Privacy Policy

Last Updated: March 24th , 2021 

Privacy and transparency are important to LogicGate. This Privacy Policy addresses what information LogicGate collects, why it is collected, how it is collected and used, with whom the information is shared, and the rights of individuals relating to their information.  LogicGate only collects and uses the information necessary for its legitimate business purposes as set forth in this Privacy Policy. LogicGate limits the amount and type of data it collects and uses to the extent possible, and to that which LogicGate deems necessary.  For clarity, this Privacy Policy distinguishes between LogicGate’s public website (https://www.logicgate.com) (hereafter, “the Website” or “LogicGate Website”) and the LogicGate cloud-based software-as-a-service GRC platform (hereafter, “the Service” or “LogicGate Service”).  Moreover, for the purposes of this Privacy Policy, “Visitors” means any third-party individuals who visit or interact with the LogicGate Website, “Customers” means individuals and/or entities who purchase a subscription to the LogicGate Service, and “End-Users” means authorized individuals who use or otherwise directly interact with the LogicGate Service (e.g., employees of  Customers).  Furthermore, “LogicGate Offerings” means the Service and its present and future features, informational or promotional materials, and events organized or sponsored by LogicGate, and “personal information” means information that identifies or could reasonably be linked, directly or indirectly, with a particular individual (e.g., name, address, and/or email).

The LogicGate Website

What Information Is Collected.  The LogicGate Website only collects and uses the information necessary for its legitimate business purposes as set forth in this Privacy Policy. LogicGate limits the amount and type of data it collects and uses to the extent possible, and to that which LogicGate deems necessary.

Information Submitted by Visitors.  LogicGate collects information about Visitors when they visit the Website.  The Website collects information actively from those Visitors who choose to submit information through the Website and its features, including, without limitation:

The information actively collected may include without limitation: Visitor name and contact information, visitor company information, primary interest in potential use of the LogicGate Service and other LogicGate Offerings, email address, phone number, the Visitor’s communications with LogicGate, and any other information entered into the text boxes or fields on any form(s), notices, or agreements.

Information Collected By Using the LogicGate Website. The passive information collected from Visitors as a result of visiting the LogicGate Website may include: 

Note that the information passively collected from Visitors is anonymous and not personally identifiable unless the Visitors also actively and voluntarily submit their personal information through a LogicGate Website form or field.  

Why Information Is Collected.  Information is collected to enable, enhance, and customize the Visitor’s online experience on the Website.  Information is also collected and used for Logic Gates sales, marketing, advertising, informational, educational, promotional, technical support, and other business purposes relating to LogicGate Offerings to potential and current LogicGate Customers.  For example, contact information submitted by Visitors through an online form is used to direct sales efforts to individuals and companies interested in purchasing the LogicGate Service or in requesting a demonstration of the LogicGate Service.  Additionally, collection of Visitor usage data helps LogicGate determine which online resources are helpful, which are being utilized, what topics are of interest, what needs improvement, etc.  

How Information Is Collected.  Actively submitted information is collected by interacting with our online chat feature as well as by completing and submitting online forms found on the LogicGate Website.  Passively collected information is gathered from website cookies, web beacons, and other tracking or analytics technologies (e.g., Google Analytics, Google Ads, LinkedIn).  

How Information Is Used.  LogicGate uses the information it collects from Website Visitors to:

With Whom Information Is Shared.  Information is only shared with LogicGate employees, representatives, contractors, business partners/affiliates, and third-party service providers who provide analytics technologies for use in Logic Gates informational, marketing, and promotional endeavors. Personal information provided to LogicGate through the Website is not sold or used for commercial purposes unrelated to LogicGate without the express consent of individuals.  Information, including personal information, may also be shared with law enforcement, government agencies, regulatory bodies, courts, or third parties when required or permitted by law or to enforce or protect Logic Gates legal rights and duties.

Cookies and Similar Technologies.  LogicGate and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality, customize content, and recognize Visitors and other individuals across different services and devices. Visitors may exercise choice regarding the use of cookies when they first visit the Website and may change their preferences at any subsequent time. Furthermore, Visitors may choose not to have cookies downloaded onto their computers by restricting cookies within their browser settings.  However, should Visitors restrict their cookies settings, LogicGate cannot guarantee that all Website functionality will work as intended. 

Legal Basis for Processing.  If you are from the European Economic Area (“EEA”), our legal basis for collecting and using a Visitor’s personal information varies depending upon what information is provided, where it is submitted within the Website, and why it was submitted.  However, in general, LogicGate will only collect and use a Visitor’s personal information with their express consent and in accordance with the general purpose for which the Visitor submitted their information or for any other lawful purpose set forth in this Privacy Policy including, without limitation, the performance of a contract a Visitor may have with LogicGate, where LogicGate is legally obligated to collect such personal information, where processing the personal information is necessary for the legitimate interests pursued by LogicGate or by a third party and where Logic Gates legitimate interests outweigh the Visitor’s data protection or other rights.

International Transfer of Data.  LogicGate stores and processes personal information collected in connection with the Website in the United States or in any country where we engage third party service providers.  If the Visitor is from the EEA and submits personal information to the Website, LogicGate will protect the personal information by processing it in a territory in which the European Commission has determined provides an adequate level of protection or otherwise implementing appropriate administrative, physical, and technical measures to protect the Visitor’s personal information through the use of Standard Contractual Clauses or other approved lawful transfer mechanisms. LogicGate may also rely on Visitors’ explicit consent or other applicable derogations under GDPR for such transfers in addition to application of measures set forth above.  

How We Secure Information.  LogicGate implements and maintains appropriate administrative, physical, and technical safeguards to protect personal information of Visitors from accidental or unlawful disclosure, loss, destruction, alteration, unauthorized access, or misuse.  Any LogicGate service providers utilized in provision of the Website who have access to the personal information collected through the Website are required to keep it secure and confidential.

Retention.  LogicGate retains personal information collected through the Website for as long as necessary to further the legitimate business purposes of LogicGate or as required by law, until a particular Visitor withdraws his or her consent.  After a Visitor withdraws his or her consent to collect and use their personal information, LogicGate will delete or anonymize the information within a reasonable period of time provided such deletion or anonymization is technically feasible.  To the extent that such deletion or anonymization is not feasible for technical or legal reasons—as may be the case with storage on backups or for legally required retention purposes—LogicGate will take all reasonable steps to cease using the personal information including without limitation removal from marketing databases, etc.

Rights of Website Visitors.  Within certain jurisdictions, including but not limited to, the EEA, Visitors have some or all of the following rights in connection with their personal information:

To the extent required by law, LogicGate will honor any requests or objections of Visitors based upon the above-listed rights provided that such requests or objections are adequately verified and technically feasible.

With respect to Visitors’ consent to collection or use of their personal information: By not opting-out of (or in some jurisdictions, by opting-in to) Logic Gates use of cookies when first landing on the LogicGate Website, Visitors expressly consent to the collection and use of their information by LogicGate pursuant to this Privacy Policy.  Website Visitors who consent to the collection and use of their information may opt-out and revoke their consent at any time by notifying LogicGate.  Additionally, individuals can revoke their consent and request to be removed from Logic Gates marketing and informational email list by clicking the “Unsubscribe” link contained in the email(s) received from LogicGate and following the instructions to be placed on Logic Gates “Do Not Contact” list.   By doing so, Visitors will opt-out of receiving promotional communications.  However, even after Visitors opt-out of receiving promotional messages from LogicGate, Visitors who use the Service will continue to receive transactional messages from LogicGate for purposes related to the Service.  Visitors who use the Service may be able to opt- out of some notification messages in their account settings within the Service.

How To Contact LogicGate for Privacy Matters.  Visitors can contact LogicGate regarding its Website privacy practices by emailing privacy@logicgate.com.  LogicGate will respond to your request as soon as practicable.  

Additional Privacy Matters.

Do Not Track.  Some Visitors use web browsers which contain a “Do Not Track” feature whereby the browser feature sends a signal to each website visited indicating that the Visitor does not want its online activities to be tracked by technologies third parties.  LogicGate cannot guarantee that the Website will always respond to the Do Not Track features of all websites due to a lack of uniformity within the industry for Do Not Track technology.  

Children.  The LogicGate Website and Service is not intended for use by legal minors.  

Personal information of children under age 13 should not be submitted to the Website.

Changes to Logic Gates Privacy Policy.  LogicGate expressly reserves the right to change and update this Website Privacy Policy and any of its terms as permitted or required by law.  When LogicGate makes material changes or updates to its Privacy Policy, LogicGate will provide notice via email to Visitors who have submitted personal information to the Website and will explain the material changes.

The LogicGate Service

Collection and Use of Information by the LogicGate Service.  LogicGate collects and uses information and data about its Customers and their End-Users during and for the purchase, implementation, provision, support, and improvement of the LogicGate Service.  The LogicGate Service is a cloud-based Governance, Risk Management, and Compliance software service which enables companies to implement, automate, manage, and analyze their policies, workflows, security controls, and compliance measures as well as provide for other functionality and third-party software integrations. In order for the LogicGate Service to perform as intended by both LogicGate and the Customers (i.e., for GRC purposes), the collection and use of some information and data by LogicGate is necessary and may not be removed or altered without harming the functionality and utility of the Service.  For the purpose of this Privacy Policy, “Customer Data” means electronic data or information imported, uploaded or otherwise inputted into the Service by Customer or its End-Users in the Customer’s LogicGate environment.  “Other Customer Information” means information or data provided by Customer or its End-Users to LogicGate by means other than inputting, importing, or uploading into the Service by Customer or its End-Users in the Customer’s LogicGate environment.  For example, Customer’s contact information or payment information.

The LogicGate Service primarily collects and uses Customer Data and Other Customer Information during and for the implementation, provision, and technical support of the Service.  For example, Customers supply information such as the name, address, contact and payment information as well as information provided by Customer about their business including their business needs (i.e., number and type of users and applications needed) regarding the Service during the configuration, implementation and provision of the Service.  Additionally, information is collected and logged from Customers and End-users when they:

This information is collected and processed by the LogicGate Service and is needed to enable End-Users and Customers to create records within their LogicGate Service instance and for Customers and End-Users to generate reports and utilize other Service features and third-party software integrations for GRC and other business purposes as determined, managed, and controlled by the Customers.  In addition, this information is collected and used by LogicGate to provide technical support to Customers and End-Users as well as to make improvements to the LogicGate Service and notify Customers and End-Users about changes to the Service, LogicGate policies, and other LogicGate Offerings.  Furthermore, LogicGate collects, processes, and uses Customer usage data and other quantitative data in furtherance of the Service and LogicGate Offerings.  To the extent practicable, Logic Gates usage data only utilizes de-identified and anonymized Customer Data.  

With Whom Information Is Shared.  Personal information collected within a Customer’s LogicGate Service environment is only shared with LogicGate personnel and Logic Gates data sub-processors as needed to provide the Service or as otherwise permitted in this Privacy Policy or required by law.  Customer and End-User information is logged by the Service as needed to perform the Service and is accessible to LogicGate and the Customer and other parties as permitted by the Customer or End-User.  Except as provided for in this Privacy Policy, LogicGate does not share or sell Customer Data to third parties.  And except as permitted by the Customer or otherwise provided herein this Privacy Policy, LogicGate will not use or disclose Customer Data for unauthorized purposes. LogicGate may use and disclose personal identifying information to third party service providers with whom we work for the following purposes: to provide hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analytics, and other services for the LogicGate Service.  LogicGate may use and disclose Other Customer Information as needed to provide, support, or improve the Service as well as for analytics or other business purposes. In addition, LogicGate may disclose Customer Data or personal information to law enforcement, regulatory bodies or government agencies, courts or third parties when (i) required by law to comply with a court order, subpoena, request for information, or other legal process; (ii) enforce the terms of the Subscription Service Agreement; (iii) defend, protect, or assert Logic Gates legal rights or those of its Customers as needed; or (iv) in connection with any proposed merger, acquisition, sale or transfer of Logic Gates assets, dissolution, restructuring, liquidation, or similar event. 

Retention.  LogicGate retains Customer Data as long as the Customer has a valid contract in effect to use the Service and for the retention period set forth in the contract.  LogicGate may retain Customer Data beyond that period only as necessary to comply with any legal requirements it may be subject to (e.g., tax, accounting, security, litigation holds) or as adopted by information security industry standards.

International Transfers.  To the extent that LogicGate or its third-party service providers collects, processes, and stores Customer Data, LogicGate adheres to and complies with the EU-US and Swiss-US Privacy Shield Frameworks and Principles as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU, UK, and Switzerland to the US. LogicGate may also rely on explicit consent or other applicable derogations for such transfers in addition to implementing appropriate administrative, physical, and technical measures to protect the Customer’s personal information.  For more details, see Logic Gates Privacy Shield Notice below.  For other international transfers of personal information from EEA, LogicGate will implement appropriate safeguards for the transfer of Customer Data consistent with industry standards and as agreed upon by LogicGate’s Customers.

Third Party Integrations.  The LogicGate Service may also permit Customers to enable third party software integrations and applications in furtherance of the Customers’ business and GRC objectives.  Those third-party software integrations may also collect and use Customer Data and/or Other Customer Information.  The collection and use of any Customer Data or Other Customer Information made available to such third parties through the use of their software and applications by Customer will be governed by the Customer’s agreements and privacy policies of those third parties.   

Information Security of the Service.  LogicGate maintains appropriate administrative, physical, and technical safeguards and information security practices designed to protect Customer Data from accidental, unauthorized, or unlawful access, disclosure, alteration, or destruction, or loss.  These safeguards include but are not limited to end-to-end encryption of data in transit as well as at rest. Furthermore, the Service permits the Customer to implement, configure, manage, and control their own use of the Service and to implement and enforce the Customer’s own security practices, including without limitation user access controls and encryption. For more details about LogicGate’s platform information security policies, please visit https://www.logicgate.com/logicgate-platform/platform-security/ or contact us at security@logicgate.com.   

Privacy Rights for the Service.  LogicGate processes Customer Data and Other Customer Information with the consent and at the direction of its Customers and will not disclose, distribute, or transfer Customer Data or Other Customer Information except as provided by contract, required by law, or otherwise permitted under this Privacy Policy.  

Changes to this Privacy Policy.  LogicGate expressly reserves the right to change this LogicGate Service Privacy Policy at any time. LogicGate will provide notice of any material changes to its Privacy Policy to Customers and End-Users via email or similar means. 

PRIVACY SHIELD NOTICE. 

LogicGate does not rely on EU-US Privacy Shield as a transfer mechanism of personal data 

from the EEA to the US but remains committed to the obligations and principles of the Privacy 

Shield  Framework set forth below

Logic Gates Compliance with Privacy Principles.  The LogicGate Service has certified to the US Department of Commerce that it complies with the EU-US Privacy Shield and the Swiss-US Privacy Shield Framework and is committed to the Privacy Shield Principles as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  In the event of a conflict between the terms of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view Logic Gates certification, please visit https://www.privacyshield.gov/list and enter “LogicGate” in the search field.   

Transfers of Data.  LogicGate is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequent transfers to a third party acting as agents on Logic Gates behalf.  The LogicGate Service complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.  With respect to personal data received or transferred pursuant to the Privacy Shield framework, the LogicGate Service is subject to the regulatory enforcement powers of the US Federal Trade Commission (FTC).   

To the extent the Privacy Shield Framework ceases to apply to certain transfers of personal information from the EU, UK, and Switzerland to the US, LogicGate may rely on the Standard Contractual Clauses and explicit consent or other applicable derogations under GDPR for such transfers in addition to implementing appropriate administrative, physical, and technical measures to protect personal information. Such consent may be requested on a case-by-case basis as indicated to the Visitor or End-User, as applicable, and may be withdrawn at any time. Risks of consenting to such a transfer include processing of personal information in the United States, which may not have data protection laws equivalent to those where the Visitor is located and may not provide Visitors with the same rights as may be provided where the Visitor or End-User is located. Safeguards applied to personal information transferred to the US include encryption of personal data in transit and at rest, restricted access to Customer Data according to the principle of least privilege (i.e., a need-to-know basis), due diligence and monitoring of sub-processors and vendors who may have access to Customer Data in order to provide the Service, use of software tools to monitor and log use of decryption keys, periodic penetration testing and vulnerability detection of the platform and Service, offering Customers the choice to host their platform environment and Customer Data within the EU, and contractual commitments to protect Customer Data, particularly data which contains personal information. For so long as LogicGate retains its Privacy Shield certification, it remains subject to the oversight of the United States Department of Commerce as further described below under the headings “Procedure” and “Principles and Commitments.” Details regarding LogicGate’s sharing of personal information are located under the section headings “With Whom Information Is Shared” in this Privacy Policy.

Disclosure of Personal Data.  In certain situations, LogicGate may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  To the extent permitted by law or contract, LogicGate notifies Customers and End-Users of any efforts to obtain personal data by government agencies or other third parties and seeks to limit the personal information tendered pursuant to such efforts.

Procedure.  In compliance with the Privacy Shield Principles, LogicGate commits to resolve complaints about LogicGate’s collection or use of personal information.  Any inquiries or complaints related to Logic Gates Privacy Shield compliance may be directed to privacy@logicgate.com. In the event of a dispute involving allegations that LogicGate has not complied with Privacy Shield, individuals may bring a complaint directly to LogicGate, and LogicGate must respond to the individual within 45 days. In the event of an unresolved privacy or data use concern that LogicGate has not addressed satisfactorily, contact LogicGate’s US-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. If an individual submits a complaint to a data protection authority (DPA) in the EU, the Department of Commerce has committed to receive, review and undertake best efforts to facilitate resolution of the complaint and to respond to the DPA within 90 days.  Under certain conditions, more fully described on the Privacy Shield website, a complaining party may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.    

Principles and Commitments.  LogicGate further commits to the following with respect to the Privacy Shield Principles:

For more information, see www.privacyshield.gov.

MISCELLANEOUS 

Information Obtained By LogicGate From Events and Sources Other Than the Website or the Service.  LogicGate may obtain, collect, and use information, including personal information, from sources other than the LogicGate Website and the LogicGate Service.  In particular, LogicGate may host or attend in-person or remote events such as conferences, trainings, and promotional functions where personal information may be collected from individual attendees with their express consent (“Event Participants”).  Such information will only be used for Logic Gates legitimate business and marketing purposes and LogicGate will not sell, disclose, or otherwise transfer such personal information without the Event Participant’s express consent.   Event Participants may revoke their consent to be included on Logic Gates marketing lists at any time thereafter by contacting LogicGate at privacy@logicgate.com or by clicking on the “Unsubscribe” link at the bottom of any marketing or promotional emails received from LogicGate and following any subsequent instructions.   LogicGate reserves the right to change its Privacy Policy as it relates to information obtained from Events as well as sources other than the Website or the Service.  LogicGate will provide email notification of any material changes to Logic Gates Privacy Policy to Event Participants and other individuals who have consented to the collection or use of their personal information. 

How to Contact LogicGate. LogicGate may be contacted for purposes of the Privacy Policy at privacy@logicgate.com or by mail to:

 

LogicGate, Inc.

Attn: Legal
320 W. Ohio Street
5th Floor
Chicago, IL 60645

© 2021 LogicGate, Inc.