogicGate retains personal information for as long as reasonably required for the purposes set out in this Privacy Policy, as needed to comply with legal or regulatory requirements, or until an Individual exercises a right of erasure (deletion) through a valid Data Access Request (as described the Rights of Individuals below). LogicGate uses the following criteria in determination retention periods:

  • The classification, categories, and types of Personal Information.
  • The purpose and use or types of records that require the Personal Information, for example use and records related to human resources, finance, marketing, sales, information security, etc.
  • Any legal and regulatory requirements or preset timeframes.
  • If the information is necessary to provide our services, maintain operations, or meet contractual obligations.
  • LogicGate’s legitimate interests, such as network improvement, fraud prevention, record-keeping, security and integrity, or enforcing our legal rights.

Rights of Individuals

Within certain jurisdictions, including but not limited to, the EEA, the United Kingdom, and California, Individuals have some or all of the following rights in connection with their personal information:

  • Right to Know, Right to Access and Right of Portability – a right to know if LogicGate processes your Personal Information, a right to access that personal information and receive information regarding its processing, and additionally, in certain jurisdictions, the ability to request for your personal information to be transferred to you or another controller.
  • Right to Rectification – the right to correct any inaccurate or incomplete personal information.
  • Right to Object a right to object to the processing of personal information or to stop sending marketing communications.
  • Right to Erasure (Right To Be Forgotten) – the right to have your personal information deleted.
  • Right to File a Complaint - the right to lodge a complaint with a supervisory authority/data protection authority or other entity regulating or enforcing data privacy.
  • Right to No Retaliation (or Non-Discrimination) – a right to be free from unlawful discrimination on the basis of any information provided to LogicGate, and free from discrimination against Individuals that submit a request to exercise their rights.

How To Exercise Data Rights

Individuals can exercise their rights by submitting a Data Access Request to LogicGate. Contact LogicGate to submit a Data Access Request by completing our Data Access Request form (click HERE for the form) or emailing [email protected] to initiate our Data Access Request process. LogicGate will respond to your request as soon as practicable. Prior to responding to a Data Access Request, must verify your identity. The verification information requested may depend on your relationship with LogicGate. If an authorized agent or representative will be used to make the request, LogicGate will additionally require proof in the form of a written and signed authorization or a valid Power of Attorney. In some situations, data rights might be limited or LogicGate may be unable to fulfill the request; for example, if there are legal obligations or the right does not apply to the personal information LogicGate holds about you.

International Transfer of Data

LogicGate stores and processes personal information in the United States or in any country where we engage third party service providers. This means Personal Information may be transferred to and processed in countries where laws governing the processing of Personal Information may be less stringent than the laws in your country (including jurisdictions outside the European Economic Area). LogicGate will implement appropriate administrative, physical, and technical measures to protect the Visitor’s personal information through the use of Standard Contractual Clauses or other approved lawful transfer mechanisms. LogicGate may also rely on Visitors’ explicit consent or other applicable derogations under GDPR for such transfers in addition to application of measures set forth above. LogicGate also maintains certifications to the Data Privacy Framework for transfers between the US and the European Union, United Kingdom, Gibraltar, and Switzerland. For information on these certifications, please see the section labeled Data Privacy Framework (DPF) Notice.

Data Privacy Framework (DPF) Notice

LogicGate complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. LogicGate has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. LogicGate has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

LogicGate is responsible for the processing of personal data it receives under the Data Privacy Frameworks and subsequent transfers to third party service providers. LogicGate complies with the Data Privacy Framework Principles (DPF Principles) for all onward transfers of personal data from the European Union and, as applicable the United Kingdom (and Gibraltar), and/or Switzerland in reliance on the relevant part(s) of the DPF program, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the DPF framework, the LogicGate Service is subject to the regulatory enforcement powers of the US Federal Trade Commission (FTC).

LogicGate commits to address inquiries and resolve complaints in relation to the Personal Information covered under the DPF Principles. Any inquiries or complaints may be directed to [email protected] or Individuals may use the LogicGate Data Access Request form. In the event of a dispute involving allegations that LogicGate has not complied with the DPF, individuals may bring a complaint directly to LogicGate, and LogicGate must respond to the individual within 45 days. In the event of an unresolved privacy or data use concern that LogicGate has not addressed satisfactorily, contact LogicGate’s US-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. If an individual submits a complaint to their data protection authority (DPA) (i.e. EU/EEA Member State data protection authority, the UK Information Commissioner’s Office (ICO) or Gibraltar Regulatory Authority (GRA); or the Swiss Federal Data Protection and Information Commissioner), the data protection authority may refer your complaint directly to the U.S. Department of Commerce’s International Trade Administration (ITA) on your behalf. Under certain conditions, more fully described on the DPF website, a complaining party may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. More information may be found in the DPF Annex 1 document.

Changes to LogicGate’s Privacy Policy (excluding Section II – The LogicGate Service)

LogicGate expressly reserves the right to change and update this Website Privacy Policy and any of its terms as permitted or required by law. When LogicGate makes material changes to its Privacy Policy, LogicGate will provide a notice via email to Individuals who have submitted personal information and will explain the material changes.

Section II. The LogicGate Service

Collection and Use of Information by the LogicGate Service

LogicGate collects and uses information and data about its Customers and their Authorized-Users during and for the purchase, implementation, provision, support, and improvement of the LogicGate Service. The LogicGate Service is a cloud-based Governance, Risk Management, and Compliance software service which enables companies to implement, automate, manage, and analyze their policies, workflows, security controls, and compliance measures as well as provide for other functionality and third-party software integrations. In order for the LogicGate Service to perform as intended by both LogicGate and the Customers (i.e., for GRC purposes), the collection and use of some information and data by LogicGate is necessary and may not be removed or altered without harming the functionality and utility of the Service. For the purpose of this Privacy Policy, “Customer Data” means electronic data or information imported, uploaded or otherwise inputted into the Service by Customer or its Authorized-Users in the Customer’s LogicGate environment. “Other Customer Information” means information or data provided by Customer or its Authorized-Users to LogicGate by means other than inputting, importing, or uploading into the Service by Customer or its Authorized-Users in the Customer’s LogicGate environment. For example, Customer’s contact information or payment information.

The LogicGate Service primarily collects and uses Customer Data and Other Customer Information during and for the implementation, provision, and technical support of the Service. For example, Customers supply information such as the name, address, contact and payment information as well as information provided by Customer about their business including their business needs (i.e., number and type of users and applications needed) regarding the Service during the configuration, implementation, and provision of the Service. In specific provision of the Service, LogicGate collects the Authorized-User’s first and last names, password, email address, photo (optional-end user can add to their profile), IP address, device data, usage data, location data, and interactions with Authorized-Users for the provision of the Service. Information is collected and logged from Customers and Authorized-Users when they:

  • register their account to access the LogicGate Service
  • log-in and log-out of the LogicGate Service
  • perform an activity, use a feature, or create or update a record within the LogicGate Service (including the time and date of such activities)
  • request support from LogicGate
  • provide feedback about the Service

This information is collected and processed by the LogicGate Service and is needed to enable Authorized-Users and Customers to create records within their LogicGate Service instance and for Customers and Authorized-Users to generate reports and utilize other Service features and third-party software integrations for GRC and other business purposes as determined, managed, and controlled by the Customers.

This information is collected and used by LogicGate for security purposes and to provide technical support to Customers and Authorized-Users.

This information is used to notify Customers and Authorized-Users about changes to the Service, LogicGate policies, or other related updates, such as improvements made to the received Services and training. The information may also be used to make improvements to the LogicGate service and to provide information to Customers and Authorized-Users about LogicGate offerings, events, certifications, webinars, webcasts, Risk Cloud forums, or other information that may be of benefit.

LogicGate collects, processes, and uses Customer usage data and other quantitative data in furtherance of the Service and LogicGate Offerings. In the U.S. only, with Customer approval, LogicGate will utilize a third-party service provider to gather insights about platform usage which includes movement and click data, but no Customer Data or Personal Information from the Service or through use, with the exception of temporary collection of the user IP address and similar metadata.

LogicGate does not manage or control what information or data, including any personal information from Authorized-Users and other third parties, Customers collect or use in connection with the Service, nor does LogicGate control how such personal information or data may be accessed, disclosed, or used by LogicGate’s Customers.

With Whom Information Is Shared

Personal information collected within a Customer’s LogicGate Service environment is only shared with LogicGate personnel and LogicGate’s data sub-processors as needed to provide the Service or as otherwise permitted in this Privacy Policy or required by law. Customer and Authorized-User information is logged by the Service as needed to perform the Service and is accessible to LogicGate and the Customer and other parties as permitted by the Customer or Authorized-User. Except as provided for in this Privacy Policy, LogicGate does not share or sell Customer Data to third parties. And except as permitted by the Customer or otherwise provided for in this Privacy Policy, LogicGate will not use or disclose Customer Data for unauthorized purposes. LogicGate may use and disclose personal identifying information to third party service providers with whom we work with for the following purposes: to provide hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analytics, and other services for the LogicGate Service. LogicGate may use and disclose Other Customer Information as needed to provide, support, or improve the Service as well as for analytics or other business purposes. In addition, LogicGate may disclose Customer Data or personal information to law enforcement, regulatory bodies or government agencies, courts or third parties when (i) required by law to comply with a court order, subpoena, request for information, or other legal process; (ii) enforce the terms of the Subscription Service Agreement; (iii) defend, protect, or assert LogicGate’s legal rights or those of its Customers as needed; or (iv) in connection with any proposed merger, acquisition, sale or transfer of LogicGate’s assets, dissolution, restructuring, liquidation, or similar event.

Retention

LogicGate retains Customer Data as long as the Customer has a valid contract in effect to use the Service and for the retention period set forth in the contract. LogicGate may retain Customer Data beyond that period only as necessary to comply with any legal requirements it may be subject to (e.g., tax, accounting, security, litigation holds) or as adopted by information security industry standards.

International Transfers

To the extent that LogicGate or its third-party service providers collects, processes, and stores Customer Data, LogicGate will implement appropriate safeguards for the transfer of Customer Data consistent with legal and regulatory requirements, industry standards and as agreed upon by LogicGate’s Customers. LogicGate utilizes legal transfer mechanisms that range from contracts and addendums to international agreements between countries, and outline privacy and security requirements, assurance of data rights, use of third parties, and other measures to ensure the appropriate level of protection. These legal transfer mechanisms include the European Union’s (EU) Standard Contractual Clauses, the United Kingdom’s (UK) International Data Transfer Agreement, the UK International Data Transfer Addendum, and/or other legal mechanisms as applicable.

Third Party Integrations

The LogicGate Service may also permit Customers to enable third party software integrations and applications in furtherance of the Customers’ business and GRC objectives. Those third-party software integrations may also collect and use Customer Data and/or Other Customer Information. The collection and use of any Customer Data or Other Customer Information made available to such third parties through the use of their software and applications by Customer will be governed by the Customer’s agreements and privacy policies of those third parties. Depending on the integration, the Third-Party API service provider might be contracted by the Customer or initiated by LogicGate.

LogicGate Third-Party Marketplace Apps

LogicGate may provide unidirectional API apps providing the Customer the ability to extract data from their LogicGate Service to a third party app or platform, for example, Google Looker. The LogicGate app does not store Risk Cloud data and LogicGate will not access the data once transferred. The transfer of any Customer Data or Other Customer Information to such third parties by Customer will be governed by the Customer’s agreements and privacy policies of those third parties.

Information Security of the Service

LogicGate maintains appropriate administrative, physical, and technical safeguards and information security practices designed to protect Customer Data from accidental, unauthorized, or unlawful access, disclosure, alteration, or destruction, or loss. These safeguards include but are not limited to end-to-end encryption of data in transit as well as at rest. Furthermore, the Service permits the Customer to implement, configure, manage, and control their own use of the Service and to implement and enforce the Customer’s own security practices, including without limitation user access controls and encryption. For more details about LogicGate’s platform information security policies, please visit https://www.logicgate.com/platform/security/ or contact us at [email protected].

Privacy Rights for the Service

LogicGate processes Customer Data and Other Customer Information with the consent and at the direction of its Customers and will not disclose, distribute, or transfer Customer Data or Other Customer Information except as provided by contract, required by law, or otherwise permitted under this Privacy Policy.

  • For Authorized-Users and Third-Party Individuals: LogicGate does not manage or control what information or data, including any personal information from Authorized-Users and other third parties, Customers collect or use in connection with the Service, nor does LogicGate control how such personal information or data may be accessed, disclosed, or used by LogicGate’s Customers. Therefore, Authorized-Users and other third parties must contact the Customer directly in order to request access to any information with respect to any personal information stored or used in the Service or exercise any other privacy rights including without limitation the rights of objection, correction, erasure/deletion, and portability. Any requests or inquiries by Authorized-Users directed at LogicGate will be redirected to the appropriate Customer or Customer’s designated administrative user of the Service. For privacy and security purposes, Customers and their administrative users (i.e., administrators) shall bear the responsibility of managing Customer user accounts and Customer Data as well as any aspects of the Service which Customer has control, including without limitation Authorized-User accounts and activities of Customer or its Authorized-Users.
  • For Customers: Pursuant to applicable data protection laws, LogicGate will provide Customers with certain choices regarding certain information provided to LogicGate by Customer or any third party affiliates including: to access and know, correct, update, or request deletion of any personal information of Customer, and in certain jurisdictions, restriction of processing and portability of data. Customers should direct any privacy-related inquiries or requests relating to Other Customer Information to [email protected] or use our Data Access Request form (click HERE for the form).

Changes to Section II of this Privacy Policy

LogicGate expressly reserves the right to change this LogicGate Service Privacy Policy at any time. LogicGate will provide notice of any material changes to its Privacy Policy to Customers and Authorized-Users via email or similar means.

Section III. Additional Information

Children

The LogicGate Website and Service is not intended for use by legal minors.
Personal information of children under age 18 should not be submitted to the Website.

Information obtained from Job Applicants/Candidates and Contractors

LogicGate may obtain professional or employment related information through job related inquiries, or applications for employment or internships. Personal information requested during the application process includes full name, phone number, email address, and resume/CV. Voluntary information includes LinkedIn profile address, personal website address, referral name, pronoun, self-identification information, and veteran status. Through submittals of resumes/CVs, LogicGate may receive postal addresses, titles, professional history, education and training information, references, and other information that the applicant chooses to provide. Some or all of this information may also be requested and/or received in relation to consultant or contractor work.

Applicants that use or provide their information to third party career sites, such as Indeed or LinkedIn, or to a talent acquisition firm, should consult the Privacy Policies of those entities for their Personal Information practices. LogicGate makes no representations or warranties regarding their information security or privacy practices.

LogicGate will use the information received to assess applications, correspond with applicants or considered contractors/similar providers, and carry out human resource functions in accordance with applicable law. LogicGate will share the information with authorized internal human resource professionals as well as professionals in our business functions who are participating in the application and interview process. LogicGate utilizes an applicant tracking system and recruiting software via a third-party service provider. Interviews may be virtual and utilize a third party service provider such as Zoom.

It is in LogicGate’s legitimate business interests to be able to review the qualifications of prospective employees, interns, and contractors or similar providers, and perform human resources functions in relation to these business processes. LogicGate retains applicant and other information in accordance with legal requirements.

How to Contact LogicGate

To contact LogicGate with questions regarding this Privacy Policy or to inquire about previous versions of this policy, please send an email to [email protected] or by mail to:

LogicGate, Inc.
Attn: General Counsel
320 W. Ohio Street, Ste 600WChicago, IL 60645

If you wish to contact us to make a Data Access Request (also known as a Consumer Request), click on this link to complete and submit our Data Access Request form.

LogicGate’s Data Protection Officer, Sara Haven, General Counsel, may also be contacted at the above-referenced email and postal addresses.

LogicGate’s Representative in the United Kingdom:
Osborne Clarke, LLP, One London Wall, London EC2Y 5EB or DX 466 London

For residents of the European Economic Area who wish to raise a concern about LogicGate, please contact your local Data Protection Authority/Supervisory Authority, or alternatively, as described above, in the event of an unresolved privacy or data use concern that LogicGate has not addressed satisfactorily, contact LogicGate’s US-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.

To contact LogicGate regarding a data security breach, please email: [email protected].
For more details about LogicGate’s platform information security policies, please visit: https://www.logicgate.com/platform/security/.

For questions about employment with LogicGate visit: https://www.logicgate.com/about-us/join-the-team/
or for questions, fill out a contact request form: https://www.logicgate.com/contact-us/

The email addresses listed throughout this Privacy Policy are intended solely for the use of LogicGate’s visitors and Customers, meaning they are not intended for commercial purposes, such as advertising. Emails related to commercial purposes will be reported as Spam and deleted.

For a PDF copy of this Privacy Policy, click HERE.

© 2023 LogicGate, Inc.®